VIRUS... HELP NEEDED

hey. i have a form of chinese virus on my computer, quite bad. a pop up occurs every ten minutes.

if anyone can help me, that would be great

find the combofix log below






Default - 06-12-10 18:40:12.10 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Default\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-11-10 to 2006-12-10 ))))))))))))))))))))))))))))))))))


2006-12-10 18:39 2,736 --a------ C:\WINDOWS\system32\tmp.reg
2006-12-10 18:26 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
2006-12-10 18:26 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-12-10 18:26 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2006-12-10 18:26 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-12-10 18:26 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-12-10 18:26 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-12-10 00:00 <DIR> d-------- C:\WINDOWS\temp
2006-12-09 23:45 <DIR> d-------- C:\WINDOWS\pss
2006-12-09 11:15 <DIR> d-------- C:\WINDOWS\system32\ContentTemp
2006-12-09 11:09 29,696 --a------ C:\WINDOWS\system32\wmpkn.dll
2006-12-09 11:04 27,648 --a------ C:\WINDOWS\system32\tpnet.dll
2006-12-09 11:03 10,752 --a------ C:\WINDOWS\system32\filter.dll
2006-12-09 11:03 10,447 --a------ C:\WINDOWS\system32\drivers\LanPort.sys
2006-12-07 18:11 36,864 --a------ C:\WINDOWS\system32\PvSec.dll
2006-12-07 18:11 28,672 --a------ C:\WINDOWS\system32\drivers\00003a52.SYS
2006-12-07 18:11 <DIR> d-------- C:\Program Files\vision
2006-12-05 16:54 <DIR> d-------- C:\Program Files\LimeWire
2006-12-05 15:50 9,651 --a------ C:\WINDOWS\system32\drivers\parcls.sys
2006-12-03 12:37 160,384 --a------ C:\WINDOWS\system32\drivers\cdnprot.sys
2006-12-03 00:33 <DIR> d-------- C:\Documents and Settings\Default\Incomplete
2006-12-03 00:33 <DIR> d-------- C:\Documents and Settings\Default\.limewire
2006-12-03 00:30 <DIR> d-------- C:\Program Files\Java
2006-12-03 00:27 <DIR> d-------- C:\Program Files\Common Files\Java
2006-12-02 23:34 <DIR> d-------- C:\WINDOWS\Minidump
2006-12-02 21:53 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2006-12-02 21:53 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2006-12-02 21:53 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2006-12-02 21:53 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2006-12-02 21:53 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2006-12-02 21:52 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2006-12-02 21:52 61,440 -ra------ C:\WINDOWS\ov519dib.dll
2006-12-02 21:52 40,960 -ra------ C:\WINDOWS\system32\ov519ext.dll
2006-12-02 21:52 40,960 -ra------ C:\WINDOWS\CleanDev.exe
2006-12-02 21:52 32,528 -ra------ C:\WINDOWS\amcap.exe
2006-12-02 21:52 307,200 -ra------ C:\WINDOWS\vidcap32.exe
2006-12-02 21:52 25,211 -ra------ C:\WINDOWS\system32\drivers\ov519cmd.sys
2006-12-02 21:52 200,704 -ra------ C:\WINDOWS\sel3110.exe
2006-12-02 21:52 174,530 -ra------ C:\WINDOWS\system32\drivers\ov519vid.sys
2006-12-02 21:52 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2006-12-02 21:52 16,426 -ra------ C:\WINDOWS\system32\ov519usd.dll
2006-12-02 21:52 135,168 -ra------ C:\WINDOWS\ov519cap.exe
2006-12-02 21:52 <DIR> d-------- C:\WINDOWS\OvtCam
2006-12-01 17:51 376 --a------ C:\WINDOWS\system32\innvusmb32.dll
2006-11-30 17:03 <DIR> d-------- C:\WINDOWS\Download
2006-11-30 17:01 5,487 --a------ C:\WINDOWS\system32\wdfmgr32.exe
2006-11-30 17:01 <DIR> d-------- C:\WINDOWS\Intel
2006-11-30 16:57 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2006-11-29 19:22 <DIR> d-------- C:\Documents and Settings\Default\Application Data\InterVideo
2006-11-28 20:07 8,477 --a------ C:\WINDOWS\system32\drivers\amdk5.sys
2006-11-27 21:39 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2006-11-27 21:39 <DIR> d-------- C:\Program Files\InterVideo
2006-11-27 21:38 9,088 --------- C:\WINDOWS\system32\drivers\bsstor.sys
2006-11-27 21:38 716,800 --------- C:\WINDOWS\NuNInst.exe
2006-11-27 21:38 333,184 --------- C:\WINDOWS\system32\drivers\bsudf.sys
2006-11-27 21:37 610,304 --------- C:\WINDOWS\UNNMP.exe
2006-11-27 21:35 <DIR> d-------- C:\Program Files\ahead
2006-11-27 21:34 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2006-11-27 19:57 9,341 --a------ C:\WINDOWS\system32\drivers\filedisk.sys
2006-11-27 19:57 41,472 --a------ C:\WINDOWS\system32\iolobtdfg.exe
2006-11-27 19:57 25,264 --a------ C:\WINDOWS\system32\smrgdf.exe
2006-11-27 19:57 1,212,928 --a------ C:\WINDOWS\system32\Incinerator.dll
2006-11-27 19:57 <DIR> d-------- C:\Program Files\iolo
2006-11-26 23:18 <DIR> dr-h----- C:\$VAULT$.AVG
2006-11-26 19:26 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2006-11-26 18:21 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2006-11-26 18:20 <DIR> d-------- C:\WINDOWS\WBEM
2006-11-26 18:20 <DIR> d-------- C:\WINDOWS\system32\en-US
2006-11-26 18:19 <DIR> d--h-c--- C:\WINDOWS\ie7
2006-11-26 18:17 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2006-11-26 18:17 <DIR> d-------- C:\WINDOWS\network diagnostic
2006-11-26 18:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2006-11-26 10:23 <DIR> d-------- C:\Documents and Settings\Default\Application Data\Help
2006-11-26 10:21 30,278 --a------ C:\WINDOWS\csrss.exe
2006-11-26 10:10 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2006-11-25 21:34 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2006-11-25 03:57 23,296 --a------ C:\WINDOWS\system32\cdnns.dll
2006-11-25 03:57 14,822 --a------ C:\WINDOWS\system32\drivers\cdntran.sys
2006-11-25 02:01 <DIR> d-------- C:\Program Files\Eyetoy Drivers
2006-11-25 01:32 <DIR> d-------- C:\WINDOWS\eyetoy
2006-11-25 01:32 <DIR> d-------- C:\Program Files\Eyetoy
2006-11-25 01:20 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2006-11-23 23:36 <DIR> d-------- C:\Program Files\MSXML 4.0
2006-11-23 21:45 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2006-11-23 21:45 <DIR> d-------- C:\Documents and Settings\Default\Application Data\Macromedia
2006-11-23 21:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-11-23 21:39 32,512 --a------ C:\WINDOWS\system32\drivers\npf.sys
2006-11-23 21:37 <DIR> d-------- C:\Documents and Settings\Default\Application Data\Lavasoft
2006-11-23 21:34 240,640 --a------ C:\WINDOWS\system32\NTWorkStan.dll
2006-11-23 21:20 552 --a------ C:\WINDOWS\system32\nrssvd32.dll
2006-11-23 21:20 <DIR> d-------- C:\WINDOWS\system32\drivers\etcdr
2006-11-23 21:19 60,928 --a------ C:\WINDOWS\system32\wnttech.dll
2006-11-23 21:19 60,928 --a------ C:\WINDOWS\system32\advwhes.dll
2006-11-23 21:19 29 --a------ C:\WINDOWS\system32\vdmop.dll
2006-11-23 21:19 22 --a------ C:\WINDOWS\system32\wmsnds32.dll
2006-11-23 21:19 106,281 --a------ C:\WINDOWS\system32\ad812.exe
2006-11-23 21:19 <DIR> d-------- C:\WINDOWS\system32\MicShExts
2006-11-23 21:19 <DIR> d-------- C:\Program Files\Common Files\CPUSH
2006-11-23 21:19 <DIR> d-------- C:\Downloads
2006-11-23 21:17 <DIR> d-------- C:\Program Files\CNNIC
2006-11-23 21:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2006-11-23 21:01 <DIR> d-------- C:\Program Files\Common Files\HP
2006-11-23 20:58 <DIR> d-------- C:\Program Files\Hewlett-Packard
2006-11-23 20:58 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2006-11-23 20:57 <DIR> dr--s---- C:\WINDOWS\assembly
2006-11-23 20:57 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2006-11-23 20:57 <DIR> d-------- C:\WINDOWS\Microsoft.NET
2006-11-23 20:54 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2006-11-23 20:54 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2006-11-23 20:54 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2006-11-23 20:54 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2006-11-23 20:54 306,688 --a------ C:\WINDOWS\IsUninst.exe
2006-11-23 20:54 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2006-11-23 20:54 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2006-11-23 20:47 51,120 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2006-11-23 20:47 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2006-11-23 20:46 21,744 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2006-11-23 20:45 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2006-11-23 20:22 <DIR> d--h----- C:\Config.Msi
2006-11-23 20:13 <DIR> d-------- C:\Program Files\HP
2006-11-23 20:10 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2006-11-23 20:10 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2006-11-23 20:10 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2006-11-23 20:10 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2006-11-23 20:10 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2006-11-23 20:10 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2006-11-23 20:10 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2006-11-23 20:10 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2006-11-23 20:10 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2006-11-23 20:10 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2006-11-23 20:10 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2006-11-23 20:10 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2006-11-23 20:09 86,016 --a------ C:\WINDOWS\system32\mdmxsdk.dll
2006-11-23 20:09 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2006-11-23 20:09 685,056 --a------ C:\WINDOWS\system32\drivers\HSFCXTS2.sys
2006-11-23 20:09 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2006-11-23 20:09 42,368 --a------ C:\WINDOWS\system32\drivers\AGP440.SYS
2006-11-23 20:09 4,274,816 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-11-23 20:09 32,285 --a------ C:\WINDOWS\system32\HSFCISP2.dll
2006-11-23 20:09 220,032 --a------ C:\WINDOWS\system32\drivers\HSFBS2S2.sys
2006-11-23 20:09 11,868 --a------ C:\WINDOWS\system32\drivers\mdmxsdk.sys
2006-11-23 20:09 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2006-11-23 20:09 1,897,408 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2006-11-23 20:09 1,041,536 --a------ C:\WINDOWS\system32\drivers\HSFDPSP2.sys
2006-11-23 20:08 96,256 --a------ C:\WINDOWS\system32\drivers\ac97intc.sys
2006-11-23 20:08 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2006-11-23 20:08 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-11-23 20:08 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2006-11-23 20:08 <DIR> d--hs---- C:\WINDOWS\Installer
2006-11-23 20:07 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2006-11-23 20:07 9,008 --a------ C:\WINDOWS\system\VER.DLL
2006-11-23 20:07 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2006-11-23 20:07 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2006-11-23 20:07 8,704 --a------ C:\WINDOWS\system32\batt.dll
2006-11-23 20:07 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2006-11-23 20:07 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2006-11-23 20:07 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2006-11-23 20:07 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
2006-11-23 20:07 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
2006-11-23 20:07 68,768 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2006-11-23 20:07 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2006-11-23 20:07 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2006-11-23 20:07 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2006-11-23 20:07 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2006-11-23 20:07 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2006-11-23 20:07 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2006-11-23 20:07 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2006-11-23 20:07 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2006-11-23 20:07 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2006-11-23 20:07 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2006-11-23 20:07 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2006-11-23 20:07 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2006-11-23 20:07 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2006-11-23 20:07 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2006-11-23 20:07 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2006-11-23 20:07 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2006-11-23 20:07 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll
2006-11-23 20:07 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2006-11-23 20:07 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2006-11-23 20:07 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-11-23 20:07 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2006-11-23 20:07 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2006-11-23 20:07 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2006-11-23 20:07 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2006-11-23 20:07 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-11-23 20:07 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2006-11-23 20:07 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2006-11-23 20:07 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2006-11-23 20:07 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2006-11-23 20:07 <DIR> dr-h----- C:\Documents and Settings\All Users\Application Data\.
2006-11-23 20:07 <DIR> dr-h----- C:\Documents and Settings\All Users\Application Data
2006-11-23 20:07 <DIR> dr------- C:\Documents and Settings\All Users\Start Menu
2006-11-23 20:07 <DIR> dr------- C:\Documents and Settings\All Users\Documents
2006-11-23 20:07 <DIR> d-a------ C:\Program Files\Common Files\..
2006-11-23 20:07 <DIR> d-a------ C:\Program Files\.
2006-11-23 20:07 <DIR> d-a------ C:\Program Files
2006-11-23 20:07 <DIR> d--hs---- C:\Program Files\..
2006-11-23 20:07 <DIR> d--h----- C:\Documents and Settings\All Users\Templates
2006-11-23 20:07 <DIR> d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2006-11-23 20:07 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2006-11-23 20:07 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2006-11-23 20:07 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2006-11-23 20:07 <DIR> d-------- C:\Program Files\Common Files\ODBC
2006-11-23 20:07 <DIR> d-------- C:\Program Files\Common Files\Microsoft Shared
2006-11-23 20:07 <DIR> d-------- C:\Program Files\Common Files\.
2006-11-23 20:07 <DIR> d-------- C:\Program Files\Common Files
2006-11-23 20:07 <DIR> d-------- C:\Documents and Settings\All Users\Favorites
2006-11-23 20:07 <DIR> d-------- C:\Documents and Settings\All Users\Desktop
2006-11-23 20:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\..
2006-11-23 20:06 <DIR> d--hs---- C:\System Volume Information
2006-11-23 20:06 <DIR> d-------- C:\Documents and Settings\All Users\..
2006-11-23 20:06 <DIR> d-------- C:\Documents and Settings\All Users\.
2006-11-23 20:06 <DIR> d-------- C:\Documents and Settings
2006-11-23 20:01 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2006-11-23 20:01 <DIR> dr--s---- C:\WINDOWS\Fonts
2006-11-23 20:01 <DIR> dr------- C:\WINDOWS\Web
2006-11-23 20:01 <DIR> d--hs---- C:\WINDOWS\..
2006-11-23 20:01 <DIR> d--h----- C:\WINDOWS\inf
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\WinSxS
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\twain_32
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\wins
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\wbem
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\usmt
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\spool
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\Setup
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\ras
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\oobe
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\npp
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\mui
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\IME
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\icsxml
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\ias
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\export
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\drivers\..
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\drivers\.
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\drivers
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\dhcp
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\config
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\3076
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\2052
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\1054
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\1042
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\1041
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\1037
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\1033
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\1031
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\1028
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\1025
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\..
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\.
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system\..
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system\.
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\security
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\Resources
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\repair
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\Provisioning
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\PeerNet
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\pchealth
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\mui
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\msapps
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\msagent
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\Media
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\java
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\ime
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\Help
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\Driver Cache
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\Debug
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\Cursors
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\Connection Wizard
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\Config
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\AppPatch
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\addins
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\.
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS
2006-11-23 19:59 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2006-11-23 19:54 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2006-11-23 19:54 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2006-11-23 19:54 <DIR> d-------- C:\Program Files\Common Files\DESIGNER
2006-11-23 19:53 <DIR> d-------- C:\WINDOWS\SHELLNEW
2006-11-23 19:53 <DIR> d-------- C:\Program Files\Microsoft Office
2006-11-23 19:32 <DIR> d-------- C:\Documents and Settings\Default\Application Data\AdobeUM
2006-11-23 19:32 <DIR> d-------- C:\Documents and Settings\Default\Application Data\AdobeAUM
2006-11-23 19:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2006-11-23 19:07 <DIR> d-------- C:\Program Files\Adobe
2006-11-23 19:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2006-11-23 19:06 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2006-11-23 19:06 <DIR> d-------- C:\Program Files\Yahoo!
2006-11-23 19:00 <DIR> d-------- C:\Program Files\iTunes
2006-11-23 19:00 <DIR> d-------- C:\Program Files\iPod
2006-11-23 19:00 <DIR> d-------- C:\Documents and Settings\Default\Application Data\Apple Computer
2006-11-23 18:59 <DIR> d-------- C:\Program Files\QuickTime
2006-11-23 18:59 <DIR> d-------- C:\Program Files\Apple Software Update
2006-11-23 18:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2006-11-23 18:47 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2006-11-23 18:47 <DIR> d-------- C:\Documents and Settings\Default\Contacts
2006-11-23 18:46 <DIR> d-------- C:\Program Files\MSN Messenger
2006-11-23 18:42 <DIR> d-------- C:\Program Files\Common Files\Adobe
2006-11-23 18:42 <DIR> d-------- C:\Documents and Settings\Default\Application Data\Adobe
2006-11-23 18:32 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-11-23 18:32 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2006-11-23 18:23 <DIR> d--hs---- C:\RECYCLER
2006-11-23 18:01 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2006-11-23 18:00 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2006-11-23 17:59 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2006-11-23 09:49 778,656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-11-23 09:49 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-11-23 09:49 4,992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-11-23 09:49 4,288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-11-23 09:49 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2006-11-23 09:49 27,904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-11-23 09:49 23,424 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-11-23 09:49 <DIR> d-------- C:\Program Files\Grisoft
2006-11-23 09:49 <DIR> d-------- C:\Documents and Settings\Default\Application Data\AVG7
2006-11-23 09:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2006-11-23 09:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2006-11-23 09:47 <DIR> d-------- C:\Program Files\Lavasoft
2006-11-23 09:45 6,016 -ra------ C:\WINDOWS\system32\ntsim.sys
2006-11-23 09:45 40,960 -ra------ C:\WINDOWS\system32\drivers\fetnd5b.sys
2006-11-23 09:43 <DIR> d-------- C:\Rhine
2006-11-23 09:42 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS
2006-11-23 09:26 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2006-11-23 09:23 <DIR> dr-h----- C:\Documents and Settings\Default\SendTo
2006-11-23 09:23 <DIR> dr-h----- C:\Documents and Settings\Default\Recent
2006-11-23 09:23 <DIR> dr-h----- C:\Documents and Settings\Default\Application Data\.
2006-11-23 09:23 <DIR> dr-h----- C:\Documents and Settings\Default\Application Data
2006-11-23 09:23 <DIR> dr------- C:\Documents and Settings\Default\Start Menu
2006-11-23 09:23 <DIR> dr------- C:\Documents and Settings\Default\Favorites
2006-11-23 09:23 <DIR> d--hs---- C:\Documents and Settings\Default\Cookies
2006-11-23 09:23 <DIR> d--h----- C:\Program Files\Uninstall Information
2006-11-23 09:23 <DIR> d--h----- C:\Documents and Settings\Default\Templates
2006-11-23 09:23 <DIR> d--h----- C:\Documents and Settings\Default\PrintHood
2006-11-23 09:23 <DIR> d--h----- C:\Documents and Settings\Default\NetHood
2006-11-23 09:23 <DIR> d--h----- C:\Documents and Settings\Default\Local Settings
2006-11-23 09:23 <DIR> d---s---- C:\Documents and Settings\Default\Application Data\Microsoft
2006-11-23 09:23 <DIR> d-------- C:\Documents and Settings\Default\My Documents
2006-11-23 09:23 <DIR> d-------- C:\Documents and Settings\Default\Desktop
2006-11-23 09:23 <DIR> d-------- C:\Documents and Settings\Default\Application Data\Identities
2006-11-23 09:23 <DIR> d-------- C:\Documents and Settings\Default\Application Data\..
2006-11-23 09:23 <DIR> d-------- C:\Documents and Settings\Default\..
2006-11-23 09:23 <DIR> d-------- C:\Documents and Settings\Default\.
2006-11-23 09:21 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2006-11-23 09:20 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2006-11-23 09:20 <DIR> d-------- C:\WINDOWS\Prefetch
2006-11-23 09:17 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-11-23 09:17 0 -rahs---- C:\MSDOS.SYS
2006-11-23 09:17 0 -rahs---- C:\IO.SYS
2006-11-23 09:17 0 --a------ C:\CONFIG.SYS
2006-11-23 09:17 0 --a------ C:\AUTOEXEC.BAT
2006-11-23 09:17 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2006-11-23 09:17 <DIR> d-------- C:\WINDOWS\system32\xircom
2006-11-23 09:17 <DIR> d-------- C:\Program Files\xerox
2006-11-23 09:17 <DIR> d-------- C:\Program Files\microsoft frontpage
2006-11-23 09:16 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2006-11-23 09:16 <DIR> d--hs---- C:\Documents and Settings\All Users\DRM
2006-11-23 09:16 <DIR> d--h----- C:\Program Files\WindowsUpdate
2006-11-23 09:16 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2006-11-23 09:15 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2006-11-23 09:15 81,920 --a------ C:\WINDOWS\system32\ils.dll
2006-11-23 09:15 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2006-11-23 09:15 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2006-11-23 09:15 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2006-11-23 09:15 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2006-11-23 09:15 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2006-11-23 09:15 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-23 09:15 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2006-11-23 09:15 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-11-23 09:15 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2006-11-23 09:15 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-11-23 09:15 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2006-11-23 09:15 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2006-11-23 09:15 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2006-11-23 09:15 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-11-23 09:15 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-11-23 09:15 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-11-23 09:15 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2006-11-23 09:15 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-11-23 09:15 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-11-23 09:15 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-11-23 09:15 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2006-11-23 09:15 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-11-23 09:15 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2006-11-23 09:15 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-11-23 09:15 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-11-23 09:15 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2006-11-23 09:15 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-11-23 09:15 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-11-23 09:15 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-11-23 09:15 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-11-23 09:15 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2006-11-23 09:15 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-11-23 09:15 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2006-11-23 09:15 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-11-23 09:15 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2006-11-23 09:15 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-11-23 09:15 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2006-11-23 09:15 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-11-23 09:15 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2006-11-23 09:15 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2006-11-23 09:15 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2006-11-23 09:15 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2006-11-23 09:15 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-11-23 09:15 <DIR> d---s---- C:\WINDOWS\Tasks
2006-11-23 09:15 <DIR> d-------- C:\WINDOWS\system32\Restore
2006-11-23 09:15 <DIR> d-------- C:\WINDOWS\system32\Macromed
2006-11-23 09:15 <DIR> d-------- C:\WINDOWS\system32\DirectX
2006-11-23 09:15 <DIR> d-------- C:\WINDOWS\srchasst
2006-11-23 09:15 <DIR> d-------- C:\Program Files\Outlook Express
2006-11-23 09:15 <DIR> d-------- C:\Program Files\NetMeeting
2006-11-23 09:15 <DIR> d-------- C:\Program Files\Movie Maker
2006-11-23 09:15 <DIR> d-------- C:\Program Files\Internet Explorer
2006-11-23 09:15 <DIR> d-------- C:\Program Files\Common Files\System
2006-11-23 09:15 <DIR> d-------- C:\Program Files\Common Files\Services
2006-11-23 09:15 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2006-11-23 09:14 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-11-23 09:14 <DIR> d-------- C:\WINDOWS\Registration
2006-11-23 09:14 <DIR> d-------- C:\Program Files\Windows Media Player
2006-11-23 09:14 <DIR> d-------- C:\Program Files\Online Services
2006-11-23 09:14 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2006-11-23 09:14 <DIR> d-------- C:\Program Files\Messenger
2006-11-23 09:14 <DIR> d-------- C:\Program Files\ComPlus Applications
2006-11-23 09:13 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2006-11-23 09:13 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-11-23 09:13 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-11-23 09:13 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-11-23 09:13 9,728 --a------ C:\WINDOWS\system32\reset.exe
2006-11-23 09:13 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-11-23 09:13 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-11-23 09:13 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2006-11-23 09:13 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-11-23 09:13 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2006-11-23 09:13 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2006-11-23 09:13 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-11-23 09:13 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-11-23 09:13 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2006-11-23 09:13 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2006-11-23 09:13 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2006-11-23 09:13 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-11-23 09:13 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-11-23 09:13 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2006-11-23 09:13 56,832 --a------ C:\WINDOWS\system32\sol.exe
2006-11-23 09:13 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2006-11-23 09:13 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2006-11-23 09:13 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2006-11-23 09:13 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2006-11-23 09:13 538,624 --a------ C:\WINDOWS\system32\spider.exe
2006-11-23 09:13 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-11-23 09:13 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-11-23 09:13 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-11-23 09:13 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-11-23 09:13 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-11-23 09:13 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2006-11-23 09:13 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2006-11-23 09:13 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-11-23 09:13 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-11-23 09:13 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-11-23 09:13 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2006-11-23 09:13 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-11-23 09:13 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2006-11-23 09:13 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-11-23 09:13 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2006-11-23 09:13 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2006-11-23 09:13 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-11-23 09:13 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2006-11-23 09:13 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2006-11-23 09:13 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-11-23 09:13 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2006-11-23 09:13 20,992 --a------ C:\WINDOWS\system32\msg.exe
2006-11-23 09:13 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2006-11-23 09:13 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-11-23 09:13 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2006-11-23 09:13 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-11-23 09:13 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2006-11-23 09:13 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2006-11-23 09:13 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-11-23 09:13 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-11-23 09:13 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-11-23 09:13 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-11-23 09:13 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2006-11-23 09:13 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-11-23 09:13 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-11-23 09:13 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-11-23 09:13 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2006-11-23 09:13 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2006-11-23 09:13 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-11-23 09:13 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-11-23 09:13 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-11-23 09:13 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2006-11-23 09:13 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2006-11-23 09:13 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2006-11-23 09:13 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-11-23 09:13 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-11-23 09:13 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-11-23 09:13 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2006-11-23 09:13 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2006-11-23 09:13 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2006-11-23 09:13 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-11-23 09:13 114,688 --a------ C:\WINDOWS\system32\calc.exe
2006-11-23 09:13 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-11-23 09:13 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-11-23 09:13 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2006-11-23 09:13 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-11-23 09:13 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-11-23 09:13 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2006-11-23 09:13 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2006-11-23 09:13 <DIR> d-------- C:\WINDOWS\system32\Com
2006-11-23 09:13 <DIR> d-------- C:\Program Files\Windows NT
2006-11-23 09:13 <DIR> d-------- C:\Program Files\MSN
2006-11-16 00:10 8,704 --a------ C:\WINDOWS\system\cmmd.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))




(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SMSystemAnalyzer"="\"C:\\Program Files\\iolo\\System Mechanic Professional 6\\SMSystemAnalyzer.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"CdnCtr"="C:\\Program Files\\CNNIC\\Cdn\\cdnup.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb09.exe"
"wdfmgr32"="C:\\WINDOWS\\system32\\wdfmgr32.exe"
"mhs"="C:\\DOCUME~1\\Default\\LOCALS~1\\Temp\\mhs.exe"
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"xy"="C:\\WINDOWS\\Download\\svhost32.exe"
"wdfmgr32.exe"="C:\\WINDOWS\\system32\\wdfmgr32.exe"
"sdmmrnm"="D;]XJOEPXT]ufnq]te264/fyf"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"wlzs2"="C:\\DOCUME~1\\Default\\LOCALS~1\\Temp\\wlzs2.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{78BF3960-61F0-4F4E-825D-3554FA61E847}"="Windows Media Player ºËÐÄÔ¤¼ÓÔسÌÐò"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{6E44887F-5214-41F2-AB46-4728735C4CC6}"=""
"{1A404685-7563-4d02-B0F6-58B308A406A9}"=""
"{B8A170A8-7AD3-4678-B2FE-F2D7381CC1B5}"=""
"{B876D045-E0B1-4E79-9359-0B1BF00813EA}"="Media Filter"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run]
"csrss"="C:\\WINDOWS\\csrss.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\Run]
"csrss"="C:\\WINDOWS\\csrss.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WebSecurity"="{3DD78ACF-0745-4532-94F8-A574457E1A81}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\amdk5
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\LanPort
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\parcls

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 06-12-10 18:40:54.34
C:\ComboFix.txt ... 06-12-10 18:40
C:\ComboFix2.txt ... 06-12-10 00:02
C:\ComboFix3.txt ... 06-12-10 00:00

 

Please download SmitfraudFix.zip to the desktop from here


* Reboot your computer in Safe Mode (upon boot press F8, select "Safe Mode" from the menu and press Enter)
* Open the SmitfraudFix folder.
* Double-click smitfraudfix.cmd
* Select 2 and hit Enter to delete infect files.
* You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the desktop background and clean registry keys associated with the infection.
* The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
* A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt.

Post the contents of rapport.txt and a new HijackThis log.

 

Hey,

Rapport..
SmitFraudFix v2.128

Scan done at 19:31:25.78, Sun 10/12/2006
Run from C:\Documents and Settings\Default\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{78BF3960-61F0-4F4E-825D-3554FA61E847}"="Windows Media Player ºËÐÄÔ¤¼ÓÔسÌÐò"

[HKEY_CLASSES_ROOT\CLSID\{78BF3960-61F0-4F4E-825D-3554FA61E847}\InProcServer32]
@="C:\WINDOWS\system32\wmpkn.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{78BF3960-61F0-4F4E-825D-3554FA61E847}\InProcServer32]
@="C:\WINDOWS\system32\wmpkn.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{78BF3960-61F0-4F4E-825D-3554FA61E847}"="Windows Media Player ºËÐÄÔ¤¼ÓÔسÌÐò"

[HKEY_CLASSES_ROOT\CLSID\{78BF3960-61F0-4F4E-825D-3554FA61E847}\InProcServer32]
@="C:\WINDOWS\system32\wmpkn.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{78BF3960-61F0-4F4E-825D-3554FA61E847}\InProcServer32]
@="C:\WINDOWS\system32\wmpkn.dll"



»»»»»»»»»»»»»»»»»»»»»»»» End





hijackthis...

Logfile of HijackThis v1.99.1
Scan saved at 7:32:59 PM, on 10/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Default\Desktop\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 7333.5009.cn
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\system\tpkIM32.exe
O1 - Hosts: 202.109.114.142 iplusms.allyes.com
O1 - Hosts: 202.109.114.142 mms.t2t2.com
O1 - Hosts: 202.109.114.142 www.u8u.com
O1 - Hosts: 202.109.114.142 u.u8u.com
O1 - Hosts: 202.109.114.142 tl.linktone.com
O1 - Hosts: 202.109.114.142 channel.e78.com
O1 - Hosts: 202.109.114.142 u.7town.com
O1 - Hosts: 202.109.114.142 union.95ol.com.cn
O1 - Hosts: 202.109.114.142 mms1.95ol.com.cn
O1 - Hosts: 202.109.114.142 mfs.95ol.com.cn
O1 - Hosts: 202.109.114.142 tl.a8.com
O1 - Hosts: 202.109.114.142 ad01.a8.com
O1 - Hosts: 202.109.114.142 u2.caiku.com
O1 - Hosts: 202.109.114.142 mms.caiku.com
O1 - Hosts: 202.109.114.142 code1.caiku.com
O1 - Hosts: 202.109.114.142 pub.lele.com
O1 - Hosts: 202.109.114.142 u.lele.com
O1 - Hosts: 202.109.114.142 7town.com
O1 - Hosts: 202.109.114.142 tvsend.7town.com
O1 - Hosts: 202.109.114.142 ivrsend.7town.com
O1 - Hosts: 202.109.114.142 tlt.7town.com
O1 - Hosts: 202.109.114.142 gsend.7town.com
O1 - Hosts: 202.109.114.142 smssend.7town.com
O1 - Hosts: 202.109.114.142 91ivr.com
O1 - Hosts: 202.109.114.142 myad.91ivr.com
O1 - Hosts: 202.109.114.142 u.91ivr.com
O1 - Hosts: 202.109.114.142 union.91ivr.com
O1 - Hosts: 203.191.146.205 corep.dmcast.com
O1 - Hosts: 203.191.146.205 m081.dmcast.com
O1 - Hosts: 203.191.146.205 dcww.dmcast.com
O1 - Hosts: 203.191.146.205 renren.dmcast.com
O1 - Hosts: 203.191.146.205 files.henbang.net
O1 - Hosts: 203.191.146.205 bannerbox.cn
O1 - Hosts: 203.191.146.205 www.bannerbox.cn
O1 - Hosts: 203.191.146.205 action.coopen.cn
O1 - Hosts: 203.191.146.205 u4.sky99.cn
O1 - Hosts: 203.191.146.205 u1.sky99.cn
O1 - Hosts: 203.191.146.205 u2.sky99.cn
O1 - Hosts: 203.191.146.205 u3.sky99.cn
O1 - Hosts: 203.191.146.205 sky99.cn
O1 - Hosts: 203.191.146.205 u.sky99.cn
O1 - Hosts: 203.191.146.205 u.ete.cn
O1 - Hosts: 203.191.146.205 ip.alexaanywhere.com
O1 - Hosts: 203.191.146.205 www.365tan.com
O1 - Hosts: 203.191.146.205 www.winopen.cn
O1 - Hosts: 203.191.146.205 www.tanip.com
O1 - Hosts: 203.191.146.205 alexaanywhere.com
O1 - Hosts: 203.191.146.205 jssb.alexaanywhere.com
O1 - Hosts: 203.191.146.205 ns250.alexaanywhere.com
O1 - Hosts: 203.191.146.205 sb.alexaanywhere.com
O1 - Hosts: 203.191.146.205 ip.alexaanywhere.com
O1 - Hosts: 203.191.146.205 pop.9v.cn
O1 - Hosts: 203.191.146.205 xuni.myad.cn
O1 - Hosts: 203.191.146.205 iebar.t2t2.com
O1 - Hosts: 203.191.146.205 error.newcell.cn
O1 - Hosts: 203.191.146.205 auto.search.msn.com
O1 - Hosts: 203.191.146.205 www.kuaiso.com
O1 - Hosts: 203.191.146.205 cns.3721.com
O1 - Hosts: 203.191.146.205 seek.3721.com
O1 - Hosts: 203.191.146.205 name.cnnic.cn
O1 - Hosts: 203.191.146.205 toolsbar.kuaiso.com
O1 - Hosts: 203.191.146.205 www.kuaiso.com
O1 - Hosts: 203.191.146.205 kuaiso.com
O1 - Hosts: 203.191.146.205 www.copyso.com
O1 - Hosts: 203.191.146.205 union.copyso.com
O1 - Hosts: 203.191.146.205 auto.search.msn.com
O1 - Hosts: 203.191.146.205 ok.mop-hz.com
O1 - Hosts: 203.191.146.205 www.ncast.cn
O1 - Hosts: 203.191.146.205 www.ads3721.com
O1 - Hosts: 203.191.146.205 360.ads3721.com
O1 - Hosts: 203.191.146.205 www.maohehe.com
O1 - Hosts: 203.191.146.205 www.5566.net
O1 - Hosts: 203.191.146.205 5566.net
O1 - Hosts: 203.191.146.205 www.gjj.cc
O1 - Hosts: 203.191.146.205 gjj.cc
O1 - Hosts: 203.191.146.205 www.9495.com
O1 - Hosts: 203.191.146.205 9495.com
O1 - Hosts: 203.191.146.205 my123.com
O1 - Hosts: 203.191.146.205 www.my123.com
O1 - Hosts: 203.191.146.205 7b.com.cn
O1 - Hosts: 203.191.146.205 www.7b.com.cn
O1 - Hosts: 203.191.146.205 www.qu123.com
O1 - Hosts: 203.191.146.205 www.37021.com
O1 - Hosts: 203.191.146.205 www.37021.net
O1 - Hosts: 203.191.146.205 www.4199.com
O1 - Hosts: 203.191.146.205 4199.com
O1 - Hosts: 203.191.146.205 www.9505.com
O1 - Hosts: 203.191.146.205 9505.com
O1 - Hosts: 203.191.146.205 7939.com
O1 - Hosts: 203.191.146.205 www.7939.com
O1 - Hosts: 203.191.146.205 www.3448.com
O1 - Hosts: 203.191.146.205 3448.com
O1 - Hosts: 203.191.146.205 8925.com
O1 - Hosts: 203.191.146.205 www.8925.com
O1 - Hosts: 203.191.146.205 www.ttmp3.com
O1 - Hosts: 203.191.146.205 ttmp3.com
O1 - Hosts: 203.191.146.205 www.3tg.cn
O1 - Hosts: 203.191.146.205 3tg.cn
O1 - Hosts: 203.191.146.205 123wa.com
O1 - Hosts: 203.191.146.205 www.123wa.com
O1 - Hosts: 203.191.146.205 www.159.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Common Files\CPUSH\cpush.dll
O2 - BHO: CNNIC ÍøÂ繤¾ßDrag - {352E3B3A-CAB5-4DBC-B940-C7F84D0447D8} - C:\PROGRA~1\CNNIC\Cdn\cdndrag.dll
O2 - BHO: (no name) - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: WMHlprObj Class - {F5824EFB-728A-4726-A5A5-85A68B20EDC3} - C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [wdfmgr32] C:\WINDOWS\system32\wdfmgr32.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [xy] C:\WINDOWS\Download\svhost32.exe
O4 - HKLM\..\Run: [wdfmgr32.exe] C:\WINDOWS\system32\wdfmgr32.exe
O4 - HKLM\..\Run: [sdmmrnm] D;]XJOEPXT]ufnq]te264/fyf
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: >>²ÊÐÅ·¢ËÍ<< - res://C:\PROGRA~1\vision\vision.dll/mms.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Chinese Navigation - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra 'Tools' menuitem: Chinese Navigation - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll
O9 - Extra 'Tools' menuitem: ²ÊE¾«ÁéÉèÖà - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164786513515
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WebSecurity - {3DD78ACF-0745-4532-94F8-A574457E1A81} - C:\WINDOWS\system32\PvSec.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Medie Sariel Number Service - Conexant - (no file)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

Sorry to sound picky, im sort of desperate... It is starting to overun my computer.

Any help is great

Thanks

 

Hi falconv8, since xxteakxx hasn't replied and he has given me permission to take over his logs if he hasn't replied, I'll help you.

First, I must warn you-there is a lot of infection showing in your log. One of these is a password stealing trojan. I strongly recommend you change all your passwords to all online accounts.

---------------------------------------------------------------------------------------------------------------
Please download SDFix and save it to the desktop.
Double click SDFix.exe and it will extract the files to C:\SDFix

[bold]Note:[/bold] [bold]Print or copy these instructions to Notepad and save them. You will be in safe mode and can't access the internet.[/bold]

* Restart your computer in Safe Mode (upon boot press [bold]F8[/bold], select "[bold]Safe Mode[/bold]" from the menu and press [bold]Enter[/bold])
* Open the SDFix folder and double-click RunThis.bat to start the script.
* Type Y to begin the cleanup process.
* It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
* Press any key and it will restart the PC.
* When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
* Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).

Restart in normal mode.
Please post back with the contents of Report.txt and a new HijackThis log.

 

Hey,

I tried deleting the chinese navigation in Hijackthis, but it made it way back? :S

SDFix


SDFix: Version 1.46
****************

Tue 12/12/2006 - 23:52:32.20

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Stage One - Safe Mode

Checking For Trojan Services...

Service Name:


File Path:



Starting Registry Repairs...

Restoring Default Hosts File...

Stage One Complete

Rebooting...

Stage Two - Normal Mode

Checking For Malware:
--------------------

C:\WINDOWS\csrss.exe
C:\WINDOWS\Download\svhost32.exe
C:\WINDOWS\system32\0.txt
C:\WINDOWS\system32\wdfmgr32.exe

Backing Up and Removing any Files Found...

Final Check:

Services:
---------


Authorized Applications Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*isabled:avgemc.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*isabled:avginet.exe"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\WINDOWS\\system32\\wbem\\lsass.exe"="C:\\WINDOWS\\system32\\wbem\\lsass.exe:*:Enabled:Generic Hosts for WinService"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"


Files:
------

Backups Folder: - C:\SDFix\backups\backups.zip

Checking for files with Hidden Attributes:

C:\Program Files\Internet Explorer\Connection Wizard\isignup.dll
C:\WINDOWS\system32\ACSs.dll
C:\WINDOWS\system32\Nwsapagent.dll
C:\WINDOWS\system32\sdmAgent20.dll
C:\Program Files\iolo\System Mechanic Professional 6\unins000.exe
C:\WINDOWS\system32\cdplayer.exe.manifest
C:\WINDOWS\system32\logonui.exe.manifest
C:\hiberfil.sys
C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys
C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys

FINISHED!




HijackThis


Logfile of HijackThis v1.99.1
Scan saved at 11:58:40 PM, on 12/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Documents and Settings\Default\Desktop\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 7333.5009.cn
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com
O1 - Hosts: 202.109.114.142 iplusms.allyes.com
O1 - Hosts: 202.109.114.142 mms.t2t2.com
O1 - Hosts: 202.109.114.142 www.u8u.com
O1 - Hosts: 202.109.114.142 u.u8u.com
O1 - Hosts: 202.109.114.142 tl.linktone.com
O1 - Hosts: 202.109.114.142 channel.e78.com
O1 - Hosts: 202.109.114.142 u.7town.com
O1 - Hosts: 202.109.114.142 union.95ol.com.cn
O1 - Hosts: 202.109.114.142 mms1.95ol.com.cn
O1 - Hosts: 202.109.114.142 mfs.95ol.com.cn
O1 - Hosts: 202.109.114.142 tl.a8.com
O1 - Hosts: 202.109.114.142 ad01.a8.com
O1 - Hosts: 202.109.114.142 u2.caiku.com
O1 - Hosts: 202.109.114.142 mms.caiku.com
O1 - Hosts: 202.109.114.142 code1.caiku.com
O1 - Hosts: 202.109.114.142 pub.lele.com
O1 - Hosts: 202.109.114.142 u.lele.com
O1 - Hosts: 202.109.114.142 7town.com
O1 - Hosts: 202.109.114.142 tvsend.7town.com
O1 - Hosts: 202.109.114.142 ivrsend.7town.com
O1 - Hosts: 202.109.114.142 tlt.7town.com
O1 - Hosts: 202.109.114.142 gsend.7town.com
O1 - Hosts: 202.109.114.142 smssend.7town.com
O1 - Hosts: 202.109.114.142 91ivr.com
O1 - Hosts: 202.109.114.142 myad.91ivr.com
O1 - Hosts: 202.109.114.142 u.91ivr.com
O1 - Hosts: 202.109.114.142 union.91ivr.com
O1 - Hosts: 203.191.146.205 corep.dmcast.com
O1 - Hosts: 203.191.146.205 m081.dmcast.com
O1 - Hosts: 203.191.146.205 dcww.dmcast.com
O1 - Hosts: 203.191.146.205 renren.dmcast.com
O1 - Hosts: 203.191.146.205 files.henbang.net
O1 - Hosts: 203.191.146.205 bannerbox.cn
O1 - Hosts: 203.191.146.205 www.bannerbox.cn
O1 - Hosts: 203.191.146.205 action.coopen.cn
O1 - Hosts: 203.191.146.205 u4.sky99.cn
O1 - Hosts: 203.191.146.205 u1.sky99.cn
O1 - Hosts: 203.191.146.205 u2.sky99.cn
O1 - Hosts: 203.191.146.205 u3.sky99.cn
O1 - Hosts: 203.191.146.205 sky99.cn
O1 - Hosts: 203.191.146.205 u.sky99.cn
O1 - Hosts: 203.191.146.205 u.ete.cn
O1 - Hosts: 203.191.146.205 ip.alexaanywhere.com
O1 - Hosts: 203.191.146.205 www.365tan.com
O1 - Hosts: 203.191.146.205 www.winopen.cn
O1 - Hosts: 203.191.146.205 www.tanip.com
O1 - Hosts: 203.191.146.205 alexaanywhere.com
O1 - Hosts: 203.191.146.205 jssb.alexaanywhere.com
O1 - Hosts: 203.191.146.205 ns250.alexaanywhere.com
O1 - Hosts: 203.191.146.205 sb.alexaanywhere.com
O1 - Hosts: 203.191.146.205 ip.alexaanywhere.com
O1 - Hosts: 203.191.146.205 pop.9v.cn
O1 - Hosts: 203.191.146.205 xuni.myad.cn
O1 - Hosts: 203.191.146.205 iebar.t2t2.com
O1 - Hosts: 203.191.146.205 error.newcell.cn
O1 - Hosts: 203.191.146.205 auto.search.msn.com
O1 - Hosts: 203.191.146.205 www.kuaiso.com
O1 - Hosts: 203.191.146.205 cns.3721.com
O1 - Hosts: 203.191.146.205 seek.3721.com
O1 - Hosts: 203.191.146.205 name.cnnic.cn
O1 - Hosts: 203.191.146.205 toolsbar.kuaiso.com
O1 - Hosts: 203.191.146.205 www.kuaiso.com
O1 - Hosts: 203.191.146.205 kuaiso.com
O1 - Hosts: 203.191.146.205 www.copyso.com
O1 - Hosts: 203.191.146.205 union.copyso.com
O1 - Hosts: 203.191.146.205 auto.search.msn.com
O1 - Hosts: 203.191.146.205 ok.mop-hz.com
O1 - Hosts: 203.191.146.205 www.ncast.cn
O1 - Hosts: 203.191.146.205 www.ads3721.com
O1 - Hosts: 203.191.146.205 360.ads3721.com
O1 - Hosts: 203.191.146.205 www.maohehe.com
O1 - Hosts: 203.191.146.205 www.5566.net
O1 - Hosts: 203.191.146.205 5566.net
O1 - Hosts: 203.191.146.205 www.gjj.cc
O1 - Hosts: 203.191.146.205 gjj.cc
O1 - Hosts: 203.191.146.205 www.9495.com
O1 - Hosts: 203.191.146.205 9495.com
O1 - Hosts: 203.191.146.205 my123.com
O1 - Hosts: 203.191.146.205 www.my123.com
O1 - Hosts: 203.191.146.205 7b.com.cn
O1 - Hosts: 203.191.146.205 www.7b.com.cn
O1 - Hosts: 203.191.146.205 www.qu123.com
O1 - Hosts: 203.191.146.205 www.37021.com
O1 - Hosts: 203.191.146.205 www.37021.net
O1 - Hosts: 203.191.146.205 www.4199.com
O1 - Hosts: 203.191.146.205 4199.com
O1 - Hosts: 203.191.146.205 www.9505.com
O1 - Hosts: 203.191.146.205 9505.com
O1 - Hosts: 203.191.146.205 7939.com
O1 - Hosts: 203.191.146.205 www.7939.com
O1 - Hosts: 203.191.146.205 www.3448.com
O1 - Hosts: 203.191.146.205 3448.com
O1 - Hosts: 203.191.146.205 8925.com
O1 - Hosts: 203.191.146.205 www.8925.com
O1 - Hosts: 203.191.146.205 www.ttmp3.com
O1 - Hosts: 203.191.146.205 ttmp3.com
O1 - Hosts: 203.191.146.205 www.3tg.cn
O1 - Hosts: 203.191.146.205 3tg.cn
O1 - Hosts: 203.191.146.205 123wa.com
O1 - Hosts: 203.191.146.205 www.123wa.com
O1 - Hosts: 203.191.146.205 www.159.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CNNIC ÍøÂ繤¾ßDrag - {352E3B3A-CAB5-4DBC-B940-C7F84D0447D8} - C:\PROGRA~1\CNNIC\Cdn\cdndrag.dll
O2 - BHO: (no name) - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: WMHlprObj Class - {F5824EFB-728A-4726-A5A5-85A68B20EDC3} - C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [wdfmgr32] C:\WINDOWS\system32\wdfmgr32.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [wdfmgr32.exe] C:\WINDOWS\system32\wdfmgr32.exe
O4 - HKLM\..\Run: [sdmmrnm] D;]XJOEPXT]ufnq]te264/fyf
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: >>²ÊÐÅ·¢ËÍ<< - res://C:\PROGRA~1\vision\vision.dll/mms.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Chinese Navigation - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra 'Tools' menuitem: Chinese Navigation - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll
O9 - Extra 'Tools' menuitem: ²ÊE¾«ÁéÉèÖà - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164786513515
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WebSecurity - {3DD78ACF-0745-4532-94F8-A574457E1A81} - C:\WINDOWS\system32\PvSec.dll
O21 - SSODL: NetWork - {FC055E7D-8144-4706-8586-2F1C49FCDD2A} - C:\WINDOWS\system32\reporter.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Medie Sariel Number Service - Conexant - (no file)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe



Thanks Heaps!

 

Download The Hoster and unzip it to your desktop.

Next, open the Hoster
Make sure that the "make hosts writable?" button in the upper right corner is checked
Now, click on 'back up Host files'
then click on 'Restore orginal host files'
Finally, close the hoster.

Go here to download the trial version of [bold]AVG Anti-spyware[/bold].
Install and open AVGAS.
Click "[bold]Update[/bold]" then click "[bold]Start update[/bold]".
After updating, close AVGAS. We will run the scan in safe mode.


Go here and download [bold]CCleaner[/bold].
[bold]Note[/bold]: If you do not want [bold]Yahoo! Toolbar[/bold] uncheck the option when installing.
Open [bold]CCleaner[/bold].
Click [bold]Options[/bold] > [bold]Advance[/bold] > uncheck "Only delete files in Windows Temp folders older than 48 hours".
Do not run CCleaner yet, we will in safe mode later.


Next, run a scan only with HijackThis, check these. Close all windows except HijackThis before clicking "Fix checked".

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 7333.5009.cn
O2 - BHO: CNNIC ÍøÂ繤¾ßDrag - {352E3B3A-CAB5-4DBC-B940-C7F84D0447D8} - C:\PROGRA~1\CNNIC\Cdn\cdndrag.dll
O2 - BHO: (no name) - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll
O2 - BHO: WMHlprObj Class - {F5824EFB-728A-4726-A5A5-85A68B20EDC3} - C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll
O4 - HKLM\..\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKLM\..\Run: [wdfmgr32] C:\WINDOWS\system32\wdfmgr32.exe
O4 - HKLM\..\Run: [wdfmgr32.exe] C:\WINDOWS\system32\wdfmgr32.exe
O4 - HKLM\..\Run: [sdmmrnm] D;]XJOEPXT]ufnq]te264/fyf
O8 - Extra context menu item: >>²ÊÐÅ·¢ËÍ<< - res://C:\PROGRA~1\vision\vision.dll/mms.htm
O9 - Extra button: Chinese Navigation - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra 'Tools' menuitem: Chinese Navigation - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll
O9 - Extra 'Tools' menuitem: ²ÊE¾«ÁéÉèÖà - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll
O21 - SSODL: WebSecurity - {3DD78ACF-0745-4532-94F8-A574457E1A81} - C:\WINDOWS\system32\PvSec.dll
O21 - SSODL: NetWork - {FC055E7D-8144-4706-8586-2F1C49FCDD2A} - C:\WINDOWS\system32\reporter.dll

Close HijackThis.
Go to Start > Run > type services.msc
Locate the following and double-click it to open.
Medie Sariel Number Service
Beside "Startup type" click the drop-down menu and select "Disabled".
Close Services.

[bold]Note:[/bold] [bold]Print or copy these instructions to Notepad and save them. You will be in safe mode later and can't access the internet.[/bold]
To reboot your computer in Safe Mode: upon boot press [bold]F8[/bold], select "[bold]Safe Mode[/bold]" from the menu and press [bold]Enter[/bold].

Open HiackThis.
Click "Open the misc tools section".
Click "Delete an NT service".
Copy/paste this into the area and click OK.
You will be prompted to restart, click Yes and restart in Safe Mode.
O23 - Service: Medie Sariel Number Service - Conexant - (no file)


In safe mode:
Show hidden files and folders.
Start > Control Panel > Folder Options > View tab > check "Show hidden files and folders".
Click Apply, then OK.

Locate and delete these(if there):

C:\WINDOWS\system32\wdfmgr32.exe <--file
C:\Program Files\vision <--folder
C:\Program Files\CNNIC <--folder
C:\WINDOWS\system32\reporter.dll <--file
C:\WINDOWS\system32\PvSec.dll <--file

Empty the Recycle Bin.

Close all windows.
Open CCleaner.
Click [bold]Run Cleaner[/bold].

Open AVGAS and click "[bold]Scanner[/bold]".
Click "[bold]Complete System Scan[/bold]".
When it finishes scanning, set all items to "[bold]Quarantine[/bold]".
Click "[bold]Apply All Actions[/bold]".
Click "[bold]Save Report[/bold]" and save it to the desktop.
Close AVGAS and restart in normal mode.

Please post back with the AVGAS report and a new HijackThis log.

 

Hey,

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:28:39 PM 13/12/2006

+ Scan result:



C:\Documents and Settings\Default\Desktop\backups\backup-20061211-230344-250.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\Documents and Settings\Default\Desktop\backups\backup-20061211-230402-945.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\Documents and Settings\Default\Desktop\backups\backup-20061211-230404-945.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\Program Files\Common Files\CPUSH\cpush0.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP10\A0002705.exe -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP11\A0002779.exe -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP28\A0004766.exe -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP31\A0008962.exe -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP32\A0009036.exe -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP32\snapshot\MFEX-4.DAT -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0011260.exe -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0014110.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ad812.exe -> Adware.BHO : Cleaned with backup (quarantined).
C:\Documents and Settings\Default\Desktop\backups\backup-20061213-153041-496.dll -> Adware.Boran : Cleaned with backup (quarantined).
C:\Program Files\vision\vision.dll -> Adware.Boran : Cleaned with backup (quarantined).
C:\Program Files\vision\visver.dll -> Adware.Boran : Cleaned with backup (quarantined).
C:\~deE.tmp -> Adware.Boran : Cleaned with backup (quarantined).
C:\Documents and Settings\Default\Desktop\backups\backup-20061213-153041-135.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP10\A0002707.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP10\A0002708.exe -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP11\A0002742.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP11\A0002775.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP11\A0002776.exe -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP11\snapshot\MFEX-2.DAT -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP12\snapshot\MFEX-2.DAT -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP13\snapshot\MFEX-2.DAT -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP14\snapshot\MFEX-2.DAT -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP15\snapshot\MFEX-2.DAT -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP16\snapshot\MFEX-2.DAT -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP17\snapshot\MFEX-2.DAT -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP18\A0003021.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP18\A0003073.exe -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP18\snapshot\MFEX-2.DAT -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP19\A0003164.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP19\A0003169.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP19\A0003175.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP19\A0003184.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP19\A0003185.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP19\A0003188.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP19\A0003300.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP19\A0003306.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP19\A0003307.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP19\A0003308.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP19\A0003310.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP19\A0003359.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP19\A0003364.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP19\A0003370.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP19\A0003379.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP19\A0003380.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP19\A0003383.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP19\A0003496.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP19\A0003502.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP19\A0003503.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP19\A0003504.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP24\A0003584.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP24\A0003586.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP24\A0003587.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP24\A0003593.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP24\A0003594.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP24\A0003595.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP28\A0004746.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP28\A0004747.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP28\A0004763.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP28\A0004764.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP30\A0006862.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP30\A0006868.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP30\A0006874.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP30\A0006883.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP30\A0006884.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP30\A0006887.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP30\A0006898.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP30\A0006899.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP30\A0006900.exe -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP30\A0006902.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP30\A0007877.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP30\A0007878.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP30\A0007879.exe -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP31\A0008965.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP31\A0008967.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP31\A0008973.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP31\A0008974.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP31\A0008975.exe -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP31\A0008978.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP32\A0009013.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP32\snapshot\MFEX-3.DAT -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP33\A0011108.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP33\A0011113.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP33\A0011119.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP33\A0011128.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP33\A0011129.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP33\A0011132.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0012265.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0012270.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0012271.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0012272.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0012274.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0012303.dll/{48A53CEB-AD6E-4CF3-B6AA-1F0B1441B202}.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0012313.dll/{6346B0FF-B61E-4761-B565-30FCB8087B03}.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0012317.exe/{731D1AE3-2282-43CD-9BEB-29734AEE9110}.exe -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0012319.exe/{76CE5CB4-4EAE-4B59-9E20-99F3FD4D7C79}.exe -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0012327.dll/{AB0351DC-B6B4-403E-9E0E-2B66F0BC0EEE}.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0012334.dll/{D6CA453E-74F8-4EE3-883D-77DBED9AD492}.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP35\A0012382.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP35\A0012387.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP35\A0012393.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP35\A0012402.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP35\A0012403.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP35\A0012406.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP41\A0012839.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP41\A0012843.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP41\A0012849.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP41\A0013978.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP41\A0013980.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP41\A0013986.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP41\A0013998.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP41\A0014004.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP41\A0014005.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP41\A0014006.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP41\A0014038.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP41\A0014043.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP41\A0014049.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP41\A0014058.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP41\A0014059.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP41\A0014062.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP41\A0014072.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP41\A0014078.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP41\A0014079.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP41\A0014080.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015120.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015125.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015131.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015140.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015141.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015144.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015155.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015161.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015162.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015163.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015249.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015254.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015260.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015269.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015270.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015273.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015338.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015370.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015371.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015378.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015386.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015387.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\WINDOWS\system32\cdnns.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP19\A0003173.dll -> Adware.Cdnup : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP19\A0003314.dll -> Adware.Cdnup : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP19\A0003368.dll -> Adware.Cdnup : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP19\A0003510.dll -> Adware.Cdnup : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP28\A0004754.dll -> Adware.Cdnup : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP30\A0006872.dll -> Adware.Cdnup : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP33\A0011117.dll -> Adware.Cdnup : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0012278.dll -> Adware.Cdnup : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0012304.dll/{497FF2AB-8924-4D59-BAD8-E8C338A92DC6}.dll -> Adware.Cdnup : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0012324.dll/{9C804553-9965-4AEE-BADD-2D0D5766F6A9}.dll -> Adware.Cdnup : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0012329.exe/{AD82DC11-4444-4876-BB46-0C711E11164D}.exe -> Adware.Cdnup : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP35\A0012391.dll -> Adware.Cdnup : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP41\A0014012.dll -> Adware.Cdnup : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP41\A0014047.dll -> Adware.Cdnup : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP41\A0014086.dll -> Adware.Cdnup : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015129.dll -> Adware.Cdnup : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015168.dll -> Adware.Cdnup : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015258.dll -> Adware.Cdnup : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015376.dll -> Adware.Cdnup : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP31\A0008958.dll -> Adware.Cinmus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0012294.exe/{09B37130-645D-4222-B11E-C9AE44ABD5DE}.exe -> Adware.Cinmus : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6671A431-5C3D-463d-A7CF-5587F9B7E191} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6671A431-5C3D-463d-A7CF-5587F9B7E191} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-1606980848-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6671A431-5C3D-463D-A7CF-5587F9B7E191} -> Adware.Generic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP10\A0002700.dll -> Adware.LinkMedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP10\A0002701.dll -> Adware.LinkMedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP10\A0002702.dll -> Adware.LinkMedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP18\A0003069.dll -> Adware.LinkMedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP18\A0003070.dll -> Adware.LinkMedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP18\A0003071.dll -> Adware.LinkMedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP36\A0012458.dll -> Adware.LinkMedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP36\A0012459.dll -> Adware.LinkMedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP36\A0012460.dll -> Adware.LinkMedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015329.dll -> Adware.LinkMedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015330.dll -> Adware.LinkMedia : Cleaned with backup (quarantined).
C:\WINDOWS\system32\__delete_on_reboot__a_c_s_s_._d_l_l_ -> Adware.LinkMedia : Cleaned with backup (quarantined).
C:\WINDOWS\system32\__delete_on_reboot__n_w_s_a_p_a_g_e_n_t_._d_l_l_ -> Adware.LinkMedia : Cleaned with backup (quarantined).
C:\WINDOWS\system32\sdmAgent20.dll -> Adware.LinkMedia : Cleaned with backup (quarantined).
C:\WINDOWS\system32\sdmAgent23.dll -> Adware.LinkMedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015367.dll -> Adware.Ncast : Cleaned with backup (quarantined).
C:\WINDOWS\system32\drivers\amdk5.sys -> Adware.Ncast : Cleaned with backup (quarantined).
C:\WINDOWS\system\cmmd.dll -> Adware.NewWeb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\SafeHelper12.dll -> Adware.SafeHelp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP10\A0002696.dll -> Adware.Sogou : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP32\A0009014.dll -> Adware.Sogou : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP19\A0003139.exe -> Adware.WSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP30\A0008858.dll -> Adware.WSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP30\A0008859.exe -> Adware.WSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP30\A0008860.exe -> Adware.WSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0012307.exe/{5552891C-61B1-4B77-990A-D1CFE358850F}.exe/DeskUn.exe -> Adware.WSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0012307.exe/{5552891C-61B1-4B77-990A-D1CFE358850F}.exe/Mrup.exe -> Adware.WSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0012307.exe/{5552891C-61B1-4B77-990A-D1CFE358850F}.exe/deskipn.dll.zgx -> Adware.WSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP35\A0012412.exe -> Adware.WSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP35\A0012413.exe -> Adware.WSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP36\A0012451.dll -> Adware.WSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP19\A0003137.dll -> Adware.Zhongsou : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP19\A0003138.dll -> Adware.Zhongsou : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP30\A0007886.dll -> Adware.Zhongsou : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP30\A0007887.dll -> Adware.Zhongsou : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0012307.exe/{5552891C-61B1-4B77-990A-D1CFE358850F}.exe/Run.dll.zgx -> Adware.Zhongsou : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0012307.exe/{5552891C-61B1-4B77-990A-D1CFE358850F}.exe/fshook.dll.zgx -> Adware.Zhongsou : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP36\A0012452.dll -> Adware.Zhongsou : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP36\A0012453.dll -> Adware.Zhongsou : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP10\A0002672.dll -> Downloader.Agent.aww : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP10\A0002681.dll -> Downloader.Agent.aww : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP11\A0002774.dll -> Downloader.Agent.aww : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP32\A0009033.dll -> Downloader.Agent.aww : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0011258.dll -> Downloader.Agent.aww : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015331.dll -> Downloader.Agent.aww : Cleaned with backup (quarantined).
C:\WINDOWS\system32\NTWorkStan.dll -> Downloader.Agent.aww : Cleaned with backup (quarantined).
C:\WINDOWS\system32\__delete_on_reboot__a_d_v_w_h_e_s_._d_l_l_ -> Downloader.Agent.aww : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/wdfmgr32.exe -> Downloader.Cryptic.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015217.exe -> Downloader.Cryptic.f : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wnttech.dll -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0012310.sys/{58E849AE-4750-46E3-B5C0-C84BFA6F6A6C}.sys -> Downloader.Small.npa : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0012318.sys/{74D6C0CD-7995-4784-8643-C44157669AC5}.sys -> Downloader.Small.npa : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\W9AF0T67\sna[1].exe -> Dropper.Agent.azw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP42\A0015322.sys -> Rootkit.Agent.cq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0012297.exe/{156E98B1-3ADA-4476-8738-A2F6689D2853}.exe -> Rootkit.Vanti.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0012320.dll/{88CBC595-83EB-4B24-BAB4-1C5E163446DE}.dll -> Rootkit.Vanti.eo : Cleaned with backup (quarantined).
C:\Documents and Settings\NetworkService\Cookies\default@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\NetworkService\Cookies\default@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP32\A0010024.dll -> Trojan.Delf.tf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP33\A0011133.dll -> Trojan.Delf.tf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP41\A0012708.exe/{221104B5-CE53-4FDB-A834-C0AFD5FD9BF6}.exe -> Trojan.Delf.tf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP41\A0012724.exe/{F44E76EC-CB63-4F6E-8CB7-525409CAD04B}.exe -> Trojan.Delf.tf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP30\A0006892.exe -> Trojan.Nilage.ayc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP30\A0007868.exe -> Trojan.Nilage.ayc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP30\A0007870.exe -> Trojan.Nilage.ayc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP30\A0008874.exe -> Trojan.Nilage.ayc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP30\A0008895.exe -> Trojan.Nilage.ayc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP32\A0009045.exe -> Trojan.Nilage.ayc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP33\A0011087.exe -> Trojan.OnLineGames.cr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0011240.exe -> Trojan.OnLineGames.cr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0012240.exe -> Trojan.OnLineGames.cr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP34\A0012257.exe -> Trojan.OnLineGames.cr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP35\A0012376.exe -> Trojan.OnLineGames.cr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP35\A0012407.exe -> Trojan.OnLineGames.cr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B5380568-16F0-496C-A55C-8AF81A1AC072}\RP37\A0012546.exe -> Trojan.OnLineGames.cr : Cleaned with backup (quarantined).


::Report end









Logfile of HijackThis v1.99.1
Scan saved at 3:28:21 PM, on 13/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Documents and Settings\Default\Desktop\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 7333.5009.cn
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com
O1 - Hosts: 202.109.114.142 iplusms.allyes.com
O1 - Hosts: 202.109.114.142 mms.t2t2.com
O1 - Hosts: 202.109.114.142 www.u8u.com
O1 - Hosts: 202.109.114.142 u.u8u.com
O1 - Hosts: 202.109.114.142 tl.linktone.com
O1 - Hosts: 202.109.114.142 channel.e78.com
O1 - Hosts: 202.109.114.142 u.7town.com
O1 - Hosts: 202.109.114.142 union.95ol.com.cn
O1 - Hosts: 202.109.114.142 mms1.95ol.com.cn
O1 - Hosts: 202.109.114.142 mfs.95ol.com.cn
O1 - Hosts: 202.109.114.142 tl.a8.com
O1 - Hosts: 202.109.114.142 ad01.a8.com
O1 - Hosts: 202.109.114.142 u2.caiku.com
O1 - Hosts: 202.109.114.142 mms.caiku.com
O1 - Hosts: 202.109.114.142 code1.caiku.com
O1 - Hosts: 202.109.114.142 pub.lele.com
O1 - Hosts: 202.109.114.142 u.lele.com
O1 - Hosts: 202.109.114.142 7town.com
O1 - Hosts: 202.109.114.142 tvsend.7town.com
O1 - Hosts: 202.109.114.142 ivrsend.7town.com
O1 - Hosts: 202.109.114.142 tlt.7town.com
O1 - Hosts: 202.109.114.142 gsend.7town.com
O1 - Hosts: 202.109.114.142 smssend.7town.com
O1 - Hosts: 202.109.114.142 91ivr.com
O1 - Hosts: 202.109.114.142 myad.91ivr.com
O1 - Hosts: 202.109.114.142 u.91ivr.com
O1 - Hosts: 202.109.114.142 union.91ivr.com
O1 - Hosts: 203.191.146.205 corep.dmcast.com
O1 - Hosts: 203.191.146.205 m081.dmcast.com
O1 - Hosts: 203.191.146.205 dcww.dmcast.com
O1 - Hosts: 203.191.146.205 renren.dmcast.com
O1 - Hosts: 203.191.146.205 files.henbang.net
O1 - Hosts: 203.191.146.205 bannerbox.cn
O1 - Hosts: 203.191.146.205 www.bannerbox.cn
O1 - Hosts: 203.191.146.205 action.coopen.cn
O1 - Hosts: 203.191.146.205 u4.sky99.cn
O1 - Hosts: 203.191.146.205 u1.sky99.cn
O1 - Hosts: 203.191.146.205 u2.sky99.cn
O1 - Hosts: 203.191.146.205 u3.sky99.cn
O1 - Hosts: 203.191.146.205 sky99.cn
O1 - Hosts: 203.191.146.205 u.sky99.cn
O1 - Hosts: 203.191.146.205 u.ete.cn
O1 - Hosts: 203.191.146.205 ip.alexaanywhere.com
O1 - Hosts: 203.191.146.205 www.365tan.com
O1 - Hosts: 203.191.146.205 www.winopen.cn
O1 - Hosts: 203.191.146.205 www.tanip.com
O1 - Hosts: 203.191.146.205 alexaanywhere.com
O1 - Hosts: 203.191.146.205 jssb.alexaanywhere.com
O1 - Hosts: 203.191.146.205 ns250.alexaanywhere.com
O1 - Hosts: 203.191.146.205 sb.alexaanywhere.com
O1 - Hosts: 203.191.146.205 ip.alexaanywhere.com
O1 - Hosts: 203.191.146.205 pop.9v.cn
O1 - Hosts: 203.191.146.205 xuni.myad.cn
O1 - Hosts: 203.191.146.205 iebar.t2t2.com
O1 - Hosts: 203.191.146.205 error.newcell.cn
O1 - Hosts: 203.191.146.205 auto.search.msn.com
O1 - Hosts: 203.191.146.205 www.kuaiso.com
O1 - Hosts: 203.191.146.205 cns.3721.com
O1 - Hosts: 203.191.146.205 seek.3721.com
O1 - Hosts: 203.191.146.205 name.cnnic.cn
O1 - Hosts: 203.191.146.205 toolsbar.kuaiso.com
O1 - Hosts: 203.191.146.205 www.kuaiso.com
O1 - Hosts: 203.191.146.205 kuaiso.com
O1 - Hosts: 203.191.146.205 www.copyso.com
O1 - Hosts: 203.191.146.205 union.copyso.com
O1 - Hosts: 203.191.146.205 auto.search.msn.com
O1 - Hosts: 203.191.146.205 ok.mop-hz.com
O1 - Hosts: 203.191.146.205 www.ncast.cn
O1 - Hosts: 203.191.146.205 www.ads3721.com
O1 - Hosts: 203.191.146.205 360.ads3721.com
O1 - Hosts: 203.191.146.205 www.maohehe.com
O1 - Hosts: 203.191.146.205 www.5566.net
O1 - Hosts: 203.191.146.205 5566.net
O1 - Hosts: 203.191.146.205 www.gjj.cc
O1 - Hosts: 203.191.146.205 gjj.cc
O1 - Hosts: 203.191.146.205 www.9495.com
O1 - Hosts: 203.191.146.205 9495.com
O1 - Hosts: 203.191.146.205 my123.com
O1 - Hosts: 203.191.146.205 www.my123.com
O1 - Hosts: 203.191.146.205 7b.com.cn
O1 - Hosts: 203.191.146.205 www.7b.com.cn
O1 - Hosts: 203.191.146.205 www.qu123.com
O1 - Hosts: 203.191.146.205 www.37021.com
O1 - Hosts: 203.191.146.205 www.37021.net
O1 - Hosts: 203.191.146.205 www.4199.com
O1 - Hosts: 203.191.146.205 4199.com
O1 - Hosts: 203.191.146.205 www.9505.com
O1 - Hosts: 203.191.146.205 9505.com
O1 - Hosts: 203.191.146.205 7939.com
O1 - Hosts: 203.191.146.205 www.7939.com
O1 - Hosts: 203.191.146.205 www.3448.com
O1 - Hosts: 203.191.146.205 3448.com
O1 - Hosts: 203.191.146.205 8925.com
O1 - Hosts: 203.191.146.205 www.8925.com
O1 - Hosts: 203.191.146.205 www.ttmp3.com
O1 - Hosts: 203.191.146.205 ttmp3.com
O1 - Hosts: 203.191.146.205 www.3tg.cn
O1 - Hosts: 203.191.146.205 3tg.cn
O1 - Hosts: 203.191.146.205 123wa.com
O1 - Hosts: 203.191.146.205 www.123wa.com
O1 - Hosts: 203.191.146.205 www.159.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CNNIC ÍøÂ繤¾ßDrag - {352E3B3A-CAB5-4DBC-B940-C7F84D0447D8} - C:\PROGRA~1\CNNIC\Cdn\cdndrag.dll
O2 - BHO: (no name) - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: WMHlprObj Class - {F5824EFB-728A-4726-A5A5-85A68B20EDC3} - C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [wdfmgr32] C:\WINDOWS\system32\wdfmgr32.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [wdfmgr32.exe] C:\WINDOWS\system32\wdfmgr32.exe
O4 - HKLM\..\Run: [sdmmrnm] D;]XJOEPXT]ufnq]te264/fyf
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: >>²ÊÐÅ·¢ËÍ<< - res://C:\PROGRA~1\vision\vision.dll/mms.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Chinese Navigation - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra 'Tools' menuitem: Chinese Navigation - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll
O9 - Extra 'Tools' menuitem: ²ÊE¾«ÁéÉèÖà - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164786513515
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WebSecurity - {3DD78ACF-0745-4532-94F8-A574457E1A81} - C:\WINDOWS\system32\PvSed.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Medie Sariel Number Service - Conexant - (no file)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe





Thanks Heaps!

 

The last two HijackThis scans were run from safe mode. Please run all HijackThis scans in normal mode.

Please post a new HijackThis log from normal mode.

Edited since you posted at the same time I edited first time.

 

Logfile of HijackThis v1.99.1
Scan saved at 6:45:38 PM, on 13/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Default\Desktop\Virus-Spyware Fixers\HijackThis_v1.99.1.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com
O1 - Hosts: 202.109.114.142 iplusms.allyes.com
O1 - Hosts: 202.109.114.142 mms.t2t2.com
O1 - Hosts: 202.109.114.142 www.u8u.com
O1 - Hosts: 202.109.114.142 u.u8u.com
O1 - Hosts: 202.109.114.142 tl.linktone.com
O1 - Hosts: 202.109.114.142 channel.e78.com
O1 - Hosts: 202.109.114.142 u.7town.com
O1 - Hosts: 202.109.114.142 union.95ol.com.cn
O1 - Hosts: 202.109.114.142 mms1.95ol.com.cn
O1 - Hosts: 202.109.114.142 mfs.95ol.com.cn
O1 - Hosts: 202.109.114.142 tl.a8.com
O1 - Hosts: 202.109.114.142 ad01.a8.com
O1 - Hosts: 202.109.114.142 u2.caiku.com
O1 - Hosts: 202.109.114.142 mms.caiku.com
O1 - Hosts: 202.109.114.142 code1.caiku.com
O1 - Hosts: 202.109.114.142 pub.lele.com
O1 - Hosts: 202.109.114.142 u.lele.com
O1 - Hosts: 202.109.114.142 7town.com
O1 - Hosts: 202.109.114.142 tvsend.7town.com
O1 - Hosts: 202.109.114.142 ivrsend.7town.com
O1 - Hosts: 202.109.114.142 tlt.7town.com
O1 - Hosts: 202.109.114.142 gsend.7town.com
O1 - Hosts: 202.109.114.142 smssend.7town.com
O1 - Hosts: 202.109.114.142 91ivr.com
O1 - Hosts: 202.109.114.142 myad.91ivr.com
O1 - Hosts: 202.109.114.142 u.91ivr.com
O1 - Hosts: 202.109.114.142 union.91ivr.com
O1 - Hosts: 203.191.146.205 corep.dmcast.com
O1 - Hosts: 203.191.146.205 m081.dmcast.com
O1 - Hosts: 203.191.146.205 dcww.dmcast.com
O1 - Hosts: 203.191.146.205 renren.dmcast.com
O1 - Hosts: 203.191.146.205 files.henbang.net
O1 - Hosts: 203.191.146.205 bannerbox.cn
O1 - Hosts: 203.191.146.205 www.bannerbox.cn
O1 - Hosts: 203.191.146.205 action.coopen.cn
O1 - Hosts: 203.191.146.205 u4.sky99.cn
O1 - Hosts: 203.191.146.205 u1.sky99.cn
O1 - Hosts: 203.191.146.205 u2.sky99.cn
O1 - Hosts: 203.191.146.205 u3.sky99.cn
O1 - Hosts: 203.191.146.205 sky99.cn
O1 - Hosts: 203.191.146.205 u.sky99.cn
O1 - Hosts: 203.191.146.205 u.ete.cn
O1 - Hosts: 203.191.146.205 ip.alexaanywhere.com
O1 - Hosts: 203.191.146.205 www.365tan.com
O1 - Hosts: 203.191.146.205 www.winopen.cn
O1 - Hosts: 203.191.146.205 www.tanip.com
O1 - Hosts: 203.191.146.205 alexaanywhere.com
O1 - Hosts: 203.191.146.205 jssb.alexaanywhere.com
O1 - Hosts: 203.191.146.205 ns250.alexaanywhere.com
O1 - Hosts: 203.191.146.205 sb.alexaanywhere.com
O1 - Hosts: 203.191.146.205 ip.alexaanywhere.com
O1 - Hosts: 203.191.146.205 pop.9v.cn
O1 - Hosts: 203.191.146.205 xuni.myad.cn
O1 - Hosts: 203.191.146.205 iebar.t2t2.com
O1 - Hosts: 203.191.146.205 error.newcell.cn
O1 - Hosts: 203.191.146.205 auto.search.msn.com
O1 - Hosts: 203.191.146.205 www.kuaiso.com
O1 - Hosts: 203.191.146.205 cns.3721.com
O1 - Hosts: 203.191.146.205 seek.3721.com
O1 - Hosts: 203.191.146.205 name.cnnic.cn
O1 - Hosts: 203.191.146.205 toolsbar.kuaiso.com
O1 - Hosts: 203.191.146.205 www.kuaiso.com
O1 - Hosts: 203.191.146.205 kuaiso.com
O1 - Hosts: 203.191.146.205 www.copyso.com
O1 - Hosts: 203.191.146.205 union.copyso.com
O1 - Hosts: 203.191.146.205 auto.search.msn.com
O1 - Hosts: 203.191.146.205 ok.mop-hz.com
O1 - Hosts: 203.191.146.205 www.ncast.cn
O1 - Hosts: 203.191.146.205 www.ads3721.com
O1 - Hosts: 203.191.146.205 360.ads3721.com
O1 - Hosts: 203.191.146.205 www.maohehe.com
O1 - Hosts: 203.191.146.205 www.5566.net
O1 - Hosts: 203.191.146.205 5566.net
O1 - Hosts: 203.191.146.205 www.gjj.cc
O1 - Hosts: 203.191.146.205 gjj.cc
O1 - Hosts: 203.191.146.205 www.9495.com
O1 - Hosts: 203.191.146.205 9495.com
O1 - Hosts: 203.191.146.205 my123.com
O1 - Hosts: 203.191.146.205 www.my123.com
O1 - Hosts: 203.191.146.205 7b.com.cn
O1 - Hosts: 203.191.146.205 www.7b.com.cn
O1 - Hosts: 203.191.146.205 www.qu123.com
O1 - Hosts: 203.191.146.205 www.37021.com
O1 - Hosts: 203.191.146.205 www.37021.net
O1 - Hosts: 203.191.146.205 www.4199.com
O1 - Hosts: 203.191.146.205 4199.com
O1 - Hosts: 203.191.146.205 www.9505.com
O1 - Hosts: 203.191.146.205 9505.com
O1 - Hosts: 203.191.146.205 7939.com
O1 - Hosts: 203.191.146.205 www.7939.com
O1 - Hosts: 203.191.146.205 www.3448.com
O1 - Hosts: 203.191.146.205 3448.com
O1 - Hosts: 203.191.146.205 8925.com
O1 - Hosts: 203.191.146.205 www.8925.com
O1 - Hosts: 203.191.146.205 www.ttmp3.com
O1 - Hosts: 203.191.146.205 ttmp3.com
O1 - Hosts: 203.191.146.205 www.3tg.cn
O1 - Hosts: 203.191.146.205 3tg.cn
O1 - Hosts: 203.191.146.205 123wa.com
O1 - Hosts: 203.191.146.205 www.123wa.com
O1 - Hosts: 203.191.146.205 www.159.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [sdmmrnm] D;]XJOEPXT]ufnq]te264/fyf
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: >>²ÊÐÅ·¢ËÍ<< - res://C:\PROGRA~1\vision\vision.dll/mms.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll
O9 - Extra 'Tools' menuitem: ²ÊE¾«ÁéÉèÖà - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164786513515
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: NetWork - {FC055E7D-8144-4706-8586-2F1C49FCDD2A} - C:\WINDOWS\system32\reporter.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\system32\wdfmgr.exe (file missing)

 

Open the Hoster.
Click on 'back up Host files'
Click 'Restore Microsoft's host files'.
Close the Hoster.

Run a scan only with HjT, check these:

O2 - BHO: (no name) - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll
O4 - HKLM\..\Run: [sdmmrnm] D;]XJOEPXT]ufnq]te264/fyf
O8 - Extra context menu item: >>²ÊÐÅ·¢ËÍ<< - res://C:\PROGRA~1\vision\vision.dll/mms.htm
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll
O9 - Extra 'Tools' menuitem: ²ÊE¾«ÁéÉèÖà - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll
O21 - SSODL: NetWork - {FC055E7D-8144-4706-8586-2F1C49FCDD2A} - C:\WINDOWS\system32\reporter.dll

Close all other windows before clicking "Fix checked".


Locate and delete these: (if access is denied delete them in safe mode)
C:\Program Files\vision <--folder
C:\WINDOWS\system32\reporter.dll <--file

Empty the Recycle Bin and restart your computer.

Next, go here to run [bold]Kaspersky Online Scanner[/bold].
After downloading, click "[bold]My Computer[/bold]" to scan.
After scanning, click "[bold]Save report as[/bold]".
Save as a text file on the desktop.

Then, run ComboFix again to get a new log.

Please post back with the Kaspersky log, the ComboFix log and a new HijackThis log.

 

I try to Restore Microsoft's Original Files on Hoster, and it says:
"ERROR: Cannot create file C:\WINDOWS\system32\DRIVERS\\ETC\hosts

???

 

Okay, let's try this.
Open the Hoster.
In the left window select any host with the IP of
202.109.114.142
or
203.191.146.205
Select them one at a time and click "Delete selected line" for each one.
Do not delete any others!
Then, click "Restore Microsoft's Host file"
If same error, just continue with the instructions.

 

It says the same message when I click delete selected line...

I will continue on

Thanks

 

I delete Vision and reporter.dll, but they just keep on coming back... Literally a second later?

 

First, I want to thank you for be patient with me. This isn't the easiest infection to rid. But as long as you won't give up, I won't quit until I know you're clean.

Please post a new HijackThis log and I will continue to further my research about this Chinese infection.

 

Logfile of HijackThis v1.99.1
Scan saved at 4:04:56 PM, on 14/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Default\Desktop\Virus-Spyware Fixers\HijackThis_v1.99.1.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com
O1 - Hosts: 202.109.114.142 iplusms.allyes.com
O1 - Hosts: 202.109.114.142 mms.t2t2.com
O1 - Hosts: 202.109.114.142 www.u8u.com
O1 - Hosts: 202.109.114.142 u.u8u.com
O1 - Hosts: 202.109.114.142 tl.linktone.com
O1 - Hosts: 202.109.114.142 channel.e78.com
O1 - Hosts: 202.109.114.142 u.7town.com
O1 - Hosts: 202.109.114.142 union.95ol.com.cn
O1 - Hosts: 202.109.114.142 mms1.95ol.com.cn
O1 - Hosts: 202.109.114.142 mfs.95ol.com.cn
O1 - Hosts: 202.109.114.142 tl.a8.com
O1 - Hosts: 202.109.114.142 ad01.a8.com
O1 - Hosts: 202.109.114.142 u2.caiku.com
O1 - Hosts: 202.109.114.142 mms.caiku.com
O1 - Hosts: 202.109.114.142 code1.caiku.com
O1 - Hosts: 202.109.114.142 pub.lele.com
O1 - Hosts: 202.109.114.142 u.lele.com
O1 - Hosts: 202.109.114.142 7town.com
O1 - Hosts: 202.109.114.142 tvsend.7town.com
O1 - Hosts: 202.109.114.142 ivrsend.7town.com
O1 - Hosts: 202.109.114.142 tlt.7town.com
O1 - Hosts: 202.109.114.142 gsend.7town.com
O1 - Hosts: 202.109.114.142 smssend.7town.com
O1 - Hosts: 202.109.114.142 91ivr.com
O1 - Hosts: 202.109.114.142 myad.91ivr.com
O1 - Hosts: 202.109.114.142 u.91ivr.com
O1 - Hosts: 202.109.114.142 union.91ivr.com
O1 - Hosts: 203.191.146.205 corep.dmcast.com
O1 - Hosts: 203.191.146.205 m081.dmcast.com
O1 - Hosts: 203.191.146.205 dcww.dmcast.com
O1 - Hosts: 203.191.146.205 renren.dmcast.com
O1 - Hosts: 203.191.146.205 files.henbang.net
O1 - Hosts: 203.191.146.205 bannerbox.cn
O1 - Hosts: 203.191.146.205 www.bannerbox.cn
O1 - Hosts: 203.191.146.205 action.coopen.cn
O1 - Hosts: 203.191.146.205 u4.sky99.cn
O1 - Hosts: 203.191.146.205 u1.sky99.cn
O1 - Hosts: 203.191.146.205 u2.sky99.cn
O1 - Hosts: 203.191.146.205 u3.sky99.cn
O1 - Hosts: 203.191.146.205 sky99.cn
O1 - Hosts: 203.191.146.205 u.sky99.cn
O1 - Hosts: 203.191.146.205 u.ete.cn
O1 - Hosts: 203.191.146.205 ip.alexaanywhere.com
O1 - Hosts: 203.191.146.205 www.365tan.com
O1 - Hosts: 203.191.146.205 www.winopen.cn
O1 - Hosts: 203.191.146.205 www.tanip.com
O1 - Hosts: 203.191.146.205 alexaanywhere.com
O1 - Hosts: 203.191.146.205 jssb.alexaanywhere.com
O1 - Hosts: 203.191.146.205 ns250.alexaanywhere.com
O1 - Hosts: 203.191.146.205 sb.alexaanywhere.com
O1 - Hosts: 203.191.146.205 ip.alexaanywhere.com
O1 - Hosts: 203.191.146.205 pop.9v.cn
O1 - Hosts: 203.191.146.205 xuni.myad.cn
O1 - Hosts: 203.191.146.205 iebar.t2t2.com
O1 - Hosts: 203.191.146.205 error.newcell.cn
O1 - Hosts: 203.191.146.205 auto.search.msn.com
O1 - Hosts: 203.191.146.205 www.kuaiso.com
O1 - Hosts: 203.191.146.205 cns.3721.com
O1 - Hosts: 203.191.146.205 seek.3721.com
O1 - Hosts: 203.191.146.205 name.cnnic.cn
O1 - Hosts: 203.191.146.205 toolsbar.kuaiso.com
O1 - Hosts: 203.191.146.205 www.kuaiso.com
O1 - Hosts: 203.191.146.205 kuaiso.com
O1 - Hosts: 203.191.146.205 www.copyso.com
O1 - Hosts: 203.191.146.205 union.copyso.com
O1 - Hosts: 203.191.146.205 auto.search.msn.com
O1 - Hosts: 203.191.146.205 ok.mop-hz.com
O1 - Hosts: 203.191.146.205 www.ncast.cn
O1 - Hosts: 203.191.146.205 www.ads3721.com
O1 - Hosts: 203.191.146.205 360.ads3721.com
O1 - Hosts: 203.191.146.205 www.maohehe.com
O1 - Hosts: 203.191.146.205 www.5566.net
O1 - Hosts: 203.191.146.205 5566.net
O1 - Hosts: 203.191.146.205 www.gjj.cc
O1 - Hosts: 203.191.146.205 gjj.cc
O1 - Hosts: 203.191.146.205 www.9495.com
O1 - Hosts: 203.191.146.205 9495.com
O1 - Hosts: 203.191.146.205 my123.com
O1 - Hosts: 203.191.146.205 www.my123.com
O1 - Hosts: 203.191.146.205 7b.com.cn
O1 - Hosts: 203.191.146.205 www.7b.com.cn
O1 - Hosts: 203.191.146.205 www.qu123.com
O1 - Hosts: 203.191.146.205 www.37021.com
O1 - Hosts: 203.191.146.205 www.37021.net
O1 - Hosts: 203.191.146.205 www.4199.com
O1 - Hosts: 203.191.146.205 4199.com
O1 - Hosts: 203.191.146.205 www.9505.com
O1 - Hosts: 203.191.146.205 9505.com
O1 - Hosts: 203.191.146.205 7939.com
O1 - Hosts: 203.191.146.205 www.7939.com
O1 - Hosts: 203.191.146.205 www.3448.com
O1 - Hosts: 203.191.146.205 3448.com
O1 - Hosts: 203.191.146.205 8925.com
O1 - Hosts: 203.191.146.205 www.8925.com
O1 - Hosts: 203.191.146.205 www.ttmp3.com
O1 - Hosts: 203.191.146.205 ttmp3.com
O1 - Hosts: 203.191.146.205 www.3tg.cn
O1 - Hosts: 203.191.146.205 3tg.cn
O1 - Hosts: 203.191.146.205 123wa.com
O1 - Hosts: 203.191.146.205 www.123wa.com
O1 - Hosts: 203.191.146.205 www.159.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [sdmmrnm] D;]XJOEPXT]ufnq]te264/fyf
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: >>²ÊÐÅ·¢ËÍ<< - res://C:\PROGRA~1\vision\vision.dll/mms.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll
O9 - Extra 'Tools' menuitem: ²ÊE¾«ÁéÉèÖà - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164786513515
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: NetWork - {FC055E7D-8144-4706-8586-2F1C49FCDD2A} - C:\WINDOWS\system32\reporter.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\system32\wdfmgr.exe (file missing)

 

Okay, please run ComboFix again to get a new log and post it. We need to get rid of all the registry entries created by this infection.

 

Default - 06-12-15 16:17:47.42 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Default\Desktop\Virus-Spyware Fixers"

((((((((((((((((((((((((((((((( Files Created from 2006-11-15 to 2006-12-15 ))))))))))))))))))))))))))))))))))


2006-12-15 16:08 <DIR> d-------- C:\WINDOWS\LastGood
2006-12-14 19:37 <DIR> d-------- C:\WINDOWS\system32\DRM
2006-12-14 19:36 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2006-12-14 19:36 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2006-12-14 19:34 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2006-12-14 19:34 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2006-12-14 19:21 60,416 --------- C:\WINDOWS\system32\tzchange.exe
2006-12-14 19:11 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2006-12-14 19:11 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2006-12-14 19:11 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2006-12-13 19:46 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2006-12-13 16:37 23,040 --a------ C:\WINDOWS\system32\reporter.dll
2006-12-13 15:46 <DIR> dr-h----- C:\Documents and Settings\Default\Recent
2006-12-13 15:45 <DIR> d-------- C:\Program Files\CCleaner
2006-12-13 15:37 61,440 --a------ C:\WINDOWS\system32\advwhes.dll
2006-12-13 15:19 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-12-13 15:16 36,864 --a------ C:\WINDOWS\system32\PvSed.dll
2006-12-12 23:13 <DIR> d-------- C:\SDFix
2006-12-10 18:39 2,346 --a------ C:\WINDOWS\system32\tmp.reg
2006-12-10 18:26 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
2006-12-10 18:26 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-12-10 18:26 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2006-12-10 18:26 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-12-10 18:26 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-12-10 18:26 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-12-10 00:00 <DIR> d-------- C:\WINDOWS\temp
2006-12-09 23:45 <DIR> d-------- C:\WINDOWS\pss
2006-12-09 11:15 <DIR> d-------- C:\WINDOWS\system32\ContentTemp
2006-12-09 11:09 29,696 --a------ C:\WINDOWS\system32\wmpkn.dll
2006-12-09 11:04 27,648 --a------ C:\WINDOWS\system32\tpnet.dll
2006-12-09 11:03 10,752 --a------ C:\WINDOWS\system32\filter.dll
2006-12-09 11:03 10,447 --a------ C:\WINDOWS\system32\drivers\LanPort.sys
2006-12-07 18:11 28,672 --a------ C:\WINDOWS\system32\drivers\00003a52.SYS
2006-12-07 18:11 <DIR> d-------- C:\Program Files\vision
2006-12-05 16:54 <DIR> d-------- C:\Program Files\LimeWire
2006-12-05 15:50 9,651 --a------ C:\WINDOWS\system32\drivers\parcls.sys
2006-12-03 12:37 160,384 --a------ C:\WINDOWS\system32\drivers\cdnprot.sys
2006-12-03 00:33 <DIR> d-------- C:\Documents and Settings\Default\Incomplete
2006-12-03 00:33 <DIR> d-------- C:\Documents and Settings\Default\.limewire
2006-12-03 00:30 <DIR> d-------- C:\Program Files\Java
2006-12-03 00:27 <DIR> d-------- C:\Program Files\Common Files\Java
2006-12-02 23:34 <DIR> d-------- C:\WINDOWS\Minidump
2006-12-02 21:53 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2006-12-02 21:53 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2006-12-02 21:53 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2006-12-02 21:53 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2006-12-02 21:53 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2006-12-02 21:52 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2006-12-02 21:52 61,440 -ra------ C:\WINDOWS\ov519dib.dll
2006-12-02 21:52 40,960 -ra------ C:\WINDOWS\system32\ov519ext.dll
2006-12-02 21:52 40,960 -ra------ C:\WINDOWS\CleanDev.exe
2006-12-02 21:52 32,528 -ra------ C:\WINDOWS\amcap.exe
2006-12-02 21:52 307,200 -ra------ C:\WINDOWS\vidcap32.exe
2006-12-02 21:52 25,211 -ra------ C:\WINDOWS\system32\drivers\ov519cmd.sys
2006-12-02 21:52 200,704 -ra------ C:\WINDOWS\sel3110.exe
2006-12-02 21:52 174,530 -ra------ C:\WINDOWS\system32\drivers\ov519vid.sys
2006-12-02 21:52 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2006-12-02 21:52 16,426 -ra------ C:\WINDOWS\system32\ov519usd.dll
2006-12-02 21:52 135,168 -ra------ C:\WINDOWS\ov519cap.exe
2006-12-02 21:52 <DIR> d-------- C:\WINDOWS\OvtCam
2006-12-01 17:51 376 --a------ C:\WINDOWS\system32\innvusmb32.dll
2006-11-30 17:03 <DIR> d-------- C:\WINDOWS\Download
2006-11-30 17:01 <DIR> d-------- C:\WINDOWS\Intel
2006-11-30 16:57 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2006-11-29 19:22 <DIR> d-------- C:\Documents and Settings\Default\Application Data\InterVideo
2006-11-28 20:07 8,699 --a------ C:\WINDOWS\system32\drivers\hdfs.sys
2006-11-28 20:07 8,477 --------- C:\WINDOWS\system32\drivers\amdk5.sys
2006-11-27 21:39 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2006-11-27 21:39 <DIR> d-------- C:\Program Files\InterVideo
2006-11-27 21:38 9,088 --------- C:\WINDOWS\system32\drivers\bsstor.sys
2006-11-27 21:38 716,800 --------- C:\WINDOWS\NuNInst.exe
2006-11-27 21:38 333,184 --------- C:\WINDOWS\system32\drivers\bsudf.sys
2006-11-27 21:37 610,304 --------- C:\WINDOWS\UNNMP.exe
2006-11-27 21:35 <DIR> d-------- C:\Program Files\ahead
2006-11-27 21:34 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2006-11-27 19:57 9,341 --a------ C:\WINDOWS\system32\drivers\filedisk.sys
2006-11-27 19:57 41,472 --a------ C:\WINDOWS\system32\iolobtdfg.exe
2006-11-27 19:57 25,264 --a------ C:\WINDOWS\system32\smrgdf.exe
2006-11-27 19:57 1,212,928 --a------ C:\WINDOWS\system32\Incinerator.dll
2006-11-27 19:57 <DIR> d-------- C:\Program Files\iolo
2006-11-26 23:18 <DIR> dr-h----- C:\$VAULT$.AVG
2006-11-26 19:26 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2006-11-26 18:21 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2006-11-26 18:20 <DIR> d-------- C:\WINDOWS\WBEM
2006-11-26 18:20 <DIR> d-------- C:\WINDOWS\system32\en-US
2006-11-26 18:19 <DIR> d--h-c--- C:\WINDOWS\ie7
2006-11-26 18:17 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2006-11-26 18:17 <DIR> d-------- C:\WINDOWS\network diagnostic
2006-11-26 18:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2006-11-26 10:23 <DIR> d-------- C:\Documents and Settings\Default\Application Data\Help
2006-11-26 10:10 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2006-11-25 21:34 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2006-11-25 03:57 14,822 --a------ C:\WINDOWS\system32\drivers\cdntran.sys
2006-11-25 02:01 <DIR> d-------- C:\Program Files\Eyetoy Drivers
2006-11-25 01:32 <DIR> d-------- C:\WINDOWS\eyetoy
2006-11-25 01:32 <DIR> d-------- C:\Program Files\Eyetoy
2006-11-25 01:20 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2006-11-23 23:36 <DIR> d-------- C:\Program Files\MSXML 4.0
2006-11-23 21:45 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2006-11-23 21:45 <DIR> d-------- C:\Documents and Settings\Default\Application Data\Macromedia
2006-11-23 21:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-11-23 21:39 32,512 --a------ C:\WINDOWS\system32\drivers\npf.sys
2006-11-23 21:37 <DIR> d-------- C:\Documents and Settings\Default\Application Data\Lavasoft
2006-11-23 21:20 552 --a------ C:\WINDOWS\system32\nrssvd32.dll
2006-11-23 21:20 <DIR> d-------- C:\WINDOWS\system32\drivers\etcdr
2006-11-23 21:19 29 --a------ C:\WINDOWS\system32\vdmop.dll
2006-11-23 21:19 22 --a------ C:\WINDOWS\system32\wmsnds32.dll
2006-11-23 21:19 <DIR> d-------- C:\WINDOWS\system32\MicShExts
2006-11-23 21:19 <DIR> d-------- C:\Program Files\Common Files\CPUSH
2006-11-23 21:19 <DIR> d-------- C:\Downloads
2006-11-23 21:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2006-11-23 21:01 <DIR> d-------- C:\Program Files\Common Files\HP
2006-11-23 20:58 <DIR> d-------- C:\Program Files\Hewlett-Packard
2006-11-23 20:58 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2006-11-23 20:57 <DIR> dr--s---- C:\WINDOWS\assembly
2006-11-23 20:57 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2006-11-23 20:57 <DIR> d-------- C:\WINDOWS\Microsoft.NET
2006-11-23 20:54 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2006-11-23 20:54 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2006-11-23 20:54 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2006-11-23 20:54 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2006-11-23 20:54 306,688 --a------ C:\WINDOWS\IsUninst.exe
2006-11-23 20:54 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2006-11-23 20:54 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2006-11-23 20:47 51,120 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2006-11-23 20:47 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2006-11-23 20:46 21,744 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2006-11-23 20:45 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2006-11-23 20:22 <DIR> d--h----- C:\Config.Msi
2006-11-23 20:13 <DIR> d-------- C:\Program Files\HP
2006-11-23 20:10 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2006-11-23 20:10 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2006-11-23 20:10 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2006-11-23 20:10 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2006-11-23 20:10 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2006-11-23 20:10 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2006-11-23 20:10 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2006-11-23 20:10 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2006-11-23 20:10 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2006-11-23 20:10 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2006-11-23 20:10 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2006-11-23 20:10 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2006-11-23 20:09 86,016 --a------ C:\WINDOWS\system32\mdmxsdk.dll
2006-11-23 20:09 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2006-11-23 20:09 685,056 --a------ C:\WINDOWS\system32\drivers\HSFCXTS2.sys
2006-11-23 20:09 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2006-11-23 20:09 42,368 --a------ C:\WINDOWS\system32\drivers\AGP440.SYS
2006-11-23 20:09 4,274,816 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-11-23 20:09 32,285 --a------ C:\WINDOWS\system32\HSFCISP2.dll
2006-11-23 20:09 220,032 --a------ C:\WINDOWS\system32\drivers\HSFBS2S2.sys
2006-11-23 20:09 11,868 --a------ C:\WINDOWS\system32\drivers\mdmxsdk.sys
2006-11-23 20:09 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2006-11-23 20:09 1,897,408 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2006-11-23 20:09 1,041,536 --a------ C:\WINDOWS\system32\drivers\HSFDPSP2.sys
2006-11-23 20:08 96,256 --a------ C:\WINDOWS\system32\drivers\ac97intc.sys
2006-11-23 20:08 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2006-11-23 20:08 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-11-23 20:08 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2006-11-23 20:08 <DIR> d--hs---- C:\WINDOWS\Installer
2006-11-23 20:07 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2006-11-23 20:07 9,008 --a------ C:\WINDOWS\system\VER.DLL
2006-11-23 20:07 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2006-11-23 20:07 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2006-11-23 20:07 8,704 --a------ C:\WINDOWS\system32\batt.dll
2006-11-23 20:07 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2006-11-23 20:07 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2006-11-23 20:07 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2006-11-23 20:07 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
2006-11-23 20:07 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
2006-11-23 20:07 68,768 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2006-11-23 20:07 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2006-11-23 20:07 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2006-11-23 20:07 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2006-11-23 20:07 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2006-11-23 20:07 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2006-11-23 20:07 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2006-11-23 20:07 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2006-11-23 20:07 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2006-11-23 20:07 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2006-11-23 20:07 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2006-11-23 20:07 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2006-11-23 20:07 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2006-11-23 20:07 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2006-11-23 20:07 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2006-11-23 20:07 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2006-11-23 20:07 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2006-11-23 20:07 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2006-11-23 20:07 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll
2006-11-23 20:07 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2006-11-23 20:07 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2006-11-23 20:07 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-11-23 20:07 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2006-11-23 20:07 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2006-11-23 20:07 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2006-11-23 20:07 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2006-11-23 20:07 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-11-23 20:07 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2006-11-23 20:07 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2006-11-23 20:07 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2006-11-23 20:07 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2006-11-23 20:07 <DIR> dr-h----- C:\Documents and Settings\All Users\Application Data\.
2006-11-23 20:07 <DIR> dr-h----- C:\Documents and Settings\All Users\Application Data
2006-11-23 20:07 <DIR> dr------- C:\Documents and Settings\All Users\Start Menu
2006-11-23 20:07 <DIR> dr------- C:\Documents and Settings\All Users\Documents
2006-11-23 20:07 <DIR> d-a------ C:\Program Files\Common Files\..
2006-11-23 20:07 <DIR> d-a------ C:\Program Files\.
2006-11-23 20:07 <DIR> d-a------ C:\Program Files
2006-11-23 20:07 <DIR> d--hs---- C:\Program Files\..
2006-11-23 20:07 <DIR> d--h----- C:\Documents and Settings\All Users\Templates
2006-11-23 20:07 <DIR> d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2006-11-23 20:07 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2006-11-23 20:07 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2006-11-23 20:07 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2006-11-23 20:07 <DIR> d-------- C:\Program Files\Common Files\ODBC
2006-11-23 20:07 <DIR> d-------- C:\Program Files\Common Files\Microsoft Shared
2006-11-23 20:07 <DIR> d-------- C:\Program Files\Common Files\.
2006-11-23 20:07 <DIR> d-------- C:\Program Files\Common Files
2006-11-23 20:07 <DIR> d-------- C:\Documents and Settings\All Users\Favorites
2006-11-23 20:07 <DIR> d-------- C:\Documents and Settings\All Users\Desktop
2006-11-23 20:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\..
2006-11-23 20:06 <DIR> d--hs---- C:\System Volume Information
2006-11-23 20:06 <DIR> d-------- C:\Documents and Settings\All Users\..
2006-11-23 20:06 <DIR> d-------- C:\Documents and Settings\All Users\.
2006-11-23 20:06 <DIR> d-------- C:\Documents and Settings
2006-11-23 20:01 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2006-11-23 20:01 <DIR> dr--s---- C:\WINDOWS\Fonts
2006-11-23 20:01 <DIR> dr------- C:\WINDOWS\Web
2006-11-23 20:01 <DIR> d--hs---- C:\WINDOWS\..
2006-11-23 20:01 <DIR> d--h----- C:\WINDOWS\inf
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\WinSxS
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\twain_32
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\wins
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\wbem
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\usmt
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\spool
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\Setup
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\ras
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\oobe
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\npp
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\mui
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\IME
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\icsxml
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\ias
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\export
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\drivers\..
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\drivers\.
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\drivers
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\dhcp
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\config
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\3076
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\2052
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\1054
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\1042
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\1041
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\1037
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\1033
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\1031
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\1028
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\1025
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\..
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32\.
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system32
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system\..
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system\.
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\system
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\security
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\Resources
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\repair
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\Provisioning
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\PeerNet
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\pchealth
