Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Friends Computer, i think i got the generic trojan off

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Friends Computer, i think i got the generic trojan off

Unread postby cobra11 » February 1st, 2008, 12:00 am

COMBO SCAN

ComboFix 08-01-31.1 - Lance Norwood Jr 2008-01-30 19:09:58.1 - NTFSx86
Running from: C:\Documents and Settings\Lance Norwood Jr\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\SystemDoctor Free
C:\Documents and Settings\Guest\Application Data\Starware316
C:\Documents and Settings\Guest\Application Data\Starware316\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\Configurator\ConfiguratorOptions.xml
C:\Documents and Settings\Guest\Application Data\Starware316\Configurator\ConfiguratorOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\Games\Games0.bmp
C:\Documents and Settings\Guest\Application Data\Starware316\Games\GamesOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\Layouts\PreferencesLayout.xml
C:\Documents and Settings\Guest\Application Data\Starware316\Layouts\PreferencesLayout.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\Layouts\WeatherLayout.xml
C:\Documents and Settings\Guest\Application Data\Starware316\Layouts\WeatherLayout.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\Movies\Movies0.bmp
C:\Documents and Settings\Guest\Application Data\Starware316\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\Reference\ReferenceOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\Screensavers\ScreensaversOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePager0.bmp
C:\Documents and Settings\Guest\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\SearchAssistPlus\SearchAssistPlusOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\SearchMatch\SearchMatchOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\Weather\WeatherOptions.xml.backup
C:\Documents and Settings\Lance Norwood Jr\Application Data\CURITY~1
C:\Documents and Settings\Lance Norwood Jr\Application Data\ECURIT~1
C:\Documents and Settings\Lance Norwood Jr\Application Data\ICROSO~1.NET
C:\Documents and Settings\Lance Norwood Jr\Application Data\macromedia\Flash Player\#SharedObjects\LT4PMRND\www.broadcaster.com
C:\Documents and Settings\Lance Norwood Jr\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Lance Norwood Jr\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\Lance Norwood Jr\Application Data\MANTEC~1
C:\Documents and Settings\Lance Norwood Jr\Application Data\MANTEC~1\javaw.exe
C:\Documents and Settings\Lance Norwood Jr\Application Data\MCROSO~1.NET
C:\Documents and Settings\Lance Norwood Jr\Application Data\RACLE~1
C:\Documents and Settings\Lance Norwood Jr\Application Data\SpamBlocker
C:\Documents and Settings\Lance Norwood Jr\Application Data\SpamBlockerUtility_Icons
C:\Documents and Settings\Lance Norwood Jr\Application Data\SpamBlockerUtility_Icons\Registryrepair.ico
C:\Documents and Settings\Lance Norwood Jr\Application Data\SpamBlockerUtility_Icons\Software_Online_8.ico
C:\Documents and Settings\Lance Norwood Jr\Application Data\SpamBlockerUtility_Icons\wallpapere1.ico
C:\Documents and Settings\Lance Norwood Jr\Application Data\STEM~1
C:\Documents and Settings\Lance Norwood Jr\ResErrors.log
C:\Program Files\Common Files\asks~1
C:\Program Files\Common Files\curity~1
C:\Program Files\Common Files\mantec~1
C:\Program Files\Common Files\mbols~1
C:\Program Files\Common Files\racle~1
C:\Program Files\Common Files\scurit~1
C:\Program Files\Common Files\smbols~1
C:\Program Files\Common Files\sstem~1
C:\Program Files\Common Files\sstem3~1
C:\Program Files\Common Files\stem~1
C:\Program Files\Common Files\wnsxs~1
C:\Program Files\Common Files\ystem3~1
C:\Program Files\dobe~1
C:\Program Files\icroso~1.net
C:\Program Files\pppatc~1
C:\Program Files\sks~1
C:\Program Files\sks~2
C:\Program Files\smbols~1
C:\Program Files\tsks~1
C:\Redemption.ECF
C:\WINDOWS\ggkxy.dat
C:\WINDOWS\pppatc~1
C:\WINDOWS\racle~1
C:\WINDOWS\sks~1
C:\WINDOWS\system32\crosof~1
C:\WINDOWS\system32\crosof~1.net
C:\WINDOWS\system32\dobe~1
C:\WINDOWS\system32\ecurit~1
C:\WINDOWS\system32\fnts~1
C:\WINDOWS\system32\lxwlr.dat
C:\WINDOWS\system32\nhqwx.dat
C:\WINDOWS\system32\qcatv.dat
C:\WINDOWS\system32\racle~1
C:\WINDOWS\system32\sks~1
C:\WINDOWS\system32\stem~1
C:\WINDOWS\system32\wnsxs~1
C:\WINDOWS\ymante~1
C:\WINDOWS\ystem3~1

.
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-31 )))))))))))))))))))))))))))))))
.

2008-01-27 20:36 . 2008-01-27 21:44 23,392 --a------ C:\WINDOWS\SYSTEM32\nscompat.tlb
2008-01-27 20:36 . 2008-01-27 21:44 16,832 --a------ C:\WINDOWS\SYSTEM32\amcompat.tlb
2008-01-24 23:58 . 2008-01-24 23:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-01-24 23:56 . 2008-01-24 23:57 <DIR> d-------- C:\Program Files\Dell Support Center
2008-01-24 23:56 . 2008-01-24 23:56 <DIR> d-------- C:\Program Files\Common Files\supportsoft
2008-01-22 19:14 . 2008-01-29 17:45 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-22 19:14 . 2008-01-22 19:14 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-22 19:10 . 2008-01-22 19:11 <DIR> d-------- C:\Program Files\iTunes
2008-01-22 19:04 . 2008-01-22 19:06 <DIR> d-------- C:\Program Files\QuickTime
2008-01-18 15:08 . 2008-01-20 10:58 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-16 21:34 . 2008-01-18 15:00 <DIR> d-------- C:\Program Files\Norton Security Scan
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\SYSTEM32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\SYSTEM32\QuickTime.qts
2007-12-23 10:35 . 2007-12-23 10:35 1,024 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\1B645C6A-2D66-4072-AB64-898FA1E402D9.cxv
2007-12-12 19:27 . 2008-01-17 23:31 58,880 --ahs---- C:\WINDOWS\Thumbs.db
2007-12-12 19:27 . 2008-01-17 23:46 9,216 --ahs---- C:\WINDOWS\SYSTEM32\Thumbs.db
2007-12-10 19:13 . 2007-12-10 19:13 <DIR> d--h----- C:\WINDOWS\PIF
2007-12-10 18:16 . 2007-12-22 03:00 <DIR> d-------- C:\Documents and Settings\Lance Norwood Jr\Application Data\SpywareBot
2007-12-09 22:29 . 2007-12-09 22:29 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-02 13:13 . 2007-12-02 13:13 <DIR> d-------- C:\Documents and Settings\Lance Norwood Jr\Application Data\MSN6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-31 01:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-01-31 00:43 --------- d-----w C:\Program Files\XoftSpySE
2008-01-30 03:48 --------- d-----w C:\Documents and Settings\Lance Norwood Jr\Application Data\LimeWire
2008-01-25 06:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-01-23 01:11 --------- d-----w C:\Program Files\iPod
2008-01-18 08:00 --------- d-----w C:\Documents and Settings\Lance Norwood Jr\Application Data\U3
2008-01-18 06:05 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-20 04:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-20 04:46 --------- d-----w C:\Program Files\Philips
2007-12-20 04:24 --------- d-----w C:\Program Files\Modem On Hold
2007-12-20 04:24 --------- d-----w C:\Program Files\Modem Helper
2007-12-20 04:24 --------- d-----w C:\Program Files\AdwareFilter
2007-12-13 01:29 --------- d-----w C:\Program Files\LimeWire
2007-12-13 01:12 --------- d-----w C:\Program Files\downloads
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\SYSTEM32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\lsasrv.dll
2007-10-30 23:42 3,590,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-10-30 17:20 360,064 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\SYSTEM32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
2007-10-27 23:40 227,328 ----a-w C:\WINDOWS\SYSTEM32\wmasf.dll
2007-10-27 23:40 227,328 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
2007-10-10 23:56 824,832 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
2007-10-10 23:56 824,832 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
2007-10-10 23:56 232,960 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
2007-10-10 23:56 1,159,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
2007-10-10 23:55 671,232 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
2007-10-10 23:55 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
2007-10-10 23:55 6,065,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2007-10-10 23:55 52,224 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2007-10-10 23:55 478,208 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
2007-10-10 23:55 459,264 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2007-10-10 23:55 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
2007-10-10 23:55 384,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
2007-10-10 23:55 383,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2007-10-10 23:55 27,648 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
2007-10-10 23:55 267,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2007-10-10 23:55 230,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
2007-10-10 23:55 214,528 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
2007-10-10 23:55 193,024 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
2007-10-10 23:55 153,088 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
2007-10-10 23:55 132,608 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
2007-10-10 23:55 124,928 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
2007-10-10 23:55 105,984 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
2007-10-10 23:55 102,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
2007-10-10 10:59 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2007-10-10 10:59 625,152 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2007-10-10 05:46 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2005-01-21 00:53 45,056 ------r C:\Program Files\SetAttrib.exe
2004-11-30 07:23 40,960 ------r C:\Program Files\delete.exe
2004-10-16 10:19 11,591 --sha-w C:\WINDOWS\abghx.dat
2004-08-09 07:16 0 --sha-w C:\WINDOWS\appfe.exe
2004-10-27 03:42 11,591 --sha-w C:\WINDOWS\apsyx.dat
2004-08-24 03:53 3,063 --sha-w C:\WINDOWS\blanf.dat
2004-11-24 12:53 3,347 --sha-w C:\WINDOWS\bnada.dat
2004-11-04 15:15 3,362 --sha-w C:\WINDOWS\bvduv.dat
2004-09-12 17:02 11,591 --sha-w C:\WINDOWS\bwtfp.dat
2006-02-22 10:24 3,347 --sha-w C:\WINDOWS\byxvu.dat
2004-08-15 09:37 3,063 --sha-w C:\WINDOWS\caghx.dat
2004-09-14 16:36 11,591 --sha-w C:\WINDOWS\ckqol.dat
2004-08-15 10:18 11,591 --sha-w C:\WINDOWS\corxr.dat
2004-09-21 12:21 11,591 --sha-w C:\WINDOWS\cswqb.dat
2004-11-07 17:29 11,591 --sha-w C:\WINDOWS\ctppm.dat
2004-10-20 14:09 11,591 --sha-w C:\WINDOWS\cuevg.dat
2004-09-11 19:59 11,591 --sha-w C:\WINDOWS\cxhrg.dat
2004-08-31 17:43 0 --sha-w C:\WINDOWS\czdgp.dat
2004-11-16 16:31 11,591 --sha-w C:\WINDOWS\diexz.dat
2004-11-16 16:31 11,591 --sha-w C:\WINDOWS\dlmuu.dat
2004-11-16 16:31 11,591 --sha-w C:\WINDOWS\dprcu.dat
2004-09-20 15:36 3,063 --sha-w C:\WINDOWS\dskub.dat
2004-11-13 16:46 3,347 --sha-w C:\WINDOWS\ehvfa.dat
2004-09-19 19:37 0 --sha-w C:\WINDOWS\etlds.dll
2004-10-31 13:12 3,362 --sha-w C:\WINDOWS\exbqr.dat
2004-09-11 06:55 11,591 --sha-w C:\WINDOWS\fapud.dat
2004-09-25 23:08 11,591 --sha-w C:\WINDOWS\fjufv.dat
2004-11-10 03:52 3,347 --sha-w C:\WINDOWS\fqbus.dat
2004-10-03 18:05 3,063 --sha-w C:\WINDOWS\gjzvl.dat
2004-09-09 14:06 3,063 --sha-w C:\WINDOWS\gkdcr.dat
2004-12-03 20:04 11,591 --sha-w C:\WINDOWS\gntyh.dat
2004-11-21 02:10 11,591 --sha-w C:\WINDOWS\gumfc.dat
2004-10-27 01:33 11,591 --sha-w C:\WINDOWS\gyozc.dat
2004-09-12 12:17 3,063 --sha-w C:\WINDOWS\hcacy.dat
2004-11-28 11:54 3,347 --sha-w C:\WINDOWS\hcqms.dat
2004-10-05 01:18 3,063 --sha-w C:\WINDOWS\hreae.dat
2004-11-09 20:40 3,347 --sha-w C:\WINDOWS\huhwa.dat
2004-11-27 06:52 11,591 --sha-w C:\WINDOWS\hzugm.dat
2004-08-05 09:55 3,063 --sha-w C:\WINDOWS\iagav.dat
2004-08-15 16:30 11,591 --sha-w C:\WINDOWS\ibxma.dat
2004-09-28 07:04 11,591 --sha-w C:\WINDOWS\ihfrl.dat
2004-11-30 15:51 11,591 --sha-w C:\WINDOWS\infxh.dat
2004-09-08 09:23 11,591 --sha-w C:\WINDOWS\irkvq.dat
2004-09-10 06:02 11,591 --sha-w C:\WINDOWS\irqne.dat
2004-10-31 21:35 3,362 --sha-w C:\WINDOWS\ivybk.dat
2005-05-06 20:34 238,709 --sh--r C:\WINDOWS\iyfyn7.sys
2004-10-04 07:58 11,591 --sha-w C:\WINDOWS\jfuac.dat
2004-11-04 17:40 11,591 --sha-w C:\WINDOWS\jrlxs.dat
2004-11-29 13:59 11,591 --sha-w C:\WINDOWS\jznfx.dat
2004-09-21 14:17 11,591 --sha-w C:\WINDOWS\kgipx.dat
2004-10-05 03:05 11,591 --sha-w C:\WINDOWS\kjxhe.dat
2004-11-10 14:22 11,591 --sha-w C:\WINDOWS\kohyw.dat
2004-11-16 09:44 3,347 --sha-w C:\WINDOWS\kvkzg.dat
2004-10-01 22:24 11,591 --sha-w C:\WINDOWS\lcmvd.dat
2004-09-01 02:33 3,063 --sha-w C:\WINDOWS\liagg.dat
2005-01-15 11:42 11,591 --sha-w C:\WINDOWS\lksxz.dat
2004-11-18 02:11 11,591 --sha-w C:\WINDOWS\lluxy.dat
2004-10-08 22:52 3,063 --sha-w C:\WINDOWS\lvtyw.dat
2004-09-21 20:16 3,063 --sha-w C:\WINDOWS\lwkke.dat
2004-09-29 03:31 11,591 --sha-w C:\WINDOWS\lyfir.dat
2004-11-20 21:06 11,591 --sha-w C:\WINDOWS\maeny.dat
2004-09-19 10:35 3,063 --sha-w C:\WINDOWS\mciip.dat
2004-09-02 17:56 11,591 --sha-w C:\WINDOWS\mcmzj.dat
2004-08-23 10:46 3,063 --sha-w C:\WINDOWS\mghel.dat
2004-11-25 02:56 3,347 --sha-w C:\WINDOWS\mkbmk.dat
2004-08-02 07:21 11,591 --sha-w C:\WINDOWS\mknro.dat
2004-08-02 16:46 10,240 --sha-w C:\WINDOWS\msls32.exe
2006-03-03 03:38 11,591 --sha-w C:\WINDOWS\muyis.dat
2004-11-20 22:57 3,347 --sha-w C:\WINDOWS\mxnvu.dat
2004-09-20 15:51 3,063 --sha-w C:\WINDOWS\njmcy.dat
2004-12-19 06:31 3,347 --sha-w C:\WINDOWS\nqyvt.dat
2004-10-12 22:07 0 --sha-w C:\WINDOWS\nzugr.dll
2004-10-06 23:59 0 --sha-w C:\WINDOWS\n_eenhay.dat
2004-09-26 06:24 0 --sha-w C:\WINDOWS\n_miiwbb.dat
2004-08-26 03:12 0 --sha-w C:\WINDOWS\n_vpuxgs.dat
2004-09-19 19:36 0 --sha-w C:\WINDOWS\n_vvhitd.dat
2004-11-18 06:38 0 --sha-w C:\WINDOWS\n_wphjwr.dat
2004-10-23 16:56 3,063 --sha-w C:\WINDOWS\ogkvb.dat
2004-10-07 16:13 11,591 --sha-w C:\WINDOWS\oivli.dat
2004-12-12 21:20 3,347 --sha-w C:\WINDOWS\pvuut.dat
2004-10-22 08:17 11,591 --sha-w C:\WINDOWS\pxvdr.dat
2004-10-31 22:16 3,347 --sha-w C:\WINDOWS\qeopo.dat
2004-10-02 19:24 11,591 --sha-w C:\WINDOWS\rbocc.dat
2004-08-31 02:43 0 --sha-w C:\WINDOWS\rlygs.dat
2004-11-07 18:30 3,362 --sha-w C:\WINDOWS\rscbr.dat
2004-10-09 00:04 3,362 --sha-w C:\WINDOWS\siqbc.dat
2004-11-17 03:13 3,362 --sha-w C:\WINDOWS\tpduc.dat
2004-08-21 05:52 3,063 --sha-w C:\WINDOWS\tqzey.dat
2004-08-26 17:47 11,591 --sha-w C:\WINDOWS\twnyj.dat
2004-10-27 19:14 11,591 --sha-w C:\WINDOWS\ubtdd.dat
2004-09-20 20:09 3,063 --sha-w C:\WINDOWS\ukdem.dat
2004-09-27 01:18 3,063 --sha-w C:\WINDOWS\umqvx.dat
2005-01-03 23:52 11,591 --sha-w C:\WINDOWS\uqevp.dat
2004-11-23 08:05 11,591 --sha-w C:\WINDOWS\usxrw.dat
2004-12-29 11:11 11,591 --sha-w C:\WINDOWS\uwgrd.dat
2004-09-15 14:03 11,591 --sha-w C:\WINDOWS\uyhgt.dat
2004-10-22 20:33 3,063 --sha-w C:\WINDOWS\viphx.dat
2004-11-09 22:47 11,591 --sha-w C:\WINDOWS\vlzgf.dat
2004-08-27 02:28 3,063 --sha-w C:\WINDOWS\vngqi.dat
2004-08-13 22:42 11,591 --sha-w C:\WINDOWS\vsrba.dat
2004-10-30 04:19 11,591 --sha-w C:\WINDOWS\vturt.dat
2004-11-10 21:19 11,591 --sha-w C:\WINDOWS\wdefk.dat
2004-10-16 06:17 11,591 --sha-w C:\WINDOWS\wlddy.dat
2004-10-06 21:50 11,591 --sha-w C:\WINDOWS\wrzvv.dat
2004-12-01 03:07 3,347 --sha-w C:\WINDOWS\wsdoj.dat
2004-10-02 21:33 3,362 --sha-w C:\WINDOWS\wwdxj.dat
2004-10-04 06:04 11,591 --sha-w C:\WINDOWS\xbfuu.dat
2004-11-07 10:09 3,362 --sha-w C:\WINDOWS\xckma.dat
2004-11-10 17:52 3,347 --sha-w C:\WINDOWS\xivjz.dat
2004-08-12 18:57 11,591 --sha-w C:\WINDOWS\xiyip.dat
2004-11-03 00:24 11,591 --sha-w C:\WINDOWS\xldmf.dat
2005-04-18 13:22 3,347 --sha-w C:\WINDOWS\xqdxz.dat
2004-10-26 20:01 3,362 --sha-w C:\WINDOWS\xtcwr.dat
2005-04-18 13:22 3,063 --sha-w C:\WINDOWS\ycmdg.dat
2004-10-30 00:17 3,362 --sha-w C:\WINDOWS\yiwgt.dat
2004-10-20 14:41 3,063 --sha-w C:\WINDOWS\yvlrj.dat
2004-09-27 16:17 11,591 --sha-w C:\WINDOWS\yzczv.dat
2004-09-28 08:50 11,591 --sha-w C:\WINDOWS\yzguh.dat
2004-11-18 06:55 0 --sha-w C:\WINDOWS\yzuis.dll
2004-11-14 15:37 3,362 --sha-w C:\WINDOWS\ztpsx.dat
2004-11-26 08:23 11,591 --sha-w C:\WINDOWS\SYSTEM32\agjnc.dat
2004-11-07 20:05 0 --sha-w C:\WINDOWS\SYSTEM32\apmll.dat
2004-11-20 17:25 11,591 --sha-w C:\WINDOWS\SYSTEM32\athzo.dat
2004-10-22 14:06 0 --sha-w C:\WINDOWS\SYSTEM32\azslr.dll
2004-09-06 17:34 11,591 --sha-w C:\WINDOWS\SYSTEM32\bkcei.dat
2004-10-03 03:41 11,591 --sha-w C:\WINDOWS\SYSTEM32\bmfga.dat
2004-08-22 16:23 3,063 --sha-w C:\WINDOWS\SYSTEM32\bncae.dat
2004-08-06 02:48 11,591 --sha-w C:\WINDOWS\SYSTEM32\bvfic.dat
2004-08-20 21:34 11,591 --sha-w C:\WINDOWS\SYSTEM32\chnqd.dat
2004-09-29 08:26 11,591 --sha-w C:\WINDOWS\SYSTEM32\cjocs.dat
2004-08-20 17:59 3,063 --sha-w C:\WINDOWS\SYSTEM32\cxvqd.dat
2005-01-13 23:52 4,354 --sha-w C:\WINDOWS\SYSTEM32\dahmc.dat
2004-10-10 06:25 3,063 --sha-w C:\WINDOWS\SYSTEM32\drxbd.dat
2004-09-11 23:41 11,591 --sha-w C:\WINDOWS\SYSTEM32\ebhei.dat
2004-11-15 16:37 3,347 --sha-w C:\WINDOWS\SYSTEM32\eqzcl.dat
2004-12-07 16:42 3,347 --sha-w C:\WINDOWS\SYSTEM32\erqwg.dat
2004-10-01 09:31 3,063 --sha-w C:\WINDOWS\SYSTEM32\exyik.dat
2004-10-03 03:39 3,063 --sha-w C:\WINDOWS\SYSTEM32\fbden.dat
2004-12-05 08:27 11,591 --sha-w C:\WINDOWS\SYSTEM32\fbefy.dat
2004-08-26 16:32 3,063 --sha-w C:\WINDOWS\SYSTEM32\fdywf.dat
2004-11-04 05:42 3,362 --sha-w C:\WINDOWS\SYSTEM32\fenhx.dat
2004-11-09 23:53 3,347 --sha-w C:\WINDOWS\SYSTEM32\fhbxg.dat
2004-10-27 06:45 3,362 --sha-w C:\WINDOWS\SYSTEM32\fqked.dat
2004-10-24 13:33 11,591 --sha-w C:\WINDOWS\SYSTEM32\fuexe.dat
2004-11-25 14:16 3,347 --sha-w C:\WINDOWS\SYSTEM32\fxghm.dat
2004-08-20 02:57 11,591 --sha-w C:\WINDOWS\SYSTEM32\fyaeh.dat
2004-10-22 02:07 3,362 --sha-w C:\WINDOWS\SYSTEM32\fzthc.dat
2004-11-13 20:32 11,591 --sha-w C:\WINDOWS\SYSTEM32\gikah.dat
2005-01-08 09:01 11,591 --sha-w C:\WINDOWS\SYSTEM32\gjqpz.dat
2004-10-16 18:11 3,362 --sha-w C:\WINDOWS\SYSTEM32\guvju.dat
2004-12-19 19:24 11,591 --sha-w C:\WINDOWS\SYSTEM32\gvlyw.dat
2004-12-06 05:35 11,591 --sha-w C:\WINDOWS\SYSTEM32\gwtzw.dat
2004-10-05 17:06 3,063 --sha-w C:\WINDOWS\SYSTEM32\haolt.dat
2004-10-15 12:35 3,362 --sha-w C:\WINDOWS\SYSTEM32\hefnd.dat
2004-09-25 13:56 11,591 --sha-w C:\WINDOWS\SYSTEM32\heiwr.dat
2004-11-26 22:25 3,347 --sha-w C:\WINDOWS\SYSTEM32\iaffb.dat
2004-11-07 01:23 3,362 --sha-w C:\WINDOWS\SYSTEM32\ihfjp.dat
2004-11-17 11:06 3,347 --sha-w C:\WINDOWS\SYSTEM32\ikvvq.dat
2004-10-28 14:05 11,591 --sha-w C:\WINDOWS\SYSTEM32\imlqg.dat
2004-11-10 17:54 3,347 --sha-w C:\WINDOWS\SYSTEM32\imxdk.dat
2005-05-06 20:34 278,250 --sh--r C:\WINDOWS\SYSTEM32\iyfyn7.sys
2004-10-31 11:26 11,591 --sha-w C:\WINDOWS\SYSTEM32\jknlr.dat
2004-10-31 22:08 3,362 --sha-w C:\WINDOWS\SYSTEM32\jvuyz.dat
2004-08-06 14:18 11,591 --sha-w C:\WINDOWS\SYSTEM32\kdxnh.dat
2004-08-26 18:13 3,063 --sha-w C:\WINDOWS\SYSTEM32\kfvlv.dat
2004-08-30 18:33 3,063 --sha-w C:\WINDOWS\SYSTEM32\krvsq.dat
2004-11-22 18:45 11,591 --sha-w C:\WINDOWS\SYSTEM32\ktfgk.dat
2004-10-26 22:39 3,362 --sha-w C:\WINDOWS\SYSTEM32\kuetb.dat
2004-09-10 02:51 11,591 --sha-w C:\WINDOWS\SYSTEM32\kzicj.dat
2004-10-21 11:53 11,591 --sha-w C:\WINDOWS\SYSTEM32\lekmp.dat
2004-10-23 00:27 3,362 --sha-w C:\WINDOWS\SYSTEM32\lqbww.dat
2004-10-24 03:26 3,362 --sha-w C:\WINDOWS\SYSTEM32\lrgkv.dat
2004-08-24 18:37 11,591 --sha-w C:\WINDOWS\SYSTEM32\mmkyb.dat
2004-11-17 00:12 3,347 --sha-w C:\WINDOWS\SYSTEM32\ngnwg.dat
2004-10-16 03:52 3,362 --sha-w C:\WINDOWS\SYSTEM32\nkhij.dat
2004-10-24 01:19 11,591 --sha-w C:\WINDOWS\SYSTEM32\odrhi.dat
2004-09-18 00:20 3,063 --sha-w C:\WINDOWS\SYSTEM32\ohjlf.dat
2004-08-31 17:48 0 --sha-w C:\WINDOWS\SYSTEM32\oravi.dat
2004-10-27 11:57 11,591 --sha-w C:\WINDOWS\SYSTEM32\ozkvb.dat
2004-12-12 14:59 3,347 --sha-w C:\WINDOWS\SYSTEM32\pzsnb.dat
2004-09-18 10:52 3,063 --sha-w C:\WINDOWS\SYSTEM32\qabtd.dat
2004-09-25 18:07 11,591 --sha-w C:\WINDOWS\SYSTEM32\qbwrr.dat
2004-09-18 17:09 11,591 --sha-w C:\WINDOWS\SYSTEM32\qggti.dat
2004-09-25 05:47 3,063 --sha-w C:\WINDOWS\SYSTEM32\qkpzj.dat
2004-09-25 07:51 3,063 --sha-w C:\WINDOWS\SYSTEM32\qmkvb.dat
2004-11-08 20:39 11,591 --sha-w C:\WINDOWS\SYSTEM32\qnpzg.dat
2004-11-24 04:08 3,347 --sha-w C:\WINDOWS\SYSTEM32\qqscx.dat
2004-07-29 02:21 3,063 --sha-w C:\WINDOWS\SYSTEM32\qvdyq.dat
2004-10-24 09:15 3,362 --sha-w C:\WINDOWS\SYSTEM32\rlbie.dat
2004-09-25 23:46 3,063 --sha-w C:\WINDOWS\SYSTEM32\rpdno.dat
2004-11-20 08:44 11,591 --sha-w C:\WINDOWS\SYSTEM32\rprpm.dat
2004-10-31 16:31 11,591 --sha-w C:\WINDOWS\SYSTEM32\ruxga.dat
2004-10-26 18:43 3,362 --sha-w C:\WINDOWS\SYSTEM32\rwnhy.dat
2004-08-23 12:20 3,063 --sha-w C:\WINDOWS\SYSTEM32\rxrua.dat
2004-08-29 16:45 11,591 --sha-w C:\WINDOWS\SYSTEM32\scgoj.dat
2004-09-07 14:38 11,591 --sha-w C:\WINDOWS\SYSTEM32\sinwl.dat
2004-09-25 02:12 11,591 --sha-w C:\WINDOWS\SYSTEM32\slriz.dat
2004-08-29 21:48 11,591 --sha-w C:\WINDOWS\SYSTEM32\snrjk.dat
2004-11-05 10:21 11,591 --sha-w C:\WINDOWS\SYSTEM32\sqyua.dat
2004-11-15 02:50 11,591 --sha-w C:\WINDOWS\SYSTEM32\szrkb.dat
2004-11-13 07:05 11,591 --sha-w C:\WINDOWS\SYSTEM32\tdqee.dat
2004-10-20 20:33 11,591 --sha-w C:\WINDOWS\SYSTEM32\tdxec.dat
2004-11-07 02:40 11,591 --sha-w C:\WINDOWS\SYSTEM32\tiisi.dat
2004-11-14 21:16 11,591 --sha-w C:\WINDOWS\SYSTEM32\tomrq.dat
2004-11-18 06:56 0 --sha-w C:\WINDOWS\SYSTEM32\tslyv.dll
2004-10-12 05:07 11,591 --sha-w C:\WINDOWS\SYSTEM32\ttyea.dat
2004-09-12 06:49 3,063 --sha-w C:\WINDOWS\SYSTEM32\tuhlc.dat
2004-11-13 22:55 11,591 --sha-w C:\WINDOWS\SYSTEM32\txivz.dat
2004-09-01 19:51 11,591 --sha-w C:\WINDOWS\SYSTEM32\tylbz.dat
2004-11-15 04:50 11,591 --sha-w C:\WINDOWS\SYSTEM32\ufzsd.dat
2004-08-20 03:40 3,063 --sha-w C:\WINDOWS\SYSTEM32\ukhlg.dat
2004-09-30 10:21 3,063 --sha-w C:\WINDOWS\SYSTEM32\unoyz.dat
2004-09-23 03:42 3,063 --sha-w C:\WINDOWS\SYSTEM32\uoump.dat
2004-10-13 10:55 3,063 --sha-w C:\WINDOWS\SYSTEM32\vbhcw.dat
2004-08-11 02:46 11,591 --sha-w C:\WINDOWS\SYSTEM32\vbncx.dat
2005-01-28 16:00 3,547 --sha-w C:\WINDOWS\SYSTEM32\vbpxm.dat
2004-10-24 11:48 11,591 --sha-w C:\WINDOWS\SYSTEM32\vcjpk.dat
2004-09-23 07:16 3,063 --sha-w C:\WINDOWS\SYSTEM32\vjhel.dat
2004-08-15 04:13 3,063 --sha-w C:\WINDOWS\SYSTEM32\vvfuk.dat
2005-01-10 08:45 3,347 --sha-w C:\WINDOWS\SYSTEM32\wcbul.dat
2004-11-09 16:49 3,347 --sha-w C:\WINDOWS\SYSTEM32\wknmh.dat
2004-10-15 01:51 3,362 --sha-w C:\WINDOWS\SYSTEM32\wpycp.dat
2004-10-24 10:18 3,362 --sha-w C:\WINDOWS\SYSTEM32\wrucs.dat
2004-09-29 10:52 3,063 --sha-w C:\WINDOWS\SYSTEM32\wtkrw.dat
2004-12-13 03:17 11,591 --sha-w C:\WINDOWS\SYSTEM32\wwgpr.dat
2004-11-06 23:20 3,362 --sha-w C:\WINDOWS\SYSTEM32\wzchs.dat
2007-03-19 18:31 228,864 --sh--r C:\WINDOWS\SYSTEM32\w?nlogon.exe
2004-12-02 09:40 11,591 --sha-w C:\WINDOWS\SYSTEM32\xcebx.dat
2004-08-23 19:45 3,063 --sha-w C:\WINDOWS\SYSTEM32\xdogs.dat
2004-08-29 04:08 11,591 --sha-w C:\WINDOWS\SYSTEM32\xeyhz.dat
2004-08-06 17:13 3,063 --sha-w C:\WINDOWS\SYSTEM32\xkomt.dat
2004-08-01 07:11 11,591 --sha-w C:\WINDOWS\SYSTEM32\xnken.dat
2004-08-21 20:53 3,063 --sha-w C:\WINDOWS\SYSTEM32\xucje.dat
2004-09-17 09:48 11,591 --sha-w C:\WINDOWS\SYSTEM32\yhwpg.dat
2004-08-24 07:50 11,591 --sha-w C:\WINDOWS\SYSTEM32\ynnpz.dat
2004-08-24 06:54 3,063 --sha-w C:\WINDOWS\SYSTEM32\ynpuj.dat
2004-12-02 11:01 11,591 --sha-w C:\WINDOWS\SYSTEM32\ytmae.dat
2004-11-10 15:35 3,347 --sha-w C:\WINDOWS\SYSTEM32\ytxoq.dat
2004-10-27 22:07 11,591 --sha-w C:\WINDOWS\SYSTEM32\yyoyt.dat
2004-09-27 18:24 3,063 --sha-w C:\WINDOWS\SYSTEM32\zhomm.dat
2004-10-27 13:38 11,591 --sha-w C:\WINDOWS\SYSTEM32\zhpsx.dat
2004-10-05 01:39 11,591 --sha-w C:\WINDOWS\SYSTEM32\zjkkh.dat
2004-10-23 19:35 11,591 --sha-w C:\WINDOWS\SYSTEM32\zmkom.dat
2004-10-12 14:26 3,362 --sha-w C:\WINDOWS\SYSTEM32\ztvaw.dat
2004-11-05 04:41 11,591 --sha-w C:\WINDOWS\SYSTEM32\zvkab.dat
2004-11-14 23:17 3,362 --sha-w C:\WINDOWS\SYSTEM32\zwtvd.dat
2004-08-17 08:54 3,063 --sha-w C:\WINDOWS\SYSTEM32\zyvpq.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6BD4ABBD-3523-C873-457D-313BA77F97C0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{875AD120-1EB1-626C-EEAE-638488E049C0}]
C:\WINDOWS\system32\kroopux.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B779A875-36BF-453E-BAC6-45B6AB927B90}]
C:\WINDOWS\system32\vvbmnuwl.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09 460784]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]
"ModemOnHold"="C:\PROGRA~1\MODEMO~1\MOH.exe" [2003-11-17 09:10 86016]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 09:23 202544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
C:\Program Files\Altnet\Points Manager\Points Manager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bxxs5]
C:\WINDOWS\bxxs5.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClrSchLoader]
C:\Program Files\ClearSearch\Loader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys]
C:\Program Files\Common Files\CMEII\CMESys.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\d3dl32.exe]
C:\WINDOWS\system32\d3dl32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A940]
--a------ 2003-02-08 16:42 86102 C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2005-10-19 07:59 126976 C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2005-10-19 07:59 155648 C:\WINDOWS\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
--a------ 2003-09-03 19:12 221184 C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]
C:\Program Files\Kazaa\kazaa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a------ 2006-01-17 12:03 53248 c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2006-01-17 12:03 135168 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2003-08-26 18:47 204800 C:\Program Files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunDLL]
C:\WINDOWS\Downloaded Program Files\bridge.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 03:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-02 14:49 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updmgr]
C:\Program Files\Common files\updmgr\updmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e63fee76-278d-11dc-a8fb-00038a000015}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e63fee7b-278d-11dc-a8fb-00038a000015}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f49407cf-2845-11dc-a8fe-00038a000015}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ffb8fe60-8d31-11dc-a9cd-000d566b1619}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-01-22 13:19:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-18 21:41:27 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-01-30 09:00:02 C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job"
- C:\Program Files\SpywareBot\SpywareBot.ex
- C:\Program Files\SpywareBot
"2008-01-31 00:36:10 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-01-31 00:36:08 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-30 19:16:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\Rhododendron.bmp:ywgymn 64000 bytes executable
C:\WINDOWS\muyis.dat:iwhlq 36155 bytes executable
C:\WINDOWS\nsreg.dat:bfligm 11394 bytes executable
C:\WINDOWS\nsw.log:vvoyy 10240 bytes executable
C:\WINDOWS\BOOTSTAT.DAT:ugbzip 11394 bytes executable
C:\WINDOWS\Q329909.LOG:fhoun 10240 bytes executable
C:\WINDOWS\IIS6.LOG:gjxfk 90624 bytes executable
C:\WINDOWS\dprcu.dat:srvfi 56320 bytes executable
C:\WINDOWS\n_ujakxn.dat:taanlv 68608 bytes executable
C:\WINDOWS\ycmdg.dat:skzvhd 66560 bytes executable
C:\WINDOWS\SchedLgU.Txt:ilkqq 10240 bytes executable
C:\WINDOWS\d3as32.dll:lvejt 11401 bytes executable
C:\WINDOWS\n_mpjuni.dat:cphqnk 68096 bytes executable
C:\WINDOWS\appfe.exe:aoobf 56832 bytes executable
C:\WINDOWS\ztpsx.dat:jhszk 11401 bytes executable
C:\WINDOWS\_DEFAULT.PIF:ehxlse 11401 bytes executable
C:\WINDOWS\_DEFAULT.PIF:eovbyy 114362 bytes executable
C:\WINDOWS\_DEFAULT.PIF:fjohxm 30264 bytes executable
C:\WINDOWS\_DEFAULT.PIF:nivcdc 11394 bytes executable
C:\WINDOWS\_DEFAULT.PIF:ppguvl 11394 bytes executable
C:\WINDOWS\_DEFAULT.PIF:xiqqvo 30264 bytes executable
C:\WINDOWS\WINHELP.EXE:sitqi 27102 bytes executable
C:\WINDOWS\q812415.log:diexz 10240 bytes executable
C:\WINDOWS\q812415.log:pbfnj 10240 bytes executable
C:\WINDOWS\q812415.log:xiyip 26763 bytes executable
C:\WINDOWS\Q813862.LOG:xaqeau 30264 bytes executable
C:\WINDOWS\Q816486.LOG:cwceg 56832 bytes executable
C:\WINDOWS\Q816981.LOG:ibxtd 26763 bytes executable
C:\WINDOWS\Q816981.LOG:vjxlc 26763 bytes executable
C:\WINDOWS\ORUN32.ISU:jxrwfk 11394 bytes executable
C:\WINDOWS\byxvu.dat:fzmsfc 36155 bytes executable
C:\WINDOWS\cdzzs.txt:ypfaqe 66560 bytes executable
C:\WINDOWS\WMSysPrx.prx:zhpus 103867 bytes executable
C:\WINDOWS\sysry.dll:fclyfj 11401 bytes executable
C:\WINDOWS\upwzyk.dat:cssyj 114362 bytes executable
C:\WINDOWS\gcnwz.txt:qkmkrv 30264 bytes executable
C:\WINDOWS\IsUninst.exe:jkapg 27102 bytes executable
C:\WINDOWS\lksxz.dat:xxdvu 90624 bytes executable

scan completed successfully
hidden files: 38

**************************************************************************
.
Completion time: 2008-01-30 19:19:12
ComboFix-quarantined-files.txt 2008-01-31 01:18:55
.
2008-01-29 05:34:16 --- E O F ---
cobra11
Active Member
 
Posts: 5
Joined: January 26th, 2008, 12:02 am
Advertisement
Register to Remove

Re: Friends Computer, i think i got the generic trojan off

Unread postby cobra11 » February 1st, 2008, 12:26 am

it has a funwebproduct virus on there, and i cant seem to get it off, any help would be grateful
cobra11
Active Member
 
Posts: 5
Joined: January 26th, 2008, 12:02 am

Re: Friends Computer, i think i got the generic trojan off

Unread postby Katana » February 19th, 2008, 7:29 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.


Unless informed of in advance, failure to post replies within 5 days will result in this thread being closed.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly :D

I apologize for the delay in responding, but as you can probably see the forums are quite busy
and helpers look for posts with zero replies.
Unfortunately there are far more people needing help than there are helpers.

If you still require help please post a fresh Hijack This log to this thread.
I will be notified and I will get back to you ASAP.

Click here to download HJTinstall.exe
  • Save HJTinstall.exe to your desktop.
  • Double click on the HJTinstall.exe icon on your desktop.
  • By default it will install to C:\\Program Files\\Trend Micro\\Hijack This.
  • Click I accept
  • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
  • Click Save to save the log file and then the log will open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.



Installed Programs
Please could you give me a list of the programs that are installed.
  • Start HijackThis
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
You will see a list with the programs installed in your computer.
Click on save list button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad into your next post.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Friends Computer, i think i got the generic trojan off

Unread postby Elrond » February 24th, 2008, 4:37 pm

Due to lack of response this topic is now closed.

If you still need help open a new thread in the Malware Removal forum and wait for a new helper.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Donations For Malware Removal

Elrond
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 33 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware