Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Unwanted advertisement & slow computer

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unwanted advertisement & slow computer

Unread postby missjoe » April 14th, 2009, 11:54 am

I keep getting pop up adds for many things, mostly for antispyware. I have no idea what I clicked that may have caused this, I haven't been browsing much lately. It also slowed my computer down and I am not allowed to pull up certain sites. I have rebooted in safe mode and used malawarebytes and superantispyware. In the normal mode I have used adaware, malawarebytes, superantispyware, and avast home edition. I also did a system clean, and used CClean. I have deleted something that started with a Z, I had to delete it in safe mode because I could not delete it in the normal mode. I know that it caused one of the ads to show up with a missing link, so one of the ads does not work but it still comes up. Thanks for your time.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:58 AM, on 4/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Documents and Settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = cdn
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe,
O1 - Hosts: 82.98.231.89 browser-security.microsoft.com
O1 - Hosts: 82.98.231.89 best-click-scanner.info
O1 - Hosts: 82.98.231.89 antivirus-xp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.infosecuritycenter.com
O1 - Hosts: 82.98.231.89 microsoft.softwaresecurityhelp.com
O1 - Hosts: 82.98.231.89 onlinenotifyq.net
O1 - Hosts: 82.98.231.89 antivirusxp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.browser-security-center.com
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [08a1bf1e] rundll32.exe "C:\WINDOWS\system32\hibopiro.dll",b
O4 - HKLM\..\Run: [CPM0b928c82] Rundll32.exe "C:\WINDOWS\system32\neduwozi.dll",a
O4 - HKLM\..\Run: [nuhafopere] Rundll32.exe "C:\WINDOWS\system32\dapatudi.dll",s
O4 - HKCU\..\Run: [SansaDispatch] C:\Documents and Settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.expresstoolie.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IExplorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.expresstoolie.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/prof ... itStop.CAB
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/ ... 586-jc.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/seri ... /gwCID.CAB
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

--
End of file - 5468 bytes
missjoe
Active Member
 
Posts: 5
Joined: April 14th, 2009, 11:38 am
Advertisement
Register to Remove

Re: Unwanted advertisement & slow computer

Unread postby Wi[k]! » April 14th, 2009, 4:16 pm

Hello and welcome to the forums,


1.
  • Start HijackThis.
  • Click Open the Misc Tools section
  • Click Open Uninstall Manager
  • Click Save list...
  • Save the list to your desktop, or any other convenient place.

Post that in your next reply.

Open up Malwarebytes and update the program to get the latest definitions. Then perform a quick scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,
click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
Post malwarebytes log as well.
Wi[k]!
MRU Undergrad
MRU Undergrad
 
Posts: 554
Joined: August 4th, 2008, 9:49 am

Re: Unwanted advertisement & slow computer

Unread postby missjoe » April 15th, 2009, 2:21 am

Attached is the list. I continue to run malawarebytes and superantispyware because it seems that it always finds trojans since my computer has been infected. I went ahead and updated the malawarebytes and it has been running for the past three hours. My computer is extra slow and buttons are missing. It took me awhile to find the missing link to post this message, it doesn't show up on my screen. Thanks for your help.
You do not have the required permissions to view the files attached to this post.
missjoe
Active Member
 
Posts: 5
Joined: April 14th, 2009, 11:38 am

Re: Unwanted advertisement & slow computer

Unread postby missjoe » April 16th, 2009, 4:20 am

The problem is now resolved. I don't have those unwanted advertisements anymore. Thanks :D
missjoe
Active Member
 
Posts: 5
Joined: April 14th, 2009, 11:38 am

Re: Unwanted advertisement & slow computer

Unread postby Wi[k]! » April 16th, 2009, 2:24 pm

Absence of symptoms does not mean you computer is clean. Follow the steps below so we can be certain it is.

Please read MWR's policy regarding Peer to Peer programs. You must uninstall all P2P programs if you'd like to receive my help.

Click on start > run > type in: appwiz.cpl and press enter. Uninstall the following from the list:

Ask Toolbar
Kazaa Lite K++ v2.4.2
LimeWire 4.14.8
Vuze
Spybot - Search & Destroy 1.3 (Outdated and you have plenty of Anti-Spyware programs installed so you don't need it, but if you want to you can download the latest version from here

Next:

Visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofi ... e-combofix


* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

In your next reply include:

C:\ComboFix.txt
New HJT log
Wi[k]!
MRU Undergrad
MRU Undergrad
 
Posts: 554
Joined: August 4th, 2008, 9:49 am

Re: Unwanted advertisement & slow computer

Unread postby missjoe » April 20th, 2009, 8:00 am

I have tried to delete the askbar many times but that cannot be uninstalled. I thought I succeeded in doing so in safe mode but it was still there.
You do not have the required permissions to view the files attached to this post.
missjoe
Active Member
 
Posts: 5
Joined: April 14th, 2009, 11:38 am

Re: Unwanted advertisement & slow computer

Unread postby Wi[k]! » April 22nd, 2009, 7:37 am

From now on, don't attach anything just post it in the forums.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\dowurumi.dll
c:\windows\system32\mibevilo.exe
c:\program files\msbb.log
c:\program files\msbb_kyf.dat
c:\program files\msbbau.dat
c:\windows\system32\yasijote.dll.tmp
c:\windows\system32\wugakuwa.dll

Folder::
c:\program files\Coupons
c:\documents and settings\Owner\Application Data\Azureus
c:\program files\Kazaa Lite K++
c:\program files\Vuze
c:\program files\AskBarDis
c:\documents and settings\All Users\Application Data\Azureus

Registry::
[-HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^10864.exe.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^17965.exe.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^52B5D.exe.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^6D7F8.exe.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^7B436.exe.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^84816.exe.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^9E0F7.exe.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^A4DB1.exe.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^A9D8C.exe.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^C54A0.exe.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^D77D5.exe.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^DB512.exe.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^kill.bat]
[-HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^mel.bat040409 PM.bat]
[-HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^mel.bat103020 PM.bat]
[-HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^mel.bat103032 PM.bat]
[-HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^mel.bat103047 PM.bat]
[-HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^mel.bat182311 PM.bat]
[-HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^mel.bat240426 PM.bat]
[-HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^mel.bat240428 PM.bat]
[-HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^mel.bat440444 PM.bat]
[-HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^mel.bat540356 PM.bat]
[-HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^mel.bat580057 PM.bat]

Driver::
tgqnqydb

NetSvc::
tgqnqydb

RegLockDel::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}]

DirLook::
c:\documents and settings\Owner\Application Data\wlvsouqo
c:\documents and settings\All Users\Application Data\2B177



Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe


Image

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
--------------------------------------------------

You are using an outdated version of Adobe reader; older versions contain vulnerabilities which can be used to infect your system. Uninstall Adobe Reader 7.0 via Add/Remove Programs.

Download and install the latest version of Adobe: Adobe Reader 9

Note: Adobe Reader 9 is rather a large program, if you prefer a small program you can install Foxit Reader. However, if you choose to do so make sure not to install the toolbar.
--------------------------------------------------

Click on start > run > type in: javacpl.cpl and press enter. Click on the update tab and click update now. After a while a window will pop up, follow the prompts to install the latest version of java.
--------------------------------------------------

Do an online scan with Kaspersky's Online Scanner

  • Click on accept and updating will commence to download the latest virus definitions.
  • On the left side, under Scan click on My Computer, a scan will start.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

Note: There is a tutorial Here if you need to see one.

