HELP with backdoor.prorat

Unknown · August 2005

k people i have the backdoor.pro rat... the only two things that pop up when i run systemantic are winkey.dll and reginv.dll now this is starting to piss me off ive searched for the files in safe mode and i find them but when i try to delete them it says something like

cannot delete write-permision not granted or there is not enough disk space to delete and some odd krap.... im not a genious at comps and dont know how to understand this so please help i do have the hijackthis program from youre site... WHAT DO I DO ill post my hijackthis report thing.

Logfile of HijackThis v1.99.1
Scan saved at 1:03:15 PM, on 8/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\services.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Temporary Directory 2 for hijackthis_199.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://smbusiness.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\uspnr.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\uspnr.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\uspnr.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\uspnr.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.shopnav.com/sidesearch.cgi?uid=11376710&id=5.20013
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://smbusiness.dellnet.com/
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {1F44AA6D-EC41-5147-FC97-D58C6D7B6574} - C:\WINDOWS\system32\ipac.dll
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\program files\zangoclient\zanuhook.dll
O2 - BHO: Class - {282032FC-C6CA-9E36-F009-345A15203683} - C:\WINDOWS\javaln.dll
O2 - BHO: Class - {33AC2EFD-E2CC-A763-26F4-E66BD8536E46} - C:\WINDOWS\system32\mfcdy.dll
O2 - BHO: Class - {3959283E-C72B-D2BA-8167-B27A8FA8F55B} - C:\WINDOWS\crpy32.dll
O2 - BHO: Class - {42850B31-650A-1A17-D1B0-881BB42C236B} - C:\WINDOWS\winxu.dll
O2 - BHO: Class - {49C93116-9ED5-850D-A22A-44D58ADE0597} - C:\WINDOWS\system32\ipdk32.dll
O2 - BHO: Class - {538ECC2F-29D9-9161-D485-51734843D8C5} - C:\WINDOWS\system32\addah.dll
O2 - BHO: Class - {5402B92C-6C65-61DD-044E-3365457CC5E0} - C:\WINDOWS\system32\addbl32.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Class - {633EB830-4880-1709-46E6-0A1CC9794010} - C:\WINDOWS\system32\ipwp32.dll
O2 - BHO: Class - {7432FB40-2792-013E-0818-99CBAC8DFA5F} - C:\WINDOWS\addje.dll
O2 - BHO: Class - {894BD570-B4A2-85DB-D1B7-4D7DD80E9927} - C:\WINDOWS\apirs32.dll
O2 - BHO: Class - {93757B32-DCC3-5C75-4010-8C148E619B58} - C:\WINDOWS\system32\sdkur.dll
O2 - BHO: Class - {9941F477-C8DB-4323-B820-B2AA41985140} - C:\WINDOWS\systc32.dll
O2 - BHO: Class - {B4FD5A18-350A-B853-0086-35130E3BE2B4} - C:\WINDOWS\system32\sysvl.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {D1F99B4F-B224-52EE-A763-382898300C69} - C:\WINDOWS\system32\winzw.dll
O2 - BHO: Class - {E738C6A5-3A2F-F02D-4D80-960CA934569F} - C:\WINDOWS\mfcnh.dll
O2 - BHO: Class - {F33F2FA6-0C0F-4A13-B103-FD566BE5F16B} - C:\WINDOWS\system32\javakg.dll
O2 - BHO: Class - {F78C8767-D7AA-B6F9-7220-5FF80088C727} - C:\WINDOWS\system32\javaye32.dll
O2 - BHO: Class - {FF56B561-EE03-788D-F628-1F9CD8262ABA} - C:\WINDOWS\ipuf32.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Program Files\YourSiteBar\ysb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\system32\Agqmru.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [zanu] c:\program files\zangoclient\zanu.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [javalj.exe] C:\WINDOWS\system32\javalj.exe
O4 - HKLM\..\Run: [sdkvo32.exe] C:\WINDOWS\system32\sdkvo32.exe
O4 - HKLM\..\Run: [ipay32.exe] C:\WINDOWS\ipay32.exe
O4 - HKLM\..\Run: [applf32.exe] C:\WINDOWS\system32\applf32.exe
O4 - HKLM\..\Run: [javaia32.exe] C:\WINDOWS\javaia32.exe
O4 - HKLM\..\Run: [ipac.exe] C:\WINDOWS\system32\ipac.exe
O4 - HKLM\..\Run: [HKLM/Run] C:\WINDOWS\ms****.exe
O4 - HKLM\..\Run: [d3cx32.exe] C:\WINDOWS\system32\d3cx32.exe
O4 - HKLM\..\RunOnce: [netll32.exe] C:\WINDOWS\netll32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Arkadium - {A442DE97-7F7F-4265-A813-4E5D81C83EFE} - C:\Program Files\ArkadiumV2\arkadium.exe
O9 - Extra 'Tools' menuitem: Arkadium - {A442DE97-7F7F-4265-A813-4E5D81C83EFE} - C:\Program Files\ArkadiumV2\arkadium.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.2.5.42/omaha/omaha-ob-assets.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.2.5.28/aces/aces-ob-assets.cab
O16 - DPF: Ali Baba Slots TM by pogo - http://game1.pogo.com/applet-6.3.0.53/slots/alibaba-ob-assets.cab
O16 - DPF: Armored Attack by pogo - http://game1.pogo.com/applet-6.3.0.46/cctank/cctank-ob-assets.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.3.0.46/blackjack/blackjack-ob-assets.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.2.5.42/canasta/canasta-ob-assets.cab
O16 - DPF: ChatSpace Full Java Client 4.0.0.320 - http://69.31.7.116/Java/cfs40320.cab
O16 - DPF: Chess by pogo - http://game1.pogo.com/applet-6.2.5.42/chess2/chess2-ob-assets.cab
O16 - DPF: Command and Conquer Comanche by pogo - http://game1.pogo.com/applet-6.3.0.46/ccstrike/ccstrike-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.2.5.28/checkeredflag/checkeredflag-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.2.5.42/superbingo/superbingo-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.3.0.46/greenback/greenback-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.2.5.28/harvest/harvest-ob-assets.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.2.5.28/hearts/hearts-ob-assets.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-6.2.5.28/drawpoker/drawpoker-ob-assets.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.2.5.42/pool2/pool-ob-assets.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.2.5.28/jigsaw/jigsaw-ob-assets.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.2.5.28/lottso/lottso-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.2.5.28/mahjong/mahjong-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.2.5.28/waterwheel/waterwheel-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.3.0.46/flinger/flinger-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.2.5.42/popfu/popfu-ob-assets.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.2.5.28/poppazoppa/poppazoppa-ob-assets.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.2.5.28/poppit2/poppit2-ob-assets.cab
O16 - DPF: SciFi Slots by pogo - http://game1.pogo.com/applet-6.2.5.42/slots/scifi-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.2.5.28/slots/showbiz-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.2.5.28/squelchies/squelchies-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.3.0.46/sweettooth/sweettooth-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.2.5.28/holdem/holdem-ob-assets.cab
O16 - DPF: The Sims Pinball by pogo - http://game1.pogo.com/applet-6.3.0.46/simball/simball-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.3.0.46/peaks/peaks-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-6.2.5.28/jumbee/jumbee-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.2.5.28/wordwhomp/wordwhomp-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.2.5.28/whackdown/whackdown-ob-assets.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.2.5.42/wordjong/wordjong-ob-assets.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/FunBuddyIconsFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {CDAA0214-3907-4C47-A3F6-014DA1517440} (ArkDownloader Class) - http://www.gamedek.com/download/arkDownloader.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/default/gf.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\appgu32.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: MS Software Generic Host Process for Win32 Services (svchost) - Unknown owner - C:\WINDOWS\SYSTEM\svchost.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

PLEASE HELP ME!!!!!!!!!!!!!!

ragefast2500 · August 2005

ohhh and .... im in safe mode cuse my computer doesnt do anything in normal mode

Shadow2018 · August 2005

You have a nasty HSA infection. Please follow the following instructions. If you have rebooted since you posted your log you must post a new log. With this type of infection everytime you reboot the file names will change.

You will need to print these instructions for your reference as most of this Removal process must be done in safe mode where you will not have access to the internet.
(Skip the steps if you have already performed them)

1. Download CWShredder. Save it to your desktop and extract the files to your desktop.
Exit CWShredder for now.

2. Download aboutbuster. Save it to your desktop and extract the files to your desktop.
Exit aboutbuster for now.

3. Download Ad-Aware SE 1.06 . Save the setup file to your desktop. Run the setup file and place a shortcut on your desktop. Open Ad-Aware and click check for updates>click connect. Click download updates if updates are available.

4. Make all hidden files viewable .

5. Boot up into safe mode. To enter safe mode> reboot> tap the f8 button at the start up screen>select safe mode from the menu.

6. Run Hijack this and place a checkmark next to the following entries. Click “Fix Checked”:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\uspnr.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\uspnr.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\uspnr.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\uspnr.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.shopnav.com/sidese...6710&id=5.20013
O2 - BHO: Class - {1F44AA6D-EC41-5147-FC97-D58C6D7B6574} - C:\WINDOWS\system32\ipac.dll
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\program files\zangoclient\zanuhook.dll
O2 - BHO: Class - {282032FC-C6CA-9E36-F009-345A15203683} - C:\WINDOWS\javaln.dll
O2 - BHO: Class - {33AC2EFD-E2CC-A763-26F4-E66BD8536E46} - C:\WINDOWS\system32\mfcdy.dll
O2 - BHO: Class - {3959283E-C72B-D2BA-8167-B27A8FA8F55B} - C:\WINDOWS\crpy32.dll
O2 - BHO: Class - {42850B31-650A-1A17-D1B0-881BB42C236B} - C:\WINDOWS\winxu.dll
O2 - BHO: Class - {49C93116-9ED5-850D-A22A-44D58ADE0597} - C:\WINDOWS\system32\ipdk32.dll
O2 - BHO: Class - {538ECC2F-29D9-9161-D485-51734843D8C5} - C:\WINDOWS\system32\addah.dll
O2 - BHO: Class - {5402B92C-6C65-61DD-044E-3365457CC5E0} - C:\WINDOWS\system32\addbl32.dll
O2 - BHO: Class - {633EB830-4880-1709-46E6-0A1CC9794010} - C:\WINDOWS\system32\ipwp32.dll
O2 - BHO: Class - {7432FB40-2792-013E-0818-99CBAC8DFA5F} - C:\WINDOWS\addje.dll
O2 - BHO: Class - {894BD570-B4A2-85DB-D1B7-4D7DD80E9927} - C:\WINDOWS\apirs32.dll
O2 - BHO: Class - {93757B32-DCC3-5C75-4010-8C148E619B58} - C:\WINDOWS\system32\sdkur.dll
O2 - BHO: Class - {9941F477-C8DB-4323-B820-B2AA41985140} - C:\WINDOWS\systc32.dll
O2 - BHO: Class - {B4FD5A18-350A-B853-0086-35130E3BE2B4} - C:\WINDOWS\system32\sysvl.dll
O2 - BHO: Class - {D1F99B4F-B224-52EE-A763-382898300C69} - C:\WINDOWS\system32\winzw.dll
O2 - BHO: Class - {E738C6A5-3A2F-F02D-4D80-960CA934569F} - C:\WINDOWS\mfcnh.dll
O2 - BHO: Class - {F33F2FA6-0C0F-4A13-B103-FD566BE5F16B} - C:\WINDOWS\system32\javakg.dll
O2 - BHO: Class - {F78C8767-D7AA-B6F9-7220-5FF80088C727} - C:\WINDOWS\system32\javaye32.dll
O2 - BHO: Class - {FF56B561-EE03-788D-F628-1F9CD8262ABA} - C:\WINDOWS\ipuf32.dll
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Program Files\YourSiteBar\ysb.dll
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\system32\Agqmru.exe
O4 - HKLM\..\Run: [zanu] c:\program files\zangoclient\zanu.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [javalj.exe] C:\WINDOWS\system32\javalj.exe
O4 - HKLM\..\Run: [sdkvo32.exe] C:\WINDOWS\system32\sdkvo32.exe
O4 - HKLM\..\Run: [ipay32.exe] C:\WINDOWS\ipay32.exe
O4 - HKLM\..\Run: [applf32.exe] C:\WINDOWS\system32\applf32.exe
O4 - HKLM\..\Run: [javaia32.exe] C:\WINDOWS\javaia32.exe
O4 - HKLM\..\Run: [ipac.exe] C:\WINDOWS\system32\ipac.exe
O4 - HKLM\..\Run: [HKLM/Run] C:\WINDOWS\ms****.exe
O4 - HKLM\..\Run: [d3cx32.exe] C:\WINDOWS\system32\d3cx32.exe
O4 - HKLM\..\RunOnce: [netll32.exe] C:\WINDOWS\netll32.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\appgu32.exe(file missing)

7. Run CWShredder which you downloaded in step 1. Click the “Fix” button.

8. Now delete these files or directories if they exist:

C:\WINDOWS\system32\uspnr.dll
C:\WINDOWS\system32\ipac.dll
c:\program files\zangoclient
C:\WINDOWS\javaln.dll
C:\WINDOWS\system32\mfcdy.dll
C:\WINDOWS\crpy32.dll
C:\WINDOWS\winxu.dll
C:\WINDOWS\system32\ipdk32.dll
C:\WINDOWS\system32\addah.dll
C:\WINDOWS\system32\addbl32.dll
C:\WINDOWS\system32\ipwp32.dll
C:\WINDOWS\addje.dll
C:\WINDOWS\apirs32.dll
C:\WINDOWS\system32\sdkur.dll
C:\WINDOWS\systc32.dll
C:\WINDOWS\system32\sysvl.dll
C:\WINDOWS\system32\winzw.dll
C:\WINDOWS\mfcnh.dll
C:\WINDOWS\system32\javakg.dll
C:\WINDOWS\system32\javaye32.dll
C:\WINDOWS\ipuf32.dll
C:\Program Files\YourSiteBar
C:\Program Files\ISTsvc
C:\WINDOWS\system32\Agqmru.exe
c:\program files\zangoclient
C:\Program Files\BullsEye Network
C:\WINDOWS\system32\javalj.exe
C:\WINDOWS\system32\sdkvo32.exe
C:\WINDOWS\ipay32.exe
C:\WINDOWS\system32\applf32.exe
C:\WINDOWS\javaia32.exe
C:\WINDOWS\system32\ipac.exe
C:\WINDOWS\ms****.exe
C:\WINDOWS\system32\d3cx32.exe
C:\WINDOWS\netll32.exe
C:\Program Files\MyWebSearch
C:\WINDOWS\appgu32.exe

9. Run aboutbuster which you downloaded in step 2. Click ok>start>ok. Copy and paste the results of the aboutbuster scan to notepad. Save this as a .txt file.

10. Run a “full system scan" with Ad-Aware SE. Remove all files found.

11. Reboot and post a new Hijack This log with the results of the aboutbuster scan.

ragefast2500 · August 2005

here are my new results for hijack this

Logfile of HijackThis v1.99.1
Scan saved at 8:23:09 AM, on 8/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\services.exe
C:\DOCUME~1\Ragefast\LOCALS~1\Temp\Temporary Directory 1 for hijackthis_199.zip\HijackThis.exe
C:\DOCUME~1\Ragefast\LOCALS~1\Temp\Temporary Directory 2 for hijackthis_199.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\uspnr.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://smbusiness.dellnet.com/
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {1F44AA6D-EC41-5147-FC97-D58C6D7B6574} - C:\WINDOWS\system32\ipac.dll (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {D89FEB47-489B-5DB5-8F56-21233C5B92D4} - C:\WINDOWS\system32\appsq.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [atlzl.exe] C:\WINDOWS\SYSTEM32\atlzl.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Arkadium - {A442DE97-7F7F-4265-A813-4E5D81C83EFE} - C:\Program Files\ArkadiumV2\arkadium.exe
O9 - Extra 'Tools' menuitem: Arkadium - {A442DE97-7F7F-4265-A813-4E5D81C83EFE} - C:\Program Files\ArkadiumV2\arkadium.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.2.5.42/omaha/omaha-ob-assets.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.2.5.28/aces/aces-ob-assets.cab
O16 - DPF: Ali Baba Slots TM by pogo - http://game1.pogo.com/applet-6.3.0.53/slots/alibaba-ob-assets.cab
O16 - DPF: Armored Attack by pogo - http://game1.pogo.com/applet-6.3.0.46/cctank/cctank-ob-assets.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.3.0.46/blackjack/blackjack-ob-assets.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.2.5.42/canasta/canasta-ob-assets.cab
O16 - DPF: ChatSpace Full Java Client 4.0.0.320 - http://69.31.7.116/Java/cfs40320.cab
O16 - DPF: Chess by pogo - http://game1.pogo.com/applet-6.2.5.42/chess2/chess2-ob-assets.cab
O16 - DPF: Command and Conquer Comanche by pogo - http://game1.pogo.com/applet-6.3.0.46/ccstrike/ccstrike-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.2.5.28/checkeredflag/checkeredflag-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.2.5.42/superbingo/superbingo-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.3.0.46/greenback/greenback-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.2.5.28/harvest/harvest-ob-assets.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.2.5.28/hearts/hearts-ob-assets.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-6.2.5.28/drawpoker/drawpoker-ob-assets.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.2.5.42/pool2/pool-ob-assets.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.2.5.28/jigsaw/jigsaw-ob-assets.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.2.5.28/lottso/lottso-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.2.5.28/mahjong/mahjong-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.2.5.28/waterwheel/waterwheel-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.3.0.46/flinger/flinger-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.2.5.42/popfu/popfu-ob-assets.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.2.5.28/poppazoppa/poppazoppa-ob-assets.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.2.5.28/poppit2/poppit2-ob-assets.cab
O16 - DPF: SciFi Slots by pogo - http://game1.pogo.com/applet-6.2.5.42/slots/scifi-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.2.5.28/slots/showbiz-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.2.5.28/squelchies/squelchies-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.3.0.46/sweettooth/sweettooth-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.2.5.28/holdem/holdem-ob-assets.cab
O16 - DPF: The Sims Pinball by pogo - http://game1.pogo.com/applet-6.3.0.46/simball/simball-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.3.0.46/peaks/peaks-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-6.2.5.28/jumbee/jumbee-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.2.5.28/wordwhomp/wordwhomp-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.2.5.28/whackdown/whackdown-ob-assets.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.2.5.42/wordjong/wordjong-ob-assets.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/FunBuddyIconsFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {CDAA0214-3907-4C47-A3F6-014DA1517440} (ArkDownloader Class) - http://www.gamedek.com/download/arkDownloader.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/default/gf.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\appgu32.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: MS Software Generic Host Process for Win32 Services (svchost) - Unknown owner - C:\WINDOWS\SYSTEM\svchost.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

here is my log file for the AboutBuster 5.0 scan

AboutBuster 5.0 reference file 28
Scan started on [8/2/2005] at [8:26:59 AM]

Removed Stream! C:\WINDOWS\aaiqi.dat:ufqyce
Removed Stream! C:\WINDOWS\acimn.txt:mfbdwg
Removed Stream! C:\WINDOWS\afctz.log:nyxga
Removed Stream! C:\WINDOWS\agngn.log:fbkxh
Removed Stream! C:\WINDOWS\anpul.dat:vdbmf
Removed Stream! C:\WINDOWS\aocck.log:ofhjl
Removed Stream! C:\WINDOWS\AolCInUn.exe:efidfq
Removed Stream! C:\WINDOWS\AolCInUn.exe:ryhgyy
Removed Stream! C:\WINDOWS\AolCInUn.exe:stmllc
Removed Stream! C:\WINDOWS\aomrn.dat:ifgct
Removed Stream! C:\WINDOWS\appxu32.exe:fzilap
Removed Stream! C:\WINDOWS\aqtvc.log:fmiqde
Removed Stream! C:\WINDOWS\awnqi.dat:xnavxp
Removed Stream! C:\WINDOWS\bcjji.log:aeczij
Removed Stream! C:\WINDOWS\BCMSMMSG.exe:sqqgzi
Removed Stream! C:\WINDOWS\BCMSMU.exe:xniaej
Removed Stream! C:\WINDOWS\bivzo.txt:chcigf
Removed Stream! C:\WINDOWS\blgcg.dat:gynocq
Removed Stream! C:\WINDOWS\blgcg.dat:qlyrqa
Removed Stream! C:\WINDOWS\blgcg.dat:qvtsi
Removed Stream! C:\WINDOWS\Blue Lace 16.bmp:aflsvx
Removed Stream! C:\WINDOWS\Blue Lace 16.bmp:cglsxn
Removed Stream! C:\WINDOWS\Blue Lace 16.bmp:uzatcq
Removed Stream! C:\WINDOWS\bnjjm.log:tfuecu
Removed Stream! C:\WINDOWS\BOOTSTAT.DAT:nsqnwb
Removed Stream! C:\WINDOWS\BOOTSTAT.DAT:uhvnip
Removed Stream! C:\WINDOWS\bqjfa.txt:msjhh
Removed Stream! C:\WINDOWS\bvclg.log:ehbdyw
Removed Stream! C:\WINDOWS\bvclg.log:wjsrmj
Removed Stream! C:\WINDOWS\bvehh.dat:xoglxf
Removed Stream! C:\WINDOWS\bxunc.dat:fjyyxc
Removed Stream! C:\WINDOWS\cfmjp.dat:yjrlzm
Removed Stream! C:\WINDOWS\cgcnn.dat:ewjtzn
Removed Stream! C:\WINDOWS\cjxoa.dat:qpyyri
Removed Stream! C:\WINDOWS\cjzor.txt:nefqes
Removed Stream! C:\WINDOWS\cjzor.txt:qkbrtp
Removed Stream! C:\WINDOWS\CLOCK.AVI:lvkszq
Removed Stream! C:\WINDOWS\cmsetacl.log:kwktoq
Removed Stream! C:\WINDOWS\cnrzz.dat:gfqwyc
Removed Stream! C:\WINDOWS\cnrzz.dat:iluwvz
Removed Stream! C:\WINDOWS\Coffee Bean.bmp:ymeglm
Removed Stream! C:\WINDOWS\COMSETUP.LOG:bbyvt
Removed Stream! C:\WINDOWS\CONTROL.INI:clnldn
Removed Stream! C:\WINDOWS\CONTROL.INI:nwfwbb
Removed Stream! C:\WINDOWS\CONTROL.INI:tembpj
Removed Stream! C:\WINDOWS\corelpf(2).lrs:emldj
Removed Stream! C:\WINDOWS\corelpf(3).lrs:apdyvg
Removed Stream! C:\WINDOWS\corelpf(3).lrs:hepwfd
Removed Stream! C:\WINDOWS\corelpf(3).lrs:ksdhys
Removed Stream! C:\WINDOWS\corelpf(3).lrs:wtwihx
Removed Stream! C:\WINDOWS\corelpf.lrs:htngcg
Removed Stream! C:\WINDOWS\corelpf.lrs:lefpsm
Removed Stream! C:\WINDOWS\cydef.log:bfhzag
Removed Stream! C:\WINDOWS\cykrh.txt:iwxxb
Removed Stream! C:\WINDOWS\dbtni.dat:efpumw
Removed Stream! C:\WINDOWS\DELL.BMP:nspbsw
Removed Stream! C:\WINDOWS\DELL.BMP:tirwec
Removed Stream! C:\WINDOWS\DESKTOP.INI:jrtztj
Removed Stream! C:\WINDOWS\DESKTOP.INI:wgizoh
Removed Stream! C:\WINDOWS\Directx.log:gdmvon
Removed Stream! C:\WINDOWS\Directx.log:swwadh
Removed Stream! C:\WINDOWS\dkdsn.log:umqhym
Removed Stream! C:\WINDOWS\dlcwi.dat:phbnij
Removed Stream! C:\WINDOWS\dobtj.txt:hmqvyo
Removed Stream! C:\WINDOWS\dobtj.txt:sfwslx
Removed Stream! C:\WINDOWS\dohil.log:ntmdv
Removed Stream! C:\WINDOWS\DtcInstall.log:aocckb
Removed Stream! C:\WINDOWS\DtcInstall.log:jxfpee
Removed Stream! C:\WINDOWS\DtcInstall.log:nvfdfh
Removed Stream! C:\WINDOWS\DtcInstall.log:wgmst
Removed Stream! C:\WINDOWS\dxkso.txt:muvdxo
Removed Stream! C:\WINDOWS\eavou.txt:jjrqiw
Removed Stream! C:\WINDOWS\eavou.txt:libbcz
Removed Stream! C:\WINDOWS\eavou.txt:mouews
Removed Stream! C:\WINDOWS\eavou.txt:mrbsr
Removed Stream! C:\WINDOWS\edqoe.txt:lpdbkx
Removed Stream! C:\WINDOWS\eoloe.txt:eqngmi
Removed Stream! C:\WINDOWS\etaoo.txt:vugwws
Removed Stream! C:\WINDOWS\explorer.exe:dobtjx
Removed Stream! C:\WINDOWS\EXPLORER.SCF:gsakxt
Removed Stream! C:\WINDOWS\EXPLORER.SCF:rjuqed
Removed Stream! C:\WINDOWS\FaxSetup.log:jwewbh
Removed Stream! C:\WINDOWS\FaxSetup.log:oyawcm
Removed Stream! C:\WINDOWS\FaxSetup.log:wxwybg
Removed Stream! C:\WINDOWS\FaxSetup.log:xvjhsf
Removed Stream! C:\WINDOWS\fazcv.log:zywdu
Removed Stream! C:\WINDOWS\fbumm.txt:jygwwm
Removed Stream! C:\WINDOWS\fcfwc.dat:jgtdge
Removed Stream! C:\WINDOWS\fcfwc.dat:ttvyub
Removed Stream! C:\WINDOWS\FeatherTexture.bmp:anmcin
Removed Stream! C:\WINDOWS\FeatherTexture.bmp:pbsycv
Removed Stream! C:\WINDOWS\FeatherTexture.bmp:stktfg
Removed Stream! C:\WINDOWS\FeatherTexture.bmp:uouqqn
Removed Stream! C:\WINDOWS\FeatherTexture.bmp:vvhemy
Removed Stream! C:\WINDOWS\fheqq.txt:muodod
Removed Stream! C:\WINDOWS\fkhio.dat:hmglzy
Removed Stream! C:\WINDOWS\foqiy.dat:tuyvdw
Removed Stream! C:\WINDOWS\ftazz.txt:cjctlt
Removed Stream! C:\WINDOWS\ftazz.txt:evrixz
Removed Stream! C:\WINDOWS\ftazz.txt:vfrzq
Removed Stream! C:\WINDOWS\ftisq.txt:ejdtl
Removed Stream! C:\WINDOWS\fvejq.txt:mtjub
Removed Stream! C:\WINDOWS\fzpwa.txt:huawjn
Removed Stream! C:\WINDOWS\fzwiy.log:hofvjv
Removed Stream! C:\WINDOWS\gcdvg.log:qwcmvp
Removed Stream! C:\WINDOWS\gnriu.txt:mpmdsy
Removed Stream! C:\WINDOWS\Gone Fishing.bmp:hefzvn
Removed Stream! C:\WINDOWS\grbkq.dat:qlmyu
Removed Stream! C:\WINDOWS\Greenstone.bmp:duuhzi
Removed Stream! C:\WINDOWS\Greenstone.bmp:gqwdqd
Removed Stream! C:\WINDOWS\Greenstone.bmp:oypddi
Removed Stream! C:\WINDOWS\gtnhp.dat:vjgjf
Removed Stream! C:\WINDOWS\hcpkb.txt:rvecgb
Removed Stream! C:\WINDOWS\hh.exe:xmhdrl
Removed Stream! C:\WINDOWS\hhkmx.txt:aakeme
Removed Stream! C:\WINDOWS\hjymh.log:arhia
Removed Stream! C:\WINDOWS\hkdwi.txt:tbckoo
Removed Stream! C:\WINDOWS\hkomm.dat:dynud
Removed Stream! C:\WINDOWS\hojoi.txt:dnfrbq
Removed Stream! C:\WINDOWS\hshsw.log:cpzajr
Removed Stream! C:\WINDOWS\hshsw.log:nznhrb
Removed Stream! C:\WINDOWS\hshsw.log:pzqyj
Removed Stream! C:\WINDOWS\htcba.log:hzeifl
Removed Stream! C:\WINDOWS\htcba.log:pcaugw
Removed Stream! C:\WINDOWS\htcba.log:vvnmcs
Removed Stream! C:\WINDOWS\htemp.log:woywda
Removed Stream! C:\WINDOWS\hyjeb.txt:qnailv
Removed Stream! C:\WINDOWS\hyjeb.txt:qnmwq
Removed Stream! C:\WINDOWS\ICG32.DLL:ihserv
Removed Stream! C:\WINDOWS\ICOADB32.DAT:xqpopk
Removed Stream! C:\WINDOWS\IIS6.LOG:imedrz
Removed Stream! C:\WINDOWS\isexh.log:egoduf
Removed Stream! C:\WINDOWS\iupwc.txt:snqdg
Removed Stream! C:\WINDOWS\iuufi.dat:ztxsrd
Removed Stream! C:\WINDOWS\ixiae.log:suhflo
Removed Stream! C:\WINDOWS\iyfrq.txt:mromwq
Removed Stream! C:\WINDOWS\iyfrq.txt:rnsezm
Removed Stream! C:\WINDOWS\iyfrq.txt:xxhocq
Removed Stream! C:\WINDOWS\jautoexp.dat:fvmcv
Removed Stream! C:\WINDOWS\jgzwn.txt:pyatws
Removed Stream! C:\WINDOWS\jpfko.log:vospia
Removed Stream! C:\WINDOWS\jtdfy.log:czbsnu
Removed Stream! C:\WINDOWS\jtdfy.log:htempt
Removed Stream! C:\WINDOWS\jtlza.log:ivmtn
Removed Stream! C:\WINDOWS\jtpqi.txt:zdcwpt
Removed Stream! C:\WINDOWS\jxort.log:ktsig
Removed Stream! C:\WINDOWS\KB823559.log:wrbcbg
Removed Stream! C:\WINDOWS\KB828741.log:mxdtka
Removed Stream! C:\WINDOWS\KB828741.log:prbylu
Removed Stream! C:\WINDOWS\KB833987.log:kdnlye
Removed Stream! C:\WINDOWS\KB834707-IE6-20040929.115007.log:xptbta
Removed Stream! C:\WINDOWS\KB835732.log:hrudnf
Removed Stream! C:\WINDOWS\KB840987.log:fgjsbr
Removed Stream! C:\WINDOWS\KB840987.log:vgcopm
Removed Stream! C:\WINDOWS\KB841356.log:pqmgnk
Removed Stream! C:\WINDOWS\KB841356.log:tpfecj
Removed Stream! C:\WINDOWS\KB841533.log:cstulr
Removed Stream! C:\WINDOWS\KB841533.log:nrcoia
Removed Stream! C:\WINDOWS\KB842773.log:mysdam
Removed Stream! C:\WINDOWS\KB842773.log:wpezut
Removed Stream! C:\WINDOWS\KB867282.log:lqqjet
Removed Stream! C:\WINDOWS\KB873333.log:hnlygp
Removed Stream! C:\WINDOWS\KB873339.log:clfcqu
Removed Stream! C:\WINDOWS\KB883939.log:ubtpld
Removed Stream! C:\WINDOWS\KB883939.log:zodeiz
Removed Stream! C:\WINDOWS\KB885250.log:fvpeim
Removed Stream! C:\WINDOWS\KB885250.log:vmqhke
Removed Stream! C:\WINDOWS\KB885835.log:zuibnn
Removed Stream! C:\WINDOWS\KB885836.log:qvulgw
Removed Stream! C:\WINDOWS\KB887472.log:wjthbv
Removed Stream! C:\WINDOWS\KB887742.log:cbnfyv
Removed Stream! C:\WINDOWS\KB888113.log:dpkeme
Removed Stream! C:\WINDOWS\KB890046.log:bgvixq
Removed Stream! C:\WINDOWS\KB890046.log:wpvkoo
Removed Stream! C:\WINDOWS\KB890859.log:iqvweo
Removed Stream! C:\WINDOWS\KB890859.log:muqqvh
Removed Stream! C:\WINDOWS\KB890923.log:ptjuml
Removed Stream! C:\WINDOWS\KB890923.log:xwhtg
Removed Stream! C:\WINDOWS\KB891781.log:qisiig
Removed Stream! C:\WINDOWS\KB893066.log:wfqvro
Removed Stream! C:\WINDOWS\KB893086.log:fvivxs
Removed Stream! C:\WINDOWS\KB893803.log:isngqq
Removed Stream! C:\WINDOWS\KB896422.log:qxrko
Removed Stream! C:\WINDOWS\KB896428.log:nfpesr
Removed Stream! C:\WINDOWS\kdqls.log:tikzv
Removed Stream! C:\WINDOWS\kisas.dat:yskdly
Removed Stream! C:\WINDOWS\kpanr.dat:rtuifj
Removed Stream! C:\WINDOWS\kqjpn.txt:boeupb
Removed Stream! C:\WINDOWS\kwzel.log:nttizt
Removed Stream! C:\WINDOWS\lcovv.dll:nwpvka
Removed Stream! C:\WINDOWS\LEXSTAT.INI:mbadh
Removed Stream! C:\WINDOWS\lhzkx.txt:fukud
Removed Stream! C:\WINDOWS\lrlhb.txt:uiweo
Removed Stream! C:\WINDOWS\ltfss.log:ghpdyy
Removed Stream! C:\WINDOWS\mfcqy.exe:tohion
Removed Stream! C:\WINDOWS\mfwku.txt:slnloa
Removed Stream! C:\WINDOWS\mpgpw.txt:rpidol
Removed Stream! C:\WINDOWS\MSDFMAP.INI:ambsrv
Removed Stream! C:\WINDOWS\MSDFMAP.INI:hcpkbd
Removed Stream! C:\WINDOWS\MSDFMAP.INI:ywmqqt
Removed Stream! C:\WINDOWS\msnavpklog.txt:eslyni
Removed Stream! C:\WINDOWS\msnavpklog.txt:nxbfzw
Removed Stream! C:\WINDOWS\msnsetuplog.txt:wicueo
Removed Stream! C:\WINDOWS\msoffice.ini:ivoqrb
Removed Stream! C:\WINDOWS\msoffice.ini:sfflrw
Removed Stream! C:\WINDOWS\ncc1.txt:gcajyx
Removed Stream! C:\WINDOWS\netff.exe:nusuwq
Removed Stream! C:\WINDOWS\netsa.exe:xoeczc
Removed Stream! C:\WINDOWS\nmcbc.txt:obmrpn
Removed Stream! C:\WINDOWS\notepad.exe:fxklzp
Removed Stream! C:\WINDOWS\notepad.exe:lylcdc
Removed Stream! C:\WINDOWS\nsqnw.log:hwcycg
Removed Stream! C:\WINDOWS\ntdtcsetup.log:fmuocj
Removed Stream! C:\WINDOWS\ntdtcsetup.log:zxuexq
Removed Stream! C:\WINDOWS\ntgw32.exe:mlrnet
Removed Stream! C:\WINDOWS\nthg32.exe:igjytr
Removed Stream! C:\WINDOWS\nvkgn.txt:xbeefn
Removed Stream! C:\WINDOWS\nwaox.log:gbmceg
Removed Stream! C:\WINDOWS\n_abanvu.log:agclnc
Removed Stream! C:\WINDOWS\n_agdfrl.txt:pbwray
Removed Stream! C:\WINDOWS\n_agdfrl.txt:rpinux
Removed Stream! C:\WINDOWS\n_agdfrl.txt:sukxpz
Removed Stream! C:\WINDOWS\n_alcgmq.txt:zbwhgq
Removed Stream! C:\WINDOWS\n_aqjijc.txt:abmtwc
Removed Stream! C:\WINDOWS\n_atnxjh.txt:gphdkj
Removed Stream! C:\WINDOWS\n_atnxjh.txt:kvddrb
Removed Stream! C:\WINDOWS\n_aywwwe.log:hylbr
Removed Stream! C:\WINDOWS\n_bdlilx.log:infzqw
Removed Stream! C:\WINDOWS\n_bdlilx.log:kqaswh
Removed Stream! C:\WINDOWS\n_bdlilx.log:rumlw
Removed Stream! C:\WINDOWS\n_bjinex.log:kpqdnc
Removed Stream! C:\WINDOWS\n_bolaxo.log:lausfw
Removed Stream! C:\WINDOWS\n_bolaxo.log:mpzyjg
Removed Stream! C:\WINDOWS\n_bolaxo.log:pgtha
Removed Stream! C:\WINDOWS\n_bwgfls.txt:xkbutz
Removed Stream! C:\WINDOWS\n_cdhnzs.log:fcfwcx
Removed Stream! C:\WINDOWS\n_cfckqd.txt:qekdvb
Removed Stream! C:\WINDOWS\n_ctrtyf.dat:lplqhu
Removed Stream! C:\WINDOWS\n_cwqbyv.dat:ewuwiq
Removed Stream! C:\WINDOWS\n_dblfwq.txt:yydixy
Removed Stream! C:\WINDOWS\n_dfpnky.log:dnlipn
Removed Stream! C:\WINDOWS\n_dfpnky.log:vsddsu
Removed Stream! C:\WINDOWS\n_dfpnky.log:yrddri
Removed Stream! C:\WINDOWS\n_dftrzm.txt:qzovza
Removed Stream! C:\WINDOWS\n_drpjfg.txt:qsnils
Removed Stream! C:\WINDOWS\n_drpjfg.txt:sihnqv
Removed Stream! C:\WINDOWS\n_drpjfg.txt:sqyycm
Removed Stream! C:\WINDOWS\n_drpjfg.txt:tavaay
Removed Stream! C:\WINDOWS\n_dujdlg.txt:wdosji
Removed Stream! C:\WINDOWS\n_ekjesl.txt:nvvlc
Removed Stream! C:\WINDOWS\n_emfyin.dat:zwgmjm
Removed Stream! C:\WINDOWS\n_enbzeq.log:icseto
Removed Stream! C:\WINDOWS\n_enbzeq.log:ragbbe
Removed Stream! C:\WINDOWS\n_esvwze.dat:ertat
Removed Stream! C:\WINDOWS\n_evjazv.dat:bxlzvf
Removed Stream! C:\WINDOWS\n_evjazv.dat:rxyrdo
Removed Stream! C:\WINDOWS\n_fgjsbr.dat:vyzmby
Removed Stream! C:\WINDOWS\n_fmuktv.log:lwqbjr
Removed Stream! C:\WINDOWS\n_ftpidj.txt:kycvch
Removed Stream! C:\WINDOWS\n_fttykc.txt:cjzhpa
Removed Stream! C:\WINDOWS\n_fttykc.txt:pzokjm
Removed Stream! C:\WINDOWS\n_fttykc.txt:txvob
Removed Stream! C:\WINDOWS\n_fwkiru.dat:cynbws
Removed Stream! C:\WINDOWS\n_fwkiru.dat:omymc
Removed Stream! C:\WINDOWS\n_fzvcea.dat:lsxupg
Removed Stream! C:\WINDOWS\n_fzywqw.log:kdtimg
Removed Stream! C:\WINDOWS\n_gcblnn.log:ethasq
Removed Stream! C:\WINDOWS\n_gccqbn.dat:hayqdx
Removed Stream! C:\WINDOWS\n_gdgddf.txt:rrxmdz
Removed Stream! C:\WINDOWS\n_gfhenf.txt:mbzxu
Removed Stream! C:\WINDOWS\n_gglvxv.txt:mriqcd
Removed Stream! C:\WINDOWS\n_gshyja.txt:dxghmn
Removed Stream! C:\WINDOWS\n_gshyja.txt:krprxk
Removed Stream! C:\WINDOWS\n_hjguyb.dat:wyymgy
Removed Stream! C:\WINDOWS\n_hrudnf.log:uvllmi
Removed Stream! C:\WINDOWS\n_hvygdb.log:bqfgnz
Removed Stream! C:\WINDOWS\n_hvygdb.log:vzpsmk
Removed Stream! C:\WINDOWS\n_hwramv.log:fstwwg
Removed Stream! C:\WINDOWS\n_hwramv.log:ksihsq
Removed Stream! C:\WINDOWS\n_iacnnb.txt:epczgv
Removed Stream! C:\WINDOWS\n_iilcgd.dat:urxmhb
Removed Stream! C:\WINDOWS\n_imjmpl.dat:jubang
Removed Stream! C:\WINDOWS\n_iottbe.dat:dbtniz
Removed Stream! C:\WINDOWS\n_iottbe.dat:qfznw
Removed Stream! C:\WINDOWS\n_izfjqm.log:wcusz
Removed Stream! C:\WINDOWS\n_jagbuk.dat:bdtnm
Removed Stream! C:\WINDOWS\n_jhyqyl.dat:zfsxqf
Removed Stream! C:\WINDOWS\n_jjrqiw.txt:bgkxs
Removed Stream! C:\WINDOWS\n_jksrdn.log:aoqesh
Removed Stream! C:\WINDOWS\n_jksrdn.log:brktya
Removed Stream! C:\WINDOWS\n_jksrdn.log:judvej
Removed Stream! C:\WINDOWS\n_jksrdn.log:xkzno
Removed Stream! C:\WINDOWS\n_jsmmle.dat:dcscjo
Removed Stream! C:\WINDOWS\n_jwyxpy.txt:tbkgny
Removed Stream! C:\WINDOWS\n_kfvokm.log:ifxpdi
Removed Stream! C:\WINDOWS\n_kmgsvx.txt:qlsfpe
Removed Stream! C:\WINDOWS\n_kmgsvx.txt:tayiqr
Removed Stream! C:\WINDOWS\n_kngfgw.log:bpdfef
Removed Stream! C:\WINDOWS\n_kngfgw.log:fnxllq
Removed Stream! C:\WINDOWS\n_kngfgw.log:foezpt
Removed Stream! C:\WINDOWS\n_kngfgw.log:wdlidy
Removed Stream! C:\WINDOWS\n_koxvab.dat:toobun
Removed Stream! C:\WINDOWS\n_koxvab.dat:zccszl
Removed Stream! C:\WINDOWS\n_lcozri.txt:dvzxht
Removed Stream! C:\WINDOWS\n_lhnskd.dat:entqg
Removed Stream! C:\WINDOWS\n_ljkfii.txt:gmnsz
Removed Stream! C:\WINDOWS\n_loxxxs.dat:nsewuh
Removed Stream! C:\WINDOWS\n_lucivy.txt:bndpkz
Removed Stream! C:\WINDOWS\n_lzsxae.txt:lalpk
Removed Stream! C:\WINDOWS\n_mjbfrv.txt:dgatie
Removed Stream! C:\WINDOWS\n_mjbfrv.txt:hkdwit
Removed Stream! C:\WINDOWS\n_mjszfh.log:eimswq
Removed Stream! C:\WINDOWS\n_mjszfh.log:ihwzwu
Removed Stream! C:\WINDOWS\n_mjszfh.log:mxahyx
Removed Stream! C:\WINDOWS\n_ndmfum.log:qxeloa
Removed Stream! C:\WINDOWS\n_nlujwj.txt:gzwvoa
Removed Stream! C:\WINDOWS\n_noblfq.log:bioeqw
Removed Stream! C:\WINDOWS\n_noblfq.log:lggzgm
Removed Stream! C:\WINDOWS\n_noblfq.log:vhtyko
Removed Stream! C:\WINDOWS\n_nskixl.txt:eytnsa
Removed Stream! C:\WINDOWS\n_nspbsw.dat:ehynbx
Removed Stream! C:\WINDOWS\n_ntfcpu.log:bhdlkz
Removed Stream! C:\WINDOWS\n_nyktod.log:fxaamw
Removed Stream! C:\WINDOWS\n_nyktod.log:nwejud
Removed Stream! C:\WINDOWS\n_obbuox.dat:fwwooo
Removed Stream! C:\WINDOWS\n_obbuox.dat:oiddez
Removed Stream! C:\WINDOWS\n_obbuox.dat:tjhjsg
Removed Stream! C:\WINDOWS\n_obbuox.dat:zwkgge
Removed Stream! C:\WINDOWS\n_oirjqp.log:yopiyb
Removed Stream! C:\WINDOWS\n_opynfv.log:yswvm
Removed Stream! C:\WINDOWS\n_osfevu.dat:cktbmu
Removed Stream! C:\WINDOWS\n_osfevu.dat:rpinal
Removed Stream! C:\WINDOWS\n_osfevu.dat:urkhjq
Removed Stream! C:\WINDOWS\n_pjfefw.log:mkzpmr
Removed Stream! C:\WINDOWS\n_purtmx.dat:ukmgof
Removed Stream! C:\WINDOWS\n_pyskan.log:yuhdoc
Removed Stream! C:\WINDOWS\n_qaszyp.dat:qyjlfq
Removed Stream! C:\WINDOWS\n_qaszyp.dat:tjarva
Removed Stream! C:\WINDOWS\n_qformd.log:cxwrdr
Removed Stream! C:\WINDOWS\n_qformd.log:gbwrzb
Removed Stream! C:\WINDOWS\n_qformd.log:qkqwpv
Removed Stream! C:\WINDOWS\n_qformd.log:wukoh
Removed Stream! C:\WINDOWS\n_qlvgpa.txt:mgeowf
Removed Stream! C:\WINDOWS\n_qokpnz.txt:ellksn
Removed Stream! C:\WINDOWS\n_qtsglm.txt:dlxxkr
Removed Stream! C:\WINDOWS\n_qtsglm.txt:tdokxq
Removed Stream! C:\WINDOWS\n_qtsglm.txt:yvdmln
Removed Stream! C:\WINDOWS\n_qvowef.txt:ktfsjq
Removed Stream! C:\WINDOWS\n_qvowef.txt:tprgxm
Removed Stream! C:\WINDOWS\n_qxoxre.txt:usimjb
Removed Stream! C:\WINDOWS\n_qzgigg.log:dcvdgp
Removed Stream! C:\WINDOWS\n_rayeqb.txt:qxwnmm
Removed Stream! C:\WINDOWS\n_rhwjha.txt:ezkasp
Removed Stream! C:\WINDOWS\n_rioocr.dat:caswzp
Removed Stream! C:\WINDOWS\n_rioocr.dat:upnsap
Removed Stream! C:\WINDOWS\n_rueolw.txt:grbkqa
Removed Stream! C:\WINDOWS\n_rxrwmb.txt:mtbrmm
Removed Stream! C:\WINDOWS\n_rxrwmb.txt:odynd
Removed Stream! C:\WINDOWS\n_stutzl.log:bahnhj
Removed Stream! C:\WINDOWS\n_suwabu.log:hltwxx
Removed Stream! C:\WINDOWS\n_toerfk.dat:hdnlp
Removed Stream! C:\WINDOWS\n_tvbypd.txt:rpokou
Removed Stream! C:\WINDOWS\n_tvbypd.txt:xwpjna
Removed Stream! C:\WINDOWS\n_tvhobl.txt:aeebri
Removed Stream! C:\WINDOWS\n_tvhobl.txt:smndnw
Removed Stream! C:\WINDOWS\n_txzxbz.dat:bnxzu
Removed Stream! C:\WINDOWS\n_tytmpr.dat:kujrf
Removed Stream! C:\WINDOWS\n_ubajyo.log:fxcytv
Removed Stream! C:\WINDOWS\n_uixatc.dat:ornevj
Removed Stream! C:\WINDOWS\n_uoemej.txt:yprjrg
Removed Stream! C:\WINDOWS\n_uvmuek.log:naerj
Removed Stream! C:\WINDOWS\n_uxvghk.log:woqzyn
Removed Stream! C:\WINDOWS\n_vaeiif.dat:poaeax
Removed Stream! C:\WINDOWS\n_vaeiif.dat:xblzca
Removed Stream! C:\WINDOWS\n_vgsiiu.dat:qwdlr
Removed Stream! C:\WINDOWS\n_vjylky.log:pceeek
Removed Stream! C:\WINDOWS\n_vmappc.log:ikqsea
Removed Stream! C:\WINDOWS\n_vnoxmy.log:aljxgl
Removed Stream! C:\WINDOWS\n_vnoxmy.log:pwiohk
Removed Stream! C:\WINDOWS\n_vqsftm.dat:nntrrb
Removed Stream! C:\WINDOWS\n_wjjqrn.dat:cvsrph
Removed Stream! C:\WINDOWS\n_wpuzgg.dat:foeetd
Removed Stream! C:\WINDOWS\n_wpuzgg.dat:rlfbgl
Removed Stream! C:\WINDOWS\n_wqrcmt.txt:fbysnv
Removed Stream! C:\WINDOWS\n_wqrcmt.txt:ixbbjm
Removed Stream! C:\WINDOWS\n_wtprzw.log:uwkejr
Removed Stream! C:\WINDOWS\n_xbyzbn.txt:crxbyq
Removed Stream! C:\WINDOWS\n_xemznl.log:ykara
Removed Stream! C:\WINDOWS\n_xhpfve.txt:ycqxhg
Removed Stream! C:\WINDOWS\n_xmedjp.dat:sdfkim
Removed Stream! C:\WINDOWS\n_xwnhhc.txt:iturvj
Removed Stream! C:\WINDOWS\n_xwnhhc.txt:leqxco
Removed Stream! C:\WINDOWS\n_ycqxhg.log:ymhzve
Removed Stream! C:\WINDOWS\n_yoscig.log:slrumg
Removed Stream! C:\WINDOWS\n_ywzext.dat:hxlyik
Removed Stream! C:\WINDOWS\n_zfuiik.log:jkxjph
Removed Stream! C:\WINDOWS\n_zirlxc.log:cniucy
Removed Stream! C:\WINDOWS\n_zirlxc.log:sythex
Removed Stream! C:\WINDOWS\n_zirlxc.log:xdvopp
Removed Stream! C:\WINDOWS\n_zirlxc.log:ysjyzw
Removed Stream! C:\WINDOWS\n_zirlxc.log:ysoykb
Removed Stream! C:\WINDOWS\n_zjpwcf.txt:jtcqwu
Removed Stream! C:\WINDOWS\n_zlyxlv.log:clqxjs
Removed Stream! C:\WINDOWS\n_zqvbrc.log:tuuvrf
Removed Stream! C:\WINDOWS\n_zqvbrc.log:vfbzei
Removed Stream! C:\WINDOWS\OCGEN.LOG:tugkno
Removed Stream! C:\WINDOWS\ODBCINST.INI:jurjgn
Removed Stream! C:\WINDOWS\OEWABLog.txt:ixqzzi
Removed Stream! C:\WINDOWS\OOBEACT.LOG:lvrqhr
Removed Stream! C:\WINDOWS\OOBEACT.LOG:xnnvpo
Removed Stream! C:\WINDOWS\oohnu.log:mdrzno
Removed Stream! C:\WINDOWS\optfi.txt:tveda
Removed Stream! C:\WINDOWS\orun32.ini:cvkway
Removed Stream! C:\WINDOWS\orun32.ini:obgycy
Removed Stream! C:\WINDOWS\orun32.ini:xveixj
Removed Stream! C:\WINDOWS\ouakv.log:jabidu
Removed Stream! C:\WINDOWS\ouakv.log:lijvcj
Removed Stream! C:\WINDOWS\ovfxa.dat:fsskje
Removed Stream! C:\WINDOWS\ovfxa.dat:zgmuc
Removed Stream! C:\WINDOWS\plgeb.dat:wjmfyv
Removed Stream! C:\WINDOWS\prkra.dat:jbwrm
Removed Stream! C:\WINDOWS\ptjum.txt:osolra
Removed Stream! C:\WINDOWS\ptjum.txt:zpeqbf
Removed Stream! C:\WINDOWS\puhvj.log:aoyvik
Removed Stream! C:\WINDOWS\puhvj.log:orkwih
Removed Stream! C:\WINDOWS\puhvj.log:uovfob
Removed Stream! C:\WINDOWS\pxckdlauninstall.exe:rvfufb
Removed Stream! C:\WINDOWS\Q306676.log:xvqsjx
Removed Stream! C:\WINDOWS\Q306676.log:yihelu
Removed Stream! C:\WINDOWS\Q308677.log:hkziuk
Removed Stream! C:\WINDOWS\Q308677.log:tzedmn
Removed Stream! C:\WINDOWS\Q308677.log:yxauh
Removed Stream! C:\WINDOWS\Q308678.log:hfnmdf
Removed Stream! C:\WINDOWS\Q309056.log:eocbk
Removed Stream! C:\WINDOWS\Q310051.log:msmxyf
Removed Stream! C:\WINDOWS\Q310051.log:vqkmdw
Removed Stream! C:\WINDOWS\Q310601.log:wbctpk
Removed Stream! C:\WINDOWS\Q311542.log:vutddc
Removed Stream! C:\WINDOWS\Q311889.log:vgjhz
Removed Stream! C:\WINDOWS\Q311967.log:bcdkhe
Removed Stream! C:\WINDOWS\Q311967.log:klyzth
Removed Stream! C:\WINDOWS\Q312370.log:tkmuc
Removed Stream! C:\WINDOWS\Q313596.log:awyreu
Removed Stream! C:\WINDOWS\Q313596.log:gtdvzq
Removed Stream! C:\WINDOWS\Q314147.log:dmrmvr
Removed Stream! C:\WINDOWS\Q314147.log:gweozx
Removed Stream! C:\WINDOWS\Q315000.log:wzjiez
Removed Stream! C:\WINDOWS\Q315403.log:andrul
Removed Stream! C:\WINDOWS\Q315403.log:qgucw
Removed Stream! C:\WINDOWS\Q316134.log:hpohak
Removed Stream! C:\WINDOWS\Q316134.log:tkmbd
Removed Stream! C:\WINDOWS\Q317272.log:axnvji
Removed Stream! C:\WINDOWS\Q317272.log:nvkgnl
Removed Stream! C:\WINDOWS\Q317272.log:uqojgj
Removed Stream! C:\WINDOWS\Q317272.log:xdrwt
Removed Stream! C:\WINDOWS\Q317277.log:ncuahf
Removed Stream! C:\WINDOWS\Q317277.log:ntpcx
Removed Stream! C:\WINDOWS\Q319580.log:cpbsni
Removed Stream! C:\WINDOWS\Q319580.log:nblqmv
Removed Stream! C:\WINDOWS\Q319580.log:rxhhwk
Removed Stream! C:\WINDOWS\Q323255.log:fuwqv
Removed Stream! C:\WINDOWS\Q329048.log:siwwww
Removed Stream! C:\WINDOWS\Q329048.log:tyfids
Removed Stream! C:\WINDOWS\Q329048.log:vhtcnp
Removed Stream! C:\WINDOWS\Q329115.log:byamyu
Removed Stream! C:\WINDOWS\Q329115.log:sfxexs
Removed Stream! C:\WINDOWS\Q329170.log:zyoqk
Removed Stream! C:\WINDOWS\Q329390.log:lyqnfd
Removed Stream! C:\WINDOWS\Q329441.log:aeuwrc
Removed Stream! C:\WINDOWS\Q329441.log:nqelkd
Removed Stream! C:\WINDOWS\Q329834.log:bcdxus
Removed Stream! C:\WINDOWS\Q810577.log:erjtzf
Removed Stream! C:\WINDOWS\Q810577.log:usrqys
Removed Stream! C:\WINDOWS\Q810577.log:vryynw
Removed Stream! C:\WINDOWS\Q810833.log:srxuzp
Removed Stream! C:\WINDOWS\Q811630.log:grwqmg
Removed Stream! C:\WINDOWS\qgohr.dat:mdgiqf
Removed Stream! C:\WINDOWS\qgohr.dat:xdyht
Removed Stream! C:\WINDOWS\qgvdg.txt:ibswwi
Removed Stream! C:\WINDOWS\qgvdg.txt:udlyc
Removed Stream! C:\WINDOWS\qlzio.dat:bzvtp
Removed Stream! C:\WINDOWS\qtlql.dat:dpnzf
Removed Stream! C:\WINDOWS\QUICKEN.INI:hckcce
Removed Stream! C:\WINDOWS\qwxwr.txt:kmcilt
Removed Stream! C:\WINDOWS\qwxwr.txt:wbqrg
Removed Stream! C:\WINDOWS\rbalx.log:pcjwig
Removed Stream! C:\WINDOWS\rdaxv.dat:hutccq
Removed Stream! C:\WINDOWS\rdaxv.dat:ojpeyj
Removed Stream! C:\WINDOWS\regedit.exe:znhojd
Removed Stream! C:\WINDOWS\REGLOCS.OLD:vtgyyl
Removed Stream! C:\WINDOWS\REGOPT.LOG:madlqs
Removed Stream! C:\WINDOWS\Rhododendron.bmp:fmfyoy
Removed Stream! C:\WINDOWS\Rhododendron.bmp:lzzrsa
Removed Stream! C:\WINDOWS\Rhododendron.bmp:orrpcp
Removed Stream! C:\WINDOWS\Rhododendron.bmp:yjhjat
Removed Stream! C:\WINDOWS\Rhododendron.bmp:zjpqip
Removed Stream! C:\WINDOWS\River Sumida.bmp:nofsho
Removed Stream! C:\WINDOWS\River Sumida.bmp:zrhjlv
Removed Stream! C:\WINDOWS\rpllf.log:dpnzfs
Removed Stream! C:\WINDOWS\rpllf.log:kwpabn
Removed Stream! C:\WINDOWS\rvpnr.dat:jqoobn
Removed Stream! C:\WINDOWS\rvpnr.dat:vyakxa
Removed Stream! C:\WINDOWS\rvqsm.log:eixjt
Removed Stream! C:\WINDOWS\Santa Fe Stucco.bmp:fpvssf
Removed Stream! C:\WINDOWS\Santa Fe Stucco.bmp:gfupy
Removed Stream! C:\WINDOWS\scino.log:gpxtl
Removed Stream! C:\WINDOWS\sdonb.txt:cdjmbm
Removed Stream! C:\WINDOWS\sdonb.txt:rwhylt
Removed Stream! C:\WINDOWS\sebvt.log:rawinx
Removed Stream! C:\WINDOWS\setdebug.exe:scinow
Removed Stream! C:\WINDOWS\SETUPACT.LOG:vhdmzb
Removed Stream! C:\WINDOWS\SETUPACT.LOG:yjeeam
Removed Stream! C:\WINDOWS\SETUPACT.LOG:zbiflh
Removed Stream! C:\WINDOWS\setupapi.log:ipngn
Removed Stream! C:\WINDOWS\SETUPERR.LOG:lkmykg
Removed Stream! C:\WINDOWS\SETUPLOG.TXT:zowctr
Removed Stream! C:\WINDOWS\sfflr.dat:wxgtyr
Removed Stream! C:\WINDOWS\sgiss.dat:tjqzj
Removed Stream! C:\WINDOWS\sihnq.txt:nkareo
Removed Stream! C:\WINDOWS\sihnq.txt:oyyzsb
Removed Stream! C:\WINDOWS\sipja.dat:osysl
Removed Stream! C:\WINDOWS\skzmm.txt:qocdj
Removed Stream! C:\WINDOWS\smscfg.ini:dyeolq
Removed Stream! C:\WINDOWS\smscfg.ini:fltegy
Removed Stream! C:\WINDOWS\smscfg.ini:vlbmt
Removed Stream! C:\WINDOWS\Soap Bubbles.bmp:wflxp
Removed Stream! C:\WINDOWS\sowhd.log:bqbtap
Removed Stream! C:\WINDOWS\sowhd.log:dhirwj
Removed Stream! C:\WINDOWS\sowhd.log:ecqtwi
Removed Stream! C:\WINDOWS\sqcat.txt:flkusn
Removed Stream! C:\WINDOWS\stglf.log:zoznwa
Removed Stream! C:\WINDOWS\Sti_Trace.log:cqpnf
Removed Stream! C:\WINDOWS\svcpack.log:rprayk
Removed Stream! C:\WINDOWS\svcpack.log:uebuvj
Removed Stream! C:\WINDOWS\svcpack.log:whbeqt
Removed Stream! C:\WINDOWS\svcpack.log:xmczux
Removed Stream! C:\WINDOWS\svcpack.log:ykrnrt
Removed Stream! C:\WINDOWS\swrxt.dat:zjvze
Removed Stream! C:\WINDOWS\SYMEVENT.LOG:gikhv
Removed Stream! C:\WINDOWS\SYMEVENT.LOG:lltifx
Removed Stream! C:\WINDOWS\SYMEVENT.LOG:zevein
Removed Stream! C:\WINDOWS\SYSTEM.INI:avsezh
Removed Stream! C:\WINDOWS\SYSTEM.INI:ldayhk
Removed Stream! C:\WINDOWS\SYSTEM.INI:pztsfe
Removed Stream! C:\WINDOWS\SYSTEM.INI:qmauqp
Removed Stream! C:\WINDOWS\TASKMAN.EXE:mswdiz
Removed Stream! C:\WINDOWS\tgmyb.log:fqdfeh
Removed Stream! C:\WINDOWS\tjgla.dat:iatznb
Removed Stream! C:\WINDOWS\tlnca.txt:fyxjxd
Removed Stream! C:\WINDOWS\touge.log:gbgnij
Removed Stream! C:\WINDOWS\tqvty.log:xyioro
Removed Stream! C:\WINDOWS\TSOC.LOG:ycrskt
Removed Stream! C:\WINDOWS\tutar.txt:tbwskn
Removed Stream! C:\WINDOWS\tvxoh.txt:xlhrz
Removed Stream! C:\WINDOWS\TWAIN.DLL:ftpidj
Removed Stream! C:\WINDOWS\TWAIN.DLL:vmsdia
Removed Stream! C:\WINDOWS\twain_32.dll:ziwpfr
Removed Stream! C:\WINDOWS\TWUNK_16.EXE:ozcbgz
Removed Stream! C:\WINDOWS\TWUNK_32.EXE:wagypt
Removed Stream! C:\WINDOWS\uassd.dat:dupxmy
Removed Stream! C:\WINDOWS\uaudg.dat:ccovh
Removed Stream! C:\WINDOWS\ufqzy.log:dbxlpj
Removed Stream! C:\WINDOWS\ufqzy.log:gucwxz
Removed Stream! C:\WINDOWS\ufqzy.log:kydtda
Removed Stream! C:\WINDOWS\ukvcg.txt:btrixp
Removed Stream! C:\WINDOWS\ukvcg.txt:bvclgg
Removed Stream! C:\WINDOWS\uneng.exe:jsxnnp
Removed Stream! C:\WINDOWS\uninst.exe:agqpbe
Removed Stream! C:\WINDOWS\uninst.exe:gnvwfv
Removed Stream! C:\WINDOWS\uninst.exe:gzugij
Removed Stream! C:\WINDOWS\uninst.exe:jzkbpe
Removed Stream! C:\WINDOWS\uninst.exe:unybyg
Removed Stream! C:\WINDOWS\updspapi.log:gcblnn
Removed Stream! C:\WINDOWS\uqlhu.dat:mtknrz
Removed Stream! C:\WINDOWS\uqljt.dat:ovsqit
Removed Stream! C:\WINDOWS\uqzbp.log:qdmqhy
Removed Stream! C:\WINDOWS\utzou.log:hwlvcv
Removed Stream! C:\WINDOWS\VB.INI:ryonzq
Removed Stream! C:\WINDOWS\VBADDIN.INI:xhpdsb
Removed Stream! C:\WINDOWS\vlidm.log:frkkwq
Removed Stream! C:\WINDOWS\VMINST.LOG:jtyzxw
Removed Stream! C:\WINDOWS\VMINST.LOG:qpghbh
Removed Stream! C:\WINDOWS\vneln.txt:gotlzb
Removed Stream! C:\WINDOWS\volkh.log:thyno
Removed Stream! C:\WINDOWS\vrpsm.txt:hycoms
Removed Stream! C:\WINDOWS\vrvyx.txt:liqsq
Removed Stream! C:\WINDOWS\vsplt.txt:ggycu
Removed Stream! C:\WINDOWS\vunyd.dat:ntcrrp
Removed Stream! C:\WINDOWS\vxklq.log:iovurh
Removed Stream! C:\WINDOWS\vzauk.txt:cjzorj
Removed Stream! C:\WINDOWS\wbeze.txt:cfnvw
Removed Stream! C:\WINDOWS\wdosj.txt:kjpjxy
Removed Stream! C:\WINDOWS\weknf.log:etbpfq
Removed Stream! C:\WINDOWS\werio.dat:fmskvm
Removed Stream! C:\WINDOWS\wfguj.dat:thjqbf
Removed Stream! C:\WINDOWS\WIASERVC.LOG:mhcvdq
Removed Stream! C:\WINDOWS\Windows Update.log:pjxttn
Removed Stream! C:\WINDOWS\WindowsUpdate.log:shlqer
Removed Stream! C:\WINDOWS\WindowsUpdate.log:xsdbpu
Removed Stream! C:\WINDOWS\WINHELP.EXE:nbyiqq
Removed Stream! C:\WINDOWS\winhlp32.exe:ddlvuo
Removed Stream! C:\WINDOWS\winhlp32.exe:gvqdur
Removed Stream! C:\WINDOWS\winhlp32.exe:lpngmd
Removed Stream! C:\WINDOWS\winla.log:ikqynx
Removed Stream! C:\WINDOWS\WINNT.BMP:rdfxnu
Removed Stream! C:\WINDOWS\WINNT256.BMP:jjabjv
Removed Stream! C:\WINDOWS\WINNT256.BMP:nzvcef
Removed Stream! C:\WINDOWS\WINNT256.BMP:qefeac
Removed Stream! C:\WINDOWS\wmsetup.log:albdqa
Removed Stream! C:\WINDOWS\wmsetup10.log:lbixc
Removed Stream! C:\WINDOWS\WMSysPr9.prx:daprzk
Removed Stream! C:\WINDOWS\WMSysPr9.prx:udvac
Removed Stream! C:\WINDOWS\WMSysPrx.prx:beiqkp
Removed Stream! C:\WINDOWS\WMSysPrx.prx:dfkbxb
Removed Stream! C:\WINDOWS\WMSysPrx.prx:dxbgyf
Removed Stream! C:\WINDOWS\WMSysPrx.prx:hwcaov
Removed Stream! C:\WINDOWS\WMSysPrx.prx:kptpxp
Removed Stream! C:\WINDOWS\wplfj.log:tmtrkk
Removed Stream! C:\WINDOWS\wxxle.log:lnhzad
Removed Stream! C:\WINDOWS\wxxle.log:lnihko
Removed Stream! C:\WINDOWS\xltck.log:isiirs
Removed Stream! C:\WINDOWS\xpnxy.log:ydfcy
Removed Stream! C:\WINDOWS\xpsp1hfm.log:ufbvmr
Removed Stream! C:\WINDOWS\xqmgs.dat:prala
Removed Stream! C:\WINDOWS\xrcun.txt:rjzcmt
Removed Stream! C:\WINDOWS\xveix.txt:hktyd
Removed Stream! C:\WINDOWS\xwacm.log:iksxhv
Removed Stream! C:\WINDOWS\xybfl.log:apapsm
Removed Stream! C:\WINDOWS\yahbd.dat:wvwlkz
Removed Stream! C:\WINDOWS\yalnh.dat:znkzyr
Removed Stream! C:\WINDOWS\yeotj.log:rocmab
Removed Stream! C:\WINDOWS\ykrnr.log:pmjyqj
Removed Stream! C:\WINDOWS\yuhdo.log:zpsjaw
Removed Stream! C:\WINDOWS\yvvms.txt:lubfjy
Removed Stream! C:\WINDOWS\ywjiw.txt:cxrmha
Removed Stream! C:\WINDOWS\ywjiw.txt:fzbzn
Removed Stream! C:\WINDOWS\yxojj.txt:dhthsk
Removed Stream! C:\WINDOWS\yxojj.txt:haddwf
Removed Stream! C:\WINDOWS\yxojj.txt:kisgrg
Removed Stream! C:\WINDOWS\yxojj.txt:wwgrw
Removed Stream! C:\WINDOWS\zcrzc.txt:wzgxy
Removed Stream! C:\WINDOWS\zcwup.dat:fqnts
Removed Stream! C:\WINDOWS\zhopl.dat:rxaas
Removed Stream! C:\WINDOWS\ziwpf.dat:boktrv
Removed Stream! C:\WINDOWS\ziwpf.dat:vsymtw
Removed Stream! C:\WINDOWS\zmxwq.dat:mping
Removed Stream! C:\WINDOWS\zovvi.txt:tyxie
Removed Stream! C:\WINDOWS\zrlmx.dat:tpvytf
Removed Stream! C:\WINDOWS\zvqgc.log:vkikcy
Removed Stream! C:\WINDOWS\zvunq.log:ytjfpr
Removed Stream! C:\WINDOWS\zwiiw.log:tlncad
Removed Stream! C:\WINDOWS\zytks.log:okapei
Removed Stream! C:\WINDOWS\zytks.log:wienvm
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:aedrfd
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:aeqac

Removed File! : C:\Windows\amwss.dat
Removed File! : C:\Windows\anpul.dat
Removed File! : C:\Windows\aomrn.dat
Removed File! : C:\Windows\asvkw.dat
Removed File! : C:\Windows\bchdx.dat
Removed File! : C:\Windows\bdata.dat
Removed File! : C:\Windows\bkcwc.dat
Removed File! : C:\Windows\blgcg.dat
Removed File! : C:\Windows\btnpb.dat
Removed File! : C:\Windows\cblaf.dat
Removed File! : C:\Windows\cgcnn.dat
Removed File! : C:\Windows\cjxoa.dat
Removed File! : C:\Windows\dlcwi.dat
Removed File! : C:\Windows\dwqdz.dat
Removed File! : C:\Windows\eyxgy.dat
Removed File! : C:\Windows\fcfwc.dat
Removed File! : C:\Windows\foqiy.dat
Removed File! : C:\Windows\hevle.dat
Removed File! : C:\Windows\hhkcb.dat
Removed File! : C:\Windows\hyaqm.dat
Removed File! : C:\Windows\iayli.dat
Removed File! : C:\Windows\ibaop.dat
Removed File! : C:\Windows\kisas.dat
Removed File! : C:\Windows\kjgkw.dat
Removed File! : C:\Windows\kpanr.dat
Removed File! : C:\Windows\lpduc.dat
Removed File! : C:\Windows\lwtgo.dat
Removed File! : C:\Windows\mmtie.dat
Removed File! : C:\Windows\njaiz.dat
Removed File! : C:\Windows\nsgjm.dat
Removed File! : C:\Windows\optmg.dat
Removed File! : C:\Windows\pjsyi.dat
Removed File! : C:\Windows\plgeb.dat
Removed File! : C:\Windows\ppphb.dat
Removed File! : C:\Windows\pvudl.dat
Removed File! : C:\Windows\qgohr.dat
Removed File! : C:\Windows\qtlql.dat
Removed File! : C:\Windows\qudsv.dat
Removed File! : C:\Windows\qxdmr.dat
Removed File! : C:\Windows\rdaxv.dat
Removed File! : C:\Windows\rngxe.dat
Removed File! : C:\Windows\rtrwn.dat
Removed File! : C:\Windows\rxngq.dat
Removed File! : C:\Windows\rzhzh.dat
Removed File! : C:\Windows\sgiss.dat
Removed File! : C:\Windows\stkof.dat
Removed File! : C:\Windows\uqlhu.dat
Removed File! : C:\Windows\uqljt.dat
Removed File! : C:\Windows\utqrx.dat
Removed File! : C:\Windows\utyuq.dat
Removed File! : C:\Windows\vaiyv.dat
Removed File! : C:\Windows\vjbux.dat
Removed File! : C:\Windows\vwosh.dat
Removed File! : C:\Windows\waqmh.dat
Removed File! : C:\Windows\wqkzs.dat
Removed File! : C:\Windows\wtrgp.dat
Removed File! : C:\Windows\xqmgs.dat
Removed File! : C:\Windows\yahbd.dat
Removed File! : C:\Windows\ykjib.dat
Removed File! : C:\Windows\zcwup.dat
Removed File! : C:\Windows\zhopl.dat
Removed File! : C:\Windows\zmxwq.dat
Removed File! : C:\Windows\zrlmx.dat
Removed File! : C:\Windows\zttlm.dat
Removed File! : C:\Windows\System32\aamur.dat
Removed File! : C:\Windows\System32\adwbd.dat
Removed File! : C:\Windows\System32\apcow.dat
Removed File! : C:\Windows\System32\bbjuv.dat
Removed File! : C:\Windows\System32\biqbj.dat
Removed File! : C:\Windows\System32\cbywv.dat
Removed File! : C:\Windows\System32\clmgo.dat
Removed File! : C:\Windows\System32\dcwad.dat
Removed File! : C:\Windows\System32\dtxxu.dat
Removed File! : C:\Windows\System32\erkqu.dat
Removed File! : C:\Windows\System32\evoqz.dat
Removed File! : C:\Windows\System32\frcul.dat
Removed File! : C:\Windows\System32\irbif.dat
Removed File! : C:\Windows\System32\jzqdo.dat
Removed File! : C:\Windows\System32\kbqhv.dat
Removed File! : C:\Windows\System32\khyge.dat
Removed File! : C:\Windows\System32\msoff.dat
Removed File! : C:\Windows\System32\muiqj.dat
Removed File! : C:\Windows\System32\nonnw.dat
Removed File! : C:\Windows\System32\ouavn.dat
Removed File! : C:\Windows\System32\qcypj.dat
Removed File! : C:\Windows\System32\qluae.dat
Removed File! : C:\Windows\System32\redcb.dat
Removed File! : C:\Windows\System32\rndwm.dat
Removed File! : C:\Windows\System32\sjpvh.dat
Removed File! : C:\Windows\System32\syfsx.dat
Removed File! : C:\Windows\System32\tghfd.dat
Removed File! : C:\Windows\System32\tijzm.dat
Removed File! : C:\Windows\System32\tliuh.dat
Removed File! : C:\Windows\System32\tvwuc.dat
Removed File! : C:\Windows\System32\vhplw.dat
Removed File! : C:\Windows\System32\vncpw.dat
Removed File! : C:\Windows\System32\wcqtb.dat
Removed File! : C:\Windows\System32\xsvkq.dat
Removed File! : C:\Windows\System32\yjqkd.dat
Removed File! : C:\Windows\System32\yncnw.dat
Removed File! : C:\Windows\System32\yqaje.dat
Removed File! : C:\Windows\System32\yyapp.dat

Scan was COMPLETED SUCCESSFULLY at 8:34:24 AM

k now what do i do ??????

Shadow2018 · August 2005

I will assume you can boot into normal mode now(?).

Run Hijack This and place a checkmark next to these entries then click Fix Checked. Be sure to close all open windows before fixing:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\uspnr.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
O2 - BHO: Class - {1F44AA6D-EC41-5147-FC97-D58C6D7B6574} - C:\WINDOWS\system32\ipac.dll (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Class - {D89FEB47-489B-5DB5-8F56-21233C5B92D4} - C:\WINDOWS\system32\appsq.dll
O4 - HKLM\..\RunOnce: [atlzl.exe] C:\WINDOWS\SYSTEM32\atlzl.exe
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)

Delete these files or directories if they exist:

C:\WINDOWS\system32\uspnr.dll
C:\WINDOWS\system32\appsq.dll
C:\WINDOWS\SYSTEM32\atlzl.exe
C:\WINDOWS\system32\ipac.dll
C:\WINDOWS\system32\fservice.exe

You need to remove this service:

O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\appgu32.exe (file missing)

Click Start -> Run -> (type) services.msc

Scroll down and find the service called Remote Procedure Call Helper. When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows.

Run Hijackthis and click on Open the Misc Tools section -> Delete an NT Service
Copy and paste this into the text box and click OK.

11Fßä#·ºÄÖ`I

Run aboutbuster which I had you download earlier. Save the results from this scan and post them along with a new Hijack This log.

ragefast2500 · August 2005

Logfile of HijackThis v1.99.1
Scan saved at 10:05:10 PM, on 8/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\SYSTEM\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\appfl32.exe
C:\WINDOWS\services.exe
C:\DOCUME~1\Ragefast\LOCALS~1\Temp\winlogon.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\lexpps.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\Ragefast\LOCALS~1\Temp\Temporary Directory 6 for hijackthis_199.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\kwstw.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\kwstw.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\kwstw.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\kwstw.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\kwstw.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\kwstw.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://smbusiness.dellnet.com/
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {2318EB54-9373-9972-199A-038DC8BB1008} - C:\WINDOWS\mfcxt.dll
O2 - BHO: Class - {66A49E73-C0D9-877E-0070-1AE7E207E281} - C:\WINDOWS\javasz.dll
O2 - BHO: Class - {7174FA43-6EAE-0B62-2831-9FFAA3A3EAFE} - C:\WINDOWS\system32\sysnx32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {FCAD8DF8-B294-72DE-A4A9-6C69B0EE4164} - C:\WINDOWS\system32\d3ta32.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [javalj.exe] C:\WINDOWS\system32\javalj.exe
O4 - HKLM\..\Run: [atlfq.exe] C:\WINDOWS\atlfq.exe
O4 - HKLM\..\Run: [atlri32.exe] C:\WINDOWS\atlri32.exe
O4 - HKLM\..\Run: [syspe32.exe] C:\WINDOWS\system32\syspe32.exe
O4 - HKLM\..\Run: [ieza.exe] C:\WINDOWS\system32\ieza.exe
O4 - HKLM\..\Run: [javark.exe] C:\WINDOWS\javark.exe
O4 - HKLM\..\Run: [appfl32.exe] C:\WINDOWS\appfl32.exe
O4 - HKLM\..\RunOnce: [craq.exe] C:\WINDOWS\system32\craq.exe
O4 - HKLM\..\RunOnce: [atlec.exe] C:\WINDOWS\system32\atlec.exe
O4 - HKLM\..\RunOnce: [sysaj.exe] C:\WINDOWS\sysaj.exe
O4 - HKLM\..\RunOnce: [apiof.exe] C:\WINDOWS\apiof.exe
O4 - HKLM\..\RunOnce: [ntzj32.exe] C:\WINDOWS\system32\ntzj32.exe
O4 - HKLM\..\RunOnce: [appbt32.exe] C:\WINDOWS\appbt32.exe
O4 - HKLM\..\RunOnce: [mfcuf32.exe] C:\WINDOWS\mfcuf32.exe
O4 - HKLM\..\RunOnce: [msqt.exe] C:\WINDOWS\msqt.exe
O4 - HKLM\..\RunOnce: [ieos.exe] C:\WINDOWS\system32\ieos.exe
O4 - HKLM\..\RunOnce: [addhr.exe] C:\WINDOWS\addhr.exe
O4 - HKLM\..\RunOnce: [crnt.exe] C:\WINDOWS\crnt.exe
O4 - HKLM\..\RunOnce: [mfcbo.exe] C:\WINDOWS\system32\mfcbo.exe
O4 - HKLM\..\RunOnce: [javamb.exe] C:\WINDOWS\system32\javamb.exe
O4 - HKLM\..\RunOnce: [iedn.exe] C:\WINDOWS\system32\iedn.exe
O4 - HKLM\..\RunOnce: [crpf32.exe] C:\WINDOWS\system32\crpf32.exe
O4 - HKLM\..\RunOnce: [addfa32.exe] C:\WINDOWS\addfa32.exe
O4 - HKLM\..\RunOnce: [sysyk32.exe] C:\WINDOWS\sysyk32.exe
O4 - HKLM\..\RunOnce: [apiay.exe] C:\WINDOWS\system32\apiay.exe
O4 - HKLM\..\RunOnce: [wings32.exe] C:\WINDOWS\wings32.exe
O4 - HKLM\..\RunOnce: [netjc32.exe] C:\WINDOWS\system32\netjc32.exe
O4 - HKLM\..\RunOnce: [mfcfl32.exe] C:\WINDOWS\mfcfl32.exe
O4 - HKLM\..\RunOnce: [javaxh.exe] C:\WINDOWS\javaxh.exe
O4 - HKLM\..\RunOnce: [apitw32.exe] C:\WINDOWS\system32\apitw32.exe
O4 - HKLM\..\RunOnce: [javasz.exe] C:\WINDOWS\javasz.exe
O4 - HKLM\..\RunOnce: [ipfh32.exe] C:\WINDOWS\system32\ipfh32.exe
O4 - HKLM\..\RunOnce: [d3px.exe] C:\WINDOWS\d3px.exe
O4 - HKLM\..\RunOnce: [syszy.exe] C:\WINDOWS\syszy.exe
O4 - HKLM\..\RunOnce: [crrl.exe] C:\WINDOWS\crrl.exe
O4 - HKLM\..\RunOnce: [ieju.exe] C:\WINDOWS\system32\ieju.exe
O4 - HKLM\..\RunOnce: [ntie32.exe] C:\WINDOWS\system32\ntie32.exe
O4 - HKLM\..\RunOnce: [appny.exe] C:\WINDOWS\system32\appny.exe
O4 - HKLM\..\RunOnce: [msmo32.exe] C:\WINDOWS\system32\msmo32.exe
O4 - HKLM\..\RunOnce: [ntrq.exe] C:\WINDOWS\system32\ntrq.exe
O4 - HKLM\..\RunOnce: [addfm32.exe] C:\WINDOWS\addfm32.exe
O4 - HKLM\..\RunOnce: [crkp.exe] C:\WINDOWS\system32\crkp.exe
O4 - HKLM\..\RunOnce: [apiyj.exe] C:\WINDOWS\apiyj.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Arkadium - {A442DE97-7F7F-4265-A813-4E5D81C83EFE} - C:\Program Files\ArkadiumV2\arkadium.exe
O9 - Extra 'Tools' menuitem: Arkadium - {A442DE97-7F7F-4265-A813-4E5D81C83EFE} - C:\Program Files\ArkadiumV2\arkadium.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.2.5.42/omaha/omaha-ob-assets.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.2.5.28/aces/aces-ob-assets.cab
O16 - DPF: Ali Baba Slots TM by pogo - http://game1.pogo.com/applet-6.3.0.53/slots/alibaba-ob-assets.cab
O16 - DPF: Armored Attack by pogo - http://game1.pogo.com/applet-6.3.0.46/cctank/cctank-ob-assets.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.3.0.46/blackjack/blackjack-ob-assets.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.2.5.42/canasta/canasta-ob-assets.cab
O16 - DPF: ChatSpace Full Java Client 4.0.0.320 - http://69.31.7.116/Java/cfs40320.cab
O16 - DPF: Chess by pogo - http://game1.pogo.com/applet-6.2.5.42/chess2/chess2-ob-assets.cab
O16 - DPF: Command and Conquer Comanche by pogo - http://game1.pogo.com/applet-6.3.0.46/ccstrike/ccstrike-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.2.5.28/checkeredflag/checkeredflag-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.2.5.42/superbingo/superbingo-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.3.0.46/greenback/greenback-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.2.5.28/harvest/harvest-ob-assets.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.2.5.28/hearts/hearts-ob-assets.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-6.2.5.28/drawpoker/drawpoker-ob-assets.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.2.5.42/pool2/pool-ob-assets.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.2.5.28/jigsaw/jigsaw-ob-assets.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.2.5.28/lottso/lottso-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.2.5.28/mahjong/mahjong-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.2.5.28/waterwheel/waterwheel-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.3.0.46/flinger/flinger-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.2.5.42/popfu/popfu-ob-assets.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.2.5.28/poppazoppa/poppazoppa-ob-assets.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.2.5.28/poppit2/poppit2-ob-assets.cab
O16 - DPF: SciFi Slots by pogo - http://game1.pogo.com/applet-6.2.5.42/slots/scifi-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.2.5.28/slots/showbiz-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.2.5.28/squelchies/squelchies-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.3.0.46/sweettooth/sweettooth-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.2.5.28/holdem/holdem-ob-assets.cab
O16 - DPF: The Sims Pinball by pogo - http://game1.pogo.com/applet-6.3.0.46/simball/simball-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.3.0.46/peaks/peaks-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-6.2.5.28/jumbee/jumbee-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.2.5.28/wordwhomp/wordwhomp-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.2.5.28/whackdown/whackdown-ob-assets.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.2.5.42/wordjong/wordjong-ob-assets.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/FunBuddyIconsFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {CDAA0214-3907-4C47-A3F6-014DA1517440} (ArkDownloader Class) - http://www.gamedek.com/download/arkDownloader.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/default/gf.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\appgu32.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: MS Software Generic Host Process for Win32 Services (svchost) - Unknown owner - C:\WINDOWS\SYSTEM\svchost.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

i messed up the aboutbooster log file...did i do something wrong or is it ok????

Shadow2018 · August 2005

You need to remove this service:

O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\appgu32.exe (file missing)

Click Start -> Run -> (type) services.msc

Scroll down and find the service called Remote Procedure Call Helper. When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows.

Run Hijackthis and click on Open the Misc Tools section -> Delete an NT Service
Copy and paste this into the text box and click OK.

11Fßä#·ºÄÖ`I

Boot up into safe mode. To enter safe mode> reboot> tap the f8 button at the start up screen>select safe mode from the menu.

Run Hijack this and place a checkmark next to the following entries. Click “Fix Checked”:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\kwstw.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\kwstw.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\kwstw.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\kwstw.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\kwstw.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\kwstw.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
O2 - BHO: Class - {2318EB54-9373-9972-199A-038DC8BB1008} - C:\WINDOWS\mfcxt.dll
O2 - BHO: Class - {66A49E73-C0D9-877E-0070-1AE7E207E281} - C:\WINDOWS\javasz.dll
O2 - BHO: Class - {7174FA43-6EAE-0B62-2831-9FFAA3A3EAFE} - C:\WINDOWS\system32\sysnx32.dll
O2 - BHO: Class - {FCAD8DF8-B294-72DE-A4A9-6C69B0EE4164} - C:\WINDOWS\system32\d3ta32.dll
O4 - HKLM\..\Run: [javalj.exe] C:\WINDOWS\system32\javalj.exe
O4 - HKLM\..\Run: [atlfq.exe] C:\WINDOWS\atlfq.exe
O4 - HKLM\..\Run: [atlri32.exe] C:\WINDOWS\atlri32.exe
O4 - HKLM\..\Run: [syspe32.exe] C:\WINDOWS\system32\syspe32.exe
O4 - HKLM\..\Run: [ieza.exe] C:\WINDOWS\system32\ieza.exe
O4 - HKLM\..\Run: [javark.exe] C:\WINDOWS\javark.exe
O4 - HKLM\..\Run: [appfl32.exe] C:\WINDOWS\appfl32.exe
O4 - HKLM\..\RunOnce: [craq.exe] C:\WINDOWS\system32\craq.exe
O4 - HKLM\..\RunOnce: [atlec.exe] C:\WINDOWS\system32\atlec.exe
O4 - HKLM\..\RunOnce: [sysaj.exe] C:\WINDOWS\sysaj.exe
O4 - HKLM\..\RunOnce: [apiof.exe] C:\WINDOWS\apiof.exe
O4 - HKLM\..\RunOnce: [ntzj32.exe] C:\WINDOWS\system32\ntzj32.exe
O4 - HKLM\..\RunOnce: [appbt32.exe] C:\WINDOWS\appbt32.exe
O4 - HKLM\..\RunOnce: [mfcuf32.exe] C:\WINDOWS\mfcuf32.exe
O4 - HKLM\..\RunOnce: [msqt.exe] C:\WINDOWS\msqt.exe
O4 - HKLM\..\RunOnce: [ieos.exe] C:\WINDOWS\system32\ieos.exe
O4 - HKLM\..\RunOnce: [addhr.exe] C:\WINDOWS\addhr.exe
O4 - HKLM\..\RunOnce: [crnt.exe] C:\WINDOWS\crnt.exe
O4 - HKLM\..\RunOnce: [mfcbo.exe] C:\WINDOWS\system32\mfcbo.exe
O4 - HKLM\..\RunOnce: [javamb.exe] C:\WINDOWS\system32\javamb.exe
O4 - HKLM\..\RunOnce: [iedn.exe] C:\WINDOWS\system32\iedn.exe
O4 - HKLM\..\RunOnce: [crpf32.exe] C:\WINDOWS\system32\crpf32.exe
O4 - HKLM\..\RunOnce: [addfa32.exe] C:\WINDOWS\addfa32.exe
O4 - HKLM\..\RunOnce: [sysyk32.exe] C:\WINDOWS\sysyk32.exe
O4 - HKLM\..\RunOnce: [apiay.exe] C:\WINDOWS\system32\apiay.exe
O4 - HKLM\..\RunOnce: [wings32.exe] C:\WINDOWS\wings32.exe
O4 - HKLM\..\RunOnce: [netjc32.exe] C:\WINDOWS\system32\netjc32.exe
O4 - HKLM\..\RunOnce: [mfcfl32.exe] C:\WINDOWS\mfcfl32.exe
O4 - HKLM\..\RunOnce: [javaxh.exe] C:\WINDOWS\javaxh.exe
O4 - HKLM\..\RunOnce: [apitw32.exe] C:\WINDOWS\system32\apitw32.exe
O4 - HKLM\..\RunOnce: [javasz.exe] C:\WINDOWS\javasz.exe
O4 - HKLM\..\RunOnce: [ipfh32.exe] C:\WINDOWS\system32\ipfh32.exe
O4 - HKLM\..\RunOnce: [d3px.exe] C:\WINDOWS\d3px.exe
O4 - HKLM\..\RunOnce: [syszy.exe] C:\WINDOWS\syszy.exe
O4 - HKLM\..\RunOnce: [crrl.exe] C:\WINDOWS\crrl.exe
O4 - HKLM\..\RunOnce: [ieju.exe] C:\WINDOWS\system32\ieju.exe
O4 - HKLM\..\RunOnce: [ntie32.exe] C:\WINDOWS\system32\ntie32.exe
O4 - HKLM\..\RunOnce: [appny.exe] C:\WINDOWS\system32\appny.exe
O4 - HKLM\..\RunOnce: [msmo32.exe] C:\WINDOWS\system32\msmo32.exe
O4 - HKLM\..\RunOnce: [ntrq.exe] C:\WINDOWS\system32\ntrq.exe
O4 - HKLM\..\RunOnce: [addfm32.exe] C:\WINDOWS\addfm32.exe
O4 - HKLM\..\RunOnce: [crkp.exe] C:\WINDOWS\system32\crkp.exe
O4 - HKLM\..\RunOnce: [apiyj.exe] C:\WINDOWS\apiyj.exe
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.2.5....a-ob-assets.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.2.5....s-ob-assets.cab
O16 - DPF: Ali Baba Slots TM by pogo - http://game1.pogo.com/applet-6.3.0....a-ob-assets.cab
O16 - DPF: Armored Attack by pogo - http://game1.pogo.com/applet-6.3.0....k-ob-assets.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.3.0....k-ob-assets.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.2.5....a-ob-assets.cab
O16 - DPF: ChatSpace Full Java Client 4.0.0.320 - http://69.31.7.116/Java/cfs40320.cab
O16 - DPF: Chess by pogo - http://game1.pogo.com/applet-6.2.5....2-ob-assets.cab
O16 - DPF: Command and Conquer Comanche by pogo - http://game1.pogo.com/applet-6.3.0....e-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.2.5....g-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.2.5....o-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.3.0....k-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.2.5....t-ob-assets.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.2.5....s-ob-assets.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-6.2.5....r-ob-assets.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.2.5....l-ob-assets.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.2.5....w-ob-assets.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.2.5....o-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.2.5....g-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.2.5....l-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.3.0....r-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.2.5....u-ob-assets.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.2.5....a-ob-assets.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.2.5....2-ob-assets.cab
O16 - DPF: SciFi Slots by pogo - http://game1.pogo.com/applet-6.2.5....i-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.2.5....z-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.2.5....s-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.3.0....h-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.2.5....m-ob-assets.cab
O16 - DPF: The Sims Pinball by pogo - http://game1.pogo.com/applet-6.3.0....l-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.3.0....s-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-6.2.5....e-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.2.5....p-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.2.5....n-ob-assets.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.2.5....g-ob-assets.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/gam...ts/y/pote_x.cab
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\appgu32.exe (file missing)

Run CWShredder which you downloaded in step 1. Click the “Fix” button.

Now delete these files or directories if they exist:

C:\WINDOWS\system32\kwstw.dll
C:\WINDOWS\system32\fservice.exe
C:\WINDOWS\mfcxt.dll
C:\WINDOWS\javasz.dll
C:\WINDOWS\system32\sysnx32.dll
C:\WINDOWS\system32\d3ta32.dll
C:\WINDOWS\system32\javalj.exe
C:\WINDOWS\atlfq.exe
C:\WINDOWS\atlri32.exe
C:\WINDOWS\system32\syspe32.exe
C:\WINDOWS\system32\ieza.exe
C:\WINDOWS\javark.exe
C:\WINDOWS\appfl32.exe
C:\WINDOWS\system32\craq.exe
C:\WINDOWS\system32\atlec.exe
C:\WINDOWS\sysaj.exe
C:\WINDOWS\apiof.exe
C:\WINDOWS\system32\ntzj32.exe
C:\WINDOWS\appbt32.exe
C:\WINDOWS\mfcuf32.exe
C:\WINDOWS\msqt.exe
C:\WINDOWS\system32\ieos.exe
C:\WINDOWS\addhr.exe
C:\WINDOWS\crnt.exe
C:\WINDOWS\system32\mfcbo.exe
C:\WINDOWS\system32\javamb.exe
C:\WINDOWS\system32\iedn.exe
C:\WINDOWS\system32\crpf32.exe
C:\WINDOWS\addfa32.exe
C:\WINDOWS\sysyk32.exe
C:\WINDOWS\system32\apiay.exe
C:\WINDOWS\wings32.exe
C:\WINDOWS\system32\netjc32.exe
C:\WINDOWS\mfcfl32.exe
C:\WINDOWS\javaxh.exe
C:\WINDOWS\system32\apitw32.exe
C:\WINDOWS\javasz.exe
C:\WINDOWS\system32\ipfh32.exe
C:\WINDOWS\d3px.exe
C:\WINDOWS\syszy.exe
C:\WINDOWS\crrl.exe
C:\WINDOWS\system32\ieju.exe
C:\WINDOWS\system32\ntie32.exe
C:\WINDOWS\system32\appny.exe
C:\WINDOWS\system32\msmo32.exe
C:\WINDOWS\system32\ntrq.exe
C:\WINDOWS\addfm32.exe
C:\WINDOWS\system32\crkp.exe
C:\WINDOWS\apiyj.exe

Run aboutbuster which you downloaded in step 2. Click ok>start>ok. Copy and paste the results of the aboutbuster scan to notepad. Save this as a .txt file.

Run a “full system scan" with Ad-Aware SE. Remove all files found.

Reboot and post a new Hijack This log with the results of the aboutbuster scan.

HELP with backdoor.prorat

Comments