Some type of Win32 virus....desktop frozen....task manager disabled

BullGuard Antivirus Forum > Virus Removal > Removal Help > Some type of Win32 virus....desktop frozen....task manager disabled

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

Bailey3017
New Member

Date Joined Jun 2008
Total Posts : 13

Posted 7-10-2008 1:39 (GMT +1)

Yesterday I started having problems with my PC. I was getting tons of popups and adware that was telling me I had a virus or a threat was detected and that I needed to download this or that software to get rid of it. Okay, this has happened before…I ran my Adware and got rid of it that time (or so I thought) and decided to go ahead and run again to get rid of this especially since I just updated my Adware software. I started a scan, which was difficult due to all the popups and the “alerts” in my toolbar. I finally got it started and left the house for a few hours to let it do it’s job. Once I returned the Adware had barely run through half of it’s process. I couldn’t get it to do a darn thing. I couldn’t get my desktop to do anything at all…completely frozen. I couldn’t get to my startup menu, I tried to get to my task manager via ctrl+alt+dlt but it advised me that task manager had been disabled by the system administrator, but I didn’t do it.

Needless to say I am at a standstill with my PC and cannot do anything. I have Highjack this on my pc but like I said the desktop is not even there at this point…it is just my background and that is it…everything else is non existent….NOTHING. Is there anything I can do or is this PC done…I am a bit distraught due to all the pictures I could possibly loose due to this…music can be repurchased or whatnot but the pics cannot be recreated.

I just don’t know really what to do…..I just need help of any kind.

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 14350

Posted 7-10-2008 2:17 (GMT +1)

Hello

Reboot to safe mode with network

Then click here - ->> http://www.bullguard.com/forum/14/Before-posting-a-log_43561.html

After You have run the scan tools -

Reboot.

Post Hijackthis log along with SuperAntiSpyware log, , C: combofix TXT in this topic

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted

Bailey3017
New Member

Date Joined Jun 2008
Total Posts : 13

Posted 7-10-2008 2:24 (GMT +1)

Will try once I get home this evening....I will post tonight or in the morning dependant on what happens. Thank you.

Any idea of what is causing this????

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 14350

Posted 7-10-2008 4:45 (GMT +1)

OK. Probably some ( or large number of) infections ;-)

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted

Bailey3017
New Member

Date Joined Jun 2008
Total Posts : 13

Posted 7-11-2008 12:46 (GMT +1)

Here is the Combofix...

ComboFix 08-07-10.1 - Owner 2008-07-10 18:46:54.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.324 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\nsv
C:\Documents and Settings\All Users\Application Data\nsv\cache\199.dfn
C:\Documents and Settings\All Users\Application Data\nsv\cache\538.dfn
C:\Documents and Settings\All Users\Application Data\nsv\keys.dat
C:\Documents and Settings\All Users\Application Data\nsv\wmv0104.dbd
C:\Documents and Settings\All Users\Application Data\nsv\wmv0106.ddx
C:\Documents and Settings\All Users\Application Data\nsv\wmv0204.ddx
C:\Documents and Settings\All Users\Application Data\nsv\wmv0315.ddx
C:\Documents and Settings\All Users\Application Data\nsv\wmv0412.ddx
C:\Documents and Settings\All Users\Application Data\nsv\wmv0504.ddx
C:\Documents and Settings\All Users\Application Data\nsv\wmv0904.ddx
C:\Documents and Settings\All Users\Application Data\nsv\wmv1125.ddx
C:\Documents and Settings\All Users\Application Data\nsv\wmv1204.ddx
C:\Documents and Settings\All Users\Application Data\nsv\wmv1215.dbd
C:\Documents and Settings\All Users\Application Data\nsv\wmv1909.ddx
C:\Documents and Settings\All Users\Application Data\nsv\wmv1920.dbd
C:\Documents and Settings\All Users\Application Data\nsv\wmv2007.dbd
C:\Documents and Settings\All Users\Application Data\picsvr
C:\Documents and Settings\All Users\Application Data\picsvr\picsvr.inf
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006
C:\Documents and Settings\Owner\Application Data\SpamBlocker
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility_Icons
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility_Icons\Registryrepair.ico
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility_Icons\Software_Online_8.ico
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility_Icons\wallpapere1.ico
C:\Documents and Settings\Owner\Application Data\Sskcwrd.dll
C:\Documents and Settings\Owner\Application Data\Sskknwrd.dll
C:\Documents and Settings\Owner\Desktop\Error Cleaner.url
C:\Documents and Settings\Owner\Desktop\Privacy Protector.url
C:\Documents and Settings\Owner\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\Owner\Favorites\Error Cleaner.url
C:\Documents and Settings\Owner\Favorites\Online Security Test.url
C:\Documents and Settings\Owner\Favorites\Privacy Protector.url
C:\Documents and Settings\Owner\Favorites\Spyware&Malware Protection.url
C:\Documents and Settings\Owner\Start Menu\Programs\SpyShredder
C:\Documents and Settings\Owner\Start Menu\Programs\SpyShredder\SpyShredder.lnk
C:\Documents and Settings\Owner\Start Menu\Programs\SpyShredder\Uninstall.lnk
C:\lswmv.ini
C:\Program Files\antiviirus.exe
C:\Program Files\Common Files\uninstall information
C:\Program Files\Common Files\uninstall information\RemoveDisplayUtility.exe
C:\Program Files\Common Files\winantivirus pro 2006
C:\Program Files\Common Files\winantivirus pro 2006\err.log
C:\Program Files\Common Files\winantivirus pro 2006\WapCHK.dll
C:\Program Files\Hotbar
C:\Program Files\MyWay
C:\Program Files\MyWay\myBar\History\search
C:\Program Files\MyWay\myBar\Settings\prevcfg.htm
C:\Program Files\PCHealthCenter
C:\Program Files\PCHealthCenter\[u]0[/u].exe
C:\Program Files\PCHealthCenter\[u]0[/u].gif
C:\Program Files\PCHealthCenter\1.exe
C:\Program Files\PCHealthCenter\1.gif
C:\Program Files\PCHealthCenter\2.exe
C:\Program Files\PCHealthCenter\2.gif
C:\Program Files\PCHealthCenter\3.exe
C:\Program Files\PCHealthCenter\3.gif
C:\Program Files\PCHealthCenter\4.exe
C:\Program Files\PCHealthCenter\5.exe
C:\Program Files\PCHealthCenter\sex1.ico
C:\Program Files\PCHealthCenter\sex2.ico
C:\Program Files\SpyShredder
C:\Program Files\SpyShredder\SpyShredder.exe
C:\Program Files\SpyShredder\SpyShredder.lic
C:\Program Files\SpyShredder\SpyShredder0.ss
C:\Program Files\SpyShredder\SpyShredder1.dll
C:\Program Files\SpyShredder\SpyShredder1.ss
C:\Program Files\SpyShredder\SpyShredder2.dll
C:\Program Files\SpyShredder\SpyShredder3.dll
C:\Program Files\SpyShredder\Uninstall.exe
C:\Program Files\tmp0.exe
C:\Program Files\tmp1.exe
C:\Program Files\tmp2.exe
C:\Program Files\VAV
C:\Program Files\VAV\vav.cpl
C:\Program Files\VAV\vav.exe
C:\Program Files\VAV\vav0.dat
C:\Program Files\VAV\vav1.dat
C:\WA6P
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\cup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\customer_cup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\heart.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\menu_down.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\menu_up.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\plates.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\ticket.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\tray.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\music\mainmenumusic.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_bring_check_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_deliver_order_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_diner.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_food_ready_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_gain_heart_1.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_pencil_write_2.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_rollover_1.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_seat_people_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\choosedifficulty.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\credits.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\flo_lose.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\flo_win.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\help1.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\help2.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\highscores.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelintro.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelintro_mask.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelover.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelover_mask.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\mainmenu.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\popup.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\popup_mask.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upgradegrid.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upgradetitle.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upsell.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowleft_blue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowleft_yellow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowright_blue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowright_yellow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\back_blue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\back_yellow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backchalk.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backchalkup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backtomenu_blue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backtomenu_yellow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\cancel.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\cancelup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\career.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\career_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\close.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\closeup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\continue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\continueover.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\credits_blue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\credits_yellow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\download_blue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\download_yellow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\easy.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\easy_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\endlessshift.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\endlessshift_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\hard.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\hard_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\help.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\help_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\highscores.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\highscores_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\instructions_blue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\instructions_yellow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\letsplay.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\letsplayover.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\medium.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\medium_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\moreinfo.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\moreinfoup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\off.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\off_on.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\on.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\on_on.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\pause.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\pauseover.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quit.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitgame.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitgameover.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitover.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\resumegame.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\resumegameover.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\submit.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\submitup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\tryagain.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\tryagainover.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\upgrade_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\upgrade_up.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewglobal.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewglobalup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewhighscore.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewhighscoreon.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewlocal.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewlocalup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\comics\webcomic.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\career.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\customer.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\endless.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\global.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\powerups.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\cook.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\cook.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\stove.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\arrow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\click.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\click2.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\grab.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\open.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\blue\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\blue\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\blue\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\green\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\green\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\green\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\purple\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\purple\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\purple\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\red\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\red\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\red\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\yellow\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\yellow\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\yellow\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\idle.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\idle.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\lower.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\lower.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\upper.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\upper.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\fonts\arial.mvec
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\fonts\komikaaxis.mvec
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\chair.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\chair.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dirt2top.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dirt4top.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dishcart.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dishcart.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinkstation_off.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinkstation_on1.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinkstation_on2.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\ticketstation.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\ticketstation.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowdown.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowdownon.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowleft.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowlefton.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowright.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowrighton.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowupon.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\p1icon.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\textedit.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\title.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_a.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_b.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_c.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_a.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_b.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_c.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_d.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_a.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_b.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_c.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_d.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\fifth_level_diner.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\first_level_diner.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\fourth_level_diner.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\second_level_diner.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\playfirst_logo.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\background.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food1.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food1.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food2.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food2.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food3.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food3.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\frames\upgrade_0001.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\2top.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\2top.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\4top.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\4top.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\upgrades.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\tableshadow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\choosedifficulty.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\chooseplayer.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\chooserestaurant.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\credits.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\game.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\gothighscore.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\help.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\help2.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscore.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscoreinfo.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscoresubmit.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\levelintro.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\levelover.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\loading.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\mainloop.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\mainmenu.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\ok.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\pause.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\style.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\tutorialintro.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\upgrade.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\upsell.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\webcomic.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\yesno.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\aol_logo.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\gamelabsplash.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\playfirst_logo.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\strings.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\angersmoke.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\angersmoke.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\chairflags.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\chairflags.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\check.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\checkmark.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\clock.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\closed.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\closingtime.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\coinflip.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\coinflip.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\dollar.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\coffee.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\tables.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\wallpaper.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\expert.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\expertscore.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\foodpoof.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\foodpoof.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\fork_timer.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\goalcompleted.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\heartgrow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\heartgrow.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\jar.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\jar.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\level.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\level_career.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\score.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\sound.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\staroff.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\staron.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tablenumber.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tablenumberup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\traynumber.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorial_character.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorialarrow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorialbox.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgradeanim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgradeanim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\drinks.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\maitred.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\oven.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\select.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\shoes.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\stereo.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\table.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\dinerdash.exe
C:\WINDOWS\Downloaded Program Files\ysbactivex.dll
C:\WINDOWS\enxw.exe
C:\WINDOWS\fdxbameg.dll
C:\WINDOWS\fsrpknov.dll
C:\WINDOWS\gpefaowr.exe
C:\WINDOWS\NDNuninstall6_38.exe
C:\WINDOWS\NDNuninstall7_48.exe
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\smdat32a.sys
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\sqvgnrpx.dll
C:\WINDOWS\Sys2.exe
C:\WINDOWS\Sys3.exe
C:\WINDOWS\Sys4.exe
C:\WINDOWS\system32\312191
C:\WINDOWS\system32\312191\312191.dll
C:\WINDOWS\system32\778670
C:\WINDOWS\system32\778670\778670.dll
C:\WINDOWS\system32\First.exe
C:\WINDOWS\system32\fnhihhou.ini
C:\WINDOWS\system32\JkSvuFhk.ini
C:\WINDOWS\system32\JkSvuFhk.ini2
C:\WINDOWS\system32\nsvsvc
C:\WINDOWS\system32\nsvsvc\License.txt
C:\WINDOWS\system32\nsvsvc\nsv.ocx
C:\WINDOWS\system32\nsvsvc\nsvs.dll
C:\WINDOWS\system32\oeminfo.ini
C:\WINDOWS\system32\onjexdop.ini
C:\WINDOWS\system32\podxejno.dll
C:\WINDOWS\system32\sex1.ico
C:\WINDOWS\system32\sex2.ico
C:\WINDOWS\system32\stera.job
C:\WINDOWS\system32\uohhihnf.dll
C:\WINDOWS\system32\vav.cpl
C:\WINDOWS\system32\vidctrl
C:\WINDOWS\system32\Xcite.dll
C:\WINDOWS\updrun.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FOPN
-------\Service_FOPN
-------\Service_vspf
-------\Service_vspf_hk

((((((((((((((((((((((((( Files Created from 2008-06-10 to 2008-07-10 )))))))))))))))))))))))))))))))
.

2008-07-10 18:23 . 2008-07-10 18:23 <DIR> d-------- C:\Program Files\CCleaner
2008-07-10 18:05 . 2008-07-10 18:05 116,352 --a------ C:\WINDOWS\system32\qwyqpe.dll
2008-07-10 18:05 . 2008-07-10 18:05 116,352 --a------ C:\WINDOWS\system32\hnrivwvl.dll
2008-07-09 17:58 . 2008-07-09 17:58 112,256 --a------ C:\WINDOWS\system32\wgmfvj.dll
2008-07-09 17:58 . 2008-07-09 17:58 112,256 --a------ C:\WINDOWS\system32\byiwvnvx.dll
2008-07-09 17:39 . 2008-07-09 17:39 318,208 --a------ C:\WINDOWS\system32\khFuvSkJ.dll
2008-07-09 11:29 . 2008-07-09 11:29 29,568 --a------ C:\WINDOWS\system32\urqQKbYP.dll
2008-07-09 11:29 . 2008-07-09 11:29 29,568 --a------ C:\WINDOWS\system32\urqQiGVP.dll
2008-07-09 11:27 . 2008-07-09 08:09 413,696 --a------ C:\WINDOWS\wbxdpgfedxa.dll
2008-07-09 11:27 . 2008-07-07 07:11 24,064 --a------ C:\WINDOWS\Sys428.exe
2008-07-09 11:27 . 2008-07-07 07:11 23,552 --a------ C:\WINDOWS\Sys429.exe
2008-07-06 17:36 . 2008-07-06 17:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-06 17:35 . 2008-07-10 18:39 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-06 00:38 . 2008-07-06 00:38 <DIR> d-------- C:\Program Files\Veoh Networks
2008-06-10 20:35 . 2008-06-13 09:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-06 21:36 --------- d-----w C:\Program Files\Lavasoft
2008-07-06 21:36 --------- d-----w C:\Documents and Settings\Owner\Application Data\Lavasoft
2008-07-06 04:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-26 22:39 --------- d-----w C:\Program Files\Napster
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-20 20:42 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-05-20 20:42 --------- d-----w C:\Program Files\Common Files\Napster Shared
2008-05-19 18:07 --------- d-----w C:\Documents and Settings\Owner\Application Data\InstallShield
2008-05-16 15:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2006-11-29 21:42 233,472 ----a-w C:\Program Files\Uninstall Need2Find Bar.dll
2005-08-15 12:40 9,451,264 ----a-w C:\Documents and Settings\Owner\DesktopDoctor1.0.exe
2004-08-07 19:14 187,904 ----a-w C:\Program Files\HijackThis.exe
2004-07-08 20:14 4,286 ----a-w C:\Program Files\readme.txt
2004-05-28 11:26 167,983 ----a-w C:\Documents and Settings\Owner\Application Data\tvmknwrd.dll
2004-02-01 02:30 887,771 ----a-w C:\Documents and Settings\Owner\2020setup.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{594df41e-51f1-4a3a-84b2-e0003ad6be37}]
2008-07-10 18:05 116352 --a------ C:\WINDOWS\system32\qwyqpe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{684BFE7F-F5B2-4AB3-A95E-EB5036A2D286}]
2008-07-09 11:29 29568 --a------ C:\WINDOWS\system32\urqQiGVP.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{81004111-4DB8-451A-8AB5-C4D6FB3EE597}]
2008-07-10 18:58 322304 --a------ C:\WINDOWS\system32\efcCuTKe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{874EA085-3B7B-412B-91AE-7291A94978D0}]
2008-07-09 08:09 413696 --a------ C:\WINDOWS\wbxdpgfedxa.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC11CE22-F38C-4517-A11A-1DCEFE170350}]
2008-07-09 17:39 318208 --a------ C:\WINDOWS\system32\khFuvSkJ.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-01 16:32 8699904]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 14:39 1289000]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-06-19 15:15 3664944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [2008-05-09 14:37 323216]
"TVS_B"="C:\program files\tvs\tvs_b.exe" [2005-04-25 11:38 16384]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-04-30 10:37 180269]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-10-06 15:16 5058560]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-01 16:32 8699904]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe [2006-06-07 07:26:28 180224]
Script execution time was exceeded on script "C:\ComboFix\lnkread.vbs".
Script execution was terminated.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{684BFE7F-F5B2-4AB3-A95E-EB5036A2D286}"= "C:\WINDOWS\system32\urqQiGVP.dll" [2008-07-09 11:29 29568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"CDStat"= {16befb34-4349-469b-acd6-1855a69de87d} - C:\WINDOWS\Resources\CDStat.dll [2008-07-09 17:33 22566]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqQiGVP]
2008-07-09 11:29 29568 C:\WINDOWS\system32\urqQiGVP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\efcCuTKe

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\websearch]
wjview [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioHQ]
--a------ 2001-08-17 14:52 180224 C:\Program Files\Creative\SBLive\AudioHQ\Ahqtb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dwmuj]
--a------ 2005-05-04 15:59 37512 C:\Program Files\Fnnuat\Vgkp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FtkCPY]
--a------ 2005-06-23 16:50 53248 C:\Program Files\Common Files\Java\Ftkcpy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--a------ 2005-03-09 20:10 11776 C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2005-03-09 20:10 110592 C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV Agent]
--a------ 2002-02-27 12:27 75384 C:\PROGRA~1\NORTON~1\NAVAPW32.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2003-10-06 15:16 5058560 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-04-30 10:37 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tvs_b]
--a------ 2005-04-25 11:38 16384 C:\Program Files\tvs\TVS_B.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\wjview.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare Software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

S2 .NET Connection Service;.NET Framework Service;C:\WINDOWS\svchost.exe []
S2 ZESOFT;ZESOFT;C:\WINDOWS\zeta.exe []
S3 iscFlash;iscFlash;C:\WINDOWS\SYSTEM32\DRIVERS\iscflash.sys []
S3 PCDRDRV;Pcdr Helper Driver;C:\WINDOWS\system32\drivers\PCDRDRV.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-07-06 01:35:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-05 00:53:11 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~1\NAVW32.EXEG/task:C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\Tasks\mycomp.sca
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{DB62CC01-ECD2-492E-BCE6-57B0AD8A8D59} - C:\WINDOWS\sqvgnrpx.dll
HKCU-Run-Yahoo! Pager - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
HKCU-Run-Sys2.exe - C:\Windows\Sys2.exe
HKCU-Run-Sys3.exe - C:\Windows\Sys3.exe
HKCU-Run-Sys4.exe - C:\Windows\Sys4.exe
HKLM-Run-Antivirus - C:\Program Files\VAV\vav.exe
HKLM-Run-Sys2.exe - C:\Windows\Sys2.exe
HKLM-Run-Sys3.exe - C:\Windows\Sys3.exe
HKLM-Run-Sys4.exe - C:\Windows\Sys4.exe
HKLM-Run-90cda65f - C:\WINDOWS\system32\podxejno.dll
SSODL-fdxbameg-{71E8EC67-F5EE-4DBC-8D78-4FA827DA927C} - C:\WINDOWS\fdxbameg.dll
SSODL-fsrpknov-{D52DEAC7-F238-4CB5-ACA3-69FC72CB70C7} - C:\WINDOWS\fsrpknov.dll
MSConfigStartUp-0el0cf4m - C:\WINDOWS\system32\[u]0[/u]el0cf4m.exe
MSConfigStartUp-AdRoarUpdate - C:\WINDOWS\ARUpdate.exe
MSConfigStartUp-BJCFD - C:\Program Files\BroadJump\Client Foundation\CFD.exe
MSConfigStartUp-ComcastSUPPORT - C:\Program Files\Support.com\bin\tgkill.exe
MSConfigStartUp-HPDJ Taskbar Utility - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
MSConfigStartUp-Nsv - C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
MSConfigStartUp-P2P Networking - C:\WINDOWS\system32\P2P Networking\P2P Networking.exe
MSConfigStartUp-Spyware remover - C:\WINDOWS\Remove_spyware.exe
MSConfigStartUp-SurfSideKick 3 - C:\Program Files\SurfSideKick 3\Ssk.exe
MSConfigStartUp-vidctrl - C:\WINDOWS\system32\vidctrl\vidctrl.exe
MSConfigStartUp-Wast - C:\WINDOWS\wast2.exe
MSConfigStartUp-webrebates - C:\Program Files\WebRebates4\webrebates.exe

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-10 18:54:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\urqQiGVP.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\cjswnrhq.dll
-> C:\WINDOWS\system32\efcCuTKe.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\cscript.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2008-07-10 19:32:24 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-10 23:29:49

Pre-Run: 82,758,406,144 bytes free
Post-Run: 82,120,519,680 bytes free

629 --- E O F --- 2008-06-20 07:01:17

Bailey3017
New Member

Date Joined Jun 2008
Total Posts : 13

Posted 7-11-2008 1:07 (GMT +1)

Hijackthis logfile...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:07, on 7/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
O2 - BHO: {1a443132-0867-9978-6f94-f34d1dc6a12b} - {b21a6cd1-d43f-49f6-8799-7680231344a1} - C:\WINDOWS\system32\qhjkxn.dll (file missing)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [90cda65f] rundll32.exe "C:\WINDOWS\system32\cjswnrhq.dll",b
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1215727775718
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://games.pogo.com/online2/pogo/insaniquarium/popcaploader_v6.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: CDStat - {16befb34-4349-469b-acd6-1855a69de87d} - C:\WINDOWS\Resources\CDStat.dll
O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: STOPzilla Local Service - Unknown owner - C:\Program Files\STOPzilla!\szntsvc.exe (file missing)
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe (file missing)
O24 - Desktop Component 0: (no name) - http://www.ustwirling.com/images/banner_back.gif
O24 - Desktop Component 1: (no name) - http://www.geocities.com/clipart/pbi/backgrounds/Generic/impeach_bk.gif
O24 - Desktop Component 2: (no name) - http://www.searay.com/Images/wallpaper/43717_800x600.jpg

--
End of file - 7142 bytes

Bailey3017
New Member

Date Joined Jun 2008
Total Posts : 13

Posted 7-11-2008 1:09 (GMT +1)

Superantispywear logfile...

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/10/2008 at 07:52 PM

Application Version : 4.15.1000

Core Rules Database Version : 3501
Trace Rules Database Version: 1492

Scan type : Quick Scan
Total Scan Time : 00:10:26

Memory items scanned      : 380
Memory threats detected   : 8
Registry items scanned    : 380
Registry threats detected : 61
File items scanned        : 4555
File threats detected     : 257

Trojan.Vundo-Variant/Small-GEN
C:\WINDOWS\SYSTEM32\EFCCUTKE.DLL
C:\WINDOWS\SYSTEM32\EFCCUTKE.DLL
C:\WINDOWS\SYSTEM32\URQQIGVP.DLL
C:\WINDOWS\SYSTEM32\URQQIGVP.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{684BFE7F-F5B2-4AB3-A95E-EB5036A2D286}
HKCR\CLSID\{684BFE7F-F5B2-4AB3-A95E-EB5036A2D286}
HKCR\CLSID\{684BFE7F-F5B2-4AB3-A95E-EB5036A2D286}\InprocServer32
HKCR\CLSID\{684BFE7F-F5B2-4AB3-A95E-EB5036A2D286}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{81004111-4DB8-451A-8AB5-C4D6FB3EE597}
HKCR\CLSID\{81004111-4DB8-451A-8AB5-C4D6FB3EE597}
HKCR\CLSID\{81004111-4DB8-451A-8AB5-C4D6FB3EE597}\InprocServer32
HKCR\CLSID\{81004111-4DB8-451A-8AB5-C4D6FB3EE597}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC11CE22-F38C-4517-A11A-1DCEFE170350}
HKCR\CLSID\{FC11CE22-F38C-4517-A11A-1DCEFE170350}
HKCR\CLSID\{FC11CE22-F38C-4517-A11A-1DCEFE170350}\InprocServer32
HKCR\CLSID\{FC11CE22-F38C-4517-A11A-1DCEFE170350}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{684BFE7F-F5B2-4AB3-A95E-EB5036A2D286}
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\urqQiGVP
C:\WINDOWS\SYSTEM32\URQQKBYP.DLL

Adware.BroadcastPC
C:\PROGRAM FILES\TVS\TVS_B.EXE
C:\PROGRAM FILES\TVS\TVS_B.EXE
[TVS_B] C:\PROGRAM FILES\TVS\TVS_B.EXE
C:\WINDOWS\Prefetch\TVS_B.EXE-371D1576.pf

Unclassified.Unknown Origin
C:\PROGRAM FILES\TVS\TVSV2.DLL
C:\PROGRAM FILES\TVS\TVSV2.DLL
C:\WINDOWS\ADROAR.DLL

Trojan.Unclassified-Packed/Suspicious
C:\WINDOWS\SYSTEM32\BYIWVNV.DLL
C:\WINDOWS\SYSTEM32\BYIWVNV.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{378D3350-29FB-4EB7-A9DD-D39D1D7D5A58}
HKCR\CLSID\{378D3350-29FB-4EB7-A9DD-D39D1D7D5A58}
HKCR\CLSID\{378D3350-29FB-4EB7-A9DD-D39D1D7D5A58}\InprocServer32
HKCR\CLSID\{378D3350-29FB-4EB7-A9DD-D39D1D7D5A58}\InprocServer32#ThreadingModel

Trojan.Net-MSV/VPS-Variant
C:\WINDOWS\WBXDPGFEDXA.DLL
C:\WINDOWS\WBXDPGFEDXA.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{874EA085-3B7B-412B-91AE-7291A94978D0}
HKCR\CLSID\{874EA085-3B7B-412B-91AE-7291A94978D0}
HKCR\CLSID\{874EA085-3B7B-412B-91AE-7291A94978D0}
HKCR\CLSID\{874EA085-3B7B-412B-91AE-7291A94978D0}\InprocServer32
HKCR\CLSID\{874EA085-3B7B-412B-91AE-7291A94978D0}\InprocServer32#ThreadingModel
HKCR\CLSID\{874EA085-3B7B-412B-91AE-7291A94978D0}\ProgID
HKCR\CLSID\{874EA085-3B7B-412B-91AE-7291A94978D0}\Programmable
HKCR\CLSID\{874EA085-3B7B-412B-91AE-7291A94978D0}\TypeLib
HKCR\CLSID\{874EA085-3B7B-412B-91AE-7291A94978D0}\VersionIndependentProgID

Trojan.Downloader-NewJuan/VM
C:\WINDOWS\SYSTEM32\QHJKXN.DLL
C:\WINDOWS\SYSTEM32\QHJKXN.DLL

Adware.Vundo Variant/Resident
C:\WINDOWS\SYSTEM32\KHFUVSKJ.DLL
C:\WINDOWS\SYSTEM32\KHFUVSKJ.DLL

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt
C:\Documents and Settings\Owner\Cookies\owner@directtrack[2].txt
C:\Documents and Settings\Owner\Cookies\owner@tremor.adbureau[2].txt
C:\Documents and Settings\Owner\Cookies\owner@208.122.40[1].txt
C:\Documents and Settings\Owner\Cookies\owner@clickbank[2].txt
C:\Documents and Settings\Owner\Cookies\owner@angleinteractive.directtrack[2].txt
C:\Documents and Settings\Owner\Cookies\owner@indextools[2].txt
C:\Documents and Settings\Owner\Cookies\owner@208.122.40[3].txt

Adware.WebHancer
C:\Program Files\whInstall\license.txt
C:\Program Files\whInstall\readme.txt
C:\Program Files\whInstall\Sporder.dll
C:\Program Files\whInstall\webhdll.dll
C:\Program Files\whInstall\whAgent.exe
C:\Program Files\whInstall\whAgent.ini
C:\Program Files\whInstall\whiehlpr.dll
C:\Program Files\whInstall\whInstaller.exe
C:\Program Files\whInstall\whSurvey.exe
C:\Program Files\whInstall
C:\WINDOWS\WHINSTALLER.EXE_
C:\WINDOWS\WH.EXE

Spyware.WebSearch (WinTools/Huntbar)
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#DeviceDesc

Adware.BookedSpace
C:\WINDOWS\bsx32\ADBN1.bsx
C:\WINDOWS\bsx32\ADVC5.bsx
C:\WINDOWS\bsx32\ADVCTX2.bsx
C:\WINDOWS\bsx32\ASIWS2.bsx
C:\WINDOWS\bsx32\AUTOS1.bsx
C:\WINDOWS\bsx32\BID1.bsx
C:\WINDOWS\bsx32\BingoRoom1.bsx
C:\WINDOWS\bsx32\CARD2.bsx
C:\WINDOWS\bsx32\CARS3.bsx
C:\WINDOWS\bsx32\CASH2.bsx
C:\WINDOWS\bsx32\DATE3.bsx
C:\WINDOWS\bsx32\DEBT1.bsx
C:\WINDOWS\bsx32\DENT1.bsx
C:\WINDOWS\bsx32\DRUG1.bsx
C:\WINDOWS\bsx32\EDU1.bsx
C:\WINDOWS\bsx32\EML1.bsx
C:\WINDOWS\bsx32\EXPE1.bsx
C:\WINDOWS\bsx32\FINC3.bsx
C:\WINDOWS\bsx32\FLWR1.bsx
C:\WINDOWS\bsx32\GIFT1.bsx
C:\WINDOWS\bsx32\HEAL2.bsx
C:\WINDOWS\bsx32\HGH1.bsx
C:\WINDOWS\bsx32\HOMES2.bsx
C:\WINDOWS\bsx32\INK1.bsx
C:\WINDOWS\bsx32\INSUR3.bsx
C:\WINDOWS\bsx32\JOBS2.bsx
C:\WINDOWS\bsx32\MORT1.bsx
C:\WINDOWS\bsx32\MOVS1.bsx
C:\WINDOWS\bsx32\NEWS1.bsx
C:\WINDOWS\bsx32\OPPR2.bsx
C:\WINDOWS\bsx32\!!!!!1.bsx
C:\WINDOWS\bsx32\SHOP1.bsx
C:\WINDOWS\bsx32\SPZ3.bsx
C:\WINDOWS\bsx32\TECH1.bsx
C:\WINDOWS\bsx32\TMP1.bsx
C:\WINDOWS\bsx32\TV1.bsx
C:\WINDOWS\bsx32\WOMEN1.bsx
C:\WINDOWS\bsx32\XTFL2.bsx
C:\WINDOWS\bsx32

Trojan.NewDotNet
HKU\.DEFAULT\Software\New.net
HKU\S-1-5-18\Software\New.net

Registry Cleaner Trial
HKU\S-1-5-21-299502267-115176313-839522115-1003\Software\Registry Cleaner
HKU\S-1-5-21-299502267-115176313-839522115-1003\Software\SoftwareOnline.com
C:\Documents and Settings\Owner\Application Data\Registry Cleaner\Backups\2006-10-11,14-01 37 687.zip
C:\Documents and Settings\Owner\Application Data\Registry Cleaner\Backups
C:\Documents and Settings\Owner\Application Data\Registry Cleaner\Regclean.ini
C:\Documents and Settings\Owner\Application Data\Registry Cleaner

Adware.IST/YourSiteBar
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\Downloaded Program Files\ysbactivex.dll [ ]

Adware.MyWay
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssistant
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssistant#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssistant#HelpLink
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssistant#Publisher
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssistant#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssistant#UrlInfoAbout

Adware.IST/ISTBar (Slotch Bar)
HKU\S-1-5-21-299502267-115176313-839522115-1003\Software\Microsoft\Internet Explorer\Main#BandRest
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main#BandRest

Trojan.Media-Codec
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Brain Codec
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Brain Codec#ProductionEnvironment
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Brain Codec#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Brain Codec#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Brain Codec#DisplayIcon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Brain Codec#DisplayVersion
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Brain Codec#URLInfoAbout
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Brain Codec#Publisher
C:\Program Files\Brain Codec\iesplugin.dll
C:\Program Files\Brain Codec\iesuninst.exe
C:\Program Files\Brain Codec\ot.ico
C:\Program Files\Brain Codec\pmmon.exe
C:\Program Files\Brain Codec\pmsngr.exe
C:\Program Files\Brain Codec\pmuninst.exe
C:\Program Files\Brain Codec\ts.ico
C:\Program Files\Brain Codec\uninst.exe
C:\Program Files\Brain Codec

Adware.Zango Toolbar/Hb
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1055540.sdf
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\394147.sdf
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\965522.sdf
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\10807
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\1258
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\15090
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\18391
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\35000
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\361427
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\455641
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\54189
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\68021
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\93921
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML\99008
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\TooltipXML
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\ustat
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\btntrans1.dat
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\buttondir.txt
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\components.cdf
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\default.cdf
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_511745-514279.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_bidzC_ZT_IE-ca.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_bidzC_ZT_IE-us.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_categorize.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_comparison.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_explorer-Mails.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_explorer-people.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_favorites.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_Games.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_Hide.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_hotbarcom.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_Hotmail.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_hsskin.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_jemster.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_jemsterie.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_jemsteruk.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_jobsearch.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_Mails.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_MobileSidewalk.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_new.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_premium.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_reun.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_ringtones.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_searchfor.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_searchgo.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_weather.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_yellowpages.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\d_icons_buttons_1000.res
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\d_icons_buttons_2000.res
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\d_icons_buttons_3000.res
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\d_icons_buttons_bar.res
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\d_icons_buttons_bbar1.res
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\d_icons_buttons_logos.res
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\d_icons_buttons_other.res
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\email-def-511724-548964.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\email-def-511724-9595.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\email-t1-bg.res
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\icons2.res
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\keywords1.dat
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\layout.cdf
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\linkpathlegal.txt
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\progress.res
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\sales_buttons.res
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\s_icons_buttons.res
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\t2_bg.res
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\theweb.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\top7.cdf
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Top7_theweb.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\tsd_bg.res
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\zango.res
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\btntrans.idx
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\btntrans1.dat
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\buttondir.txt
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\components.cdf
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\default.cdf
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_511745-514279.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_bidzC_ZT_IE-ca.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_bidzC_ZT_IE-us.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_categorize.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_comparison.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_explorer-Mails.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_explorer-people.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_favorites.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_Games.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_Hide.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_hotbarcom.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_Hotmail.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_hsskin.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_jemster.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_jemsterie.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_jemsteruk.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_jobsearch.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_Mails.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_MobileSidewalk.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_new.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_premium.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_reun.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_ringtones.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_searchfor.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_searchgo.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_weather.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Default_yellowpages.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\d_icons_buttons_1000.res
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\d_icons_buttons_2000.res
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\d_icons_buttons_3000.res
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\d_icons_buttons_bar.res
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\d_icons_buttons_bbar1.res
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\d_icons_buttons_logos.res
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\d_icons_buttons_other.res
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\email-def-511724-548964.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\email-def-511724-9595.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\email-t1-bg.res
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\icons2.res
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\keywords.idx
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\keywords1.dat
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\layout.cdf
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\linkpathlegal.txt
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\progress.res
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\sales_buttons.res
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\s_icons_buttons.res
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\t2_bg.res
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\theweb.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\top7.cdf
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\Top7_theweb.mnu
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\tsd_bg.res
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2\zango.res
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\2
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\BtnTrans.xip
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\BtnTrans1.xip
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\buttondir.xip
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\default.xip
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_1000.xip
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_2000.xip
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_3000.xip
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_bar.xip
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_bbar1.xip
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_logos.xip
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_other.xip
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\email-t1-bg.xip
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\icons2.xip
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\keywords.xip
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\keywords1.xip
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\layout.xip
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\linkpathlegal.xip
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\progress.xip
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\sales_buttons.xip
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\samplegroups2.txt
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\samplegroups2.xip
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\samplegroups2reg.txt
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\samplegroups2reg.xip
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\s_icons_buttons.xip
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\t2_bg.xip
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\top7.xip
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\tsd_bg.xip
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\zango.xip
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0\ZangoToolbar
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\v3.0
C:\Documents and Settings\Owner\Application Data\ZangoToolbar\zbar.log
C:\Documents and Settings\Owner\Application Data\ZangoToolbar

Adware.Vundo Variant/Rel
HKLM\SOFTWARE\Microsoft\aoprndtws
HKLM\SOFTWARE\Microsoft\RemoveRP
HKU\S-1-5-21-299502267-115176313-839522115-1003\Software\Microsoft\rdfa

Adware.Rogue-Installer
C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\FREE GALLERY OF THE DAY.URL

Adware.ClickSpring/PuritySCAN
C:\INSTALL_TAG002.EXE

Adware.eXactAdvertising-Installer
C:\WINDOWS\AAD.EXE
C:\WINDOWS\DSLIFE.EXE
C:\WINDOWS\INVUPDATE.EXE

Backdoor.Agent
C:\WINDOWS\AQADCUP.EXE

Adware.PopUppers
C:\WINDOWS\BLYG.EXE_

Trojan.Downloader-Gen/Suspicious
C:\WINDOWS\SYSTEM32\A5WU37RD.EXE

Adware.ClearSearch
C:\WINDOWS\SYSTEM32\GR0CK03.DLL

Bailey3017
New Member

Date Joined Jun 2008
Total Posts : 13

Posted 7-11-2008 1:14 (GMT +1)

Ok so there are the logfiles...I was eventually able to download and run everything...the superantispywear was the last because at first before I ran the combofix my pc would not allow an install...the combofix seemed to work out most of the damage then I was able to do the rest. Fingers crossed so far so good tonight. Seems like this worked...really don't know what else to do other than a big ol' THANKS EVER SO MUCH! This forum is a wonderful thing...know that it is on my favorites now!

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 14350

Posted 7-11-2008 8:08 (GMT +1)

Sounds good smile

However, I´ll suggest