kohu Posted January 31, 2008 Report Share Posted January 31, 2008 heres the LogLogfile of Trend Micro HijackThis v2.0.2Scan saved at 4:10:44 PM, on 1/31/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Comodo\Firewall\cmdagent.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\M-Audio Uno\UnoInst.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\Cyb2k.exeC:\Program Files\Lexmark 2400 Series\lxcrmon.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Comodo\Firewall\CPF.exeC:\WINDOWS\system32\lxcrcoms.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\LClock\LClock.exeC:\Program Files\SBPaper\paper.exeC:\Documents and Settings\Pete's\Desktop\Other apps\vistart_2502_english_skin_default\ViStart.exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Windows Live\Messenger\usnsvc.exeC:\WINDOWS\system32\aduttakp.exeC:\Program Files\uTorrent\uTorrent.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\explorer.exeC:\Program Files\internet explorer\iexplore.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exeC:\HJT\HJTInstall.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.localO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocxO2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dllO2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - (no file)O2 - BHO: (no name) - {39195EDC-FA72-4393-BF58-A7DB2AA9A1CE} - C:\WINDOWS\system32\mljgh.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: (no name) - {A051B1FF-8D7E-418B-AABE-4FF82F4280A2} - C:\WINDOWS\system32\awturqo.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dllO2 - BHO: {059d3106-4d15-a8ca-cee4-69e597e6ccfe} - {efcc6e79-5e96-4eec-ac8a-51d46013d950} - C:\WINDOWS\system32\kvkefcjf.dllO2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLLO3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dllO3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dllO3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - (no file)O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLLO3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dllO4 - HKLM\..\Run: [C2K] C:\WINDOWS\Cyb2k.exeO4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /backgroundO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [40408b53] rundll32.exe "C:\WINDOWS\system32\hkfltapo.dll",bO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exeO4 - HKCU\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exeO4 - HKCU\..\Run: [scottsPaperManager] "C:\Program Files\SBPaper\paper.exe" -autominimizeO4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exeO4 - HKCU\..\Run: [ViStart] C:\Documents and Settings\Pete's\Desktop\Other apps\vistart_2502_english_skin_default\ViStartO4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')O4 - Startup: Thoosje Vista Sidebar.lnk = C:\Program Files\Vista Sidebar\Thoosje Vista Sidebar.exeO8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htmO8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htmO8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htmO8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htmO8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htmO8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimageO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO15 - Trusted Zone: *.stumbleupon.comO16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cabO16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cabO16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cabO16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187204501375O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cabO16 - DPF: {A954AFC3-3A26-44C2-A126-2B61C09F8FC9} (SNRecovery Control) - http://www.cybersitter.com/recovery/ocx/SerialRecovery.ocxO16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cabO16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cabO16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cabO20 - AppInit_DLLs: wbsys.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO20 - Winlogon Notify: awturqo - C:\WINDOWS\SYSTEM32\awturqo.dllO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exeO23 - Service: DomainService - - C:\WINDOWS\system32\aduttakp.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exeO23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exeO23 - Service: Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exeO23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe--End of file - 12290 bytes Quote Link to post Share on other sites
jwbirdsong Posted February 1, 2008 Report Share Posted February 1, 2008 Please download VundoFix.exe to your desktopDouble-click VundoFix.exe to run it.Click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will reboot your computer, click OK.Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting. Download Combofix to your desktop.Doubleclick combofix.exeFollow the prompts.Don't click on the window while the fix is running, because that will cause your system to hang.When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt. Post Combofix logC:\vundofix.txt in your next reply . Quote Link to post Share on other sites
kohu Posted February 1, 2008 Author Report Share Posted February 1, 2008 VundoFix V6.5.6Checking Java version...Java version is 1.4.2.3Old versions of java are exploitable and should be removed.Scan started at 3:38:25 PM 7/25/2007Listing files found while scanning....No infected files were found.VundoFix V6.5.9Checking Java version...Java version is 1.4.2.3Old versions of java are exploitable and should be removed.Scan started at 5:27:42 PM 10/3/2007Listing files found while scanning....C:\windows\system32\acyveqdm.iniC:\windows\system32\aggvaorn.dllC:\windows\system32\aglsjgsq.dllC:\windows\system32\ahadrepr.dllC:\windows\system32\akvxhcfv.dllC:\windows\system32\aorvyaqt.iniC:\WINDOWS\system32\awvtr.dllC:\windows\system32\ayldidqg.iniC:\windows\system32\ayxnnfgr.iniC:\windows\system32\bbvckdpp.iniC:\windows\system32\binqsyqw.dllC:\windows\system32\bjyufmfi.iniC:\windows\system32\bqyyrevi.iniC:\windows\system32\btjdryrr.dllC:\windows\system32\bybtpite.dllC:\windows\system32\bydrafbu.iniC:\windows\system32\ceownxft.dllC:\windows\system32\chjkemhj.iniC:\windows\system32\clnlelfd.dllC:\WINDOWS\system32\coxsgffg.dllC:\windows\system32\cqqmhnwr.iniC:\windows\system32\dcpgmlpy.dllC:\windows\system32\dflelnlc.iniC:\windows\system32\difpuoew.dllC:\windows\system32\dlbudeas.dllC:\windows\system32\dmxejgoi.iniC:\windows\system32\dpyhlpxv.dllC:\windows\system32\drdlommt.dllC:\windows\system32\drnjxljn.iniC:\windows\system32\drqsfxvm.iniC:\windows\system32\eervjfyx.dllC:\windows\system32\ejmvqbyv.dllC:\windows\system32\ekpgbiyn.iniC:\windows\system32\embxsohx.iniC:\windows\system32\emlvkxij.dllC:\windows\system32\ensjjknj.dllC:\windows\system32\eqfftdqr.dllC:\windows\system32\etiptbyb.iniC:\windows\system32\evdrcnft.iniC:\windows\system32\eysxdeyr.dllC:\windows\system32\fcaminff.dllC:\windows\system32\fcxqoiex.iniC:\windows\system32\fdxxnelg.iniC:\windows\system32\ffnimacf.iniC:\windows\system32\ffrwohdj.iniC:\windows\system32\fhssyspr.iniC:\windows\system32\fnlkgupm.iniC:\windows\system32\frxqypvp.iniC:\windows\system32\fsxfysss.dllC:\windows\system32\ftbuikuj.dllC:\windows\system32\fvuielst.dllC:\windows\system32\ghlorpmp.dllC:\windows\system32\glenxxdf.dllC:\windows\system32\gnipaxix.dllC:\windows\system32\gqdidlya.dllC:\windows\system32\hfyhwwlu.iniC:\windows\system32\hngoeehn.dllC:\windows\system32\hsmyuiym.iniC:\windows\system32\hvwvedpq.dllC:\windows\system32\ifmfuyjb.dllC:\windows\system32\ihyeawiu.dllC:\windows\system32\iogjexmd.dllC:\windows\system32\iveryyqb.dllC:\windows\system32\ixxvtvxm.iniC:\windows\system32\jdhowrff.dllC:\windows\system32\jewafmsx.iniC:\windows\system32\jhmekjhc.dllC:\windows\system32\jixkvlme.iniC:\windows\system32\jjjdcrep.iniC:\windows\system32\jnkjjsne.iniC:\windows\system32\jolwnndo.dllC:\windows\system32\jqeppbjx.dllC:\windows\system32\jukiubtf.iniC:\windows\system32\kbacmjbo.dllC:\windows\system32\kjhpmtkw.dllC:\windows\system32\kjshanat.iniC:\windows\system32\kttgkakl.dllC:\windows\system32\kuvqdujv.dllC:\windows\system32\kvkwlncr.dllC:\windows\system32\ldmvlcns.iniC:\windows\system32\lhwrkdbt.dllC:\windows\system32\lkakgttk.iniC:\windows\system32\lkemsolv.dllC:\WINDOWS\system32\lubphvcu.dllC:\windows\system32\luunjajp.iniC:\windows\system32\mdqevyca.dllC:\windows\system32\mgavwain.dllC:\windows\system32\mitsenpn.iniC:\windows\system32\mjglnelx.iniC:\windows\system32\mpugklnf.dllC:\windows\system32\mqkwdqns.dllC:\windows\system32\mrohsivq.iniC:\windows\system32\mvxfsqrd.dllC:\windows\system32\mxvtvxxi.dllC:\windows\system32\myafaokt.iniC:\windows\system32\myiuymsh.dllC:\windows\system32\nbuyciep.dllC:\WINDOWS\system32\nbytahug.dllC:\windows\system32\ncirjmkv.dllC:\windows\system32\nhatropy.iniC:\windows\system32\nheeognh.iniC:\windows\system32\nhntmorq.iniC:\windows\system32\niawvagm.iniC:\windows\system32\njlxjnrd.dllC:\windows\system32\nkjwaavh.exeC:\windows\system32\npnestim.dllC:\windows\system32\nqmvsnfq.iniC:\windows\system32\nroavgga.iniC:\windows\system32\nyibgpke.dllC:\windows\system32\objmcabk.iniC:\windows\system32\odnnwloj.iniC:\windows\system32\ohlpxlws.dllC:\windows\system32\onwsiivp.iniC:\windows\system32\ooufpkwr.iniC:\windows\system32\ouinjiqr.dllC:\windows\system32\pbbniabv.dllC:\windows\system32\peicyubn.iniC:\windows\system32\percdjjj.dllC:\windows\system32\piomrlyu.iniC:\windows\system32\pjajnuul.dllC:\windows\system32\pjvbrogt.dllC:\windows\system32\pluwwilv.dllC:\windows\system32\pmprolhg.iniC:\windows\system32\ppdkcvbb.dllC:\windows\system32\pviiswno.dllC:\windows\system32\pvpyqxrf.dllC:\windows\system32\pxjjjaax.dllC:\windows\system32\qbqvocnq.dllC:\windows\system32\qesahwmq.iniC:\windows\system32\qfnsvmqn.dllC:\windows\system32\qmwhaseq.dllC:\windows\system32\qncovqbq.iniC:\windows\system32\qpdevwvh.iniC:\windows\system32\qromtnhn.dllC:\windows\system32\qsgjslga.iniC:\windows\system32\qubdmgps.dllC:\windows\system32\qvishorm.dllC:\windows\system32\rcnlwkvk.iniC:\windows\system32\rcrwxhvs.dllC:\windows\system32\rgfnnxya.dllC:\windows\system32\rooksxis.dllC:\windows\system32\rperdaha.iniC:\windows\system32\rpsysshf.dllC:\windows\system32\rqdtffqe.iniC:\windows\system32\rqijniuo.iniC:\windows\system32\rryrdjtb.iniC:\WINDOWS\system32\rtvwa.bak1C:\WINDOWS\system32\rtvwa.bak2C:\WINDOWS\system32\rtvwa.iniC:\WINDOWS\system32\rtvwa.ini2C:\WINDOWS\system32\rtvwa.tmpC:\windows\system32\rwkpfuoo.dllC:\windows\system32\rwnhmqqc.dllC:\windows\system32\ryedxsye.iniC:\windows\system32\saedubld.iniC:\windows\system32\saqlwdcw.iniC:\windows\system32\sarkjvou.iniC:\windows\system32\sgmrvvjt.iniC:\windows\system32\sixskoor.iniC:\windows\system32\snclvmdl.dllC:\windows\system32\snqdwkqm.iniC:\windows\system32\spgmdbuq.iniC:\windows\system32\sssyfxsf.iniC:\windows\system32\svhxwrcr.iniC:\windows\system32\swlxplho.iniC:\windows\system32\tanahsjk.dllC:\windows\system32\tbdkrwhl.iniC:\windows\system32\tfncrdve.dllC:\windows\system32\tgorbvjp.iniC:\windows\system32\tjvvrmgs.dllC:\windows\system32\tkoafaym.dllC:\windows\system32\tmmoldrd.iniC:\windows\system32\tqayvroa.dllC:\windows\system32\tsleiuvf.iniC:\windows\system32\ubfardyb.dllC:\windows\system32\ucqqimax.iniC:\windows\system32\ucvhpbul.iniC:\windows\system32\ucwikttu.dllC:\windows\system32\uiwaeyhi.iniC:\windows\system32\ulwwhyfh.dllC:\windows\system32\uovjkras.dllC:\windows\system32\uqyqipfy.iniC:\windows\system32\uttkiwcu.iniC:\windows\system32\uylrmoip.dllC:\windows\system32\vbainbbp.iniC:\windows\system32\vfchxvka.iniC:\windows\system32\vjudqvuk.iniC:\windows\system32\vkmjricn.iniC:\windows\system32\vliwwulp.iniC:\windows\system32\vlosmekl.iniC:\windows\system32\vxplhypd.iniC:\windows\system32\vybqvmje.iniC:\windows\system32\wcdwlqas.dllC:\windows\system32\weoupfid.iniC:\windows\system32\wktmphjk.iniC:\windows\system32\wqysqnib.iniC:\windows\system32\wxuorxgx.dllC:\windows\system32\wytgnygy.iniC:\windows\system32\xaajjjxp.iniC:\windows\system32\xamiqqcu.dllC:\windows\system32\xeioqxcf.dllC:\windows\system32\xgxrouxw.iniC:\windows\system32\xhosxbme.dllC:\windows\system32\xixaping.iniC:\windows\system32\xjbppeqj.iniC:\windows\system32\xlenlgjm.dllC:\windows\system32\xmcnmmmx.iniC:\windows\system32\xmmmncmx.dllC:\windows\system32\xsmfawej.dllC:\WINDOWS\system32\xxyyywt.dllC:\windows\system32\xyfjvree.iniC:\windows\system32\yfpiqyqu.dllC:\windows\system32\ygyngtyw.dllC:\windows\system32\yplmgpcd.iniC:\windows\system32\yportahn.dllBeginning removal... Attempting to delete C:\windows\system32\acyveqdm.iniC:\windows\system32\acyveqdm.ini Has been deleted! Attempting to delete C:\windows\system32\aggvaorn.dllC:\windows\system32\aggvaorn.dll Has been deleted! Attempting to delete C:\windows\system32\aglsjgsq.dllC:\windows\system32\aglsjgsq.dll Has been deleted! Attempting to delete C:\windows\system32\ahadrepr.dllC:\windows\system32\ahadrepr.dll Has been deleted! Attempting to delete C:\windows\system32\akvxhcfv.dllC:\windows\system32\akvxhcfv.dll Has been deleted! Attempting to delete C:\windows\system32\aorvyaqt.iniC:\windows\system32\aorvyaqt.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\awvtr.dllC:\WINDOWS\system32\awvtr.dll Could not be deleted. Attempting to delete C:\windows\system32\ayldidqg.iniC:\windows\system32\ayldidqg.ini Has been deleted! Attempting to delete C:\windows\system32\ayxnnfgr.iniC:\windows\system32\ayxnnfgr.ini Has been deleted! Attempting to delete C:\windows\system32\bbvckdpp.iniC:\windows\system32\bbvckdpp.ini Has been deleted! Attempting to delete C:\windows\system32\binqsyqw.dllC:\windows\system32\binqsyqw.dll Has been deleted! Attempting to delete C:\windows\system32\bjyufmfi.iniC:\windows\system32\bjyufmfi.ini Has been deleted! Attempting to delete C:\windows\system32\bqyyrevi.iniC:\windows\system32\bqyyrevi.ini Has been deleted! Attempting to delete C:\windows\system32\btjdryrr.dllC:\windows\system32\btjdryrr.dll Has been deleted! Attempting to delete C:\windows\system32\bybtpite.dllC:\windows\system32\bybtpite.dll Has been deleted! Attempting to delete C:\windows\system32\bydrafbu.iniC:\windows\system32\bydrafbu.ini Has been deleted! Attempting to delete C:\windows\system32\ceownxft.dllC:\windows\system32\ceownxft.dll Has been deleted! Attempting to delete C:\windows\system32\chjkemhj.iniC:\windows\system32\chjkemhj.ini Has been deleted! Attempting to delete C:\windows\system32\clnlelfd.dllC:\windows\system32\clnlelfd.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\coxsgffg.dllC:\WINDOWS\system32\coxsgffg.dll Has been deleted! Attempting to delete C:\windows\system32\cqqmhnwr.iniC:\windows\system32\cqqmhnwr.ini Has been deleted! Attempting to delete C:\windows\system32\dcpgmlpy.dllC:\windows\system32\dcpgmlpy.dll Has been deleted! Attempting to delete C:\windows\system32\dflelnlc.iniC:\windows\system32\dflelnlc.ini Has been deleted! Attempting to delete C:\windows\system32\difpuoew.dllC:\windows\system32\difpuoew.dll Has been deleted! Attempting to delete C:\windows\system32\dlbudeas.dllC:\windows\system32\dlbudeas.dll Has been deleted! Attempting to delete C:\windows\system32\dmxejgoi.iniC:\windows\system32\dmxejgoi.ini Has been deleted! Attempting to delete C:\windows\system32\dpyhlpxv.dllC:\windows\system32\dpyhlpxv.dll Has been deleted! Attempting to delete C:\windows\system32\drdlommt.dllC:\windows\system32\drdlommt.dll Has been deleted! Attempting to delete C:\windows\system32\drnjxljn.iniC:\windows\system32\drnjxljn.ini Has been deleted! Attempting to delete C:\windows\system32\drqsfxvm.iniC:\windows\system32\drqsfxvm.ini Has been deleted! Attempting to delete C:\windows\system32\eervjfyx.dllC:\windows\system32\eervjfyx.dll Has been deleted! Attempting to delete C:\windows\system32\ejmvqbyv.dllC:\windows\system32\ejmvqbyv.dll Has been deleted! Attempting to delete C:\windows\system32\ekpgbiyn.iniC:\windows\system32\ekpgbiyn.ini Has been deleted! Attempting to delete C:\windows\system32\embxsohx.iniC:\windows\system32\embxsohx.ini Has been deleted! Attempting to delete C:\windows\system32\emlvkxij.dllC:\windows\system32\emlvkxij.dll Has been deleted! Attempting to delete C:\windows\system32\ensjjknj.dllC:\windows\system32\ensjjknj.dll Has been deleted! Attempting to delete C:\windows\system32\eqfftdqr.dllC:\windows\system32\eqfftdqr.dll Has been deleted! Attempting to delete C:\windows\system32\etiptbyb.iniC:\windows\system32\etiptbyb.ini Has been deleted! Attempting to delete C:\windows\system32\evdrcnft.iniC:\windows\system32\evdrcnft.ini Has been deleted! Attempting to delete C:\windows\system32\eysxdeyr.dllC:\windows\system32\eysxdeyr.dll Has been deleted! Attempting to delete C:\windows\system32\fcaminff.dllC:\windows\system32\fcaminff.dll Has been deleted! Attempting to delete C:\windows\system32\fcxqoiex.iniC:\windows\system32\fcxqoiex.ini Has been deleted! Attempting to delete C:\windows\system32\fdxxnelg.iniC:\windows\system32\fdxxnelg.ini Has been deleted! Attempting to delete C:\windows\system32\ffnimacf.iniC:\windows\system32\ffnimacf.ini Has been deleted! Attempting to delete C:\windows\system32\ffrwohdj.iniC:\windows\system32\ffrwohdj.ini Has been deleted! Attempting to delete C:\windows\system32\fhssyspr.iniC:\windows\system32\fhssyspr.ini Has been deleted! Attempting to delete C:\windows\system32\fnlkgupm.iniC:\windows\system32\fnlkgupm.ini Has been deleted! Attempting to delete C:\windows\system32\frxqypvp.iniC:\windows\system32\frxqypvp.ini Has been deleted! Attempting to delete C:\windows\system32\fsxfysss.dllC:\windows\system32\fsxfysss.dll Has been deleted! Attempting to delete C:\windows\system32\ftbuikuj.dllC:\windows\system32\ftbuikuj.dll Has been deleted! Attempting to delete C:\windows\system32\fvuielst.dllC:\windows\system32\fvuielst.dll Has been deleted! Attempting to delete C:\windows\system32\ghlorpmp.dllC:\windows\system32\ghlorpmp.dll Has been deleted! Attempting to delete C:\windows\system32\glenxxdf.dllC:\windows\system32\glenxxdf.dll Has been deleted! Attempting to delete C:\windows\system32\gnipaxix.dllC:\windows\system32\gnipaxix.dll Has been deleted! Attempting to delete C:\windows\system32\gqdidlya.dllC:\windows\system32\gqdidlya.dll Has been deleted! Attempting to delete C:\windows\system32\hfyhwwlu.iniC:\windows\system32\hfyhwwlu.ini Has been deleted! Attempting to delete C:\windows\system32\hngoeehn.dllC:\windows\system32\hngoeehn.dll Has been deleted! Attempting to delete C:\windows\system32\hsmyuiym.iniC:\windows\system32\hsmyuiym.ini Has been deleted! Attempting to delete C:\windows\system32\hvwvedpq.dllC:\windows\system32\hvwvedpq.dll Has been deleted! Attempting to delete C:\windows\system32\ifmfuyjb.dllC:\windows\system32\ifmfuyjb.dll Has been deleted! Attempting to delete C:\windows\system32\ihyeawiu.dllC:\windows\system32\ihyeawiu.dll Has been deleted! Attempting to delete C:\windows\system32\iogjexmd.dllC:\windows\system32\iogjexmd.dll Has been deleted! Attempting to delete C:\windows\system32\iveryyqb.dllC:\windows\system32\iveryyqb.dll Has been deleted! Attempting to delete C:\windows\system32\ixxvtvxm.iniC:\windows\system32\ixxvtvxm.ini Has been deleted! Attempting to delete C:\windows\system32\jdhowrff.dllC:\windows\system32\jdhowrff.dll Has been deleted! Attempting to delete C:\windows\system32\jewafmsx.iniC:\windows\system32\jewafmsx.ini Has been deleted! Attempting to delete C:\windows\system32\jhmekjhc.dllC:\windows\system32\jhmekjhc.dll Has been deleted! Attempting to delete C:\windows\system32\jixkvlme.iniC:\windows\system32\jixkvlme.ini Has been deleted! Attempting to delete C:\windows\system32\jjjdcrep.iniC:\windows\system32\jjjdcrep.ini Has been deleted! Attempting to delete C:\windows\system32\jnkjjsne.iniC:\windows\system32\jnkjjsne.ini Has been deleted! Attempting to delete C:\windows\system32\jolwnndo.dllC:\windows\system32\jolwnndo.dll Has been deleted! Attempting to delete C:\windows\system32\jqeppbjx.dllC:\windows\system32\jqeppbjx.dll Has been deleted! Attempting to delete C:\windows\system32\jukiubtf.iniC:\windows\system32\jukiubtf.ini Has been deleted! Attempting to delete C:\windows\system32\kbacmjbo.dllC:\windows\system32\kbacmjbo.dll Has been deleted! Attempting to delete C:\windows\system32\kjhpmtkw.dllC:\windows\system32\kjhpmtkw.dll Has been deleted! Attempting to delete C:\windows\system32\kjshanat.iniC:\windows\system32\kjshanat.ini Has been deleted! Attempting to delete C:\windows\system32\kttgkakl.dllC:\windows\system32\kttgkakl.dll Has been deleted! Attempting to delete C:\windows\system32\kuvqdujv.dllC:\windows\system32\kuvqdujv.dll Has been deleted! Attempting to delete C:\windows\system32\kvkwlncr.dllC:\windows\system32\kvkwlncr.dll Has been deleted! Attempting to delete C:\windows\system32\ldmvlcns.iniC:\windows\system32\ldmvlcns.ini Has been deleted! Attempting to delete C:\windows\system32\lhwrkdbt.dllC:\windows\system32\lhwrkdbt.dll Has been deleted! Attempting to delete C:\windows\system32\lkakgttk.iniC:\windows\system32\lkakgttk.ini Has been deleted! Attempting to delete C:\windows\system32\lkemsolv.dllC:\windows\system32\lkemsolv.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\lubphvcu.dllC:\WINDOWS\system32\lubphvcu.dll Could not be deleted. Attempting to delete C:\windows\system32\luunjajp.iniC:\windows\system32\luunjajp.ini Has been deleted! Attempting to delete C:\windows\system32\mdqevyca.dllC:\windows\system32\mdqevyca.dll Has been deleted! Attempting to delete C:\windows\system32\mgavwain.dllC:\windows\system32\mgavwain.dll Has been deleted! Attempting to delete C:\windows\system32\mitsenpn.iniC:\windows\system32\mitsenpn.ini Has been deleted! Attempting to delete C:\windows\system32\mjglnelx.iniC:\windows\system32\mjglnelx.ini Has been deleted! Attempting to delete C:\windows\system32\mpugklnf.dllC:\windows\system32\mpugklnf.dll Has been deleted! Attempting to delete C:\windows\system32\mqkwdqns.dllC:\windows\system32\mqkwdqns.dll Has been deleted! Attempting to delete C:\windows\system32\mrohsivq.iniC:\windows\system32\mrohsivq.ini Has been deleted! Attempting to delete C:\windows\system32\mvxfsqrd.dllC:\windows\system32\mvxfsqrd.dll Has been deleted! Attempting to delete C:\windows\system32\mxvtvxxi.dllC:\windows\system32\mxvtvxxi.dll Has been deleted! Attempting to delete C:\windows\system32\myafaokt.iniC:\windows\system32\myafaokt.ini Has been deleted! Attempting to delete C:\windows\system32\myiuymsh.dllC:\windows\system32\myiuymsh.dll Has been deleted! Attempting to delete C:\windows\system32\nbuyciep.dllC:\windows\system32\nbuyciep.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\nbytahug.dllC:\WINDOWS\system32\nbytahug.dll Could not be deleted. Attempting to delete C:\windows\system32\ncirjmkv.dllC:\windows\system32\ncirjmkv.dll Has been deleted! Attempting to delete C:\windows\system32\nhatropy.iniC:\windows\system32\nhatropy.ini Has been deleted! Attempting to delete C:\windows\system32\nheeognh.iniC:\windows\system32\nheeognh.ini Has been deleted! Attempting to delete C:\windows\system32\nhntmorq.iniC:\windows\system32\nhntmorq.ini Has been deleted! Attempting to delete C:\windows\system32\niawvagm.iniC:\windows\system32\niawvagm.ini Has been deleted! Attempting to delete C:\windows\system32\njlxjnrd.dllC:\windows\system32\njlxjnrd.dll Has been deleted! Attempting to delete C:\windows\system32\nkjwaavh.exeC:\windows\system32\nkjwaavh.exe Has been deleted! Attempting to delete C:\windows\system32\npnestim.dllC:\windows\system32\npnestim.dll Has been deleted! Attempting to delete C:\windows\system32\nqmvsnfq.iniC:\windows\system32\nqmvsnfq.ini Has been deleted! Attempting to delete C:\windows\system32\nroavgga.iniC:\windows\system32\nroavgga.ini Has been deleted! Attempting to delete C:\windows\system32\nyibgpke.dllC:\windows\system32\nyibgpke.dll Has been deleted! Attempting to delete C:\windows\system32\objmcabk.iniC:\windows\system32\objmcabk.ini Has been deleted! Attempting to delete C:\windows\system32\odnnwloj.iniC:\windows\system32\odnnwloj.ini Has been deleted! Attempting to delete C:\windows\system32\ohlpxlws.dllC:\windows\system32\ohlpxlws.dll Has been deleted! Attempting to delete C:\windows\system32\onwsiivp.iniC:\windows\system32\onwsiivp.ini Has been deleted! Attempting to delete C:\windows\system32\ooufpkwr.iniC:\windows\system32\ooufpkwr.ini Has been deleted! Attempting to delete C:\windows\system32\ouinjiqr.dllC:\windows\system32\ouinjiqr.dll Has been deleted! Attempting to delete C:\windows\system32\pbbniabv.dllC:\windows\system32\pbbniabv.dll Has been deleted! Attempting to delete C:\windows\system32\peicyubn.iniC:\windows\system32\peicyubn.ini Has been deleted! Attempting to delete C:\windows\system32\percdjjj.dllC:\windows\system32\percdjjj.dll Has been deleted! Attempting to delete C:\windows\system32\piomrlyu.iniC:\windows\system32\piomrlyu.ini Has been deleted! Attempting to delete C:\windows\system32\pjajnuul.dllC:\windows\system32\pjajnuul.dll Has been deleted! Attempting to delete C:\windows\system32\pjvbrogt.dllC:\windows\system32\pjvbrogt.dll Has been deleted! Attempting to delete C:\windows\system32\pluwwilv.dllC:\windows\system32\pluwwilv.dll Has been deleted! Attempting to delete C:\windows\system32\pmprolhg.iniC:\windows\system32\pmprolhg.ini Has been deleted! Attempting to delete C:\windows\system32\ppdkcvbb.dllC:\windows\system32\ppdkcvbb.dll Has been deleted! Attempting to delete C:\windows\system32\pviiswno.dllC:\windows\system32\pviiswno.dll Has been deleted! Attempting to delete C:\windows\system32\pvpyqxrf.dllC:\windows\system32\pvpyqxrf.dll Has been deleted! Attempting to delete C:\windows\system32\pxjjjaax.dllC:\windows\system32\pxjjjaax.dll Has been deleted! Attempting to delete C:\windows\system32\qbqvocnq.dllC:\windows\system32\qbqvocnq.dll Has been deleted! Attempting to delete C:\windows\system32\qesahwmq.iniC:\windows\system32\qesahwmq.ini Has been deleted! Attempting to delete C:\windows\system32\qfnsvmqn.dllC:\windows\system32\qfnsvmqn.dll Has been deleted! Attempting to delete C:\windows\system32\qmwhaseq.dllC:\windows\system32\qmwhaseq.dll Has been deleted! Attempting to delete C:\windows\system32\qncovqbq.iniC:\windows\system32\qncovqbq.ini Has been deleted! Attempting to delete C:\windows\system32\qpdevwvh.iniC:\windows\system32\qpdevwvh.ini Has been deleted! Attempting to delete C:\windows\system32\qromtnhn.dllC:\windows\system32\qromtnhn.dll Has been deleted! Attempting to delete C:\windows\system32\qsgjslga.iniC:\windows\system32\qsgjslga.ini Has been deleted! Attempting to delete C:\windows\system32\qubdmgps.dllC:\windows\system32\qubdmgps.dll Has been deleted! Attempting to delete C:\windows\system32\qvishorm.dllC:\windows\system32\qvishorm.dll Has been deleted! Attempting to delete C:\windows\system32\rcnlwkvk.iniC:\windows\system32\rcnlwkvk.ini Has been deleted! Attempting to delete C:\windows\system32\rcrwxhvs.dllC:\windows\system32\rcrwxhvs.dll Has been deleted! Attempting to delete C:\windows\system32\rgfnnxya.dllC:\windows\system32\rgfnnxya.dll Has been deleted! Attempting to delete C:\windows\system32\rooksxis.dllC:\windows\system32\rooksxis.dll Has been deleted! Attempting to delete C:\windows\system32\rperdaha.iniC:\windows\system32\rperdaha.ini Has been deleted! Attempting to delete C:\windows\system32\rpsysshf.dllC:\windows\system32\rpsysshf.dll Has been deleted! Attempting to delete C:\windows\system32\rqdtffqe.iniC:\windows\system32\rqdtffqe.ini Has been deleted! Attempting to delete C:\windows\system32\rqijniuo.iniC:\windows\system32\rqijniuo.ini Has been deleted! Attempting to delete C:\windows\system32\rryrdjtb.iniC:\windows\system32\rryrdjtb.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\rtvwa.bak1C:\WINDOWS\system32\rtvwa.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\rtvwa.bak2C:\WINDOWS\system32\rtvwa.bak2 Has been deleted! Attempting to delete C:\WINDOWS\system32\rtvwa.iniC:\WINDOWS\system32\rtvwa.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\rtvwa.ini2C:\WINDOWS\system32\rtvwa.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32\rtvwa.tmpC:\WINDOWS\system32\rtvwa.tmp Has been deleted! Attempting to delete C:\windows\system32\rwkpfuoo.dllC:\windows\system32\rwkpfuoo.dll Has been deleted! Attempting to delete C:\windows\system32\rwnhmqqc.dllC:\windows\system32\rwnhmqqc.dll Has been deleted! Attempting to delete C:\windows\system32\ryedxsye.iniC:\windows\system32\ryedxsye.ini Has been deleted! Attempting to delete C:\windows\system32\saedubld.iniC:\windows\system32\saedubld.ini Has been deleted! Attempting to delete C:\windows\system32\saqlwdcw.iniC:\windows\system32\saqlwdcw.ini Has been deleted! Attempting to delete C:\windows\system32\sarkjvou.iniC:\windows\system32\sarkjvou.ini Has been deleted! Attempting to delete C:\windows\system32\sgmrvvjt.iniC:\windows\system32\sgmrvvjt.ini Has been deleted! Attempting to delete C:\windows\system32\sixskoor.iniC:\windows\system32\sixskoor.ini Has been deleted! Attempting to delete C:\windows\system32\snclvmdl.dllC:\windows\system32\snclvmdl.dll Has been deleted! Attempting to delete C:\windows\system32\snqdwkqm.iniC:\windows\system32\snqdwkqm.ini Has been deleted! Attempting to delete C:\windows\system32\spgmdbuq.iniC:\windows\system32\spgmdbuq.ini Has been deleted! Attempting to delete C:\windows\system32\sssyfxsf.iniC:\windows\system32\sssyfxsf.ini Has been deleted! Attempting to delete C:\windows\system32\svhxwrcr.iniC:\windows\system32\svhxwrcr.ini Has been deleted! Attempting to delete C:\windows\system32\swlxplho.iniC:\windows\system32\swlxplho.ini Has been deleted! Attempting to delete C:\windows\system32\tanahsjk.dllC:\windows\system32\tanahsjk.dll Has been deleted! Attempting to delete C:\windows\system32\tbdkrwhl.iniC:\windows\system32\tbdkrwhl.ini Has been deleted! Attempting to delete C:\windows\system32\tfncrdve.dllC:\windows\system32\tfncrdve.dll Has been deleted! Attempting to delete C:\windows\system32\tgorbvjp.iniC:\windows\system32\tgorbvjp.ini Has been deleted! Attempting to delete C:\windows\system32\tjvvrmgs.dllC:\windows\system32\tjvvrmgs.dll Has been deleted! Attempting to delete C:\windows\system32\tkoafaym.dllC:\windows\system32\tkoafaym.dll Has been deleted! Attempting to delete C:\windows\system32\tmmoldrd.iniC:\windows\system32\tmmoldrd.ini Has been deleted! Attempting to delete C:\windows\system32\tqayvroa.dllC:\windows\system32\tqayvroa.dll Has been deleted! Attempting to delete C:\windows\system32\tsleiuvf.iniC:\windows\system32\tsleiuvf.ini Has been deleted! Attempting to delete C:\windows\system32\ubfardyb.dllC:\windows\system32\ubfardyb.dll Has been deleted! Attempting to delete C:\windows\system32\ucqqimax.iniC:\windows\system32\ucqqimax.ini Has been deleted! Attempting to delete C:\windows\system32\ucvhpbul.iniC:\windows\system32\ucvhpbul.ini Has been deleted! Attempting to delete C:\windows\system32\ucwikttu.dllC:\windows\system32\ucwikttu.dll Has been deleted! Attempting to delete C:\windows\system32\uiwaeyhi.iniC:\windows\system32\uiwaeyhi.ini Has been deleted! Attempting to delete C:\windows\system32\ulwwhyfh.dllC:\windows\system32\ulwwhyfh.dll Has been deleted! Attempting to delete C:\windows\system32\uovjkras.dllC:\windows\system32\uovjkras.dll Has been deleted! Attempting to delete C:\windows\system32\uqyqipfy.iniC:\windows\system32\uqyqipfy.ini Has been deleted! Attempting to delete C:\windows\system32\uttkiwcu.iniC:\windows\system32\uttkiwcu.ini Has been deleted! Attempting to delete C:\windows\system32\uylrmoip.dllC:\windows\system32\uylrmoip.dll Has been deleted! Attempting to delete C:\windows\system32\vbainbbp.iniC:\windows\system32\vbainbbp.ini Has been deleted! Attempting to delete C:\windows\system32\vfchxvka.iniC:\windows\system32\vfchxvka.ini Has been deleted! Attempting to delete C:\windows\system32\vjudqvuk.iniC:\windows\system32\vjudqvuk.ini Has been deleted! Attempting to delete C:\windows\system32\vkmjricn.iniC:\windows\system32\vkmjricn.ini Has been deleted! Attempting to delete C:\windows\system32\vliwwulp.iniC:\windows\system32\vliwwulp.ini Has been deleted! Attempting to delete C:\windows\system32\vlosmekl.iniC:\windows\system32\vlosmekl.ini Has been deleted! Attempting to delete C:\windows\system32\vxplhypd.iniC:\windows\system32\vxplhypd.ini Has been deleted! Attempting to delete C:\windows\system32\vybqvmje.iniC:\windows\system32\vybqvmje.ini Has been deleted! Attempting to delete C:\windows\system32\wcdwlqas.dllC:\windows\system32\wcdwlqas.dll Has been deleted! Attempting to delete C:\windows\system32\weoupfid.iniC:\windows\system32\weoupfid.ini Has been deleted! Attempting to delete C:\windows\system32\wktmphjk.iniC:\windows\system32\wktmphjk.ini Has been deleted! Attempting to delete C:\windows\system32\wqysqnib.iniC:\windows\system32\wqysqnib.ini Has been deleted! Attempting to delete C:\windows\system32\wxuorxgx.dllC:\windows\system32\wxuorxgx.dll Has been deleted! Attempting to delete C:\windows\system32\wytgnygy.iniC:\windows\system32\wytgnygy.ini Has been deleted! Attempting to delete C:\windows\system32\xaajjjxp.iniC:\windows\system32\xaajjjxp.ini Has been deleted! Attempting to delete C:\windows\system32\xamiqqcu.dllC:\windows\system32\xamiqqcu.dll Has been deleted! Attempting to delete C:\windows\system32\xeioqxcf.dllC:\windows\system32\xeioqxcf.dll Has been deleted! Attempting to delete C:\windows\system32\xgxrouxw.iniC:\windows\system32\xgxrouxw.ini Has been deleted! Attempting to delete C:\windows\system32\xhosxbme.dllC:\windows\system32\xhosxbme.dll Has been deleted! Attempting to delete C:\windows\system32\xixaping.iniC:\windows\system32\xixaping.ini Has been deleted! Attempting to delete C:\windows\system32\xjbppeqj.iniC:\windows\system32\xjbppeqj.ini Has been deleted! Attempting to delete C:\windows\system32\xlenlgjm.dllC:\windows\system32\xlenlgjm.dll Has been deleted! Attempting to delete C:\windows\system32\xmcnmmmx.iniC:\windows\system32\xmcnmmmx.ini Has been deleted! Attempting to delete C:\windows\system32\xmmmncmx.dllC:\windows\system32\xmmmncmx.dll Has been deleted! Attempting to delete C:\windows\system32\xsmfawej.dllC:\windows\system32\xsmfawej.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\xxyyywt.dllC:\WINDOWS\system32\xxyyywt.dll Could not be deleted. Attempting to delete C:\windows\system32\xyfjvree.iniC:\windows\system32\xyfjvree.ini Has been deleted! Attempting to delete C:\windows\system32\yfpiqyqu.dllC:\windows\system32\yfpiqyqu.dll Has been deleted! Attempting to delete C:\windows\system32\ygyngtyw.dllC:\windows\system32\ygyngtyw.dll Has been deleted! Attempting to delete C:\windows\system32\yplmgpcd.iniC:\windows\system32\yplmgpcd.ini Has been deleted! Attempting to delete C:\windows\system32\yportahn.dllC:\windows\system32\yportahn.dll Has been deleted!Performing Repairs to the registry.Done!Beginning removal... Attempting to delete C:\WINDOWS\system32\awvtr.dllC:\WINDOWS\system32\awvtr.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\lubphvcu.dllC:\WINDOWS\system32\lubphvcu.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\nbytahug.dllC:\WINDOWS\system32\nbytahug.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\rtvwa.iniC:\WINDOWS\system32\rtvwa.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\xxyyywt.dllC:\WINDOWS\system32\xxyyywt.dll Could not be deleted.Performing Repairs to the registry.Done!VundoFix V6.5.9Checking Java version...Java version is 1.4.2.3Old versions of java are exploitable and should be removed.Scan started at 6:44:09 PM 10/4/2007Listing files found while scanning....C:\windows\system32\xxyyywt.dllBeginning removal... Attempting to delete C:\windows\system32\xxyyywt.dllC:\windows\system32\xxyyywt.dll Has been deleted!Performing Repairs to the registry.Done!VundoFix V6.7.7Checking Java version...Java version is 1.4.2.3Old versions of java are exploitable and should be removed.Scan started at 1:16:32 PM 1/31/2008Listing files found while scanning....No infected files were found.VundoFix V6.7.7Checking Java version...Java version is 1.4.2.3Old versions of java are exploitable and should be removed.Scan started at 6:39:55 PM 1/31/2008Listing files found while scanning....No infected files were found.Beginning removal... Quote Link to post Share on other sites
jwbirdsong Posted February 1, 2008 Report Share Posted February 1, 2008 Apparently you VF log was so long the combofix didn't post.Please post a copy of c:\combofix.txt Quote Link to post Share on other sites
kohu Posted February 1, 2008 Author Report Share Posted February 1, 2008 ugh, I didn't run combofix, so I did justr now, after it restated and finished, I couldn't connect to the internet, and I have no backups in my system restore. heres the log i got though.ComboFix 08-02.01.6 - Pete's 2008-02-01 12:14:25.3 - NTFSx86 NETWORKMicrosoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1203 [GMT -8:00]Running from: C:\Documents and Settings\Pete's\Desktop\ComboFix.exe.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\check_LSA7.txtC:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.datC:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.datC:\WINDOWS\b103.exe.binC:\WINDOWS\b136.exe.binC:\WINDOWS\system32\aduttakp.exeC:\WINDOWS\system32\awturqo.dllC:\WINDOWS\system32\bnrfil.dllC:\WINDOWS\system32\bsnlst.dllC:\WINDOWS\system32\ecllrobv.iniC:\WINDOWS\system32\evbgpwcl.dllC:\WINDOWS\system32\hgjlm.bak1C:\WINDOWS\system32\hgjlm.bak2C:\WINDOWS\system32\hgjlm.iniC:\WINDOWS\system32\igefil.dllC:\WINDOWS\system32\kvkefcjf.dllC:\WINDOWS\system32\lastupdate.dllC:\WINDOWS\system32\macfil.dllC:\WINDOWS\system32\mcrh.tmpC:\WINDOWS\system32\mljgh.dllC:\WINDOWS\system32\mp3fil.dllC:\WINDOWS\system32\nfil.dllC:\WINDOWS\system32\opatlfkh.iniC:\WINDOWS\system32\picsfil.dllC:\WINDOWS\system32\pskill.exeC:\WINDOWS\system32\snetfil.dllC:\WINDOWS\system32\srchfrgn.dllC:\WINDOWS\system32\srchout.dllC:\WINDOWS\system32\vborllce.dll----- BITS: Possible infected sites -----hxxp://au.download.windowsupdate.com.((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\LEGACY_DOMAINSERVICE-------\DomainService((((((((((((((((((((((((( Files Created from 2008-01-01 to 2008-02-01 ))))))))))))))))))))))))))))))). Quote Link to post Share on other sites
jwbirdsong Posted February 1, 2008 Report Share Posted February 1, 2008 (edited) Go to your Control Panel>Network Connections>Rt click on your current connect (Probably Locan Area Connetion) and select RepairAfter a reboot you should be connecting again.Fully describe w/ pictures HERELook like all of the log didn't post..you should see a EOF at the end of a complete log Edited February 1, 2008 by jwbirdsong Quote Link to post Share on other sites
kohu Posted February 1, 2008 Author Report Share Posted February 1, 2008 didn't work, still can't connect. And thats all thats in the log. Quote Link to post Share on other sites
kohu Posted February 1, 2008 Author Report Share Posted February 1, 2008 (edited) wait, nevermind, I ran it again without my firewall on, and heres the log. internet still doesn't work. I can't seem to get an IP adress, and it still doesn't work when i setup a static one. I'm trying to connect using a wireless router, no wired connection at all. However my other computer, (the one I'm using now) can connect to the router just fine.ComboFix 08-02.01.6 - Pete's 2008-02-01 13:56:42.4 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1013 [GMT -8:00]Running from: C:\Documents and Settings\Pete's\Desktop\ComboFix.exe.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.datC:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat.---- Previous Run -------.C:\check_LSA7.txtC:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.datC:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.datC:\WINDOWS\b103.exe.binC:\WINDOWS\b136.exe.binC:\WINDOWS\system32\aduttakp.exeC:\WINDOWS\system32\awturqo.dllC:\WINDOWS\system32\bnrfil.dllC:\WINDOWS\system32\bsnlst.dllC:\WINDOWS\system32\ecllrobv.iniC:\WINDOWS\system32\evbgpwcl.dllC:\WINDOWS\system32\hgjlm.bak1C:\WINDOWS\system32\hgjlm.bak2C:\WINDOWS\system32\hgjlm.iniC:\WINDOWS\system32\igefil.dllC:\WINDOWS\system32\kvkefcjf.dllC:\WINDOWS\system32\lastupdate.dllC:\WINDOWS\system32\macfil.dllC:\WINDOWS\system32\mcrh.tmpC:\WINDOWS\system32\mljgh.dllC:\WINDOWS\system32\mp3fil.dllC:\WINDOWS\system32\nfil.dllC:\WINDOWS\system32\opatlfkh.iniC:\WINDOWS\system32\picsfil.dllC:\WINDOWS\system32\pskill.exeC:\WINDOWS\system32\snetfil.dllC:\WINDOWS\system32\srchfrgn.dllC:\WINDOWS\system32\srchout.dllC:\WINDOWS\system32\vborllce.dll----- BITS: Possible infected sites -----hxxp://au.download.windowsupdate.com.((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\LEGACY_DOMAINSERVICE-------\DomainService((((((((((((((((((((((((( Files Created from 2008-01-01 to 2008-02-01 ))))))))))))))))))))))))))))))).2008-01-31 17:10 . 2008-01-31 20:18 <DIR> d-------- C:\Program Files\Thoosje Sidebar V2.32008-01-31 12:34 . 2008-01-31 12:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet2008-01-31 12:24 . 2008-01-31 12:24 <DIR> d-------- C:\Program Files\Bonjour2008-01-31 11:55 . 2008-01-31 11:55 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared2008-01-30 15:12 . 2008-01-30 15:18 <DIR> d-------- C:\WINDOWS\vbSkinner2008-01-30 15:12 . 2008-01-30 15:20 <DIR> d-------- C:\Program Files\PFConfig2008-01-26 17:47 . 2008-01-26 17:47 <DIR> d-------- C:\Program Files\Cucusoft2008-01-26 17:47 . 2008-01-26 19:34 <DIR> d-------- C:\ConverterOutput2008-01-19 13:49 . 2008-01-19 14:03 <DIR> d-------- C:\Program Files\01-mp3search2008-01-19 11:30 . 2008-01-19 11:30 244 --ah----- C:\sqmnoopt00.sqm2008-01-19 11:30 . 2008-01-19 11:30 232 --ah----- C:\sqmdata00.sqm2008-01-18 15:55 . 2004-03-29 16:23 90,112 --a------ C:\WINDOWS\unvise32.exe2008-01-18 15:54 . 2008-01-18 15:54 <DIR> d-------- C:\Program Files\The Rosetta Stone2008-01-15 20:17 . 2008-01-15 20:28 <DIR> d-------- C:\Program Files\SBPaper2008-01-15 16:43 . 2008-01-30 20:13 <DIR> d-------- C:\WINDOWS\system32\VIRepair2008-01-15 16:43 . 2008-01-15 16:43 <DIR> d-------- C:\Program Files\WinFlip2008-01-15 16:43 . 2008-01-15 16:43 <DIR> d-------- C:\Program Files\VisualTooltip2008-01-15 16:43 . 2008-01-30 20:18 <DIR> d-------- C:\Program Files\ViStart2008-01-15 16:43 . 2008-01-30 19:18 <DIR> d-------- C:\Program Files\Vista Sidebar2008-01-15 16:43 . 2008-01-15 16:43 <DIR> d-------- C:\Program Files\ViOrb2008-01-15 16:43 . 2008-01-15 16:43 <DIR> d-------- C:\Program Files\TrueTransparency2008-01-15 16:43 . 2008-01-15 16:43 <DIR> d-------- C:\Program Files\Styler2008-01-15 16:43 . 2008-01-15 16:43 <DIR> d-------- C:\Program Files\LClock2008-01-15 16:43 . 2008-01-15 16:43 <DIR> d-------- C:\Documents and Settings\Pete's\Application Data\Styler2008-01-15 16:43 . 2007-04-15 01:30 6,181,376 --a------ C:\WINDOWS\system32\vistaui.exe2008-01-15 16:43 . 2007-11-30 05:56 329,029 --a------ C:\WINDOWS\system32\viwc.exe2008-01-15 16:43 . 2004-09-20 01:27 172,032 --a------ C:\WINDOWS\system32\LClock.cpl2008-01-15 16:43 . 2007-11-25 22:11 49,208 --a------ C:\WINDOWS\system32\vistartup.bmp2008-01-15 16:37 . 2008-01-15 16:37 78,942 --a------ C:\WINDOWS\Icon_1.ico2008-01-15 16:36 . 2008-01-30 19:34 <DIR> d-------- C:\WINDOWS\system32\VITrans2008-01-15 16:36 . 2008-01-15 16:44 <DIR> d-------- C:\VTPFiles2008-01-15 16:36 . 2006-12-03 17:15 111,104 --a------ C:\WINDOWS\system32\Uharc.exe2008-01-15 16:36 . 2006-12-03 17:15 19,968 --a------ C:\WINDOWS\system32\reico.exe2008-01-15 16:36 . 2006-12-03 17:14 8,636 --a------ C:\WINDOWS\system32\modifype.exe2008-01-14 20:51 . 2008-01-19 13:56 <DIR> d-------- C:\True Enough Re-loaded2008-01-14 18:17 . 2008-01-14 18:17 <DIR> d-------- C:\Vistart2008-01-14 14:29 . 2008-01-14 14:46 <DIR> d-------- C:\Documents and Settings\Pete's\Application Data\ViStart2008-01-12 15:26 . 2008-01-12 15:26 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS2008-01-10 16:10 . 2008-01-10 16:10 <DIR> d-------- C:\WINDOWS\system32\Dump2008-01-09 20:19 . 2008-01-09 20:19 <DIR> d-------- C:\Program Files\Outspark2008-01-07 16:43 . 2008-01-11 15:20 <DIR> d-------- C:\Documents and Settings\Pete's\Builds2008-01-06 15:50 . 2008-01-06 17:29 <DIR> d-------- C:\Program Files\RegCure2008-01-02 09:54 . 2008-01-03 15:14 <DIR> d-------- C:\Documents and Settings\Pete's\Application Data\Uniblue.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-02-01 21:01 --------- d-----w C:\Documents and Settings\Pete's\Application Data\uTorrent2008-01-31 20:24 --------- d-----w C:\Program Files\Common Files\Adobe2008-01-30 22:47 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL2008-01-30 22:47 360,064 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS2008-01-30 00:44 --------- d-----w C:\Program Files\SUPERAntiSpyware2008-01-27 03:41 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP2008-01-27 03:10 --------- d-----w C:\Program Files\Common Files\FotoNation2008-01-23 20:05 --------- d--h--w C:\Program Files\InstallShield Installation Information2008-01-23 20:05 --------- d-----w C:\Documents and Settings\Pete's\Application Data\My Games2008-01-23 20:04 --------- d-----w C:\Program Files\Real2008-01-23 20:02 --------- d-----w C:\Documents and Settings\Pete's\Application Data\InstallShield Installation Information2008-01-23 19:57 --------- d-----w C:\Program Files\Microsoft Games2008-01-23 19:48 --------- d-----w C:\Program Files\DS Stuff2008-01-18 01:24 --------- d-----w C:\Program Files\uTorrent2008-01-11 23:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Outspark2008-01-10 03:23 --------- d-----w C:\Program Files\Fiesta2008-01-07 01:34 --------- d-----w C:\Program Files\lx_cats2007-12-31 22:29 --------- d-----w C:\Program Files\Common Files\DirectX2007-12-31 20:32 --------- d-----w C:\Program Files\Azureus2007-12-31 03:21 --------- d-----w C:\Program Files\DAP2007-12-31 03:16 --------- d-----w C:\Documents and Settings\Pete's\Application Data\Azureus2007-12-31 03:13 --------- d-----w C:\Program Files\SpeedOptimizer2007-12-31 03:08 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll2007-12-31 03:05 --------- d-----w C:\Program Files\AskPBar2007-12-29 18:54 --------- d-----w C:\Documents and Settings\Pete's\Application Data\Comodo2007-12-29 18:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Comodo2007-12-26 08:55 --------- d-----w C:\Program Files\PowerISO2007-12-24 22:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI MMC2007-12-24 17:07 --------- d-----w C:\Program Files\Common Files\Stardock2007-12-22 23:32 --------- d-----w C:\Documents and Settings\Pete's\Application Data\Realtime Soft2007-12-22 19:05 --------- d-----w C:\Program Files\Stardock2007-12-22 05:55 --------- d-----w C:\Program Files\Osu!2007-12-22 02:40 --------- d-----w C:\Program Files\Sony2007-12-22 02:28 --------- d-----w C:\Program Files\Avi2Dvd2007-12-20 04:55 --------- d-----w C:\Program Files\M-Audio Uno2007-12-20 01:21 --------- d-----w C:\Program Files\VOCALOID2007-12-19 00:55 --------- d-----w C:\Program Files\Sony Setup2007-12-17 04:03 --------- d-----w C:\Documents and Settings\Pete's\Application Data\Sony2007-12-17 03:55 --------- d-----w C:\Program Files\Microsoft SQL Server2007-12-17 03:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony2007-12-15 22:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus2007-12-08 04:17 --------- d-----w C:\Program Files\Common Files\Macromedia2007-12-08 04:15 --------- d-----w C:\Program Files\Macromedia2007-12-08 02:24 --------- d-----w C:\Program Files\IrfanView2007-12-08 01:40 --------- d-----w C:\Program Files\Windows Live2007-12-08 01:39 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller2007-12-08 01:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller2007-12-04 01:20 --------- d-----w C:\Program Files\StepMania2007-12-04 00:26 --------- d-----w C:\Program Files\Game Elements PC Recoil Pad2007-12-02 21:21 --------- d-----w C:\Documents and Settings\Pete's\Application Data\DVD Flick2007-12-01 18:14 --------- d-----w C:\Program Files\DVD Flick2007-12-01 18:03 --------- d-----w C:\Program Files\Wise DVD to MPEG Converter2007-12-01 17:39 --------- d-----w C:\Program Files\PowerImage2007-11-22 18:38 139,008 ----a-w C:\WINDOWS\system32\guard32.dll2007-11-13 22:48 91,078 ----a-w C:\WINDOWS\system32\adwfil.dll2007-11-13 22:48 9,796 ----a-w C:\WINDOWS\system32\gnfil.dll2007-11-13 22:48 9,634 ----a-w C:\WINDOWS\system32\pkmon.dll2007-11-13 22:48 8,652 ----a-w C:\WINDOWS\system32\jbfil.dll2007-11-13 22:48 7,778 ----a-w C:\WINDOWS\system32\movfil.dll2007-11-13 22:48 7,642 ----a-w C:\WINDOWS\system32\auctfil.dll2007-11-13 22:48 6,830 ----a-w C:\WINDOWS\system32\swfil.dll2007-11-13 22:48 6,050 ----a-w C:\WINDOWS\system32\wrestfil.dll2007-11-13 22:48 5,782 ----a-w C:\WINDOWS\system32\vgamfil.dll2007-11-13 22:48 5,180 ----a-w C:\WINDOWS\system32\iawfil.dll2007-11-13 22:48 4,442 ----a-w C:\WINDOWS\system32\hatfil.dll2007-11-13 22:48 4,162 ----a-w C:\WINDOWS\system32\viofil.dll2007-11-13 22:48 3,444 ----a-w C:\WINDOWS\system32\srchin.dll2007-11-13 22:48 3,286 ----a-w C:\WINDOWS\system32\lgwfil.dll2007-11-13 22:48 22,618 ----a-w C:\WINDOWS\system32\perfil.dll2007-11-13 22:48 17,488 ----a-w C:\WINDOWS\system32\nvgamfil.dll2007-11-13 22:48 16,802 ----a-w C:\WINDOWS\system32\popfil.dll2007-11-13 22:48 157,916 ----a-w C:\WINDOWS\system32\pxyfil.dll2007-11-13 22:48 14,712 ----a-w C:\WINDOWS\system32\tafil.dll2007-11-13 22:48 13,154 ----a-w C:\WINDOWS\system32\finfil.dll2007-11-13 22:48 13,070 ----a-w C:\WINDOWS\system32\gblfil.dll2007-11-13 22:48 12,730 ----a-w C:\WINDOWS\system32\psyfil.dll2007-11-13 22:48 12,422 ----a-w C:\WINDOWS\system32\entfil.dll2007-11-13 22:48 12,266 ----a-w C:\WINDOWS\system32\sporfil.dll2007-11-13 22:48 11,338 ----a-w C:\WINDOWS\system32\fmfil.dll2007-11-13 22:48 10,906 ----a-w C:\WINDOWS\system32\chtfil.dll2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll2007-11-07 02:52 484 ----a-w C:\Program Files\Shortcut to DS Stuff.lnk2007-11-07 02:24 631,990 ----a-w C:\WINDOWS\nintendo-ds-lite-pack-crystalxp.net-en-993.zip2007-02-27 00:05 48 ----a-w C:\Documents and Settings\Pete's\snesadvance.dat2006-08-19 13:32 19,811 ----a-w C:\Documents and Settings\Pete's\DDRLite Converter.exe2006-08-06 20:07 54 ----a-w C:\Documents and Settings\Pete's\gamepadcontrols.dat2006-01-27 23:56 43,826 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2006_01_27_05_30_03_small.dmp.zip2006-01-27 23:56 41,663 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2006_01_27_05_29_58_small.dmp.zip2005-09-09 02:11 12,421,760 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2005_09_08_19_05_05.dmp.zip2005-08-03 02:33 12,425,219 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2005_08_02_07_11_41.dmp.zip2005-07-16 16:16 12,416,737 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2005_07_16_09_12_35.dmp.zip2005-07-15 22:50 12,419,448 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2005_07_15_15_43_51.dmp.zip2005-07-11 05:11 12,418,259 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2005_07_10_19_57_02.dmp.zip2006-03-26 20:25 0 -csha-w C:\WINDOWS\SMINST\HPCD.sys2004-09-26 00:27 56 --sh--r C:\WINDOWS\system32\7ADF967E6C.sys2004-09-26 00:27 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]"LClock"="C:\Program Files\LClock\LClock.exe" [2004-09-20 01:27 65536]"Vista Sidebar"="C:\Program Files\Vista Sidebar\sidebar.exe" [2007-11-20 13:51 524288]"ScottsPaperManager"="C:\Program Files\SBPaper\paper.exe" [2007-05-25 10:18 935424]"ViOrb"="C:\Program Files\ViOrb\ViOrb.exe" [2007-11-19 13:01 163840]"ViStart"="C:\Documents and Settings\Pete's\Desktop\Other apps\vistart_2502_english_skin_default\ViStart" [ ][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"C2K"="C:\WINDOWS\Cyb2k.exe" [2004-08-03 09:47 2649088]"lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [2006-03-06 12:48 286720]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 02:06 79224]"LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-02-24 06:54 65536]"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-12-29 11:20 1115728]"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-08-25 18:07 180269]C:\Documents and Settings\Pete's\Start Menu\Programs\Startup\Thoosje Vista Sidebar.lnk - C:\Program Files\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe [2007-10-21 16:28:57 524288][hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]"{35B2861B-2B26-4691-9FF0-09083722C736}"= C:\WINDOWS\system32\RadExe.dll [2005-04-27 03:49 200704][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2007-12-21 21:24 229376 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check 2.lnk]backup=C:\WINDOWS\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^Pete's^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]--a------ 2005-03-04 11:01 88209 C:\WINDOWS\AGRSMMSG.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]--a------ 2004-11-30 21:10 344064 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify]--a------ 2004-01-09 01:34 32768 c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C2K]--a------ 2004-08-03 09:47 2649088 C:\WINDOWS\Cyb2k.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]--a------ 2004-08-03 23:56 15360 C:\WINDOWS\system32\ctfmon.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]--a------ 2007-12-30 19:08 4576768 C:\Program Files\DAP\DAP.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]--a------ 2006-02-07 00:10 98304 C:\Program Files\Lexmark 2400 Series\ezprint.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]--a------ 2005-01-12 13:54 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]--a------ 2005-02-16 22:11 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]--a------ 2003-08-21 03:15 483328 C:\WINDOWS\System32\hphmon05.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]--a------ 2003-08-21 03:23 49152 c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]--a------ 1998-05-07 16:04 52736 c:\windows\system\hpsysdrv.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ink Monitor]--a------ 2001-10-16 10:10 258118 C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]--a------ 2007-07-31 17:44 271672 C:\Program Files\iTunes\iTunesHelper.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]--a------ 2005-02-02 15:44 61440 C:\HP\KBD\KBD.EXE[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]--a------ 2006-06-05 06:06 188416 C:\Program Files\PowerISO\PWRISOVM.EXE[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]--a------ 2007-06-29 05:24 286720 C:\Program Files\QuickTime\qttask.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]--a------ 2004-04-14 12:43 233472 C:\WINDOWS\SMINST\RECGUARD.EXE[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]--a------ 2007-06-21 13:06 1318912 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]--a------ 2007-10-04 18:23 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]--a------ 2004-08-25 18:07 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UltraMon]C:\Program Files\UltraMon\UltraMon.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]--a------ 2006-09-07 09:19 15872 C:\Program Files\Unlocker\UnlockerAssistant.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]--a------ 2003-08-19 01:01 110592 c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]--a------ 2004-01-15 20:33 49152 C:\WINDOWS\system32\VTTimer.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"WinVNC4"=2 (0x2)"EPSONStatusAgent2"=2 (0x2)R1 BUFADPT;BUFADPT;C:\WINDOWS\system32\BUFADPT.SYS [2005-07-06 13:52]R2 UnoInstallerService;Uno Installer;C:\Program Files\M-Audio Uno\UnoInst.exe [2004-12-04 01:06]R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 13:38]R3 dsreader;MaxDrive Driver (dsreader.sys);C:\WINDOWS\system32\Drivers\dsreader.sys [2001-01-02 22:53]S1 rxp;rxp;C:\WINDOWS\system32\drivers\rxp.sys []S3 EVOLUSB;%EVOL_USB_SvcDesc%;C:\WINDOWS\system32\drivers\evolusb.sys []S3 pnicml;pnicml;C:\DOCUME~1\Owner\LOCALS~1\Temp\pnicml.sys []S3 samhid;samhid;C:\WINDOWS\system32\drivers\samhid.sys [2006-01-07 12:09]S3 u2kg54;BUFFALO WLI-U2-KG54 Wireless LAN Adapter Service;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2004-06-22 10:15]S3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys []S3 XDva075;XDva075;C:\WINDOWS\system32\XDva075.sys [].Contents of the 'Scheduled Tasks' folder"2008-01-26 05:40:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"- C:\Program Files\Apple Software Update\SoftwareUpdate.exe"2008-02-01 21:36:15 C:\WINDOWS\Tasks\RegCure Program Check.job"- C:\Program Files\RegCure\RegCure.exe"2008-01-29 01:00:00 C:\WINDOWS\Tasks\RegCure.job"- C:\Program Files\RegCure\RegCure.exe"2008-01-23 23:09:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe"2008-01-02 17:54:20 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe.**************************************************************************catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-02-01 14:02:29Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfully hidden files: 0 **************************************************************************.Completion time: 2008-02-01 14:03:51ComboFix-quarantined-files.txt 2008-02-01 22:03:24.2008-01-10 02:47:26 --- E O F --- Edited February 1, 2008 by Kohu Quote Link to post Share on other sites
kohu Posted February 3, 2008 Author Report Share Posted February 3, 2008 I've just decided to reinstall windows, thanks for your help though. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.