In your next reply, post the following:

Combofix.txt
Kaspersky report
New HJT log
Wi[k]!
MRU Undergrad
MRU Undergrad
 
Posts: 554
Joined: August 4th, 2008, 9:49 am

Re: Unwanted advertisement & slow computer

Unread postby missjoe » April 22nd, 2009, 5:25 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:19:57 PM, on 4/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Documents and Settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = cdn
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [SansaDispatch] C:\Documents and Settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_13.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_13.dll
O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/prof ... itStop.CAB
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/seri ... /gwCID.CAB
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 5171 bytes


ComboFix 09-04-23.02 - Owner 04/22/2009 15:50.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.207 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090422-0] *On-access scanning disabled* (Updated)
FW: Defender Pro Firewall *disabled*
* Created a new restore point

FILE ::
c:\program files\msbb.log
c:\program files\msbb_kyf.dat
c:\program files\msbbau.dat
c:\windows\system32\dowurumi.dll
c:\windows\system32\mibevilo.exe
c:\windows\system32\wugakuwa.dll
c:\windows\system32\yasijote.dll.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Azureus
c:\documents and settings\All Users\Application Data\Azureus\azCID.txt
c:\documents and settings\Owner\Application Data\Azureus
c:\documents and settings\Owner\Application Data\Azureus\.certs
c:\documents and settings\Owner\Application Data\Azureus\.keystore
c:\documents and settings\Owner\Application Data\Azureus\.lock
c:\documents and settings\Owner\Application Data\Azureus\active\0027AA045B1F9769991D34F23E08C70BFDC48711.dat
c:\documents and settings\Owner\Application Data\Azureus\active\0027AA045B1F9769991D34F23E08C70BFDC48711.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\00D0DA35EF4932E7945DB6091330C01C0EF46F7C.dat
c:\documents and settings\Owner\Application Data\Azureus\active\00D0DA35EF4932E7945DB6091330C01C0EF46F7C.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\03E9C4B0F9F9954912D474C58F629CA86547A6D1.dat
c:\documents and settings\Owner\Application Data\Azureus\active\03E9C4B0F9F9954912D474C58F629CA86547A6D1.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\06891D243BDB8E4931945461BF12133A020F53B2.dat
c:\documents and settings\Owner\Application Data\Azureus\active\06891D243BDB8E4931945461BF12133A020F53B2.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\0F1A7747CB1B32EF47CFEEF4B59BE70026E46103.dat
c:\documents and settings\Owner\Application Data\Azureus\active\0F1A7747CB1B32EF47CFEEF4B59BE70026E46103.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\15AA06AB6B8F81A8ECEF0D5A10FDB1F92B058EC5.dat
c:\documents and settings\Owner\Application Data\Azureus\active\15AA06AB6B8F81A8ECEF0D5A10FDB1F92B058EC5.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\18D57059B1D0A3478D40841A11B3F37A73E65CDC.dat
c:\documents and settings\Owner\Application Data\Azureus\active\18D57059B1D0A3478D40841A11B3F37A73E65CDC.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\1AC86CB379F929943379F69DFA0A490024FD9439.dat
c:\documents and settings\Owner\Application Data\Azureus\active\1AC86CB379F929943379F69DFA0A490024FD9439.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\247E705C8D16518BA8574C38EBA879866D2726A3.dat
c:\documents and settings\Owner\Application Data\Azureus\active\247E705C8D16518BA8574C38EBA879866D2726A3.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\2629FD8F1EBE737FC8B267A524AF1658CB4E8462.dat
c:\documents and settings\Owner\Application Data\Azureus\active\2629FD8F1EBE737FC8B267A524AF1658CB4E8462.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\2D4B24FF6EE049691A42E3FF1208C35B361A182A.dat
c:\documents and settings\Owner\Application Data\Azureus\active\2D4B24FF6EE049691A42E3FF1208C35B361A182A.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\3333926AC56E9D6B46903C1384D4716B8E4DAD4D.dat
c:\documents and settings\Owner\Application Data\Azureus\active\3333926AC56E9D6B46903C1384D4716B8E4DAD4D.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\531E0454E16E6D0DA8192CC7AFC76B54FB17E04F.dat
c:\documents and settings\Owner\Application Data\Azureus\active\531E0454E16E6D0DA8192CC7AFC76B54FB17E04F.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\59DA82DA04F51F9C85F681FFEC35406E2CF64D56.dat
c:\documents and settings\Owner\Application Data\Azureus\active\59DA82DA04F51F9C85F681FFEC35406E2CF64D56.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\5DC2B9CDA3EBC878EE20A896773282F0918F581C.dat
c:\documents and settings\Owner\Application Data\Azureus\active\5DC2B9CDA3EBC878EE20A896773282F0918F581C.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\739496DCB4CD1F6C1740668558DB2372118CAF6F.dat
c:\documents and settings\Owner\Application Data\Azureus\active\739496DCB4CD1F6C1740668558DB2372118CAF6F.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\759736CA508B0E9796B170E56920B9BD0CAA7703.dat
c:\documents and settings\Owner\Application Data\Azureus\active\759736CA508B0E9796B170E56920B9BD0CAA7703.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\7905E21949FB456239418407D94333DAFDB1E3B7.dat
c:\documents and settings\Owner\Application Data\Azureus\active\7905E21949FB456239418407D94333DAFDB1E3B7.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\7F096F496535E659BA970C47317248A27B6AFB42.dat
c:\documents and settings\Owner\Application Data\Azureus\active\7F096F496535E659BA970C47317248A27B6AFB42.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\817C5B850BC5519AD4530979B59FCB9DD19A9D47.dat
c:\documents and settings\Owner\Application Data\Azureus\active\817C5B850BC5519AD4530979B59FCB9DD19A9D47.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\89A2846E60E8EB3F5BFB37351BF36146C54B2484.dat
c:\documents and settings\Owner\Application Data\Azureus\active\89A2846E60E8EB3F5BFB37351BF36146C54B2484.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\8AF43EB2A038CE24684C26C152176304F2CCCDAE.dat
c:\documents and settings\Owner\Application Data\Azureus\active\8AF43EB2A038CE24684C26C152176304F2CCCDAE.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\8D9B52E8FCAE5133A3A55388260CCA0E3709E9BC.dat
c:\documents and settings\Owner\Application Data\Azureus\active\8D9B52E8FCAE5133A3A55388260CCA0E3709E9BC.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\9003E9356A392022C3BC0D01B307D02C456C1762.dat
c:\documents and settings\Owner\Application Data\Azureus\active\9003E9356A392022C3BC0D01B307D02C456C1762.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\92FDAFF9A8F692EF89AADDD9A76A84729E8605A7.dat
c:\documents and settings\Owner\Application Data\Azureus\active\92FDAFF9A8F692EF89AADDD9A76A84729E8605A7.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\9A03C18938D535F5CF336FB1D222C0C7C2714451.dat
c:\documents and settings\Owner\Application Data\Azureus\active\9A03C18938D535F5CF336FB1D222C0C7C2714451.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\A1F685AF7BF9CF1CD9635554066E25BEB2B44B92.dat
c:\documents and settings\Owner\Application Data\Azureus\active\A1F685AF7BF9CF1CD9635554066E25BEB2B44B92.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\A6D5BFF9C692D781E5DA2B10340D34B18145209A.dat
c:\documents and settings\Owner\Application Data\Azureus\active\A6D5BFF9C692D781E5DA2B10340D34B18145209A.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\AE5823600CFADEE3661C2E297F7BDFE7BAB4514D.dat
c:\documents and settings\Owner\Application Data\Azureus\active\AE5823600CFADEE3661C2E297F7BDFE7BAB4514D.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\AFE83B90291DC58EE1FD71589A7DDB7659206303.dat
c:\documents and settings\Owner\Application Data\Azureus\active\AFE83B90291DC58EE1FD71589A7DDB7659206303.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\B11394C9BC5326B6C70AB116529EF86E5A723E08.dat
c:\documents and settings\Owner\Application Data\Azureus\active\B11394C9BC5326B6C70AB116529EF86E5A723E08.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\B9324E39591E1BA6955C92FA8EBD73647DAC1D9A.dat
c:\documents and settings\Owner\Application Data\Azureus\active\B9324E39591E1BA6955C92FA8EBD73647DAC1D9A.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\BAEC18043A32992A24F0177B49641DA1DAC36201.dat
c:\documents and settings\Owner\Application Data\Azureus\active\BAEC18043A32992A24F0177B49641DA1DAC36201.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\BC82B8FA7700FC878092A4DFACC67250609A5F73.dat
c:\documents and settings\Owner\Application Data\Azureus\active\BC82B8FA7700FC878092A4DFACC67250609A5F73.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\cache.dat
c:\documents and settings\Owner\Application Data\Azureus\active\CCE19C031D4D20D4A2E0D990358DF420211A2BA3.dat
c:\documents and settings\Owner\Application Data\Azureus\active\CCE19C031D4D20D4A2E0D990358DF420211A2BA3.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\D1AFDB1D893C524042334DB4AC31423102CD32AE.dat
c:\documents and settings\Owner\Application Data\Azureus\active\D1AFDB1D893C524042334DB4AC31423102CD32AE.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\D83A80F23D26BFFF045545341B98C8176006F826.dat
c:\documents and settings\Owner\Application Data\Azureus\active\D83A80F23D26BFFF045545341B98C8176006F826.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\DA4DC1024FBE812FE3A35A90F35806FA94D6D1B3.dat
c:\documents and settings\Owner\Application Data\Azureus\active\DA4DC1024FBE812FE3A35A90F35806FA94D6D1B3.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\E39B39D2C106BE7A83D17F8313EF7EC0BC870D42.dat
c:\documents and settings\Owner\Application Data\Azureus\active\E39B39D2C106BE7A83D17F8313EF7EC0BC870D42.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\F07A86E0138800C5C53D0BCE89B8DC5A7E527DF0.dat
c:\documents and settings\Owner\Application Data\Azureus\active\F07A86E0138800C5C53D0BCE89B8DC5A7E527DF0.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\F6B6DD62B26B3A78328CA09994E1BFFE19532F8D.dat
c:\documents and settings\Owner\Application Data\Azureus\active\F6B6DD62B26B3A78328CA09994E1BFFE19532F8D.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\active\FEF87B617BD187AF924772E13E96DF5F7A8FD4D9.dat
c:\documents and settings\Owner\Application Data\Azureus\active\FEF87B617BD187AF924772E13E96DF5F7A8FD4D9.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\azureus.config
c:\documents and settings\Owner\Application Data\Azureus\azureus.config.bak
c:\documents and settings\Owner\Application Data\Azureus\azureus.statistics
c:\documents and settings\Owner\Application Data\Azureus\azureus.statistics.bak
c:\documents and settings\Owner\Application Data\Azureus\banips.config
c:\documents and settings\Owner\Application Data\Azureus\banips.config.bak
c:\documents and settings\Owner\Application Data\Azureus\cnetworks.config
c:\documents and settings\Owner\Application Data\Azureus\dht\addresses.dat
c:\documents and settings\Owner\Application Data\Azureus\dht\contacts.dat
c:\documents and settings\Owner\Application Data\Azureus\dht\diverse.dat
c:\documents and settings\Owner\Application Data\Azureus\dht\general.dat
c:\documents and settings\Owner\Application Data\Azureus\dht\version.dat
c:\documents and settings\Owner\Application Data\Azureus\downloads.config
c:\documents and settings\Owner\Application Data\Azureus\downloads.config.bak
c:\documents and settings\Owner\Application Data\Azureus\friends.config
c:\documents and settings\Owner\Application Data\Azureus\friends.config.bak
c:\documents and settings\Owner\Application Data\Azureus\ipfilter.cache
c:\documents and settings\Owner\Application Data\Azureus\logs\AutoSpeedSearchHistory_1.log
c:\documents and settings\Owner\Application Data\Azureus\logs\clientid_1.log
c:\documents and settings\Owner\Application Data\Azureus\logs\CNetworks_1.log
c:\documents and settings\Owner\Application Data\Azureus\logs\debug_1.log
c:\documents and settings\Owner\Application Data\Azureus\logs\Friends_1.log
c:\documents and settings\Owner\Application Data\Azureus\logs\MetaSearch_1.log
c:\documents and settings\Owner\Application Data\Azureus\logs\NetStatus_1.log
c:\documents and settings\Owner\Application Data\Azureus\logs\seltrace_1.log
c:\documents and settings\Owner\Application Data\Azureus\logs\Subscriptions_1.log
c:\documents and settings\Owner\Application Data\Azureus\logs\thread_1.log
c:\documents and settings\Owner\Application Data\Azureus\logs\thread_2.log
c:\documents and settings\Owner\Application Data\Azureus\logs\v3.ads_1.log
c:\documents and settings\Owner\Application Data\Azureus\logs\v3.CMsgr_1.log
c:\documents and settings\Owner\Application Data\Azureus\logs\v3.Friends_1.log
c:\documents and settings\Owner\Application Data\Azureus\logs\v3.PMsgr_1.log
c:\documents and settings\Owner\Application Data\Azureus\logs\v3.Stream_1.log
c:\documents and settings\Owner\Application Data\Azureus\metasearch.config
c:\documents and settings\Owner\Application Data\Azureus\metasearch.config.bak
c:\documents and settings\Owner\Application Data\Azureus\net\pm_209.dat
c:\documents and settings\Owner\Application Data\Azureus\net\pm_default.dat
c:\documents and settings\Owner\Application Data\Azureus\sidebarauto.config
c:\documents and settings\Owner\Application Data\Azureus\sidebarauto.config.bak
c:\documents and settings\Owner\Application Data\Azureus\subs\06EEEFBF26D02F824C84.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\07ABDD32A54D704B48FE.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\2193CFBF2A957A71BCC8.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\2DF43E7396E6157D8CE5.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\3C174BCFB894FF459D45.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\447229A3A371779E8871.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\9167E16C9B7944056AC7.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\A12C9287BC80463D6AE0.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\A4A08E81783B5A421A5F.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\A57341AB2AA7A98D5F19.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\AD8051E73A76B5270EC8.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\C732D6BA9C09C29B2FA3.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\E67D8443DF3B6D5C02B4.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\ED7A4A68D27A7C72BABE.vuze
c:\documents and settings\Owner\Application Data\Azureus\subs\F14DB936646DBBA8A53E.vuze
c:\documents and settings\Owner\Application Data\Azureus\subscriptions.config
c:\documents and settings\Owner\Application Data\Azureus\subscriptions.config.bak
c:\documents and settings\Owner\Application Data\Azureus\tables.config
c:\documents and settings\Owner\Application Data\Azureus\tables.config.bak
c:\documents and settings\Owner\Application Data\Azureus\timingstats.dat
c:\documents and settings\Owner\Application Data\Azureus\tmp\AZU29529.tmp
c:\documents and settings\Owner\Application Data\Azureus\tmp\AZU29530.tmp
c:\documents and settings\Owner\Application Data\Azureus\tmp\AZU29531.tmp
c:\documents and settings\Owner\Application Data\Azureus\tmp\AZU29532.tmp
c:\documents and settings\Owner\Application Data\Azureus\tmp\AZU29533.tmp
c:\documents and settings\Owner\Application Data\Azureus\tmp\AZU29534.tmp
c:\documents and settings\Owner\Application Data\Azureus\tmp\AZU29535.tmp
c:\documents and settings\Owner\Application Data\Azureus\tmp\AZU29536.tmp
c:\documents and settings\Owner\Application Data\Azureus\tmp\AZU29537.tmp
c:\documents and settings\Owner\Application Data\Azureus\tmp\AZU29538.tmp
c:\documents and settings\Owner\Application Data\Azureus\tmp\AZU29539.tmp
c:\documents and settings\Owner\Application Data\Azureus\tracker.config
c:\documents and settings\Owner\Application Data\Azureus\tracker.config.bak
c:\documents and settings\Owner\Application Data\Azureus\unsentdata.config
c:\documents and settings\Owner\Application Data\Azureus\unsentdata.config.bak
c:\documents and settings\Owner\Application Data\Azureus\update.log
c:\documents and settings\Owner\Application Data\Azureus\update.properties
c:\documents and settings\Owner\Application Data\Azureus\v3.Friends.dat
c:\documents and settings\Owner\Application Data\Azureus\v3.Friends.dat.bak
c:\documents and settings\Owner\Application Data\Azureus\VuzeActivities.config
c:\documents and settings\Owner\Application Data\Azureus\VuzeActivities.config.bak
c:\program files\AskBarDis
c:\program files\AskBarDis\bar\bin\askBar.dll
c:\program files\AskBarDis\bar\bin\askPopStp.dll
c:\program files\AskBarDis\bar\bin\psvince.dll
c:\program files\AskBarDis\bar\Cache\00871ABB
c:\program files\AskBarDis\bar\Cache\00871CAF
c:\program files\AskBarDis\bar\Cache\00871FDB.bin
c:\program files\AskBarDis\bar\Cache\00872598.bin
c:\program files\AskBarDis\bar\Cache\00872663.bin
c:\program files\AskBarDis\bar\Cache\0087279C.bin
c:\program files\AskBarDis\bar\Cache\00872A3B.bin
c:\program files\AskBarDis\bar\Cache\00872C8D.bin
c:\program files\AskBarDis\bar\Cache\files.ini
c:\program files\AskBarDis\bar\History\search
c:\program files\AskBarDis\bar\Settings\config.dat
c:\program files\AskBarDis\bar\Settings\config.dat.bak
c:\program files\AskBarDis\bar\Settings\prevcfg.htm
c:\program files\AskBarDis\PopSwatter\History\allowed
c:\program files\AskBarDis\PopSwatter\History\notallow
c:\program files\AskBarDis\unins000.dat
c:\program files\AskBarDis\unins000.exe
c:\program files\Coupons
c:\program files\Coupons\Coupons.com.url
c:\program files\Coupons\uninstall.exe
c:\program files\Coupons\Uninstall\IRIMG1.JPG
c:\program files\Coupons\Uninstall\IRIMG2.JPG
c:\program files\Coupons\Uninstall\IRIMG3.JPG
c:\program files\Coupons\Uninstall\IRIMG4.JPG
c:\program files\Coupons\Uninstall\IRIMG5.JPG
c:\program files\Coupons\Uninstall\IRIMG6.JPG
c:\program files\Coupons\Uninstall\IRIMG7.JPG
c:\program files\Coupons\Uninstall\IRIMG8.JPG
c:\program files\Coupons\Uninstall\uninstall.dat
c:\program files\Coupons\Uninstall\uninstall.xml
c:\program files\Kazaa Lite K++
c:\program files\Kazaa Lite K++\BannedIPs\BannedIpRanges.txt.bak
c:\program files\Kazaa Lite K++\Kazupernodes\favorites.kzf
c:\program files\Kazaa Lite K++\Thumbs.db
c:\program files\Kazaa Lite K++\web\Thumbs.db
c:\program files\msbb.log
c:\program files\msbb_kyf.dat
c:\program files\msbbau.dat
c:\program files\Vuze
c:\program files\Vuze\plugins\azemp\azemp_2.0.34.jar
c:\program files\Vuze\plugins\azemp\azemp_2.0.34.zip
c:\program files\Vuze\plugins\azemp\azmplay.exe.bak
c:\program files\Vuze\plugins\azemp\cp1250-a.raw.bak
c:\program files\Vuze\plugins\azemp\cp1250-b.raw.bak
c:\program files\Vuze\plugins\azemp\font.desc.bak
c:\program files\Vuze\plugins\azemp\osd-mplayer-a.raw.bak
c:\program files\Vuze\plugins\azemp\osd-mplayer-b.raw.bak
c:\program files\Vuze\plugins\azemp\plugin.properties_2.0.34
c:\program files\Vuze\plugins\azupnpav\azupnpav_0.2.5.jar
c:\program files\Vuze\plugins\azupnpav\azupnpav_0.2.5.zip
c:\program files\Vuze\plugins\azupnpav\plugin.properties_0.2.5
c:\windows\system32\dowurumi.dll
c:\windows\system32\mibevilo.exe
c:\windows\system32\yasijote.dll.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TGQNQYDB


((((((((((((((((((((((((( Files Created from 2009-03-22 to 2009-04-22 )))))))))))))))))))))))))))))))
.

2009-04-21 02:12 . 2009-04-21 02:16 1374 ----a-w c:\windows\imsins.BAK
2009-04-20 12:42 . 2009-04-20 12:44 -------- d-----w c:\program files\Windows Live Safety Center
2009-04-20 12:24 . 2009-03-27 06:58 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-20 12:24 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-20 12:24 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-08 03:40 . 2009-04-08 03:40 113120 ----a-w C:\regbackup.reg
2009-04-03 20:47 . 2009-04-03 20:47 25740144 ----a-w C:\wmp11-windowsxp-x86-enu.exe
2009-04-01 09:35 . 2009-04-01 09:35 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\wlvsouqo
2009-04-01 09:35 . 2009-04-01 09:35 -------- d-----w c:\documents and settings\Owner\Application Data\wlvsouqo
2009-04-01 09:33 . 2009-04-01 09:33 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\wlvsouqo
2009-04-01 09:33 . 2009-04-01 09:33 -------- d-----w c:\documents and settings\NetworkService\Application Data\wlvsouqo
2009-04-01 03:11 . 2009-04-01 03:11 -------- d-----w c:\program files\Trend Micro
2009-03-30 00:13 . 2009-03-30 00:13 -------- d-----w c:\documents and settings\Owner\LocalLow
2009-03-30 00:13 . 2009-03-30 00:13 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\TVU Networks
2009-03-30 00:13 . 2009-03-30 00:13 -------- d-----w c:\documents and settings\All Users\Application Data\TVU Networks
2009-03-30 00:09 . 2009-03-30 01:26 -------- d-----w c:\documents and settings\Owner\Application Data\Winamp
2009-03-29 23:47 . 2009-04-01 05:34 -------- d-----w c:\documents and settings\Owner\Application Data\mp3rocket
2009-03-29 23:47 . 2009-03-29 23:48 -------- d-----w c:\program files\MP3 Rocket
2009-03-29 23:23 . 2009-03-29 23:36 -------- d-----w c:\program files\GRETECH
2009-03-29 23:15 . 2009-03-29 23:16 -------- d-----w c:\program files\Paint.NET
2009-03-29 23:15 . 2009-03-29 23:20 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\Paint.NET
2009-03-26 16:07 . 2009-03-26 16:07 59904 ----a-w c:\windows\system32\zlib1.dll
2009-03-26 16:03 . 2009-03-26 16:03 286720 ----a-w c:\windows\system32\libcurl.dll
2009-03-26 16:03 . 2009-03-26 16:03 143360 ----a-w c:\windows\system32\libexpatw.dll
2009-03-25 04:54 . 2009-03-25 04:54 -------- d-----w c:\documents and settings\Administrator\Application Data\PC Tools
2009-03-25 04:52 . 2009-03-25 04:52 -------- d-----w c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-03-25 04:18 . 2009-03-25 05:54 -------- d-----w C:\HostsXpert
2009-03-24 07:48 . 2009-04-11 13:33 54156 ---ha-w c:\windows\QTFont.qfn
2009-03-24 07:48 . 2009-03-24 07:48 1409 ----a-w c:\windows\QTFont.for
2009-03-24 05:26 . 2009-03-24 05:26 -------- d-----w c:\program files\Common Files\PC Tools

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-21 02:13 . 2009-02-16 12:25 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-20 11:55 . 2005-03-26 17:29 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-20 11:55 . 2005-03-26 17:29 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-15 05:15 . 2008-09-28 23:17 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-06 20:32 . 2008-09-28 23:17 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 20:32 . 2008-09-28 23:17 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-01 10:24 . 2009-03-19 03:46 -------- d-----w c:\documents and settings\All Users\Application Data\PC Tools
2009-04-01 09:29 . 2002-02-15 16:51 -------- d-----w c:\program files\Common Files\Mozilla Shared
2009-04-01 09:19 . 2008-11-26 08:45 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-30 00:14 . 2009-02-26 07:32 3532 ----a-w C:\drmHeader.bin
2009-03-30 00:08 . 2009-01-21 17:08 -------- d-----w c:\documents and settings\Owner\Application Data\Move Networks
2009-03-27 19:22 . 2008-11-26 19:04 -------- d-----w c:\program files\SUPERAntiSpyware
2009-03-26 16:03 . 2003-01-08 20:15 196608 ----a-w c:\windows\system32\ssleay32.dll
2009-03-26 16:03 . 2003-01-08 20:15 1028096 ----a-w c:\windows\system32\libeay32.dll
2009-03-25 05:02 . 2009-01-17 02:36 -------- d-----w c:\documents and settings\All Users\Application Data\eFax Messenger 4.4 Setup
2009-03-24 06:50 . 2005-03-01 01:47 -------- d-----w c:\program files\ActMon-Password-Recovery
2009-03-24 06:30 . 2005-03-03 06:47 -------- d-----w c:\program files\Ethereal
2009-03-24 04:33 . 2009-03-16 19:00 -------- d-----w c:\program files\Wordster
2009-03-14 20:38 . 2009-01-05 13:04 -------- d-----w c:\documents and settings\Owner\Application Data\foobar2000
2009-03-14 17:10 . 2009-03-14 17:10 -------- d-----w c:\documents and settings\Owner\Application Data\SanDisk
2009-03-13 18:19 . 2009-03-13 18:18 -------- d-----w c:\program files\Rhapsody
2009-03-13 18:19 . 2002-02-15 18:15 -------- d-----w c:\program files\Real
2009-03-11 19:44 . 2009-03-11 19:44 -------- d-----w c:\documents and settings\All Users\Application Data\2B177
2009-03-06 14:22 . 2002-02-15 16:51 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-04 01:50 . 2009-03-04 01:50 -------- d-----w c:\program files\PixiePack Codec Pack
2009-03-04 01:48 . 2009-03-04 01:46 -------- d-----w c:\documents and settings\All Users\Application Data\RapidSolution
2009-03-04 01:46 . 2009-03-04 01:46 -------- d-----w c:\program files\RapidSolution
2009-03-04 01:18 . 2009-03-04 01:18 -------- d-----w c:\program files\Daniusoft
2009-03-03 00:31 . 2009-03-03 00:31 -------- d-----w c:\documents and settings\Owner\Application Data\Amazon
2009-03-03 00:27 . 2009-03-03 00:27 -------- d-----w c:\program files\Amazon
2009-03-03 00:18 . 2004-02-07 02:05 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-24 02:08 . 2007-05-06 04:31 -------- d-----w c:\documents and settings\Owner\Application Data\U3
2009-02-23 13:49 . 2004-09-02 09:36 546928 -c--a-w c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-20 18:09 . 2004-08-04 07:56 78336 ------w c:\windows\system32\ieencode.dll
2009-02-16 08:52 . 2004-11-12 02:51 8224 -c--a-w c:\documents and settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2009-02-09 12:10 . 2002-02-15 16:51 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2002-02-15 18:11 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2002-02-15 16:51 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2002-02-15 16:50 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2002-02-15 16:51 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 11:11 . 2002-02-15 16:51 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:06 . 2002-08-29 01:04 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2002-02-15 16:51 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2002-08-29 01:04 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2002-02-15 16:51 56832 ----a-w c:\windows\system32\secur32.dll
2005-03-01 02:03 . 2005-03-01 02:03 128 -c--a-w c:\documents and settings\Owner\Local Settings\Application Data\fusioncache.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\documents and settings\All Users\Application Data\2B177 ----

2009-03-11 19:44 . 2008-12-09 05:31 4501 ----a-w c:\documents and settings\All Users\Application Data\2B177\{FF5D5766-B7CC-4BF8-902D-37FCBB9993BB}.swf

---- Directory of c:\documents and settings\Owner\Application Data\wlvsouqo ----

2009-04-01 09:56 . 2009-04-01 09:56 0 ----a-w c:\documents and settings\Owner\Application Data\wlvsouqo\Profiles\agnt4fjx.default\places.sqlite-journal
2009-04-01 09:56 . 2009-04-01 09:56 524 ----a-w c:\documents and settings\Owner\Application Data\wlvsouqo\Profiles\agnt4fjx.default\prefs.js
2009-04-01 09:35 . 2009-04-01 09:35 569 ----a-w c:\documents and settings\Owner\Application Data\wlvsouqo\Profiles\agnt4fjx.default\localstore.rdf
2009-04-01 09:35 . 2009-04-01 09:35 4049 ----a-w c:\documents and settings\Owner\Application Data\wlvsouqo\Profiles\agnt4fjx.default\pluginreg.dat
2009-04-01 09:35 . 2009-04-01 10:01 2048 ----a-w c:\documents and settings\Owner\Application Data\wlvsouqo\Profiles\agnt4fjx.default\webappsstore.sqlite
2009-04-01 09:35 . 2009-04-01 09:35 4096 ----a-w c:\documents and settings\Owner\Application Data\wlvsouqo\Profiles\agnt4fjx.default\formhistory.sqlite
2009-04-01 09:35 . 2009-04-01 09:37 131072 ----a-w c:\documents and settings\Owner\Application Data\wlvsouqo\Profiles\agnt4fjx.default\places.sqlite
2009-04-01 09:35 . 2009-04-01 09:37 16384 ----a-w c:\documents and settings\Owner\Application Data\wlvsouqo\Profiles\agnt4fjx.default\key3.db
2009-04-01 09:35 . 2009-04-01 09:37 65536 ----a-w c:\documents and settings\Owner\Application Data\wlvsouqo\Profiles\agnt4fjx.default\cert8.db
2009-04-01 09:35 . 2009-04-01 09:35 16384 ----a-w c:\documents and settings\Owner\Application Data\wlvsouqo\Profiles\agnt4fjx.default\secmod.db
2009-04-01 09:35 . 2009-04-01 10:04 2048 ----a-w c:\documents and settings\Owner\Application Data\wlvsouqo\Profiles\agnt4fjx.default\cookies.sqlite
2009-04-01 09:35 . 2009-04-01 09:35 2048 ----a-w c:\documents and settings\Owner\Application Data\wlvsouqo\Profiles\agnt4fjx.default\permissions.sqlite
2009-04-01 09:35 . 2009-04-01 09:56 127885 ----a-w c:\documents and settings\Owner\Application Data\wlvsouqo\Profiles\agnt4fjx.default\compreg.dat
2009-04-01 09:35 . 2009-04-01 09:56 96173 ----a-w c:\documents and settings\Owner\Application Data\wlvsouqo\Profiles\agnt4fjx.default\xpti.dat
2009-04-01 09:35 . 2009-04-01 09:56 207 ----a-w c:\documents and settings\Owner\Application Data\wlvsouqo\Profiles\agnt4fjx.default\compatibility.ini
2009-04-01 09:35 . 2009-04-01 09:35 111 ----a-w c:\documents and settings\Owner\Application Data\wlvsouqo\profiles.ini


((((((((((((((((((((((((((((( SnapShot@2009-04-20_12.21.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-21 13:10 . 2009-04-21 13:10 16384 c:\windows\Temp\Perflib_Perfdata_600.dat
- 2009-04-20 12:20 . 2009-04-20 12:20 16384 c:\windows\Temp\Perflib_Perfdata_5f0.dat
+ 2009-04-22 20:55 . 2009-04-22 20:55 16384 c:\windows\Temp\Perflib_Perfdata_5f0.dat
- 2004-09-03 07:15 . 2007-07-27 14:41 26488 c:\windows\system32\spupdsvc.exe
+ 2004-09-03 07:15 . 2008-07-09 07:38 26488 c:\windows\system32\spupdsvc.exe
+ 2009-04-03 20:50 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
- 2002-02-15 16:51 . 2008-12-20 23:15 44544 c:\windows\system32\pngfilt.dll
+ 2002-02-15 16:51 . 2009-02-20 18:09 44544 c:\windows\system32\pngfilt.dll
- 2002-02-15 16:51 . 2009-03-25 05:38 68828 c:\windows\system32\perfc009.dat
+ 2002-02-15 16:51 . 2009-04-21 13:14 68828 c:\windows\system32\perfc009.dat
+ 2002-02-15 18:11 . 2008-06-12 14:23 91648 c:\windows\system32\mtxoci.dll
- 2002-02-15 18:11 . 2008-04-14 00:12 91648 c:\windows\system32\mtxoci.dll
- 2002-02-15 18:11 . 2008-04-14 00:12 66560 c:\windows\system32\mtxclu.dll
+ 2002-02-15 18:11 . 2008-06-12 14:23 66560 c:\windows\system32\mtxclu.dll
+ 2007-08-13 23:54 . 2009-02-20 18:09 52224 c:\windows\system32\msfeedsbs.dll
- 2007-08-13 23:54 . 2008-12-20 23:15 52224 c:\windows\system32\msfeedsbs.dll
+ 2002-02-15 17:57 . 2008-06-12 14:23 58880 c:\windows\system32\msdtclog.dll
- 2002-02-15 17:57 . 2008-04-14 00:11 58880 c:\windows\system32\msdtclog.dll
+ 2002-02-15 16:51 . 2009-02-20 18:09 27648 c:\windows\system32\jsproxy.dll
- 2002-02-15 16:51 . 2008-12-20 23:15 27648 c:\windows\system32\jsproxy.dll
+ 2007-08-13 23:39 . 2009-02-20 10:20 13824 c:\windows\system32\ieudinit.exe
- 2007-08-13 23:39 . 2008-12-19 09:10 13824 c:\windows\system32\ieudinit.exe
+ 2002-02-15 16:51 . 2009-02-20 18:09 44544 c:\windows\system32\iernonce.dll
- 2002-02-15 16:51 . 2008-12-20 23:15 44544 c:\windows\system32\iernonce.dll
+ 2002-02-15 16:51 . 2009-02-20 10:20 70656 c:\windows\system32\ie4uinit.exe
- 2002-02-15 16:51 . 2008-12-19 09:10 70656 c:\windows\system32\ie4uinit.exe
- 2007-08-13 23:36 . 2008-12-20 23:15 63488 c:\windows\system32\icardie.dll
+ 2007-08-13 23:36 . 2009-02-20 18:09 63488 c:\windows\system32\icardie.dll
+ 2009-02-03 19:59 . 2009-02-03 19:59 56832 c:\windows\system32\dllcache\secur32.dll
+ 2009-04-20 12:25 . 2009-02-06 10:39 35328 c:\windows\system32\dllcache\sc.exe
+ 2009-02-20 18:09 . 2009-02-20 18:09 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2009-02-20 18:09 . 2009-02-20 18:09 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2009-02-20 18:09 . 2009-02-20 18:09 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-02-20 10:20 . 2009-02-20 10:20 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2009-02-20 18:09 . 2009-02-20 18:09 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2009-02-20 18:09 . 2009-02-20 18:09 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2009-02-20 10:20 . 2009-02-20 10:20 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-02-20 18:09 . 2009-02-20 18:09 63488 c:\windows\system32\dllcache\icardie.dll
+ 2009-02-16 12:27 . 2009-04-21 02:13 35088 c:\windows\Installer\{91120000-001B-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-02-16 12:27 . 2009-02-28 03:12 35088 c:\windows\Installer\{91120000-001B-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-02-16 12:27 . 2009-02-28 03:12 18704 c:\windows\Installer\{91120000-001B-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-02-16 12:27 . 2009-04-21 02:13 18704 c:\windows\Installer\{91120000-001B-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-02-16 12:27 . 2009-04-21 02:13 20240 c:\windows\Installer\{91120000-001B-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-02-16 12:27 . 2009-02-28 03:12 20240 c:\windows\Installer\{91120000-001B-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-04-21 02:16 . 2008-12-20 23:15 44544 c:\windows\ie7updates\KB963027-IE7\pngfilt.dll
+ 2009-04-21 02:16 . 2008-12-20 23:15 52224 c:\windows\ie7updates\KB963027-IE7\msfeedsbs.dll
+ 2009-04-21 02:16 . 2008-12-20 23:15 27648 c:\windows\ie7updates\KB963027-IE7\jsproxy.dll
+ 2009-04-21 02:16 . 2008-12-19 09:10 13824 c:\windows\ie7updates\KB963027-IE7\ieudinit.exe
+ 2009-04-21 02:16 . 2008-12-20 23:15 44544 c:\windows\ie7updates\KB963027-IE7\iernonce.dll
+ 2009-04-21 02:16 . 2008-04-14 00:11 81920 c:\windows\ie7updates\KB963027-IE7\ieencode.dll
+ 2009-04-21 02:16 . 2008-12-19 09:10 70656 c:\windows\ie7updates\KB963027-IE7\ie4uinit.exe
+ 2009-04-21 02:16 . 2008-12-20 23:15 63488 c:\windows\ie7updates\KB963027-IE7\icardie.dll
- 2004-09-03 04:59 . 2008-04-14 00:12 354304 c:\windows\system32\winhttp.dll
+ 2004-09-03 04:59 . 2008-12-16 12:30 354304 c:\windows\system32\winhttp.dll
- 2002-02-15 16:51 . 2008-12-20 23:15 233472 c:\windows\system32\webcheck.dll
+ 2002-02-15 16:51 . 2009-02-20 18:09 233472 c:\windows\system32\webcheck.dll
+ 2002-02-15 17:57 . 2009-02-06 10:10 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2002-02-15 17:57 . 2009-02-09 12:10 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2002-02-15 17:57 . 2009-02-09 12:10 473600 c:\windows\system32\wbem\fastprox.dll
+ 2002-02-15 16:51 . 2009-02-20 18:09 105984 c:\windows\system32\url.dll
- 2002-02-15 16:51 . 2008-12-20 23:15 105984 c:\windows\system32\url.dll
+ 2002-02-15 16:51 . 2009-04-21 13:14 434838 c:\windows\system32\perfh009.dat
- 2002-02-15 16:51 . 2009-03-25 05:38 434838 c:\windows\system32\perfh009.dat
- 2002-02-15 16:51 . 2008-12-20 23:15 102912 c:\windows\system32\occache.dll
+ 2002-02-15 16:51 . 2009-02-20 18:09 102912 c:\windows\system32\occache.dll
- 2002-02-15 16:51 . 2008-12-20 23:15 671232 c:\windows\system32\mstime.dll
+ 2002-02-15 16:51 . 2009-02-20 18:09 671232 c:\windows\system32\mstime.dll
- 2002-02-15 16:51 . 2008-12-20 23:15 193024 c:\windows\system32\msrating.dll
+ 2002-02-15 16:51 . 2009-02-20 18:09 193024 c:\windows\system32\msrating.dll
+ 2002-02-15 16:51 . 2009-02-20 18:09 477696 c:\windows\system32\mshtmled.dll
- 2002-02-15 16:51 . 2008-12-20 23:15 477696 c:\windows\system32\mshtmled.dll
+ 2007-08-13 23:54 . 2009-02-20 18:09 459264 c:\windows\system32\msfeeds.dll
- 2007-08-13 23:54 . 2008-12-20 23:15 459264 c:\windows\system32\msfeeds.dll
+ 2002-02-15 18:11 . 2008-06-12 14:23 161792 c:\windows\system32\msdtcuiu.dll
- 2002-02-15 18:11 . 2008-04-14 00:11 161792 c:\windows\system32\msdtcuiu.dll
- 2002-02-15 18:11 . 2008-04-14 00:11 956928 c:\windows\system32\msdtctm.dll
+ 2002-02-15 18:11 . 2008-06-12 14:23 956928 c:\windows\system32\msdtctm.dll
+ 2002-02-15 18:11 . 2008-06-12 14:23 428032 c:\windows\system32\msdtcprx.dll
- 2002-02-15 16:51 . 2008-04-14 00:11 989696 c:\windows\system32\kernel32.dll
+ 2002-02-15 16:51 . 2009-03-21 14:06 989696 c:\windows\system32\kernel32.dll
+ 2007-08-13 23:34 . 2009-02-20 18:09 268288 c:\windows\system32\iertutil.dll
+ 2002-02-15 16:51 . 2009-02-20 18:09 385024 c:\windows\system32\iedkcs32.dll
- 2007-07-11 17:27 . 2008-12-20 23:15 383488 c:\windows\system32\ieapfltr.dll
+ 2007-07-11 17:27 . 2009-02-20 18:09 383488 c:\windows\system32\ieapfltr.dll
- 2002-02-15 16:51 . 2008-12-19 05:23 161792 c:\windows\system32\ieakui.dll
+ 2002-02-15 16:51 . 2009-02-20 05:14 161792 c:\windows\system32\ieakui.dll
+ 2002-02-15 16:51 . 2009-02-20 18:09 230400 c:\windows\system32\ieaksie.dll
- 2002-02-15 16:51 . 2008-12-20 23:15 230400 c:\windows\system32\ieaksie.dll
+ 2002-02-15 16:51 . 2009-02-20 18:09 153088 c:\windows\system32\ieakeng.dll
- 2002-02-15 16:51 . 2008-12-20 23:15 153088 c:\windows\system32\ieakeng.dll
+ 2004-08-04 07:56 . 2009-02-20 18:09 133120 c:\windows\system32\extmgr.dll
- 2004-08-04 07:56 . 2008-12-20 23:15 133120 c:\windows\system32\extmgr.dll
+ 2002-02-15 16:51 . 2009-02-20 18:09 214528 c:\windows\system32\dxtrans.dll
- 2002-02-15 16:51 . 2008-12-20 23:15 214528 c:\windows\system32\dxtrans.dll
+ 2002-02-15 16:51 . 2009-02-20 18:09 347136 c:\windows\system32\dxtmsft.dll
- 2002-02-15 16:51 . 2008-12-20 23:15 347136 c:\windows\system32\dxtmsft.dll
+ 2009-04-20 12:25 . 2009-02-06 10:10 227840 c:\windows\system32\dllcache\wmiprvse.exe
+ 2009-04-20 12:25 . 2009-02-09 12:10 453120 c:\windows\system32\dllcache\wmiprvsd.dll
+ 2009-03-03 00:18 . 2009-03-03 00:18 826368 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:30 . 2008-12-16 12:30 354304 c:\windows\system32\dllcache\winhttp.dll
+ 2009-02-20 18:09 . 2009-02-20 18:09 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2009-02-20 18:09 . 2009-02-20 18:09 105984 c:\windows\system32\dllcache\url.dll
+ 2009-04-20 12:25 . 2009-02-06 11:11 110592 c:\windows\system32\dllcache\services.exe
+ 2009-04-20 12:25 . 2009-02-09 12:10 401408 c:\windows\system32\dllcache\rpcss.dll
+ 2009-04-20 12:25 . 2009-03-06 14:22 284160 c:\windows\system32\dllcache\pdh.dll
+ 2009-02-20 18:09 . 2009-02-20 18:09 102912 c:\windows\system32\dllcache\occache.dll
+ 2009-04-20 12:25 . 2009-02-09 12:10 714752 c:\windows\system32\dllcache\ntdll.dll
+ 2009-02-20 18:09 . 2009-02-20 18:09 671232 c:\windows\system32\dllcache\mstime.dll
+ 2009-02-20 18:09 . 2009-02-20 18:09 193024 c:\windows\system32\dllcache\msrating.dll
+ 2009-02-20 18:09 . 2009-02-20 18:09 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-02-20 18:09 . 2009-02-20 18:09 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2009-04-20 12:25 . 2009-02-09 12:10 729088 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-03-21 14:06 . 2009-03-21 14:06 989696 c:\windows\system32\dllcache\kernel32.dll
+ 2009-02-28 04:54 . 2009-02-28 04:54 636072 c:\windows\system32\dllcache\iexplore.exe
+ 2009-02-20 18:09 . 2009-02-20 18:09 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2009-02-20 18:09 . 2009-02-20 18:09 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-02-20 18:09 . 2009-02-20 18:09 383488 c:\windows\system32\dllcache\ieapfltr.dll
+ 2009-02-20 05:14 . 2009-02-20 05:14 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2009-02-20 18:09 . 2009-02-20 18:09 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2009-02-20 18:09 . 2009-02-20 18:09 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2009-04-20 12:25 . 2009-02-09 12:10 473600 c:\windows\system32\dllcache\fastprox.dll
+ 2009-02-20 18:09 . 2009-02-20 18:09 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2009-02-20 18:09 . 2009-02-20 18:09 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2009-02-20 18:09 . 2009-02-20 18:09 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2009-02-20 18:09 . 2009-02-20 18:09 124928 c:\windows\system32\dllcache\advpack.dll
+ 2009-04-20 12:25 . 2009-02-09 12:10 617472 c:\windows\system32\dllcache\advapi32.dll
- 2002-02-15 16:50 . 2008-12-20 23:15 124928 c:\windows\system32\advpack.dll
+ 2002-02-15 16:50 . 2009-02-20 18:09 124928 c:\windows\system32\advpack.dll
- 2009-02-16 12:27 . 2009-02-28 03:12 888080 c:\windows\Installer\{91120000-001B-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-02-16 12:27 . 2009-04-21 02:13 888080 c:\windows\Installer\{91120000-001B-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-02-16 12:27 . 2009-04-21 02:13 217864 c:\windows\Installer\{91120000-001B-0000-0000-0000000FF1CE}\misc.exe
- 2009-02-16 12:27 . 2009-02-28 03:12 217864 c:\windows\Installer\{91120000-001B-0000-0000-0000000FF1CE}\misc.exe
+ 2009-04-21 02:16 . 2008-12-20 23:15 826368 c:\windows\ie7updates\KB963027-IE7\wininet.dll
+ 2009-04-21 02:16 . 2008-12-20 23:15 233472 c:\windows\ie7updates\KB963027-IE7\webcheck.dll
+ 2009-04-21 02:16 . 2008-12-20 23:15 105984 c:\windows\ie7updates\KB963027-IE7\url.dll
+ 2009-04-21 02:16 . 2008-07-09 07:38 382840 c:\windows\ie7updates\KB963027-IE7\spuninst\updspapi.dll
+ 2009-04-21 02:16 . 2008-07-08 13:02 231288 c:\windows\ie7updates\KB963027-IE7\spuninst\spuninst.exe
+ 2009-04-21 02:16 . 2008-12-20 23:15 102912 c:\windows\ie7updates\KB963027-IE7\occache.dll
+ 2009-04-21 02:16 . 2008-12-20 23:15 671232 c:\windows\ie7updates\KB963027-IE7\mstime.dll
+ 2009-04-21 02:16 . 2008-12-20 23:15 193024 c:\windows\ie7updates\KB963027-IE7\msrating.dll
+ 2009-04-21 02:16 . 2008-12-20 23:15 477696 c:\windows\ie7updates\KB963027-IE7\mshtmled.dll
+ 2009-04-21 02:16 . 2008-12-20 23:15 459264 c:\windows\ie7updates\KB963027-IE7\msfeeds.dll
+ 2009-04-21 02:16 . 2008-12-19 05:25 634024 c:\windows\ie7updates\KB963027-IE7\iexplore.exe
+ 2009-04-21 02:16 . 2008-12-20 23:15 267776 c:\windows\ie7updates\KB963027-IE7\iertutil.dll
+ 2009-04-21 02:16 . 2008-12-20 23:15 384512 c:\windows\ie7updates\KB963027-IE7\iedkcs32.dll
+ 2009-04-21 02:16 . 2008-12-20 23:15 383488 c:\windows\ie7updates\KB963027-IE7\ieapfltr.dll
+ 2009-04-21 02:16 . 2008-12-19 05:23 161792 c:\windows\ie7updates\KB963027-IE7\ieakui.dll
+ 2009-04-21 02:16 . 2008-12-20 23:15 230400 c:\windows\ie7updates\KB963027-IE7\ieaksie.dll
+ 2009-04-21 02:16 . 2008-12-20 23:15 153088 c:\windows\ie7updates\KB963027-IE7\ieakeng.dll
+ 2009-04-21 02:16 . 2008-12-20 23:15 133120 c:\windows\ie7updates\KB963027-IE7\extmgr.dll
+ 2009-04-21 02:16 . 2008-12-20 23:15 214528 c:\windows\ie7updates\KB963027-IE7\dxtrans.dll
+ 2009-04-21 02:16 . 2008-12-20 23:15 347136 c:\windows\ie7updates\KB963027-IE7\dxtmsft.dll
+ 2009-04-21 02:16 . 2008-12-20 23:15 124928 c:\windows\ie7updates\KB963027-IE7\advpack.dll
+ 2009-03-16 19:01 . 2009-03-16 19:01 452488 c:\windows\Downloaded Program Files\wlscBase.dll
+ 2003-07-14 00:03 . 2009-02-20 18:09 1160192 c:\windows\system32\urlmon.dll
- 2003-07-14 00:03 . 2008-12-20 23:15 1160192 c:\windows\system32\urlmon.dll
+ 2003-05-30 17:00 . 2008-12-20 22:14 1288192 c:\windows\system32\quartz.dll
- 2003-05-30 17:00 . 2008-05-07 05:12 1288192 c:\windows\system32\quartz.dll
+ 2003-07-14 00:02 . 2009-02-20 18:09 3595264 c:\windows\system32\mshtml.dll
+ 2007-08-13 23:54 . 2009-02-20 18:09 6066176 c:\windows\system32\ieframe.dll
- 2007-02-12 21:10 . 2007-04-17 09:32 2455488 c:\windows\system32\ieapfltr.dat
+ 2007-02-12 21:10 . 2008-07-09 14:25 2455488 c:\windows\system32\ieapfltr.dat
+ 2009-02-20 18:09 . 2009-02-20 18:09 1160192 c:\windows\system32\dllcache\urlmon.dll
+ 2008-12-20 22:14 . 2008-12-20 22:14 1288192 c:\windows\system32\dllcache\quartz.dll
+ 2009-04-20 12:25 . 2009-02-06 11:08 2189056 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-04-20 12:25 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-02-08 00:02 . 2009-02-08 00:02 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-04-20 12:25 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-02-20 18:09 . 2009-02-20 18:09 3595264 c:\windows\system32\dllcache\mshtml.dll
+ 2009-02-20 18:09 . 2009-02-20 18:09 6066176 c:\windows\system32\dllcache\ieframe.dll
+ 2008-07-09 14:25 . 2008-07-09 14:25 2455488 c:\windows\system32\dllcache\ieapfltr.dat
+ 2009-04-21 02:16 . 2008-12-20 23:15 1160192 c:\windows\ie7updates\KB963027-IE7\urlmon.dll
+ 2009-04-21 02:16 . 2009-01-17 03:35 3594752 c:\windows\ie7updates\KB963027-IE7\mshtml.dll
+ 2009-04-21 02:16 . 2008-12-20 23:15 6066688 c:\windows\ie7updates\KB963027-IE7\ieframe.dll
+ 2009-04-21 02:16 . 2007-04-17 09:32 2455488 c:\windows\ie7updates\KB963027-IE7\ieapfltr.dat
+ 2008-10-14 23:09 . 2009-02-06 11:08 2189056 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2008-10-14 23:09 . 2008-08-14 09:33 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-14 23:09 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-10-14 23:09 . 2008-08-14 09:33 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-14 23:09 . 2009-02-08 00:02 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2008-10-14 23:09 . 2008-08-14 10:09 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-10-14 23:09 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-04-21 02:14 . 2009-04-06 12:57 24921544 c:\windows\system32\MRT.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SansaDispatch"="c:\documents and settings\Owner\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2009-03-24 79872]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-05-03 98304]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-04 21:23 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Defender Pro Defrag.lnk]
backup=c:\windows\pss\Defender Pro Defrag.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MiniMavis.lnk]
backup=c:\windows\pss\MiniMavis.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpySubtract.lnk]
backup=c:\windows\pss\SpySubtract.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Memento.lnk]
backup=c:\windows\pss\Memento.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DPAS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"WUSB54GCSVC"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"TuneUp.Defrag"=3 (0x3)
"rpcapd"=3 (0x3)
"PCTAVSvc"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"MSCamSvc"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"defenderProDefragService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"mmtask"=c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiHacker]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408]
S0 hotcore;hotcore;c:\windows\system32\drivers\hotcore.sys [2004-12-28 18208]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
S1 aswSP;avast! Self Protection; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-27 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-11-17 55024]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-22 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-02-29 14:59]

2009-02-11 c:\windows\Tasks\Microsoft_Hardware_Launch_vVX1000_exe.job
- c:\windows\vVX1000.exe [2009-02-11 21:46]

2009-04-22 c:\windows\Tasks\User_Feed_Synchronization-{92C02AEF-39E3-4954-B1DE-160E84FD2EAA}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 23:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/
mSearch Bar = hxxp://www.google.com/
mSearchMigratedDefaultURL = hxxp://www.google.com/
uInternet Settings,ProxyServer = actsvr.comcastonline.com:8100
uInternet Settings,ProxyOverride = cdn
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchURL = hxxp://www.google.com/
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-22 15:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-604989122-1283460115-496195412-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'explorer.exe'(2016)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-04-22 15:58 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-22 20:58
ComboFix2.txt 2009-04-20 12:24

Pre-Run: 159,611,801,600 bytes free
Post-Run: 160,331,640,832 bytes free

734 --- E O F --- 2009-04-21 02:16

I could not do the Kapersky scan because it stated that I had to install Java 1.5 or later. I update the java but I followed the link to the java website and when I clicked on it, it stated I had the recommended version. I tried to use run again to see and it stated the program didn't exist. In other words, it worked, then it didn't work. The only thing I did that is different was download the acrobat reader 9.
missjoe
Active Member
 
Posts: 5
Joined: April 14th, 2009, 11:38 am

Re: Unwanted advertisement & slow computer

Unread postby Wi[k]! » April 23rd, 2009, 7:13 am

Go to add/remove programs, if you have Java 13 installed then you have the latest version. If not:

Click here to download and install the latest version.
------------------------------------------------------------

Since kaspersky didn't work let's try Eset.

Please go to Eset website to perform an online scan. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Uncheck (untick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt. Please post this log in your next reply.

Post that as well as a new HJT log.

Also, do you know what wlvsouqo is? And how is the computer running?
Wi[k]!
MRU Undergrad
MRU Undergrad
 
Posts: 554
Joined: August 4th, 2008, 9:49 am

Re: Unwanted advertisement & slow computer

Unread postby Shaba » April 28th, 2009, 11:59 pm

Due to lack of response this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 55 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware