Attention. Some dangerous Trojan horses detected in your system

sal1 · 2008/06/15

Please someone help me.

I have recently been receiving a System error prompt when accessing any web site or "my computer" folders. The pop-up reads as follows:

Attention. Some dangerous Trojan horses detected in your system. Microsoft Windows XP files corrupted. This may lead to the destruction of important files in C:\Windows. Download protection software now! Click OK to download the antispyware. (Recommended)

I have ran my anti spy and virus with no luck. I also tried spyware doctor, Malwarebytes' Anti-Malware, and SmitfraudFix with no luck. I have put up both logs from both programs. Any help will be gratefully recieved.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25:40, on 15/06/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\carpserv.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S09IC1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\ATI Multimedia\main\launchpd.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\DELTA\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {2BBF94CE-316F-11DD-AE53-5F7E55D89593} - C:\Program Files\Common Files\System\wship_help.acm
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BhoApp Class - {5F920865-38C9-40DA-8FCF-D9DC83F84EC5} - C:\WINDOWS\System32\pupdfo.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [IW ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S09IC1.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44 "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe "
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: update.exe
O4 - Global Startup: AOL 8.0 Tray Icon.lnk = C:\Program Files\AOL 8.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: update.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

--
End of file - 7214 bytes

Deckard's System Scanner v20071014.68
Run by DELTA on 2008-06-15 11:29:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as DELTA.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:31:15, on 15/06/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\carpserv.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S09IC1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\ATI Multimedia\main\launchpd.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\DELTA\Desktop\dss.exe
C:\DOCUME~1\DELTA\Desktop\DELTA.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {2BBF94CE-316F-11DD-AE53-5F7E55D89593} - C:\Program Files\Common Files\System\wship_help.acm
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BhoApp Class - {5F920865-38C9-40DA-8FCF-D9DC83F84EC5} - C:\WINDOWS\System32\pupdfo.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [IW ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S09IC1.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44 "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe "
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: update.exe
O4 - Global Startup: AOL 8.0 Tray Icon.lnk = C:\Program Files\AOL 8.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: update.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

--
End of file - 7301 bytes

-- Files created between 2008-05-15 and 2008-06-15 -----------------------------

2008-06-15 01:13:35 0 d-------- C:\Program Files\Trend Micro
2008-06-15 00:40:51 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-14 23:52:17 0 d-------- C:\Documents and Settings\DELTA\Application Data\Malwarebytes
2008-06-14 23:52:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-14 23:32:33 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-06-14 23:32:33 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-14 23:32:33 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-06-14 23:32:33 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-14 23:32:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-06-14 23:32:33 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-14 23:32:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-06-14 23:32:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-06-14 23:32:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\Help
2008-06-14 23:32:32 0 d---s---- C:\Documents and Settings\Administrator\UserData
2008-06-14 23:32:32 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-06-14 23:32:32 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-14 23:32:32 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-14 23:32:32 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-06-14 23:32:32 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-06-14 23:32:32 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-14 23:32:32 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-06-14 23:32:32 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-06-14 23:32:31 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-14 23:30:12 0 d-------- C:\WINDOWS\pss
2008-06-14 23:08:43 3612 --a------ C:\WINDOWS\System32\tmp.reg
2008-06-14 20:34:03 0 d-------- C:\Documents and Settings\DELTA\Application Data\MoyeaFLV2Video
2008-06-14 20:03:07 13312 --a------ C:\WINDOWS\System32\pupdfo.dll <Not Verified; ; BhoNew Module>
2008-06-14 19:53:41 13312 --a------ C:\WINDOWS\System32\popdfan.dll <Not Verified; ; BhoNew Module>
2008-06-14 19:53:36 13312 --a------ C:\WINDOWS\System32\tapdfo.dll <Not Verified; ; BhoNew Module>
2008-06-14 19:50:49 13312 --a------ C:\WINDOWS\System32\tapdfan.dll <Not Verified; ; BhoNew Module>
2008-06-14 18:46:33 0 d-------- C:\Documents and Settings\DELTA\Application Data\Moyea
2008-06-14 18:36:27 36734 --a------ C:\WINDOWS\System32\OggDSuninst.exe
2008-06-14 15:40:14 0 d-------- C:\Output
2008-06-14 15:39:01 34 --ah----- C:\WINDOWS\System32\Converter_sysquict.dat
2008-06-10 14:40:31 0 d-------- C:\Documents and Settings\DELTA\Application Data\GeoVid
2008-06-10 14:36:44 0 d-------- C:\Documents and Settings\DELTA\Application Data\WeatherDPA
2008-06-10 14:36:40 0 d-------- C:\Documents and Settings\DELTA\Application Data\Zango
2008-06-09 14:35:45 221184 --a------ C:\WINDOWS\System32\TubeFinder.exe <Not Verified; Koyote Soft; Tube Finder>
2008-06-09 14:35:44 119568 --a------ C:\WINDOWS\System32\VB6FR.DLL <Not Verified; Microsoft Corporation; Environnement Visual Basic>
2008-06-09 14:35:44 9728 --a------ C:\WINDOWS\System32\PCCLPFR.DLL <Not Verified; Microsoft Corporation; PicClip>
2008-06-09 14:35:44 141312 --a------ C:\WINDOWS\System32\MSCMCFR.DLL <Not Verified; Microsoft Corporation; COMCTL>
2008-06-09 14:35:44 32768 --a------ C:\WINDOWS\System32\CMDLGFR.DLL <Not Verified; Microsoft Corporation; CMDIALOG>
2008-06-09 14:35:44 0 d-------- C:\Program Files\Free FLV Converter
2008-06-01 00:36:34 0 d-------- C:\Program Files\BitComet FLV Converter
2008-05-31 19:34:52 0 d-------- C:\Documents and Settings\DELTA\Application Data\DivX
2008-05-31 14:18:42 0 d-------- C:\Program Files\Xvid
2008-05-31 00:50:09 0 d-------- C:\Program Files\Cedelia

-- Find3M Report ---------------------------------------------------------------

2008-06-15 11:04:48 0 d-------- C:\Documents and Settings\DELTA\Application Data\MSN6
2008-06-15 08:41:37 0 d-------- C:\Documents and Settings\DELTA\Application Data\AVG7
2008-05-31 14:20:23 0 d-------- C:\Program Files\DivX
2008-05-23 21:08:34 0 d-------- C:\Documents and Settings\DELTA\Application Data\ATI MMC
2008-05-13 02:53:16 3596288 --a------ C:\WINDOWS\System32\qt-dx331.dll
2008-05-13 02:50:16 196608 --a------ C:\WINDOWS\System32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-13 02:50:16 81920 --a------ C:\WINDOWS\System32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-13 02:50:08 802816 --a------ C:\WINDOWS\System32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-13 02:50:08 823296 --a------ C:\WINDOWS\System32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-13 02:50:08 831488 --a------ C:\WINDOWS\System32\divx_xx0a.dll
2008-05-13 02:50:08 823296 --a------ C:\WINDOWS\System32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-13 02:50:06 682496 --a------ C:\WINDOWS\System32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-13 02:49:02 12288 --a------ C:\WINDOWS\System32\DivXWMPExtType.dll
2008-04-26 20:32:12 0 d-------- C:\Program Files\Common Files\COWON
2008-04-26 19:56:02 0 d-------- C:\Program Files\JetAudio
2008-04-06 22:26:26 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2BBF94CE-316F-11DD-AE53-5F7E55D89593}]
08/06/2008 12:39 60416 --------- C:\Program Files\Common Files\System\wship_help.acm

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5F920865-38C9-40DA-8FCF-D9DC83F84EC5}]
14/06/2008 20:03 13312 --a------ C:\WINDOWS\System32\pupdfo.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent "= "irprops.cpl" [24/09/2002 21:25 C:\WINDOWS\system32\irprops.cpl]
"nForce Tray Options "= "sstray.exe" [26/10/2002 23:02 C:\WINDOWS\system32\sstray.exe]
"ATIPTA "= "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [20/07/2003 05:10]
"CARPService "= "carpserv.exe" [18/03/2003 16:13 C:\WINDOWS\system32\carpserv.exe]
"CHotkey "= "mHotkey.exe" [28/03/2003 17:24 C:\WINDOWS\mHotkey.exe]
"ledpointer "= "CNYHKey.exe" [22/07/2003 11:28 C:\WINDOWS\CNYHKey.exe]
"IW ControlCenter "= "C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe" [12/03/2003 11:56]
"PinnacleDriverCheck "= "C:\WINDOWS\System32\PSDrvCheck.exe" [05/05/2003 09:55]
"OEM-Reset "=" " []
"EPSON Stylus C44 Series "= "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S09IC1.exe" [25/12/2002 03:00]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [19/10/2007 21:16]
"Microsoft Works Update Detection "= "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [24/07/2002 08:20]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 02:11]
"AVG7_CC "= "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [16/04/2008 08:10]
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [19/03/2008 01:39]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\System32\ctfmon.exe" [31/03/2003 13:00]
"@ "=" " []
"ATI Launchpad "= "C:\Program Files\ATI Multimedia\main\launchpd.exe" [14/08/2003 06:43]
"ATI Remote Control "= "C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe" [12/08/2003 13:50]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [14/04/2003 20:05]

C:\Documents and Settings\DELTA\Start Menu\Programs\Startup\
update.exe [14/06/2008 13:44:16]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AOL 8.0 Tray Icon.lnk - C:\Program Files\AOL 8.0\aoltray.exe [04/10/2007 14:44:24]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [04/10/2007 14:46:41]
update.exe [14/06/2008 13:44:17]
ZoneAlarm.lnk - C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe [04/10/2007 07:11:23]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

-- End of Deckard's System Scanner: finished at 2008-06-15 11:31:34 ------------

noahdfear · 2008/06/15

Welcome to WindowsBBS sal1

Please upload the following files to my submission channel for analysis. Leave a link back to this topic.

C:\WINDOWS\System32\pupdfo.dll
C:\WINDOWS\System32\popdfan.dll
C:\WINDOWS\System32\tapdfo.dll
C:\WINDOWS\System32\tapdfan.dll
C:\Program Files\Common Files\System\wship_help.acm

Thanks!

sal1 · 2008/06/16

thank you for your reply noahdfear.

Ihave managed to locate and upload C:\Program Files\Common Files\System\wship_help.acm to your submission channel for analysis, with a link back to this topic. But i can't locate the following they are not there:

C:\WINDOWS\System32\pupdfo.dll
C:\WINDOWS\System32\popdfan.dll
C:\WINDOWS\System32\tapdfo.dll
C:\WINDOWS\System32\tapdfan.dll

hope to hear from you again soon.

I will be online for another 2 hours then again in 9 hours
thanks
sal1

noahdfear · 2008/06/16

Download ComboFix by sUBs from here, saving the file to your desktop.

Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

Close all open programs and windows

Double click combofix.exe and follow the prompts.

It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

sal1 · 2008/06/17

Part1 (part2 on next post)

Thank you for your reply noahdfear.

Just to get you to speed i ran Malwarebytes' Anti-Malware last night and it asked for a re-start after the restart the problem seems to have gone. But to be show, i have done the scan and am posting the logs you asked for including theMalwarebytes' Anti-Malware log. Please have a look and post a reply i want to make show i am rid of this thing.

the other problem is my avg has stopped loading up it says:

AVG Anti-virus System

Could not initialize avg anti-virus kernel interface

Application cannot run

hope to hear from you soon.

Sal1

Malwarebytes' Anti-Malware 1.17
Database version: 856

12:34:50 16/06/2008
mbam-log-6-16-2008 (12-34-50).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 91836
Time elapsed: 37 minute(s), 23 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 5
Registry Keys Infected: 55
Registry Values Infected: 6
Registry Data Items Infected: 0
Folders Infected: 13
Files Infected: 36

Memory Processes Infected:
C:\Program Files\Zango\bin\10.3.65.0\OEAddOn.exe (Adware.180Solutions) -> Unloaded process successfully.
C:\Program Files\Zango\bin\10.3.65.0\ZangoSA.exe (Adware.180Solutions) -> Unloaded process successfully.

Memory Modules Infected:
C:\Program Files\Zango\bin\10.3.65.0\HostIE.dll (Adware.180Solutions) -> Unloaded module successfully.
C:\Program Files\Zango\bin\10.3.65.0\HostOE.dll (Adware.180Solutions) -> Unloaded module successfully.
C:\Program Files\Zango\bin\10.3.65.0\Toolbar.dll (Adware.180Solutions) -> Unloaded module successfully.
C:\Program Files\Zango\bin\10.3.65.0\ZangoSAAX.dll (Adware.180Solutions) -> Unloaded module successfully.
C:\Program Files\Zango\bin\10.3.65.0\ZangoSAHook.dll (Adware.180Solutions) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\coresrv.lfgax (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2d00aa2a-69ef-487a-8a40-b3e27f07c91e} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{86c5840b-80c4-4c30-a655-37344a542009} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b0cb585f-3271-4e42-88d9-ae5c9330d554} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.lfgax.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{14113b47-d59c-4f0f-9d10-ff1730265584} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9c42a57-421c-4572-8b12-249c59183d1c} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2aa2fbf8-9c76-4e97-a226-25c5f4ab6358} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{2aa2fbf8-9c76-4e97-a226-25c5f4ab6358} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{2aa2fbf8-9c76-4e97-a226-25c5f4ab6358} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{71f731b3-008b-4052-9ea4-4145acce40c3} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a5b6fa30-d317-41ca-9cb1-c898d3c7f34e} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cc19a5f2-b4ad-41d5-a5c9-0680904c1483} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{62906e60-bce2-4e1b-9ed0-8b9042ee15e4} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f9bfa98d-9935-4ea4-a05a-72c7f0778f02} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{69725738-cd68-4f36-8d02-8c43722ee5da} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-cd68-4f36-8d02-8c43722ee5da} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3788e535-897b-463d-b6d6-fee5b86ec144} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3788e535-897b-463d-b6d6-fee5b86ec144} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d3f940ea-4e87-423b-9091-934e1e4fceae} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{d3f940ea-4e87-423b-9091-934e1e4fceae} (Adware.180Solutions) -> Quarantined and deleted successfully.
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\zangosa (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Zango (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZangoSA (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zangoax.clientdetector (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zangoax.clientdetector.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zangoax.userprofiles (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zangoax.userprofiles.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wallpaper.wallpapermanager (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wallpaper.wallpapermanager.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.toolbarctl (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.toolbarctl.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\srv.coreservices (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\srv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.webmailsend (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.webmailsend.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.mailanim (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostol.mailanim.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostie.bho (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostie.bho.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbmain.commband (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.coreservices (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\coresrv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\zango (Adware.180Solutions) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ZangoOE (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ZangoSA (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\Zango@Zango.com (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\Zango 10.3.65.0 (Adware.Zango) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Zango (Adware.180Solutions) -> Delete on reboot.
C:\Program Files\Zango\bin (Adware.180Solutions) -> Delete on reboot.
C:\Program Files\Zango\bin\10.3.65.0 (Adware.180Solutions) -> Delete on reboot.
C:\Program Files\Zango\bin\10.3.65.0\firefox (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.3.65.0\firefox\extensions (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.3.65.0\firefox\extensions\components (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.3.65.0\firefox\extensions\plugins (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin\2.5.0 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Zango (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Zango\bin\10.3.65.0\CoreSrv.dll (Adware.Zango) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (Adware.Shoper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E072D2B7-4B4C-413F-BC25-FB8B1EFF4BCA}\RP232\A0126771.dll (Adware.Shoper) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.3.65.0\arrow.ico (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.3.65.0\CntntCntr.dll (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.3.65.0\copyright.txt (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.3.65.0\HostIE.dll (Adware.180Solutions) -> Delete on reboot.
C:\Program Files\Zango\bin\10.3.65.0\HostOE.dll (Adware.180Solutions) -> Delete on reboot.
C:\Program Files\Zango\bin\10.3.65.0\HostOL.dll (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.3.65.0\link.ico (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.3.65.0\OEAddOn.exe (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.3.65.0\Srv.exe (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.3.65.0\Toolbar.dll (Adware.180Solutions) -> Delete on reboot.
C:\Program Files\Zango\bin\10.3.65.0\Wallpaper.dll (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.3.65.0\Weather.exe (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.3.65.0\WeSkin.dll (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.3.65.0\ZangoSA.exe (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.3.65.0\ZangoSAAX.dll (Adware.180Solutions) -> Delete on reboot.
C:\Program Files\Zango\bin\10.3.65.0\ZangoSADF.exe (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.3.65.0\ZangoSAHook.dll (Adware.180Solutions) -> Delete on reboot.
C:\Program Files\Zango\bin\10.3.65.0\ZangoUninstaller.exe (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.3.65.0\firefox\extensions\install.rdf (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.3.65.0\firefox\extensions\components\npclntax.xpt (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\bin\10.3.65.0\firefox\extensions\plugins\npclntax_ZangoSA.dll (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Uninst.exe (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Zango\Reset Cursor.lnk (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Zango\Weather.lnk (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Zango\Zango Customer Support Center.lnk (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Zango\Zango Games!.lnk (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Zango\Zango Library.lnk (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Zango\Zango Screensavers!.lnk (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Zango\Zango Uninstall Instructions.lnk (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Zango\Zango Videos!.lnk (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA.dat (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAAbout.mht (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAEULA.mht (Adware.Zango) -> Quarantined and deleted successfully.

-----------------------------------------------
ComboFix 08-06-16.2 - DELTA 2008-06-17 12:37:29.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.236 [GMT 1:00]
Running from: C:\Documents and Settings\DELTA\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\DELTA\Application Data\WeatherDPA
C:\Documents and Settings\DELTA\Application Data\WeatherDPA\Weather\WeatherDPA\Weather_XML\Error
C:\Documents and Settings\DELTA\Application Data\WeatherDPA\Weather\WeatherDPA\Weather_XML\Loading
C:\Documents and Settings\DELTA\Application Data\WeatherDPA\Weather\WeatherDPA\WeatherPreferences
C:\Documents and Settings\DELTA\Application Data\WeatherDPA\Weather\WeatherStartup.xml
C:\Documents and Settings\DELTA\Application Data\Zango
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\1.sdf
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\1056053.sdf
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\1070519.sdf
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\1085507.sdf
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\1390224.sdf
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\1395210.sdf
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\1416352.sdf
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\151198.sdf
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\2131307.sdf
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\2208948.sdf
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\2376938.sdf
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\2899632.sdf
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\3251993.sdf
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\3755948.sdf
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\3756141.sdf
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\3893642.sdf
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\domains.txt
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\116977
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\12457
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\143044
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\146457
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\146936
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\15596
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\16417
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\17025
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\17040
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\180320
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\18906
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\190717
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\198406
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\20478
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\20570
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\218419
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\220868
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\22254
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\223385
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\224717
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\23923
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\24098
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\241998
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\24625
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\251438
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\25708
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\26340
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\26664
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\27503
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\282887
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\286256
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\29115
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\3338
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\34123
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\34195
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\344900
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\349801
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\357281
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\38333
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\39245
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\39995
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\41215
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\41364
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\420256
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\422154
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\427075
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\43184
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\43719
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\43979
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44228
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44229
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\44878
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\454667
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\45833
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\464171
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\4721
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\475788
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\477253
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\478548
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\489917
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\50228
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\51666
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\52335
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\525034
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\532492
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\53842
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\56113
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\58804
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\600702
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\61194
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\6292
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\63770
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\64412
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\64434
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\64495
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\64517
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\65770
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\67220
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\67464
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\702634
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\70608
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\70773
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\71149
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\71531
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\738022
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\742963
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744783
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744919
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745125
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745175
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745220
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745363
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745869
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745992
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\747343
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\747716
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\748176
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\748891
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\749571
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\751224
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753044
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753300
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753335
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753366
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753372
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\77494
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\78942
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\79246
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\79257
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\79432
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\79805
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\79972
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\80663
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\82292
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\83139
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\84293
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\84369
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\84677
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\87439
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\89658
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\93899
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\94740
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\95678
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\95704
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\95798
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\99739
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\avatar.res
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\btntrans.idx
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\btntrans1.dat
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\buttondir.txt
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\components.cdf
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\cursors.res
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_1000.res
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_2000.res
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_3000.res

sal1 · 2008/06/17

part2 of 2

C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_bar.res
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_bbar1.res
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_logos.res
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_other.res
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\d_icons_weather.res
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\default.cdf
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\Default_511745-514279.mnu
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\Default_bidzC_ZT_IE-ca.mnu
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\Default_bidzC_ZT_IE-us.mnu
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\Default_categorize.mnu
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\Default_comparison.mnu
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\Default_explorer-Mails.mnu
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\Default_explorer-people.mnu
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\Default_favorites.mnu
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\Default_Games.mnu
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\Default_Hide.mnu
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\Default_hotbarcom.mnu
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\Default_Hotmail.mnu
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\Default_hsskin.mnu
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\Default_jemster.mnu
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\Default_jemsterie.mnu
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\Default_jemsteruk.mnu
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\Default_jobsearch.mnu
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\Default_Mails.mnu
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\Default_MobileSidewalk.mnu
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\Default_new.mnu
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\Default_premium.mnu
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\Default_reun.mnu
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\Default_ringtones.mnu
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\Default_searchfor.mnu
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\Default_searchgo.mnu
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\Default_weather.mnu
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\Default_yellowpages.mnu
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\editblbuttons.res
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\email-def-511724-548964.mnu
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\email-def-511724-9595.mnu
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\email-t1-bg.res
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\icons2.res
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\ie_games_icon.res
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\ie_video.res
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\keywords.idx
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\keywords1.dat
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\layout.cdf
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\linkpathlegal.txt
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\progress.res
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\s_icons_buttons.res
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\sales_buttons.res
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\sdfmodifier.xml
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\t2_bg.res
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\theweb.mnu
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\top7.cdf
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\Top7_theweb.mnu
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\tsd_bg.res
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\zango_btn.res
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\1\zango_ie_menu.res
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\DownLoad\avatar.xip
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\DownLoad\BtnTrans.xip
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\DownLoad\BtnTrans1.xip
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\DownLoad\buttondir.xip
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\DownLoad\cursors.xip
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_1000.xip
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_2000.xip
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_3000.xip
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bar.xip
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bbar1.xip
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_logos.xip
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_other.xip
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_weather.xip
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\DownLoad\default.xip
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\DownLoad\editblbuttons.xip
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\DownLoad\email-t1-bg.xip
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\DownLoad\icons2.xip
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_games_icon.xip
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_video.xip
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords.xip
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords1.xip
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\DownLoad\layout.xip
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\DownLoad\linkpathlegal.xip
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\DownLoad\progress.xip
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\DownLoad\s_icons_buttons.xip
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\DownLoad\sales_buttons.xip
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\DownLoad\sdfmodifier.xip
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\DownLoad\t2_bg.xip
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\DownLoad\top7.xip
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\DownLoad\tsd_bg.xip
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_btn.xip
C:\Documents and Settings\DELTA\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_ie_menu.xip
C:\Documents and Settings\DELTA\Local Settings\Temporary Internet Files\sph264.dll
C:\Documents and Settings\DELTA\Local Settings\Temporary Internet Files\spmpeg4.dll
C:\Documents and Settings\DELTA\Local Settings\Temporary Internet Files\sptheo.dll
C:\Documents and Settings\DELTA\Local Settings\Temporary Internet Files\StreamPlug.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-05-17 to 2008-06-17 )))))))))))))))))))))))))))))))
.

2008-06-15 12:37 . 2008-06-15 12:37 <DIR> d-------- C:\Documents and Settings\DELTA\Application Data\PC Tools
2008-06-15 12:37 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-15 12:37 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-15 12:37 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-15 12:37 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-06-15 01:13 . 2008-06-15 01:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-15 01:09 . 2008-06-15 01:09 <DIR> d-------- C:\Deckard
2008-06-15 00:40 . 2008-06-15 12:45 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-14 23:52 . 2008-06-14 23:52 <DIR> d-------- C:\Documents and Settings\DELTA\Application Data\Malwarebytes
2008-06-14 23:52 . 2008-06-14 23:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-14 23:52 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-14 23:52 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-14 23:32 . 2007-10-04 14:44 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2008-06-14 23:32 . 2007-10-04 14:44 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-06-14 23:32 . 2007-10-04 14:44 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-06-14 23:32 . 2008-06-14 23:32 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-14 23:19 . 2002-08-29 02:06 51,072 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
2008-06-14 23:19 . 2002-08-29 02:06 51,072 --a------ C:\WINDOWS\system32\dllcache\i8042prt.sys
2008-06-14 23:08 . 2008-06-14 23:37 3,612 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-14 20:34 . 2008-06-14 21:28 <DIR> d-------- C:\Documents and Settings\DELTA\Application Data\MoyeaFLV2Video
2008-06-14 18:46 . 2008-06-14 19:20 <DIR> d-------- C:\Documents and Settings\DELTA\Application Data\Moyea
2008-06-14 18:36 . 2008-06-14 18:36 36,734 --a------ C:\WINDOWS\system32\OggDSuninst.exe
2008-06-14 15:40 . 2008-06-14 15:40 <DIR> d-------- C:\Output
2008-06-14 15:39 . 2008-06-14 15:39 34 --ah----- C:\WINDOWS\system32\Converter_sysquict.dat
2008-06-10 14:40 . 2008-06-10 14:40 <DIR> d-------- C:\Documents and Settings\DELTA\Application Data\GeoVid
2008-06-09 14:35 . 2008-06-11 13:10 <DIR> d-------- C:\Program Files\Free FLV Converter
2008-06-09 14:35 . 2008-06-04 18:42 364,544 --a------ C:\WINDOWS\system32\PropertyGrid.ocx
2008-06-09 14:35 . 2008-06-06 15:00 221,184 --a------ C:\WINDOWS\system32\TubeFinder.exe
2008-06-09 14:35 . 2008-06-04 18:42 208,500 --a------ C:\WINDOWS\system32\ReyXpBasics.tlb
2008-06-09 14:35 . 2008-06-04 18:42 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2008-06-09 14:35 . 2008-06-04 18:42 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2008-06-09 14:35 . 2008-06-04 18:42 84,512 --a------ C:\WINDOWS\system32\PICCLP32.OCX
2008-06-09 14:35 . 2008-06-04 18:42 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
2008-06-09 14:35 . 2008-06-04 18:42 24,576 --a------ C:\WINDOWS\system32\ControlSubX.ocx
2008-06-09 14:35 . 2008-06-04 18:42 9,728 --a------ C:\WINDOWS\system32\PCCLPFR.DLL
2008-06-01 00:36 . 2008-06-01 00:36 <DIR> d-------- C:\Program Files\BitComet FLV Converter
2008-05-31 19:34 . 2008-06-02 23:45 <DIR> d-------- C:\Documents and Settings\DELTA\Application Data\DivX
2008-05-31 14:20 . 2008-05-13 02:53 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-05-31 14:20 . 2008-05-13 02:53 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-05-31 14:20 . 2008-05-13 02:53 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-05-31 14:20 . 2008-05-13 02:53 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-31 14:20 . 2008-05-13 02:53 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-05-31 14:18 . 2008-05-31 14:18 <DIR> d-------- C:\Program Files\Xvid
2008-05-31 00:50 . 2008-05-31 00:50 <DIR> d-------- C:\Program Files\Cedelia
2008-05-23 20:22 . 2008-05-23 21:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-23 20:22 . 2008-05-23 20:22 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-16 15:16 118,784 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-06-16 15:15 744,960 ----a-w C:\WINDOWS\Internet Logs\xDBEF.tmp
2008-06-16 07:47 --------- d-----w C:\Documents and Settings\DELTA\Application Data\AVG7
2008-06-15 10:52 --------- d-----w C:\Documents and Settings\DELTA\Application Data\MSN6
2008-06-14 20:12 57,344 ----a-w C:\WINDOWS\Internet Logs\xDBED.tmp
2008-06-14 20:12 100,864 ----a-w C:\WINDOWS\Internet Logs\xDBEC.tmp
2008-06-14 18:52 110,592 ----a-w C:\WINDOWS\Internet Logs\xDBEB.tmp
2008-06-14 18:52 100,864 ----a-w C:\WINDOWS\Internet Logs\xDBEA.tmp
2008-06-14 18:43 100,864 ----a-w C:\WINDOWS\Internet Logs\xDBEE.tmp
2008-06-14 14:45 98,816 ----a-w C:\WINDOWS\Internet Logs\xDBE8.tmp
2008-06-14 14:45 52,736 ----a-w C:\WINDOWS\Internet Logs\xDBE9.tmp
2008-06-14 13:34 98,816 ----a-w C:\WINDOWS\Internet Logs\xDBE6.tmp
2008-06-14 13:34 36,352 ----a-w C:\WINDOWS\Internet Logs\xDBE7.tmp
2008-06-14 13:09 98,816 ----a-w C:\WINDOWS\Internet Logs\xDBE4.tmp
2008-06-14 13:09 20,480 ----a-w C:\WINDOWS\Internet Logs\xDBE5.tmp
2008-06-14 12:45 613,376 ----a-w C:\WINDOWS\Internet Logs\xDBE3.tmp
2008-06-14 12:45 103,424 ----a-w C:\WINDOWS\Internet Logs\xDBE2.tmp
2008-06-13 11:53 98,816 ----a-w C:\WINDOWS\Internet Logs\xDBE0.tmp
2008-06-13 11:53 11,776 ----a-w C:\WINDOWS\Internet Logs\xDBE1.tmp
2008-06-13 11:52 105,472 ----a-w C:\WINDOWS\Internet Logs\xDBDD.tmp
2008-06-13 11:52 1,154,560 ----a-w C:\WINDOWS\Internet Logs\xDBDF.tmp
2008-06-11 12:06 98,816 ----a-w C:\WINDOWS\Internet Logs\xDBDC.tmp
2008-06-11 12:06 42,496 ----a-w C:\WINDOWS\Internet Logs\xDBDE.tmp
2008-06-11 11:53 98,816 ----a-w C:\WINDOWS\Internet Logs\xDBDA.tmp
2008-06-11 11:53 363,008 ----a-w C:\WINDOWS\Internet Logs\xDBDB.tmp
2008-06-11 11:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-06-10 12:29 90,112 ----a-w C:\WINDOWS\Internet Logs\xDBD7.tmp
2008-06-10 12:29 27,648 ----a-w C:\WINDOWS\Internet Logs\xDBD9.tmp
2008-06-10 09:02 91,648 ----a-w C:\WINDOWS\Internet Logs\xDBD6.tmp
2008-06-10 09:02 269,312 ----a-w C:\WINDOWS\Internet Logs\xDBD8.tmp
2008-06-09 16:58 88,064 ----a-w C:\WINDOWS\Internet Logs\xDBD4.tmp
2008-06-09 16:58 15,360 ----a-w C:\WINDOWS\Internet Logs\xDBD5.tmp
2008-06-09 16:57 91,648 ----a-w C:\WINDOWS\Internet Logs\xDBD2.tmp
2008-06-09 16:57 77,824 ----a-w C:\WINDOWS\Internet Logs\xDBD3.tmp
2008-06-09 13:15 88,064 ----a-w C:\WINDOWS\Internet Logs\xDBD0.tmp
2008-06-09 13:15 123,904 ----a-w C:\WINDOWS\Internet Logs\xDBD1.tmp
2008-06-09 10:05 88,064 ----a-w C:\WINDOWS\Internet Logs\xDBCF.tmp
2008-06-09 10:00 88,064 ----a-w C:\WINDOWS\Internet Logs\xDBCD.tmp
2008-06-09 10:00 230,912 ----a-w C:\WINDOWS\Internet Logs\xDBCE.tmp
2008-06-08 18:24 88,064 ----a-w C:\WINDOWS\Internet Logs\xDBCB.tmp
2008-06-08 18:24 132,096 ----a-w C:\WINDOWS\Internet Logs\xDBCC.tmp
2008-06-08 10:46 88,064 ----a-w C:\WINDOWS\Internet Logs\xDBC9.tmp
2008-06-08 10:46 823,808 ----a-w C:\WINDOWS\Internet Logs\xDBCA.tmp
2008-06-06 09:05 90,112 ----a-w C:\WINDOWS\Internet Logs\xDBC7.tmp
2008-06-06 09:05 1,350,656 ----a-w C:\WINDOWS\Internet Logs\xDBC8.tmp
2008-06-02 13:39 927,232 ----a-w C:\WINDOWS\Internet Logs\xDBC6.tmp
2008-06-02 13:39 84,480 ----a-w C:\WINDOWS\Internet Logs\xDBC4.tmp
2008-05-31 14:03 87,552 ----a-w C:\WINDOWS\Internet Logs\xDBC3.tmp
2008-05-31 14:03 339,456 ----a-w C:\WINDOWS\Internet Logs\xDBC5.tmp
2008-05-31 13:20 --------- d-----w C:\Program Files\DivX
2008-05-30 10:22 82,944 ----a-w C:\WINDOWS\Internet Logs\xDBC1.tmp
2008-05-30 10:22 1,549,824 ----a-w C:\WINDOWS\Internet Logs\xDBC2.tmp
2008-05-27 15:59 78,848 ----a-w C:\WINDOWS\Internet Logs\xDBBE.tmp
2008-05-27 15:59 37,888 ----a-w C:\WINDOWS\Internet Logs\xDBC0.tmp
2008-05-27 13:17 82,944 ----a-w C:\WINDOWS\Internet Logs\xDBBD.tmp
2008-05-27 13:17 1,869,824 ----a-w C:\WINDOWS\Internet Logs\xDBBF.tmp
2008-05-24 12:41 827,392 ----a-w C:\WINDOWS\Internet Logs\xDBBC.tmp
2008-05-24 12:41 81,408 ----a-w C:\WINDOWS\Internet Logs\xDBBB.tmp
2008-05-23 20:08 --------- d-----w C:\Documents and Settings\DELTA\Application Data\ATI MMC
2008-05-23 20:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI MMC
2008-05-22 16:41 379,904 ----a-w C:\WINDOWS\Internet Logs\xDBBA.tmp
2008-05-22 16:41 107,008 ----a-w C:\WINDOWS\Internet Logs\xDBB8.tmp
2008-05-21 12:45 107,008 ----a-w C:\WINDOWS\Internet Logs\xDBB9.tmp
2008-05-19 16:26 104,960 ----a-w C:\WINDOWS\Internet Logs\xDBB6.tmp
2008-05-19 16:26 1,102,848 ----a-w C:\WINDOWS\Internet Logs\xDBB7.tmp
2008-05-13 01:53 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-05-13 01:53 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-05-13 01:53 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-13 01:51 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-13 01:51 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-13 01:49 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-13 01:49 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-12 01:09 666,624 ----a-w C:\WINDOWS\Internet Logs\xDBB5.tmp
2008-05-12 01:09 103,424 ----a-w C:\WINDOWS\Internet Logs\xDBB4.tmp
2008-05-09 20:06 516,608 ----a-w C:\WINDOWS\Internet Logs\xDBB3.tmp
2008-05-09 20:06 101,888 ----a-w C:\WINDOWS\Internet Logs\xDBB2.tmp
2008-05-08 22:14 98,816 ----a-w C:\WINDOWS\Internet Logs\xDBB0.tmp
2008-05-08 22:14 360,448 ----a-w C:\WINDOWS\Internet Logs\xDBB1.tmp
2008-05-08 12:50 870,912 ----a-w C:\WINDOWS\Internet Logs\xDBAF.tmp
2008-05-08 12:49 101,888 ----a-w C:\WINDOWS\Internet Logs\xDBAE.tmp
2008-05-06 08:59 98,304 ----a-w C:\WINDOWS\Internet Logs\xDBAC.tmp
2008-05-06 08:59 365,056 ----a-w C:\WINDOWS\Internet Logs\xDBAD.tmp
2008-05-05 18:11 97,792 ----a-w C:\WINDOWS\Internet Logs\xDBAA.tmp
2008-05-05 18:11 1,185,280 ----a-w C:\WINDOWS\Internet Logs\xDBAB.tmp
2008-05-03 16:39 97,792 ----a-w C:\WINDOWS\Internet Logs\xDBA7.tmp
2008-05-03 16:39 1,596,928 ----a-w C:\WINDOWS\Internet Logs\xDBA9.tmp
2008-04-30 22:28 99,328 ----a-w C:\WINDOWS\Internet Logs\xDBA6.tmp
2008-04-30 22:27 2,285,568 ----a-w C:\WINDOWS\Internet Logs\xDBA8.tmp
2008-04-26 19:32 --------- d-----w C:\Program Files\Common Files\COWON
2008-04-26 19:24 1,810,432 ----a-w C:\WINDOWS\Internet Logs\xDBA5.tmp
2008-04-26 19:23 102,400 ----a-w C:\WINDOWS\Internet Logs\xDBA4.tmp
2008-04-26 18:56 --------- d-----w C:\Program Files\JetAudio
2008-04-23 10:01 93,696 ----a-w C:\WINDOWS\Internet Logs\xDBA2.tmp
2008-04-23 10:01 1,459,200 ----a-w C:\WINDOWS\Internet Logs\xDBA3.tmp
2008-04-20 21:57 95,232 ----a-w C:\WINDOWS\Internet Logs\xDBA0.tmp
2008-04-20 21:57 1,307,648 ----a-w C:\WINDOWS\Internet Logs\xDBA1.tmp
2008-04-19 11:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-04-18 09:07 95,232 ----a-w C:\WINDOWS\Internet Logs\xDB9E.tmp
2008-04-18 09:07 800,768 ----a-w C:\WINDOWS\Internet Logs\xDB9F.tmp
2008-04-16 09:05 90,112 ----a-w C:\WINDOWS\Internet Logs\xDB9B.tmp
2005-07-14 18:31 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2BBF94CE-316F-11DD-AE53-5F7E55D89593}]
2008-06-08 12:39 60416 --------- C:\Program Files\Common Files\System\wship_help.acm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\System32\ctfmon.exe" [2003-03-31 13:00 13312]
"ATI Launchpad "= "C:\Program Files\ATI Multimedia\main\launchpd.exe" [2003-08-14 06:43 106574]
"ATI Remote Control "= "C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe" [2003-08-12 13:50 188416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent "= "irprops.cpl" [2002-09-24 21:25 111104 C:\WINDOWS\system32\irprops.cpl]
"nForce Tray Options "= "sstray.exe" [2002-10-26 23:02 77824 C:\WINDOWS\system32\sstray.exe]
"ATIPTA "= "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-20 05:10 335872]
"CARPService "= "carpserv.exe" [2003-03-18 16:13 4608 C:\WINDOWS\system32\carpserv.exe]
"CHotkey "= "mHotkey.exe" [2003-03-28 17:24 524800 C:\WINDOWS\mHotkey.exe]
"ledpointer "= "CNYHKey.exe" [2003-07-22 11:28 5577216 C:\WINDOWS\CNYHKey.exe]
"IW ControlCenter "= "C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe" [2003-03-12 11:56 836096]
"PinnacleDriverCheck "= "C:\WINDOWS\System32\PSDrvCheck.exe" [2003-05-05 09:55 393728]
"OEM-Reset "=" " []
"EPSON Stylus C44 Series "= "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S09IC1.exe" [2002-12-25 03:00 75776]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2007-10-19 21:16 286720]
"Microsoft Works Update Detection "= "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-24 08:20 28672]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"AVG7_CC "= "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-16 08:10 579584]
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-19 01:39 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "C:\WINDOWS\System32\CTFMON.EXE" [2003-03-31 13:00 13312]
"AVG7_Run "= "C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-20 13:41 219136]

C:\Documents and Settings\DELTA\Start Menu\Programs\Startup\
update.exe [2008-06-14 13:44:16 28160]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AOL 8.0 Tray Icon.lnk - C:\Program Files\AOL 8.0\aoltray.exe [2007-10-04 14:44:24 36937]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2007-10-04 14:46:41 83360]
update.exe [2008-06-14 13:44:17 28160]
ZoneAlarm.lnk - C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe [2007-10-04 07:11:23 417056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420 "= vdrcodec.dll
"VIDC.YU12 "= ATIYUV12.DLL
"VIDC.PIM1 "= pclepim1.dll
"vidc.iv50 "= C:\DOCUME~1\DELTA\Desktop\NEF71F~1\ir50_32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify "=dword:00000001
"AntiVirusDisableNotify "=dword:00000001

R1 vobcom;vobcom;C:\WINDOWS\System32\drivers\vobcom.sys [2001-10-04 11:53]
R1 vobiw;vobiw;C:\WINDOWS\System32\drivers\vobiw.sys [2003-04-10 12:12]
R2 TTDec;ATI WDM Teletext Decoder;C:\WINDOWS\System32\DRIVERS\ATINTTXX.sys [2003-08-13 15:02]
R3 cdrdrv;Cdrdrv;C:\WINDOWS\System32\Drivers\Cdrdrv.sys [2002-12-13 18:33]
R3 SCRx31 USB Smart Card Reader;SCRx31 USB Smart Card Reader;C:\WINDOWS\System32\DRIVERS\scrccid.sys [2002-10-25 04:03]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 09:05]
S3 Ip6FwHlp;IPv6 Internet Connection Firewall;C:\WINDOWS\System32\svchost.exe [2003-03-31 13:00]
S3 SCR131C;SCRx31 Serial Smart Card Reader;C:\WINDOWS\System32\DRIVERS\SCR131C.sys [2002-11-07 04:04]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-10 14:01:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job "
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-17 11:40:00 C:\WINDOWS\Tasks\Symantec NetDetect.job "
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 12:40:26
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-17 12:42:57
ComboFix-quarantined-files.txt 2008-06-17 11:42:16

Pre-Run: 58,349,068,288 bytes free
Post-Run: 58,373,808,128 bytes free

489

--------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:29:35, on 17/06/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\carpserv.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S09IC1.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\ATI Multimedia\main\launchpd.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\DELTA\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {2BBF94CE-316F-11DD-AE53-5F7E55D89593} - C:\Program Files\Common Files\System\wship_help.acm
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [IW ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S09IC1.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44 "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe "
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: update.exe
O4 - Global Startup: AOL 8.0 Tray Icon.lnk = C:\Program Files\AOL 8.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: update.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Documents and Settings\DELTA\Desktop\New Folder (8)\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Documents and Settings\DELTA\Desktop\New Folder (8)\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

--
End of file - 7601 bytes

noahdfear · 2008/06/17

Odd ....... the files mentioned above don't show up in any of the latest logs :confused:

Please upload the following file to my submission channel.

C:\Documents and Settings\DELTA\Start Menu\Programs\Startup\update.exe

Once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

File::
C:\Program Files\Common Files\System\wship_help.acm
C:\WINDOWS\Internet Logs\xDB2.tmp
C:\WINDOWS\Internet Logs\xDBEF.tmp
C:\WINDOWS\Internet Logs\xDBED.tmp
C:\WINDOWS\Internet Logs\xDBEC.tmp
C:\WINDOWS\Internet Logs\xDBEB.tmp
C:\WINDOWS\Internet Logs\xDBEA.tmp
C:\WINDOWS\Internet Logs\xDBEE.tmp
C:\WINDOWS\Internet Logs\xDBE8.tmp
C:\WINDOWS\Internet Logs\xDBE9.tmp
C:\WINDOWS\Internet Logs\xDBE6.tmp
C:\WINDOWS\Internet Logs\xDBE7.tmp
C:\WINDOWS\Internet Logs\xDBE4.tmp
C:\WINDOWS\Internet Logs\xDBE5.tmp
C:\WINDOWS\Internet Logs\xDBE3.tmp
C:\WINDOWS\Internet Logs\xDBE2.tmp
C:\WINDOWS\Internet Logs\xDBE0.tmp
C:\WINDOWS\Internet Logs\xDBE1.tmp
C:\WINDOWS\Internet Logs\xDBDD.tmp
C:\WINDOWS\Internet Logs\xDBDF.tmp
C:\WINDOWS\Internet Logs\xDBDC.tmp
C:\WINDOWS\Internet Logs\xDBDE.tmp
C:\WINDOWS\Internet Logs\xDBDA.tmp
C:\WINDOWS\Internet Logs\xDBDB.tmp
C:\WINDOWS\Internet Logs\xDBD7.tmp
C:\WINDOWS\Internet Logs\xDBD9.tmp
C:\WINDOWS\Internet Logs\xDBD6.tmp
C:\WINDOWS\Internet Logs\xDBD8.tmp
C:\WINDOWS\Internet Logs\xDBD4.tmp
C:\WINDOWS\Internet Logs\xDBD5.tmp
C:\WINDOWS\Internet Logs\xDBD2.tmp
C:\WINDOWS\Internet Logs\xDBD3.tmp
C:\WINDOWS\Internet Logs\xDBD0.tmp
C:\WINDOWS\Internet Logs\xDBD1.tmp
C:\WINDOWS\Internet Logs\xDBCF.tmp
C:\WINDOWS\Internet Logs\xDBCD.tmp
C:\WINDOWS\Internet Logs\xDBCE.tmp
C:\WINDOWS\Internet Logs\xDBCB.tmp
C:\WINDOWS\Internet Logs\xDBCC.tmp
C:\WINDOWS\Internet Logs\xDBC9.tmp
C:\WINDOWS\Internet Logs\xDBCA.tmp
C:\WINDOWS\Internet Logs\xDBC7.tmp
C:\WINDOWS\Internet Logs\xDBC8.tmp
C:\WINDOWS\Internet Logs\xDBC6.tmp
C:\WINDOWS\Internet Logs\xDBC4.tmp
C:\WINDOWS\Internet Logs\xDBC3.tmp
C:\WINDOWS\Internet Logs\xDBC5.tmp
C:\WINDOWS\Internet Logs\xDBC1.tmp
C:\WINDOWS\Internet Logs\xDBC2.tmp
C:\WINDOWS\Internet Logs\xDBBE.tmp
C:\WINDOWS\Internet Logs\xDBC0.tmp
C:\WINDOWS\Internet Logs\xDBBD.tmp
C:\WINDOWS\Internet Logs\xDBBF.tmp
C:\WINDOWS\Internet Logs\xDBBC.tmp
C:\WINDOWS\Internet Logs\xDBBB.tmp
C:\WINDOWS\Internet Logs\xDBBA.tmp
C:\WINDOWS\Internet Logs\xDBB8.tmp
C:\WINDOWS\Internet Logs\xDBB9.tmp
C:\WINDOWS\Internet Logs\xDBB6.tmp
C:\WINDOWS\Internet Logs\xDBB7.tmp
C:\WINDOWS\Internet Logs\xDBB5.tmp
C:\WINDOWS\Internet Logs\xDBB4.tmp
C:\WINDOWS\Internet Logs\xDBB3.tmp
C:\WINDOWS\Internet Logs\xDBB2.tmp
C:\WINDOWS\Internet Logs\xDBB0.tmp
C:\WINDOWS\Internet Logs\xDBB1.tmp
C:\WINDOWS\Internet Logs\xDBAF.tmp
C:\WINDOWS\Internet Logs\xDBAE.tmp
C:\WINDOWS\Internet Logs\xDBAC.tmp
C:\WINDOWS\Internet Logs\xDBAD.tmp
C:\WINDOWS\Internet Logs\xDBAA.tmp
C:\WINDOWS\Internet Logs\xDBAB.tmp
C:\WINDOWS\Internet Logs\xDBA7.tmp
C:\WINDOWS\Internet Logs\xDBA9.tmp
C:\WINDOWS\Internet Logs\xDBA6.tmp
C:\WINDOWS\Internet Logs\xDBA8.tmp
C:\WINDOWS\Internet Logs\xDBA5.tmp
C:\WINDOWS\Internet Logs\xDBA4.tmp
C:\WINDOWS\Internet Logs\xDBA2.tmp
C:\WINDOWS\Internet Logs\xDBA3.tmp
C:\WINDOWS\Internet Logs\xDBA0.tmp
C:\WINDOWS\Internet Logs\xDBA1.tmp
C:\WINDOWS\Internet Logs\xDB9E.tmp
C:\WINDOWS\Internet Logs\xDB9F.tmp
C:\WINDOWS\Internet Logs\xDB9B.tmp
DirLook::
C:\Program Files\Common Files\COWON
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2BBF94CE-316F-11DD-AE53-5F7E55D89593}]

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

Log in or Sign up

Attention. Some dangerous Trojan horses detected in your system

sal1 Inactive Thread Starter

noahdfear Inactive

sal1 Inactive Thread Starter

noahdfear Inactive

sal1 Inactive Thread Starter

sal1 Inactive Thread Starter

noahdfear Inactive

Share This Page

Log in or Sign up

Attention. Some dangerous Trojan horses detected in your system

sal1 Inactive Thread Starter

noahdfear Inactive

sal1 Inactive Thread Starter

noahdfear Inactive

sal1 Inactive Thread Starter

sal1 Inactive Thread Starter

noahdfear Inactive

Share This Page

Useful Searches