Turnitin23

Members
  • Content Count

    17
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Turnitin23

  • Rank
    Member
  • Birthday 02/23/1989

Contact Methods

  • Website URL
    http://
  • ICQ
    0

Profile Information

  • Location
    Virginia
  • Interests
    Basketball, Football
  1. PLEASE tell me theres something else i can do
  2. Wow i have absolutely no idea what to do or say........
  3. Here it is are the stats Scan Statistics Total number of scanned objects 66352 Number of viruses found 49 Number of infected objects 519 / 0 Number of suspicious objects 0 Duration of the scan process 00:58:27
  4. New Hijack LOg Logfile of HijackThis v1.99.1 Scan saved at 10:29:36 PM, on 10/6/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Ares\bak\Ares.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe C:\Program Files\Common Files\AOL\1124559215\ee\aolsoftware.exe c:\program files\common files\aol\1124559215\ee\aexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\HP_Owner\Desktop\HJT.exe.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\bak\Ares.exe" -h O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  5. ok. Here is the BFU log BFU v1.00.9 Windows XP SP2 (WinNT 5.01.2600 SP2) Script started at 2:50:30 PM, on 10/4/2006 Option Unload Explorer: Yes Failed: DllUnregister C:\WINDOWS\DH.dll|1 (file not found) Failed: DllUnregister C:\Program Files\Deskbar\deskbar.dll|1 (file not found) Failed: DllUnregister \asappsrv.dll|1 (file not found) Failed: ServiceStop Network Monitor (service not found) Failed: ServiceStop cmdService (service not found) Failed: ServiceDisable Network Monitor (service not found) Failed: ServiceDisable cmdService (service not found) Failed: ServiceDelete Network Monitor (service not found) Failed: ServiceDelete cmdService (service not found) Failed: RegDelValue HKCU\System\CurrentControlSet\Control\Lsa|p2pnetwork (key not found) Failed: RegDelValue HKCU\Microsoft\Windows\CurrentVersion\policies\Explorer\Run|WinUpdate.exe (key not found) Option pause between commands: 300 ms Option pause between commands: 50 ms Failed: FolderDelete C:\Program Files\MsConfigs (folder not found) Failed: FolderDelete C:\Program Files\winupdates (folder not found) Failed: FolderDelete C:\Program Files\winupdate (folder not found) Failed: FolderDelete C:\Program Files\winsupdater (folder not found) Failed: FolderDelete C:\Program Files\MsUpdate (folder not found) Failed: FolderDelete C:\Program Files\MsMovies (folder not found) Failed: FolderDelete C:\Program Files\wmplayer (folder not found) Failed: FolderDelete C:\Program Files\outlook (folder not found) Failed: FileDelete C:\Program Files\Common Files\Windows\mc-*-*.exe (operation failed) Failed: FileDelete C:\Program Files\Common Files\Download\mc-*-*.exe (operation failed) Failed: FolderDelete C:\Program Files\MediaPipe (folder not found) Failed: FolderDelete C:\Program Files\p2pnetworks (folder not found) Failed: FileDelete C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\~DFC4AE.tmp (operation failed) Failed: FolderDelete C:\Program Files\Maxifiles (folder not found) Failed: FolderDelete C:\Program Files\DNS (folder not found) Failed: FolderDelete C:\Program Files\EQAdvice (folder not found) Failed: FolderDelete C:\Program Files\FCAdvice (folder not found) Failed: FolderDelete C:\Program Files\Common Files\FreeProd1 (folder not found) Failed: FolderDelete C:\Program Files\Common Files\FreeProd2 (folder not found) Failed: FolderDelete C:\Program Files\Common Files\InetGet (folder not found) Failed: FolderDelete C:\Program Files\Common Files\InetGet2 (folder not found) Failed: FolderDelete C:\Program Files\Common Files\svchostsys (folder not found) Failed: FolderDelete C:\Program Files\Common Files\simtest (folder not found) Failed: FolderDelete C:\Program Files\Common Files\misc001 (folder not found) Failed: FolderDelete C:\Program Files\InetGet2 (folder not found) Failed: FolderDelete C:\Program Files\Common Files\VCClient (folder not found) Failed: FolderDelete C:\Program Files\Network Monitor (folder not found) Failed: FolderDelete C:\WINDOWS\inet20001 (folder not found) Failed: FolderDelete C:\Program Files\Update06 (folder not found) Failed: FolderDelete C:\Program Files\Update03 (folder not found) Failed: FolderDelete C:\Program Files\Update04 (folder not found) Failed: FolderDelete C:\Program Files\Update08 (folder not found) Failed: FolderDelete C:\Program Files\W-Update (folder not found) Failed: FolderDelete C:\Program Files\Yazzle Sudoku (folder not found) Failed: FolderDelete C:\Program Files\Cas (folder not found) Failed: FolderDelete C:\Program Files\CasStub (folder not found) Failed: FolderDelete C:\Program Files\Cas2Stub (folder not found) Failed: FolderDelete C:\Program Files\ipwins (folder not found) Failed: FolderDelete C:\Program Files\Common Files\Snowball Wars (folder not found) Failed: FolderDelete C:\WINDOWS\mdrive (folder not found) Failed: FolderDelete C:\WINDOWS\system32\crunner (folder not found) Failed: FolderDelete C:\Program Files\PECarlin (folder not found) Failed: FolderDelete C:\Program Files\AXVenore (folder not found) Failed: FolderDelete C:\Program Files\SDVita (folder not found) Failed: FolderDelete C:\Program Files\EQBranch (folder not found) Failed: FolderDelete C:\Program Files\EQArticle (folder not found) Failed: FolderDelete C:\Program Files\PSHope (folder not found) Failed: FolderDelete C:\Program Files\Batty (folder not found) Failed: FolderDelete C:\Program Files\Batty2 (folder not found) Failed: FolderDelete C:\Program Files\AXFibula (folder not found) Failed: FolderDelete C:\Program Files\CMFibula (folder not found) Failed: FolderDelete C:\Program Files\PSLister (folder not found) Failed: FolderDelete C:\Program Files\PSCloner (folder not found) Failed: FolderDelete C:\Program Files\cmapp (folder not found) Failed: FolderDelete C:\Program Files\cmman (folder not found) Failed: FolderDelete C:\Program Files\cmsystem (folder not found) Failed: FolderDelete C:\Program Files\fcengine (folder not found) Failed: FolderDelete C:\Program Files\wincmapp (folder not found) Failed: FolderDelete C:\Program Files\Deskbar\Cache (folder not found) Failed: FolderDelete C:\Program Files\popupwithcast (folder not found) Failed: FolderDelete C:\Program Files\Common Files\misc001 (folder not found) Failed: FileMove C:\WINDOWS\win*-*.exe|C:\bintheredunthat (source file not found) Script completed. and the hijacklog: Logfile of HijackThis v1.99.1 Scan saved at 2:55:33 PM, on 10/4/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Ares\bak\Ares.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe C:\Program Files\Common Files\AOL\1124559215\ee\aolsoftware.exe c:\program files\common files\aol\1124559215\ee\aexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\HP_Owner\Desktop\HijackThis.exe R3 - URLSearchHook: (no name) - {A2B3F416-6DF1-3801-ACAA-671347D93E9D} - C:\WINDOWS\system32\mbbrim.dll R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: (no name) - {73364D99-1240-4dff-B11A-67E448373048} - C:\WINDOWS\system32\ipv6monk.dll O2 - BHO: CFG32S - {7564B020-44E8-4c9b-A887-C6EC41AC67DA} - (no file) O2 - BHO: (no name) - {A2B3F416-6DF1-3801-ACAA-671347D93E9D} - C:\WINDOWS\system32\mbbrim.dll O4 - HKLM\..\Run: [Microsoft Windows Logon Process] C:\WINDOWS\winlogon.exe O4 - HKLM\..\Run: [ms0605102-12584] C:\WINDOWS\ms0605102-12584.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [rwiq] C:\PROGRA~1\COMMON~1\rwiq\rwiqm.exe O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\bak\Ares.exe" -h O4 - HKCU\..\Run: [srro] "C:\DOCUME~1\HP_Owner\MYDOCU~1\DOBE~1\ntvdm.exe" -vt yazb O4 - HKCU\..\Run: [Cdrnfsco] C:\WINDOWS\system32\s?mbols\w?auclt.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://cdn.drivecleaner.com/installdrivecleanerstart.cab O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab O20 - AppInit_DLLs: O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\pjtevvs.exe (file missing)
  6. Id just like to add that i havent done anything with fixpath2 yet
  7. hijack Log: Logfile of HijackThis v1.99.1 Scan saved at 8:09:27 PM, on 10/3/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\AOL\1124559215\ee\aolsoftware.exe C:\Documents and Settings\HP_Owner\Desktop\HijackThis.exe R3 - URLSearchHook: (no name) - {A2B3F416-6DF1-3801-ACAA-671347D93E9D} - C:\WINDOWS\system32\mbbrim.dll R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: (no name) - {73364D99-1240-4dff-B11A-67E448373048} - C:\WINDOWS\system32\ipv6monk.dll O2 - BHO: CFG32S - {7564B020-44E8-4c9b-A887-C6EC41AC67DA} - (no file) O2 - BHO: (no name) - {A2B3F416-6DF1-3801-ACAA-671347D93E9D} - C:\WINDOWS\system32\mbbrim.dll O4 - HKLM\..\Run: [Microsoft Windows Logon Process] C:\WINDOWS\winlogon.exe O4 - HKLM\..\Run: [ms0605102-12584] C:\WINDOWS\ms0605102-12584.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [rwiq] C:\PROGRA~1\COMMON~1\rwiq\rwiqm.exe O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\bak\Ares.exe" -h O4 - HKCU\..\Run: [srro] "C:\DOCUME~1\HP_Owner\MYDOCU~1\DOBE~1\ntvdm.exe" -vt yazb O4 - HKCU\..\Run: [Cdrnfsco] C:\WINDOWS\system32\s?mbols\w?auclt.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://cdn.drivecleaner.com/installdrivecleanerstart.cab O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab O20 - AppInit_DLLs: O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\pjtevvs.exe (file missing) And rapport.txt, I accidently did it twice, on the first one it deleted a lot of infected files. I guess the second log overwrote the first sorry SmitFraudFix v2.104 Scan done at 20:04:25.84, Tue 10/03/2006 Run from C:\Documents and Settings\HP_Owner\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End
  8. Ok i didnt find a mailskinner in the add/remove programs page, but i did find the folder and deleted that. As for the Blacklight here is the log: 10/03/06 19:47:29 [info]: BlackLight Engine 1.0.47 initialized 10/03/06 19:47:29 [info]: OS: 5.1 build 2600 (Service Pack 2) 10/03/06 19:47:29 [Note]: 7019 4 10/03/06 19:47:29 [Note]: 7005 0 10/03/06 19:47:41 [Note]: 7006 0 10/03/06 19:47:41 [Note]: 7011 1388 10/03/06 19:47:41 [Note]: 7026 0 10/03/06 19:47:41 [Note]: 7026 0 10/03/06 19:47:45 [Note]: FSRAW library version 1.7.1020 10/03/06 19:53:26 [Note]: 2000 1012 10/03/06 19:56:02 [Note]: 7007 0
  9. Ok i clicked on combofix in safemode and here is the log And i can finally access the task manager HP_Owner - 06-10-03 16:04:57.09 Service Pack 2 ComboFix 06.09.28 - Running from: "C:\Documents and Settings\HP_Owner\Desktop" ((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log ))))))))))))))))))))))))))))))))))))))))))))))))))) Qoologic uninstaller found and executed. Registry entries fixed. (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\Duce6.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\svchost.exe C:\WINDOWS\system32\aaa00000.sys C:\WINDOWS\system32\bez6n4r21.exe C:\WINDOWS\system32\n9nyb.exe C:\WINDOWS\system32\tsuninst.exe C:\WINDOWS\system32\WinNB58.dll C:\WINDOWS\csvhost.exe C:\WINDOWS\system32bez6n4r21.exe C:\WINDOWS\system32ghynf.exe C:\WINDOWS\system32n9nyb.exe C:\WINDOWS\thiselt.exe C:\WINDOWS\uninst104.exe C:\WINDOWS\MirarSetup_876075.exe C:\WINDOWS\Eim03.exe C:\WINDOWS\uni_ehhhh.exe C:\Program Files\Common Files\Yazzle1122OinAdmin.exe C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe C:\WINDOWS\uninstall_nmon.vbs C:\Documents and Settings\LocalService\Application Data\NetMon C:\Program Files\Common Files\misc002 C:\Program Files\Deskbar C:\Program Files\Inetget2 C:\Program Files\msupdate C:\WINDOWS\system32\crunner C:\Program Files\Common Files\{B4FE4312-08A2-1033-1029-040624040001} ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Folders Quarantined: C:\QooBox\Purity\Documents and Settings\HP_Owner\Application Data\SSTEM~1 C:\QooBox\Purity\Documents and Settings\HP_Owner\My Documents\DOBE~1 C:\QooBox\Purity\Documents and Settings\HP_Owner\My Documents\DOBE~1\ntvdm.exe C:\QooBox\Purity\Documents and Settings\HP_Owner\My Documents\DOBE~1\?dobe C:\QooBox\Purity\WINDOWS\system32\SMBOLS~1 C:\QooBox\Purity\WINDOWS\system32\SMBOLS~1\w?auclt.exe ((((((((((((((((((((((((((((((( Files Created from 2006-09-03 to 2006-10-03 )))))))))))))))))))))))))))))))))) 2006-10-02 22:30 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys 2006-10-02 20:59 131,072 --a------ C:\WINDOWS\system32\mbbrim.dll 2006-10-02 20:56 0 --a------ C:\WINDOWS\system32\taskkill.exe 2006-10-02 20:56 0 --a------ C:\WINDOWS\b.exe 2006-09-29 20:32 89,304 --a------ C:\WINDOWS\z.exe 2006-09-29 20:32 63,192 --a------ C:\WINDOWS\system32\ipv6monk.dll 2006-09-27 09:33 56,024 --a------ C:\WINDOWS\system32\ipv6monl.dll 2006-09-27 09:33 18,432 --a------ C:\svhost.exe 2006-09-27 07:10 163,840 --a------ C:\WINDOWS\ms0605102-12584.exe 2006-09-25 16:20 163,840 --a------ C:\WINDOWS\sys0358405102-122006.exe 2006-09-19 18:39 32,768 --a------ C:\WINDOWS\azejcoue.exe 2006-09-19 18:26 32,768 --a------ C:\WINDOWS\efldnqym.exe 2006-09-19 18:23 163,840 --a------ C:\WINDOWS\ms05405102-12582006.exe (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-10-03 16:05 -------- d-a------ C:\Program Files\Common Files 2006-10-03 15:24 -------- d--h----- C:\Program Files\InstallShield Installation Information 2006-10-02 22:25 -------- d-------- C:\Program Files\WinRAR 2006-10-02 20:59 2 --a------ C:\WINDOWS\system32\wnstssv.exe 2006-09-29 20:55 -------- d-------- C:\Program Files\Mozilla Firefox 2006-09-27 15:11 -------- d-------- C:\Program Files\Internet Explorer 2006-09-27 15:07 -------- d-------- C:\Program Files\Ares 2006-09-27 01:17 -------- d-------- C:\Program Files\Common Files\rwiq 2006-09-26 23:25 -------- d-------- C:\Program Files\AIM 2006-09-26 20:23 -------- d-------- C:\Program Files\mIRC 2006-09-24 14:45 -------- d-------- C:\Program Files\xdcc klipper 2006-09-22 15:58 -------- d-------- C:\Program Files\PartyPoker 2006-09-22 15:58 -------- d-------- C:\Program Files\MailSkinner 2006-09-20 22:59 -------- d-------- C:\Program Files\CCleaner 2006-09-19 18:30 -------- d--h----- C:\Program Files\Common Files\cloader 2006-09-16 13:31 -------- d-------- C:\Documents and Settings\HP_Owner\Application Data\PlayFirst 2006-09-04 01:44 -------- d-------- C:\Program Files\AOD 2006-09-02 14:17 -------- d-------- C:\Program Files\AviSynth 2.5 2006-09-02 13:02 159744 --a------ C:\WINDOWS\win3208102-12584052006.exe 2006-08-31 15:11 -------- d-------- C:\Program Files\MSN 2006-08-31 15:11 -------- d-------- C:\Program Files\Messenger 2006-08-30 15:21 678912 --a------ C:\WINDOWS\is-3CD0P.exe 2006-08-30 15:20 -------- d-------- C:\Program Files\ComPlus Applications 2006-08-30 15:10 -------- d-------- C:\Program Files\Lavasoft 2006-08-30 15:10 -------- d-------- C:\Documents and Settings\HP_Owner\Application Data\Lavasoft 2006-08-30 13:52 8464 --a------ C:\WINDOWS\system32\sporder.dll 2006-08-30 13:48 186219 --a------ C:\WINDOWS\srvnhojrwr.exe 2006-08-30 13:48 146 --a------ C:\WINDOWS\file.bat 2006-08-30 13:47 45056 --a------ C:\WINDOWS\system32fufudc.exe 2006-08-30 13:47 28672 --a------ C:\WINDOWS\system32ra8pv.exe 2006-08-30 13:47 28672 --a------ C:\WINDOWS\system32\ra8pv.exe 2006-08-30 13:47 215308 --a------ C:\WINDOWS\Setup90.exe 2006-08-30 13:47 1233 --a------ C:\WINDOWS\system32\mpwc79a3.sys 2006-08-30 13:46 186223 --a------ C:\WINDOWS\srvgtgvcqy.exe 2006-08-30 13:45 365568 --a------ C:\814.exe 2006-08-30 13:45 32768 --a------ C:\WINDOWS\unstall.exe 2006-08-30 13:45 215308 --a------ C:\WINDOWS\srvsqyjzfw.exe 2006-08-26 01:59 -------- d-------- C:\Documents and Settings\HP_Owner\Application Data\vlc 2006-08-26 01:47 -------- d-------- C:\Program Files\VideoLAN 2006-08-22 17:27 -------- d-------- C:\Program Files\LimeWire 2006-08-07 11:17 61440 --a------ C:\WINDOWS\system32\BattyRun2.dll 2006-07-31 12:10 1142784 --a------ C:\WINDOWS\system32\kcnzrop6.exe 2006-07-31 12:09 24576 --a------ C:\WINDOWS\system32\ewxcksr.exe 2006-07-25 14:49 256000 --a------ C:\WINDOWS\system32\avrucdnit.exe (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "rwiq"="C:\\PROGRA~1\\COMMON~1\\rwiq\\rwiqm.exe" "ares"="\"C:\\Program Files\\Ares\\bak\\Ares.exe\" -h" "Srro"="\"C:\\DOCUME~1\\HP_Owner\\MYDOCU~1\\DOBE~1\\ntvdm.exe\" -vt yazb" "Cdrnfsco"="C:\\WINDOWS\\system32\\s?mbols\\w?auclt.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Microsoft Windows Logon Process"="C:\\WINDOWS\\winlogon.exe" "ms0605102-12584"="C:\\WINDOWS\\ms0605102-12584.exe" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000000 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="C:\\Program Files\\Messenger\\kyzeq.html" "SubscribedURL"="" "FriendlyName"="" "Flags"=dword:00002000 "Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\ 03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00 "CurrentState"=hex:01,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\ 00,00,01,00,00,00 "RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1] "Source"="C:\\Program Files\\MSN\\howynyj.html" "SubscribedURL"="" "FriendlyName"="" "Flags"=dword:00002000 "Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\ 03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00 "CurrentState"=hex:01,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\ 00,00,01,00,00,00 "RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\2] "Source"="http://www.angelkizz.net/graphics/cursors/butterfly/2.gif" "SubscribedURL"="http://www.angelkizz.net/graphics/cursors/butterfly/2.gif" "FriendlyName"="" "Flags"=dword:00000001 "Position"=hex:2c,00,00,00,a3,01,00,00,25,00,00,00,a2,00,00,00,98,00,00,00,ec,\ 03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:01,00,00,00 "OriginalStateInfo"=hex:18,00,00,00,d3,03,00,00,70,01,00,00,20,00,00,00,20,00,\ 00,00,01,00,00,40 "RestoredStateInfo"=hex:14,6d,be,07,41,c0,b4,74,d0,50,37,07,68,de,be,07,20,6d,\ be,07,81,65,00,00 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\3] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3c,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run] "wininet.dll"="mscornet.exe" "nvctrl.exe"="nvctrl.exe" [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll Completion time: Tue 10/03/2006 16:06:39.23 ComboFix.txt
  10. i tried all of these things in safemode and they actually work
  11. i cant pull up the task manager (ctrl alt delete) and even when i do reboot it still says the same thing
  12. Ok i downloaded that too but when i type in cmd it says that it is currently being used by another program
  13. ok i downloaded it but when i double click it, a black window appears and dissapears