Author Topic: malware: help! i've tried many things!  (Read 46613 times)

0 Members and 1 Guest are viewing this topic.

crafty_kd

  • Guest
Re: malware: help! i've tried many things!
« Reply #75 on: October 11, 2007, 11:50:40 PM »
< Internet Explorer Settings > ->  ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: Local Page -> C:\windows\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKCU: Local Page -> C:\windows\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKCU: Start Page -> http://www.globeandmail.com/ ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] ->  ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 31/05/2005 2:04:00 AM | Attr =    ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 25/09/2007 1:11:34 AM | Attr =    ]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> Reg Data - Key not found [MenuText: Sun Java Console] -> File not found
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> %ProgramFiles%\AIM\aim.exe [ButtonText: AIM] -> America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 05/08/2005 3:08:26 PM | Attr =    ]
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> Reg Data - Value does not exist [ButtonText: Real.com] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel ->  -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{71B36D95-4FB0-4D5F-BBE3-714F9CF67B4F} ->    (Intel(R) PRO/Wireless 2915ABG Network Connection) ->
{932326F7-8F71-45F0-AF82-8A7F3E47BF6D} ->    (1394 Net Adapter) ->
{D72795FF-6CCF-4907-B6CA-431643361D19} ->    (Broadcom 440x 10/100 Integrated Controller) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{14B87622-7E19-4EA8-93B3-97215F77A6BC} -> MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab ->
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} ->  - CodeBase = http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab ->
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> MSN Photo Upload Tool - CodeBase = http://by137fd.bay137.hotmail.msn.com/resources/MsnPUpld.cab ->
{5ED80217-570B-4DA9-BF44-BE107C0EC166} -> Windows Live Safety Center Base Module - CodeBase = http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase2895.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab ->
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -> MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab ->
{B8BE5E93-A60C-4D26-A2DC-220313175592} -> ZoneIntro Class - CodeBase = http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab ->
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} -> MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} ->  - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab ->
{F6BF0D00-0B2A-4A75-BF7B-F385591623AF} -> Solitaire Showdown Class - CodeBase = http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab ->

crafty_kd

  • Guest
Re: malware: help! i've tried many things!
« Reply #76 on: October 11, 2007, 11:51:10 PM »
[Files/Folders - Created Within 90 days]
6c5d95b0f7a967861ce081828f -> %SystemDrive%\6c5d95b0f7a967861ce081828f ->  [Folder | Created Date = 08/10/2007 4:30:08 PM | Attr =    ]
avenger -> %SystemDrive%\avenger ->  [Folder | Created Date = 10/10/2007 12:14:50 PM | Attr =    ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 1064763392 bytes | Created Date = 01/01/1601 8:00:00 AM | Attr =  HS]
qoobox -> %SystemDrive%\qoobox ->  [Folder | Created Date = 08/10/2007 3:10:54 PM | Attr =    ]
sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm ->  [Ver =  | Size = 268 bytes | Created Date = 07/10/2007 10:35:49 PM | Attr =  H ]
sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm ->  [Ver =  | Size = 268 bytes | Created Date = 08/10/2007 11:11:13 AM | Attr =  H ]
sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm ->  [Ver =  | Size = 268 bytes | Created Date = 08/10/2007 3:24:38 PM | Attr =  H ]
sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm ->  [Ver =  | Size = 268 bytes | Created Date = 08/10/2007 3:36:44 PM | Attr =  H ]
sqmdata05.sqm -> %SystemDrive%\sqmdata05.sqm ->  [Ver =  | Size = 268 bytes | Created Date = 08/10/2007 5:51:31 PM | Attr =  H ]
sqmdata06.sqm -> %SystemDrive%\sqmdata06.sqm ->  [Ver =  | Size = 268 bytes | Created Date = 08/10/2007 7:55:34 PM | Attr =  H ]
sqmdata07.sqm -> %SystemDrive%\sqmdata07.sqm ->  [Ver =  | Size = 268 bytes | Created Date = 08/10/2007 7:58:21 PM | Attr =  H ]
sqmdata08.sqm -> %SystemDrive%\sqmdata08.sqm ->  [Ver =  | Size = 268 bytes | Created Date = 08/10/2007 9:22:36 PM | Attr =  H ]
sqmdata09.sqm -> %SystemDrive%\sqmdata09.sqm ->  [Ver =  | Size = 268 bytes | Created Date = 08/10/2007 10:20:48 PM | Attr =  H ]
sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 07/10/2007 10:35:49 PM | Attr =  H ]
sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 08/10/2007 11:11:13 AM | Attr =  H ]
sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 08/10/2007 3:24:37 PM | Attr =  H ]
sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 08/10/2007 3:36:43 PM | Attr =  H ]
sqmnoopt05.sqm -> %SystemDrive%\sqmnoopt05.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 08/10/2007 5:51:31 PM | Attr =  H ]
sqmnoopt06.sqm -> %SystemDrive%\sqmnoopt06.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 08/10/2007 7:55:34 PM | Attr =  H ]
sqmnoopt07.sqm -> %SystemDrive%\sqmnoopt07.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 08/10/2007 7:58:21 PM | Attr =  H ]
sqmnoopt08.sqm -> %SystemDrive%\sqmnoopt08.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 08/10/2007 9:22:35 PM | Attr =  H ]
sqmnoopt09.sqm -> %SystemDrive%\sqmnoopt09.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 08/10/2007 10:20:48 PM | Attr =  H ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Created Date = 08/10/2007 12:01:15 AM | Attr =    ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt ->  [Folder | Created Date = 08/10/2007 4:45:29 PM | Attr =    ]
$NtUninstallKB896344$ -> %SystemRoot%\$NtUninstallKB896344$ ->  [Folder | Created Date = 08/10/2007 4:19:32 PM | Attr =  H ]
$NtUninstallKB904942$ -> %SystemRoot%\$NtUninstallKB904942$ ->  [Folder | Created Date = 08/10/2007 4:29:37 PM | Attr =  H ]
$NtUninstallKB920342$ -> %SystemRoot%\$NtUninstallKB920342$ ->  [Folder | Created Date = 08/10/2007 4:29:50 PM | Attr =  H ]
$NtUninstallKB921503$ -> %SystemRoot%\$NtUninstallKB921503$ ->  [Folder | Created Date = 15/08/2007 6:58:51 AM | Attr =  H ]
$NtUninstallKB925720$ -> %SystemRoot%\$NtUninstallKB925720$ ->  [Folder | Created Date = 09/10/2007 1:29:52 PM | Attr =  H ]
$NtUninstallKB933360$ -> %SystemRoot%\$NtUninstallKB933360$ ->  [Folder | Created Date = 28/08/2007 7:59:05 PM | Attr =  H ]
$NtUninstallKB933729$ -> %SystemRoot%\$NtUninstallKB933729$ ->  [Folder | Created Date = 09/10/2007 1:31:54 PM | Attr =  H ]
$NtUninstallKB936021$ -> %SystemRoot%\$NtUninstallKB936021$ ->  [Folder | Created Date = 15/08/2007 6:59:02 AM | Attr =  H ]
$NtUninstallKB936782_WMP10$ -> %SystemRoot%\$NtUninstallKB936782_WMP10$ ->  [Folder | Created Date = 15/08/2007 6:56:25 AM | Attr =  H ]
$NtUninstallKB938828$ -> %SystemRoot%\$NtUninstallKB938828$ ->  [Folder | Created Date = 15/08/2007 6:58:56 AM | Attr =  H ]
$NtUninstallKB938829$ -> %SystemRoot%\$NtUninstallKB938829$ ->  [Folder | Created Date = 15/08/2007 6:58:46 AM | Attr =  H ]
$NtUninstallKB941202$ -> %SystemRoot%\$NtUninstallKB941202$ ->  [Folder | Created Date = 09/10/2007 1:22:56 PM | Attr =  H ]
$NtUninstallWIC$ -> %SystemRoot%\$NtUninstallWIC$ ->  [Folder | Created Date = 08/10/2007 4:30:28 PM | Attr =  H ]
atid.ini -> %SystemRoot%\atid.ini ->  [Ver =  | Size = 29 bytes | Created Date = 13/08/2007 5:39:17 PM | Attr =    ]
catchme.exe -> %SystemRoot%\catchme.exe ->  [Ver =  | Size = 135168 bytes | Created Date = 08/10/2007 3:06:55 PM | Attr =    ]
erdnt -> %SystemRoot%\erdnt ->  [Folder | Created Date = 08/10/2007 3:09:20 PM | Attr =    ]
gmer.dll -> %SystemRoot%\gmer.dll ->  [Ver = 1, 0, 13, 12551 | Size = 585791 bytes | Created Date = 09/10/2007 6:25:44 PM | Attr =    ]
gmer.exe -> %SystemRoot%\gmer.exe ->  [Ver = 1, 0, 13, 12551 | Size = 581632 bytes | Created Date = 09/10/2007 6:25:44 PM | Attr =    ]
gmer.ini -> %SystemRoot%\gmer.ini ->  [Ver =  | Size = 250 bytes | Created Date = 09/10/2007 6:25:46 PM | Attr =    ]
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd ->  [Ver =  | Size = 80 bytes | Created Date = 09/10/2007 6:25:44 PM | Attr =    ]
LastGood -> %SystemRoot%\LastGood ->  [Folder | Created Date = 10/10/2007 9:58:49 PM | Attr =    ]
NirCmd.exe -> %SystemRoot%\NirCmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 08/10/2007 3:06:55 PM | Attr =    ]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Created Date = 11/10/2007 1:07:03 PM | Attr =    ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Created Date = 11/10/2007 1:07:03 PM | Attr =  H ]
actskin4.ocx -> %System32%\actskin4.ocx ->  [Ver = 4, 2, 7, 3 | Size = 380928 bytes | Created Date = 08/10/2007 1:29:10 AM | Attr =    ]
aswBoot.exe -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 801144 bytes | Created Date = 08/10/2007 1:29:10 AM | Attr =    ]
AvastSS.scr -> %System32%\AvastSS.scr -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 95608 bytes | Created Date = 08/10/2007 1:29:21 AM | Attr =    ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 08/10/2007 9:10:01 PM | Attr =    ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 69632 bytes | Created Date = 08/10/2007 9:10:01 PM | Attr =    ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 08/10/2007 9:10:01 PM | Attr =    ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 08/10/2007 9:10:01 PM | Attr =    ]
libdivx.dll -> %System32%\libdivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 1044480 bytes | Created Date = 26/07/2007 3:06:12 PM | Attr =    ]
ssldivx.dll -> %System32%\ssldivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 200704 bytes | Created Date = 26/07/2007 3:06:12 PM | Attr =    ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Created Date = 08/10/2007 3:06:55 PM | Attr =    ]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.0 | Size = 370688 bytes | Created Date = 08/10/2007 3:06:55 PM | Attr =    ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 08/10/2007 3:06:55 PM | Attr =    ]
VFind.exe -> %System32%\VFind.exe ->  [Ver =  | Size = 49152 bytes | Created Date = 08/10/2007 3:06:55 PM | Attr =    ]
XPSViewer -> %System32%\XPSViewer ->  [Folder | Created Date = 08/10/2007 4:33:50 PM | Attr =    ]
aavmker4.sys -> %System32%\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 26624 bytes | Created Date = 08/10/2007 1:29:25 AM | Attr =    ]
aswmon.sys -> %System32%\drivers\aswmon.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 92848 bytes | Created Date = 08/10/2007 1:29:19 AM | Attr =    ]
aswmon2.sys -> %System32%\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 94416 bytes | Created Date = 08/10/2007 1:29:19 AM | Attr =    ]
aswRdr.sys -> %System32%\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 23152 bytes | Created Date = 08/10/2007 1:29:28 AM | Attr =    ]
aswTdi.sys -> %System32%\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 42912 bytes | Created Date = 08/10/2007 1:29:26 AM | Attr =    ]
AWRTRD.sys -> %System32%\drivers\AWRTRD.sys -> Lavasoft AB [Ver = 7.0.1.3 | Size = 8320 bytes | Created Date = 07/08/2007 12:58:08 PM | Attr =    ]
gmer.sys -> %System32%\drivers\gmer.sys -> GMER [Ver = 1, 0, 12, 3911 | Size = 70001 bytes | Created Date = 09/10/2007 6:25:44 PM | Attr =    ]
NSDriver.sys -> %System32%\drivers\NSDriver.sys -> Lavasoft AB [Ver = 7.0.1.3 | Size = 9344 bytes | Created Date = 07/08/2007 12:56:58 PM | Attr =    ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Created Date = 08/10/2007 2:18:01 AM | Attr =    ]

crafty_kd

  • Guest
Re: malware: help! i've tried many things!
« Reply #77 on: October 11, 2007, 11:52:04 PM »
[Files/Folders - Modified Within 90 days]
6c5d95b0f7a967861ce081828f -> %SystemDrive%\6c5d95b0f7a967861ce081828f ->  [Folder | Modified Date = 08/10/2007 5:30:26 PM | Attr =    ]
avenger -> %SystemDrive%\avenger ->  [Folder | Modified Date = 10/10/2007 1:14:52 PM | Attr =    ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 1064763392 bytes | Modified Date = 10/10/2007 1:14:30 PM | Attr =  HS]
IPH.PH -> %SystemDrive%\IPH.PH ->  [Ver =  | Size = 2252 bytes | Modified Date = 13/08/2007 6:46:10 PM | Attr =  H ]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 09/10/2007 2:30:10 PM | Attr = R  ]
qoobox -> %SystemDrive%\qoobox ->  [Folder | Modified Date = 08/10/2007 4:38:00 PM | Attr =    ]
sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 07/10/2007 11:35:50 PM | Attr =  H ]
sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 08/10/2007 12:11:14 PM | Attr =  H ]
sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 08/10/2007 4:24:40 PM | Attr =  H ]
sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 08/10/2007 4:36:46 PM | Attr =  H ]
sqmdata05.sqm -> %SystemDrive%\sqmdata05.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 08/10/2007 6:51:32 PM | Attr =  H ]
sqmdata06.sqm -> %SystemDrive%\sqmdata06.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 08/10/2007 8:55:36 PM | Attr =  H ]
sqmdata07.sqm -> %SystemDrive%\sqmdata07.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 08/10/2007 8:58:22 PM | Attr =  H ]
sqmdata08.sqm -> %SystemDrive%\sqmdata08.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 08/10/2007 10:22:38 PM | Attr =  H ]
sqmdata09.sqm -> %SystemDrive%\sqmdata09.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 08/10/2007 11:20:50 PM | Attr =  H ]
sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 07/10/2007 11:35:50 PM | Attr =  H ]
sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 08/10/2007 12:11:14 PM | Attr =  H ]
sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 08/10/2007 4:24:40 PM | Attr =  H ]
sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 08/10/2007 4:36:44 PM | Attr =  H ]
sqmnoopt05.sqm -> %SystemDrive%\sqmnoopt05.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 08/10/2007 6:51:32 PM | Attr =  H ]
sqmnoopt06.sqm -> %SystemDrive%\sqmnoopt06.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 08/10/2007 8:55:36 PM | Attr =  H ]
sqmnoopt07.sqm -> %SystemDrive%\sqmnoopt07.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 08/10/2007 8:58:22 PM | Attr =  H ]
sqmnoopt08.sqm -> %SystemDrive%\sqmnoopt08.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 08/10/2007 10:22:36 PM | Attr =  H ]
sqmnoopt09.sqm -> %SystemDrive%\sqmnoopt09.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 08/10/2007 11:20:50 PM | Attr =  H ]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 11/10/2007 2:33:58 PM | Attr =  HS]
VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Modified Date = 08/10/2007 1:01:16 AM | Attr =    ]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 11/10/2007 2:32:56 PM | Attr =    ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt ->  [Folder | Modified Date = 08/10/2007 5:45:30 PM | Attr =    ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 09/10/2007 2:31:54 PM | Attr =  H ]
$NtUninstallKB896344$ -> %SystemRoot%\$NtUninstallKB896344$ ->  [Folder | Modified Date = 08/10/2007 5:19:36 PM | Attr =  H ]
$NtUninstallKB904942$ -> %SystemRoot%\$NtUninstallKB904942$ ->  [Folder | Modified Date = 08/10/2007 5:29:40 PM | Attr =  H ]
$NtUninstallKB920342$ -> %SystemRoot%\$NtUninstallKB920342$ ->  [Folder | Modified Date = 08/10/2007 5:29:52 PM | Attr =  H ]
$NtUninstallKB921503$ -> %SystemRoot%\$NtUninstallKB921503$ ->  [Folder | Modified Date = 15/08/2007 7:58:52 AM | Attr =  H ]
$NtUninstallKB925720$ -> %SystemRoot%\$NtUninstallKB925720$ ->  [Folder | Modified Date = 09/10/2007 2:29:56 PM | Attr =  H ]
$NtUninstallKB933360$ -> %SystemRoot%\$NtUninstallKB933360$ ->  [Folder | Modified Date = 28/08/2007 8:59:06 PM | Attr =  H ]
$NtUninstallKB933729$ -> %SystemRoot%\$NtUninstallKB933729$ ->  [Folder | Modified Date = 09/10/2007 2:31:56 PM | Attr =  H ]
$NtUninstallKB936021$ -> %SystemRoot%\$NtUninstallKB936021$ ->  [Folder | Modified Date = 15/08/2007 7:59:04 AM | Attr =  H ]
$NtUninstallKB936782_WMP10$ -> %SystemRoot%\$NtUninstallKB936782_WMP10$ ->  [Folder | Modified Date = 15/08/2007 7:56:28 AM | Attr =  H ]
$NtUninstallKB938828$ -> %SystemRoot%\$NtUninstallKB938828$ ->  [Folder | Modified Date = 15/08/2007 7:58:58 AM | Attr =  H ]
$NtUninstallKB938829$ -> %SystemRoot%\$NtUninstallKB938829$ ->  [Folder | Modified Date = 15/08/2007 7:58:48 AM | Attr =  H ]
$NtUninstallKB941202$ -> %SystemRoot%\$NtUninstallKB941202$ ->  [Folder | Modified Date = 09/10/2007 2:22:58 PM | Attr =  H ]
$NtUninstallWIC$ -> %SystemRoot%\$NtUninstallWIC$ ->  [Folder | Modified Date = 08/10/2007 5:30:30 PM | Attr =  H ]

crafty_kd

  • Guest
Re: malware: help! i've tried many things!
« Reply #78 on: October 11, 2007, 11:52:36 PM »
assembly -> %SystemRoot%\assembly ->  [Folder | Modified Date = 09/10/2007 6:48:36 PM | Attr = R S]
atid.ini -> %SystemRoot%\atid.ini ->  [Ver =  | Size = 29 bytes | Modified Date = 13/08/2007 6:39:18 PM | Attr =    ]
AviSplitter.INI -> %SystemRoot%\AviSplitter.INI ->  [Ver =  | Size = 38 bytes | Modified Date = 03/09/2007 2:14:28 PM | Attr =    ]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 10/10/2007 1:14:32 PM | Attr =   S]
catchme.exe -> %SystemRoot%\catchme.exe ->  [Ver =  | Size = 135168 bytes | Modified Date = 28/09/2007 9:06:10 AM | Attr =    ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 10/10/2007 10:58:58 PM | Attr =   S]
erdnt -> %SystemRoot%\erdnt ->  [Folder | Modified Date = 08/10/2007 8:53:04 PM | Attr =    ]
Fonts -> %SystemRoot%\Fonts ->  [Folder | Modified Date = 08/10/2007 5:33:44 PM | Attr = R S]
gmer.dll -> %SystemRoot%\gmer.dll ->  [Ver = 1, 0, 13, 12551 | Size = 585791 bytes | Modified Date = 09/10/2007 7:25:46 PM | Attr =    ]
gmer.ini -> %SystemRoot%\gmer.ini ->  [Ver =  | Size = 250 bytes | Modified Date = 09/10/2007 7:25:46 PM | Attr =    ]
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd ->  [Ver =  | Size = 80 bytes | Modified Date = 09/10/2007 7:25:46 PM | Attr =    ]
Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 24/08/2007 11:13:30 AM | Attr =    ]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 11/10/2007 12:07:18 AM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 09/10/2007 5:55:14 PM | Attr =  HS]
LastGood -> %SystemRoot%\LastGood ->  [Folder | Modified Date = 10/10/2007 10:58:50 PM | Attr =    ]
Microsoft.NET -> %SystemRoot%\Microsoft.NET ->  [Folder | Modified Date = 09/10/2007 6:49:14 PM | Attr =    ]
mozver.dat -> %SystemRoot%\mozver.dat ->  [Ver =  | Size = 3082 bytes | Modified Date = 20/08/2007 11:42:20 PM | Attr =    ]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 11/10/2007 2:36:32 PM | Attr =    ]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 11/10/2007 2:32:56 PM | Attr =    ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 11/10/2007 2:32:56 PM | Attr =  H ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution ->  [Folder | Modified Date = 08/10/2007 4:56:16 PM | Attr =    ]
system32 -> %System32% ->  [Folder | Modified Date = 10/10/2007 1:14:06 PM | Attr =    ]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 11/10/2007 1:58:18 PM | Attr =    ]
wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 223 bytes | Modified Date = 08/10/2007 12:19:28 AM | Attr =    ]
WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified Date = 09/10/2007 2:25:22 PM | Attr =    ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 10/10/2007 1:14:38 PM | Attr =  H ]
aswBoot.exe -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 801144 bytes | Modified Date = 06/09/2007 3:09:50 AM | Attr =    ]
AvastSS.scr -> %System32%\AvastSS.scr -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 95608 bytes | Modified Date = 06/09/2007 3:00:08 AM | Attr =    ]
CatRoot -> %System32%\CatRoot ->  [Folder | Modified Date = 09/10/2007 2:32:10 PM | Attr =    ]
CatRoot2 -> %System32%\CatRoot2 ->  [Folder | Modified Date = 11/10/2007 4:46:46 AM | Attr =    ]
config -> %System32%\config ->  [Folder | Modified Date = 09/10/2007 5:55:22 PM | Attr =    ]
CONFIG.NT -> %System32%\CONFIG.NT ->  [Ver =  | Size = 2626 bytes | Modified Date = 08/10/2007 2:29:26 AM | Attr =    ]
dllcache -> %System32%\dllcache ->  [Folder | Modified Date = 09/10/2007 2:32:10 PM | Attr = RHS]
drivers -> %System32%\drivers ->  [Folder | Modified Date = 10/10/2007 1:14:56 PM | Attr =    ]
en-US -> %System32%\en-US ->  [Folder | Modified Date = 08/10/2007 5:33:48 PM | Attr =    ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT ->  [Ver =  | Size = 158752 bytes | Modified Date = 08/10/2007 6:08:56 PM | Attr =    ]
FxsTmp -> %System32%\FxsTmp ->  [Folder | Modified Date = 10/10/2007 10:22:24 PM | Attr =    ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Modified Date = 24/09/2007 10:30:28 PM | Attr =    ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 69632 bytes | Modified Date = 24/09/2007 11:31:42 PM | Attr =    ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Modified Date = 24/09/2007 10:30:30 PM | Attr =    ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Modified Date = 24/09/2007 11:31:42 PM | Attr =    ]
libdivx.dll -> %System32%\libdivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 1044480 bytes | Modified Date = 26/07/2007 4:06:12 PM | Attr =    ]
perfc009.dat -> %System32%\perfc009.dat ->  [Ver =  | Size = 71198 bytes | Modified Date = 09/10/2007 2:27:12 PM | Attr =    ]
perfh009.dat -> %System32%\perfh009.dat ->  [Ver =  | Size = 438270 bytes | Modified Date = 09/10/2007 2:27:12 PM | Attr =    ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI ->  [Ver =  | Size = 501436 bytes | Modified Date = 09/10/2007 2:27:12 PM | Attr =    ]
Restore -> %System32%\Restore ->  [Folder | Modified Date = 11/10/2007 10:06:20 AM | Attr =    ]
spool -> %System32%\spool ->  [Folder | Modified Date = 08/10/2007 5:31:30 PM | Attr =    ]
ssldivx.dll -> %System32%\ssldivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 200704 bytes | Modified Date = 26/07/2007 4:06:12 PM | Attr =    ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Modified Date = 05/10/2007 10:07:32 AM | Attr =    ]
usmt -> %System32%\usmt ->  [Folder | Modified Date = 09/10/2007 5:55:22 PM | Attr =    ]
wpa.dbl -> %System32%\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 10/10/2007 10:25:56 PM | Attr =    ]
XPSViewer -> %System32%\XPSViewer ->  [Folder | Modified Date = 08/10/2007 5:33:52 PM | Attr =    ]
aavmker4.sys -> %System32%\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 26624 bytes | Modified Date = 06/09/2007 3:00:54 AM | Attr =    ]
aswmon.sys -> %System32%\drivers\aswmon.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 92848 bytes | Modified Date = 06/09/2007 3:05:26 AM | Attr =    ]
aswmon2.sys -> %System32%\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 94416 bytes | Modified Date = 06/09/2007 3:05:10 AM | Attr =    ]
aswRdr.sys -> %System32%\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 23152 bytes | Modified Date = 06/09/2007 3:03:02 AM | Attr =    ]
aswTdi.sys -> %System32%\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.1043.0 | Size = 42912 bytes | Modified Date = 06/09/2007 3:02:20 AM | Attr =    ]
AWRTRD.sys -> %System32%\drivers\AWRTRD.sys -> Lavasoft AB [Ver = 7.0.1.3 | Size = 8320 bytes | Modified Date = 07/08/2007 1:58:08 PM | Attr =    ]
etc -> %System32%\drivers\etc ->  [Folder | Modified Date = 08/10/2007 4:34:08 PM | Attr =    ]
gmer.sys -> %System32%\drivers\gmer.sys -> GMER [Ver = 1, 0, 12, 3911 | Size = 70001 bytes | Modified Date = 09/10/2007 7:25:46 PM | Attr =    ]
NSDriver.sys -> %System32%\drivers\NSDriver.sys -> Lavasoft AB [Ver = 7.0.1.3 | Size = 9344 bytes | Modified Date = 07/08/2007 1:56:58 PM | Attr =    ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Modified Date = 07/10/2007 2:18:38 PM | Attr =    ]

[File String Scan - Non-Microsoft Only]
UPX! , UPX0 ,  -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 1043, 0 | Size = 801144 bytes | Modified Date = 06/09/2007 3:09:50 AM | Attr =    ]
UPX! , UPX0 ,  -> %System32%\avisynth.dll -> The Public [Ver = 2, 5, 6, 0 | Size = 308224 bytes | Modified Date = 07/10/2005 10:14:52 AM | Attr =    ]
PEC2 ,  -> %System32%\dfrg.msc ->  [Ver =  | Size = 41397 bytes | Modified Date = 04/08/2004 4:00:00 AM | Attr =    ]
UPX! , UPX0 ,  -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Modified Date = 05/10/2007 10:07:32 AM | Attr =    ]
winsync ,  -> %System32%\wbdbase.deu ->  [Ver =  | Size = 1309184 bytes | Modified Date = 04/08/2004 4:00:00 AM | Attr =    ]

< End of report >

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88744
  • No support PMs thanks
Re: malware: help! i've tried many things!
« Reply #79 on: October 12, 2007, 12:01:08 AM »
I'm sorry, but I have NO IDEA how to change my system date, and looking into it has left me just as clueless.  How do I do that (and how would it have become a month behind)?

For the future, double click on the clock at the bottom right of the screen and that will open up means to check and adjust the date also.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.1.6099 (build 24.1.8821.762) UI 1.0.796/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

crafty_kd

  • Guest
Re: malware: help! i've tried many things!
« Reply #80 on: October 12, 2007, 12:15:24 AM »
...that is the system date?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88744
  • No support PMs thanks
Re: malware: help! i've tried many things!
« Reply #81 on: October 12, 2007, 12:28:08 AM »
It was merely to show you how to check and change it in the future as mauserme confirmed your system date was OK, but you had asked how do I do that and that is how, now you know ;D
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.1.6099 (build 24.1.8821.762) UI 1.0.796/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

crafty_kd

  • Guest
Re: malware: help! i've tried many things!
« Reply #82 on: October 12, 2007, 12:37:17 AM »
Ah, I was under the impression that the "System Date" was something more complicated, because my date/time at the bottom right of my screen was correct.  No wonder I couldn't figure it out.

Thanks for showing me something that I've known for about 20 years!!  heheh

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88744
  • No support PMs thanks
Re: malware: help! i've tried many things!
« Reply #83 on: October 12, 2007, 12:48:56 AM »
Nothing complicated, just the name ;D
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.1.6099 (build 24.1.8821.762) UI 1.0.796/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

mauserme

  • Guest
Re: malware: help! i've tried many things!
« Reply #84 on: October 12, 2007, 04:18:12 AM »
Your logs, and your computer, are clean  8)

Although I can't say for sure where c:\windows\system32\rqtss.ini has gone, I can tell you it is gone along with the rest.  Possibly SuperAntiSpyware deleted it without backup.

Assuming you're still symptom free its time to finish this up.

Double click OTMoveIt once again and click the Clean Up button.  A cleanup.txt will be downloaded and a message dialog will ask you if you want to proceed with the cleanup process -  click Yes. This will delete all the tools you have downloaded plus itself.



Now download and install CleanUp!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).Set the program up as follows:

Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

It may ask you to log off at the end - click Yes.


Next, we will re-set your restore points. Then if you need to restore at some stage in the future they will be clean.

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialog box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the old ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialog box
 with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP
 button click this
7. Accept the Warning and select OK again.



Your Adobe Acrobat Reader is old and I suggest you update to the current version.  You may download it here

http://www.adobe.com/products/acrobat/readstep2.html


To reduce the potential for spyware infection in the future, I strongly recommend installing SpywareBlaster.  This free program will prevent spyware from being installed and consumes no system resources. More info and download is available at:

Spyware  Blaster.

You should also consider a firewall.  Comodo is good (and free), as are Zone Alarm and PC Tool Firewall.  Here's a link for Comodo

http://filehippo.com/download_comodo/

Lastly, make sure to stay on top of updates, especially Java.  And remember that old versions of Java must be uninstalled manually.

crafty_kd

  • Guest
Re: malware: help! i've tried many things!
« Reply #85 on: October 12, 2007, 05:04:30 AM »
Yay!!!  Thank you, mauserme, for all of your help!  You have been wonderful and patient while walking me through this, and I'm VERY happy that my shotty Dell is less shotty now that you've helped me get it to work properly again.  :D  I've downloaded Comodo, updated Acrobat Reader & Spyware Blaster, and I'll keep up on Java like you recommended.

THANKS AGAIN!!!   :D  :D  :D  :D

mauserme

  • Guest
Re: malware: help! i've tried many things!
« Reply #86 on: October 12, 2007, 05:31:21 AM »
You're welcome crafty_kd.   But honestly, SuperAntiSpyware saved us on this one.  It got sstqr.dll  anyway, while we got the rest  :D

If anyone ever asks me what to name this its going to be vundo.WTF (in your honor  :P)
« Last Edit: October 12, 2007, 05:42:07 AM by mauserme »

crafty_kd

  • Guest
Re: malware: help! i've tried many things!
« Reply #87 on: October 12, 2007, 06:22:13 AM »
HAHA!  That name could not be more perfect!  ;D

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: malware: help! i've tried many things!
« Reply #88 on: October 13, 2007, 11:09:53 PM »
Quote
Sorry Frank.  I do share what I can but I was given this one with the understanding that I would not re-distribute it.

Meh. That's what I thought.

     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog