Free Malware Removal Forum

[cobra11]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:59:41 PM, on 1/25/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Windows folder: C:\Windows
System folder: C:\Windows\SYSTEM32
Hosts file: C:\Windows\System32\drivers\etc\hosts

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Users\Baxter\Desktop\PREVXCSIFREE.EXE
C:\Users\Baxter\AppData\Local\Temp\Tmp___18974\prevxcsi.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (filesize 62080 bytes, MD5 C11F6A1F61481E24BE3FDC06EA6F7D2A)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (filesize 501384 bytes, MD5 C647547F1BB66FA0BE237CAFC49EA5F9)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll (filesize 58688 bytes, MD5 D1B5F027C606321823E79D8178930C7C)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (filesize 328752 bytes, MD5 59CF5BF6684AFCF906CADAD39B4214DE)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (filesize 2193280 bytes, MD5 B6B99ED927A26A88A4BFC258A30A6DB4)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (filesize 98304 bytes, MD5 1A4F60EF6DA38621F1091B0CB0FA2C09)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll (filesize 94208 bytes, MD5 4BFD80E0DD551CD5E15D83CCEED64BD7)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (filesize 2193280 bytes, MD5 B6B99ED927A26A88A4BFC258A30A6DB4)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup (filesize 439512 bytes, MD5 FEC7A0C94B73E46AFEEEEDF53548AAEA)
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exeC:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe (filesize 303104 bytes, MD5 733DA847D5C3E32C40BA831BEAA8DC93)
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exeC:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (filesize 81920 bytes, MD5 FF3BF05021BFECC92DB81B8257EEB026)
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (filesize 221184 bytes, MD5 9ABF687071C649609BF7E177062A9008)
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" (filesize 151552 bytes, MD5 D2CA35A3F711E613D9399845CE9302FA)
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exec:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" (filesize 16384 bytes, MD5 267B3A856E9F4DB1CABD4E6DB71E07D2)
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart (filesize 44544 bytes, MD5 4B555106290BD117334E9A08761C035A)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup (filesize 44544 bytes, MD5 4B555106290BD117334E9A08761C035A)
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit (filesize 44544 bytes, MD5 4B555106290BD117334E9A08761C035A)
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto (filesize 222208 bytes, MD5 1BB128A09911A936E8EFC30C3F6C597C)
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (filesize 1232896 bytes, MD5 582F3A0BA61D8F0D50C66B592808B6D6)
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (filesize 44544 bytes, MD5 4B555106290BD117334E9A08761C035A)
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (filesize 446976 bytes, MD5 CC4413981C4F1234E6E884DFF8B99C03)
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exeC:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (filesize 202544 bytes, MD5 852AB81EDE166A0B25046DD7F4CD3FFA)
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exeC:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Baxter\AppData\Local\Temp\wvurs.dll,#1 (filesize 44544 bytes, MD5 4B555106290BD117334E9A08761C035A)
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Baxter\AppData\Local\Temp\iifff.dll,c (filesize 44544 bytes, MD5 4B555106290BD117334E9A08761C035A)
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\users\baxter\desktop\registrybooster 2\StartRegistryBooster.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3607915740-57543300-853263000-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-3607915740-57543300-853263000-1000\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-3607915740-57543300-853263000-1000\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-3607915740-57543300-853263000-1000\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-3607915740-57543300-853263000-1000\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-3607915740-57543300-853263000-1000\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-3607915740-57543300-853263000-1000\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (filesize 45056 bytes, MD5 66B8C84DF54555782CE61E393A1B67B1)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (filesize 132744 bytes, MD5 A0F84B2A1901E47A625FE6E68EF4053E)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (filesize 132744 bytes, MD5 A0F84B2A1901E47A625FE6E68EF4053E)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL (filesize 63840 bytes, MD5 22BDC1E6E606C9BAE68141D7099309AB)
O13 - Gopher Prefix:
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exeC:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exeC:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exeC:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeC:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exeC:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Desktop Manager 5.1.709.19590 (GoogleDesktopManager-091907-194040) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exeC:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeC:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exeC:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: lxbk_device - - C:\Windows\system32\lxbkcoms.exeC:\Windows\system32\lxbkcoms.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exeC:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exeC:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exeC:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exeC:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exeC:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exec:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exeC:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exeC:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exeC:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exeC:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exeC:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exeC:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exeC:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exeC:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exeC:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exeC:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exeC:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 16131 bytes

These i can no delete and are loaded on start up...
C:\Users\Baxter\AppData\Local\Temp\iifff.dll
(Trojan. Vundo)
C:\Users\Baxter\AppData\Local\Temp\wvurs.dll
(Generic.Malware)
C:\Users\Baxter\AppData\Local\Temp\tmp0001117d(Generic.Malware)
C:\Users\Baxter\AppData\Local\Temp\tmp0001756d
(Generic.Malware)
C:\Users\Baxter\AppData\Local\Temp\tmp0001b402
(Generic.Malware)
C:\Users\Baxter\AppData\Local\Temp\tmp00031332
(Generic.Malware)
C:\Users\Baxter\AppData\Local\Temp\tmp025eba65
(Generic.Malware)
C:\Users\Baxter\AppData\Local\Temp\tmp02c5c7ee
(Generic.Malware)
C:\Users\Baxter\AppData\Local\Temp\tmp044b3355
(Generic.Malware)
C:\Users\Baxter\AppData\Local\Temp\tmp04aae8ff
(Generic.Malware)

McAfee Doesnt See any of these...

And i think because of these my background services get cut off every now and then, like speech reconition, and McAfee Privacy service

[Katana]

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly

I apologize for the delay in responding, but as you can probably see the forums are quite busy
and sometimes a post manages to slip by us.
Unfortunately there are far more people needing help than there are helpers.

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Unless informed of in advance, failure to post replies within 5 days will result in this thread being closed.

Please post a fresh HJT log

[cobra11]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:22:26 PM, on 2/2/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Windows\sttray.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3607915740-57543300-853263000-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-3607915740-57543300-853263000-1000\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-3607915740-57543300-853263000-1000\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-3607915740-57543300-853263000-1000\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-3607915740-57543300-853263000-1000\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-3607915740-57543300-853263000-1000\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-3607915740-57543300-853263000-1000\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\Users\Baxter\AppData\Local\Temp\Low\HSPERF~1.SH! C:\Users\Baxter\AppData\Local\Temp\Low\FREEDO~1.SH! C:\Users\Baxter\AppData\Local\Temp\VWDWEB~1.SH! (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\Users\Baxter\AppData\Local\Temp\Low\HSPERF~1.SH! C:\Users\Baxter\AppData\Local\Temp\Low\FREEDO~1.SH! C:\Users\Baxter\AppData\Local\Temp\VWDWEB~1.SH! (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resour ... cctrl2.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0087901201968583) (0087901201968583mcinstcleanup) - McAfee, Inc. - C:\Windows\TEMP\008790~1.EXE
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Desktop Manager 5.1.709.19590 (GoogleDesktopManager-091907-194040) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: lxbk_device - - C:\Windows\system32\lxbkcoms.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13736 bytes

i got those nasty temp files cleaned

[Katana]

Nice work

Are there any problems now ?



Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
Go Here http://www.kaspersky.com/kos/eng/partne ... bscan.html

Read the Requirements and limitations before you click Accept.
Allow the ActiveX download if necessary
Once the database has downloaded, click Next.
Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
Click on "My Computer" and then put the kettle on!
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


Please post the Kaspersky log in reply

[cobra11]

nope, but my friend does have some problems i dont know if i can get an updated hijack log...
but here it is I got rid of the generic trojan C:\WINDOWS\system32\crosof~1
C:\WINDOWS\system32\crosof~1.net

but there is a fun web product virus on there, and im not quite sure on how to remove that, combo fix deleted the generic trojan's, after the scan, ill try to get another scan in hijack, but he doesnt know what to do so i have to control his computer...., in order to fix it.., can you check and see what i have to do to remove the rest of those nasty viruses.., FunWebProducts hides its self even if all the hidden files are shown it is not there..., I used XoftSpy SE to scan for these.., as far as i can tell that scanner is a good one


ComboFix 08-01-31.1 - Lance Norwood Jr 2008-01-30 19:09:58.1 - NTFSx86
Running from: C:\Documents and Settings\Lance Norwood Jr\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\SystemDoctor Free
C:\Documents and Settings\Guest\Application Data\Starware316
C:\Documents and Settings\Guest\Application Data\Starware316\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\Configurator\ConfiguratorOptions.xml
C:\Documents and Settings\Guest\Application Data\Starware316\Configurator\ConfiguratorOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\Games\Games0.bmp
C:\Documents and Settings\Guest\Application Data\Starware316\Games\GamesOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\Layouts\PreferencesLayout.xml
C:\Documents and Settings\Guest\Application Data\Starware316\Layouts\PreferencesLayout.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\Layouts\WeatherLayout.xml
C:\Documents and Settings\Guest\Application Data\Starware316\Layouts\WeatherLayout.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\Movies\Movies0.bmp
C:\Documents and Settings\Guest\Application Data\Starware316\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\Reference\ReferenceOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\Screensavers\ScreensaversOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePager0.bmp
C:\Documents and Settings\Guest\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\SearchAssistPlus\SearchAssistPlusOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\SearchMatch\SearchMatchOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\Weather\WeatherOptions.xml.backup
C:\Documents and Settings\Lance Norwood Jr\Application Data\CURITY~1
C:\Documents and Settings\Lance Norwood Jr\Application Data\ECURIT~1
C:\Documents and Settings\Lance Norwood Jr\Application Data\ICROSO~1.NET
C:\Documents and Settings\Lance Norwood Jr\Application Data\macromedia\Flash Player\#SharedObjects\LT4PMRND\www.broadcaster.com
C:\Documents and Settings\Lance Norwood Jr\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Lance Norwood Jr\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\Lance Norwood Jr\Application Data\MANTEC~1
C:\Documents and Settings\Lance Norwood Jr\Application Data\MANTEC~1\javaw.exe
C:\Documents and Settings\Lance Norwood Jr\Application Data\MCROSO~1.NET
C:\Documents and Settings\Lance Norwood Jr\Application Data\RACLE~1
C:\Documents and Settings\Lance Norwood Jr\Application Data\SpamBlocker
C:\Documents and Settings\Lance Norwood Jr\Application Data\SpamBlockerUtility_Icons
C:\Documents and Settings\Lance Norwood Jr\Application Data\SpamBlockerUtility_Icons\Registryrepair.ico
C:\Documents and Settings\Lance Norwood Jr\Application Data\SpamBlockerUtility_Icons\Software_Online_8.ico
C:\Documents and Settings\Lance Norwood Jr\Application Data\SpamBlockerUtility_Icons\wallpapere1.ico
C:\Documents and Settings\Lance Norwood Jr\Application Data\STEM~1
C:\Documents and Settings\Lance Norwood Jr\ResErrors.log
C:\Program Files\Common Files\asks~1
C:\Program Files\Common Files\curity~1
C:\Program Files\Common Files\mantec~1
C:\Program Files\Common Files\mbols~1
C:\Program Files\Common Files\racle~1
C:\Program Files\Common Files\scurit~1
C:\Program Files\Common Files\smbols~1
C:\Program Files\Common Files\sstem~1
C:\Program Files\Common Files\sstem3~1
C:\Program Files\Common Files\stem~1
C:\Program Files\Common Files\wnsxs~1
C:\Program Files\Common Files\ystem3~1
C:\Program Files\dobe~1
C:\Program Files\icroso~1.net
C:\Program Files\pppatc~1
C:\Program Files\sks~1
C:\Program Files\sks~2
C:\Program Files\smbols~1
C:\Program Files\tsks~1
C:\Redemption.ECF
C:\WINDOWS\ggkxy.dat
C:\WINDOWS\pppatc~1
C:\WINDOWS\racle~1
C:\WINDOWS\sks~1
C:\WINDOWS\system32\crosof~1
C:\WINDOWS\system32\crosof~1.net
C:\WINDOWS\system32\dobe~1
C:\WINDOWS\system32\ecurit~1
C:\WINDOWS\system32\fnts~1
C:\WINDOWS\system32\lxwlr.dat
C:\WINDOWS\system32\nhqwx.dat
C:\WINDOWS\system32\qcatv.dat
C:\WINDOWS\system32\racle~1
C:\WINDOWS\system32\sks~1
C:\WINDOWS\system32\stem~1
C:\WINDOWS\system32\wnsxs~1
C:\WINDOWS\ymante~1
C:\WINDOWS\ystem3~1

.
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-31 )))))))))))))))))))))))))))))))
.

2008-01-27 20:36 . 2008-01-27 21:44 23,392 --a------ C:\WINDOWS\SYSTEM32\nscompat.tlb
2008-01-27 20:36 . 2008-01-27 21:44 16,832 --a------ C:\WINDOWS\SYSTEM32\amcompat.tlb
2008-01-24 23:58 . 2008-01-24 23:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-01-24 23:56 . 2008-01-24 23:57 <DIR> d-------- C:\Program Files\Dell Support Center
2008-01-24 23:56 . 2008-01-24 23:56 <DIR> d-------- C:\Program Files\Common Files\supportsoft
2008-01-22 19:14 . 2008-01-29 17:45 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-22 19:14 . 2008-01-22 19:14 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-22 19:10 . 2008-01-22 19:11 <DIR> d-------- C:\Program Files\iTunes
2008-01-22 19:04 . 2008-01-22 19:06 <DIR> d-------- C:\Program Files\QuickTime
2008-01-18 15:08 . 2008-01-20 10:58 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-16 21:34 . 2008-01-18 15:00 <DIR> d-------- C:\Program Files\Norton Security Scan
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\SYSTEM32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\SYSTEM32\QuickTime.qts
2007-12-23 10:35 . 2007-12-23 10:35 1,024 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\1B645C6A-2D66-4072-AB64-898FA1E402D9.cxv
2007-12-12 19:27 . 2008-01-17 23:31 58,880 --ahs---- C:\WINDOWS\Thumbs.db
2007-12-12 19:27 . 2008-01-17 23:46 9,216 --ahs---- C:\WINDOWS\SYSTEM32\Thumbs.db
2007-12-10 19:13 . 2007-12-10 19:13 <DIR> d--h----- C:\WINDOWS\PIF
2007-12-10 18:16 . 2007-12-22 03:00 <DIR> d-------- C:\Documents and Settings\Lance Norwood Jr\Application Data\SpywareBot
2007-12-09 22:29 . 2007-12-09 22:29 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-02 13:13 . 2007-12-02 13:13 <DIR> d-------- C:\Documents and Settings\Lance Norwood Jr\Application Data\MSN6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-31 01:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-01-31 00:43 --------- d-----w C:\Program Files\XoftSpySE
2008-01-30 03:48 --------- d-----w C:\Documents and Settings\Lance Norwood Jr\Application Data\LimeWire
2008-01-25 06:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-01-23 01:11 --------- d-----w C:\Program Files\iPod
2008-01-18 08:00 --------- d-----w C:\Documents and Settings\Lance Norwood Jr\Application Data\U3
2008-01-18 06:05 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-20 04:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-20 04:46 --------- d-----w C:\Program Files\Philips
2007-12-20 04:24 --------- d-----w C:\Program Files\Modem On Hold
2007-12-20 04:24 --------- d-----w C:\Program Files\Modem Helper
2007-12-20 04:24 --------- d-----w C:\Program Files\AdwareFilter
2007-12-13 01:29 --------- d-----w C:\Program Files\LimeWire
2007-12-13 01:12 --------- d-----w C:\Program Files\downloads
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\SYSTEM32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\lsasrv.dll
2007-10-30 23:42 3,590,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-10-30 17:20 360,064 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\SYSTEM32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
2007-10-27 23:40 227,328 ----a-w C:\WINDOWS\SYSTEM32\wmasf.dll
2007-10-27 23:40 227,328 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
2007-10-10 23:56 824,832 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
2007-10-10 23:56 824,832 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
2007-10-10 23:56 232,960 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
2007-10-10 23:56 1,159,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
2007-10-10 23:55 671,232 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
2007-10-10 23:55 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
2007-10-10 23:55 6,065,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2007-10-10 23:55 52,224 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2007-10-10 23:55 478,208 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
2007-10-10 23:55 459,264 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2007-10-10 23:55 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
2007-10-10 23:55 384,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
2007-10-10 23:55 383,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2007-10-10 23:55 27,648 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
2007-10-10 23:55 267,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2007-10-10 23:55 230,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
2007-10-10 23:55 214,528 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
2007-10-10 23:55 193,024 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
2007-10-10 23:55 153,088 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
2007-10-10 23:55 132,608 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
2007-10-10 23:55 124,928 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
2007-10-10 23:55 105,984 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
2007-10-10 23:55 102,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
2007-10-10 10:59 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2007-10-10 10:59 625,152 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2007-10-10 05:46 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2005-01-21 00:53 45,056 ------r C:\Program Files\SetAttrib.exe
2004-11-30 07:23 40,960 ------r C:\Program Files\delete.exe
2004-10-16 10:19 11,591 --sha-w C:\WINDOWS\abghx.dat
2004-08-09 07:16 0 --sha-w C:\WINDOWS\appfe.exe
2004-10-27 03:42 11,591 --sha-w C:\WINDOWS\apsyx.dat
2004-08-24 03:53 3,063 --sha-w C:\WINDOWS\blanf.dat
2004-11-24 12:53 3,347 --sha-w C:\WINDOWS\bnada.dat
2004-11-04 15:15 3,362 --sha-w C:\WINDOWS\bvduv.dat
2004-09-12 17:02 11,591 --sha-w C:\WINDOWS\bwtfp.dat
2006-02-22 10:24 3,347 --sha-w C:\WINDOWS\byxvu.dat
2004-08-15 09:37 3,063 --sha-w C:\WINDOWS\caghx.dat
2004-09-14 16:36 11,591 --sha-w C:\WINDOWS\ckqol.dat
2004-08-15 10:18 11,591 --sha-w C:\WINDOWS\corxr.dat
2004-09-21 12:21 11,591 --sha-w C:\WINDOWS\cswqb.dat
2004-11-07 17:29 11,591 --sha-w C:\WINDOWS\ctppm.dat
2004-10-20 14:09 11,591 --sha-w C:\WINDOWS\cuevg.dat
2004-09-11 19:59 11,591 --sha-w C:\WINDOWS\cxhrg.dat
2004-08-31 17:43 0 --sha-w C:\WINDOWS\czdgp.dat
2004-11-16 16:31 11,591 --sha-w C:\WINDOWS\diexz.dat
2004-11-16 16:31 11,591 --sha-w C:\WINDOWS\dlmuu.dat
2004-11-16 16:31 11,591 --sha-w C:\WINDOWS\dprcu.dat
2004-09-20 15:36 3,063 --sha-w C:\WINDOWS\dskub.dat
2004-11-13 16:46 3,347 --sha-w C:\WINDOWS\ehvfa.dat
2004-09-19 19:37 0 --sha-w C:\WINDOWS\etlds.dll
2004-10-31 13:12 3,362 --sha-w C:\WINDOWS\exbqr.dat
2004-09-11 06:55 11,591 --sha-w C:\WINDOWS\fapud.dat
2004-09-25 23:08 11,591 --sha-w C:\WINDOWS\fjufv.dat
2004-11-10 03:52 3,347 --sha-w C:\WINDOWS\fqbus.dat
2004-10-03 18:05 3,063 --sha-w C:\WINDOWS\gjzvl.dat
2004-09-09 14:06 3,063 --sha-w C:\WINDOWS\gkdcr.dat
2004-12-03 20:04 11,591 --sha-w C:\WINDOWS\gntyh.dat
2004-11-21 02:10 11,591 --sha-w C:\WINDOWS\gumfc.dat
2004-10-27 01:33 11,591 --sha-w C:\WINDOWS\gyozc.dat
2004-09-12 12:17 3,063 --sha-w C:\WINDOWS\hcacy.dat
2004-11-28 11:54 3,347 --sha-w C:\WINDOWS\hcqms.dat
2004-10-05 01:18 3,063 --sha-w C:\WINDOWS\hreae.dat
2004-11-09 20:40 3,347 --sha-w C:\WINDOWS\huhwa.dat
2004-11-27 06:52 11,591 --sha-w C:\WINDOWS\hzugm.dat
2004-08-05 09:55 3,063 --sha-w C:\WINDOWS\iagav.dat
2004-08-15 16:30 11,591 --sha-w C:\WINDOWS\ibxma.dat
2004-09-28 07:04 11,591 --sha-w C:\WINDOWS\ihfrl.dat
2004-11-30 15:51 11,591 --sha-w C:\WINDOWS\infxh.dat
2004-09-08 09:23 11,591 --sha-w C:\WINDOWS\irkvq.dat
2004-09-10 06:02 11,591 --sha-w C:\WINDOWS\irqne.dat
2004-10-31 21:35 3,362 --sha-w C:\WINDOWS\ivybk.dat
2005-05-06 20:34 238,709 --sh--r C:\WINDOWS\iyfyn7.sys
2004-10-04 07:58 11,591 --sha-w C:\WINDOWS\jfuac.dat
2004-11-04 17:40 11,591 --sha-w C:\WINDOWS\jrlxs.dat
2004-11-29 13:59 11,591 --sha-w C:\WINDOWS\jznfx.dat
2004-09-21 14:17 11,591 --sha-w C:\WINDOWS\kgipx.dat
2004-10-05 03:05 11,591 --sha-w C:\WINDOWS\kjxhe.dat
2004-11-10 14:22 11,591 --sha-w C:\WINDOWS\kohyw.dat
2004-11-16 09:44 3,347 --sha-w C:\WINDOWS\kvkzg.dat
2004-10-01 22:24 11,591 --sha-w C:\WINDOWS\lcmvd.dat
2004-09-01 02:33 3,063 --sha-w C:\WINDOWS\liagg.dat
2005-01-15 11:42 11,591 --sha-w C:\WINDOWS\lksxz.dat
2004-11-18 02:11 11,591 --sha-w C:\WINDOWS\lluxy.dat
2004-10-08 22:52 3,063 --sha-w C:\WINDOWS\lvtyw.dat
2004-09-21 20:16 3,063 --sha-w C:\WINDOWS\lwkke.dat
2004-09-29 03:31 11,591 --sha-w C:\WINDOWS\lyfir.dat
2004-11-20 21:06 11,591 --sha-w C:\WINDOWS\maeny.dat
2004-09-19 10:35 3,063 --sha-w C:\WINDOWS\mciip.dat
2004-09-02 17:56 11,591 --sha-w C:\WINDOWS\mcmzj.dat
2004-08-23 10:46 3,063 --sha-w C:\WINDOWS\mghel.dat
2004-11-25 02:56 3,347 --sha-w C:\WINDOWS\mkbmk.dat
2004-08-02 07:21 11,591 --sha-w C:\WINDOWS\mknro.dat
2004-08-02 16:46 10,240 --sha-w C:\WINDOWS\msls32.exe
2006-03-03 03:38 11,591 --sha-w C:\WINDOWS\muyis.dat
2004-11-20 22:57 3,347 --sha-w C:\WINDOWS\mxnvu.dat
2004-09-20 15:51 3,063 --sha-w C:\WINDOWS\njmcy.dat
2004-12-19 06:31 3,347 --sha-w C:\WINDOWS\nqyvt.dat
2004-10-12 22:07 0 --sha-w C:\WINDOWS\nzugr.dll
2004-10-06 23:59 0 --sha-w C:\WINDOWS\n_eenhay.dat
2004-09-26 06:24 0 --sha-w C:\WINDOWS\n_miiwbb.dat
2004-08-26 03:12 0 --sha-w C:\WINDOWS\n_vpuxgs.dat
2004-09-19 19:36 0 --sha-w C:\WINDOWS\n_vvhitd.dat
2004-11-18 06:38 0 --sha-w C:\WINDOWS\n_wphjwr.dat
2004-10-23 16:56 3,063 --sha-w C:\WINDOWS\ogkvb.dat
2004-10-07 16:13 11,591 --sha-w C:\WINDOWS\oivli.dat
2004-12-12 21:20 3,347 --sha-w C:\WINDOWS\pvuut.dat
2004-10-22 08:17 11,591 --sha-w C:\WINDOWS\pxvdr.dat
2004-10-31 22:16 3,347 --sha-w C:\WINDOWS\qeopo.dat
2004-10-02 19:24 11,591 --sha-w C:\WINDOWS\rbocc.dat
2004-08-31 02:43 0 --sha-w C:\WINDOWS\rlygs.dat
2004-11-07 18:30 3,362 --sha-w C:\WINDOWS\rscbr.dat
2004-10-09 00:04 3,362 --sha-w C:\WINDOWS\siqbc.dat
2004-11-17 03:13 3,362 --sha-w C:\WINDOWS\tpduc.dat
2004-08-21 05:52 3,063 --sha-w C:\WINDOWS\tqzey.dat
2004-08-26 17:47 11,591 --sha-w C:\WINDOWS\twnyj.dat
2004-10-27 19:14 11,591 --sha-w C:\WINDOWS\ubtdd.dat
2004-09-20 20:09 3,063 --sha-w C:\WINDOWS\ukdem.dat
2004-09-27 01:18 3,063 --sha-w C:\WINDOWS\umqvx.dat
2005-01-03 23:52 11,591 --sha-w C:\WINDOWS\uqevp.dat
2004-11-23 08:05 11,591 --sha-w C:\WINDOWS\usxrw.dat
2004-12-29 11:11 11,591 --sha-w C:\WINDOWS\uwgrd.dat
2004-09-15 14:03 11,591 --sha-w C:\WINDOWS\uyhgt.dat
2004-10-22 20:33 3,063 --sha-w C:\WINDOWS\viphx.dat
2004-11-09 22:47 11,591 --sha-w C:\WINDOWS\vlzgf.dat
2004-08-27 02:28 3,063 --sha-w C:\WINDOWS\vngqi.dat
2004-08-13 22:42 11,591 --sha-w C:\WINDOWS\vsrba.dat
2004-10-30 04:19 11,591 --sha-w C:\WINDOWS\vturt.dat
2004-11-10 21:19 11,591 --sha-w C:\WINDOWS\wdefk.dat
2004-10-16 06:17 11,591 --sha-w C:\WINDOWS\wlddy.dat
2004-10-06 21:50 11,591 --sha-w C:\WINDOWS\wrzvv.dat
2004-12-01 03:07 3,347 --sha-w C:\WINDOWS\wsdoj.dat
2004-10-02 21:33 3,362 --sha-w C:\WINDOWS\wwdxj.dat
2004-10-04 06:04 11,591 --sha-w C:\WINDOWS\xbfuu.dat
2004-11-07 10:09 3,362 --sha-w C:\WINDOWS\xckma.dat
2004-11-10 17:52 3,347 --sha-w C:\WINDOWS\xivjz.dat
2004-08-12 18:57 11,591 --sha-w C:\WINDOWS\xiyip.dat
2004-11-03 00:24 11,591 --sha-w C:\WINDOWS\xldmf.dat
2005-04-18 13:22 3,347 --sha-w C:\WINDOWS\xqdxz.dat
2004-10-26 20:01 3,362 --sha-w C:\WINDOWS\xtcwr.dat
2005-04-18 13:22 3,063 --sha-w C:\WINDOWS\ycmdg.dat
2004-10-30 00:17 3,362 --sha-w C:\WINDOWS\yiwgt.dat
2004-10-20 14:41 3,063 --sha-w C:\WINDOWS\yvlrj.dat
2004-09-27 16:17 11,591 --sha-w C:\WINDOWS\yzczv.dat
2004-09-28 08:50 11,591 --sha-w C:\WINDOWS\yzguh.dat
2004-11-18 06:55 0 --sha-w C:\WINDOWS\yzuis.dll
2004-11-14 15:37 3,362 --sha-w C:\WINDOWS\ztpsx.dat
2004-11-26 08:23 11,591 --sha-w C:\WINDOWS\SYSTEM32\agjnc.dat
2004-11-07 20:05 0 --sha-w C:\WINDOWS\SYSTEM32\apmll.dat
2004-11-20 17:25 11,591 --sha-w C:\WINDOWS\SYSTEM32\athzo.dat
2004-10-22 14:06 0 --sha-w C:\WINDOWS\SYSTEM32\azslr.dll
2004-09-06 17:34 11,591 --sha-w C:\WINDOWS\SYSTEM32\bkcei.dat
2004-10-03 03:41 11,591 --sha-w C:\WINDOWS\SYSTEM32\bmfga.dat
2004-08-22 16:23 3,063 --sha-w C:\WINDOWS\SYSTEM32\bncae.dat
2004-08-06 02:48 11,591 --sha-w C:\WINDOWS\SYSTEM32\bvfic.dat
2004-08-20 21:34 11,591 --sha-w C:\WINDOWS\SYSTEM32\chnqd.dat
2004-09-29 08:26 11,591 --sha-w C:\WINDOWS\SYSTEM32\cjocs.dat
2004-08-20 17:59 3,063 --sha-w C:\WINDOWS\SYSTEM32\cxvqd.dat
2005-01-13 23:52 4,354 --sha-w C:\WINDOWS\SYSTEM32\dahmc.dat
2004-10-10 06:25 3,063 --sha-w C:\WINDOWS\SYSTEM32\drxbd.dat
2004-09-11 23:41 11,591 --sha-w C:\WINDOWS\SYSTEM32\ebhei.dat
2004-11-15 16:37 3,347 --sha-w C:\WINDOWS\SYSTEM32\eqzcl.dat
2004-12-07 16:42 3,347 --sha-w C:\WINDOWS\SYSTEM32\erqwg.dat
2004-10-01 09:31 3,063 --sha-w C:\WINDOWS\SYSTEM32\exyik.dat
2004-10-03 03:39 3,063 --sha-w C:\WINDOWS\SYSTEM32\fbden.dat
2004-12-05 08:27 11,591 --sha-w C:\WINDOWS\SYSTEM32\fbefy.dat
2004-08-26 16:32 3,063 --sha-w C:\WINDOWS\SYSTEM32\fdywf.dat
2004-11-04 05:42 3,362 --sha-w C:\WINDOWS\SYSTEM32\fenhx.dat
2004-11-09 23:53 3,347 --sha-w C:\WINDOWS\SYSTEM32\fhbxg.dat
2004-10-27 06:45 3,362 --sha-w C:\WINDOWS\SYSTEM32\fqked.dat
2004-10-24 13:33 11,591 --sha-w C:\WINDOWS\SYSTEM32\fuexe.dat
2004-11-25 14:16 3,347 --sha-w C:\WINDOWS\SYSTEM32\fxghm.dat
2004-08-20 02:57 11,591 --sha-w C:\WINDOWS\SYSTEM32\fyaeh.dat
2004-10-22 02:07 3,362 --sha-w C:\WINDOWS\SYSTEM32\fzthc.dat
2004-11-13 20:32 11,591 --sha-w C:\WINDOWS\SYSTEM32\gikah.dat
2005-01-08 09:01 11,591 --sha-w C:\WINDOWS\SYSTEM32\gjqpz.dat
2004-10-16 18:11 3,362 --sha-w C:\WINDOWS\SYSTEM32\guvju.dat
2004-12-19 19:24 11,591 --sha-w C:\WINDOWS\SYSTEM32\gvlyw.dat
2004-12-06 05:35 11,591 --sha-w C:\WINDOWS\SYSTEM32\gwtzw.dat
2004-10-05 17:06 3,063 --sha-w C:\WINDOWS\SYSTEM32\haolt.dat
2004-10-15 12:35 3,362 --sha-w C:\WINDOWS\SYSTEM32\hefnd.dat
2004-09-25 13:56 11,591 --sha-w C:\WINDOWS\SYSTEM32\heiwr.dat
2004-11-26 22:25 3,347 --sha-w C:\WINDOWS\SYSTEM32\iaffb.dat
2004-11-07 01:23 3,362 --sha-w C:\WINDOWS\SYSTEM32\ihfjp.dat
2004-11-17 11:06 3,347 --sha-w C:\WINDOWS\SYSTEM32\ikvvq.dat
2004-10-28 14:05 11,591 --sha-w C:\WINDOWS\SYSTEM32\imlqg.dat
2004-11-10 17:54 3,347 --sha-w C:\WINDOWS\SYSTEM32\imxdk.dat
2005-05-06 20:34 278,250 --sh--r C:\WINDOWS\SYSTEM32\iyfyn7.sys
2004-10-31 11:26 11,591 --sha-w C:\WINDOWS\SYSTEM32\jknlr.dat
2004-10-31 22:08 3,362 --sha-w C:\WINDOWS\SYSTEM32\jvuyz.dat
2004-08-06 14:18 11,591 --sha-w C:\WINDOWS\SYSTEM32\kdxnh.dat
2004-08-26 18:13 3,063 --sha-w C:\WINDOWS\SYSTEM32\kfvlv.dat
2004-08-30 18:33 3,063 --sha-w C:\WINDOWS\SYSTEM32\krvsq.dat
2004-11-22 18:45 11,591 --sha-w C:\WINDOWS\SYSTEM32\ktfgk.dat
2004-10-26 22:39 3,362 --sha-w C:\WINDOWS\SYSTEM32\kuetb.dat
2004-09-10 02:51 11,591 --sha-w C:\WINDOWS\SYSTEM32\kzicj.dat
2004-10-21 11:53 11,591 --sha-w C:\WINDOWS\SYSTEM32\lekmp.dat
2004-10-23 00:27 3,362 --sha-w C:\WINDOWS\SYSTEM32\lqbww.dat
2004-10-24 03:26 3,362 --sha-w C:\WINDOWS\SYSTEM32\lrgkv.dat
2004-08-24 18:37 11,591 --sha-w C:\WINDOWS\SYSTEM32\mmkyb.dat
2004-11-17 00:12 3,347 --sha-w C:\WINDOWS\SYSTEM32\ngnwg.dat
2004-10-16 03:52 3,362 --sha-w C:\WINDOWS\SYSTEM32\nkhij.dat
2004-10-24 01:19 11,591 --sha-w C:\WINDOWS\SYSTEM32\odrhi.dat
2004-09-18 00:20 3,063 --sha-w C:\WINDOWS\SYSTEM32\ohjlf.dat
2004-08-31 17:48 0 --sha-w C:\WINDOWS\SYSTEM32\oravi.dat
2004-10-27 11:57 11,591 --sha-w C:\WINDOWS\SYSTEM32\ozkvb.dat
2004-12-12 14:59 3,347 --sha-w C:\WINDOWS\SYSTEM32\pzsnb.dat
2004-09-18 10:52 3,063 --sha-w C:\WINDOWS\SYSTEM32\qabtd.dat
2004-09-25 18:07 11,591 --sha-w C:\WINDOWS\SYSTEM32\qbwrr.dat
2004-09-18 17:09 11,591 --sha-w C:\WINDOWS\SYSTEM32\qggti.dat
2004-09-25 05:47 3,063 --sha-w C:\WINDOWS\SYSTEM32\qkpzj.dat
2004-09-25 07:51 3,063 --sha-w C:\WINDOWS\SYSTEM32\qmkvb.dat
2004-11-08 20:39 11,591 --sha-w C:\WINDOWS\SYSTEM32\qnpzg.dat
2004-11-24 04:08 3,347 --sha-w C:\WINDOWS\SYSTEM32\qqscx.dat
2004-07-29 02:21 3,063 --sha-w C:\WINDOWS\SYSTEM32\qvdyq.dat
2004-10-24 09:15 3,362 --sha-w C:\WINDOWS\SYSTEM32\rlbie.dat
2004-09-25 23:46 3,063 --sha-w C:\WINDOWS\SYSTEM32\rpdno.dat
2004-11-20 08:44 11,591 --sha-w C:\WINDOWS\SYSTEM32\rprpm.dat
2004-10-31 16:31 11,591 --sha-w C:\WINDOWS\SYSTEM32\ruxga.dat
2004-10-26 18:43 3,362 --sha-w C:\WINDOWS\SYSTEM32\rwnhy.dat
2004-08-23 12:20 3,063 --sha-w C:\WINDOWS\SYSTEM32\rxrua.dat
2004-08-29 16:45 11,591 --sha-w C:\WINDOWS\SYSTEM32\scgoj.dat
2004-09-07 14:38 11,591 --sha-w C:\WINDOWS\SYSTEM32\sinwl.dat
2004-09-25 02:12 11,591 --sha-w C:\WINDOWS\SYSTEM32\slriz.dat
2004-08-29 21:48 11,591 --sha-w C:\WINDOWS\SYSTEM32\snrjk.dat
2004-11-05 10:21 11,591 --sha-w C:\WINDOWS\SYSTEM32\sqyua.dat
2004-11-15 02:50 11,591 --sha-w C:\WINDOWS\SYSTEM32\szrkb.dat
2004-11-13 07:05 11,591 --sha-w C:\WINDOWS\SYSTEM32\tdqee.dat
2004-10-20 20:33 11,591 --sha-w C:\WINDOWS\SYSTEM32\tdxec.dat
2004-11-07 02:40 11,591 --sha-w C:\WINDOWS\SYSTEM32\tiisi.dat
2004-11-14 21:16 11,591 --sha-w C:\WINDOWS\SYSTEM32\tomrq.dat
2004-11-18 06:56 0 --sha-w C:\WINDOWS\SYSTEM32\tslyv.dll
2004-10-12 05:07 11,591 --sha-w C:\WINDOWS\SYSTEM32\ttyea.dat
2004-09-12 06:49 3,063 --sha-w C:\WINDOWS\SYSTEM32\tuhlc.dat
2004-11-13 22:55 11,591 --sha-w C:\WINDOWS\SYSTEM32\txivz.dat
2004-09-01 19:51 11,591 --sha-w C:\WINDOWS\SYSTEM32\tylbz.dat
2004-11-15 04:50 11,591 --sha-w C:\WINDOWS\SYSTEM32\ufzsd.dat
2004-08-20 03:40 3,063 --sha-w C:\WINDOWS\SYSTEM32\ukhlg.dat
2004-09-30 10:21 3,063 --sha-w C:\WINDOWS\SYSTEM32\unoyz.dat
2004-09-23 03:42 3,063 --sha-w C:\WINDOWS\SYSTEM32\uoump.dat
2004-10-13 10:55 3,063 --sha-w C:\WINDOWS\SYSTEM32\vbhcw.dat
2004-08-11 02:46 11,591 --sha-w C:\WINDOWS\SYSTEM32\vbncx.dat
2005-01-28 16:00 3,547 --sha-w C:\WINDOWS\SYSTEM32\vbpxm.dat
2004-10-24 11:48 11,591 --sha-w C:\WINDOWS\SYSTEM32\vcjpk.dat
2004-09-23 07:16 3,063 --sha-w C:\WINDOWS\SYSTEM32\vjhel.dat
2004-08-15 04:13 3,063 --sha-w C:\WINDOWS\SYSTEM32\vvfuk.dat
2005-01-10 08:45 3,347 --sha-w C:\WINDOWS\SYSTEM32\wcbul.dat
2004-11-09 16:49 3,347 --sha-w C:\WINDOWS\SYSTEM32\wknmh.dat
2004-10-15 01:51 3,362 --sha-w C:\WINDOWS\SYSTEM32\wpycp.dat
2004-10-24 10:18 3,362 --sha-w C:\WINDOWS\SYSTEM32\wrucs.dat
2004-09-29 10:52 3,063 --sha-w C:\WINDOWS\SYSTEM32\wtkrw.dat
2004-12-13 03:17 11,591 --sha-w C:\WINDOWS\SYSTEM32\wwgpr.dat
2004-11-06 23:20 3,362 --sha-w C:\WINDOWS\SYSTEM32\wzchs.dat
2007-03-19 18:31 228,864 --sh--r C:\WINDOWS\SYSTEM32\w?nlogon.exe
2004-12-02 09:40 11,591 --sha-w C:\WINDOWS\SYSTEM32\xcebx.dat
2004-08-23 19:45 3,063 --sha-w C:\WINDOWS\SYSTEM32\xdogs.dat
2004-08-29 04:08 11,591 --sha-w C:\WINDOWS\SYSTEM32\xeyhz.dat
2004-08-06 17:13 3,063 --sha-w C:\WINDOWS\SYSTEM32\xkomt.dat
2004-08-01 07:11 11,591 --sha-w C:\WINDOWS\SYSTEM32\xnken.dat
2004-08-21 20:53 3,063 --sha-w C:\WINDOWS\SYSTEM32\xucje.dat
2004-09-17 09:48 11,591 --sha-w C:\WINDOWS\SYSTEM32\yhwpg.dat
2004-08-24 07:50 11,591 --sha-w C:\WINDOWS\SYSTEM32\ynnpz.dat
2004-08-24 06:54 3,063 --sha-w C:\WINDOWS\SYSTEM32\ynpuj.dat
2004-12-02 11:01 11,591 --sha-w C:\WINDOWS\SYSTEM32\ytmae.dat
2004-11-10 15:35 3,347 --sha-w C:\WINDOWS\SYSTEM32\ytxoq.dat
2004-10-27 22:07 11,591 --sha-w C:\WINDOWS\SYSTEM32\yyoyt.dat
2004-09-27 18:24 3,063 --sha-w C:\WINDOWS\SYSTEM32\zhomm.dat
2004-10-27 13:38 11,591 --sha-w C:\WINDOWS\SYSTEM32\zhpsx.dat
2004-10-05 01:39 11,591 --sha-w C:\WINDOWS\SYSTEM32\zjkkh.dat
2004-10-23 19:35 11,591 --sha-w C:\WINDOWS\SYSTEM32\zmkom.dat
2004-10-12 14:26 3,362 --sha-w C:\WINDOWS\SYSTEM32\ztvaw.dat
2004-11-05 04:41 11,591 --sha-w C:\WINDOWS\SYSTEM32\zvkab.dat
2004-11-14 23:17 3,362 --sha-w C:\WINDOWS\SYSTEM32\zwtvd.dat
2004-08-17 08:54 3,063 --sha-w C:\WINDOWS\SYSTEM32\zyvpq.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6BD4ABBD-3523-C873-457D-313BA77F97C0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{875AD120-1EB1-626C-EEAE-638488E049C0}]
C:\WINDOWS\system32\kroopux.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B779A875-36BF-453E-BAC6-45B6AB927B90}]
C:\WINDOWS\system32\vvbmnuwl.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09 460784]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]
"ModemOnHold"="C:\PROGRA~1\MODEMO~1\MOH.exe" [2003-11-17 09:10 86016]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 09:23 202544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
C:\Program Files\Altnet\Points Manager\Points Manager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bxxs5]
C:\WINDOWS\bxxs5.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClrSchLoader]
C:\Program Files\ClearSearch\Loader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys]
C:\Program Files\Common Files\CMEII\CMESys.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\d3dl32.exe]
C:\WINDOWS\system32\d3dl32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A940]
--a------ 2003-02-08 16:42 86102 C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2005-10-19 07:59 126976 C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2005-10-19 07:59 155648 C:\WINDOWS\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
--a------ 2003-09-03 19:12 221184 C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]
C:\Program Files\Kazaa\kazaa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a------ 2006-01-17 12:03 53248 c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2006-01-17 12:03 135168 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2003-08-26 18:47 204800 C:\Program Files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunDLL]
