Piriform Forums > Buchi Log

Full Version: Buchi Log

Piriform Forums > Computer Help and Discussion > Spyware Hell

Buchi

Feb 4 2007, 10:23 AM

Thanks for the clarification

, below is my HIJACKTHIS LOG file. Please check and tell me the corrections:

Logfile of HijackThis v1.99.1
Scan saved at 3:49:40 PM, on 2/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolvc.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Spyware Nuker\swnxt.exe
C:\Program Files\GlobespanVirata\Adsl\dslstat.exe
C:\Program Files\GlobespanVirata\Adsl\dslagent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\mysvcc.exe
C:\WINDOWS\system32\srrvc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
D:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SAMSUNG\Samsung Multimedia Keyboard\gpkbd.exe
C:\Program Files\Outlook Express\msimn.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svcchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Zip\Anti-virus\HIJACKTHIS\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SWN2] C:\Program Files\Spyware Nuker\swnxt.exe /h
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\GlobespanVirata\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\GlobespanVirata\Adsl\dslagent.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Routingdsfdsfs] winf454jhgfgk.exe
O4 - HKLM\..\Run: [mysvcig38] mysvcc.exe
O4 - HKLM\..\Run: [john315] C:\WINDOWS\system32\srrvc.exe
O4 - HKLM\..\Run: [msvcc25] svcchost.exe
O4 - HKLM\..\RunServices: [Routingdsfdsfs] winf454jhgfgk.exe
O4 - HKLM\..\RunServices: [mysvcig38] mysvcc.exe
O4 - HKLM\..\RunServices: [msvcc25] svcchost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Routingdsfdsfs] winf454jhgfgk.exe
O4 - HKCU\..\Run: [john315] C:\WINDOWS\system32\srrvc.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Samsung Multimedia Keyboard.lnk = ?
O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Advanced Email Extractor - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/page.html
O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scan link with AEE - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/link.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - D:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/page.html (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Advanced Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/page.html (file missing) (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{17BBF687-1141-4522-B007-EF63C7F4B7EE}: NameServer = 202.54.6.60,202.54.29.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A1DA16E-B943-4E3A-A5A8-FF298FFD2041}: NameServer = 202.54.29.5 202.54.6.60
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Windows Host Services (DLLHOST32) - Unknown owner - C:\WINDOWS\system\dllhost.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft Sata emulation (mside) - Unknown owner - C:\WINDOWS\system\mside.exe (file missing)
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Windows Terminal Services - Unknown owner - C:\WINDOWS\system32\spoolvc.exe

rridgely

Feb 4 2007, 04:46 PM

Your computer is very infected. Your going to need some patience and time to get this fixed.

Please download VundoFix.exe
to your desktop.

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt into your next reply

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button." when
VundoFix appears at reboot.

Buchi

Feb 5 2007, 11:56 AM

I followed your instructions, below is the vundoFix.txt file.
As you see below, "yudpdsvv.dll" couldn't not be removed after several tries

:
-----------------------------------------------------------------------------------
VundoFix V6.3.5

Checking Java version...

Java version is 1.5.0.8

Scan started at 4:26:01 PM 2/5/2007

Listing files found while scanning....

C:\WINDOWS\system32\atfrnque.dll
C:\WINDOWS\system32\awtqono.dll
C:\WINDOWS\system32\awtqooo.dll
C:\WINDOWS\system32\awtrolk.dll
C:\WINDOWS\system32\awtrrqp.dll
C:\WINDOWS\system32\awtssrr.dll
C:\WINDOWS\system32\awttuus.dll
C:\WINDOWS\system32\awtuurr.dll
C:\WINDOWS\system32\awtuusp.dll
C:\WINDOWS\system32\btjckfoc.dll
C:\WINDOWS\system32\byxwtts.dll
C:\WINDOWS\system32\byxxyaa.dll
C:\WINDOWS\system32\byxxyya.dll
C:\WINDOWS\system32\byxywvu.dll
C:\WINDOWS\system32\byxyxxw.dll
C:\WINDOWS\system32\cbxuspp.dll
C:\WINDOWS\system32\cbxutsq.dll
C:\WINDOWS\system32\cbxvtsp.dll
C:\WINDOWS\system32\cbxvwut.dll
C:\WINDOWS\system32\cbxwttq.dll
C:\WINDOWS\system32\cbxwwwv.dll
C:\WINDOWS\system32\cbxwxxy.dll
C:\WINDOWS\system32\cofkcjtb.ini
C:\WINDOWS\system32\ddcaaww.dll
C:\WINDOWS\system32\ddcbxut.dll
C:\WINDOWS\system32\ddcdcca.dll
C:\WINDOWS\system32\ddcdeec.dll
C:\WINDOWS\system32\ddcyaxy.dll
C:\WINDOWS\system32\efcbbba.dll
C:\WINDOWS\system32\efcdcyy.dll
C:\WINDOWS\system32\efcyywt.dll
C:\WINDOWS\system32\efcyywx.dll
C:\WINDOWS\system32\euqnrfta.ini
C:\WINDOWS\system32\fccaayv.dll
C:\WINDOWS\system32\fccayaw.dll
C:\WINDOWS\system32\fccbaxx.dll
C:\WINDOWS\system32\fcccyyx.dll
C:\WINDOWS\system32\fccyxxx.dll
C:\WINDOWS\system32\gebcdab.dll
C:\WINDOWS\system32\gebywuv.dll
C:\WINDOWS\system32\gebywxv.dll
C:\WINDOWS\system32\gebyxwt.dll
C:\WINDOWS\system32\gebyxxu.dll
C:\WINDOWS\system32\gebyxyy.dll
C:\WINDOWS\system32\hggedax.dll
C:\WINDOWS\system32\hggefcy.dll
C:\WINDOWS\system32\hggfdde.dll
C:\WINDOWS\system32\hggffcb.dll
C:\WINDOWS\system32\hggffgg.dll
C:\WINDOWS\system32\hggfgeb.dll
C:\WINDOWS\system32\hgggdab.dll
C:\WINDOWS\system32\hgggddc.dll
C:\WINDOWS\system32\hgggefe.dll
C:\WINDOWS\system32\hgggged.dll
C:\WINDOWS\system32\hgghiii.dll
C:\WINDOWS\system32\iifcaby.dll
C:\WINDOWS\system32\iifcbxw.dll
C:\WINDOWS\system32\iifdbxw.dll
C:\WINDOWS\system32\iiffcca.dll
C:\WINDOWS\system32\iifgeeb.dll
C:\WINDOWS\system32\jkkjheb.dll
C:\WINDOWS\system32\jkkjijk.dll
C:\WINDOWS\system32\jkkkjgf.dll
C:\WINDOWS\system32\jkkklmj.dll
C:\WINDOWS\system32\khfcawu.dll
C:\WINDOWS\system32\khfcdbc.dll
C:\WINDOWS\system32\khfdefd.dll
C:\WINDOWS\system32\khfedeb.dll
C:\WINDOWS\system32\khfeedc.dll
C:\WINDOWS\system32\khffcax.dll
C:\WINDOWS\system32\khfggfc.dll
C:\WINDOWS\system32\ljjgeda.dll
C:\WINDOWS\system32\ljjghhi.dll
C:\WINDOWS\system32\ljjhfec.dll
C:\WINDOWS\system32\mljgeef.dll
C:\WINDOWS\system32\mljhhhh.dll
C:\WINDOWS\system32\mljjhhe.dll
C:\WINDOWS\system32\mljjhig.dll
C:\WINDOWS\system32\mljjihg.dll
C:\WINDOWS\system32\mljjihh.dll
C:\WINDOWS\system32\mljkihi.dll
C:\WINDOWS\system32\nnnliif.dll
C:\WINDOWS\system32\nnnliij.dll
C:\WINDOWS\system32\nnnlkhe.dll
C:\WINDOWS\system32\nnnmkih.dll
C:\WINDOWS\system32\nnnmljg.dll
C:\WINDOWS\system32\nnnmnml.dll
C:\WINDOWS\system32\nnnnllj.dll
C:\WINDOWS\system32\nnnoono.dll
C:\WINDOWS\system32\nnnooop.dll
C:\WINDOWS\system32\nnnopmn.dll
C:\WINDOWS\System32\nqstv.bak1
C:\WINDOWS\System32\nqstv.bak2
C:\WINDOWS\System32\nqstv.ini
C:\WINDOWS\system32\opnkkji.dll
C:\WINDOWS\system32\opnliff.dll
C:\WINDOWS\system32\opnliig.dll
C:\WINDOWS\system32\opnmjig.dll
C:\WINDOWS\system32\opnmkli.dll
C:\WINDOWS\system32\opnmnmn.dll
C:\WINDOWS\system32\opnollk.dll
C:\WINDOWS\system32\opnoomk.dll
C:\WINDOWS\system32\opnoopm.dll
C:\WINDOWS\system32\pmnmnnl.dll
C:\WINDOWS\system32\qomjhfe.dll
C:\WINDOWS\system32\qomjjkk.dll
C:\WINDOWS\system32\qomkjge.dll
C:\WINDOWS\system32\qomljge.dll
C:\WINDOWS\system32\qommkij.dll
C:\WINDOWS\system32\qommnlm.dll
C:\WINDOWS\system32\qomnmnl.dll
C:\WINDOWS\system32\qomnnoo.dll
C:\WINDOWS\system32\rqromlm.dll
C:\WINDOWS\system32\rqromnk.dll
C:\WINDOWS\system32\rqroool.dll
C:\WINDOWS\system32\rqrpolj.dll
C:\WINDOWS\system32\rqrqrpm.dll
C:\WINDOWS\system32\rqrqrss.dll
C:\WINDOWS\system32\sgqdqaux.ini
C:\WINDOWS\system32\ssqnkhi.dll
C:\WINDOWS\system32\ssqnkki.dll
C:\WINDOWS\system32\ssqnnmn.dll
C:\WINDOWS\system32\ssqnolk.dll
C:\WINDOWS\system32\ssqolki.dll
C:\WINDOWS\system32\ssqomnl.dll
C:\WINDOWS\system32\ssqonmj.dll
C:\WINDOWS\system32\ssqoopm.dll
C:\WINDOWS\system32\ssqpmnk.dll
C:\WINDOWS\system32\ssqpmnm.dll
C:\WINDOWS\system32\ssqpopq.dll
C:\WINDOWS\system32\ssqpqqp.dll
C:\WINDOWS\system32\ssqqnkk.dll
C:\WINDOWS\system32\ssqqool.dll
C:\WINDOWS\system32\ssqrrop.dll
C:\WINDOWS\system32\tuvsttr.dll
C:\WINDOWS\system32\tuvurqr.dll
C:\WINDOWS\system32\tuvuuvw.dll
C:\WINDOWS\system32\tuvvsst.dll
C:\WINDOWS\system32\tuvvuvv.dll
C:\WINDOWS\system32\tuvvvww.dll
C:\WINDOWS\system32\tuvwurp.dll
C:\WINDOWS\system32\tuvwxxy.dll
C:\WINDOWS\system32\urqnlji.dll
C:\WINDOWS\system32\urqnllm.dll
C:\WINDOWS\system32\urqolii.dll
C:\WINDOWS\system32\urqpqnl.dll
C:\WINDOWS\system32\urqqqoo.dll
C:\WINDOWS\system32\urqrqqn.dll
C:\WINDOWS\System32\vtsqn.dll
C:\WINDOWS\system32\vturqrq.dll
C:\WINDOWS\system32\vturrom.dll
C:\WINDOWS\system32\vtusqrr.dll
C:\WINDOWS\system32\vtusrsq.dll
C:\WINDOWS\system32\vtusrss.dll
C:\WINDOWS\system32\vtuttqq.dll
C:\WINDOWS\system32\vtuurom.dll
C:\WINDOWS\system32\vtuuvtt.dll
C:\WINDOWS\system32\wvuroon.dll
C:\WINDOWS\system32\wvussqp.dll
C:\WINDOWS\system32\wvutqom.dll
C:\WINDOWS\system32\wvuurpm.dll
C:\WINDOWS\system32\wvuvwxy.dll
C:\WINDOWS\system32\xuaqdqgs.dll
C:\WINDOWS\system32\xxyvuts.dll
C:\WINDOWS\system32\xxywtst.dll
C:\WINDOWS\system32\xxywvwu.dll
C:\WINDOWS\system32\xxywwtt.dll
C:\WINDOWS\system32\xxyxxus.dll
C:\WINDOWS\system32\xxyyyxy.dll
C:\WINDOWS\system32\yayayab.dll
C:\WINDOWS\system32\yayvuur.dll
C:\WINDOWS\system32\yaywurs.dll
C:\WINDOWS\system32\yaywuuu.dll
C:\WINDOWS\system32\yayxwts.dll
C:\WINDOWS\system32\yayyxyy.dll
C:\WINDOWS\System32\yudpdsvv.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\atfrnque.dll
C:\WINDOWS\system32\atfrnque.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awtqono.dll
C:\WINDOWS\system32\awtqono.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awtqooo.dll
C:\WINDOWS\system32\awtqooo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awtrolk.dll
C:\WINDOWS\system32\awtrolk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awtrrqp.dll
C:\WINDOWS\system32\awtrrqp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awtssrr.dll
C:\WINDOWS\system32\awtssrr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awttuus.dll
C:\WINDOWS\system32\awttuus.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awtuurr.dll
C:\WINDOWS\system32\awtuurr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awtuusp.dll
C:\WINDOWS\system32\awtuusp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\btjckfoc.dll
C:\WINDOWS\system32\btjckfoc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\byxwtts.dll
C:\WINDOWS\system32\byxwtts.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\byxxyaa.dll
C:\WINDOWS\system32\byxxyaa.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\byxxyya.dll
C:\WINDOWS\system32\byxxyya.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\byxywvu.dll
C:\WINDOWS\system32\byxywvu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\byxyxxw.dll
C:\WINDOWS\system32\byxyxxw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbxuspp.dll
C:\WINDOWS\system32\cbxuspp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbxutsq.dll
C:\WINDOWS\system32\cbxutsq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbxvtsp.dll
C:\WINDOWS\system32\cbxvtsp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbxvwut.dll
C:\WINDOWS\system32\cbxvwut.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbxwttq.dll
C:\WINDOWS\system32\cbxwttq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbxwwwv.dll
C:\WINDOWS\system32\cbxwwwv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbxwxxy.dll
C:\WINDOWS\system32\cbxwxxy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cofkcjtb.ini
C:\WINDOWS\system32\cofkcjtb.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddcaaww.dll
C:\WINDOWS\system32\ddcaaww.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddcbxut.dll
C:\WINDOWS\system32\ddcbxut.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddcdcca.dll
C:\WINDOWS\system32\ddcdcca.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddcdeec.dll
C:\WINDOWS\system32\ddcdeec.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddcyaxy.dll
C:\WINDOWS\system32\ddcyaxy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\efcbbba.dll
C:\WINDOWS\system32\efcbbba.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\efcdcyy.dll
C:\WINDOWS\system32\efcdcyy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\efcyywt.dll
C:\WINDOWS\system32\efcyywt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\efcyywx.dll
C:\WINDOWS\system32\efcyywx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\euqnrfta.ini
C:\WINDOWS\system32\euqnrfta.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\fccaayv.dll
C:\WINDOWS\system32\fccaayv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fccayaw.dll
C:\WINDOWS\system32\fccayaw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fccbaxx.dll
C:\WINDOWS\system32\fccbaxx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fcccyyx.dll
C:\WINDOWS\system32\fcccyyx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fccyxxx.dll
C:\WINDOWS\system32\fccyxxx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebcdab.dll
C:\WINDOWS\system32\gebcdab.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebywuv.dll
C:\WINDOWS\system32\gebywuv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebywxv.dll
C:\WINDOWS\system32\gebywxv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebyxwt.dll
C:\WINDOWS\system32\gebyxwt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebyxxu.dll
C:\WINDOWS\system32\gebyxxu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebyxyy.dll
C:\WINDOWS\system32\gebyxyy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hggedax.dll
C:\WINDOWS\system32\hggedax.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hggefcy.dll
C:\WINDOWS\system32\hggefcy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hggfdde.dll
C:\WINDOWS\system32\hggfdde.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hggffcb.dll
C:\WINDOWS\system32\hggffcb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hggffgg.dll
C:\WINDOWS\system32\hggffgg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hggfgeb.dll
C:\WINDOWS\system32\hggfgeb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hgggdab.dll
C:\WINDOWS\system32\hgggdab.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hgggddc.dll
C:\WINDOWS\system32\hgggddc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hgggefe.dll
C:\WINDOWS\system32\hgggefe.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hgggged.dll
C:\WINDOWS\system32\hgggged.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hgghiii.dll
C:\WINDOWS\system32\hgghiii.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\iifcaby.dll
C:\WINDOWS\system32\iifcaby.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\iifcbxw.dll
C:\WINDOWS\system32\iifcbxw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\iifdbxw.dll
C:\WINDOWS\system32\iifdbxw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\iiffcca.dll
C:\WINDOWS\system32\iiffcca.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\iifgeeb.dll
C:\WINDOWS\system32\iifgeeb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkjheb.dll
C:\WINDOWS\system32\jkkjheb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkjijk.dll
C:\WINDOWS\system32\jkkjijk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkkjgf.dll
C:\WINDOWS\system32\jkkkjgf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkklmj.dll
C:\WINDOWS\system32\jkkklmj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\khfcawu.dll
C:\WINDOWS\system32\khfcawu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\khfcdbc.dll
C:\WINDOWS\system32\khfcdbc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\khfdefd.dll
C:\WINDOWS\system32\khfdefd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\khfedeb.dll
C:\WINDOWS\system32\khfedeb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\khfeedc.dll
C:\WINDOWS\system32\khfeedc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\khffcax.dll
C:\WINDOWS\system32\khffcax.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\khfggfc.dll
C:\WINDOWS\system32\khfggfc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ljjgeda.dll
C:\WINDOWS\system32\ljjgeda.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ljjghhi.dll
C:\WINDOWS\system32\ljjghhi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ljjhfec.dll
C:\WINDOWS\system32\ljjhfec.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljgeef.dll
C:\WINDOWS\system32\mljgeef.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljhhhh.dll
C:\WINDOWS\system32\mljhhhh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljjhhe.dll
C:\WINDOWS\system32\mljjhhe.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljjhig.dll
C:\WINDOWS\system32\mljjhig.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljjihg.dll
C:\WINDOWS\system32\mljjihg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljjihh.dll
C:\WINDOWS\system32\mljjihh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljkihi.dll
C:\WINDOWS\system32\mljkihi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnliif.dll
C:\WINDOWS\system32\nnnliif.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnliij.dll
C:\WINDOWS\system32\nnnliij.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnlkhe.dll
C:\WINDOWS\system32\nnnlkhe.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnmkih.dll
C:\WINDOWS\system32\nnnmkih.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnmljg.dll
C:\WINDOWS\system32\nnnmljg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnmnml.dll
C:\WINDOWS\system32\nnnmnml.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnnllj.dll
C:\WINDOWS\system32\nnnnllj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnoono.dll
C:\WINDOWS\system32\nnnoono.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnooop.dll
C:\WINDOWS\system32\nnnooop.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnopmn.dll
C:\WINDOWS\system32\nnnopmn.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\nqstv.bak1
C:\WINDOWS\System32\nqstv.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\System32\nqstv.bak2
C:\WINDOWS\System32\nqstv.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\nqstv.ini
C:\WINDOWS\System32\nqstv.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\opnkkji.dll
C:\WINDOWS\system32\opnkkji.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\opnliff.dll
C:\WINDOWS\system32\opnliff.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\opnliig.dll
C:\WINDOWS\system32\opnliig.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\opnmjig.dll
C:\WINDOWS\system32\opnmjig.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\opnmkli.dll
C:\WINDOWS\system32\opnmkli.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\opnmnmn.dll
C:\WINDOWS\system32\opnmnmn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\opnollk.dll
C:\WINDOWS\system32\opnollk.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\opnoomk.dll
C:\WINDOWS\system32\opnoomk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\opnoopm.dll
C:\WINDOWS\system32\opnoopm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnmnnl.dll
C:\WINDOWS\system32\pmnmnnl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qomjhfe.dll
C:\WINDOWS\system32\qomjhfe.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qomjjkk.dll
C:\WINDOWS\system32\qomjjkk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qomkjge.dll
C:\WINDOWS\system32\qomkjge.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qomljge.dll
C:\WINDOWS\system32\qomljge.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qommkij.dll
C:\WINDOWS\system32\qommkij.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qommnlm.dll
C:\WINDOWS\system32\qommnlm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qomnmnl.dll
C:\WINDOWS\system32\qomnmnl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qomnnoo.dll
C:\WINDOWS\system32\qomnnoo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqromlm.dll
C:\WINDOWS\system32\rqromlm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqromnk.dll
C:\WINDOWS\system32\rqromnk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqroool.dll
C:\WINDOWS\system32\rqroool.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqrpolj.dll
C:\WINDOWS\system32\rqrpolj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqrqrpm.dll
C:\WINDOWS\system32\rqrqrpm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqrqrss.dll
C:\WINDOWS\system32\rqrqrss.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\sgqdqaux.ini
C:\WINDOWS\system32\sgqdqaux.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqnkhi.dll
C:\WINDOWS\system32\ssqnkhi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqnkki.dll
C:\WINDOWS\system32\ssqnkki.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqnnmn.dll
C:\WINDOWS\system32\ssqnnmn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqnolk.dll
C:\WINDOWS\system32\ssqnolk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqolki.dll
C:\WINDOWS\system32\ssqolki.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqomnl.dll
C:\WINDOWS\system32\ssqomnl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqonmj.dll
C:\WINDOWS\system32\ssqonmj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqoopm.dll
C:\WINDOWS\system32\ssqoopm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqpmnk.dll
C:\WINDOWS\system32\ssqpmnk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqpmnm.dll
C:\WINDOWS\system32\ssqpmnm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqpopq.dll
C:\WINDOWS\system32\ssqpopq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqpqqp.dll
C:\WINDOWS\system32\ssqpqqp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqqnkk.dll
C:\WINDOWS\system32\ssqqnkk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqqool.dll
C:\WINDOWS\system32\ssqqool.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqrrop.dll
C:\WINDOWS\system32\ssqrrop.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tuvsttr.dll
C:\WINDOWS\system32\tuvsttr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tuvurqr.dll
C:\WINDOWS\system32\tuvurqr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tuvuuvw.dll
C:\WINDOWS\system32\tuvuuvw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tuvvsst.dll
C:\WINDOWS\system32\tuvvsst.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tuvvuvv.dll
C:\WINDOWS\system32\tuvvuvv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tuvvvww.dll
C:\WINDOWS\system32\tuvvvww.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tuvwurp.dll
C:\WINDOWS\system32\tuvwurp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tuvwxxy.dll
C:\WINDOWS\system32\tuvwxxy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\urqnlji.dll
C:\WINDOWS\system32\urqnlji.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\urqnllm.dll
C:\WINDOWS\system32\urqnllm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\urqolii.dll
C:\WINDOWS\system32\urqolii.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\urqpqnl.dll
C:\WINDOWS\system32\urqpqnl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\urqqqoo.dll
C:\WINDOWS\system32\urqqqoo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\urqrqqn.dll
C:\WINDOWS\system32\urqrqqn.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\vtsqn.dll
C:\WINDOWS\System32\vtsqn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vturqrq.dll
C:\WINDOWS\system32\vturqrq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vturrom.dll
C:\WINDOWS\system32\vturrom.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtusqrr.dll
C:\WINDOWS\system32\vtusqrr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtusrsq.dll
C:\WINDOWS\system32\vtusrsq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtusrss.dll
C:\WINDOWS\system32\vtusrss.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtuttqq.dll
C:\WINDOWS\system32\vtuttqq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtuurom.dll
C:\WINDOWS\system32\vtuurom.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtuuvtt.dll
C:\WINDOWS\system32\vtuuvtt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvuroon.dll
C:\WINDOWS\system32\wvuroon.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvussqp.dll
C:\WINDOWS\system32\wvussqp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvutqom.dll
C:\WINDOWS\system32\wvutqom.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvuurpm.dll
C:\WINDOWS\system32\wvuurpm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvuvwxy.dll
C:\WINDOWS\system32\wvuvwxy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xuaqdqgs.dll
C:\WINDOWS\system32\xuaqdqgs.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xxyvuts.dll
C:\WINDOWS\system32\xxyvuts.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xxywtst.dll
C:\WINDOWS\system32\xxywtst.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xxywvwu.dll
C:\WINDOWS\system32\xxywvwu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xxywwtt.dll
C:\WINDOWS\system32\xxywwtt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xxyxxus.dll
C:\WINDOWS\system32\xxyxxus.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xxyyyxy.dll
C:\WINDOWS\system32\xxyyyxy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yayayab.dll
C:\WINDOWS\system32\yayayab.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yayvuur.dll
C:\WINDOWS\system32\yayvuur.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yaywurs.dll
C:\WINDOWS\system32\yaywurs.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yaywuuu.dll
C:\WINDOWS\system32\yaywuuu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yayxwts.dll
C:\WINDOWS\system32\yayxwts.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yayyxyy.dll
C:\WINDOWS\system32\yayyxyy.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\yudpdsvv.dll
C:\WINDOWS\System32\yudpdsvv.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.5

Checking Java version...

Java version is 1.5.0.8

Scan started at 4:33:02 PM 2/5/2007

Listing files found while scanning....

C:\WINDOWS\system32\opnollk.dll
C:\WINDOWS\System32\yudpdsvv.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\opnollk.dll
C:\WINDOWS\system32\opnollk.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.5

Checking Java version...

Java version is 1.5.0.8

Scan started at 4:45:20 PM 2/5/2007

Listing files found while scanning....

C:\WINDOWS\System32\yudpdsvv.dll

Beginning removal...

Performing Repairs to the registry.
Done!

VundoFix V6.3.5

Checking Java version...

Java version is 1.5.0.8

Scan started at 4:50:23 PM 2/5/2007

Listing files found while scanning....

C:\WINDOWS\System32\yudpdsvv.dll

Beginning removal...

Performing Repairs to the registry.
Done!
------------------------------------------------------------------------

Below is the HIJACKTHIS.LOG after using VundoFix:

Logfile of HijackThis v1.99.1
Scan saved at 4:57:31 PM, on 2/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Spyware Nuker\swnxt.exe
C:\Program Files\GlobespanVirata\Adsl\dslstat.exe
C:\Program Files\GlobespanVirata\Adsl\dslagent.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\mysvcc.exe
C:\WINDOWS\system32\srrvc.exe
C:\WINDOWS\System32\svcchost.exe
C:\PROGRA~1\eScan\TRAYICOS.EXE
C:\PROGRA~1\eScan\AVPMWrap.EXE
C:\WINDOWS\system32\mfcee.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\eScan\MAILDISP.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\PROGRA~1\eScan\MAILSCAN.EXE
C:\PROGRA~1\ESCAN\SPOOLER.EXE
C:\PROGRA~1\eScan\kavss.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
D:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\eScan\TRAYSSER.EXE
C:\Documents and Settings\Sys\4.exe
C:\PROGRA~1\eScan\avpm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
C:\Program Files\SAMSUNG\Samsung Multimedia Keyboard\gpkbd.exe
C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAgent.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\eScan\AvpM.exe
C:\HIJACKTHIS\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - D:\Program Files\DAP\DAPBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {481E7983-1F2B-4250-951A-44E0902DF978} - C:\WINDOWS\System32\opnollk.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINDOWS\System32\yudpdsvv.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {F2496031-4FE4-497E-8F75-04E0A180366E} - C:\WINDOWS\System32\vtsqn.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SWN2] C:\Program Files\Spyware Nuker\swnxt.exe /h
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\GlobespanVirata\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\GlobespanVirata\Adsl\dslagent.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mysvcig38] mysvcc.exe
O4 - HKLM\..\Run: [john315] C:\WINDOWS\system32\srrvc.exe
O4 - HKLM\..\Run: [msvcc25] svcchost.exe
O4 - HKLM\..\Run: [MailScan Dispatcher] "C:\Program Files\eScan\LAUNCH.EXE"
O4 - HKLM\..\Run: [eScan Updater] C:\PROGRA~1\eScan\TRAYICOS.EXE /App
O4 - HKLM\..\Run: [eScan Monitor] C:\PROGRA~1\eScan\AVPMWrap.EXE
O4 - HKLM\..\Run: [staeck12] C:\WINDOWS\system32\mfcee.exe
O4 - HKLM\..\Run: [melg34] C:\Documents and Settings\Sys\4.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [mysvcig38] mysvcc.exe
O4 - HKLM\..\RunServices: [msvcc25] svcchost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [john315] C:\WINDOWS\system32\srrvc.exe
O4 - HKCU\..\Run: [staeck12] C:\WINDOWS\system32\mfcee.exe
O4 - HKCU\..\Run: [melg34] C:\Documents and Settings\Sys\4.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Samsung Multimedia Keyboard.lnk = ?
O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Advanced Email Extractor - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/page.html
O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scan link with AEE - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/link.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - D:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/page.html (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Advanced Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/page.html (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{17BBF687-1141-4522-B007-EF63C7F4B7EE}: NameServer = 202.54.6.60,202.54.29.5
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: eScan Server-Updater (eScan-trayicos) - MicroWorld Technologies Inc. - C:\PROGRA~1\eScan\TRAYSSER.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: eScan Monitor Service (KAVMonitorService) - Kaspersky Labs. - C:\PROGRA~1\eScan\avpm.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

Please check and advice my system errors.

rridgely

Feb 5 2007, 11:02 PM

Alright, now follow this guide:
http://forum.CCleaner.com/index.php?showtopic=6329

In your next reply post the four logs you get from doing those steps. (AVG antispyware, Superantispyware, Bitdefender and a new hijackthis log.)

Buchi

Feb 6 2007, 11:40 AM

THANKS RRIDGELY, I FOLLOWED THE DETAILS, BELOW ARE THE REPORTS.
THESE SPYWARES REMOVED MANY INFECTIONS

, PLEASE STUDY AND ADVISE THE NEXT STEP.

1) HIJACKTHIS LOG
Logfile of HijackThis v1.99.1
Scan saved at 4:53:54 PM, on 2/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\eScan\TRAYSSER.EXE
C:\PROGRA~1\eScan\avpm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAgent.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Spyware Nuker\swnxt.exe
C:\Program Files\GlobespanVirata\Adsl\dslstat.exe
C:\Program Files\GlobespanVirata\Adsl\dslagent.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\srrvc.exe
C:\PROGRA~1\eScan\TRAYICOS.EXE
C:\PROGRA~1\eScan\AVPMWrap.EXE
C:\PROGRA~1\eScan\MAILDISP.EXE
C:\WINDOWS\system32\mfcee.exe
C:\Documents and Settings\Sys\4.exe
C:\PROGRA~1\eScan\MAILSCAN.EXE
C:\PROGRA~1\ESCAN\SPOOLER.EXE
C:\PROGRA~1\eScan\kavss.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\eScan\AvpM.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\SAMSUNG\Samsung Multimedia Keyboard\gpkbd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HIJACKTHIS\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - D:\Program Files\DAP\DAPBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {481E7983-1F2B-4250-951A-44E0902DF978} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {F2496031-4FE4-497E-8F75-04E0A180366E} - C:\WINDOWS\System32\vtsqn.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SWN2] C:\Program Files\Spyware Nuker\swnxt.exe /h
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\GlobespanVirata\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\GlobespanVirata\Adsl\dslagent.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [john315] C:\WINDOWS\system32\srrvc.exe
O4 - HKLM\..\Run: [MailScan Dispatcher] "C:\Program Files\eScan\LAUNCH.EXE"
O4 - HKLM\..\Run: [eScan Updater] C:\PROGRA~1\eScan\TRAYICOS.EXE /App
O4 - HKLM\..\Run: [eScan Monitor] C:\PROGRA~1\eScan\AVPMWrap.EXE
O4 - HKLM\..\Run: [staeck12] C:\WINDOWS\system32\mfcee.exe
O4 - HKLM\..\Run: [melg34] C:\Documents and Settings\Sys\4.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [john315] C:\WINDOWS\system32\srrvc.exe
O4 - HKCU\..\Run: [staeck12] C:\WINDOWS\system32\mfcee.exe
O4 - HKCU\..\Run: [melg34] C:\Documents and Settings\Sys\4.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Samsung Multimedia Keyboard.lnk = ?
O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Advanced Email Extractor - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/page.html
O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scan link with AEE - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/link.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - D:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/page.html (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Advanced Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/page.html (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{17BBF687-1141-4522-B007-EF63C7F4B7EE}: NameServer = 202.54.6.60,202.54.29.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A1DA16E-B943-4E3A-A5A8-FF298FFD2041}: NameServer = 202.54.29.5 202.54.6.60
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: eScan Server-Updater (eScan-trayicos) - MicroWorld Technologies Inc. - C:\PROGRA~1\eScan\TRAYSSER.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: eScan Monitor Service (KAVMonitorService) - Kaspersky Labs. - C:\PROGRA~1\eScan\avpm.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

2) BIT DEFENDER REPORT:
BitDefender Online Scanner - Real Time Virus ReportBitDefender Online
Scanner - Real Time Virus Report
Generated at: Tue, Feb 06, 2007 - 14:51:55

Scan Info
Scanned Files621382
Infected Files378

Virus Detected
DeepScan:Generic.Malware.SYBddldg.26A600B35
Trojan.Agent.ACL1
Backdoor.Rbot.FGD4
DeepScan:Generic.Malware.SYddldg.855620B12
Backdoor.Sdbot.W1
MemScan:Trojan.Vundo.W3
BehavesLike:Win32.FileInfector12
Trojan.Downloader.Conhook.D4
Trojan.Juan.E2
Trojan.Virtumod.EB9
DeepScan:Generic.Malware.SYddldg.21FE268A287
DeepScan:Generic.Malware.SYddldg.23F1AE3A42
Backdoor.Rbot.BDQ5
Generic.Botget.930D50D41

This summary of the scan process will be used by the BitDefender Antivirus
Lab to create agregate statistics about virus activity around the world.

3) SUPER ANTIVIRUS SCAN REPORT
SUPERAntiSpyware Scan Log
Generated 02/06/2007 at 03:36 PM

Application Version : 3.5.1016

Core Rules Database Version : 3178
Trace Rules Database Version: 1188

Scan type : Complete Scan
Total Scan Time : 00:17:47

Memory items scanned : 478
Memory threats detected : 1
Registry items scanned : 6149
Registry threats detected : 8
File items scanned : 25650
File threats detected : 96

Trojan.SVCCHost
C:\WINDOWS\SYSTEM32\SVCCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCCHOST.EXE
[msvcc25] C:\WINDOWS\SYSTEM32\SVCCHOST.EXE
[msvcc25] C:\WINDOWS\SYSTEM32\SVCCHOST.EXE

Adware.Tracking Cookie
C:\Documents and Settings\Sys\Cookies\sys@1072664508[1].txt
C:\Documents and Settings\Sys\Cookies\sys@indexstats[2].txt
C:\Documents and Settings\Sys\Cookies\sys@mediaplex[1].txt
C:\Documents and Settings\Sys\Cookies\sys@www.freesexyindians[3].txt
C:\Documents and Settings\Sys\Cookies\sys@1069251633[1].txt
C:\Documents and Settings\Sys\Cookies\sys@www.winantispyware[1].txt
C:\Documents and Settings\Sys\Cookies\sys@doubleclick[2].txt
C:\Documents and Settings\Sys\Cookies\sys@adrevolver[1].txt
C:\Documents and Settings\Sys\Cookies\sys@tribalfusion[1].txt
C:\Documents and Settings\Sys\Cookies\sys@1066815633[1].txt
C:\Documents and Settings\Sys\Cookies\sys@fastclick[2].txt
C:\Documents and Settings\Sys\Cookies\sys@cbs.112.2o7[1].txt
C:\Documents and Settings\Sys\Cookies\sys@adrevolver[2].txt
C:\Documents and Settings\Sys\Cookies\sys@stats1.reliablestats[2].txt
C:\Documents and Settings\Sys\Cookies\sys@winantivirus[2].txt
C:\Documents and Settings\Sys\Cookies\sys@casalemedia[2].txt
C:\Documents and Settings\Sys\Cookies\sys@bs.serving-sys[2].txt
C:\Documents and Settings\Sys\Cookies\sys@atdmt[2].txt
C:\Documents and Settings\Sys\Cookies\sys@www.amaena[2].txt
C:\Documents and Settings\Sys\Cookies\sys@serving-sys[1].txt
C:\Documents and Settings\Sys\Cookies\sys@adbrite[2].txt
C:\Documents and Settings\Sys\Cookies\sys@1069738494[1].txt
C:\Documents and Settings\Sys\Cookies\sys@www.winantivirus[1].txt
C:\Documents and Settings\Sys\Cookies\sys@adserver[1].txt
C:\Documents and Settings\Sys\Cookies\sys@ad.parachat[2].txt
C:\Documents and Settings\Sys\Cookies\sys@ads.realtechnetwork[2].txt
C:\Documents and Settings\Sys\Cookies\sys@overture[1].txt
C:\Documents and Settings\Sys\Cookies\sys@winantispyware[2].txt
C:\Documents and Settings\Sys\Cookies\sys@pro-market[1].txt
C:\Documents and Settings\Sys\Cookies\sys@ad.yieldmanager[1].txt
C:\Documents and Settings\Sys\Cookies\sys@www.freesexyindians[1].txt

Adware.Vundo Variant
HKCR\CLSID\{68D5CF1D-EC5C-4BDD-A9EF-F0E517565D50}
HKCR\CLSID\{68D5CF1D-EC5C-4BDD-A9EF-F0E517565D50}\InprocServer32
HKCR\CLSID\{68D5CF1D-EC5C-4BDD-A9EF-F0E517565D50}\InprocServer32#ThreadingModel

Unclassified.Unknown Origin
HKCR\CLSID\{481E7983-1F2B-4250-951A-44E0902DF978}
HKCR\CLSID\{481E7983-1F2B-4250-951A-44E0902DF978}\InprocServer32
HKCR\CLSID\{481E7983-1F2B-4250-951A-44E0902DF978}\InprocServer32#ThreadingModel

Malware.SpywareNuker
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP201\A0048059.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP202\A0048076.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP203\A0048077.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP203\A0048086.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP204\A0048103.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP204\A0048133.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP204\A0048146.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP204\A0048174.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP205\A0048191.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP205\A0048213.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP205\A0048223.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP205\A0048236.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP205\A0048256.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP205\A0048265.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP205\A0048275.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP206\A0048290.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP206\A0048299.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP206\A0048318.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP206\A0048349.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP206\A0048363.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP207\A0048373.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP207\A0048382.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP207\A0048410.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP207\A0048429.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP207\A0048460.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP208\A0049458.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP208\A0049470.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP208\A0049484.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP208\A0049503.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP208\A0049512.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP208\A0049560.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP208\A0049598.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP208\A0049633.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP208\A0049650.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP208\A0049663.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP208\A0049682.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP209\A0049705.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP209\A0049751.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP209\A0049767.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP209\A0049806.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP209\A0049821.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP210\A0050822.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP210\A0051821.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP210\A0051835.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP211\A0051851.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP211\A0051865.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP211\A0051892.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP211\A0051931.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP211\A0052055.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP211\A0052077.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP211\A0052118.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP211\A0052154.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP212\A0053389.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP212\A0053403.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP212\A0053418.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP212\A0053465.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP212\A0053497.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP212\A0053530.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP212\A0053552.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP212\A0053568.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP212\A0053584.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP212\A0053601.SYS
C:\WINDOWS\SYSTEM32\DRIVERS\PSHOOK11.SYS

Trojan.Downloader-WBRock
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP212\A0053645.EXE

4) AVG ANTI-SPYWARE SCAN REPORT:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:47:46 PM 2/6/2007

+ Scan result:

C:\WINDOWS\system32\ajj.exe -> Adware.Aureate : Ignored.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Ignored.
[352] C:\WINDOWS\System32\mysvcc.exe -> Backdoor.Rbot.aeu : Cleaned with backup (quarantined).
C:\Documents and Settings\Sys\Cookies\sys@trafic[1].txt -> TrackingCookie.Trafic : Cleaned.

::Report end

rridgely

Feb 7 2007, 12:04 AM

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

-------

Download this file - combofix.exe and save it to your desktop.
Double click combofix.exe & follow the prompts.
When it's finished, it will produce a log of what it found. Please post the contents of that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running as it may cause it to stall

In your next post I want a combofix log, smitfraud log, and a new hijackthis log.

Buchi

Feb 8 2007, 10:40 AM

Thanks rridgely, after extracting Smitfraudfix, I double clicked smitfraudfix.cmd. But I got a error message "Reboot.exe file is missing!".
Later when I checked, I couldn't extract "reboot.exe" file. I could see reboot.exe in the winzip window, but this particular file is not getting extracted though I tried in different methods. Any suggestions where I am wrong!

Buchi

Feb 8 2007, 01:11 PM

LATER I COULD FIND THE VIRUS SOFTWARE THAT IS STOPPING THE EXTRACTION OF "REBOOT.EXE". I DISABLED THAT SOFTWARE AND FOLLOWED YOUR INSTRUCTIONS, BELOW ARE THE REPORTS. PLEASE STUDY AND ADVISE THE NEXT STEP, THANKS.

1) SMITFRAUDFIX REPORT:
SmitFraudFix v2.141

Scan done at 16:18:52.46, Thu 02/08/2007
Run from C:\Documents and Settings\Sys\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Sys

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Sys\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Sys\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

2) COMBOFIX REPORT:
"Sys" - 07-02-08 16:20:29 Service Pack 2
ComboFix 07-02-07 - Running from: "C:\Documents and Settings\Sys\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\REGEDIT.com

((((((((((((((((((((((((((((((( Files Created from 2007-01-08 to 2007-02-08 ))))))))))))))))))))))))))))))))))

2007-02-08 16:19 3,024 --a------ C:\WINDOWS\system32\tmp.reg
2007-02-08 16:17 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-02-08 16:17 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-02-08 16:17 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-02-08 16:17 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2007-02-08 16:17 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-02-08 16:17 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2007-02-08 14:32 67,645 --a------ C:\WINDOWS\system32\drivers\pshook11.sys
2007-02-06 16:01 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-06 15:22 0 --a------ C:\WINDOWS\system32\CMMGR32.EXE
2007-02-06 15:15 <DIR> d-------- C:\DOCUME~1\Sys\Application Data\SUPERAntiSpyware.com
2007-02-06 15:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\SUPERAntiSpyware.com
2007-02-06 15:14 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-02-06 13:12 <DIR> d-------- C:\WINDOWS\LastGood
2007-02-06 13:12 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-02-05 16:26 <DIR> d-------- C:\VundoFix Backups
2007-02-05 12:16 <DIR> d-------- C:\WINDOWS\Prefetch
2007-02-05 12:15 33,792 --------- C:\WINDOWS\system32\drivers\escanmxx.sys
2007-02-05 12:13 7,583 --a------ C:\WINDOWS\system32\eInstall.dat
2007-02-05 12:13 12,560 --a------ C:\WINDOWS\WSSPORD.DAT
2007-02-05 12:12 <DIR> d-------- C:\PUB
2007-02-05 12:11 508,928 --a------ C:\WINDOWS\system32\eInstall.exe
2007-02-05 12:11 32,768 --a------ C:\WINDOWS\system32\esmxlog.dll
2007-02-05 12:11 138,000 --a------ C:\WINDOWS\system32\drivers\klif108.sys
2007-02-05 12:11 117,008 --a------ C:\WINDOWS\system32\drivers\klif50.sys
2007-02-05 12:11 <DIR> d-------- C:\WINDOWS\system32\ES_SETUP
2007-02-05 12:11 <DIR> d-------- C:\AVPDOS
2007-02-05 12:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Avg7
2007-02-05 12:09 950,272 --a------ C:\WINDOWS\system32\contfilt.dll
2007-02-05 12:09 9,488 --a------ C:\WINDOWS\sporder.dll
2007-02-05 12:09 7,680 --a------ C:\WINDOWS\sporder.exe
2007-02-05 12:09 41,984 --a------ C:\WINDOWS\killproc.exe
2007-02-05 12:09 40,448 --a------ C:\WINDOWS\inst_tsp.exe
2007-02-05 12:09 339,968 --a------ C:\WINDOWS\system32\mwtsp.dll
2007-02-05 12:09 14,866 --a------ C:\WINDOWS\winsbak.reg
2007-02-05 12:09 134,144 --a------ C:\WINDOWS\R.COM
2007-02-05 12:09 130,560 --a------ C:\WINDOWS\system32\ZIPDLL.DLL
2007-02-05 12:09 128,512 --a------ C:\WINDOWS\system32\T.COM
2007-02-05 12:09 125,440 --a------ C:\WINDOWS\system32\UNZDLL.DLL
2007-02-05 12:09 118,784 --a------ C:\WINDOWS\system32\mwnsp.dll
2007-02-05 12:09 105,944 --a------ C:\WINDOWS\winsbak2.reg
2007-02-05 12:09 <DIR> d-------- C:\WINDOWS\system32\FLCSS.EXE
2007-02-05 12:09 <DIR> d-------- C:\Program Files\eScan
2007-02-05 12:09 <DIR> d-------- C:\Program Files\Common Files\MicroWorld
2007-02-05 12:09 <DIR> d-------- C:\DOCUME~1\REMOTE~1\Documents
2007-02-05 12:09 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Documents
2007-02-04 15:08 76,589 --a------ C:\DOCUME~1\Sys\3.exe
2007-02-04 11:06 <DIR> d-------- C:\HIJACKTHIS
2007-01-28 14:16 <DIR> d-------- C:\Program Files\Payroll 2007
2007-01-28 14:15 <DIR> d-------- C:\DOCUME~1\Sys\Application Data\{54B1765B-9375-4819-95E7-963DB04D3A42}
2007-01-28 13:09 5,680 --a------ C:\WINDOWS\system32\drivers\psntkd20.sys
2007-01-27 20:58 <DIR> d-------- C:\DOCUME~1\Sys\Application Data\DivX
2007-01-27 20:57 36,624 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-01-27 20:57 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-01-27 20:57 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-01-27 20:57 129,784 --a------ C:\WINDOWS\system32\pxafs.dll
2007-01-27 20:57 118,520 --a------ C:\WINDOWS\system32\pxinsi64.exe
2007-01-27 20:57 116,472 --a------ C:\WINDOWS\system32\pxcpyi64.exe
2007-01-27 20:57 <DIR> d-------- C:\Program Files\DivX
2007-01-27 13:11 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-01-27 12:32 8,192 --a------ C:\WINDOWS\system32\tsbyuv.dll
2007-01-27 12:32 49,664 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-01-27 12:32 45,568 --a------ C:\WINDOWS\system32\iyuv_32.dll
2007-01-27 12:32 10,240 -ra------ C:\WINDOWS\system32\PA207Usd.dll
2007-01-27 12:31 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2007-01-27 12:31 <DIR> d-------- C:\Program Files\zebronics webcamera model zeb-100k
2007-01-27 12:31 <DIR> d-------- C:\Program Files\Common Files\PCCamera
2007-01-27 07:48 457,097 --ahs---- C:\WINDOWS\system32\ccbeg.bak2
2007-01-26 17:02 <DIR> d-------- C:\DOCUME~1\Sys\Application Data\Leadertech
2007-01-26 06:49 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-01-26 06:49 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-01-26 06:48 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-01-26 06:48 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-01-26 06:43 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-01-26 06:43 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-01-26 06:43 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-01-26 06:43 738,906 --a------ C:\WINDOWS\system32\DivX.dll
2007-01-26 06:43 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-01-26 06:43 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-01-26 06:43 57,344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-01-26 06:43 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-01-26 06:43 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-01-26 06:43 294,912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-01-26 06:43 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-01-26 06:43 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-01-25 21:43 435,704 --ahs---- C:\WINDOWS\system32\ccbeg.bak1
2007-01-23 20:20 0 --a------ C:\WINDOWS\system32\setup_23367.exe
2007-01-23 20:19 0 --a------ C:\WINDOWS\system32\eraseme_38347.exe
2007-01-21 19:05 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-01-21 18:53 <DIR> d-------- C:\DOCUME~1\Sys\Application Data\Real
2007-01-16 16:22 <DIR> d-------- C:\DOCUME~1\Sys\Application Data\AdobeAUM
2007-01-16 15:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
2007-01-13 11:32 <DIR> d-------- C:\Program Files\Grisoft

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-02-04 12:51 -------- d-------- C:\Program Files\xoftspy
2007-01-30 07:48 -------- d-------- C:\DOCUME~1\Sys\Application Data\skype
2007-01-28 14:15 -------- d-------- C:\DOCUME~1\Sys\Application Data\{54b1765b-9375-4819-95e7-963db04d3a42}
2007-01-28 12:14 -------- d-------- C:\Program Files\spyware nuker
2007-01-28 11:52 -------- d-------- C:\Program Files\yahoo!
2007-01-27 12:31 -------- d--h----- C:\Program Files\installshield installation information
2007-01-22 12:06 -------- d-------- C:\DOCUME~1\Sys\Application Data\adobeum
2007-01-21 19:05 -------- d-------- C:\Program Files\Common Files\real
2007-01-16 16:22 -------- d-------- C:\DOCUME~1\Sys\Application Data\adobe
2007-01-13 12:16 -------- d-------- C:\Program Files\Common Files\symantec shared
2006-12-25 10:36 1682 --ahs---- C:\WINDOWS\system32\kgygaavl.sys
2006-12-21 07:47 304160 --a------ C:\StiImg.dat
2006-12-20 10:33 -------- d-------- C:\DOCUME~1\Sys\Application Data\google
2006-12-20 10:25 -------- d-------- C:\Program Files\google
2006-12-20 10:23 -------- d-------- C:\DOCUME~1\Sys\Application Data\macromedia
2006-12-12 21:54 12288 --a------ C:\WINDOWS\system32\divxwmpexttype.dll
2006-12-12 21:54 118784 --a------ C:\WINDOWS\system32\divxcodecupdatechecker.exe
2006-12-06 11:25 56 -r-hs---- C:\WINDOWS\system32\fc5303fb6f.sys

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\System32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.8472\\GoogleToolbarNotifier.exe"
"Skype"="\"D:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"john315"="C:\\WINDOWS\\system32\\srrvc.exe"
"staeck12"="C:\\WINDOWS\\system32\\mfcee.exe"
"melg34"="C:\\WINDOWS\\system32\\mdmd.exe"
"SUPERAntiSpyware"="D:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SMSERIAL"="sm56hlpr.exe"
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SWN2"="C:\\Program Files\\Spyware Nuker\\swnxt.exe /h"
"DSLSTATEXE"="C:\\Program Files\\GlobespanVirata\\Adsl\\dslstat.exe icon"
"DSLAGENTEXE"="C:\\Program Files\\GlobespanVirata\\Adsl\\dslagent.exe"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"john315"="C:\\WINDOWS\\system32\\srrvc.exe"
"MailScan Dispatcher"="\"C:\\Program Files\\eScan\\LAUNCH.EXE\""
"eScan Updater"="C:\\PROGRA~1\\eScan\\TRAYICOS.EXE /App"
"eScan Monitor"="C:\\PROGRA~1\\eScan\\AVPMWrap.EXE"
"staeck12"="C:\\WINDOWS\\system32\\mfcee.exe"
"melg34"="C:\\WINDOWS\\system32\\mdmd.exe"
"!AVG Anti-Spyware"="\"D:\\Program Files\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sys^Start Menu^Programs^Startup^PANTONE® for fashion and home 3.0.lnk]
"path"="C:\\Documents and Settings\\Sys\\Start Menu\\Programs\\Startup\\PANTONE® for fashion and home 3.0.lnk"
"backup"="C:\\WINDOWS\\pss\\PANTONE® for fashion and home 3.0.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\PANTON~1\\PANTON~1.0\\PANTON~1.EXE "
"item"="PANTONE® for fashion and home 3.0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DAP"
"hkey"="HKLM"
"command"="D:\\PROGRA~1\\DAP\\DAP.EXE /STARTUP"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"D:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RealPlay"
"hkey"="HKLM"
"command"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpgs2wnd"
"hkey"="HKLM"
"command"="D:\\Program Files\\HP Share-to-Web\\hpgs2wnd.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"D:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SWN2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="swnxt"
"hkey"="HKLM"
"command"="C:\\Program Files\\Spyware Nuker\\swnxt.exe /h"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Winampa"
"hkey"="HKLM"
"command"="\"D:\\Program Files\\Winamp\\Winampa.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YAHOOM~1"
"hkey"="HKCU"
"command"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{481E7983-1F2B-4250-951A-44E0902DF978}"=""
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"=dword:00000000
"SynchronousUserGroupPolicy"=dword:00000000

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\
NetworkService REG_MULTI_SZ DnsCache\
rpcss REG_MULTI_SZ RpcSs\
imgsvc REG_MULTI_SZ StiSvc\
termsvcs REG_MULTI_SZ TermService\

********************************************************************

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-02-08 16:23:19

3) NEW HIJACK THIS LOG:
Logfile of HijackThis v1.99.1
Scan saved at 4:24:54 PM, on 2/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\eScan\TRAYSSER.EXE
C:\PROGRA~1\eScan\avpm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAgent.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Spyware N