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\mui
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\msapps
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\msagent
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\Media
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\java
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\ime
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\Help
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\Driver Cache
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\Debug
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\Cursors
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\Connection Wizard
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\Config
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\AppPatch
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\addins
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS\.
2006-11-23 20:01 <DIR> d-------- C:\WINDOWS
2006-11-23 19:59 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2006-11-23 19:54 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2006-11-23 19:54 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2006-11-23 19:54 <DIR> d-------- C:\Program Files\Common Files\DESIGNER
2006-11-23 19:53 <DIR> d-------- C:\WINDOWS\SHELLNEW
2006-11-23 19:53 <DIR> d-------- C:\Program Files\Microsoft Office
2006-11-23 19:32 <DIR> d-------- C:\Documents and Settings\Default\Application Data\AdobeUM
2006-11-23 19:32 <DIR> d-------- C:\Documents and Settings\Default\Application Data\AdobeAUM
2006-11-23 19:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2006-11-23 19:07 <DIR> d-------- C:\Program Files\Adobe
2006-11-23 19:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2006-11-23 19:06 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2006-11-23 19:06 <DIR> d-------- C:\Program Files\Yahoo!
2006-11-23 19:00 <DIR> d-------- C:\Program Files\iTunes
2006-11-23 19:00 <DIR> d-------- C:\Program Files\iPod
2006-11-23 19:00 <DIR> d-------- C:\Documents and Settings\Default\Application Data\Apple Computer
2006-11-23 18:59 <DIR> d-------- C:\Program Files\QuickTime
2006-11-23 18:59 <DIR> d-------- C:\Program Files\Apple Software Update
2006-11-23 18:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2006-11-23 18:47 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2006-11-23 18:47 <DIR> d-------- C:\Documents and Settings\Default\Contacts
2006-11-23 18:46 <DIR> d-------- C:\Program Files\MSN Messenger
2006-11-23 18:42 <DIR> d-------- C:\Program Files\Common Files\Adobe
2006-11-23 18:42 <DIR> d-------- C:\Documents and Settings\Default\Application Data\Adobe
2006-11-23 18:32 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-11-23 18:32 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2006-11-23 18:23 <DIR> d--hs---- C:\RECYCLER
2006-11-23 18:01 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2006-11-23 18:00 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2006-11-23 17:59 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2006-11-23 09:49 778,656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-11-23 09:49 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-11-23 09:49 4,992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-11-23 09:49 4,288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-11-23 09:49 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2006-11-23 09:49 27,904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-11-23 09:49 23,424 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-11-23 09:49 <DIR> d-------- C:\Program Files\Grisoft
2006-11-23 09:49 <DIR> d-------- C:\Documents and Settings\Default\Application Data\AVG7
2006-11-23 09:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2006-11-23 09:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2006-11-23 09:47 <DIR> d-------- C:\Program Files\Lavasoft
2006-11-23 09:45 6,016 -ra------ C:\WINDOWS\system32\ntsim.sys
2006-11-23 09:45 40,960 -ra------ C:\WINDOWS\system32\drivers\fetnd5b.sys
2006-11-23 09:43 <DIR> d-------- C:\Rhine
2006-11-23 09:42 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS
2006-11-23 09:26 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2006-11-23 09:23 <DIR> dr-h----- C:\Documents and Settings\Default\SendTo
2006-11-23 09:23 <DIR> dr-h----- C:\Documents and Settings\Default\Application Data\.
2006-11-23 09:23 <DIR> dr-h----- C:\Documents and Settings\Default\Application Data
2006-11-23 09:23 <DIR> dr------- C:\Documents and Settings\Default\Start Menu
2006-11-23 09:23 <DIR> dr------- C:\Documents and Settings\Default\Favorites
2006-11-23 09:23 <DIR> d--hs---- C:\Documents and Settings\Default\Cookies
2006-11-23 09:23 <DIR> d--h----- C:\Program Files\Uninstall Information
2006-11-23 09:23 <DIR> d--h----- C:\Documents and Settings\Default\Templates
2006-11-23 09:23 <DIR> d--h----- C:\Documents and Settings\Default\PrintHood
2006-11-23 09:23 <DIR> d--h----- C:\Documents and Settings\Default\NetHood
2006-11-23 09:23 <DIR> d--h----- C:\Documents and Settings\Default\Local Settings
2006-11-23 09:23 <DIR> d---s---- C:\Documents and Settings\Default\Application Data\Microsoft
2006-11-23 09:23 <DIR> d-------- C:\Documents and Settings\Default\My Documents
2006-11-23 09:23 <DIR> d-------- C:\Documents and Settings\Default\Desktop
2006-11-23 09:23 <DIR> d-------- C:\Documents and Settings\Default\Application Data\Identities
2006-11-23 09:23 <DIR> d-------- C:\Documents and Settings\Default\Application Data\..
2006-11-23 09:23 <DIR> d-------- C:\Documents and Settings\Default\..
2006-11-23 09:23 <DIR> d-------- C:\Documents and Settings\Default\.
2006-11-23 09:21 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2006-11-23 09:20 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2006-11-23 09:20 <DIR> d-------- C:\WINDOWS\Prefetch
2006-11-23 09:17 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-11-23 09:17 0 -rahs---- C:\MSDOS.SYS
2006-11-23 09:17 0 -rahs---- C:\IO.SYS
2006-11-23 09:17 0 --a------ C:\CONFIG.SYS
2006-11-23 09:17 0 --a------ C:\AUTOEXEC.BAT
2006-11-23 09:17 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2006-11-23 09:17 <DIR> d-------- C:\WINDOWS\system32\xircom
2006-11-23 09:17 <DIR> d-------- C:\Program Files\xerox
2006-11-23 09:17 <DIR> d-------- C:\Program Files\microsoft frontpage
2006-11-23 09:16 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2006-11-23 09:16 <DIR> d--hs---- C:\Documents and Settings\All Users\DRM
2006-11-23 09:16 <DIR> d--h----- C:\Program Files\WindowsUpdate
2006-11-23 09:16 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2006-11-23 09:15 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2006-11-23 09:15 81,920 --a------ C:\WINDOWS\system32\ils.dll
2006-11-23 09:15 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2006-11-23 09:15 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2006-11-23 09:15 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2006-11-23 09:15 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2006-11-23 09:15 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2006-11-23 09:15 679,424 --------- C:\WINDOWS\system32\inetcomm.dll
2006-11-23 09:15 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2006-11-23 09:15 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-11-23 09:15 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2006-11-23 09:15 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-11-23 09:15 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2006-11-23 09:15 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2006-11-23 09:15 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2006-11-23 09:15 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-11-23 09:15 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-11-23 09:15 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-11-23 09:15 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2006-11-23 09:15 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-11-23 09:15 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-11-23 09:15 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-11-23 09:15 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2006-11-23 09:15 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-11-23 09:15 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2006-11-23 09:15 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-11-23 09:15 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-11-23 09:15 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2006-11-23 09:15 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-11-23 09:15 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-11-23 09:15 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-11-23 09:15 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-11-23 09:15 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2006-11-23 09:15 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-11-23 09:15 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2006-11-23 09:15 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-11-23 09:15 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2006-11-23 09:15 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-11-23 09:15 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2006-11-23 09:15 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-11-23 09:15 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2006-11-23 09:15 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2006-11-23 09:15 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2006-11-23 09:15 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2006-11-23 09:15 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-11-23 09:15 <DIR> d---s---- C:\WINDOWS\Tasks
2006-11-23 09:15 <DIR> d-------- C:\WINDOWS\system32\Restore
2006-11-23 09:15 <DIR> d-------- C:\WINDOWS\system32\Macromed
2006-11-23 09:15 <DIR> d-------- C:\WINDOWS\system32\DirectX
2006-11-23 09:15 <DIR> d-------- C:\WINDOWS\srchasst
2006-11-23 09:15 <DIR> d-------- C:\Program Files\Outlook Express
2006-11-23 09:15 <DIR> d-------- C:\Program Files\NetMeeting
2006-11-23 09:15 <DIR> d-------- C:\Program Files\Movie Maker
2006-11-23 09:15 <DIR> d-------- C:\Program Files\Internet Explorer
2006-11-23 09:15 <DIR> d-------- C:\Program Files\Common Files\System
2006-11-23 09:15 <DIR> d-------- C:\Program Files\Common Files\Services
2006-11-23 09:15 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2006-11-23 09:14 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-11-23 09:14 <DIR> d-------- C:\WINDOWS\Registration
2006-11-23 09:14 <DIR> d-------- C:\Program Files\Windows Media Player
2006-11-23 09:14 <DIR> d-------- C:\Program Files\Online Services
2006-11-23 09:14 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2006-11-23 09:14 <DIR> d-------- C:\Program Files\Messenger
2006-11-23 09:14 <DIR> d-------- C:\Program Files\ComPlus Applications
2006-11-23 09:13 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2006-11-23 09:13 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-11-23 09:13 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-11-23 09:13 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-11-23 09:13 9,728 --a------ C:\WINDOWS\system32\reset.exe
2006-11-23 09:13 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-11-23 09:13 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-11-23 09:13 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2006-11-23 09:13 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-11-23 09:13 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2006-11-23 09:13 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-11-23 09:13 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-11-23 09:13 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2006-11-23 09:13 600,576 --a------ C:\WINDOWS\system32\mstsc.exe
2006-11-23 09:13 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2006-11-23 09:13 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2006-11-23 09:13 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-11-23 09:13 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-11-23 09:13 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2006-11-23 09:13 56,832 --a------ C:\WINDOWS\system32\sol.exe
2006-11-23 09:13 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2006-11-23 09:13 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2006-11-23 09:13 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2006-11-23 09:13 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2006-11-23 09:13 538,624 --a------ C:\WINDOWS\system32\spider.exe
2006-11-23 09:13 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-11-23 09:13 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-11-23 09:13 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-11-23 09:13 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-11-23 09:13 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-11-23 09:13 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2006-11-23 09:13 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-11-23 09:13 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-11-23 09:13 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-11-23 09:13 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2006-11-23 09:13 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-11-23 09:13 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2006-11-23 09:13 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-11-23 09:13 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2006-11-23 09:13 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2006-11-23 09:13 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-11-23 09:13 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2006-11-23 09:13 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2006-11-23 09:13 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-11-23 09:13 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2006-11-23 09:13 20,992 --a------ C:\WINDOWS\system32\msg.exe
2006-11-23 09:13 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2006-11-23 09:13 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-11-23 09:13 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2006-11-23 09:13 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-11-23 09:13 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2006-11-23 09:13 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2006-11-23 09:13 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-11-23 09:13 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-11-23 09:13 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-11-23 09:13 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-11-23 09:13 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2006-11-23 09:13 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-11-23 09:13 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-11-23 09:13 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-11-23 09:13 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2006-11-23 09:13 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2006-11-23 09:13 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-11-23 09:13 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-11-23 09:13 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-11-23 09:13 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2006-11-23 09:13 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2006-11-23 09:13 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2006-11-23 09:13 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-11-23 09:13 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-11-23 09:13 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-11-23 09:13 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2006-11-23 09:13 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2006-11-23 09:13 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2006-11-23 09:13 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-11-23 09:13 114,688 --a------ C:\WINDOWS\system32\calc.exe
2006-11-23 09:13 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-11-23 09:13 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-11-23 09:13 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2006-11-23 09:13 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-11-23 09:13 1,866,240 --a------ C:\WINDOWS\system32\mstscax.dll
2006-11-23 09:13 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-11-23 09:13 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2006-11-23 09:13 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2006-11-23 09:13 <DIR> d-------- C:\WINDOWS\system32\Com
2006-11-23 09:13 <DIR> d-------- C:\Program Files\Windows NT
2006-11-23 09:13 <DIR> d-------- C:\Program Files\MSN


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))




(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SMSystemAnalyzer"="\"C:\\Program Files\\iolo\\System Mechanic Professional 6\\SMSystemAnalyzer.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb09.exe"
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"sdmmrnm"="D;]XJOEPXT]ufnq]te264/fyf"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{78BF3960-61F0-4F4E-825D-3554FA61E847}"="Windows Media Player ºËÐÄÔ¤¼ÓÔسÌÐò"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{6E44887F-5214-41F2-AB46-4728735C4CC6}"=""
"{1A404685-7563-4d02-B0F6-58B308A406A9}"=""
"{B8A170A8-7AD3-4678-B2FE-F2D7381CC1B5}"=""
"{B876D045-E0B1-4E79-9359-0B1BF00813EA}"="Media Filter"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run]
"csrss"="C:\\WINDOWS\\csrss.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\Run]
"csrss"="C:\\WINDOWS\\csrss.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"NetWork"="{FC055E7D-8144-4706-8586-2F1C49FCDD2A}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\amdk5
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\hdfs
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\LanPort
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\parcls

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 06-12-15 16:19:13.04
C:\ComboFix.txt ... 06-12-15 16:19
C:\ComboFix2.txt ... 06-12-10 18:40
C:\ComboFix3.txt ... 06-12-10 00:02

 

help anyone???