C:\WINDOWS\Downloaded Program Files\bridge.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 03:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-02 14:49 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updmgr]
C:\Program Files\Common files\updmgr\updmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e63fee76-278d-11dc-a8fb-00038a000015}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e63fee7b-278d-11dc-a8fb-00038a000015}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f49407cf-2845-11dc-a8fe-00038a000015}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ffb8fe60-8d31-11dc-a9cd-000d566b1619}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-01-22 13:19:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-18 21:41:27 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-01-30 09:00:02 C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job"
- C:\Program Files\SpywareBot\SpywareBot.ex
- C:\Program Files\SpywareBot
"2008-01-31 00:36:10 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-01-31 00:36:08 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-30 19:16:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\Rhododendron.bmp:ywgymn 64000 bytes executable
C:\WINDOWS\muyis.dat:iwhlq 36155 bytes executable
C:\WINDOWS\nsreg.dat:bfligm 11394 bytes executable
C:\WINDOWS\nsw.log:vvoyy 10240 bytes executable
C:\WINDOWS\BOOTSTAT.DAT:ugbzip 11394 bytes executable
C:\WINDOWS\Q329909.LOG:fhoun 10240 bytes executable
C:\WINDOWS\IIS6.LOG:gjxfk 90624 bytes executable
C:\WINDOWS\dprcu.dat:srvfi 56320 bytes executable
C:\WINDOWS\n_ujakxn.dat:taanlv 68608 bytes executable
C:\WINDOWS\ycmdg.dat:skzvhd 66560 bytes executable
C:\WINDOWS\SchedLgU.Txt:ilkqq 10240 bytes executable
C:\WINDOWS\d3as32.dll:lvejt 11401 bytes executable
C:\WINDOWS\n_mpjuni.dat:cphqnk 68096 bytes executable
C:\WINDOWS\appfe.exe:aoobf 56832 bytes executable
C:\WINDOWS\ztpsx.dat:jhszk 11401 bytes executable
C:\WINDOWS\_DEFAULT.PIF:ehxlse 11401 bytes executable
C:\WINDOWS\_DEFAULT.PIF:eovbyy 114362 bytes executable
C:\WINDOWS\_DEFAULT.PIF:fjohxm 30264 bytes executable
C:\WINDOWS\_DEFAULT.PIF:nivcdc 11394 bytes executable
C:\WINDOWS\_DEFAULT.PIF:ppguvl 11394 bytes executable
C:\WINDOWS\_DEFAULT.PIF:xiqqvo 30264 bytes executable
C:\WINDOWS\WINHELP.EXE:sitqi 27102 bytes executable
C:\WINDOWS\q812415.log:diexz 10240 bytes executable
C:\WINDOWS\q812415.log:pbfnj 10240 bytes executable
C:\WINDOWS\q812415.log:xiyip 26763 bytes executable
C:\WINDOWS\Q813862.LOG:xaqeau 30264 bytes executable
C:\WINDOWS\Q816486.LOG:cwceg 56832 bytes executable
C:\WINDOWS\Q816981.LOG:ibxtd 26763 bytes executable
C:\WINDOWS\Q816981.LOG:vjxlc 26763 bytes executable
C:\WINDOWS\ORUN32.ISU:jxrwfk 11394 bytes executable
C:\WINDOWS\byxvu.dat:fzmsfc 36155 bytes executable
C:\WINDOWS\cdzzs.txt:ypfaqe 66560 bytes executable
C:\WINDOWS\WMSysPrx.prx:zhpus 103867 bytes executable
C:\WINDOWS\sysry.dll:fclyfj 11401 bytes executable
C:\WINDOWS\upwzyk.dat:cssyj 114362 bytes executable
C:\WINDOWS\gcnwz.txt:qkmkrv 30264 bytes executable
C:\WINDOWS\IsUninst.exe:jkapg 27102 bytes executable
C:\WINDOWS\lksxz.dat:xxdvu 90624 bytes executable

scan completed successfully
hidden files: 38

**************************************************************************
.
Completion time: 2008-01-30 19:19:12
ComboFix-quarantined-files.txt 2008-01-31 01:18:55
.
2008-01-29 05:34:16 --- E O F ---

[Katana]

Is that log from a different computer ?
If so I will need a HJT log and a Kaspersky log from it.

It will also be better if your friend starts his own thread, as some of the tools we use require the machine to be rebooted.

[Katana]

Do you still require help ?

[silver]

This topic is now closed due to inactivity. If you wish it to be reopened, please send an email to 'admin at malwareremoval.com' with a link to your thread.

If it has been 5 days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, this topic will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.

You can help support this site from this link :
Donations For Malware Removal