Jump to content

lindats

Members
  • Posts

    11
  • Joined

  • Last visited

Posts posted by lindats

  1. I use the computer for information and correspondence. I did not know the importance of updates or antivirus. I will do it now.

    Hi,

    No wonder you get these errors, your PC has never been updated!

    The very first and most important step is to update your Windows here..

    Update to Service Pack 3 and your Internet Explorer to IE7 or IE8.

    Update goes via start > Windows update.

    You also need Security Software, because I don't even see an Antivirus installed here! Can you explain why your Windows is outdated and there's no Antivirus present here?

  2. Here it is:

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 8:55:38 PM, on 3/24/2009

    Platform: Windows XP (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Boot mode: Normal

    Running processes:

    C:\WINNT\System32\smss.exe

    C:\WINNT\system32\winlogon.exe

    C:\WINNT\system32\services.exe

    C:\WINNT\system32\lsass.exe

    C:\WINNT\system32\svchost.exe

    C:\WINNT\System32\svchost.exe

    C:\WINNT\system32\spoolsv.exe

    C:\WINNT\Explorer.EXE

    C:\WINNT\System32\SK9910DM.EXE

    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

    C:\WINNT\System32\PROMon.exe

    C:\Program Files\Common Files\AOL\1102136020\ee\AOLSoftware.exe

    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    C:\Program Files\America Online 9.0a\waol.exe

    C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe

    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

    C:\WINNT\System32\NMSSvc.exe

    C:\WINNT\wanmpsvc.exe

    C:\WINNT\System32\wuauclt.exe

    c:\program files\common files\aol\1102136020\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe

    c:\program files\common files\aol\1102136020\ee\aolsoftware.exe

    C:\Program Files\America Online 9.0a\shellmon.exe

    C:\Program Files\Audacity\audacity.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx

    O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE

    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"

    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

    O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe

    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102136020\ee\AOLSoftware.exe

    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"

    O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b

    O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')

    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0b\aoltray.exe

    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll

    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

    O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe

    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

    O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\aolserv.exe (file missing)

    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe

    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

    --

    End of file - 4208 bytes

    No need to uninstall it, just reinstall it :(

    Let's have a look what is running in IE there... (bho - toolbar, because Combofix whitelists some)

    * Download Trend Micro Hijack This

  3. Do you know why the Internet Explorer gets an error messsage when I try to reply to this forum? The message I get says:

    Error signature

    AppName: iexplore.exe AppVer:6.0.2600.0 ModName: mshtml.dll

    ModVer: 6.0.2600.0 Offset: 001071a

    Is this something I can correct?

    Also, I tried to uninstall MusicMatch from add/remove but it will not remove. Is there another way to do it?

    Hi,

    This is as a result of a previous infection you were dealing with. AWF infection. We had to replace some files from a backup and you get an error because the version we replaced appears to be an older version.

    Not a big deal though.. in this case it's about the Musicmatch MMtray and your AOL. What I suggest is to reinstall both (Musicmatch and AOL), because parts became corrupted in it anyway.

  4. I turned my computer off and then on and when it loads I get this message:

    mm_tray.exe -Entry Point Not Found

    The procedure entry point?OMCreateObject@@YA_NPBDO_NPAPAVmiInterface@@@Z could not be located in the dynamic link library ObjectManager.dll.

    Do you know what this is and how I can correct it?

    I did the three steps and the problem has gone. However when I tried to post to MalwareBytes I got an error message and it shut downs on IE and on the AOL browser it stands still like it's loading and will not allow me to post. I am at a different computer now and this is how I have been postsing. Is my problem fixed but the error message unrelated and some other problem?
  5. I did the three steps and the problem has gone. However when I tried to post to MalwareBytes I got an error message and it shut downs on IE and on the AOL browser it stands still like it's loading and will not allow me to post. I am at a different computer now and this is how I have been postsing. Is my problem fixed but the error message unrelated and some other problem?

    Hi,

    Can you please perform this as well?

    Then, go to start > run and copy and paste next commands in the field:

    sc delete bhf0a86 hit enter

    sc delete CLHMJZBN Hit enter

    Let me know in your next reply how things are now.

  6. Here it is:

    ComboFix 09-03-23.01 - 137 2009-03-24 15:54:01.2 - NTFSx86

    Microsoft Windows XP Home Edition 5.1.2600.0.1252.1.1033.18.254.38 [GMT -5:00]

    Running from: c:\documents and settings\137\ComboFix.exe

    Command switches used :: C:\CFScript.txt

    * Created a new restore point

    FILE ::

    c:\documents and settings\137\Application Data\awanonoreq.scr

    c:\documents and settings\137\Application Data\fapojehuny.exe

    c:\documents and settings\137\Application Data\mpauth.dat

    c:\documents and settings\137\Application Data\ytyfeda.reg

    c:\documents and settings\137\winupdate.dat

    c:\documents and settings\All Users\Application Data\alohub.reg

    c:\documents and settings\All Users\Application Data\efazec.sys

    c:\documents and settings\All Users\Application Data\elebujufyh.vbs

    c:\documents and settings\All Users\Application Data\ewego.bat

    c:\documents and settings\All Users\Application Data\jiwaworo.dat

    c:\program files\Common Files\gegyp.vbs

    c:\program files\Common Files\hugaziso.reg

    c:\program files\Common Files\idywym.db

    c:\program files\Common Files\kujuvexopi.inf

    c:\program files\Common Files\onazev.ban

    c:\program files\Common Files\sekulux.vbs

    c:\winnt\addins\tacvrd.bak2

    c:\winnt\addins\vrsevaw.bak2

    c:\winnt\System32\cewmdmq.dll

    c:\winnt\system32\Microsoft\nulld.bak1

    c:\winnt\system32\Microsoft\nulld.bak2

    c:\winnt\Web\nupct.bak1

    c:\winnt\Web\nupct.bak2

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    c:\documents and settings\137\Application Data\awanonoreq.scr

    c:\documents and settings\137\Application Data\fapojehuny.exe

    c:\documents and settings\137\Application Data\mpauth.dat

    c:\documents and settings\137\Application Data\ytyfeda.reg

    c:\documents and settings\137\winupdate.dat

    c:\documents and settings\All Users\Application Data\alohub.reg

    c:\documents and settings\All Users\Application Data\efazec.sys

    c:\documents and settings\All Users\Application Data\elebujufyh.vbs

    c:\documents and settings\All Users\Application Data\ewego.bat

    c:\documents and settings\All Users\Application Data\jiwaworo.dat

    c:\program files\Common Files\gegyp.vbs

    c:\program files\Common Files\hugaziso.reg

    c:\program files\Common Files\idywym.db

    c:\program files\Common Files\kujuvexopi.inf

    c:\program files\Common Files\onazev.ban

    c:\program files\Common Files\sekulux.vbs

    c:\winnt\addins\tacvrd.bak2

    c:\winnt\addins\vrsevaw.bak2

    c:\winnt\System32\cewmdmq.dll

    c:\winnt\system32\drivers\clhmjzbn.sys

    c:\winnt\system32\drivers\gjn9637.sys

    c:\winnt\system32\Microsoft\nulld.bak1

    c:\winnt\system32\Microsoft\nulld.bak2

    c:\winnt\Web\nupct.bak1

    c:\winnt\Web\nupct.bak2

    .

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    -------\Legacy_CLHMJZBN

    -------\Legacy_GJN9637

    -------\Service_clhmjzbn

    -------\Service_gjn9637

    ((((((((((((((((((((((((( Files Created from 2009-02-24 to 2009-03-24 )))))))))))))))))))))))))))))))

    .

    2009-03-24 14:23 . 2009-03-24 14:24 2,934,667 -ra------ c:\documents and settings\137\ComboFix.exe

    2009-03-01 19:57 . 2009-03-01 20:40 <DIR> d-------- c:\documents and settings\137\always_data

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2009-03-24 21:03 --------- d-----w c:\program files\Common Files\Symantec Shared

    2009-03-24 21:03 --------- d-----w c:\program files\America Online 9.0a

    2009-03-24 20:53 --------- d-----w c:\program files\SUPERAntiSpyware

    2009-03-24 20:53 --------- d-----w c:\program files\QuickTime

    2009-03-24 20:53 --------- d-----w c:\program files\PhoneTools

    2009-03-24 20:53 --------- d-----w c:\program files\Microsoft Works

    2009-03-24 20:53 --------- d-----w c:\program files\iTunes

    2009-02-19 04:45 --------- d-----w c:\program files\FreeRIP3

    2009-02-19 04:45 --------- d-----w c:\documents and settings\All Users\Application Data\FreeRIP

    2009-02-12 04:32 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

    2009-02-12 04:03 --------- d-----w c:\program files\America Online 7.0

    2009-02-12 04:00 --------- d-----w c:\program files\Uniblue

    2009-02-12 04:00 --------- d-----w c:\documents and settings\137\Application Data\Uniblue

    2009-02-11 19:30 --------- d-----w c:\program files\Malwarebytes' Anti-Malware

    2009-02-11 15:19 38,496 ----a-w c:\winnt\system32\drivers\mbamswissarmy.sys

    2009-02-11 15:19 15,504 ----a-w c:\winnt\system32\drivers\mbam.sys

    2007-12-17 18:09 251,967 ----a-w c:\documents and settings\137\TuaxInfo1.zip

    2007-12-12 19:05 2,833,575 ----a-w c:\documents and settings\137\Boxes12-12-07007.zip

    2007-12-10 17:51 13,535 ----a-w c:\documents and settings\137\FAX200712101022.zip

    2007-11-30 17:39 3,890 ----a-w c:\documents and settings\137\HFLabResults.zip

    2007-06-11 16:14 111,633 ----a-w c:\documents and settings\137\DOC070611-003.zip

    2007-05-24 17:07 1,666,202 ----a-w c:\documents and settings\137\Image003.zip

    2007-05-09 17:50 4,288,686 ----a-w c:\documents and settings\137\DSC00537.zip

    2007-03-03 03:40 55,368 ----a-w c:\documents and settings\137\Application Data\GDIPFONTCACHEV1.DAT

    2004-06-13 23:01 449 ----a-w c:\documents and settings\137\UpdateReg.reg

    .

    ((((((((((((((((((((((((((((( SnapShot@2009-03-24_14.45.50.04 )))))))))))))))))))))))))))))))))))))))))

    .

    + 2002-05-15 01:20:50 114,688 ----a-w c:\winnt\system32\hkcmd.exe

    + 2002-05-15 01:29:02 155,648 ----a-w c:\winnt\system32\igfxtray.exe

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "MoneyAgent"="c:\program files\Microsoft Money\System\Money Express.exe" [2001-07-25 184376]

    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2006-07-20 1257472]

    "AOL Fast Start"="c:\program files\America Online 9.0a\AOL.EXE" [2005-07-12 50776]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2002-08-02 110592]

    "AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-10-20 34904]

    "HostManager"="c:\program files\Common Files\AOL\1102136020\ee\AOLSoftware.exe" [2006-03-10 48280]

    "Hot Key Kbd 9910 Daemon"="SK9910DM.EXE" [2001-01-03 c:\winnt\system32\SK9910DM.EXE]

    "PROMon.exe"="PROMon.exe" [2002-04-18 c:\winnt\system32\PROMon.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2001-08-02 1077277]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\

    America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0b\aoltray.exe [2006-09-21 36954]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

    "ForceClassicControlPanel"= 1 (0x1)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

    2008-07-23 15:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-09-03 8944]

    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-09-03 55024]

    R2 RioPNP;RioPNP;c:\winnt\system32\drivers\RioPnP.sys [2002-09-05 6736]

    R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-09-03 7408]

    S0 bhf0a86;bhf0a86;\SystemRoot\\SystemRoot\System32\drivers\gjn9637.sys --> \SystemRoot\\SystemRoot\System32\drivers\gjn9637.sys [?]

    S3 iscFlash;iscFlash;\??\c:\winnt\SYSTEM32\DRIVERS\iscflash.sys --> c:\winnt\SYSTEM32\DRIVERS\iscflash.sys [?]

    S3 Wdm1;USB Bridge Cable Driver;c:\winnt\system32\drivers\usbbc.sys [2005-03-25 15576]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - CLHMJZBN

    *NewlyCreated* - NMSCFG

    *NewlyCreated* - NMSSVC

    *NewlyCreated* - SYMTDI

    *Deregistered* - SYMTDI

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

    UxTuneUp

    .

    Contents of the 'Scheduled Tasks' folder

    2008-10-10 c:\winnt\Tasks\1-Click Maintenance.job

    - c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2006-10-05 15:09]

    .

    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-Microsoft Works Update Detection - c:\program files\Microsoft Works\WkDetect.exe

    HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe

    HKCU-Run-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe

    .

    ------- Supplementary Scan -------

    .

    uStart Page = hxxp://www.google.com

    mStart Page = hxxp://www.google.com

    IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML

    DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab

    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2009-03-24 16:02:57

    Windows 5.1.2600 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    **************************************************************************

    .

    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1106520001-2304659736-1445258045-1005\Software\Microsoft\SystemCertificates\AddressBook*]

    @Allowed: (Read) (RestrictedCode)

    @Allowed: (Read) (RestrictedCode)

    [HKEY_USERS\S-1-5-21-1106520001-2304659736-1445258045-1005\Software\Policies\Microsoft\SystemCertificates\AddressBook*]

    @Allowed: (Read) (S-1-5-21-1106520001-2304659736-1445258045-1005)

    @Allowed: (Read) (S-1-5-21-1106520001-2304659736-1445258045-1005)

    @Allowed: (Read) (RestrictedCode)

    @Allowed: (Read) (RestrictedCode)

    .

    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(472)

    c:\winnt\system32\ODBC32.dll

    c:\program files\SUPERAntiSpyware\SASWINLO.dll

    - - - - - - - > 'lsass.exe'(528)

    c:\winnt\System32\dssenh.dll

    .

    ComboFix-quarantined-files.txt 2009-03-24 21:10:11

    ComboFix2.txt 2009-03-24 19:50:53

    Pre-Run: 3,038,904,320 bytes free

    Post-Run: 3,038,969,856 bytes free

    189 --- E O F --- 2009-03-18 08:02:56

    Hi,

    It looks like this computer was already infected for a while...

    I see you have not downloaded Combofix to your desktop. This was an important step, because you have to create a cfscript and drag it into combofix, but because it's not on your desktop, it may be confusing for you..

    In anyway, I hope you know where you downloaded combofix and ran it from.

    * Open notepad - don't use any other texteditor than notepad or the script will fail.

    Copy/paste the text in the quotebox below into notepad:

    Save this as txtfile CFScript

    Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

    CFScript.gif

    This will start ComboFix again.

    Then, please visit this site:

    http://www.bleepingcomputer.com/submit-malware.php?channel=8

    Where it says: "Browse to the file you want to submit", use the Browse button to navigate to the following file: C:\Qoobox\Quarantine\[8]-Submit_date_time.zip (date_time will be replaced with the date and time when this file was created)

    Then click the "Send File" button below in order to upload it.

    After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

  7. I downloaded itComboFix 09-03-23.01 - 137 2009-03-24 14:31:35.1 - NTFSx86

    Microsoft Windows XP Home Edition 5.1.2600.0.1252.1.1033.18.254.86 [GMT -5:00]

    Running from: c:\documents and settings\137\ComboFix.exe

    * Created a new restore point

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    c:\documents and settings\137\Cookies\ajif.reg

    c:\documents and settings\137\Cookies\avar.dll

    c:\documents and settings\137\Cookies\hosilenox.dll

    c:\documents and settings\137\Cookies\ihyjemonov.bat

    c:\documents and settings\137\Cookies\nizetuvizu.bat

    c:\documents and settings\137\Cookies\ozyzaxunoq.lib

    c:\documents and settings\137\Cookies\pybyxucef.bat

    c:\documents and settings\137\Cookies\pyhux.bin

    c:\documents and settings\137\Cookies\ysagyzu.vbs

    c:\documents and settings\137\Local Settings\Temporary Internet Files\adowewure._sy

    c:\documents and settings\137\Local Settings\Temporary Internet Files\fage._dl

    c:\documents and settings\137\Local Settings\Temporary Internet Files\lelyd.dat

    c:\documents and settings\137\Local Settings\Temporary Internet Files\opef.inf

    c:\documents and settings\137\Local Settings\Temporary Internet Files\tagopih._dl

    c:\documents and settings\137\Local Settings\Temporary Internet Files\xuneniwu.reg

    c:\documents and settings\137\Start Menu\Programs\Startup\.lnk

    c:\winnt\dcpnz.dat

    c:\winnt\dubrz.dat

    c:\winnt\IA

    c:\winnt\pfpru.dat

    c:\winnt\system32\404Fix.exe

    c:\winnt\system32\addaf32.dll

    c:\winnt\system32\addai.dll

    c:\winnt\system32\addak.dll

    c:\winnt\system32\adday.dll

    c:\winnt\system32\addbf.dll

    c:\winnt\system32\addbk.dll

    c:\winnt\system32\addbw32.dll

    c:\winnt\system32\addby.dll

    c:\winnt\system32\addcf.dll

    c:\winnt\system32\addcq.dll

    c:\winnt\system32\addcr.dll

    c:\winnt\system32\addcv32.dll

    c:\winnt\system32\adddb32.dll

    c:\winnt\system32\adddh32.dll

    c:\winnt\system32\addek32.dll

    c:\winnt\system32\addfc32.dll

    c:\winnt\system32\addfk.dll

    c:\winnt\system32\addfm32.dll

    c:\winnt\system32\addho32.dll

    c:\winnt\system32\addij32.dll

    c:\winnt\system32\addiz.dll

    c:\winnt\system32\addjr32.dll

    c:\winnt\system32\addkg32.dll

    c:\winnt\system32\addkl32.dll

    c:\winnt\system32\addkn32.dll

    c:\winnt\system32\addkt.dll

    c:\winnt\system32\addll32.dll

    c:\winnt\system32\addls.dll

    c:\winnt\system32\addmt.dll

    c:\winnt\system32\addnq32.dll

    c:\winnt\system32\addny.dll

    c:\winnt\system32\addpa.dll

    c:\winnt\system32\addpn.dll

    c:\winnt\system32\addqj.dll

    c:\winnt\system32\addqo.dll

    c:\winnt\system32\addrm32.dll

    c:\winnt\system32\addrt.dll

    c:\winnt\system32\addsi32.dll

    c:\winnt\system32\addsq32.dll

    c:\winnt\system32\addtd32.dll

    c:\winnt\system32\addto.dll

    c:\winnt\system32\addty.dll

    c:\winnt\system32\adduo32.dll

    c:\winnt\system32\addvv.dll

    c:\winnt\system32\addvw.dll

    c:\winnt\system32\addwu32.dll

    c:\winnt\system32\addwy.dll

    c:\winnt\system32\addwy32.dll

    c:\winnt\system32\addxm.dll

    c:\winnt\system32\addzt.dll

    c:\winnt\system32\addzx.dll

    c:\winnt\system32\addzy.dll

    c:\winnt\system32\Agent.OMZ.Fix.exe

    c:\winnt\system32\apiai.dll

    c:\winnt\system32\apian32.dll

    c:\winnt\system32\apibj32.dll

    c:\winnt\system32\apibs.dll

    c:\winnt\system32\apibs32.dll

    c:\winnt\system32\apicf.dll

    c:\winnt\system32\apicn.dll

    c:\winnt\system32\apicn32.dll

    c:\winnt\system32\apidr32.dll

    c:\winnt\system32\apidy.dll

    c:\winnt\system32\apieb.dll

    c:\winnt\system32\apiej32.dll

    c:\winnt\system32\apiex.dll

    c:\winnt\system32\apigd.dll

    c:\winnt\system32\apign32.dll

    c:\winnt\system32\apigt32.dll

    c:\winnt\system32\apigu.dll

    c:\winnt\system32\apihe32.dll

    c:\winnt\system32\apihg32.dll

    c:\winnt\system32\apihi32.dll

    c:\winnt\system32\apijm.dll

    c:\winnt\system32\apild32.dll

    c:\winnt\system32\apils32.dll

    c:\winnt\system32\apimb.dll

    c:\winnt\system32\apimp.dll

    c:\winnt\system32\apimq32.dll

    c:\winnt\system32\apimt32.dll

    c:\winnt\system32\apint32.dll

    c:\winnt\system32\apioa.dll

    c:\winnt\system32\apiok32.dll

    c:\winnt\system32\apiqq32.dll

    c:\winnt\system32\apiqt32.dll

    c:\winnt\system32\apiqw32.dll

    c:\winnt\system32\apirn32.dll

    c:\winnt\system32\apirw.dll

    c:\winnt\system32\apism.dll

    c:\winnt\system32\apisz.dll

    c:\winnt\system32\apisz32.dll

    c:\winnt\system32\apity32.dll

    c:\winnt\system32\apiuf.dll

    c:\winnt\system32\apiun32.dll

    c:\winnt\system32\apivt32.dll

    c:\winnt\system32\apixg32.dll

    c:\winnt\system32\apixj.dll

    c:\winnt\system32\apixj32.dll

    c:\winnt\system32\apiyb.dll

    c:\winnt\system32\apiyd.dll

    c:\winnt\system32\apiyf.dll

    c:\winnt\system32\apiyi.dll

    c:\winnt\system32\apiys32.dll

    c:\winnt\system32\apize32.dll

    c:\winnt\system32\appae32.dll

    c:\winnt\system32\appbj.dll

    c:\winnt\system32\appbv32.dll

    c:\winnt\system32\appcf.dll

    c:\winnt\system32\appcr.dll

    c:\winnt\system32\appcr32.dll

    c:\winnt\system32\appdq32.dll

    c:\winnt\system32\appdy32.dll

    c:\winnt\system32\appfr.dll

    c:\winnt\system32\appgn.dll

    c:\winnt\system32\appgw32.dll

    c:\winnt\system32\apphe.dll

    c:\winnt\system32\apphj32.dll

    c:\winnt\system32\appho.dll

    c:\winnt\system32\appkg.dll

    c:\winnt\system32\applo32.dll

    c:\winnt\system32\applq.dll

    c:\winnt\system32\appmo.dll

    c:\winnt\system32\appnv32.dll

    c:\winnt\system32\appos32.dll

    c:\winnt\system32\apppa.dll

    c:\winnt\system32\appqe32.dll

    c:\winnt\system32\appsk32.dll

    c:\winnt\system32\appso.dll

    c:\winnt\system32\appso32.dll

    c:\winnt\system32\appsp.dll

    c:\winnt\system32\appsw32.dll

    c:\winnt\system32\appts.dll

    c:\winnt\system32\apptx.dll

    c:\winnt\system32\appuh.dll

    c:\winnt\system32\appve32.dll

    c:\winnt\system32\appvg32.dll

    c:\winnt\system32\appvq32.dll

    c:\winnt\system32\appvz.dll

    c:\winnt\system32\appwk.dll

    c:\winnt\system32\appxd.dll

    c:\winnt\system32\appyt32.dll

    c:\winnt\system32\appzd32.dll

    c:\winnt\system32\appzh.dll

    c:\winnt\system32\appzk.dll

    c:\winnt\system32\atlao.dll

    c:\winnt\system32\atlao32.dll

    c:\winnt\system32\atldj32.dll

    c:\winnt\system32\atlei32.dll

    c:\winnt\system32\atlfh.dll

    c:\winnt\system32\atlgx.dll

    c:\winnt\system32\atlhd32.dll

    c:\winnt\system32\atlhi.dll

    c:\winnt\system32\atlid32.dll

    c:\winnt\system32\atlie.dll

    c:\winnt\system32\atlir32.dll

    c:\winnt\system32\atljj.dll

    c:\winnt\system32\atljq.dll

    c:\winnt\system32\atllb.dll

    c:\winnt\system32\atllh32.dll

    c:\winnt\system32\atlli.dll

    c:\winnt\system32\atlod32.dll

    c:\winnt\system32\atloq32.dll

    c:\winnt\system32\atlos32.dll

    c:\winnt\system32\atlot.dll

    c:\winnt\system32\atlpe32.dll

    c:\winnt\system32\atlph32.dll

    c:\winnt\system32\atlpt32.dll

    c:\winnt\system32\atlpx32.dll

    c:\winnt\system32\atlqt32.dll

    c:\winnt\system32\atlqw32.dll

    c:\winnt\system32\atlrb.dll

    c:\winnt\system32\atlrc.dll

    c:\winnt\system32\atlrf32.dll

    c:\winnt\system32\atlrt.dll

    c:\winnt\system32\atlrx.dll

    c:\winnt\system32\atlsw.dll

    c:\winnt\system32\atlsx.dll

    c:\winnt\system32\atltz.dll

    c:\winnt\system32\atluc32.dll

    c:\winnt\system32\atlui.dll

    c:\winnt\system32\atluu32.dll

    c:\winnt\system32\atlwn32.dll

    c:\winnt\system32\atlxp32.dll

    c:\winnt\system32\atlxz32.dll

    c:\winnt\system32\atlyu32.dll

    c:\winnt\system32\atlze.dll

    c:\winnt\system32\atlzi.dll

    c:\winnt\system32\atlzr.dll

    c:\winnt\system32\Cache

    c:\winnt\system32\cdmeb.dll

    c:\winnt\system32\crah32.dll

    c:\winnt\system32\crai32.dll

    c:\winnt\system32\cran32.dll

    c:\winnt\system32\crbk32.dll

    c:\winnt\system32\crca.dll

    c:\winnt\system32\crdw32.dll

    c:\winnt\system32\crei.dll

    c:\winnt\system32\creq.dll

    c:\winnt\system32\crfp.dll

    c:\winnt\system32\crgd32.dll

    c:\winnt\system32\crge32.dll

    c:\winnt\system32\crgn32.dll

    c:\winnt\system32\crgv.dll

    c:\winnt\system32\crhd.dll

    c:\winnt\system32\crhg32.dll

    c:\winnt\system32\crhm32.dll

    c:\winnt\system32\crie.dll

    c:\winnt\system32\cril.dll

    c:\winnt\system32\crip.dll

    c:\winnt\system32\criu32.dll

    c:\winnt\system32\criv32.dll

    c:\winnt\system32\crjy32.dll

    c:\winnt\system32\crkb32.dll

    c:\winnt\system32\crkk32.dll

    c:\winnt\system32\crko32.dll

    c:\winnt\system32\crkr32.dll

    c:\winnt\system32\crme32.dll

    c:\winnt\system32\crmq32.dll

    c:\winnt\system32\crmu.dll

    c:\winnt\system32\crns.dll

    c:\winnt\system32\croa32.dll

    c:\winnt\system32\crou.dll

    c:\winnt\system32\crou32.dll

    c:\winnt\system32\croz.dll

    c:\winnt\system32\crpf32.dll

    c:\winnt\system32\crpj.dll

    c:\winnt\system32\crpp.dll

    c:\winnt\system32\crpr32.dll

    c:\winnt\system32\crpt.dll

    c:\winnt\system32\crqp.dll

    c:\winnt\system32\crqu.dll

    c:\winnt\system32\crrv.dll

    c:\winnt\system32\crsd.dll

    c:\winnt\system32\crte.dll

    c:\winnt\system32\crte32.dll

    c:\winnt\system32\crtk32.dll

    c:\winnt\system32\crtp.dll

    c:\winnt\system32\crui.dll

    c:\winnt\system32\cruw.dll

    c:\winnt\system32\cruz.dll

    c:\winnt\system32\crvp32.dll

    c:\winnt\system32\crvs32.dll

    c:\winnt\system32\crvt32.dll

    c:\winnt\system32\crwz32.dll

    c:\winnt\system32\crxm32.dll

    c:\winnt\system32\crxs32.dll

    c:\winnt\system32\cryi.dll

    c:\winnt\system32\crzd.dll

    c:\winnt\system32\crzl32.dll

    c:\winnt\system32\d3aa32.dll

    c:\winnt\system32\d3ad32.dll

    c:\winnt\system32\d3ap32.dll

    c:\winnt\system32\d3bj.dll

    c:\winnt\system32\d3bs32.dll

    c:\winnt\system32\d3cn32.dll

    c:\winnt\system32\d3cp.dll

    c:\winnt\system32\d3cw.dll

    c:\winnt\system32\d3da32.dll

    c:\winnt\system32\d3eh32.dll

    c:\winnt\system32\d3em32.dll

    c:\winnt\system32\d3er.dll

    c:\winnt\system32\d3ev32.dll

    c:\winnt\system32\d3ex.dll

    c:\winnt\system32\d3fc.dll

    c:\winnt\system32\d3fo32.dll

    c:\winnt\system32\d3gb.dll

    c:\winnt\system32\d3gr32.dll

    c:\winnt\system32\d3hw32.dll

    c:\winnt\system32\d3in.dll

    c:\winnt\system32\d3is32.dll

    c:\winnt\system32\d3it32.dll

    c:\winnt\system32\d3iv32.dll

    c:\winnt\system32\d3ji.dll

    c:\winnt\system32\d3jo.dll

    c:\winnt\system32\d3kl32.dll

    c:\winnt\system32\d3ko.dll

    c:\winnt\system32\d3lr.dll

    c:\winnt\system32\d3lx.dll

    c:\winnt\system32\d3ni.dll

    c:\winnt\system32\d3nl32.dll

    c:\winnt\system32\d3ow32.dll

    c:\winnt\system32\d3pc.dll

    c:\winnt\system32\d3pm.dll

    c:\winnt\system32\d3pm32.dll

    c:\winnt\system32\d3po.dll

    c:\winnt\system32\d3qa32.dll

    c:\winnt\system32\d3qh32.dll

    c:\winnt\system32\d3rb.dll

    c:\winnt\system32\d3rz32.dll

    c:\winnt\system32\d3sf32.dll

    c:\winnt\system32\d3sp32.dll

    c:\winnt\system32\d3sr32.dll

    c:\winnt\system32\d3sz32.dll

    c:\winnt\system32\d3un32.dll

    c:\winnt\system32\d3uo32.dll

    c:\winnt\system32\d3wn32.dll

    c:\winnt\system32\d3xt32.dll

    c:\winnt\system32\d3yf32.dll

    c:\winnt\system32\d3zr32.dll

    c:\winnt\system32\d3zy32.dll

    c:\winnt\system32\diexm.dat

    c:\winnt\system32\dumphive.exe

    c:\winnt\system32\fsmgmt.dll

    c:\winnt\system32\fvzat.dat

    c:\winnt\system32\gkicj.dll

    c:\winnt\system32\ieaf32.dll

    c:\winnt\system32\iebc.dll

    c:\winnt\system32\iebh32.dll

    c:\winnt\system32\iebi.dll

    c:\winnt\system32\iebl.dll

    c:\winnt\system32\iede32.dll

    c:\winnt\system32\IEDFix.C.exe

    c:\winnt\system32\IEDFix.exe

    c:\winnt\system32\ieds.dll

    c:\winnt\system32\ieeb32.dll

    c:\winnt\system32\ieef.dll

    c:\winnt\system32\ieek32.dll

    c:\winnt\system32\iees.dll

    c:\winnt\system32\iefb32.dll

    c:\winnt\system32\iegp.dll

    c:\winnt\system32\iegs32.dll

    c:\winnt\system32\iegw.dll

    c:\winnt\system32\iehf32.dll

    c:\winnt\system32\ieis.dll

    c:\winnt\system32\iejf.dll

    c:\winnt\system32\iejv32.dll

    c:\winnt\system32\iekt32.dll

    c:\winnt\system32\ielb32.dll

    c:\winnt\system32\ielf.dll

    c:\winnt\system32\iemn32.dll

    c:\winnt\system32\iemv.dll

    c:\winnt\system32\ienc.dll

    c:\winnt\system32\ienf32.dll

    c:\winnt\system32\ieos.dll

    c:\winnt\system32\iepi.dll

    c:\winnt\system32\iepq.dll

    c:\winnt\system32\ieqm32.dll

    c:\winnt\system32\ieqn32.dll

    c:\winnt\system32\ieqq.dll

    c:\winnt\system32\ierc32.dll

    c:\winnt\system32\ierr32.dll

    c:\winnt\system32\iesi32.dll

    c:\winnt\system32\iesw.dll

    c:\winnt\system32\ietf32.dll

    c:\winnt\system32\ieul.dll

    c:\winnt\system32\iewu.dll

    c:\winnt\system32\iexp.dll

    c:\winnt\system32\ieyn.dll

    c:\winnt\system32\ieyu32.dll

    c:\winnt\system32\iezg32.dll

    c:\winnt\system32\ipba.dll

    c:\winnt\system32\ipbn32.dll

    c:\winnt\system32\ipbt32.dll

    c:\winnt\system32\ipbw32.dll

    c:\winnt\system32\ipcl32.dll

    c:\winnt\system32\ipcs32.dll

    c:\winnt\system32\ipdr.dll

    c:\winnt\system32\ipds32.dll

    c:\winnt\system32\ipek32.dll

    c:\winnt\system32\ipel.dll

    c:\winnt\system32\ipfa32.dll

    c:\winnt\system32\ipfi.dll

    c:\winnt\system32\ipft32.dll

    c:\winnt\system32\ipgj32.dll

    c:\winnt\system32\ipgl32.dll

    c:\winnt\system32\ipgr.dll

    c:\winnt\system32\ipgs.dll

    c:\winnt\system32\iphj32.dll

    c:\winnt\system32\ipht32.dll

    c:\winnt\system32\ipin32.dll

    c:\winnt\system32\ipis.dll

    c:\winnt\system32\ipjb.dll

    c:\winnt\system32\ipjv32.dll

    c:\winnt\system32\ipkj.dll

    c:\winnt\system32\ipli32.dll

    c:\winnt\system32\ipmg.dll

    c:\winnt\system32\ipmu32.dll

    c:\winnt\system32\ipnt32.dll

    c:\winnt\system32\ipnw.dll

    c:\winnt\system32\ipol32.dll

    c:\winnt\system32\ipop32.dll

    c:\winnt\system32\ippm32.dll

    c:\winnt\system32\ipqn32.dll

    c:\winnt\system32\ipqp.dll

    c:\winnt\system32\ipqp32.dll

    c:\winnt\system32\iprs.dll

    c:\winnt\system32\iprv.dll

    c:\winnt\system32\ipst32.dll

    c:\winnt\system32\iptb32.dll

    c:\winnt\system32\iptj32.dll

    c:\winnt\system32\ipts32.dll

    c:\winnt\system32\ipud.dll

    c:\winnt\system32\ipuh32.dll

    c:\winnt\system32\ipui.dll

    c:\winnt\system32\ipvz.dll

    c:\winnt\system32\ipwr.dll

    c:\winnt\system32\ipwv.dll

    c:\winnt\system32\ipww32.dll

    c:\winnt\system32\ipxp.dll

    c:\winnt\system32\ipxv.dll

    c:\winnt\system32\ipyf.dll

    c:\winnt\system32\ipyj32.dll

    c:\winnt\system32\ipzi.dll

    c:\winnt\system32\javaad.dll

    c:\winnt\system32\javaan32.dll

    c:\winnt\system32\javabf32.dll

    c:\winnt\system32\javaci.dll

    c:\winnt\system32\javacq32.dll

    c:\winnt\system32\javadf32.dll

    c:\winnt\system32\javadm32.dll

    c:\winnt\system32\javaef32.dll

    c:\winnt\system32\javaek32.dll

    c:\winnt\system32\javaev32.dll

    c:\winnt\system32\javafh.dll

    c:\winnt\system32\javafi.dll

    c:\winnt\system32\javagv32.dll

    c:\winnt\system32\javaid32.dll

    c:\winnt\system32\javajf.dll

    c:\winnt\system32\javajg.dll

    c:\winnt\system32\javajs32.dll

    c:\winnt\system32\javajz.dll

    c:\winnt\system32\javaki32.dll

    c:\winnt\system32\javalb.dll

    c:\winnt\system32\javalo32.dll

    c:\winnt\system32\javamq32.dll

    c:\winnt\system32\javamv32.dll

    c:\winnt\system32\javamx32.dll

    c:\winnt\system32\javant32.dll

    c:\winnt\system32\javaot.dll

    c:\winnt\system32\javapf32.dll

    c:\winnt\system32\javaqo32.dll

    c:\winnt\system32\javash.dll

    c:\winnt\system32\javasj.dll

    c:\winnt\system32\javasm32.dll

    c:\winnt\system32\javasu32.dll

    c:\winnt\system32\javasv32.dll

    c:\winnt\system32\javasw.dll

    c:\winnt\system32\javavk32.dll

    c:\winnt\system32\javavo.dll

    c:\winnt\system32\javavr32.dll

    c:\winnt\system32\javavv.dll

    c:\winnt\system32\javavw.dll

    c:\winnt\system32\javawq.dll

    c:\winnt\system32\javaxi.dll

    c:\winnt\system32\javaxw32.dll

    c:\winnt\system32\javayd32.dll

    c:\winnt\system32\javayr.dll

    c:\winnt\system32\javazb.dll

    c:\winnt\system32\javazd.dll

    c:\winnt\system32\javazf32.dll

    c:\winnt\system32\javazi32.dll

    c:\winnt\system32\javazj32.dll

    c:\winnt\system32\javazz32.dll

    c:\winnt\system32\jqhbs.dll

    c:\winnt\system32\mfcal.dll

    c:\winnt\system32\mfcap.dll

    c:\winnt\system32\mfcaq.dll

    c:\winnt\system32\mfcbe.dll

    c:\winnt\system32\mfcbj32.dll

    c:\winnt\system32\mfcde.dll

    c:\winnt\system32\mfcef.dll

    c:\winnt\system32\mfcei32.dll

    c:\winnt\system32\mfcgi.dll

    c:\winnt\system32\mfcgj32.dll

    c:\winnt\system32\mfcgt32.dll

    c:\winnt\system32\mfcio32.dll

    c:\winnt\system32\mfcjf32.dll

    c:\winnt\system32\mfcji32.dll

    c:\winnt\system32\mfclk32.dll

    c:\winnt\system32\mfclm.dll

    c:\winnt\system32\mfclm32.dll

    c:\winnt\system32\mfcln32.dll

    c:\winnt\system32\mfclo32.dll

    c:\winnt\system32\mfcls32.dll

    c:\winnt\system32\mfclz32.dll

    c:\winnt\system32\mfcma32.dll

    c:\winnt\system32\mfcml32.dll

    c:\winnt\system32\mfcmw.dll

    c:\winnt\system32\mfcnf.dll

    c:\winnt\system32\mfcnn.dll

    c:\winnt\system32\mfcny32.dll

    c:\winnt\system32\mfcqt.dll

    c:\winnt\system32\mfcrk.dll

    c:\winnt\system32\mfcrv.dll

    c:\winnt\system32\mfcsp.dll

    c:\winnt\system32\mfctn32.dll

    c:\winnt\system32\mfcuj.dll

    c:\winnt\system32\mfcvs32.dll

    c:\winnt\system32\mfcwf.dll

    c:\winnt\system32\mfcxh.dll

    c:\winnt\system32\mfcxi32.dll

    c:\winnt\system32\mfcxv32.dll

    c:\winnt\system32\mfcyf.dll

    c:\winnt\system32\mfcyx32.dll

    c:\winnt\system32\msad.dll

    c:\winnt\system32\msay32.dll

    c:\winnt\system32\msbd32.dll

    c:\winnt\system32\msbf32.dll

    c:\winnt\system32\msbo32.dll

    c:\winnt\system32\msbp32.dll

    c:\winnt\system32\msbv32.dll

    c:\winnt\system32\mscf.dll

    c:\winnt\system32\msck.dll

    c:\winnt\system32\mscp.dll

    c:\winnt\system32\msdc32.dll

    c:\winnt\system32\msdf32.dll

    c:\winnt\system32\msdj32.dll

    c:\winnt\system32\msdn32.dll

    c:\winnt\system32\msem.dll

    c:\winnt\system32\msga32.dll

    c:\winnt\system32\msgy32.dll

    c:\winnt\system32\msho.dll

    c:\winnt\system32\msir32.dll

    c:\winnt\system32\msiw32.dll

    c:\winnt\system32\msjb32.dll

    c:\winnt\system32\msko.dll

    c:\winnt\system32\msln32.dll

    c:\winnt\system32\mslo.dll

    c:\winnt\system32\mslu.dll

    c:\winnt\system32\msmw32.dll

    c:\winnt\system32\msop.dll

    c:\winnt\system32\msox.dll

    c:\winnt\system32\msqg.dll

    c:\winnt\system32\msql.dll

    c:\winnt\system32\msqw32.dll

    c:\winnt\system32\msri32.dll

    c:\winnt\system32\msrm32.dll

    c:\winnt\system32\msse.dll

    c:\winnt\system32\mssn32.dll

    c:\winnt\system32\msta.dll

    c:\winnt\system32\mstf32.dll

    c:\winnt\system32\mstj.dll

    c:\winnt\system32\msui32.dll

    c:\winnt\system32\msus.dll

    c:\winnt\system32\msve.dll

    c:\winnt\system32\mszl32.dll

    c:\winnt\system32\mszt.dll

    c:\winnt\system32\mszy32.dll

    c:\winnt\system32\netad32.dll

    c:\winnt\system32\netak32.dll

    c:\winnt\system32\netau.dll

    c:\winnt\system32\netaz32.dll

    c:\winnt\system32\netba32.dll

    c:\winnt\system32\netco.dll

    c:\winnt\system32\netcs.dll

    c:\winnt\system32\netet32.dll

    c:\winnt\system32\netez32.dll

    c:\winnt\system32\netfa32.dll

    c:\winnt\system32\netfd32.dll

    c:\winnt\system32\netgt32.dll

    c:\winnt\system32\netgu32.dll

    c:\winnt\system32\netgy.dll

    c:\winnt\system32\nethg32.dll

    c:\winnt\system32\netig32.dll

    c:\winnt\system32\netiw.dll

    c:\winnt\system32\netjl.dll

    c:\winnt\system32\netjm32.dll

    c:\winnt\system32\netjv32.dll

    c:\winnt\system32\netkb.dll

    c:\winnt\system32\netkh32.dll

    c:\winnt\system32\netlv32.dll

    c:\winnt\system32\netmb.dll

    c:\winnt\system32\netod.dll

    c:\winnt\system32\netos32.dll

    c:\winnt\system32\netoz32.dll

    c:\winnt\system32\netql.dll

    c:\winnt\system32\netrj32.dll

    c:\winnt\system32\netrn32.dll

    c:\winnt\system32\netsi.dll

    c:\winnt\system32\netss32.dll

    c:\winnt\system32\netst32.dll

    c:\winnt\system32\netsw.dll

    c:\winnt\system32\nettb32.dll

    c:\winnt\system32\netth.dll

    c:\winnt\system32\nettr.dll

    c:\winnt\system32\nettx32.dll

    c:\winnt\system32\netud32.dll

    c:\winnt\system32\netuh.dll

    c:\winnt\system32\netuh32.dll

    c:\winnt\system32\netus.dll

    c:\winnt\system32\netwg32.dll

    c:\winnt\system32\netwo.dll

    c:\winnt\system32\netwv32.dll

    c:\winnt\system32\netxg.dll

    c:\winnt\system32\ntag.dll

    c:\winnt\system32\ntbc32.dll

    c:\winnt\system32\ntbi.dll

    c:\winnt\system32\ntbk32.dll

    c:\winnt\system32\ntcm32.dll

    c:\winnt\system32\ntcn32.dll

    c:\winnt\system32\ntct32.dll

    c:\winnt\system32\ntdp32.dll

    c:\winnt\system32\ntdw.dll

    c:\winnt\system32\ntei32.dll

    c:\winnt\system32\ntel32.exe

    c:\winnt\system32\ntez.dll

    c:\winnt\system32\ntfg32.exe

    c:\winnt\system32\ntgd32.dll

    c:\winnt\system32\ntgk.dll

    c:\winnt\system32\ntgn32.dll

    c:\winnt\system32\ntgr32.dll

    c:\winnt\system32\ntgt32.dll

    c:\winnt\system32\ntin.dll

    c:\winnt\system32\ntio.dll

    c:\winnt\system32\ntjo32.dll

    c:\winnt\system32\ntjv32.dll

    c:\winnt\system32\ntke32.dll

    c:\winnt\system32\ntlb32.dll

    c:\winnt\system32\ntll32.dll

    c:\winnt\system32\ntmj.dll

    c:\winnt\system32\ntna32.dll

    c:\winnt\system32\ntni.dll

    c:\winnt\system32\ntno.dll

    c:\winnt\system32\ntoz32.dll

    c:\winnt\system32\ntpj.dll

    c:\winnt\system32\ntpp32.dll

    c:\winnt\system32\ntpq.dll

    c:\winnt\system32\ntpy.dll

    c:\winnt\system32\ntqv32.dll

    c:\winnt\system32\ntqx32.dll

    c:\winnt\system32\ntru32.dll

    c:\winnt\system32\ntut32.dll

    c:\winnt\system32\ntvy.dll

    c:\winnt\system32\ntws32.dll

    c:\winnt\system32\ntwy.dll

    c:\winnt\system32\ntxd32.dll

    c:\winnt\system32\ntxw32.dll

    c:\winnt\system32\ntyy.dll

    c:\winnt\system32\ntzl32.dll

    c:\winnt\system32\o4Patch.exe

    c:\winnt\system32\Process.exe

    c:\winnt\system32\ruujm.dat

    c:\winnt\system32\sdkab.dll

    c:\winnt\system32\sdkbb.dll

    c:\winnt\system32\sdkbc.dll

    c:\winnt\system32\sdkbv.dll

    c:\winnt\system32\sdkcs.dll

    c:\winnt\system32\sdkcu32.dll

    c:\winnt\system32\sdkcv.dll

    c:\winnt\system32\sdkdl32.dll

    c:\winnt\system32\sdkef.dll

    c:\winnt\system32\sdkel.dll

    c:\winnt\system32\sdkep32.dll

    c:\winnt\system32\sdkew.dll

    c:\winnt\system32\sdkew32.dll

    c:\winnt\system32\sdkgm32.dll

    c:\winnt\system32\sdkgo32.dll

    c:\winnt\system32\sdkgw.dll

    c:\winnt\system32\sdkgx32.dll

    c:\winnt\system32\sdkhb.dll

    c:\winnt\system32\sdkid.dll

    c:\winnt\system32\sdkir32.dll

    c:\winnt\system32\sdkjg32.dll

    c:\winnt\system32\sdkkv.dll

    c:\winnt\system32\sdkky.dll

    c:\winnt\system32\sdkky32.dll

    c:\winnt\system32\sdkkz32.dll

    c:\winnt\system32\sdklf32.dll

    c:\winnt\system32\sdkly.dll

    c:\winnt\system32\sdkmp.dll

    c:\winnt\system32\sdkmq32.dll

    c:\winnt\system32\sdkne32.dll

    c:\winnt\system32\sdkon.dll

    c:\winnt\system32\sdkpc32.dll

    c:\winnt\system32\sdkpq32.dll

    c:\winnt\system32\sdkqf32.dll

    c:\winnt\system32\sdksn.dll

    c:\winnt\system32\sdksr32.dll

    c:\winnt\system32\sdktb32.dll

    c:\winnt\system32\sdktf.dll

    c:\winnt\system32\sdkth32.dll

    c:\winnt\system32\sdktt.dll

    c:\winnt\system32\sdkty.dll

    c:\winnt\system32\sdkux.dll

    c:\winnt\system32\sdkux32.dll

    c:\winnt\system32\sdkve32.dll

    c:\winnt\system32\sdkvo32.dll

    c:\winnt\system32\sdkvt32.dll

    c:\winnt\system32\sdkvw32.dll

    c:\winnt\system32\sdkwx.dll

    c:\winnt\system32\sdkwz32.dll

    c:\winnt\system32\sdkxc.dll

    c:\winnt\system32\sdkxi32.dll

    c:\winnt\system32\sdkxv.dll

    c:\winnt\system32\sdkxy.dll

    c:\winnt\system32\sdkyw.dll

    c:\winnt\system32\SrchSTS.exe

    c:\winnt\system32\sysab32.dll

    c:\winnt\system32\sysai32.dll

    c:\winnt\system32\sysbd32.dll

    c:\winnt\system32\sysbq32.dll

    c:\winnt\system32\sysbs32.dll

    c:\winnt\system32\sysbv32.dll

    c:\winnt\system32\syscf32.dll

    c:\winnt\system32\sysdu.dll

    c:\winnt\system32\syseh32.dll

    c:\winnt\system32\sysey32.dll

    c:\winnt\system32\sysff.dll

    c:\winnt\system32\sysfp.dll

    c:\winnt\system32\sysfy32.dll

    c:\winnt\system32\sysgh32.dll

    c:\winnt\system32\sysgi32.dll

    c:\winnt\system32\sysgm.dll

    c:\winnt\system32\syshr32.dll

    c:\winnt\system32\syshu32.dll

    c:\winnt\system32\sysir.dll

    c:\winnt\system32\sysjm.dll

    c:\winnt\system32\sysjq.dll

    c:\winnt\system32\syskn32.dll

    c:\winnt\system32\syskp32.dll

    c:\winnt\system32\syskx32.dll

    c:\winnt\system32\sysli32.dll

    c:\winnt\system32\syslj32.dll

    c:\winnt\system32\syslt.dll

    c:\winnt\system32\sysmh32.dll

    c:\winnt\system32\sysms32.dll

    c:\winnt\system32\sysnb32.dll

    c:\winnt\system32\sysnh.dll

    c:\winnt\system32\sysoc32.dll

    c:\winnt\system32\sysof.dll

    c:\winnt\system32\syspa32.dll

    c:\winnt\system32\syspo.dll

    c:\winnt\system32\sysqd.dll

    c:\winnt\system32\sysqh32.dll

    c:\winnt\system32\sysrc.dll

    c:\winnt\system32\sysri32.dll

    c:\winnt\system32\sysrr32.dll

    c:\winnt\system32\syssd.dll

    c:\winnt\system32\syssu.dll

    c:\winnt\system32\sysug.dll

    c:\winnt\system32\sysum32.dll

    c:\winnt\system32\sysut.dll

    c:\winnt\system32\syswe.dll

    c:\winnt\system32\syswt32.dll

    c:\winnt\system32\sysxs32.dll

    c:\winnt\system32\sysyk32.dll

    c:\winnt\system32\sysyq.dll

    c:\winnt\system32\syszx32.dll

    c:\winnt\system32\tmp.reg

    c:\winnt\system32\tvuny.dat

    c:\winnt\system32\utlsa.dll

    c:\winnt\system32\VACFix.exe

    c:\winnt\system32\VCCLSID.exe

    c:\winnt\system32\vdycn.dat

    c:\winnt\system32\vmss

    c:\winnt\system32\werweg.exe

    c:\winnt\system32\winaa32.dll

    c:\winnt\system32\winaq32.dll

    c:\winnt\system32\winat.dll

    c:\winnt\system32\winba.dll

    c:\winnt\system32\winbm32.dll

    c:\winnt\system32\winbq32.dll

    c:\winnt\system32\wincg32.dll

    c:\winnt\system32\wincl32.dll

    c:\winnt\system32\wincn.dll

    c:\winnt\system32\winco32.dll

    c:\winnt\system32\wincp.dll

    c:\winnt\system32\wineb.dll

    c:\winnt\system32\wingi32.dll

    c:\winnt\system32\wingk.dll

    c:\winnt\system32\winhh.dll

    c:\winnt\system32\winhh32.dll

    c:\winnt\system32\winib32.dll

    c:\winnt\system32\winih32.dll

    c:\winnt\system32\winij32.dll

    c:\winnt\system32\winiq.dll

    c:\winnt\system32\winiq32.dll

    c:\winnt\system32\winiv.dll

    c:\winnt\system32\winiy32.dll

    c:\winnt\system32\winja.dll

    c:\winnt\system32\winja32.dll

    c:\winnt\system32\winjm.dll

    c:\winnt\system32\winjn32.dll

    c:\winnt\system32\winjq32.dll

    c:\winnt\system32\winme32.dll

    c:\winnt\system32\winnd32.dll

    c:\winnt\system32\winne32.dll

    c:\winnt\system32\winnh.dll

    c:\winnt\system32\winnj32.dll

    c:\winnt\system32\winnk.dll

    c:\winnt\system32\winnn32.dll

    c:\winnt\system32\winnq.dll

    c:\winnt\system32\winos.dll

    c:\winnt\system32\winpd32.dll

    c:\winnt\system32\winpj32.dll

    c:\winnt\system32\winqa.dll

    c:\winnt\system32\winqc.dll

    c:\winnt\system32\winqd.dll

    c:\winnt\system32\winqn.dll

    c:\winnt\system32\winrb.dll

    c:\winnt\system32\winrl.dll

    c:\winnt\system32\winsf32.dll

    c:\winnt\system32\winsr32.dll

    c:\winnt\system32\winss.dll

    c:\winnt\system32\winth.dll

    c:\winnt\system32\wintr.dll

    c:\winnt\system32\winvd32.dll

    c:\winnt\system32\winvf.dll

    c:\winnt\system32\winvu.dll

    c:\winnt\system32\winvz.dll

    c:\winnt\system32\winwu.dll

    c:\winnt\system32\winyc.dll

    c:\winnt\system32\winyd32.dll

    c:\winnt\system32\winyk32.dll

    c:\winnt\system32\winzc32.dll

    c:\winnt\system32\winzq.dll

    c:\winnt\system32\wquig.dat

    c:\winnt\system32\WS2Fix.exe

    c:\winnt\system32\wvouf.dll

    c:\winnt\tcivg.dat

    c:\winnt\ukinm.dat

    c:\winnt\vtwhv.dat

    .

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    -------\Legacy_NTIO256

    -------\Legacy_OHCIUSB

    -------\Service_ohciusb

    ((((((((((((((((((((((((( Files Created from 2009-02-24 to 2009-03-24 )))))))))))))))))))))))))))))))

    .

    2009-03-24 14:23 . 2009-03-24 14:24 2,934,667 -ra------ c:\documents and settings\137\ComboFix.exe

    2009-03-22 03:52 . 2009-03-22 03:52 21,632 --a------ c:\winnt\system32\drivers\gjn9637.sys

    2009-03-22 03:51 . 2005-01-28 12:44 101,376 --a------ c:\winnt\system32\cewmdmq.dll

    2009-03-01 19:57 . 2009-03-01 20:40 <DIR> d-------- c:\documents and settings\137\always_data

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2009-02-19 04:45 --------- d-----w c:\program files\FreeRIP3

    2009-02-19 04:45 --------- d-----w c:\documents and settings\All Users\Application Data\FreeRIP

    2009-02-12 04:32 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

    2009-02-12 04:03 --------- d-----w c:\program files\America Online 7.0

    2009-02-12 04:00 --------- d-----w c:\program files\Uniblue

    2009-02-12 04:00 --------- d-----w c:\documents and settings\137\Application Data\Uniblue

    2009-02-11 19:30 --------- d-----w c:\program files\Malwarebytes' Anti-Malware

    2009-02-11 15:19 38,496 ----a-w c:\winnt\system32\drivers\mbamswissarmy.sys

    2009-02-11 15:19 15,504 ----a-w c:\winnt\system32\drivers\mbam.sys

    2008-10-11 21:05 19,981 ----a-w c:\program files\Common Files\gegyp.vbs

    2008-10-11 21:05 19,403 ----a-w c:\documents and settings\137\Application Data\awanonoreq.scr

    2008-10-11 21:05 18,503 ----a-w c:\documents and settings\137\Application Data\ytyfeda.reg

    2008-10-11 21:05 17,550 ----a-w c:\program files\Common Files\kujuvexopi.inf

    2008-10-11 21:05 16,944 ----a-w c:\documents and settings\All Users\Application Data\efazec.sys

    2008-10-11 21:05 16,382 ----a-w c:\documents and settings\137\Application Data\fapojehuny.exe

    2008-10-11 21:05 13,962 ----a-w c:\program files\Common Files\sekulux.vbs

    2008-10-11 21:00 19,976 ----a-w c:\program files\Common Files\idywym.db

    2008-10-11 21:00 19,194 ----a-w c:\program files\Common Files\hugaziso.reg

    2008-10-11 21:00 18,555 ----a-w c:\documents and settings\All Users\Application Data\alohub.reg

    2008-10-11 21:00 16,392 ----a-w c:\documents and settings\All Users\Application Data\elebujufyh.vbs

    2008-10-11 21:00 13,467 ----a-w c:\documents and settings\All Users\Application Data\ewego.bat

    2008-10-11 21:00 11,539 ----a-w c:\program files\Common Files\onazev.ban

    2008-10-11 21:00 11,440 ----a-w c:\documents and settings\All Users\Application Data\jiwaworo.dat

    2007-12-17 18:09 251,967 ----a-w c:\documents and settings\137\TuaxInfo1.zip

    2007-12-12 19:05 2,833,575 ----a-w c:\documents and settings\137\Boxes12-12-07007.zip

    2007-12-10 17:51 13,535 ----a-w c:\documents and settings\137\FAX200712101022.zip

    2007-11-30 17:39 3,890 ----a-w c:\documents and settings\137\HFLabResults.zip

    2007-06-11 16:14 111,633 ----a-w c:\documents and settings\137\DOC070611-003.zip

    2007-05-24 17:07 1,666,202 ----a-w c:\documents and settings\137\Image003.zip

    2007-05-09 17:50 4,288,686 ----a-w c:\documents and settings\137\DSC00537.zip

    2007-03-03 03:40 55,368 ----a-w c:\documents and settings\137\Application Data\GDIPFONTCACHEV1.DAT

    2004-06-13 23:01 449 ----a-w c:\documents and settings\137\UpdateReg.reg

    2004-04-30 03:36 1,999 ----a-w c:\documents and settings\137\winupdate.dat

    2003-04-25 21:40 784 ----a-w c:\documents and settings\137\Application Data\mpauth.dat

    2004-10-12 20:02 1,384,332 --sh--w c:\winnt\addins\tacvrd.bak2

    2004-10-06 06:39 1,671,435 --sh--w c:\winnt\addins\vrsevaw.bak2

    2004-10-18 11:37 28,792,728 --sha-w c:\winnt\system32\Microsoft\nulld.bak1

    2004-10-18 11:38 28,792,728 --sh--w c:\winnt\system32\Microsoft\nulld.bak2

    2004-10-15 15:23 410,731,701 --sha-w c:\winnt\Web\nupct.bak1

    2004-10-16 18:07 854,146,211 --sh--w c:\winnt\Web\nupct.bak2

    .

    ((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    ----a-w 50,776 2005-07-12 11:17:44 c:\program files\America Online 9.0a\bak\AOL.EXE

    ----a-w 159,832 2005-07-29 16:53:50 c:\program files\Common Files\AOL\1102136020\EE\bak\AOLHostManager.exe

    ----a-w 13,416 2006-03-10 22:22:56 c:\program files\Common Files\AOL\1102136020\EE\AOLHostManager.exe

    ----a-r 34,904 2004-10-20 14:40:04 c:\program files\Common Files\AOL\ACS\bak\AOLDial.exe

    ----a-w 28,738 2001-08-17 04:41:58 c:\program files\Common Files\Microsoft Shared\Works Shared\bak\WkUFind.exe

    ----a-w 70,776 2004-09-15 01:02:18 c:\program files\Common Files\Symantec Shared\bak\ccApp.exe

    ----a-w 218,240 2004-11-02 21:59:52 c:\program files\Common Files\Symantec Shared\Security Center\bak\UsrPrmpt.exe

    ----a-w 278,528 2004-12-18 05:20:14 c:\program files\iTunes\bak\iTunesHelper.exe

    ----a-w 278,528 2004-12-18 04:20:14 c:\program files\iTunes\iTunesHelper.exe

    ----a-w 331,830 2001-08-23 21:52:52 c:\program files\Microsoft Works\bak\WksSb.exe

    ----a-w 110,592 2002-08-02 18:41:08 c:\program files\MUSICMATCH\MUSICMATCH Jukebox\bak\mm_tray.exe

    ----a-w 135,168 2006-01-17 17:03:06 c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

    ----a-w 20,480 2001-11-07 18:25:54 c:\program files\PhoneTools\bak\CapFax.EXE

    ----a-w 99,480 2004-04-05 21:33:54 c:\program files\Pure Networks\Port Magic\bak\PortAOL.exe

    ----a-w 98,304 2005-03-30 03:43:34 c:\program files\QuickTime\bak\qttask.exe

    ----a-w 26,112 2004-09-26 16:13:25 c:\program files\Real\RealPlayer\bak\RealPlay.exe

    ----a-w 0 2006-10-23 02:38:04 c:\program files\Real\RealPlayer\realplay.exe

    ----a-w 684,032 2002-06-19 06:05:38 c:\program files\Roxio\Easy CD Creator 5\DirectCD\bak\DirectCD.exe

    ----a-w 0 2006-10-23 02:37:55 c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

    ----a-w 1,257,472 2006-07-20 14:24:32 c:\program files\SUPERAntiSpyware\bak\SUPERAntiSpyware.exe

    ----a-w 1,576,176 2008-09-03 18:07:12 c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    ----a-w 114,688 2002-05-15 01:20:50 c:\winnt\system32\bak\hkcmd.exe

    ----a-w 155,648 2002-05-15 01:29:02 c:\winnt\system32\bak\igfxtray.exe

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{458B9D54-91FD-4161-9A7E-4A50B9A53CBF}]

    2005-01-28 12:44 101376 --a------ c:\winnt\System32\cewmdmq.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [N/A]

    "MoneyAgent"="c:\program files\Microsoft Money\System\Money Express.exe" [2001-07-25 184376]

    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]

    "AOL Fast Start"="c:\program files\America Online 9.0a\AOL.EXE" [N/A]

    "Uniblue RegistryBooster 2009"="c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe" [N/A]

    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [N/A]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2006-01-17 135168]

    "AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [N/A]

    "HostManager"="c:\program files\Common Files\AOL\1102136020\ee\AOLSoftware.exe" [2006-03-10 48280]

    "Hot Key Kbd 9910 Daemon"="SK9910DM.EXE" [2001-01-03 c:\winnt\system32\SK9910DM.EXE]

    "PROMon.exe"="PROMon.exe" [2002-04-18 c:\winnt\system32\PROMon.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2001-08-02 1077277]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\

    America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0b\aoltray.exe [2006-09-21 36954]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

    "ForceClassicControlPanel"= 1 (0x1)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

    2008-07-23 15:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

    "

  8. I tried to download ComboFix three times and a box came up saying something like "OS not compatible. Only Windows 2000 or XP". I have XP. Then another little box came up and says something like "You can't change ComboFix to ComboFix(1)". Is there anything else I can do?

    Hi,

    * Please visit this webpage for instructions for downloading and running ComboFix:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Post the log from ComboFix in your next reply.

    Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.

  9. Thank you for your prompt reply. I updated MalewareBytes and did a complete scan:

    Malwarebytes' Anti-Malware 1.34

    Database version: 1890

    Windows 5.1.2600

    3/23/2009 11:02:45 PM

    mbam-log-2009-03-23 (23-02-45).txt

    Scan type: Full Scan (C:\|)

    Objects scanned: 124724

    Time elapsed: 1 hour(s), 40 minute(s), 0 second(s)

    Memory Processes Infected: 0

    Memory Modules Infected: 1

    Registry Keys Infected: 2

    Registry Values Infected: 4

    Registry Data Items Infected: 0

    Folders Infected: 0

    Files Infected: 1

    Memory Processes Infected:

    (No malicious items detected)

    Memory Modules Infected:

    C:\WINNT\system32\cewmdmq.dll (Trojan.Downloader) -> Delete on reboot.

    Registry Keys Infected:

    HKEY_CLASSES_ROOT\CLSID\{458b9d54-91fd-4161-9a7e-4a50b9a53cbf} (Trojan.Downloader) -> Delete on reboot.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{458b9d54-91fd-4161-9a7e-4a50b9a53cbf} (Trojan.Downloader) -> Delete on reboot.

    Registry Values Infected:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot.

    Registry Data Items Infected:

    (No malicious items detected)

    Folders Infected:

    (No malicious items detected)

    Files Infected:

    C:\WINNT\system32\cewmdmq.dll (Trojan.Downloader) -> Delete on reboot.

    Hi,

    First of all, please update MalwareBytes, because the databaseversion is outdated.

    • Start MalwareBytes and click the Update tab. There click "Check for updates"
    • Once the updates are downloaded, perform a full scan again.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply along with a fresh HijackThis log, then we'll proceed from there with new steps.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

  10. I clicked on a website yesterday and since then the first few times I click on a webpage in IE another page comes up with an advertisement. When the right page comes up it's a new browser, which should not happen. My computer works fine in AOL. I have run Malwarebytes several times and it says I have trojans, can not be removed now, but will be removed when my computer is rebooted. Upon reboot the trojans are still there. Here are the results of a scan:

    Malwarebytes' Anti-Malware 1.34

    Database version: 1887

    Windows 5.1.2600

    3/23/2009 6:17:03 PM

    mbam-log-2009-03-23 (18-17-03).txt

    Scan type: Quick Scan

    Objects scanned: 85177

    Time elapsed: 27 minute(s), 3 second(s)

    Memory Processes Infected: 0

    Memory Modules Infected: 1

    Registry Keys Infected: 2

    Registry Values Infected: 4

    Registry Data Items Infected: 0

    Folders Infected: 0

    Files Infected: 1

    Memory Processes Infected:

    (No malicious items detected)

    Memory Modules Infected:

    C:\WINNT\system32\cewmdmq.dll (Trojan.Downloader) -> Delete on reboot.

    Registry Keys Infected:

    HKEY_CLASSES_ROOT\CLSID\{458b9d54-91fd-4161-9a7e-4a50b9a53cbf} (Trojan.Downloader) -> Delete on reboot.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{458b9d54-91fd-4161-9a7e-4a50b9a53cbf} (Trojan.Downloader) -> Delete on reboot.

    Registry Values Infected:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot.

    Registry Data Items Infected:

    (No malicious items detected)

    Folders Infected:

    (No malicious items detected)

    Files Infected:

    C:\WINNT\system32\cewmdmq.dll (Trojan.Downloader) -> Delete on reboot.

    Can anyone tell me how to fix this?

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.