Sign in to follow this  
Morphling

Many websites don't work and keep getting infected with Rogue.Antispywares

Recommended Posts

Many websites don't work both in Mozilla Firefox and Internet Explorer.My computer keeps getting infected with Rogue.Antispywares every few weeks. By " Rogue.Antispyware" i mean the red circle with the white "X" in the tray that recommends you anti-spywares.

Recently i have realized that iexplore.exe is always running in Task Manager even thought Internet Explorer is closed and i have 20 svchost.exe running in the Task Manager also.

My Ad-Aware 2008 stops scanning after 3-5mins and says Completed Scan so i only have a Hijackthis Log.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 07:56:12, on 14/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\rs32net.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\rs32net.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe

O4 - HKLM\..\Run: [Movie Maker] C:\WINDOWS\vmmreg32.exe

O4 - HKLM\..\Run: [c05a7ddd] rundll32.exe "C:\WINDOWS\system32\opcyulum.dll",b

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1221311057437

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1221801125421

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: CbEvtSvc - Unknown owner - C:\WINDOWS\System32\CbEvtSvc.exe

O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: psyche - Unknown owner - C:\WINDOWS\System32\psyche.exe

 

--

End of file - 5013 bytes

Share this post


Link to post
Share on other sites

Hello

 

Disable resident protections (Antivirus...); you'll re-enable them after the scan

 

Download Lop S&D < here

 

Double-click Lop S&D.exe

Choose the language, then choose Option 1 (Search)

Wait till the end of the scan

Post the log which is created: (%SystemDrive%\lopR.txt)

Share this post


Link to post
Share on other sites

Hi Rorschach112 and Thanks for the help.

 

I forgot to mention that i have to Send Error Reports for 1076308579.exe and psyche.exe at startup.

 

Here is the LopS&D Log :

 

 

--------------------\\ Lop S&D 4.2.4-9c XP/Vista

 

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3

X86-based PC ( Uniprocessor Free : Intel Celeron processor )

BIOS : Version 3.06

USER : Mahamed ( Administrator )

BOOT : Normal boot

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:74 Go (Free:55 Go)

 

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )

Option : [1] ( Sat 15/11/2008| 8:39 )

 

--------------------\\ Listing folders in APPLIC~1

 

[12/11/2008|08:05] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

 

[15/11/2008|08:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe

[25/10/2008|05:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg8

[12/11/2008|04:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ESET

[18/10/2008|02:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\gbgjghcz

[15/09/2008|05:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\gvwrifqb

[15/09/2008|05:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft

[15/09/2008|05:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes

[23/09/2008|01:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!

[27/10/2008|12:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft

[12/11/2008|04:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help

[03/11/2008|09:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6

[25/09/2008|08:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS

[09/11/2008|09:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Okay meta anti lite

[26/10/2008|10:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real

[17/09/2008|12:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SITEguard

[03/11/2008|04:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\STOPzilla!

[04/11/2008|10:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com

[13/09/2008|11:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec

[15/09/2008|04:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP

[17/09/2008|12:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[21/09/2008|12:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

 

[13/09/2008|11:42] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

 

[25/10/2008|08:09] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

 

[26/09/2008|05:00] C:\DOCUME~1\Mahamed\APPLIC~1\Adobe

[12/11/2008|10:57] C:\DOCUME~1\Mahamed\APPLIC~1\Apple Computer

[25/09/2008|07:13] C:\DOCUME~1\Mahamed\APPLIC~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[12/11/2008|10:42] C:\DOCUME~1\Mahamed\APPLIC~1\Comodo

[07/11/2008|08:25] C:\DOCUME~1\Mahamed\APPLIC~1\DivX

[10/11/2008|11:07] C:\DOCUME~1\Mahamed\APPLIC~1\DNA

[15/09/2008|02:13] C:\DOCUME~1\Mahamed\APPLIC~1\Help

[13/09/2008|11:53] C:\DOCUME~1\Mahamed\APPLIC~1\Identities

[14/11/2008|02:15] C:\DOCUME~1\Mahamed\APPLIC~1\LimeWire

[09/11/2008|09:11] C:\DOCUME~1\Mahamed\APPLIC~1\loadmeetwin

[14/09/2008|12:10] C:\DOCUME~1\Mahamed\APPLIC~1\Macromedia

[15/09/2008|05:03] C:\DOCUME~1\Mahamed\APPLIC~1\Malwarebytes

[03/10/2008|12:13] C:\DOCUME~1\Mahamed\APPLIC~1\Media Player Classic

[28/10/2008|08:37] C:\DOCUME~1\Mahamed\APPLIC~1\Microsoft

[10/11/2008|07:02] C:\DOCUME~1\Mahamed\APPLIC~1\Mozilla

[03/11/2008|01:16] C:\DOCUME~1\Mahamed\APPLIC~1\MSN6

[28/10/2008|03:44] C:\DOCUME~1\Mahamed\APPLIC~1\Real

[06/11/2008|10:02] C:\DOCUME~1\Mahamed\APPLIC~1\Sun

[04/11/2008|10:07] C:\DOCUME~1\Mahamed\APPLIC~1\SUPERAntiSpyware.com

[14/09/2008|12:18] C:\DOCUME~1\Mahamed\APPLIC~1\Uniblue

[21/10/2008|05:31] C:\DOCUME~1\Mahamed\APPLIC~1\uTorrent

[25/10/2008|07:18] C:\DOCUME~1\Mahamed\APPLIC~1\Windows Desktop Search

[03/11/2008|08:04] C:\DOCUME~1\Mahamed\APPLIC~1\Windows Search

[15/09/2008|04:57] C:\DOCUME~1\Mahamed\APPLIC~1\WinRAR

 

[25/10/2008|05:14] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

 

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

 

[14/11/2008 11:00][--ah-----] C:\WINDOWS\tasks\ABAF221991D0D625.job

[15/11/2008 08:15][--ah-----] C:\WINDOWS\tasks\SA.DAT

[31/03/2003 11:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

 

( ABAF221991D0D625.job )=( c:\docume~1\mahamed\applic~1\loadme~1\MESSENCWMA.exe )

 

--------------------\\ Listing Folders in C:\Program Files

 

[09/11/2008|10:56] C:\Program Files\3ivx

[15/11/2008|08:19] C:\Program Files\Adobe

[10/11/2008|05:56] C:\Program Files\Alwil Software

[02/10/2008|06:53] C:\Program Files\AskBarDis

[16/09/2008|12:46] C:\Program Files\AVG

[03/10/2008|11:49] C:\Program Files\Combined Community Codec Pack

[13/11/2008|06:19] C:\Program Files\Common Files

[12/11/2008|10:42] C:\Program Files\COMODO

[13/09/2008|11:38] C:\Program Files\ComPlus Applications

[25/10/2008|07:14] C:\Program Files\CONEXANT

[13/09/2008|11:54] C:\Program Files\DIFX

[07/11/2008|05:17] C:\Program Files\DivX

[10/11/2008|06:45] C:\Program Files\DNA

[11/11/2008|03:27] C:\Program Files\DomPlayer

[12/11/2008|06:28] C:\Program Files\Enigma Software Group

[12/11/2008|04:24] C:\Program Files\Free FLV Converter

[12/11/2008|07:02] C:\Program Files\Internet Explorer

[06/11/2008|10:27] C:\Program Files\Java

[13/11/2008|06:35] C:\Program Files\Lavasoft

[13/11/2008|01:26] C:\Program Files\LimeWire

[09/11/2008|09:10] C:\Program Files\loadmeetwin

[12/11/2008|04:24] C:\Program Files\Malwarebytes' Anti-Malware

[12/11/2008|04:18] C:\Program Files\Messenger

[22/09/2008|10:00] C:\Program Files\Messenger Plus! Live

[13/09/2008|11:43] C:\Program Files\microsoft frontpage

[19/09/2008|02:13] C:\Program Files\Microsoft Office

[19/09/2008|02:05] C:\Program Files\Microsoft Visual Studio

[19/09/2008|02:15] C:\Program Files\Microsoft Works

[19/09/2008|02:01] C:\Program Files\Microsoft.NET

[16/09/2008|10:37] C:\Program Files\Movie Maker

[15/11/2008|08:36] C:\Program Files\Mozilla Firefox

[19/09/2008|02:14] C:\Program Files\MSBuild

[13/09/2008|11:37] C:\Program Files\MSN

[13/09/2008|11:36] C:\Program Files\MSN Gaming Zone

[16/09/2008|10:31] C:\Program Files\NetMeeting

[25/09/2008|08:10] C:\Program Files\NOS

[13/09/2008|11:41] C:\Program Files\Online Services

[12/11/2008|04:18] C:\Program Files\Outlook Express

[12/11/2008|04:24] C:\Program Files\QuickGamma

[13/11/2008|06:20] C:\Program Files\QuickTime

[28/10/2008|03:43] C:\Program Files\Real

[26/10/2008|10:21] C:\Program Files\Real Alternative

[13/11/2008|05:25] C:\Program Files\RogueRemover FREE

[09/11/2008|09:40] C:\Program Files\Service Packs

[03/11/2008|09:15] C:\Program Files\Smart Virus Remover

[06/11/2008|10:31] C:\Program Files\Sun

[13/11/2008|05:23] C:\Program Files\SUPERAntiSpyware

[14/11/2008|07:54] C:\Program Files\Trend Micro

[13/09/2008|11:52] C:\Program Files\Uninstall Information

[25/10/2008|07:16] C:\Program Files\Windows Desktop Search

[21/09/2008|01:04] C:\Program Files\Windows Live

[18/10/2008|02:38] C:\Program Files\Windows Media Connect 2

[12/11/2008|04:17] C:\Program Files\Windows Media Player

[16/09/2008|10:31] C:\Program Files\Windows NT

[14/09/2008|12:05] C:\Program Files\WindowsUpdate

[12/11/2008|04:24] C:\Program Files\WinRAR

[18/10/2008|02:12] C:\Program Files\wzxtkhb

[13/09/2008|11:43] C:\Program Files\xerox

[30/09/2008|04:28] C:\Program Files\Xvid

 

--------------------\\ Listing Folders in C:\Program Files\Common Files

 

[15/11/2008|08:20] C:\Program Files\Common Files\Adobe

[25/09/2008|07:11] C:\Program Files\Common Files\Adobe AIR

[19/09/2008|02:05] C:\Program Files\Common Files\DESIGNER

[15/09/2008|04:40] C:\Program Files\Common Files\Download Manager

[02/10/2008|06:53] C:\Program Files\Common Files\DVDVideoSoft

[22/10/2008|08:17] C:\Program Files\Common Files\InstallShield

[17/09/2008|12:26] C:\Program Files\Common Files\iS3

[20/09/2008|02:52] C:\Program Files\Common Files\Microsoft Shared

[13/09/2008|11:39] C:\Program Files\Common Files\MSSoap

[14/09/2008|09:27] C:\Program Files\Common Files\ODBC

[28/10/2008|03:44] C:\Program Files\Common Files\Real

[13/09/2008|11:39] C:\Program Files\Common Files\Services

[14/09/2008|09:27] C:\Program Files\Common Files\SpeechEngines

[19/09/2008|01:45] C:\Program Files\Common Files\System

[21/09/2008|01:02] C:\Program Files\Common Files\WindowsLiveInstaller

[13/11/2008|06:34] C:\Program Files\Common Files\Wise Installation Wizard

[28/10/2008|03:44] C:\Program Files\Common Files\xing shared

 

--------------------\\ Process

 

( 47 Processes )

 

iexplore.exe ~ [PID:2896]

 

--------------------\\ Searching with S_Lop

 

C:\DOCUME~1\Mahamed\APPLIC~1\LOADME~1

C:\DOCUME~1\Mahamed\APPLIC~1\LOADME~1\Manager web stupid.exe

C:\DOCUME~1\Mahamed\APPLIC~1\LOADME~1\MESS ENC WMA.exe

C:\DOCUME~1\Mahamed\APPLIC~1\LOADME~1\qpilzyjm.exe

 

--------------------\\ Searching for Lop Files - Folders

 

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Okay meta anti lite

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Okay meta anti lite\program junk.exe

C:\DOCUME~1\Mahamed\APPLIC~1\loadme~1

C:\DOCUME~1\Mahamed\APPLIC~1\loadme~1\Manager web stupid.exe

C:\DOCUME~1\Mahamed\APPLIC~1\loadme~1\MESS ENC WMA.exe

C:\DOCUME~1\Mahamed\APPLIC~1\loadme~1\qpilzyjm.exe

C:\Program Files\loadme~1

C:\Program Files\DomPlayer

C:\DOCUME~1\Mahamed\Desktop\DomPlayer-2.1.0.0-setup.exe

C:\WINDOWS\Tasks\ABAF221991D0D625.job

 

--------------------\\ Searching within the Registry

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\exit body lite]

"DisplayName"="CiD Help"

"UninstallString"="C:\\DOCUME~1\\Mahamed\\APPLIC~1\\LOADME~1\\Manager web stupid.exe -uninstall"

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

 

--------------------\\ Checking the Hosts file

 

Hosts file CLEAN

 

 

--------------------\\ Searching for hidden files with Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-15 09:03:00

Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:

ZwOpenFile, ZwQuerySystemInformation

scanning hidden processes ...

C:\WINDOWS\System32\svchost.exe [3708]

scanning hidden files ...

C:\WINDOWS\System32\svchost.exe:ext.exe 37376 bytes executable

C:\WINDOWS\System32\psyche.exe 216576 bytes executable

scan completed successfully

hidden processes: 1

hidden files: 3

 

--------------------\\ Searching for other infections

 

C:\WINDOWS\system32\ggQpYJlm.ini

C:\WINDOWS\system32\ggQpYJlm.ini2

C:\WINDOWS\system32\mlJYpQgg.dll

==> VUNDO <==

 

--------------------\\ ROOTKIT !!

 

Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\legacy_tdssserv.sys]

Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\legacy_tdssserv.sys]

Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\legacy_tdssserv.sys]

 

--------------------\\ Suspect ..

 

C:\WINDOWS\system32\TDSSbrsr.dll

C:\WINDOWS\system32\TDSSkkbi.log

C:\WINDOWS\system32\TDSSlxwp.dll

C:\WINDOWS\system32\TDSSoiqh.dll

C:\WINDOWS\system32\TDSSosvd.dat

C:\WINDOWS\system32\TDSSriqp.dll

C:\WINDOWS\system32\TDSSxfum.dll

 

 

 

[F:20][D:11]-> C:\DOCUME~1\Mahamed\LOCALS~1\Temp

[F:1][D:0]-> C:\DOCUME~1\Mahamed\Cookies

[F:6][D:4]-> C:\DOCUME~1\Mahamed\LOCALS~1\TEMPOR~1\content.IE5

 

1 - "C:\Lop SD\LopR_1.txt" - Sat 15/11/2008| 9:10 - Option : [1]

 

--------------------\\ Scan completed at 9:10:05

Share this post


Link to post
Share on other sites

Hello

 

Please download the OTMoveIt3 by OldTimer or from here.

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
     
    :Processes
    explorer.exe
    
    :Services
    
    :Reg
    
    :Files
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\gbgjghcz
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\gvwrifqb
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Okay meta anti lite
    C:\DOCUME~1\Mahamed\APPLIC~1\loadmeetwin
    C:\WINDOWS\tasks\ABAF221991D0D625.job
    C:\Program Files\wzxtkhb
    C:\Program Files\loadme~1
    C:\Program Files\DomPlayer
    C:\DOCUME~1\Mahamed\Desktop\DomPlayer-2.1.0.0-setup.exe
    C:\WINDOWS\system32\ggQpYJlm.ini
    C:\WINDOWS\system32\ggQpYJlm.ini2
    C:\WINDOWS\system32\mlJYpQgg.dll
    
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]


     

  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
     
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

 

 

 

 

Download ComboFix from one of these locations:

 

Link 1

Link 2

Link 3

 

 

* IMPORTANT !!! Save ComboFix.exe to your Desktop

 

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
     
     
  • Double click on ComboFix.exe & follow the prompts.
     
     
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
     
     
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

 

RcAuto1.gif

 

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

whatnext.png

 

 

Click on Yes, to continue scanning for malware.

 

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Share this post


Link to post
Share on other sites

Heres the OTMoveIt3 log. Going to scan with ComboFix now.

 

EDIT: Unchecked Word Wrap in Notepad

 

========== PROCESSES ==========

Process explorer.exe killed successfully.

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

========== FILES ==========

C:\DOCUME~1\ALLUSE~1\APPLIC~1\gbgjghcz moved successfully.

C:\DOCUME~1\ALLUSE~1\APPLIC~1\gvwrifqb moved successfully.

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Okay meta anti lite moved successfully.

C:\DOCUME~1\Mahamed\APPLIC~1\loadmeetwin moved successfully.

C:\WINDOWS\tasks\ABAF221991D0D625.job moved successfully.

C:\Program Files\wzxtkhb moved successfully.

C:\Program Files\loadmeetwin moved successfully.

C:\Program Files\DomPlayer moved successfully.

C:\DOCUME~1\Mahamed\Desktop\DomPlayer-2.1.0.0-setup.exe moved successfully.

C:\WINDOWS\system32\ggQpYJlm.ini moved successfully.

C:\WINDOWS\system32\ggQpYJlm.ini2 moved successfully.

DllUnregisterServer procedure not found in C:\WINDOWS\system32\mlJYpQgg.dll

C:\WINDOWS\system32\mlJYpQgg.dll NOT unregistered.

C:\WINDOWS\system32\mlJYpQgg.dll moved successfully.

========== COMMANDS ==========

File delete failed. C:\DOCUME~1\Mahamed\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Mahamed\LOCALS~1\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Mahamed\LOCALS~1\Temp\Cookies\index.dat scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Mahamed\LOCALS~1\Temp\etilqs_7vHeGToftABC2bSD8v7p scheduled to be deleted on reboot.

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

Local Service Temporary Internet Files folder emptied.

File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_56c.dat scheduled to be deleted on reboot.

Windows Temp folder emptied.

Java cache emptied.

File delete failed. C:\Documents and Settings\Mahamed\Local Settings\Application Data\Mozilla\Firefox\Profiles\hv8n2fz6.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Mahamed\Local Settings\Application Data\Mozilla\Firefox\Profiles\hv8n2fz6.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Mahamed\Local Settings\Application Data\Mozilla\Firefox\Profiles\hv8n2fz6.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Mahamed\Local Settings\Application Data\Mozilla\Firefox\Profiles\hv8n2fz6.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Mahamed\Local Settings\Application Data\Mozilla\Firefox\Profiles\hv8n2fz6.default\urlclassifier3.sqlite scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Mahamed\Local Settings\Application Data\Mozilla\Firefox\Profiles\hv8n2fz6.default\XUL.mfl scheduled to be deleted on reboot.

FireFox cache emptied.

Temp folders emptied.

Explorer started successfully

 

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11152008_092930

 

Files moved on Reboot...

C:\DOCUME~1\Mahamed\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\index.dat moved successfully.

C:\DOCUME~1\Mahamed\LOCALS~1\Temp\History\History.IE5\index.dat moved successfully.

C:\DOCUME~1\Mahamed\LOCALS~1\Temp\Cookies\index.dat moved successfully.

File C:\DOCUME~1\Mahamed\LOCALS~1\Temp\etilqs_7vHeGToftABC2bSD8v7p not found!

File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.

File C:\WINDOWS\temp\Perflib_Perfdata_56c.dat not found!

C:\Documents and Settings\Mahamed\Local Settings\Application Data\Mozilla\Firefox\Profiles\hv8n2fz6.default\Cache\_CACHE_001_ moved successfully.

C:\Documents and Settings\Mahamed\Local Settings\Application Data\Mozilla\Firefox\Profiles\hv8n2fz6.default\Cache\_CACHE_002_ moved successfully.

C:\Documents and Settings\Mahamed\Local Settings\Application Data\Mozilla\Firefox\Profiles\hv8n2fz6.default\Cache\_CACHE_003_ moved successfully.

C:\Documents and Settings\Mahamed\Local Settings\Application Data\Mozilla\Firefox\Profiles\hv8n2fz6.default\Cache\_CACHE_MAP_ moved successfully.

C:\Documents and Settings\Mahamed\Local Settings\Application Data\Mozilla\Firefox\Profiles\hv8n2fz6.default\urlclassifier3.sqlite moved successfully.

C:\Documents and Settings\Mahamed\Local Settings\Application Data\Mozilla\Firefox\Profiles\hv8n2fz6.default\XUL.mfl moved successfully.

Edited by Morphling

Share this post


Link to post
Share on other sites

ComboFix 08-11-12.02 - Mahamed 2008-11-15 10:22:20.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.183 [GMT 11:00]

* Created a new restore point

.

ADS - svchost.exe: deleted 37376 bytes in 1 streams.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\LocalService\Application Data\1076308579.exe

c:\documents and settings\LocalService\Application Data\1132935139.exe

c:\documents and settings\LocalService\Application Data\1136998617.exe

c:\documents and settings\LocalService\Application Data\1185104979.exe

c:\documents and settings\LocalService\Application Data\1194018419.exe

c:\documents and settings\LocalService\Application Data\1203194019.exe

c:\documents and settings\Mahamed\Local Settings\Temporary Internet Files\ekifacafan._dl

c:\documents and settings\Mahamed\Local Settings\Temporary Internet Files\ivuteconog.scr

c:\documents and settings\Mahamed\Local Settings\Temporary Internet Files\jajybaqaj.scr

c:\documents and settings\Mahamed\Local Settings\Temporary Internet Files\ozigyxulon.dl

c:\windows\ctfmon.exe

c:\windows\rasqervy.dll

c:\windows\sdfinacs.dll

c:\windows\sdfixwcs.dll

c:\windows\system\_sv_CMD_

c:\windows\system32\__c00750F9.dat

c:\windows\system32\__c00BC26A.dat

c:\windows\system32\__c00C9F9A.dat

c:\windows\system32\adult.txt

c:\windows\system32\afuvixwh.ini

c:\windows\system32\awtrSihH.dll

c:\windows\system32\bpujih.dll

c:\windows\system32\CbEvtSvc.exe

c:\windows\system32\csm.txt

c:\windows\system32\csrssw.dll

c:\windows\system32\dcpqes.dll

c:\windows\system32\djlgcflj.dll

c:\windows\system32\drivers\ati6rvxx.sys

c:\windows\system32\drivers\str.sys

c:\windows\system32\finance.txt

c:\windows\system32\hcfnujod.dll

c:\windows\system32\hcfnujod32.dll

c:\windows\system32\hwxivufa.dll

c:\windows\system32\imktlmbf.dll

c:\windows\system32\jipumonc.dll

c:\windows\system32\jqcqrg.dll

c:\windows\system32\karna.dat

c:\windows\system32\lt.res

c:\windows\system32\mqcbgn.dll

c:\windows\system32\muluycpo.ini

c:\windows\system32\oghafrhv.dll

c:\windows\system32\other.txt

c:\windows\system32\##nospam.txt

c:\windows\system32\psyche.exe

c:\windows\system32\reastl.dll

c:\windows\system32\rs32net.exe

c:\windows\system32\sft.res

c:\windows\system32\TDSSbrsr.dll

c:\windows\system32\TDSSkkbi.log

c:\windows\system32\TDSSlxwp.dll

c:\windows\system32\TDSSoiqh.dll

c:\windows\system32\TDSSosvd.dat

c:\windows\system32\TDSSriqp.dll

c:\windows\system32\TDSSxfum.dll

c:\windows\system32\tmguuwmc.dll

c:\windows\system32\urhqkxef.dll

c:\windows\system32\vtUmnlig.dll

c:\windows\system32\vyannwby.dll

c:\windows\system32\wini10331.exe

c:\windows\system32\wini10451631.exe

c:\windows\system32\wynblool.dll

c:\windows\system32\yrvljeaf.ini

c:\windows\wuasirvy.dll

 

c:\windows\system32\lsass.exe . . . is infected!!

 

c:\windows\system32\winlogon.exe . . . is infected!!

 

c:\windows\system32\services.exe . . . is infected!!

 

c:\windows\system32\svchost.exe . . . is infected!!

 

c:\windows\system32\spoolsv.exe . . . is infected!!

 

c:\windows\explorer.exe . . . is infected!!

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_Psyche

-------\Legacy_Psyche

-------\Legacy_ATI6RVXX

-------\Legacy_fci

-------\Legacy_icf

-------\Legacy_LPTRDCSRV

-------\Legacy_synsend

-------\Legacy_SYSREST.SYS

-------\Legacy_tdssserv.sys

-------\Service_ati6rvxx

-------\Service_CbEvtSvc

-------\Service_FCI

-------\Service_ICF

-------\Service_restore

-------\Service_synsend

 

 

((((((((((((((((((((((((( Files Created from 2008-10-14 to 2008-11-14 )))))))))))))))))))))))))))))))

.

 

2008-12-22 15:59 . 2008-12-22 15:59 447,200 --a------ c:\windows\system32\OpenQuicktimeLib.dll

2008-12-22 15:59 . 2008-12-22 15:59 332,512 --a------ c:\windows\system32\3ivxVfWCodec.dll

2008-12-22 15:59 . 2008-12-22 15:59 25,312 --a------ c:\windows\system32\SamsungVfWCodec.dll

2008-12-22 15:59 . 2008-12-22 15:59 25,312 --a------ c:\windows\system32\DivXVfWCodec.dll

2008-12-22 15:58 . 2008-12-22 15:58 1,155,808 --a------ c:\windows\system32\3ivx.dll

2008-12-22 15:52 . 2008-12-22 15:52 66,272 --a------ c:\windows\system32\libfaac.dll

2008-11-15 09:29 . 2008-11-15 09:29 <DIR> d-------- C:\_OTMoveIt

2008-11-15 08:35 . 2008-11-15 09:10 <DIR> d-------- C:\Lop SD

2008-11-15 08:18 . 2008-11-15 08:18 33,792 --a------ c:\windows\system32\ckds16.dll

2008-11-14 21:09 . 2008-11-14 21:09 44 --a------ c:\windows\system32\94.tmp

2008-11-14 21:09 . 2008-11-14 21:09 18 --a------ c:\windows\system32\96.tmp

2008-11-14 19:54 . 2008-11-14 19:54 <DIR> d-------- c:\program files\Trend Micro

2008-11-14 19:11 . 2008-11-14 19:11 44 --a------ c:\windows\system32\54.tmp

2008-11-14 19:11 . 2008-11-14 19:12 18 --a------ c:\windows\system32\56.tmp

2008-11-14 17:34 . 2008-11-14 17:34 18 --a------ c:\windows\system32\35.tmp

2008-11-14 17:33 . 2008-11-14 17:34 44 --a------ c:\windows\system32\33.tmp

2008-11-14 12:01 . 2008-11-14 12:01 44 --a------ c:\windows\system32\1C.tmp

2008-11-14 12:01 . 2008-11-14 12:01 18 --a------ c:\windows\system32\1E.tmp

2008-11-14 11:13 . 2008-11-14 11:13 18 --a------ c:\windows\system32\11.tmp

2008-11-14 11:12 . 2008-11-14 11:12 44 --a------ c:\windows\system32\A.tmp

2008-11-14 02:02 . 2008-11-14 02:02 146,860 --a------ c:\windows\vmmreg32.exe

2008-11-14 02:02 . 2008-11-14 02:02 146,860 --a------ c:\windows\system32\bio-22-10-2.exe

2008-11-14 01:56 . 2008-11-14 02:01 51,864 --a------ c:\windows\system32\head-22-10-2.exe

2008-11-14 01:50 . 2008-11-14 01:50 88 --a------ c:\windows\system32\C.tmp

2008-11-14 01:50 . 2008-11-14 01:50 18 --a------ c:\windows\system32\10.tmp

2008-11-13 23:53 . 2008-11-13 23:53 18 --a------ c:\windows\system32\69.tmp

2008-11-13 23:52 . 2008-11-13 23:52 88 --a------ c:\windows\system32\66.tmp

2008-11-13 15:21 . 2008-11-13 15:21 19,475 --a------ c:\windows\ejitabane.inf

2008-11-13 15:21 . 2008-11-13 15:21 19,017 --a------ c:\windows\system32\geqizigeke.bat

2008-11-13 15:21 . 2008-11-13 15:21 18,675 --a------ c:\documents and settings\Mahamed\Application Data\xixavezy.pif

2008-11-13 15:21 . 2008-11-13 15:21 17,986 --a------ c:\documents and settings\All Users\Application Data\opifesut.com

2008-11-13 15:21 . 2008-11-13 15:21 17,003 --a------ c:\program files\Common Files\ykijy.com

2008-11-13 15:21 . 2008-11-13 15:21 16,071 --a------ c:\documents and settings\All Users\Application Data\ketuxo.exe

2008-11-13 15:21 . 2008-11-13 15:21 10,949 --a------ c:\documents and settings\All Users\Application Data\uhebihomy.vbs

2008-11-13 15:21 . 2008-11-13 15:21 10,793 --a------ c:\program files\Common Files\ytenyhi.dll

2008-11-13 15:21 . 2008-11-13 15:21 10,367 --a------ c:\windows\lymu.exe

2008-11-13 12:45 . 2008-11-13 12:45 19,256 --a------ c:\windows\qilajotim._dl

2008-11-13 12:45 . 2008-11-13 12:45 18,481 --a------ c:\documents and settings\Mahamed\Application Data\amubeqidun.dll

2008-11-13 12:45 . 2008-11-13 12:45 17,831 --a------ c:\windows\unisoja.dll

2008-11-13 12:45 . 2008-11-13 12:45 17,432 --a------ c:\windows\system32\fefix.com

2008-11-13 12:45 . 2008-11-13 12:45 15,120 --a------ c:\documents and settings\All Users\Application Data\yhesiko.scr

2008-11-13 12:45 . 2008-11-13 12:45 14,393 --a------ c:\program files\Common Files\omugurysox.reg

2008-11-13 12:45 . 2008-11-13 12:45 13,978 --a------ c:\windows\mujot.ban

2008-11-13 12:45 . 2008-11-13 12:45 13,912 --a------ c:\windows\system32\ihywofemyh.com

2008-11-13 12:45 . 2008-11-13 12:45 13,726 --a------ c:\program files\Common Files\jipovaguro.exe

2008-11-13 12:45 . 2008-11-13 12:45 11,037 --a------ c:\windows\emyx.exe

2008-11-13 12:45 . 2008-11-13 12:45 10,964 --a------ c:\windows\system32\ronuces.sys

2008-11-13 12:45 . 2008-11-13 12:45 10,954 --a------ c:\program files\Common Files\ybavizevim.bin

2008-11-13 12:45 . 2008-11-13 12:45 10,372 --a------ c:\windows\ecyz.reg

2008-11-13 12:45 . 2008-11-13 12:45 10,066 --a------ c:\windows\ysez.vbs

2008-11-13 11:04 . 2008-11-15 08:41 16,451 --a------ c:\windows\gmail.com-error.html

2008-11-13 11:04 . 2008-11-15 08:42 6,182 --a------ c:\windows\live.com-error.html

2008-11-13 11:04 . 2008-11-15 08:41 5,596 --a------ c:\windows\aol.com-error.html

2008-11-13 11:04 . 2008-11-15 08:41 3,696 --a------ c:\windows\google.com-error.html

2008-11-13 11:04 . 2008-11-15 08:42 1,997 --a------ c:\windows\search.yahoo.com-error.html

2008-11-13 10:56 . 2008-11-13 10:56 48 --a------ c:\windows\system32\B.tmp

2008-11-13 10:56 . 2008-11-13 10:56 18 --a------ c:\windows\system32\D.tmp

2008-11-12 19:13 . 2008-11-12 19:13 <DIR> d-------- c:\documents and settings\Administrator\DoctorWeb

2008-11-12 18:49 . 2008-11-12 18:49 <DIR> d-------- c:\documents and settings\Mahamed\DoctorWeb

2008-11-12 18:44 . 2008-11-12 18:44 230 --a------ c:\windows\system32\spupdsvc.inf

2008-11-12 17:35 . 2008-11-15 09:39 5,760 --a------ c:\windows\system32\drivers\restore.sys

2008-11-12 17:21 . 2008-11-12 18:31 65,024 --a------ c:\windows\system32\sac32.dll

2008-11-12 17:17 . 2008-11-12 17:17 10,000 --a------ c:\windows\system32\jsne87fidgf.dll

2008-11-12 17:07 . 2008-11-12 18:28 <DIR> d-------- c:\program files\Enigma Software Group

2008-11-12 17:00 . 2008-11-12 17:00 48 --a------ c:\windows\system32\3.tmp

2008-11-12 17:00 . 2008-11-12 17:00 18 --a------ c:\windows\system32\7.tmp

2008-11-12 16:51 . 2008-11-12 16:51 48 --a------ c:\windows\system32\1F3.tmp

2008-11-12 16:51 . 2008-11-12 16:52 18 --a------ c:\windows\system32\1F5.tmp

2008-11-12 16:17 . 2008-11-12 16:28 15,083,520 --a------ c:\program files\spybotsd160.exe

2008-11-12 16:00 . 2008-11-12 16:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET

2008-11-12 15:57 . 2008-11-12 15:57 2,015 -rah----- c:\windows\system32\drivers\hosts

2008-11-12 15:54 . 2008-11-13 17:25 <DIR> d-------- c:\program files\RogueRemover FREE

2008-11-12 15:53 . 2008-09-05 04:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll

2008-11-12 15:53 . 2008-10-24 22:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

2008-11-12 14:12 . 2008-11-12 14:12 48 --a------ c:\windows\system32\6.tmp

2008-11-12 14:12 . 2008-11-12 14:12 18 --a------ c:\windows\system32\8.tmp

2008-11-12 13:16 . 2008-11-12 13:16 19,960 --a------ c:\windows\azeheh.exe

2008-11-12 13:16 . 2008-11-12 13:16 19,571 --a------ c:\program files\Common Files\isesad.exe

2008-11-12 13:16 . 2008-11-12 13:16 16,049 --a------ c:\windows\system32\imudas.pif

2008-11-12 13:16 . 2008-11-12 13:16 15,567 --a------ c:\windows\uwezy.dl

2008-11-12 13:16 . 2008-11-12 13:16 15,106 --a------ c:\windows\yqometon.com

2008-11-12 13:16 . 2008-11-12 13:16 15,082 --a------ c:\windows\ixalogynic.reg

2008-11-12 13:16 . 2008-11-12 13:16 14,895 --a------ c:\windows\system32\wupiluto.pif

2008-11-12 13:16 . 2008-11-12 13:16 14,356 --a------ c:\windows\zoguhah.vbs

2008-11-12 13:16 . 2008-11-12 13:16 14,043 --a------ c:\documents and settings\All Users\Application Data\gogafo.exe

2008-11-12 13:16 . 2008-11-12 13:16 13,509 --a------ c:\documents and settings\Mahamed\Application Data\ajeton.sys

2008-11-12 13:16 . 2008-11-12 13:16 13,111 --a------ c:\windows\heto._sy

2008-11-12 13:16 . 2008-11-12 13:16 11,660 --a------ c:\windows\vukiv.dl

2008-11-12 13:16 . 2008-11-12 13:16 11,198 --a------ c:\windows\mepeke.sys

2008-11-12 13:16 . 2008-11-12 13:16 10,565 --a------ c:\windows\system32\ebidipar.dll

2008-11-12 10:57 . 2008-11-12 10:57 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\Apple Computer

2008-11-12 10:56 . 2008-11-12 10:56 48 --a------ c:\windows\system32\2.tmp

2008-11-12 10:56 . 2008-11-12 10:56 18 --a------ c:\windows\system32\5.tmp

2008-11-11 20:14 . 2008-11-13 18:35 <DIR> d-------- c:\program files\Lavasoft

2008-11-11 19:37 . 2008-11-11 19:59 25,129,080 --a------ c:\program files\antivir_workstation_winu_en_h(2).exe

2008-11-11 17:01 . 2008-11-11 17:17 23,804,784 --a------ c:\program files\aaw2008.exe

2008-11-10 17:56 . 2008-11-10 17:56 <DIR> d-------- c:\program files\Alwil Software

2008-11-09 10:56 . 2008-11-09 10:56 <DIR> d-------- c:\program files\3ivx

2008-11-09 10:04 . 2008-11-09 10:49 <DIR> d-------- c:\windows\system32\quicktime

2008-11-09 09:49 . 2008-11-13 18:20 <DIR> d-------- c:\program files\QuickTime

2008-11-09 09:39 . 2008-11-09 09:40 <DIR> d-------- c:\program files\Service Packs

2008-11-08 11:02 . 2008-11-14 02:15 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\LimeWire

2008-11-08 11:01 . 2008-11-13 13:26 <DIR> d-------- c:\program files\LimeWire

2008-11-07 23:18 . 2008-11-07 23:18 <DIR> d-------- c:\windows\Sun

2008-11-07 19:16 . 2008-11-10 18:45 <DIR> d-------- c:\program files\DNA

2008-11-07 19:16 . 2008-11-10 23:07 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\DNA

2008-11-07 17:54 . 2008-11-07 20:25 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\DivX

2008-11-07 17:15 . 2008-11-07 17:17 <DIR> d-------- c:\program files\DivX

2008-11-06 22:31 . 2008-11-06 22:31 <DIR> d-------- c:\program files\Sun

2008-11-06 22:28 . 2008-11-06 22:27 410,976 --a------ c:\windows\system32\deploytk.dll

2008-11-06 22:28 . 2008-11-06 22:27 73,728 --a------ c:\windows\system32\javacpl.cpl

2008-11-06 22:27 . 2008-11-06 22:27 <DIR> d-------- c:\program files\Java

2008-11-04 18:23 . 2008-11-04 18:25 <DIR> d-------- c:\windows\system32\NtmsData

2008-11-04 10:08 . 2008-11-04 10:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2008-11-04 10:07 . 2008-11-13 17:23 <DIR> d-------- c:\program files\SUPERAntiSpyware

2008-11-04 10:07 . 2008-11-04 10:07 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\SUPERAntiSpyware.com

2008-11-04 10:04 . 2008-11-13 18:34 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard

2008-11-03 20:04 . 2008-11-03 20:04 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\Windows Search

2008-11-03 18:53 . 2008-11-12 10:42 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\Comodo

2008-11-03 15:00 . 2008-11-12 10:42 <DIR> d-------- c:\program files\COMODO

2008-11-03 09:17 . 2008-11-03 09:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\MSN6

2008-11-03 09:12 . 2008-11-12 19:13 <DIR> d-------- c:\documents and settings\Administrator

2008-11-03 08:09 . 2008-11-03 09:15 <DIR> d-------- c:\program files\Smart Virus Remover

2008-11-03 01:16 . 2008-11-03 01:16 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\MSN6

2008-10-29 09:36 . 2008-10-29 09:36 823,296 --a------ c:\windows\system32\divx_xx0c.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-14 22:40 17,408 ----a-w c:\windows\system32\svchost.exe

2008-11-14 21:20 --------- d-----w c:\program files\Common Files\Adobe

2008-11-12 05:43 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

2008-11-12 05:24 --------- d-----w c:\program files\Malwarebytes' Anti-Malware

2008-11-12 05:24 --------- d-----w c:\program files\Free FLV Converter

2008-11-12 02:16 19,762 ----a-w c:\program files\Common Files\ynojysu.ban

2008-11-07 08:06 263 ----a-w c:\program files\gapa.ini

2008-11-03 05:58 --------- d-----w c:\documents and settings\All Users\Application Data\STOPzilla!

2008-10-27 16:43 499,712 ----a-w c:\windows\system32\msvcp71.dll

2008-10-27 16:43 348,160 ----a-w c:\windows\system32\msvcr71.dll

2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-21 06:31 --------- d-----w c:\documents and settings\Mahamed\Application Data\uTorrent

2008-10-03 01:13 --------- d-----w c:\documents and settings\Mahamed\Application Data\Media Player Classic

2008-10-03 00:49 --------- d-----w c:\program files\Combined Community Codec Pack

2008-10-02 07:53 --------- d-----w c:\program files\Common Files\DVDVideoSoft

2008-10-02 07:53 --------- d-----w c:\program files\AskBarDis

2008-09-30 05:28 --------- d-----w c:\program files\Xvid

2008-09-25 09:10 --------- d-----w c:\program files\NOS

2008-09-25 09:10 --------- d-----w c:\documents and settings\All Users\Application Data\NOS

2008-09-25 08:13 --------- d-----w c:\documents and settings\Mahamed\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2008-09-25 08:11 --------- d-----w c:\program files\Common Files\Adobe AIR

2008-09-25 08:03 81,920 ----a-w c:\windows\system32\dpl100.dll

2008-09-25 08:03 593,920 ----a-w c:\windows\system32\dpuGUI11.dll

2008-09-25 08:03 57,344 ----a-w c:\windows\system32\dpv11.dll

2008-09-25 08:03 536,576 ----a-w c:\windows\system32\DivXsm.exe

2008-09-25 08:03 53,248 ----a-w c:\windows\system32\dpuGUI10.dll

2008-09-25 08:03 344,064 ----a-w c:\windows\system32\dpus11.dll

2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu11.dll

2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu10.dll

2008-09-25 08:03 196,608 ----a-w c:\windows\system32\dtu100.dll

2008-09-25 08:03 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe

2008-09-23 02:51 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!

2008-09-22 11:00 --------- d-----w c:\program files\Messenger Plus! Live

2008-09-21 02:04 --------- d-----w c:\program files\Windows Live

2008-09-21 02:02 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller

2008-09-21 01:55 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller

2008-09-19 21:57 9,464 ----a-w c:\windows\system32\drivers\cdralw2k.sys

2008-09-19 21:57 9,336 ----a-w c:\windows\system32\drivers\cdr4_xp.sys

2008-09-19 21:57 43,528 ----a-w c:\windows\system32\drivers\PxHelp20.sys

2008-09-19 21:57 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll

2008-09-19 21:57 129,784 ----a-w c:\windows\system32\pxafs.dll

2008-09-19 21:57 120,056 ----a-w c:\windows\system32\pxcpyi64.exe

2008-09-19 21:57 118,520 ----a-w c:\windows\system32\pxinsi64.exe

2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll

2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll

2008-09-19 21:54 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll

2008-09-19 03:15 --------- d-----w c:\program files\Microsoft Works

2008-09-19 03:14 --------- d-----w c:\program files\MSBuild

2008-09-19 03:01 --------- d-----w c:\program files\Microsoft.NET

2008-09-16 13:27 --------- d-----w c:\documents and settings\All Users\Application Data\SITEguard

2008-09-16 13:26 --------- d-----w c:\program files\Common Files\iS3

2008-09-15 13:46 --------- d-----w c:\program files\AVG

2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys

2008-09-15 06:44 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft

2008-09-15 06:03 --------- d-----w c:\documents and settings\Mahamed\Application Data\Malwarebytes

2008-09-15 06:03 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes

2008-09-15 05:52 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2008-09-15 05:40 --------- d-----w c:\program files\Common Files\Download Manager

2008-09-12 18:30 278,528 ----a-w c:\windows\system32\TubeFinder.exe

2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll

2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll

2008-08-20 05:30 666,112 ----a-w c:\windows\system32\wininet.dll

2008-08-14 10:11 2,189,184 ----a-w c:\windows\system32\ntoskrnl.exe

2008-08-14 09:33 2,066,048 ----a-w c:\windows\system32\ntkrnlpa.exe

.

 

------- Sigcheck -------

 

2004-08-04 01:56 14336 5de5b5c556f04f26dd6068267644a8ca c:\windows\$NtServicePackUninstall$\svchost.exe

2008-04-14 06:42 23040 06fcb16ca84dcc11302fd1854b6b246c c:\windows\ServicePackFiles\i386\svchost.exe

2004-08-04 18:56 23040 385a7e4e53c27ae4047816c5ec582f5e c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\svchost.exe

2008-11-15 09:40 17408 757bfb408b7ea07648188f30d027cb6e c:\windows\system32\svchost.exe

 

2004-08-04 01:56 502272 19f92aaf6870b66d25b351e230abc6ea c:\windows\$NtServicePackUninstall$\winlogon.exe

2008-04-14 06:42 516608 808f4f0941af51bd295eded8071a286b c:\windows\ServicePackFiles\i386\winlogon.exe

2004-08-04 18:56 510976 8c45beb4d178e0b993ca55ab14ce53fd c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\winlogon.exe

2008-04-14 06:42 512000 d4b1151878c946abd7013197a2a58a86 c:\windows\system32\winlogon.exe

 

2008-04-14 06:42 1048576 32b05ffd8ee421e8d135922f94a09779 c:\windows\explorer.exe

2004-08-04 01:56 1032192 56195559d22a24d39c0d04b954fb1901 c:\windows\$NtServicePackUninstall$\explorer.exe

2008-04-14 06:42 1042432 8aab8f71347002bc2ac64ae0beb5e905 c:\windows\ServicePackFiles\i386\explorer.exe

2004-08-04 18:56 1040896 0c8ec25cd14642a3cd74d794176645b5 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\explorer.exe

 

2004-08-04 01:56 108032 1800469178c252c5977f711b468c00a1 c:\windows\$NtServicePackUninstall$\services.exe

2008-04-14 06:42 117248 ef1758444f1504c33b79c26a5926d69b c:\windows\ServicePackFiles\i386\services.exe

2004-08-04 18:56 116736 b83fefe879296a209915092ee67437fa c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\services.exe

2008-04-14 06:42 111104 8f0b1f3a69379f2fb94a7ea9927d7ae6 c:\windows\system32\services.exe

 

2004-08-04 01:56 13312 5877be9b08f740e5bd64e7c86608a93f c:\windows\$NtServicePackUninstall$\lsass.exe

2008-04-14 06:42 22016 0df2519a636ddbf74e43c73f6db43943 c:\windows\ServicePackFiles\i386\lsass.exe

2004-08-04 18:56 22016 0b6bba57a1bb9998e542d911e27b5bd6 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\lsass.exe

2008-04-14 06:42 14848 75a4df4fcd68e97e5ad34543f18bbc86 c:\windows\system32\lsass.exe

 

2004-08-04 01:56 15360 fe408f07f63eece65f4e3f8ce09030d5 c:\windows\$NtServicePackUninstall$\ctfmon.exe

2008-04-14 06:42 24064 7799f2ecb1713979335e8abc1ec42bcf c:\windows\ServicePackFiles\i386\ctfmon.exe

2004-08-04 18:56 24064 e0e0a63fa6e13fcee9d77d729a14e7b1 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ctfmon.exe

2008-04-14 06:42 15360 b61439f0bc14b836101d6387197715e8 c:\windows\system32\CTFMON.EXE

 

2005-06-11 11:17 57856 8cfa993f4fdf5568aff15d99765c21d6 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe

2005-06-11 10:53 57856 07763dfe5ea3c14946d4052c56ba377d c:\windows\$NtServicePackUninstall$\spoolsv.exe

2004-08-04 01:56 57856 cb39079b8adca54c691db044351b94bf c:\windows\$NtUninstallKB896423$\spoolsv.exe

2008-04-14 06:42 66560 5a45de4b505cbbc52e4b09706357c050 c:\windows\ServicePackFiles\i386\spoolsv.exe

2004-08-04 18:56 66560 234df4f1361db1af65a3fe7ef06925fe c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\spoolsv.exe

2008-04-14 06:42 58368 9611bbfa386db3a3d6f32aa8dc92ef42 c:\windows\system32\spoolsv.exe

 

2004-08-04 01:56 24576 27f29f65bf97a1dd81d50229b5023745 c:\windows\$NtServicePackUninstall$\userinit.exe

2008-04-14 06:42 34816 f7746144dda31959e03610f052c33d92 c:\windows\ServicePackFiles\i386\userinit.exe

2004-08-04 18:56 33280 215be2b305baa8e049760ba95cb8b6ba c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\userinit.exe

2008-04-14 06:42 26112 31c92b93500c4ee80248b3d67acf4480 c:\windows\system32\userinit.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

 

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-06 136600]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-28 185872]

"Movie Maker"="c:\windows\vmmreg32.exe" [2008-11-14 146860]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"NoDispScrSavPage"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoClose"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

"NoFolderOptions"= 0 (0x0)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon]

2008-07-23 16:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

"vidc.3IV2"= 3ivxVfWCodec.dll

"vidc.SEDG"= SamsungVfWCodec.dll

"vidc.DX50"= DivXVfWCodec.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WG111v2 Smart Wizard Wireless Setting.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WG111v2 Smart Wizard Wireless Setting.lnk

backup=c:\windows\pss\WG111v2 Smart Wizard Wireless Setting.lnkCommon Startup

 

[HKLM\~\startupfolder\c:^documents and settings^all users^start menu^programs^startup^windows search.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

backup=c:\windows\pss\Windows Search.lnkCommon Startup

 

[HKLM\~\startupfolder\c:^documents and settings^mahamed^start menu^programs^startup^limewire on startup.lnk]

path=c:\documents and settings\Mahamed\Start Menu\Programs\Startup\LimeWire On Startup.lnk

backup=c:\windows\pss\LimeWire On Startup.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

--a------ 2008-11-07 19:16 342336 c:\program files\DNA\btdna.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2008-04-14 06:42 1695232 c:\program files\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2008-10-28 03:43 185872 c:\program files\Common Files\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\MBAM.EXE"=

"c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6112:TCP"= 6112:TCP:WarcraftIII

"6112:UDP"= 6112:UDP:WarcraftIII

 

R3 genmcmnusb;USB Scroll Mouse Driver;c:\windows\system32\DRIVERS\gflmouhid.sys [2004-04-19 6656]

S1 dc25c492;dc25c492;c:\windows\system32\drivers\dc25c492.sys [ ]

S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d7957d4-8b60-11dd-88d0-87b7f15e7697}]

\Shell\Auto\command - Start.exe

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d1788cc-8c40-11dd-88d2-ebac918a8ae3}]

\Shell\AutoRun\command - F:\setupSNK.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A744F16C-B2D5-4138-81A2-085CDFCDE83A}]

rundll32 ckds16.dll,InitModule

.

- - - - ORPHANS REMOVED - - - -

 

BHO-{59644c8e-b2ac-4232-9a5d-97421d36219f} - c:\windows\system32\reastl.dll

BHO-{ABA72497-84DB-4C31-A266-9DC04C9AF958} - c:\windows\system32\mlJYpQgg.dll

HKLM-Run-rs32net - c:\windows\System32\rs32net.exe

HKLM-Run-c05a7ddd - c:\windows\system32\hwxivufa.dll

HKU-Default-Run-brastk - c:\windows\system32\brastk.exe

MSConfigStartUp-ANTI LITE TITLE DEBUG - c:\documents and settings\All Users\Application Data\Okay meta anti lite\program junk.exe

MSConfigStartUp-antivirus pro 2009 - c:\program files\AntivirusPro2009\AntivirusPro2009.exe

MSConfigStartUp-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe

MSConfigStartUp-brastk - c:\windows\system32\brastk.exe

MSConfigStartUp-DriverUpdaterPro - c:\program files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe

MSConfigStartUp-jnskdfmf9eldfd - c:\docume~1\Mahamed\LOCALS~1\Temp\csrssc.exe

MSConfigStartUp-rs32net - c:\windows\System32\rs32net.exe

MSConfigStartUp-site multi - c:\docume~1\Mahamed\APPLIC~1\LOADME~1\Manager web stupid.exe

MSConfigStartUp-spyhunter security suite - c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe

MSConfigStartUp-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe

MSConfigStartUp-xsjfn83jkemfofght - c:\docume~1\Mahamed\LOCALS~1\Temp\winlogin.exe

 

 

.

------- Supplementary Scan -------

.

FireFox -: Profile - c:\documents and settings\Mahamed\Application Data\Mozilla\Firefox\Profiles\hv8n2fz6.default\

FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll

FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll

FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll

FF -: plugin - c:\program files\Mozilla Firefox\plugins\np_gp.dll

FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-15 10:34:02

Windows 5.1.2600 Service Pack 3 NTFS

 

detected NTDLL code modification:

ZwOpenFile

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Lavasoft\Ad-Aware\aawservice.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\TASKMGR.EXE

.

**************************************************************************

.

Completion time: 2008-11-15 10:41:26 - machine was rebooted

ComboFix-quarantined-files.txt 2008-11-14 23:41:16

 

Pre-Run: 59,401,392,128 bytes free

Post-Run: 59,297,554,432 bytes free

 

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

 

470 --- E O F --- 2008-11-12 05:44:00

Share this post


Link to post
Share on other sites

Bit more malware there unfortunately

 

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.

 

 

Download SDFix and save it to your Desktop.

 

Double click SDFix.exe and it will extract the files to %systemdrive%

(Drive that contains the Windows Directory, typically C:\SDFix)

 

Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.

  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum.

 

 

 

Open notepad and copy/paste the text in the quotebox below into it:

http://www.lavasoftsupport.com/index.php?showtopic=21732&st=0entry88884

Collect::
c:\windows\system32\ckds16.dll
c:\windows\system32\94.tmp
c:\windows\system32\96.tmp
c:\windows\system32\54.tmp
c:\windows\system32\56.tmp
c:\windows\system32\35.tmp
c:\windows\system32\33.tmp
c:\windows\system32\1C.tmp
c:\windows\system32\1E.tmp
c:\windows\system32\11.tmp
c:\windows\system32\A.tmp
c:\windows\vmmreg32.exe
c:\windows\system32\bio-22-10-2.exe
c:\windows\system32\head-22-10-2.exe
c:\windows\system32\C.tmp
c:\windows\system32\10.tmp
c:\windows\system32\69.tmp
c:\windows\system32\66.tmp
c:\windows\ejitabane.inf
c:\windows\system32\geqizigeke.bat
c:\documents and settings\Mahamed\Application Data\xixavezy.pif
c:\documents and settings\All Users\Application Data\opifesut.com
c:\program files\Common Files\ykijy.com
c:\documents and settings\All Users\Application Data\ketuxo.exe
c:\documents and settings\All Users\Application Data\uhebihomy.vbs
c:\program files\Common Files\ytenyhi.dll
c:\windows\lymu.exe
c:\windows\qilajotim._dl
c:\documents and settings\Mahamed\Application Data\amubeqidun.dll
c:\windows\unisoja.dll
c:\windows\system32\fefix.com
c:\documents and settings\All Users\Application Data\yhesiko.scr
c:\program files\Common Files\omugurysox.reg
c:\windows\mujot.ban
c:\windows\system32\ihywofemyh.com
c:\program files\Common Files\jipovaguro.exe
c:\windows\emyx.exe
c:\windows\system32\ronuces.sys
c:\program files\Common Files\ybavizevim.bin
c:\windows\ecyz.reg
c:\windows\ysez.vbs
c:\windows\gmail.com-error.html
c:\windows\live.com-error.html
c:\windows\aol.com-error.html
c:\windows\google.com-error.html
c:\windows\search.yahoo.com-error.html
c:\windows\system32\B.tmp
c:\windows\system32\D.tmp
c:\windows\system32\drivers\restore.sys
c:\windows\system32\sac32.dll
c:\windows\system32\jsne87fidgf.dll
c:\windows\system32\3.tmp
c:\windows\system32\7.tmp
c:\windows\system32\1F3.tmp
c:\windows\system32\1F5.tmp
c:\windows\system32\6.tmp
c:\windows\system32\8.tmp
c:\windows\azeheh.exe
c:\program files\Common Files\isesad.exe
c:\windows\system32\imudas.pif
c:\windows\uwezy.dl
c:\windows\yqometon.com
c:\windows\ixalogynic.reg
c:\windows\system32\wupiluto.pif
c:\windows\zoguhah.vbs
c:\documents and settings\All Users\Application Data\gogafo.exe
c:\documents and settings\Mahamed\Application Data\ajeton.sys
c:\windows\heto._sy
c:\windows\vukiv.dl
c:\windows\mepeke.sys
c:\windows\system32\ebidipar.dll
c:\windows\system32\2.tmp
c:\windows\system32\5.tmp


Driver::
dc25c492

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d7957d4-8b60-11dd-88d0-87b7f15e7697}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d1788cc-8c40-11dd-88d2-ebac918a8ae3}]

FCopy::
C:\WINDOWS\system32\dllcache\lsass.exe | c:\windows\system32\lsass.exe
C:\WINDOWS\system32\dllcache\winlogon.exe | c:\windows\system32\winlogon.exe
C:\WINDOWS\system32\dllcache\services.exe | c:\windows\system32\services.exe
C:\WINDOWS\system32\dllcache\svchost.exe | c:\windows\system32\svchost.exe
C:\WINDOWS\system32\dllcache\spoolsv.exe | c:\windows\system32\spoolsv.exe
C:\WINDOWS\system32\dllcache\explorer.exe | c:\windows\explorer.exe

Suspect::

Save this as CFScript.txt

 

 

CFScriptB-4.gif

 

Refering to the picture above, drag CFScript.txt into ComboFix.exe

 

When finished, it shall produce a log for you. Post that log in your next reply.

 

**Note**

 

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

  • Ensure you are connected to the internet and click OK on the message box.
  • A browser will open.
  • Simply follow the instructions to copy/paste/send the requested file.

Share this post


Link to post
Share on other sites

SDFix: Version 1.240

Run by Mahamed on Sat 15/11/2008 at 11:47

 

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

 

Checking Services :

 

 

Restoring Default Security Values

Restoring Default Hosts File

 

Rebooting

 

 

Checking Files :

 

Trojan Files Found:

 

C:\Documents and Settings\Mahamed\Start Menu\Programs\AntivirusPro2009\AntivirusPro2009.lnk - Deleted

C:\Documents and Settings\Mahamed\Start Menu\Programs\AntivirusPro2009\Uninstall.lnk - Deleted

C:\WINDOWS\heto._sy - Deleted

C:\WINDOWS\aol.com-error.html - Deleted

C:\WINDOWS\gmail.com-error.html - Deleted

C:\WINDOWS\google.com-error.html - Deleted

C:\WINDOWS\live.com-error.html - Deleted

C:\WINDOWS\search.yahoo.com-error.html - Deleted

C:\WINDOWS\system32\2.tmp - Deleted

C:\WINDOWS\system32\3.tmp - Deleted

C:\WINDOWS\system32\5.tmp - Deleted

C:\WINDOWS\system32\6.tmp - Deleted

C:\WINDOWS\system32\7.tmp - Deleted

C:\WINDOWS\system32\8.tmp - Deleted

C:\WINDOWS\system32\A.tmp - Deleted

C:\WINDOWS\system32\B.tmp - Deleted

C:\WINDOWS\system32\C.tmp - Deleted

C:\WINDOWS\system32\D.tmp - Deleted

C:\WINDOWS\system32\2.tmp - Deleted

C:\WINDOWS\system32\10.tmp - Deleted

C:\WINDOWS\system32\11.tmp - Deleted

C:\WINDOWS\system32\1C.tmp - Deleted

C:\WINDOWS\system32\1E.tmp - Deleted

C:\WINDOWS\system32\1F3.tmp - Deleted

C:\WINDOWS\system32\1F5.tmp - Deleted

C:\WINDOWS\system32\drivers\hosts - Deleted

C:\WINDOWS\system32\sac32.dll - Deleted

C:\WINDOWS\system32\drivers\restore.sys - Deleted

 

 

 

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-15 11:56:09

Windows 5.1.2600 Service Pack 3 NTFS

 

detected NTDLL code modification:

ZwOpenFile

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

Remaining Services :

 

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"

"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"

"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

"C:\\Program Files\\Malwarebytes' Anti-Malware\\MBAM.EXE"="C:\\Program Files\\Malwarebytes' Anti-Malware\\MBAM.EXE:*:Enabled:Malwarebytes' Anti-Malware"

"C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe:*:Enabled:SUPERAntiSpyware Free Edition"

"\\??\\C:\\WINDOWS\\system32\\winlogon.exe"="\\??\\C:\\WINDOWS\\system32\\winlogon.exe:*:enabled:@shell32.dll,-1"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

 

Remaining Files :

 

 

File Backups: - C:\SDFix\backups\backups.zip

 

Files with Hidden Attributes :

 

Sat 18 Oct 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Sat 15 Nov 2008 15,452,536 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d7694bef8bd7032a201cda9934644640\BIT4.tmp"

 

Finished!

Share this post


Link to post
Share on other sites

ComboFix 08-11-12.02 - Mahamed 2008-11-15 12:08:27.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.92 [GMT 11:00]

Running from: c:\documents and settings\Mahamed\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Mahamed\Desktop\CFScript.txt

* Created a new restore point

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\All Users\Application Data\gogafo.exe

c:\documents and settings\All Users\Application Data\ketuxo.exe

c:\documents and settings\All Users\Application Data\opifesut.com

c:\documents and settings\All Users\Application Data\uhebihomy.vbs

c:\documents and settings\All Users\Application Data\yhesiko.scr

c:\documents and settings\Mahamed\Application Data\ajeton.sys

c:\documents and settings\Mahamed\Application Data\amubeqidun.dll

c:\documents and settings\Mahamed\Application Data\xixavezy.pif

c:\program files\Common Files\isesad.exe

c:\program files\Common Files\jipovaguro.exe

c:\program files\Common Files\omugurysox.reg

c:\program files\Common Files\ybavizevim.bin

c:\program files\Common Files\ykijy.com

c:\program files\Common Files\ytenyhi.dll

c:\windows\azeheh.exe

c:\windows\ecyz.reg

c:\windows\ejitabane.inf

c:\windows\emyx.exe

c:\windows\ixalogynic.reg

c:\windows\lymu.exe

c:\windows\mepeke.sys

c:\windows\mujot.ban

c:\windows\qilajotim._dl

c:\windows\system32\33.tmp

c:\windows\system32\35.tmp

c:\windows\system32\54.tmp

c:\windows\system32\56.tmp

c:\windows\system32\66.tmp

c:\windows\system32\69.tmp

c:\windows\system32\94.tmp

c:\windows\system32\96.tmp

c:\windows\system32\bio-22-10-2.exe

c:\windows\system32\ckds16.dll

c:\windows\system32\csrssw.dll

c:\windows\system32\ebidipar.dll

c:\windows\system32\fefix.com

c:\windows\system32\geqizigeke.bat

c:\windows\system32\head-22-10-2.exe

c:\windows\system32\ihywofemyh.com

c:\windows\system32\imudas.pif

c:\windows\system32\jsne87fidgf.dll

c:\windows\system32\ronuces.sys

c:\windows\system32\wupiluto.pif

c:\windows\unisoja.dll

c:\windows\uwezy.dl

c:\windows\vmmreg32.exe

c:\windows\vukiv.dl

c:\windows\yqometon.com

c:\windows\ysez.vbs

c:\windows\zoguhah.vbs

 

c:\windows\system32\lsass.exe . . . is infected!!

 

c:\windows\system32\winlogon.exe . . . is infected!!

 

c:\windows\system32\services.exe . . . is infected!!

 

c:\windows\system32\svchost.exe . . . is infected!!

 

c:\windows\system32\spoolsv.exe . . . is infected!!

 

c:\windows\explorer.exe . . . is infected!!

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_dc25c492

 

 

((((((((((((((((((((((((( Files Created from 2008-10-15 to 2008-11-15 )))))))))))))))))))))))))))))))

.

 

2008-12-22 15:59 . 2008-12-22 15:59 447,200 --a------ c:\windows\system32\OpenQuicktimeLib.dll

2008-12-22 15:59 . 2008-12-22 15:59 332,512 --a------ c:\windows\system32\3ivxVfWCodec.dll

2008-12-22 15:59 . 2008-12-22 15:59 25,312 --a------ c:\windows\system32\SamsungVfWCodec.dll

2008-12-22 15:59 . 2008-12-22 15:59 25,312 --a------ c:\windows\system32\DivXVfWCodec.dll

2008-12-22 15:58 . 2008-12-22 15:58 1,155,808 --a------ c:\windows\system32\3ivx.dll

2008-12-22 15:52 . 2008-12-22 15:52 66,272 --a------ c:\windows\system32\libfaac.dll

2008-11-15 12:02 . 2008-11-14 02:02 146,860 --a------ c:\windows\unisoja.exe

2008-11-15 11:46 . 2008-11-15 11:46 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll

2008-11-15 11:42 . 2008-11-15 11:42 <DIR> d-------- c:\windows\ERUNT

2008-11-15 11:18 . 2008-11-15 12:02 <DIR> d-------- C:\SDFix

2008-11-15 09:29 . 2008-11-15 09:29 <DIR> d-------- C:\_OTMoveIt

2008-11-15 08:35 . 2008-11-15 09:10 <DIR> d-------- C:\Lop SD

2008-11-14 19:54 . 2008-11-14 19:54 <DIR> d-------- c:\program files\Trend Micro

2008-11-12 19:13 . 2008-11-12 19:13 <DIR> d-------- c:\documents and settings\Administrator\DoctorWeb

2008-11-12 18:49 . 2008-11-12 18:49 <DIR> d-------- c:\documents and settings\Mahamed\DoctorWeb

2008-11-12 18:44 . 2008-11-12 18:44 230 --a------ c:\windows\system32\spupdsvc.inf

2008-11-12 17:07 . 2008-11-12 18:28 <DIR> d-------- c:\program files\Enigma Software Group

2008-11-12 16:17 . 2008-11-12 16:28 15,083,520 --a------ c:\program files\spybotsd160.exe

2008-11-12 16:00 . 2008-11-12 16:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET

2008-11-12 15:54 . 2008-11-13 17:25 <DIR> d-------- c:\program files\RogueRemover FREE

2008-11-12 15:53 . 2008-09-05 04:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll

2008-11-12 15:53 . 2008-10-24 22:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

2008-11-12 10:57 . 2008-11-12 10:57 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\Apple Computer

2008-11-11 20:14 . 2008-11-13 18:35 <DIR> d-------- c:\program files\Lavasoft

2008-11-11 19:37 . 2008-11-11 19:59 25,129,080 --a------ c:\program files\antivir_workstation_winu_en_h(2).exe

2008-11-11 17:01 . 2008-11-11 17:17 23,804,784 --a------ c:\program files\aaw2008.exe

2008-11-10 17:56 . 2008-11-10 17:56 <DIR> d-------- c:\program files\Alwil Software

2008-11-09 10:56 . 2008-11-09 10:56 <DIR> d-------- c:\program files\3ivx

2008-11-09 10:04 . 2008-11-09 10:49 <DIR> d-------- c:\windows\system32\quicktime

2008-11-09 09:49 . 2008-11-13 18:20 <DIR> d-------- c:\program files\QuickTime

2008-11-09 09:39 . 2008-11-09 09:40 <DIR> d-------- c:\program files\Service Packs

2008-11-08 11:02 . 2008-11-14 02:15 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\LimeWire

2008-11-08 11:01 . 2008-11-13 13:26 <DIR> d-------- c:\program files\LimeWire

2008-11-07 23:18 . 2008-11-07 23:18 <DIR> d-------- c:\windows\Sun

2008-11-07 19:16 . 2008-11-10 18:45 <DIR> d-------- c:\program files\DNA

2008-11-07 19:16 . 2008-11-10 23:07 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\DNA

2008-11-07 17:54 . 2008-11-07 20:25 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\DivX

2008-11-07 17:15 . 2008-11-07 17:17 <DIR> d-------- c:\program files\DivX

2008-11-06 22:31 . 2008-11-06 22:31 <DIR> d-------- c:\program files\Sun

2008-11-06 22:28 . 2008-11-06 22:27 410,976 --a------ c:\windows\system32\deploytk.dll

2008-11-06 22:28 . 2008-11-06 22:27 73,728 --a------ c:\windows\system32\javacpl.cpl

2008-11-06 22:27 . 2008-11-06 22:27 <DIR> d-------- c:\program files\Java

2008-11-04 18:23 . 2008-11-04 18:25 <DIR> d-------- c:\windows\system32\NtmsData

2008-11-04 10:08 . 2008-11-04 10:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2008-11-04 10:07 . 2008-11-13 17:23 <DIR> d-------- c:\program files\SUPERAntiSpyware

2008-11-04 10:07 . 2008-11-04 10:07 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\SUPERAntiSpyware.com

2008-11-04 10:04 . 2008-11-13 18:34 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard

2008-11-03 20:04 . 2008-11-03 20:04 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\Windows Search

2008-11-03 18:53 . 2008-11-12 10:42 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\Comodo

2008-11-03 15:00 . 2008-11-12 10:42 <DIR> d-------- c:\program files\COMODO

2008-11-03 09:17 . 2008-11-03 09:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\MSN6

2008-11-03 09:12 . 2008-11-12 19:13 <DIR> d-------- c:\documents and settings\Administrator

2008-11-03 08:09 . 2008-11-03 09:15 <DIR> d-------- c:\program files\Smart Virus Remover

2008-11-03 01:16 . 2008-11-03 01:16 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\MSN6

2008-10-29 09:36 . 2008-10-29 09:36 823,296 --a------ c:\windows\system32\divx_xx0c.dll

2008-10-29 09:36 . 2008-10-29 09:36 823,296 --a------ c:\windows\system32\divx_xx07.dll

2008-10-29 09:35 . 2008-10-29 09:35 815,104 --a------ c:\windows\system32\divx_xx0a.dll

2008-10-29 09:35 . 2008-10-29 09:35 802,816 --a------ c:\windows\system32\divx_xx11.dll

2008-10-28 03:44 . 2008-10-28 03:44 <DIR> d-------- c:\program files\Common Files\xing shared

2008-10-28 03:43 . 2008-10-28 03:43 <DIR> d-------- c:\program files\Real

2008-10-26 22:21 . 2008-10-26 22:21 <DIR> d-------- c:\program files\Real Alternative

2008-10-26 22:21 . 2008-10-28 03:44 <DIR> d-------- c:\program files\Common Files\Real

2008-10-25 19:18 . 2008-10-25 19:18 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\Windows Desktop Search

2008-10-25 19:16 . 2008-10-25 19:16 <DIR> d-------- c:\windows\system32\GroupPolicy

2008-10-25 19:16 . 2008-10-25 19:16 <DIR> d-------- c:\program files\Windows Desktop Search

2008-10-25 19:15 . 2008-03-08 04:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll

2008-10-25 19:15 . 2008-03-08 04:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll

2008-10-25 19:15 . 2008-03-08 04:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll

2008-10-25 19:14 . 2008-10-25 19:14 <DIR> d-------- c:\program files\CONEXANT

2008-10-25 19:13 . 2008-10-16 03:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

2008-10-25 17:16 . 2008-10-25 17:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8

2008-10-24 21:31 . 2008-04-14 05:42 159,232 --a------ c:\windows\system32\ptpusd.dll

2008-10-24 21:31 . 2008-04-14 00:15 15,104 --a------ c:\windows\system32\drivers\usbscan.sys

2008-10-24 21:31 . 2008-04-14 00:15 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys

2008-10-24 21:31 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll

2008-10-22 20:17 . 2008-10-22 20:17 <DIR> d-------- c:\program files\Common Files\InstallShield

2008-10-19 11:49 . 2008-09-08 23:38 99,840 --a------ c:\windows\system32\AntiXPVSTFix.exe

2008-10-19 11:49 . 2008-10-10 08:58 94,208 --a------ c:\windows\system32\o4Patch.exe

2008-10-19 11:49 . 2008-10-10 08:58 94,208 --a------ c:\windows\system32\IEDFix.C.exe

2008-10-19 11:49 . 2008-08-18 12:19 84,992 --a------ c:\windows\system32\404FIX.EXE

2008-10-19 11:48 . 2007-09-06 00:22 289,144 --a------ c:\windows\system32\VCCLSID.exe

2008-10-19 11:48 . 2006-04-27 17:49 288,417 --a------ c:\windows\system32\SrchSTS.exe

2008-10-19 11:48 . 2008-10-01 15:51 98,816 --a------ c:\windows\system32\VACFix.exe

2008-10-19 11:48 . 2008-05-18 21:40 94,208 --a------ c:\windows\system32\IEDFix.exe

2008-10-19 11:48 . 2003-06-05 21:13 65,536 --a------ c:\windows\system32\Process.exe

2008-10-19 11:48 . 2004-07-31 18:50 59,904 --a------ c:\windows\system32\dumphive.exe

2008-10-19 11:48 . 2007-10-04 00:36 37,888 --a------ c:\windows\system32\WS2Fix.exe

2008-10-18 14:38 . 2008-10-18 14:38 <DIR> d-------- c:\program files\Windows Media Connect 2

2008-10-18 14:33 . 2008-10-18 14:33 <DIR> d-------- c:\windows\system32\LogFiles

2008-10-18 14:33 . 2008-10-27 12:26 <DIR> d-------- c:\windows\system32\drivers\UMDF

2008-10-18 11:08 . 2008-10-18 11:08 10,752 --a------ c:\windows\system32\horjiqot.exe

2008-10-18 01:31 . 2008-10-18 01:31 <DIR> dr------- C:\Aslam

2008-10-17 22:53 . 2008-10-17 22:53 244 --ah----- C:\sqmnoopt06.sqm

2008-10-17 22:53 . 2008-10-17 22:53 232 --ah----- C:\sqmdata06.sqm

2008-10-17 22:28 . 2008-10-17 22:28 244 --ah----- C:\sqmnoopt05.sqm

2008-10-17 22:28 . 2008-10-17 22:28 232 --ah----- C:\sqmdata05.sqm

2008-10-17 22:17 . 2008-10-17 22:17 244 --ah----- C:\sqmnoopt04.sqm

2008-10-17 22:17 . 2008-10-17 22:17 232 --ah----- C:\sqmdata04.sqm

2008-10-17 21:54 . 2008-10-17 21:54 244 --ah----- C:\sqmnoopt03.sqm

2008-10-17 21:54 . 2008-10-17 21:54 232 --ah----- C:\sqmdata03.sqm

2008-10-17 18:53 . 2002-11-21 11:56 119,296 --a------ c:\program files\gapa.exe

2008-10-17 17:50 . 2008-11-12 16:24 <DIR> d-------- c:\program files\QuickGamma

2008-10-17 02:09 . 2008-10-17 02:09 <DIR> d-------- C:\802b506a90741843c7

2008-10-16 17:44 . 2008-09-08 21:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys

2008-10-16 17:43 . 2008-08-14 21:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe

2008-10-16 17:43 . 2008-08-14 21:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe

2008-10-16 17:43 . 2008-08-14 20:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe

2008-10-16 17:43 . 2008-08-14 20:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe

2008-10-16 17:43 . 2008-09-15 23:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys

2008-10-15 21:33 . 2003-09-16 12:59 191,488 --a------ c:\windows\w4e_motivational.scr

2008-10-15 21:33 . 2008-10-15 22:07 94 --a------ c:\windows\w4e_motivational.ini

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-15 01:23 69,632 ----a-w c:\windows\system32\csrssw.dll

2008-11-14 22:40 17,408 ----a-w c:\windows\system32\svchost.exe

2008-11-14 21:20 --------- d-----w c:\program files\Common Files\Adobe

2008-11-12 05:43 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

2008-11-12 05:24 --------- d-----w c:\program files\Malwarebytes' Anti-Malware

2008-11-12 05:24 --------- d-----w c:\program files\Free FLV Converter

2008-11-12 02:16 19,762 ----a-w c:\program files\Common Files\ynojysu.ban

2008-11-07 08:06 263 ----a-w c:\program files\gapa.ini

2008-11-03 05:58 --------- d-----w c:\documents and settings\All Users\Application Data\STOPzilla!

2008-10-27 16:43 499,712 ----a-w c:\windows\system32\msvcp71.dll

2008-10-27 16:43 348,160 ----a-w c:\windows\system32\msvcr71.dll

2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-21 06:31 --------- d-----w c:\documents and settings\Mahamed\Application Data\uTorrent

2008-10-03 01:13 --------- d-----w c:\documents and settings\Mahamed\Application Data\Media Player Classic

2008-10-03 00:49 --------- d-----w c:\program files\Combined Community Codec Pack

2008-10-02 07:53 --------- d-----w c:\program files\Common Files\DVDVideoSoft

2008-10-02 07:53 --------- d-----w c:\program files\AskBarDis

2008-09-30 05:28 --------- d-----w c:\program files\Xvid

2008-09-25 09:10 --------- d-----w c:\program files\NOS

2008-09-25 09:10 --------- d-----w c:\documents and settings\All Users\Application Data\NOS

2008-09-25 08:13 --------- d-----w c:\documents and settings\Mahamed\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2008-09-25 08:11 --------- d-----w c:\program files\Common Files\Adobe AIR

2008-09-25 08:03 81,920 ----a-w c:\windows\system32\dpl100.dll

2008-09-25 08:03 593,920 ----a-w c:\windows\system32\dpuGUI11.dll

2008-09-25 08:03 57,344 ----a-w c:\windows\system32\dpv11.dll

2008-09-25 08:03 536,576 ----a-w c:\windows\system32\DivXsm.exe

2008-09-25 08:03 53,248 ----a-w c:\windows\system32\dpuGUI10.dll

2008-09-25 08:03 344,064 ----a-w c:\windows\system32\dpus11.dll

2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu11.dll

2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu10.dll

2008-09-25 08:03 196,608 ----a-w c:\windows\system32\dtu100.dll

2008-09-25 08:03 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe

2008-09-23 02:51 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!

2008-09-22 11:00 --------- d-----w c:\program files\Messenger Plus! Live

2008-09-21 02:04 --------- d-----w c:\program files\Windows Live

2008-09-21 02:02 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller

2008-09-21 01:55 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller

2008-09-19 21:57 9,464 ----a-w c:\windows\system32\drivers\cdralw2k.sys

2008-09-19 21:57 9,336 ----a-w c:\windows\system32\drivers\cdr4_xp.sys

2008-09-19 21:57 43,528 ----a-w c:\windows\system32\drivers\PxHelp20.sys

2008-09-19 21:57 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll

2008-09-19 21:57 129,784 ----a-w c:\windows\system32\pxafs.dll

2008-09-19 21:57 120,056 ----a-w c:\windows\system32\pxcpyi64.exe

2008-09-19 21:57 118,520 ----a-w c:\windows\system32\pxinsi64.exe

2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll

2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll

2008-09-19 21:54 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll

2008-09-19 03:15 --------- d-----w c:\program files\Microsoft Works

2008-09-19 03:14 --------- d-----w c:\program files\MSBuild

2008-09-19 03:01 --------- d-----w c:\program files\Microsoft.NET

2008-09-16 13:27 --------- d-----w c:\documents and settings\All Users\Application Data\SITEguard

2008-09-16 13:26 --------- d-----w c:\program files\Common Files\iS3

2008-09-15 13:46 --------- d-----w c:\program files\AVG

2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys

2008-09-15 06:44 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft

2008-09-15 06:03 --------- d-----w c:\documents and settings\Mahamed\Application Data\Malwarebytes

2008-09-15 06:03 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes

2008-09-15 05:52 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2008-09-15 05:40 --------- d-----w c:\program files\Common Files\Download Manager

2008-09-12 18:30 278,528 ----a-w c:\windows\system32\TubeFinder.exe

2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll

2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll

2008-08-20 05:30 666,112 ----a-w c:\windows\system32\wininet.dll

.

 

------- Sigcheck -------

 

2004-08-04 01:56 14336 5de5b5c556f04f26dd6068267644a8ca c:\windows\$NtServicePackUninstall$\svchost.exe

2008-04-14 06:42 23040 06fcb16ca84dcc11302fd1854b6b246c c:\windows\ServicePackFiles\i386\svchost.exe

2004-08-04 18:56 23040 385a7e4e53c27ae4047816c5ec582f5e c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\svchost.exe

2008-11-15 09:40 17408 757bfb408b7ea07648188f30d027cb6e c:\windows\system32\svchost.exe

 

2004-08-04 01:56 502272 19f92aaf6870b66d25b351e230abc6ea c:\windows\$NtServicePackUninstall$\winlogon.exe

2008-04-14 06:42 516608 808f4f0941af51bd295eded8071a286b c:\windows\ServicePackFiles\i386\winlogon.exe

2004-08-04 18:56 510976 8c45beb4d178e0b993ca55ab14ce53fd c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\winlogon.exe

2008-04-14 06:42 512000 d4b1151878c946abd7013197a2a58a86 c:\windows\system32\winlogon.exe

 

2008-04-14 06:42 1048576 32b05ffd8ee421e8d135922f94a09779 c:\windows\explorer.exe

2004-08-04 01:56 1032192 56195559d22a24d39c0d04b954fb1901 c:\windows\$NtServicePackUninstall$\explorer.exe

2008-04-14 06:42 1042432 8aab8f71347002bc2ac64ae0beb5e905 c:\windows\ServicePackFiles\i386\explorer.exe

2004-08-04 18:56 1040896 0c8ec25cd14642a3cd74d794176645b5 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\explorer.exe

 

2004-08-04 01:56 108032 1800469178c252c5977f711b468c00a1 c:\windows\$NtServicePackUninstall$\services.exe

2008-04-14 06:42 117248 ef1758444f1504c33b79c26a5926d69b c:\windows\ServicePackFiles\i386\services.exe

2004-08-04 18:56 116736 b83fefe879296a209915092ee67437fa c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\services.exe

2008-04-14 06:42 111104 8f0b1f3a69379f2fb94a7ea9927d7ae6 c:\windows\system32\services.exe

 

2004-08-04 01:56 13312 5877be9b08f740e5bd64e7c86608a93f c:\windows\$NtServicePackUninstall$\lsass.exe

2008-04-14 06:42 22016 0df2519a636ddbf74e43c73f6db43943 c:\windows\ServicePackFiles\i386\lsass.exe

2004-08-04 18:56 22016 0b6bba57a1bb9998e542d911e27b5bd6 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\lsass.exe

2008-04-14 06:42 14848 75a4df4fcd68e97e5ad34543f18bbc86 c:\windows\system32\lsass.exe

 

2004-08-04 01:56 15360 fe408f07f63eece65f4e3f8ce09030d5 c:\windows\$NtServicePackUninstall$\ctfmon.exe

2008-04-14 06:42 24064 7799f2ecb1713979335e8abc1ec42bcf c:\windows\ServicePackFiles\i386\ctfmon.exe

2004-08-04 18:56 24064 e0e0a63fa6e13fcee9d77d729a14e7b1 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ctfmon.exe

2008-04-14 06:42 15360 b61439f0bc14b836101d6387197715e8 c:\windows\system32\CTFMON.EXE

 

2005-06-11 11:17 57856 8cfa993f4fdf5568aff15d99765c21d6 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe

2005-06-11 10:53 57856 07763dfe5ea3c14946d4052c56ba377d c:\windows\$NtServicePackUninstall$\spoolsv.exe

2004-08-04 01:56 57856 cb39079b8adca54c691db044351b94bf c:\windows\$NtUninstallKB896423$\spoolsv.exe

2008-04-14 06:42 66560 5a45de4b505cbbc52e4b09706357c050 c:\windows\ServicePackFiles\i386\spoolsv.exe

2004-08-04 18:56 66560 234df4f1361db1af65a3fe7ef06925fe c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\spoolsv.exe

2008-04-14 06:42 58368 9611bbfa386db3a3d6f32aa8dc92ef42 c:\windows\system32\spoolsv.exe

 

2004-08-04 01:56 24576 27f29f65bf97a1dd81d50229b5023745 c:\windows\$NtServicePackUninstall$\userinit.exe

2008-04-14 06:42 34816 f7746144dda31959e03610f052c33d92 c:\windows\ServicePackFiles\i386\userinit.exe

2004-08-04 18:56 33280 215be2b305baa8e049760ba95cb8b6ba c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\userinit.exe

2008-04-14 06:42 26112 31c92b93500c4ee80248b3d67acf4480 c:\windows\system32\userinit.exe

.

((((((((((((((((((((((((((((( [email protected]_10.40.06.95 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-11-15 01:16:17 1,790 ----a-w c:\windows\ERDNT\CFUNDO.dat

+ 2008-08-07 04:27:04 175,616 ----a-w c:\windows\ERUNT\SDFIX\ERDNT.EXE

+ 2008-11-15 00:42:34 4,595,712 ----a-w c:\windows\ERUNT\SDFIX\Users\00000001\ntuser.dat

+ 2008-11-15 00:42:34 294,912 ----a-w c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat

+ 2008-08-07 04:27:04 175,616 ----a-w c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE

+ 2008-11-15 00:42:21 4,595,712 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat

+ 2008-11-15 00:42:21 294,912 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat

- 2008-11-14 23:33:52 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2008-11-15 01:23:55 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat

- 2008-11-14 23:33:52 65,536 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2008-11-15 01:23:55 65,536 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2008-11-14 23:33:55 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2008-11-15 01:23:55 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2008-11-15 01:22:59 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_194.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

 

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-06 136600]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-28 185872]

"Movie Maker"="c:\windows\vmmreg32.exe" [2008-11-14 146860]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"MSBuild"="c:\windows\vmmreg32.exe" [2008-11-14 146860]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon]

2008-07-23 16:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

"vidc.3IV2"= 3ivxVfWCodec.dll

"vidc.SEDG"= SamsungVfWCodec.dll

"vidc.DX50"= DivXVfWCodec.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WG111v2 Smart Wizard Wireless Setting.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WG111v2 Smart Wizard Wireless Setting.lnk

backup=c:\windows\pss\WG111v2 Smart Wizard Wireless Setting.lnkCommon Startup

 

[HKLM\~\startupfolder\c:^documents and settings^all users^start menu^programs^startup^windows search.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

backup=c:\windows\pss\Windows Search.lnkCommon Startup

 

[HKLM\~\startupfolder\c:^documents and settings^mahamed^start menu^programs^startup^limewire on startup.lnk]

path=c:\documents and settings\Mahamed\Start Menu\Programs\Startup\LimeWire On Startup.lnk

backup=c:\windows\pss\LimeWire On Startup.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

--a------ 2008-11-07 19:16 342336 c:\program files\DNA\btdna.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2008-04-14 06:42 1695232 c:\program files\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2008-10-28 03:43 185872 c:\program files\Common Files\Real\Update_OB\realsched.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\MBAM.EXE"=

"c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6112:TCP"= 6112:TCP:WarcraftIII

"6112:UDP"= 6112:UDP:WarcraftIII

 

R3 genmcmnusb;USB Scroll Mouse Driver;c:\windows\system32\DRIVERS\gflmouhid.sys [2004-04-19 6656]

S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-15 12:23:03

Windows 5.1.2600 Service Pack 3 NTFS

 

detected NTDLL code modification:

ZwOpenFile

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

 

c:\docume~1\Mahamed\LOCALS~1\Temp\RGI1.tmp

c:\windows\system32\csrssw.dll 69632 bytes executable

 

scan completed successfully

hidden files: 2

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Lavasoft\Ad-Aware\aawservice.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\searchindexer.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2008-11-15 12:30:36 - machine was rebooted

ComboFix-quarantined-files.txt 2008-11-15 01:30:22

ComboFix2.txt 2008-11-14 23:41:28

 

Pre-Run: 59,169,300,480 bytes free

Post-Run: 59,153,608,704 bytes free

 

398 --- E O F --- 2008-11-12 05:44:00

Share this post


Link to post
Share on other sites

Hello

 

Open notepad and copy/paste the text in the quotebox below into it:

http://www.lavasoftsupport.com/index.php?showtopic=21732&st=0entry88892

Collect::
c:\windows\unisoja.exe
c:\windows\system32\horjiqot.exe
c:\program files\gapa.exe
c:\windows\system32\csrssw.dll


Suspect::

Save this as CFScript.txt

 

 

CFScriptB-4.gif

 

Refering to the picture above, drag CFScript.txt into ComboFix.exe

 

When finished, it shall produce a log for you. Post that log in your next reply.

 

**Note**

 

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

  • Ensure you are connected to the internet and click OK on the message box.
  • A browser will open.
  • Simply follow the instructions to copy/paste/send the requested file.

 

 

Please download Malwarebytes' Anti-Malware from Here or Here

 

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Share this post


Link to post
Share on other sites

ComboFix 08-11-13.01 - Mahamed 2008-11-15 15:13:46.3 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.166 [GMT 11:00]

Running from: c:\documents and settings\Mahamed\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Mahamed\Desktop\CFScript.txt

* Created a new restore point

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\program files\gapa.exe

c:\windows\system32\csrssw.dll

c:\windows\system32\horjiqot.exe

c:\windows\unisoja.exe

 

c:\windows\system32\lsass.exe . . . is infected!!

 

c:\windows\system32\winlogon.exe . . . is infected!!

 

c:\windows\system32\services.exe . . . is infected!!

 

c:\windows\system32\svchost.exe . . . is infected!!

 

c:\windows\system32\spoolsv.exe . . . is infected!!

 

c:\windows\explorer.exe . . . is infected!!

 

.

((((((((((((((((((((((((( Files Created from 2008-10-15 to 2008-11-15 )))))))))))))))))))))))))))))))

.

 

2008-12-22 15:59 . 2008-12-22 15:59 447,200 --a------ c:\windows\system32\OpenQuicktimeLib.dll

2008-12-22 15:59 . 2008-12-22 15:59 332,512 --a------ c:\windows\system32\3ivxVfWCodec.dll

2008-12-22 15:59 . 2008-12-22 15:59 25,312 --a------ c:\windows\system32\SamsungVfWCodec.dll

2008-12-22 15:59 . 2008-12-22 15:59 25,312 --a------ c:\windows\system32\DivXVfWCodec.dll

2008-12-22 15:58 . 2008-12-22 15:58 1,155,808 --a------ c:\windows\system32\3ivx.dll

2008-12-22 15:52 . 2008-12-22 15:52 66,272 --a------ c:\windows\system32\libfaac.dll

2008-11-15 15:26 . 2008-11-14 02:02 146,860 --a------ c:\windows\twain.exe

2008-11-15 14:19 . 2008-11-15 14:19 207,360 --a--c--- c:\windows\system32\dllcache\ndis.sys

2008-11-15 14:18 . 2008-11-15 14:18 31,744 --a------ c:\windows\system32\reader.exe

2008-11-15 14:18 . 2008-11-15 14:18 18 --a------ c:\windows\system32\5A.tmp

2008-11-15 14:17 . 2008-11-15 14:17 44 --a------ c:\windows\system32\58.tmp

2008-11-15 12:23 . 2008-11-14 02:02 146,860 --a------ c:\windows\vmmreg32.exe

2008-11-15 11:46 . 2008-11-15 11:46 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll

2008-11-15 11:42 . 2008-11-15 11:42 <DIR> d-------- c:\windows\ERUNT

2008-11-15 11:18 . 2008-11-15 12:02 <DIR> d-------- C:\SDFix

2008-11-15 09:29 . 2008-11-15 09:29 <DIR> d-------- C:\_OTMoveIt

2008-11-15 08:35 . 2008-11-15 09:10 <DIR> d-------- C:\Lop SD

2008-11-14 19:54 . 2008-11-14 19:54 <DIR> d-------- c:\program files\Trend Micro

2008-11-12 19:13 . 2008-11-12 19:13 <DIR> d-------- c:\documents and settings\Administrator\DoctorWeb

2008-11-12 18:49 . 2008-11-12 18:49 <DIR> d-------- c:\documents and settings\Mahamed\DoctorWeb

2008-11-12 18:44 . 2008-11-12 18:44 230 --a------ c:\windows\system32\spupdsvc.inf

2008-11-12 17:07 . 2008-11-12 18:28 <DIR> d-------- c:\program files\Enigma Software Group

2008-11-12 16:17 . 2008-11-12 16:28 15,083,520 --a------ c:\program files\spybotsd160.exe

2008-11-12 16:00 . 2008-11-12 16:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET

2008-11-12 15:54 . 2008-11-13 17:25 <DIR> d-------- c:\program files\RogueRemover FREE

2008-11-12 15:53 . 2008-09-05 04:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll

2008-11-12 15:53 . 2008-10-24 22:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

2008-11-12 10:57 . 2008-11-12 10:57 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\Apple Computer

2008-11-11 20:14 . 2008-11-13 18:35 <DIR> d-------- c:\program files\Lavasoft

2008-11-11 19:37 . 2008-11-11 19:59 25,129,080 --a------ c:\program files\antivir_workstation_winu_en_h(2).exe

2008-11-11 17:01 . 2008-11-11 17:17 23,804,784 --a------ c:\program files\aaw2008.exe

2008-11-10 17:56 . 2008-11-10 17:56 <DIR> d-------- c:\program files\Alwil Software

2008-11-09 10:56 . 2008-11-09 10:56 <DIR> d-------- c:\program files\3ivx

2008-11-09 10:04 . 2008-11-09 10:49 <DIR> d-------- c:\windows\system32\quicktime

2008-11-09 09:49 . 2008-11-13 18:20 <DIR> d-------- c:\program files\QuickTime

2008-11-09 09:39 . 2008-11-09 09:40 <DIR> d-------- c:\program files\Service Packs

2008-11-08 11:02 . 2008-11-14 02:15 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\LimeWire

2008-11-08 11:01 . 2008-11-13 13:26 <DIR> d-------- c:\program files\LimeWire

2008-11-07 23:18 . 2008-11-07 23:18 <DIR> d-------- c:\windows\Sun

2008-11-07 19:16 . 2008-11-10 18:45 <DIR> d-------- c:\program files\DNA

2008-11-07 19:16 . 2008-11-10 23:07 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\DNA

2008-11-07 17:54 . 2008-11-07 20:25 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\DivX

2008-11-07 17:15 . 2008-11-07 17:17 <DIR> d-------- c:\program files\DivX

2008-11-06 22:31 . 2008-11-06 22:31 <DIR> d-------- c:\program files\Sun

2008-11-06 22:28 . 2008-11-06 22:27 410,976 --a------ c:\windows\system32\deploytk.dll

2008-11-06 22:28 . 2008-11-06 22:27 73,728 --a------ c:\windows\system32\javacpl.cpl

2008-11-06 22:27 . 2008-11-06 22:27 <DIR> d-------- c:\program files\Java

2008-11-04 18:23 . 2008-11-04 18:25 <DIR> d-------- c:\windows\system32\NtmsData

2008-11-04 10:08 . 2008-11-04 10:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2008-11-04 10:07 . 2008-11-13 17:23 <DIR> d-------- c:\program files\SUPERAntiSpyware

2008-11-04 10:07 . 2008-11-04 10:07 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\SUPERAntiSpyware.com

2008-11-04 10:04 . 2008-11-13 18:34 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard

2008-11-03 20:04 . 2008-11-03 20:04 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\Windows Search

2008-11-03 18:53 . 2008-11-12 10:42 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\Comodo

2008-11-03 15:00 . 2008-11-12 10:42 <DIR> d-------- c:\program files\COMODO

2008-11-03 09:17 . 2008-11-03 09:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\MSN6

2008-11-03 09:12 . 2008-11-12 19:13 <DIR> d-------- c:\documents and settings\Administrator

2008-11-03 08:09 . 2008-11-03 09:15 <DIR> d-------- c:\program files\Smart Virus Remover

2008-11-03 01:16 . 2008-11-03 01:16 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\MSN6

2008-10-29 09:36 . 2008-10-29 09:36 823,296 --a------ c:\windows\system32\divx_xx0c.dll

2008-10-29 09:36 . 2008-10-29 09:36 823,296 --a------ c:\windows\system32\divx_xx07.dll

2008-10-29 09:35 . 2008-10-29 09:35 815,104 --a------ c:\windows\system32\divx_xx0a.dll

2008-10-29 09:35 . 2008-10-29 09:35 802,816 --a------ c:\windows\system32\divx_xx11.dll

2008-10-28 03:44 . 2008-10-28 03:44 <DIR> d-------- c:\program files\Common Files\xing shared

2008-10-28 03:43 . 2008-10-28 03:43 <DIR> d-------- c:\program files\Real

2008-10-26 22:21 . 2008-10-26 22:21 <DIR> d-------- c:\program files\Real Alternative

2008-10-26 22:21 . 2008-10-28 03:44 <DIR> d-------- c:\program files\Common Files\Real

2008-10-25 19:18 . 2008-10-25 19:18 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\Windows Desktop Search

2008-10-25 19:16 . 2008-10-25 19:16 <DIR> d-------- c:\windows\system32\GroupPolicy

2008-10-25 19:16 . 2008-10-25 19:16 <DIR> d-------- c:\program files\Windows Desktop Search

2008-10-25 19:15 . 2008-03-08 04:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll

2008-10-25 19:15 . 2008-03-08 04:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll

2008-10-25 19:15 . 2008-03-08 04:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll

2008-10-25 19:14 . 2008-10-25 19:14 <DIR> d-------- c:\program files\CONEXANT

2008-10-25 19:13 . 2008-10-16 03:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

2008-10-25 17:16 . 2008-10-25 17:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8

2008-10-24 21:31 . 2008-04-14 05:42 159,232 --a------ c:\windows\system32\ptpusd.dll

2008-10-24 21:31 . 2008-04-14 00:15 15,104 --a------ c:\windows\system32\drivers\usbscan.sys

2008-10-24 21:31 . 2008-04-14 00:15 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys

2008-10-24 21:31 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll

2008-10-22 20:17 . 2008-10-22 20:17 <DIR> d-------- c:\program files\Common Files\InstallShield

2008-10-19 11:49 . 2008-09-08 23:38 99,840 --a------ c:\windows\system32\AntiXPVSTFix.exe

2008-10-19 11:49 . 2008-10-10 08:58 94,208 --a------ c:\windows\system32\o4Patch.exe

2008-10-19 11:49 . 2008-10-10 08:58 94,208 --a------ c:\windows\system32\IEDFix.C.exe

2008-10-19 11:49 . 2008-08-18 12:19 84,992 --a------ c:\windows\system32\404FIX.EXE

2008-10-19 11:48 . 2007-09-06 00:22 289,144 --a------ c:\windows\system32\VCCLSID.exe

2008-10-19 11:48 . 2006-04-27 17:49 288,417 --a------ c:\windows\system32\SrchSTS.exe

2008-10-19 11:48 . 2008-10-01 15:51 98,816 --a------ c:\windows\system32\VACFix.exe

2008-10-19 11:48 . 2008-05-18 21:40 94,208 --a------ c:\windows\system32\IEDFix.exe

2008-10-19 11:48 . 2003-06-05 21:13 65,536 --a------ c:\windows\system32\Process.exe

2008-10-19 11:48 . 2004-07-31 18:50 59,904 --a------ c:\windows\system32\dumphive.exe

2008-10-19 11:48 . 2007-10-04 00:36 37,888 --a------ c:\windows\system32\WS2Fix.exe

2008-10-18 14:38 . 2008-10-18 14:38 <DIR> d-------- c:\program files\Windows Media Connect 2

2008-10-18 14:33 . 2008-10-18 14:33 <DIR> d-------- c:\windows\system32\LogFiles

2008-10-18 14:33 . 2008-10-27 12:26 <DIR> d-------- c:\windows\system32\drivers\UMDF

2008-10-18 01:31 . 2008-10-18 01:31 <DIR> dr------- C:\Aslam

2008-10-17 22:53 . 2008-10-17 22:53 244 --ah----- C:\sqmnoopt06.sqm

2008-10-17 22:53 . 2008-10-17 22:53 232 --ah----- C:\sqmdata06.sqm

2008-10-17 22:28 . 2008-10-17 22:28 244 --ah----- C:\sqmnoopt05.sqm

2008-10-17 22:28 . 2008-10-17 22:28 232 --ah----- C:\sqmdata05.sqm

2008-10-17 22:17 . 2008-10-17 22:17 244 --ah----- C:\sqmnoopt04.sqm

2008-10-17 22:17 . 2008-10-17 22:17 232 --ah----- C:\sqmdata04.sqm

2008-10-17 21:54 . 2008-10-17 21:54 244 --ah----- C:\sqmnoopt03.sqm

2008-10-17 21:54 . 2008-10-17 21:54 232 --ah----- C:\sqmdata03.sqm

2008-10-17 17:50 . 2008-11-12 16:24 <DIR> d-------- c:\program files\QuickGamma

2008-10-17 02:09 . 2008-10-17 02:09 <DIR> d-------- C:\802b506a90741843c7

2008-10-16 17:44 . 2008-09-08 21:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys

2008-10-16 17:43 . 2008-08-14 21:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe

2008-10-16 17:43 . 2008-08-14 21:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe

2008-10-16 17:43 . 2008-08-14 20:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe

2008-10-16 17:43 . 2008-08-14 20:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe

2008-10-16 17:43 . 2008-09-15 23:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys

2008-10-15 21:33 . 2003-09-16 12:59 191,488 --a------ c:\windows\w4e_motivational.scr

2008-10-15 21:33 . 2008-10-15 22:07 94 --a------ c:\windows\w4e_motivational.ini

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-15 04:26 69,632 ----a-w c:\windows\system32\csrssw.dll

2008-11-15 03:19 207,360 ----a-w c:\windows\system32\drivers\ndis.sys

2008-11-14 22:40 17,408 ----a-w c:\windows\system32\svchost.exe

2008-11-14 21:20 --------- d-----w c:\program files\Common Files\Adobe

2008-11-12 05:43 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

2008-11-12 05:24 --------- d-----w c:\program files\Malwarebytes' Anti-Malware

2008-11-12 05:24 --------- d-----w c:\program files\Free FLV Converter

2008-11-12 02:16 19,762 ----a-w c:\program files\Common Files\ynojysu.ban

2008-11-07 08:06 263 ----a-w c:\program files\gapa.ini

2008-11-03 05:58 --------- d-----w c:\documents and settings\All Users\Application Data\STOPzilla!

2008-10-27 16:43 499,712 ----a-w c:\windows\system32\msvcp71.dll

2008-10-27 16:43 348,160 ----a-w c:\windows\system32\msvcr71.dll

2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-21 06:31 --------- d-----w c:\documents and settings\Mahamed\Application Data\uTorrent

2008-10-03 01:13 --------- d-----w c:\documents and settings\Mahamed\Application Data\Media Player Classic

2008-10-03 00:49 --------- d-----w c:\program files\Combined Community Codec Pack

2008-10-02 07:53 --------- d-----w c:\program files\Common Files\DVDVideoSoft

2008-10-02 07:53 --------- d-----w c:\program files\AskBarDis

2008-09-30 05:28 --------- d-----w c:\program files\Xvid

2008-09-25 09:10 --------- d-----w c:\program files\NOS

2008-09-25 09:10 --------- d-----w c:\documents and settings\All Users\Application Data\NOS

2008-09-25 08:13 --------- d-----w c:\documents and settings\Mahamed\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2008-09-25 08:11 --------- d-----w c:\program files\Common Files\Adobe AIR

2008-09-25 08:03 81,920 ----a-w c:\windows\system32\dpl100.dll

2008-09-25 08:03 593,920 ----a-w c:\windows\system32\dpuGUI11.dll

2008-09-25 08:03 57,344 ----a-w c:\windows\system32\dpv11.dll

2008-09-25 08:03 536,576 ----a-w c:\windows\system32\DivXsm.exe

2008-09-25 08:03 53,248 ----a-w c:\windows\system32\dpuGUI10.dll

2008-09-25 08:03 344,064 ----a-w c:\windows\system32\dpus11.dll

2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu11.dll

2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu10.dll

2008-09-25 08:03 196,608 ----a-w c:\windows\system32\dtu100.dll

2008-09-25 08:03 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe

2008-09-23 02:51 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!

2008-09-22 11:00 --------- d-----w c:\program files\Messenger Plus! Live

2008-09-21 02:04 --------- d-----w c:\program files\Windows Live

2008-09-21 02:02 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller

2008-09-21 01:55 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller

2008-09-19 21:57 9,464 ----a-w c:\windows\system32\drivers\cdralw2k.sys

2008-09-19 21:57 9,336 ----a-w c:\windows\system32\drivers\cdr4_xp.sys

2008-09-19 21:57 43,528 ----a-w c:\windows\system32\drivers\PxHelp20.sys

2008-09-19 21:57 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll

2008-09-19 21:57 129,784 ----a-w c:\windows\system32\pxafs.dll

2008-09-19 21:57 120,056 ----a-w c:\windows\system32\pxcpyi64.exe

2008-09-19 21:57 118,520 ----a-w c:\windows\system32\pxinsi64.exe

2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll

2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll

2008-09-19 21:54 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll

2008-09-19 03:15 --------- d-----w c:\program files\Microsoft Works

2008-09-19 03:14 --------- d-----w c:\program files\MSBuild

2008-09-19 03:01 --------- d-----w c:\program files\Microsoft.NET

2008-09-16 13:27 --------- d-----w c:\documents and settings\All Users\Application Data\SITEguard

2008-09-16 13:26 --------- d-----w c:\program files\Common Files\iS3

2008-09-15 13:46 --------- d-----w c:\program files\AVG

2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys

2008-09-15 06:44 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft

2008-09-15 06:03 --------- d-----w c:\documents and settings\Mahamed\Application Data\Malwarebytes

2008-09-15 06:03 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes

2008-09-15 05:52 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2008-09-15 05:40 --------- d-----w c:\program files\Common Files\Download Manager

2008-09-12 18:30 278,528 ----a-w c:\windows\system32\TubeFinder.exe

2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll

2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll

2008-08-20 05:30 666,112 ----a-w c:\windows\system32\wininet.dll

.

 

------- Sigcheck -------

 

2004-08-04 01:56 14336 5de5b5c556f04f26dd6068267644a8ca c:\windows\$NtServicePackUninstall$\svchost.exe

2008-04-14 06:42 23040 06fcb16ca84dcc11302fd1854b6b246c c:\windows\ServicePackFiles\i386\svchost.exe

2004-08-04 18:56 23040 385a7e4e53c27ae4047816c5ec582f5e c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\svchost.exe

2008-11-15 09:40 17408 757bfb408b7ea07648188f30d027cb6e c:\windows\system32\svchost.exe

 

2004-08-04 01:56 502272 19f92aaf6870b66d25b351e230abc6ea c:\windows\$NtServicePackUninstall$\winlogon.exe

2008-04-14 06:42 516608 808f4f0941af51bd295eded8071a286b c:\windows\ServicePackFiles\i386\winlogon.exe

2004-08-04 18:56 510976 8c45beb4d178e0b993ca55ab14ce53fd c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\winlogon.exe

2008-04-14 06:42 512000 d4b1151878c946abd7013197a2a58a86 c:\windows\system32\winlogon.exe

 

2004-08-04 00:14 182912 1df7f42665c94b825322fae71721130d c:\windows\$NtServicePackUninstall$\ndis.sys

2008-04-14 01:50 182656 1df7f42665c94b825322fae71721130d c:\windows\ServicePackFiles\i386\ndis.sys

2004-08-04 17:14 182912 1df7f42665c94b825322fae71721130d c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ndis.sys

2008-11-15 14:19 207360 1df7f42665c94b825322fae71721130d c:\windows\system32\dllcache\ndis.sys

2008-11-15 14:19 207360 1df7f42665c94b825322fae71721130d c:\windows\system32\drivers\ndis.sys

 

2008-04-14 06:42 1048576 32b05ffd8ee421e8d135922f94a09779 c:\windows\explorer.exe

2004-08-04 01:56 1032192 56195559d22a24d39c0d04b954fb1901 c:\windows\$NtServicePackUninstall$\explorer.exe

2008-04-14 06:42 1042432 8aab8f71347002bc2ac64ae0beb5e905 c:\windows\ServicePackFiles\i386\explorer.exe

2004-08-04 18:56 1040896 0c8ec25cd14642a3cd74d794176645b5 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\explorer.exe

 

2004-08-04 01:56 108032 1800469178c252c5977f711b468c00a1 c:\windows\$NtServicePackUninstall$\services.exe

2008-04-14 06:42 117248 ef1758444f1504c33b79c26a5926d69b c:\windows\ServicePackFiles\i386\services.exe

2004-08-04 18:56 116736 b83fefe879296a209915092ee67437fa c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\services.exe

2008-04-14 06:42 111104 8f0b1f3a69379f2fb94a7ea9927d7ae6 c:\windows\system32\services.exe

 

2004-08-04 01:56 13312 5877be9b08f740e5bd64e7c86608a93f c:\windows\$NtServicePackUninstall$\lsass.exe

2008-04-14 06:42 22016 0df2519a636ddbf74e43c73f6db43943 c:\windows\ServicePackFiles\i386\lsass.exe

2004-08-04 18:56 22016 0b6bba57a1bb9998e542d911e27b5bd6 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\lsass.exe

2008-04-14 06:42 14848 75a4df4fcd68e97e5ad34543f18bbc86 c:\windows\system32\lsass.exe

 

2004-08-04 01:56 15360 fe408f07f63eece65f4e3f8ce09030d5 c:\windows\$NtServicePackUninstall$\ctfmon.exe

2008-04-14 06:42 24064 7799f2ecb1713979335e8abc1ec42bcf c:\windows\ServicePackFiles\i386\ctfmon.exe

2004-08-04 18:56 24064 e0e0a63fa6e13fcee9d77d729a14e7b1 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ctfmon.exe

2008-04-14 06:42 15360 b61439f0bc14b836101d6387197715e8 c:\windows\system32\CTFMON.EXE

 

2005-06-11 11:17 57856 8cfa993f4fdf5568aff15d99765c21d6 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe

2005-06-11 10:53 57856 07763dfe5ea3c14946d4052c56ba377d c:\windows\$NtServicePackUninstall$\spoolsv.exe

2004-08-04 01:56 57856 cb39079b8adca54c691db044351b94bf c:\windows\$NtUninstallKB896423$\spoolsv.exe

2008-04-14 06:42 66560 5a45de4b505cbbc52e4b09706357c050 c:\windows\ServicePackFiles\i386\spoolsv.exe

2004-08-04 18:56 66560 234df4f1361db1af65a3fe7ef06925fe c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\spoolsv.exe

2008-04-14 06:42 58368 9611bbfa386db3a3d6f32aa8dc92ef42 c:\windows\system32\spoolsv.exe

 

2004-08-04 01:56 24576 27f29f65bf97a1dd81d50229b5023745 c:\windows\$NtServicePackUninstall$\userinit.exe

2008-04-14 06:42 34816 f7746144dda31959e03610f052c33d92 c:\windows\ServicePackFiles\i386\userinit.exe

2004-08-04 18:56 33280 215be2b305baa8e049760ba95cb8b6ba c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\userinit.exe

2008-04-14 06:42 26112 31c92b93500c4ee80248b3d67acf4480 c:\windows\system32\userinit.exe

.

((((((((((((((((((((((((((((( [email protected]_10.40.06.95 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-11-15 04:21:46 2,685 ----a-w c:\windows\ERDNT\CFUNDO.dat

+ 2008-08-07 04:27:04 175,616 ----a-w c:\windows\ERUNT\SDFIX\ERDNT.EXE

+ 2008-11-15 00:42:34 4,595,712 ----a-w c:\windows\ERUNT\SDFIX\Users\00000001\ntuser.dat

+ 2008-11-15 00:42:34 294,912 ----a-w c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat

+ 2008-08-07 04:27:04 175,616 ----a-w c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE

+ 2008-11-15 00:42:21 4,595,712 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat

+ 2008-11-15 00:42:21 294,912 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat

- 2008-11-14 23:33:52 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2008-11-15 04:26:34 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat

- 2008-11-14 23:33:52 65,536 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2008-11-15 04:26:34 65,536 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2008-11-14 23:33:55 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2008-11-15 04:26:34 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2008-11-15 04:25:49 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_744.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

 

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-06 136600]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-28 185872]

"Movie Maker"="c:\windows\vmmreg32.exe" [2008-11-14 146860]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"MSBuild"="c:\windows\vmmreg32.exe" [2008-11-14 146860]

"reader"="c:\windows\System32\reader.exe" [2008-11-15 31744]

"xerox"="c:\windows\twain.exe" [2008-11-14 146860]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon]

2008-07-23 16:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

"vidc.3IV2"= 3ivxVfWCodec.dll

"vidc.SEDG"= SamsungVfWCodec.dll

"vidc.DX50"= DivXVfWCodec.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WG111v2 Smart Wizard Wireless Setting.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WG111v2 Smart Wizard Wireless Setting.lnk

backup=c:\windows\pss\WG111v2 Smart Wizard Wireless Setting.lnkCommon Startup

 

[HKLM\~\startupfolder\c:^documents and settings^all users^start menu^programs^startup^windows search.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

backup=c:\windows\pss\Windows Search.lnkCommon Startup

 

[HKLM\~\startupfolder\c:^documents and settings^mahamed^start menu^programs^startup^limewire on startup.lnk]

path=c:\documents and settings\Mahamed\Start Menu\Programs\Startup\LimeWire On Startup.lnk

backup=c:\windows\pss\LimeWire On Startup.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

--a------ 2008-11-07 19:16 342336 c:\program files\DNA\btdna.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2008-04-14 06:42 1695232 c:\program files\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2008-10-28 03:43 185872 c:\program files\Common Files\Real\Update_OB\realsched.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\MBAM.EXE"=

"c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6112:TCP"= 6112:TCP:WarcraftIII

"6112:UDP"= 6112:UDP:WarcraftIII

 

R3 genmcmnusb;USB Scroll Mouse Driver;c:\windows\system32\DRIVERS\gflmouhid.sys [2004-04-19 6656]

S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-15 15:25:56

Windows 5.1.2600 Service Pack 3 NTFS

 

detected NTDLL code modification:

ZwOpenFile

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

 

c:\windows\system32\csrssw.dll 69632 bytes executable

 

scan completed successfully

hidden files: 1

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Lavasoft\Ad-Aware\aawservice.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\searchindexer.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2008-11-15 15:34:55 - machine was rebooted

ComboFix-quarantined-files.txt 2008-11-15 04:34:39

ComboFix2.txt 2008-11-15 01:30:39

ComboFix3.txt 2008-11-14 23:41:28

 

Pre-Run: 59,121,426,432 bytes free

Post-Run: 59,105,665,024 bytes free

 

360 --- E O F --- 2008-11-12 05:44:00

Share this post


Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.28

Database version: 1154

Windows 5.1.2600 Service Pack 3

 

15/11/2008 03:40:49 PM

mbam-log-2008-11-15 (15-40-49).txt

 

Scan type: Quick Scan

Objects scanned: 46777

Time elapsed: 4 minute(s), 59 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 1

Registry Values Infected: 4

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 4

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

C:\WINDOWS\system32\csrssw.dll (Trojan.Agent) -> Delete on reboot.

 

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{474fe679-b667-42ae-99aa-adc21ccbbe14} (Malware.Trace) -> Quarantined and deleted successfully.

 

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xerox (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\movie maker (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msbuild (Trojan.Agent) -> Quarantined and deleted successfully.

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

C:\WINDOWS\system32\reader.exe (Trojan.FakeAlert.H) -> Delete on reboot.

C:\WINDOWS\system32\csrssw.dll (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\twain.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\vmmreg32.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Share this post


Link to post
Share on other sites

I accidentally scanned with the Malwarebytes Anti-malware i already had, thinking that it was the newest version. Now i am downloading the newest version and i will replace the reply above with the new log.

 

Sorry for that Rorscharch112.

Share this post


Link to post
Share on other sites

I decided to leave the old MBAM log incase you wanted to see it.

 

Here's the new MBAM log :

 

Malwarebytes' Anti-Malware 1.30

Database version: 1399

Windows 5.1.2600 Service Pack 3

 

15/11/2008 04:07:16 PM

mbam-log-2008-11-15 (16-07-16).txt

 

Scan type: Quick Scan

Objects scanned: 51316

Time elapsed: 8 minute(s), 43 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 1

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0574d50f-c261-490d-bf39-4e91183c4efb} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f1f1537f-671e-41c2-8b7e-c3042f59c7ed} (Trojan.Vundo) -> Quarantined and deleted successfully.

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

C:\Documents and Settings\Mahamed\Start Menu\Programs\AntivirusPro2009 (Rogue.AntivirusPro2009) -> Quarantined and deleted successfully.

 

Files Infected:

(No malicious items detected)

Edited by Morphling

Share this post


Link to post
Share on other sites

Hi Rorschach112, really sorry for the quadruple post but i thought i needed to tell you this.

Earlier today(few hours after Malwarebytes removed some infections) Mozilla Firefox crashed. Then when i tried opening Mozilla firefox i got an error saying " there weren't enough sources on the system to perform the task". THen suddenly explorer.exe crashed and when i tried to open Task Manager(Ctrl+Alt+Delete) i got an application error. So i turned of my computer(by holding the power button) and turned it back on. Explorer.exe didn't startup and i still got an Application Error so i reset my computer again. Now everything seems to be fine.

Any clue why this might have happened and is this anything to be worried about?

Share this post


Link to post
Share on other sites

Its just the malware, got some nasties around still

 

1. Close any open browsers.

 

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

 

3. Open notepad and copy/paste the text in the quotebox below into it:

 

File::

c:\windows\system32\reader.exe

c:\windows\system32\5A.tmp

c:\windows\system32\58.tmp

c:\windows\vmmreg32.exe

c:\windows\system32\csrssw.dll

 

FCopy::

c:\windows\$NtServicePackUninstall$\lsass.exe | c:\windows\system32\lsass.exe

c:\windows\$NtServicePackUninstall$\winlogon.exe | c:\windows\system32\winlogon.exe

c:\windows\$NtServicePackUninstall$\services.exe | c:\windows\system32\services.exe

c:\windows\ServicePackFiles\i386\svchost.exe | c:\windows\system32\svchost.exe

c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe | c:\windows\system32\spoolsv.exe

c:\windows\$NtServicePackUninstall$\explorer.exe | c:\windows\explorer.exe

 

 

 

Folder::

 

Registry::

 

Driver::

 

Save this as CFScript.txt, in the same location as ComboFix.exe

 

 

CFScriptB-4.gif

 

Refering to the picture above, drag CFScript into ComboFix.exe

 

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
    • c:\windows\system32\drivers\ndis.sys

    [*]Click on the Upload button

    [*]Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.

    [*]Paste the contents of the Clipboard in your next reply.

Share this post


Link to post
Share on other sites

The uploading seems to be taking forever since my internet is capped. After 87% has uploaded my "Est. Speed" keeps going down and it doesn't look like its going to finish. Right now it says "Est. Time Left : 3 min" and "Elapsed Time : 21 min".

EDIT : Is there any other way because the progress isn't moving from 87%.

Here is the ComboFix log

 

ComboFix 08-11-13.02 - Mahamed 2008-11-16 11:18:56.4 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.159 [GMT 11:00]

Running from: c:\documents and settings\Mahamed\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Mahamed\Desktop\CFScript.txt

* Created a new restore point

 

FILE ::

c:\windows\system32\58.tmp

c:\windows\system32\5A.tmp

c:\windows\system32\csrssw.dll

c:\windows\system32\reader.exe

c:\windows\vmmreg32.exe

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\58.tmp

c:\windows\system32\5A.tmp

c:\windows\system32\drivers\ntndis.exe

c:\windows\system32\drivers\ntndis.sys

c:\windows\system32\reader.exe

 

c:\windows\system32\lsass.exe . . . is infected!!

 

c:\windows\system32\winlogon.exe . . . is infected!!

 

c:\windows\system32\services.exe . . . is infected!!

 

c:\windows\system32\svchost.exe . . . is infected!!

 

c:\windows\system32\spoolsv.exe . . . is infected!!

 

c:\windows\explorer.exe . . . is infected!!

 

.

--------------- FCopy ---------------

 

c:\windows\$NtServicePackUninstall$\lsass.exe --> c:\windows\system32\lsass.exe

c:\windows\$NtServicePackUninstall$\winlogon.exe --> c:\windows\system32\winlogon.exe

c:\windows\$NtServicePackUninstall$\services.exe --> c:\windows\system32\services.exe

c:\windows\ServicePackFiles\i386\svchost.exe --> c:\windows\system32\svchost.exe

c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe --> c:\windows\system32\spoolsv.exe

c:\windows\$NtServicePackUninstall$\explorer.exe --> c:\windows\explorer.exe

.

((((((((((((((((((((((((( Files Created from 2008-10-16 to 2008-11-16 )))))))))))))))))))))))))))))))

.

 

2008-12-22 15:59 . 2008-12-22 15:59 447,200 --a------ c:\windows\system32\OpenQuicktimeLib.dll

2008-12-22 15:59 . 2008-12-22 15:59 332,512 --a------ c:\windows\system32\3ivxVfWCodec.dll

2008-12-22 15:59 . 2008-12-22 15:59 25,312 --a------ c:\windows\system32\SamsungVfWCodec.dll

2008-12-22 15:59 . 2008-12-22 15:59 25,312 --a------ c:\windows\system32\DivXVfWCodec.dll

2008-12-22 15:58 . 2008-12-22 15:58 1,155,808 --a------ c:\windows\system32\3ivx.dll

2008-12-22 15:52 . 2008-12-22 15:52 66,272 --a------ c:\windows\system32\libfaac.dll

2008-11-15 22:49 . 2008-11-15 22:49 44 --a------ c:\windows\system32\27.tmp

2008-11-15 22:49 . 2008-11-15 22:49 0 --a------ c:\windows\system32\29.tmp

2008-11-15 21:35 . 2008-11-15 21:35 44 --a------ c:\windows\system32\43.tmp

2008-11-15 21:35 . 2008-11-15 21:35 18 --a------ c:\windows\system32\45.tmp

2008-11-15 20:38 . 2008-11-15 20:38 44 --a------ c:\windows\system32\2C.tmp

2008-11-15 20:38 . 2008-11-15 20:38 18 --a------ c:\windows\system32\2E.tmp

2008-11-15 19:56 . 2008-11-15 19:56 44 --a------ c:\windows\system32\10.tmp

2008-11-15 19:56 . 2008-11-15 19:56 18 --a------ c:\windows\system32\12.tmp

2008-11-15 16:00 . 2008-11-15 16:00 44 --a------ c:\windows\system32\2.tmp

2008-11-15 16:00 . 2008-11-15 16:00 0 --a------ c:\windows\system32\4.tmp

2008-11-15 14:19 . 2008-11-15 14:19 207,360 --a--c--- c:\windows\system32\dllcache\ndis.sys

2008-11-15 11:46 . 2008-11-15 11:46 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll

2008-11-15 11:42 . 2008-11-15 11:42 <DIR> d-------- c:\windows\ERUNT

2008-11-15 11:18 . 2008-11-15 12:02 <DIR> d-------- C:\SDFix

2008-11-15 09:29 . 2008-11-15 09:29 <DIR> d-------- C:\_OTMoveIt

2008-11-15 08:35 . 2008-11-15 09:10 <DIR> d-------- C:\Lop SD

2008-11-14 19:54 . 2008-11-14 19:54 <DIR> d-------- c:\program files\Trend Micro

2008-11-12 19:13 . 2008-11-12 19:13 <DIR> d-------- c:\documents and settings\Administrator\DoctorWeb

2008-11-12 18:49 . 2008-11-12 18:49 <DIR> d-------- c:\documents and settings\Mahamed\DoctorWeb

2008-11-12 18:44 . 2008-11-12 18:44 230 --a------ c:\windows\system32\spupdsvc.inf

2008-11-12 17:07 . 2008-11-12 18:28 <DIR> d-------- c:\program files\Enigma Software Group

2008-11-12 16:17 . 2008-11-12 16:28 15,083,520 --a------ c:\program files\spybotsd160.exe

2008-11-12 16:00 . 2008-11-12 16:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET

2008-11-12 15:54 . 2008-11-13 17:25 <DIR> d-------- c:\program files\RogueRemover FREE

2008-11-12 15:53 . 2008-09-05 04:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll

2008-11-12 15:53 . 2008-10-24 22:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

2008-11-12 10:57 . 2008-11-12 10:57 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\Apple Computer

2008-11-11 20:14 . 2008-11-13 18:35 <DIR> d-------- c:\program files\Lavasoft

2008-11-11 19:37 . 2008-11-11 19:59 25,129,080 --a------ c:\program files\antivir_workstation_winu_en_h(2).exe

2008-11-11 17:01 . 2008-11-11 17:17 23,804,784 --a------ c:\program files\aaw2008.exe

2008-11-10 17:56 . 2008-11-10 17:56 <DIR> d-------- c:\program files\Alwil Software

2008-11-09 10:56 . 2008-11-09 10:56 <DIR> d-------- c:\program files\3ivx

2008-11-09 10:04 . 2008-11-09 10:49 <DIR> d-------- c:\windows\system32\quicktime

2008-11-09 09:49 . 2008-11-13 18:20 <DIR> d-------- c:\program files\QuickTime

2008-11-09 09:39 . 2008-11-09 09:40 <DIR> d-------- c:\program files\Service Packs

2008-11-08 11:02 . 2008-11-14 02:15 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\LimeWire

2008-11-08 11:01 . 2008-11-13 13:26 <DIR> d-------- c:\program files\LimeWire

2008-11-07 23:18 . 2008-11-07 23:18 <DIR> d-------- c:\windows\Sun

2008-11-07 19:16 . 2008-11-10 18:45 <DIR> d-------- c:\program files\DNA

2008-11-07 19:16 . 2008-11-10 23:07 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\DNA

2008-11-07 17:54 . 2008-11-07 20:25 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\DivX

2008-11-07 17:15 . 2008-11-07 17:17 <DIR> d-------- c:\program files\DivX

2008-11-06 22:31 . 2008-11-06 22:31 <DIR> d-------- c:\program files\Sun

2008-11-06 22:28 . 2008-11-06 22:27 410,976 --a------ c:\windows\system32\deploytk.dll

2008-11-06 22:28 . 2008-11-06 22:27 73,728 --a------ c:\windows\system32\javacpl.cpl

2008-11-06 22:27 . 2008-11-06 22:27 <DIR> d-------- c:\program files\Java

2008-11-04 18:23 . 2008-11-04 18:25 <DIR> d-------- c:\windows\system32\NtmsData

2008-11-04 10:08 . 2008-11-04 10:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2008-11-04 10:07 . 2008-11-13 17:23 <DIR> d-------- c:\program files\SUPERAntiSpyware

2008-11-04 10:07 . 2008-11-04 10:07 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\SUPERAntiSpyware.com

2008-11-04 10:04 . 2008-11-13 18:34 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard

2008-11-03 20:04 . 2008-11-03 20:04 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\Windows Search

2008-11-03 18:53 . 2008-11-12 10:42 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\Comodo

2008-11-03 15:00 . 2008-11-12 10:42 <DIR> d-------- c:\program files\COMODO

2008-11-03 09:17 . 2008-11-03 09:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\MSN6

2008-11-03 09:12 . 2008-11-12 19:13 <DIR> d-------- c:\documents and settings\Administrator

2008-11-03 08:09 . 2008-11-03 09:15 <DIR> d-------- c:\program files\Smart Virus Remover

2008-11-03 01:16 . 2008-11-03 01:16 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\MSN6

2008-10-29 09:36 . 2008-10-29 09:36 823,296 --a------ c:\windows\system32\divx_xx0c.dll

2008-10-29 09:36 . 2008-10-29 09:36 823,296 --a------ c:\windows\system32\divx_xx07.dll

2008-10-29 09:35 . 2008-10-29 09:35 815,104 --a------ c:\windows\system32\divx_xx0a.dll

2008-10-29 09:35 . 2008-10-29 09:35 802,816 --a------ c:\windows\system32\divx_xx11.dll

2008-10-28 03:44 . 2008-10-28 03:44 <DIR> d-------- c:\program files\Common Files\xing shared

2008-10-28 03:43 . 2008-10-28 03:43 <DIR> d-------- c:\program files\Real

2008-10-26 22:21 . 2008-10-26 22:21 <DIR> d-------- c:\program files\Real Alternative

2008-10-26 22:21 . 2008-10-28 03:44 <DIR> d-------- c:\program files\Common Files\Real

2008-10-25 19:18 . 2008-10-25 19:18 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\Windows Desktop Search

2008-10-25 19:16 . 2008-10-25 19:16 <DIR> d-------- c:\windows\system32\GroupPolicy

2008-10-25 19:16 . 2008-10-25 19:16 <DIR> d-------- c:\program files\Windows Desktop Search

2008-10-25 19:15 . 2008-03-08 04:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll

2008-10-25 19:15 . 2008-03-08 04:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll

2008-10-25 19:15 . 2008-03-08 04:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll

2008-10-25 19:14 . 2008-10-25 19:14 <DIR> d-------- c:\program files\CONEXANT

2008-10-25 19:13 . 2008-10-16 03:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

2008-10-25 17:16 . 2008-10-25 17:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8

2008-10-24 21:31 . 2008-04-14 05:42 159,232 --a------ c:\windows\system32\ptpusd.dll

2008-10-24 21:31 . 2008-04-14 00:15 15,104 --a------ c:\windows\system32\drivers\usbscan.sys

2008-10-24 21:31 . 2008-04-14 00:15 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys

2008-10-24 21:31 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll

2008-10-22 20:17 . 2008-10-22 20:17 <DIR> d-------- c:\program files\Common Files\InstallShield

2008-10-19 11:49 . 2008-09-08 23:38 99,840 --a------ c:\windows\system32\AntiXPVSTFix.exe

2008-10-19 11:49 . 2008-10-10 08:58 94,208 --a------ c:\windows\system32\o4Patch.exe

2008-10-19 11:49 . 2008-10-10 08:58 94,208 --a------ c:\windows\system32\IEDFix.C.exe

2008-10-19 11:49 . 2008-08-18 12:19 84,992 --a------ c:\windows\system32\404FIX.EXE

2008-10-19 11:48 . 2007-09-06 00:22 289,144 --a------ c:\windows\system32\VCCLSID.exe

2008-10-19 11:48 . 2006-04-27 17:49 288,417 --a------ c:\windows\system32\SrchSTS.exe

2008-10-19 11:48 . 2008-10-01 15:51 98,816 --a------ c:\windows\system32\VACFix.exe

2008-10-19 11:48 . 2008-05-18 21:40 94,208 --a------ c:\windows\system32\IEDFix.exe

2008-10-19 11:48 . 2003-06-05 21:13 65,536 --a------ c:\windows\system32\Process.exe

2008-10-19 11:48 . 2004-07-31 18:50 59,904 --a------ c:\windows\system32\dumphive.exe

2008-10-19 11:48 . 2007-10-04 00:36 37,888 --a------ c:\windows\system32\WS2Fix.exe

2008-10-18 14:38 . 2008-10-18 14:38 <DIR> d-------- c:\program files\Windows Media Connect 2

2008-10-18 14:33 . 2008-10-18 14:33 <DIR> d-------- c:\windows\system32\LogFiles

2008-10-18 14:33 . 2008-10-27 12:26 <DIR> d-------- c:\windows\system32\drivers\UMDF

2008-10-18 01:31 . 2008-10-18 01:31 <DIR> dr------- C:\Aslam

2008-10-17 22:53 . 2008-10-17 22:53 244 --ah----- C:\sqmnoopt06.sqm

2008-10-17 22:53 . 2008-10-17 22:53 232 --ah----- C:\sqmdata06.sqm

2008-10-17 22:28 . 2008-10-17 22:28 244 --ah----- C:\sqmnoopt05.sqm

2008-10-17 22:28 . 2008-10-17 22:28 232 --ah----- C:\sqmdata05.sqm

2008-10-17 22:17 . 2008-10-17 22:17 244 --ah----- C:\sqmnoopt04.sqm

2008-10-17 22:17 . 2008-10-17 22:17 232 --ah----- C:\sqmdata04.sqm

2008-10-17 21:54 . 2008-10-17 21:54 244 --ah----- C:\sqmnoopt03.sqm

2008-10-17 21:54 . 2008-10-17 21:54 232 --ah----- C:\sqmdata03.sqm

2008-10-17 17:50 . 2008-11-12 16:24 <DIR> d-------- c:\program files\QuickGamma

2008-10-17 02:09 . 2008-10-17 02:09 <DIR> d-------- C:\802b506a90741843c7

2008-10-16 17:44 . 2008-09-08 21:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys

2008-10-16 17:43 . 2008-08-14 21:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe

2008-10-16 17:43 . 2008-08-14 21:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe

2008-10-16 17:43 . 2008-08-14 20:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe

2008-10-16 17:43 . 2008-08-14 20:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe

2008-10-16 17:43 . 2008-09-15 23:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-15 04:52 --------- d-----w c:\program files\Malwarebytes' Anti-Malware

2008-11-15 03:19 207,360 ----a-w c:\windows\system32\drivers\ndis.sys

2008-11-14 21:20 --------- d-----w c:\program files\Common Files\Adobe

2008-11-12 05:43 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

2008-11-12 05:24 --------- d-----w c:\program files\Free FLV Converter

2008-11-12 02:16 19,762 ----a-w c:\program files\Common Files\ynojysu.ban

2008-11-07 08:06 263 ----a-w c:\program files\gapa.ini

2008-11-03 05:58 --------- d-----w c:\documents and settings\All Users\Application Data\STOPzilla!

2008-10-27 16:43 499,712 ----a-w c:\windows\system32\msvcp71.dll

2008-10-27 16:43 348,160 ----a-w c:\windows\system32\msvcr71.dll

2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-22 05:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2008-10-22 05:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2008-10-21 06:31 --------- d-----w c:\documents and settings\Mahamed\Application Data\uTorrent

2008-10-03 01:13 --------- d-----w c:\documents and settings\Mahamed\Application Data\Media Player Classic

2008-10-03 00:49 --------- d-----w c:\program files\Combined Community Codec Pack

2008-10-02 07:53 --------- d-----w c:\program files\Common Files\DVDVideoSoft

2008-10-02 07:53 --------- d-----w c:\program files\AskBarDis

2008-09-30 05:28 --------- d-----w c:\program files\Xvid

2008-09-25 09:10 --------- d-----w c:\program files\NOS

2008-09-25 09:10 --------- d-----w c:\documents and settings\All Users\Application Data\NOS

2008-09-25 08:13 --------- d-----w c:\documents and settings\Mahamed\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2008-09-25 08:11 --------- d-----w c:\program files\Common Files\Adobe AIR

2008-09-25 08:03 81,920 ----a-w c:\windows\system32\dpl100.dll

2008-09-25 08:03 593,920 ----a-w c:\windows\system32\dpuGUI11.dll

2008-09-25 08:03 57,344 ----a-w c:\windows\system32\dpv11.dll

2008-09-25 08:03 536,576 ----a-w c:\windows\system32\DivXsm.exe

2008-09-25 08:03 53,248 ----a-w c:\windows\system32\dpuGUI10.dll

2008-09-25 08:03 344,064 ----a-w c:\windows\system32\dpus11.dll

2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu11.dll

2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu10.dll

2008-09-25 08:03 196,608 ----a-w c:\windows\system32\dtu100.dll

2008-09-25 08:03 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe

2008-09-23 02:51 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!

2008-09-22 11:00 --------- d-----w c:\program files\Messenger Plus! Live

2008-09-21 02:04 --------- d-----w c:\program files\Windows Live

2008-09-21 02:02 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller

2008-09-21 01:55 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller

2008-09-19 21:57 9,464 ----a-w c:\windows\system32\drivers\cdralw2k.sys

2008-09-19 21:57 9,336 ----a-w c:\windows\system32\drivers\cdr4_xp.sys

2008-09-19 21:57 43,528 ----a-w c:\windows\system32\drivers\PxHelp20.sys

2008-09-19 21:57 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll

2008-09-19 21:57 129,784 ----a-w c:\windows\system32\pxafs.dll

2008-09-19 21:57 120,056 ----a-w c:\windows\system32\pxcpyi64.exe

2008-09-19 21:57 118,520 ----a-w c:\windows\system32\pxinsi64.exe

2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll

2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll

2008-09-19 21:54 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll

2008-09-19 03:15 --------- d-----w c:\program files\Microsoft Works

2008-09-19 03:14 --------- d-----w c:\program files\MSBuild

2008-09-19 03:01 --------- d-----w c:\program files\Microsoft.NET

2008-09-16 13:27 --------- d-----w c:\documents and settings\All Users\Application Data\SITEguard

2008-09-16 13:26 --------- d-----w c:\program files\Common Files\iS3

2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys

2008-09-12 18:30 278,528 ----a-w c:\windows\system32\TubeFinder.exe

2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll

2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll

2008-08-20 05:30 666,112 ----a-w c:\windows\system32\wininet.dll

.

 

------- Sigcheck -------

 

2004-08-04 01:56 14336 5de5b5c556f04f26dd6068267644a8ca c:\windows\$NtServicePackUninstall$\svchost.exe

2008-04-14 06:42 23040 06fcb16ca84dcc11302fd1854b6b246c c:\windows\ServicePackFiles\i386\svchost.exe

2004-08-04 18:56 23040 385a7e4e53c27ae4047816c5ec582f5e c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\svchost.exe

2008-04-14 06:42 23040 06fcb16ca84dcc11302fd1854b6b246c c:\windows\system32\svchost.exe

 

2004-08-04 01:56 502272 19f92aaf6870b66d25b351e230abc6ea c:\windows\$NtServicePackUninstall$\winlogon.exe

2008-04-14 06:42 516608 808f4f0941af51bd295eded8071a286b c:\windows\ServicePackFiles\i386\winlogon.exe

2004-08-04 18:56 510976 8c45beb4d178e0b993ca55ab14ce53fd c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\winlogon.exe

2004-08-04 01:56 502272 19f92aaf6870b66d25b351e230abc6ea c:\windows\system32\winlogon.exe

 

2004-08-04 00:14 182912 1df7f42665c94b825322fae71721130d c:\windows\$NtServicePackUninstall$\ndis.sys

2008-04-14 01:50 182656 1df7f42665c94b825322fae71721130d c:\windows\ServicePackFiles\i386\ndis.sys

2004-08-04 17:14 182912 1df7f42665c94b825322fae71721130d c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ndis.sys

2008-11-15 14:19 207360 1df7f42665c94b825322fae71721130d c:\windows\system32\dllcache\ndis.sys

2008-11-15 14:19 207360 1df7f42665c94b825322fae71721130d c:\windows\system32\drivers\ndis.sys

 

2004-08-04 01:56 1032192 56195559d22a24d39c0d04b954fb1901 c:\windows\explorer.exe

2004-08-04 01:56 1032192 56195559d22a24d39c0d04b954fb1901 c:\windows\$NtServicePackUninstall$\explorer.exe

2008-04-14 06:42 1042432 8aab8f71347002bc2ac64ae0beb5e905 c:\windows\ServicePackFiles\i386\explorer.exe

2004-08-04 18:56 1040896 0c8ec25cd14642a3cd74d794176645b5 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\explorer.exe

 

2004-08-04 01:56 108032 1800469178c252c5977f711b468c00a1 c:\windows\$NtServicePackUninstall$\services.exe

2008-04-14 06:42 117248 ef1758444f1504c33b79c26a5926d69b c:\windows\ServicePackFiles\i386\services.exe

2004-08-04 18:56 116736 b83fefe879296a209915092ee67437fa c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\services.exe

2004-08-04 01:56 108032 1800469178c252c5977f711b468c00a1 c:\windows\system32\services.exe

 

2004-08-04 01:56 13312 5877be9b08f740e5bd64e7c86608a93f c:\windows\$NtServicePackUninstall$\lsass.exe

2008-04-14 06:42 22016 0df2519a636ddbf74e43c73f6db43943 c:\windows\ServicePackFiles\i386\lsass.exe

2004-08-04 18:56 22016 0b6bba57a1bb9998e542d911e27b5bd6 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\lsass.exe

2004-08-04 01:56 13312 5877be9b08f740e5bd64e7c86608a93f c:\windows\system32\lsass.exe

 

2004-08-04 01:56 15360 fe408f07f63eece65f4e3f8ce09030d5 c:\windows\$NtServicePackUninstall$\ctfmon.exe

2008-04-14 06:42 24064 7799f2ecb1713979335e8abc1ec42bcf c:\windows\ServicePackFiles\i386\ctfmon.exe

2004-08-04 18:56 24064 e0e0a63fa6e13fcee9d77d729a14e7b1 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ctfmon.exe

2008-04-14 06:42 15360 b61439f0bc14b836101d6387197715e8 c:\windows\system32\CTFMON.EXE

 

2005-06-11 11:17 57856 8cfa993f4fdf5568aff15d99765c21d6 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe

2005-06-11 10:53 57856 07763dfe5ea3c14946d4052c56ba377d c:\windows\$NtServicePackUninstall$\spoolsv.exe

2004-08-04 01:56 57856 cb39079b8adca54c691db044351b94bf c:\windows\$NtUninstallKB896423$\spoolsv.exe

2008-04-14 06:42 66560 5a45de4b505cbbc52e4b09706357c050 c:\windows\ServicePackFiles\i386\spoolsv.exe

2004-08-04 18:56 66560 234df4f1361db1af65a3fe7ef06925fe c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\spoolsv.exe

2005-06-11 11:17 57856 8cfa993f4fdf5568aff15d99765c21d6 c:\windows\system32\spoolsv.exe

 

2004-08-04 01:56 24576 27f29f65bf97a1dd81d50229b5023745 c:\windows\$NtServicePackUninstall$\userinit.exe

2008-04-14 06:42 34816 f7746144dda31959e03610f052c33d92 c:\windows\ServicePackFiles\i386\userinit.exe

2004-08-04 18:56 33280 215be2b305baa8e049760ba95cb8b6ba c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\userinit.exe

2008-04-14 06:42 26112 31c92b93500c4ee80248b3d67acf4480 c:\windows\system32\userinit.exe

.

((((((((((((((((((((((((((((( [email protected]_10.40.06.95 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-11-16 00:24:52 3,580 ----a-w c:\windows\ERDNT\CFUNDO.dat

+ 2008-08-07 04:27:04 175,616 ----a-w c:\windows\ERUNT\SDFIX\ERDNT.EXE

+ 2008-11-15 00:42:34 4,595,712 ----a-w c:\windows\ERUNT\SDFIX\Users\00000001\ntuser.dat

+ 2008-11-15 00:42:34 294,912 ----a-w c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat

+ 2008-08-07 04:27:04 175,616 ----a-w c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE

+ 2008-11-15 00:42:21 4,595,712 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat

+ 2008-11-15 00:42:21 294,912 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat

- 2008-11-14 23:33:52 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2008-11-15 04:26:34 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat

- 2008-11-14 23:33:52 65,536 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2008-11-15 04:26:34 65,536 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2008-11-16 00:32:44 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_6c.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

 

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-06 136600]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-28 185872]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon]

2008-07-23 16:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

"vidc.3IV2"= 3ivxVfWCodec.dll

"vidc.SEDG"= SamsungVfWCodec.dll

"vidc.DX50"= DivXVfWCodec.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WG111v2 Smart Wizard Wireless Setting.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WG111v2 Smart Wizard Wireless Setting.lnk

backup=c:\windows\pss\WG111v2 Smart Wizard Wireless Setting.lnkCommon Startup

 

[HKLM\~\startupfolder\c:^documents and settings^all users^start menu^programs^startup^windows search.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

backup=c:\windows\pss\Windows Search.lnkCommon Startup

 

[HKLM\~\startupfolder\c:^documents and settings^mahamed^start menu^programs^startup^limewire on startup.lnk]

path=c:\documents and settings\Mahamed\Start Menu\Programs\Startup\LimeWire On Startup.lnk

backup=c:\windows\pss\LimeWire On Startup.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

--a------ 2008-11-07 19:16 342336 c:\program files\DNA\btdna.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2008-04-14 06:42 1695232 c:\program files\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2008-10-28 03:43 185872 c:\program files\Common Files\Real\Update_OB\realsched.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\MBAM.EXE"=

"c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6112:TCP"= 6112:TCP:WarcraftIII

"6112:UDP"= 6112:UDP:WarcraftIII

 

R3 genmcmnusb;USB Scroll Mouse Driver;c:\windows\system32\DRIVERS\gflmouhid.sys [2004-04-19 6656]

S3 getPlus� Helper;getPlus� Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-09-25 33752]

.

- - - - ORPHANS REMOVED - - - -

 

HKLM-Run-reader - c:\windows\System32\reader.exe

 

 

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-16 11:32:14

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Lavasoft\Ad-Aware\aawservice.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\searchindexer.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2008-11-16 11:40:54 - machine was rebooted [Mahamed]

ComboFix-quarantined-files.txt 2008-11-16 00:40:42

ComboFix2.txt 2008-11-15 04:34:58

ComboFix3.txt 2008-11-15 01:30:39

ComboFix4.txt 2008-11-14 23:41:28

 

Pre-Run: 59,028,422,656 bytes free

Post-Run: 59,015,700,480 bytes free

 

366 --- E O F --- 2008-11-15 13:26:13

Edited by Morphling

Share this post


Link to post
Share on other sites

Hello

 

Please download the OTMoveIt3 by OldTimer or from here.

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
     
    :Processes
    explorer.exe
    
    :Services
    
    :Reg
    
    :files
    c:\windows\system32\27.tmp
    c:\windows\system32\29.tmp
    c:\windows\system32\43.tmp
    c:\windows\system32\45.tmp
    c:\windows\system32\2C.tmp
    c:\windows\system32\2E.tmp
    c:\windows\system32\10.tmp
    c:\windows\system32\12.tmp
    c:\windows\system32\2.tmp
    c:\windows\system32\4.tmp
    
    
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]


     

  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
     
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

 

 

 

 

Please download Malwarebytes' Anti-Malware from Here or Here

 

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

 

 

 

 

Go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases

[*]Click on My Computer under Scan.

[*]Once the scan is complete, it will display the results. Click on View Scan Report.

[*]You will see a list of infected items there. Click on Save Report As....

[*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

Share this post


Link to post
Share on other sites

Scanning with Kaspersky now. Here are the OTMoveIT3 and MBAM logs.

 

========== PROCESSES ==========

Process explorer.exe killed successfully.

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

========== FILES ==========

c:\windows\system32\27.tmp moved successfully.

c:\windows\system32\29.tmp moved successfully.

c:\windows\system32\43.tmp moved successfully.

c:\windows\system32\45.tmp moved successfully.

c:\windows\system32\2C.tmp moved successfully.

c:\windows\system32\2E.tmp moved successfully.

c:\windows\system32\10.tmp moved successfully.

c:\windows\system32\12.tmp moved successfully.

c:\windows\system32\2.tmp moved successfully.

c:\windows\system32\4.tmp moved successfully.

========== COMMANDS ==========

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

Local Service Temporary Internet Files folder emptied.

File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_24c.dat scheduled to be deleted on reboot.

Windows Temp folder emptied.

Java cache emptied.

File delete failed. C:\Documents and Settings\Mahamed\Local Settings\Application Data\Mozilla\Firefox\Profiles\hv8n2fz6.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Mahamed\Local Settings\Application Data\Mozilla\Firefox\Profiles\hv8n2fz6.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Mahamed\Local Settings\Application Data\Mozilla\Firefox\Profiles\hv8n2fz6.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Mahamed\Local Settings\Application Data\Mozilla\Firefox\Profiles\hv8n2fz6.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Mahamed\Local Settings\Application Data\Mozilla\Firefox\Profiles\hv8n2fz6.default\urlclassifier3.sqlite scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Mahamed\Local Settings\Application Data\Mozilla\Firefox\Profiles\hv8n2fz6.default\XUL.mfl scheduled to be deleted on reboot.

FireFox cache emptied.

Temp folders emptied.

Explorer started successfully

 

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11172008_163745

 

Files moved on Reboot...

File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.

File C:\WINDOWS\temp\Perflib_Perfdata_24c.dat not found!

C:\Documents and Settings\Mahamed\Local Settings\Application Data\Mozilla\Firefox\Profiles\hv8n2fz6.default\Cache\_CACHE_001_ moved successfully.

C:\Documents and Settings\Mahamed\Local Settings\Application Data\Mozilla\Firefox\Profiles\hv8n2fz6.default\Cache\_CACHE_002_ moved successfully.

C:\Documents and Settings\Mahamed\Local Settings\Application Data\Mozilla\Firefox\Profiles\hv8n2fz6.default\Cache\_CACHE_003_ moved successfully.

C:\Documents and Settings\Mahamed\Local Settings\Application Data\Mozilla\Firefox\Profiles\hv8n2fz6.default\Cache\_CACHE_MAP_ moved successfully.

C:\Documents and Settings\Mahamed\Local Settings\Application Data\Mozilla\Firefox\Profiles\hv8n2fz6.default\urlclassifier3.sqlite moved successfully.

C:\Documents and Settings\Mahamed\Local Settings\Application Data\Mozilla\Firefox\Profiles\hv8n2fz6.default\XUL.mfl moved successfully.

 

 

 

 

Malwarebytes' Anti-Malware 1.30

Database version: 1399

Windows 5.1.2600 Service Pack 3

 

17/11/2008 04:48:11 PM

mbam-log-2008-11-17 (16-48-11).txt

 

Scan type: Quick Scan

Objects scanned: 51284

Time elapsed: 5 minute(s), 38 second(s)

 

Memory Processes Infected: 1

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 1

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 2

 

Memory Processes Infected:

C:\WINDOWS\system\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully.

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

 

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

 

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: c:\windows\system\svchost.exe -> Quarantined and deleted successfully.

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

C:\WINDOWS\system32\reader.exe (Trojan.FakeAlert.H) -> Delete on reboot.

C:\WINDOWS\system\svchost.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

Share this post


Link to post
Share on other sites

Many websites stopped working again including the online Kaspersky site. My shutdown button is missing from the start menu and when i press Ctrl+Alt+Delete it says " Task manager has been disabled by your administrator".

 

Here is the Hijackthis Log:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 03:38:43, on 18/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\reader.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [system Config Boot] syscgboot.exe

O4 - HKLM\..\Run: [reader] C:\WINDOWS\System32\reader.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1221311057437

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1221801125421

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

 

--

End of file - 4402 bytes

Share this post


Link to post
Share on other sites

After running an Ad-Aware scan and removing the infections, Kaspersky's online scanner works now. Scanning with Kaspersky right now.

 

Here is the Ad-Aware Log:

 

Ad-Aware Build

Log File Created on: 2008-11-18 17:13:55

Using Definitions File: C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\core.aawdef

Computer name: ABBAS-GW2095HV1

Name of user performing scan: SYSTEM

 

System information

===========================

Number of processors: 1

Processor type:

Memory Available: 29%

Total Physical Memory: 401063936 Bytes

Available Physical Memory: 113324032 Bytes

Total Page File Size: 1430175744 Bytes

Available On Page File: 188284928 Bytes

Total Virtual Memory: 2147352576 Bytes

Available Virtual Memory: 1769365504 Bytes

OS: Microsoft Windows XP Service Pack 3 (Build 2600)

 

Ad-Aware Settings

===========================

Skipping files larger than 1048576 kB

Ignoring infections with lower TAI than: 3

 

 

Extended Ad-Aware Settings

===========================

Unloading known modules during scan

Ignoring spanned files when scanning cab archives

Reanalyzing results after scanning before displaying results

Trying to unload modules prior to removal

Let Windows remove files currently in use at next reboot

Removing quarantined objects after restore

Deactivating Ad-Watch during scans

Writeprotecting system files after repairs

Include info about ignored objects in log file

Including basic settings in log file

Including advanced settings in log file

Including user and computer name in log file

Create and save WebUpdate log file

 

Databaseinfo

===========================

Version number: 122

Build Number: 0

Build Date and Time: 2008/09/18 16:12:33

 

Scan Statistics

===========================

Method: Full

Scan tracking cookies.............................: On

Scan ADS filestreams..............................: Off

 

Item Scanned: 287345

Infections Detected: 55

Infections Ignored: 0

 

Scan detailed statistics

===========================

Type Critical Total

Process Scan....: 0 0

Registry Scan...: 0 0

Registry PE Scan: 0 0

Hosts File Scan.: 22 22

File Scan.......: 0 0

Folder Scan.....: 0 0

LSP Scan........: 0 0

ADS Scan........: 0 0

Cookie Scan.....: 22 22

File Hash Scan..: 8 8

 

Infections Found

===========================

Family Id: 563 Name: Redirected hostfile entry Category: Misc TAI:4

Item Id: 500000144 Value: IP Address: 127.0.0.1 Host Name: WWW.TRENDMICRO.COM

Item Id: 500000145 Value: IP Address: 127.0.0.1 Host Name: CUSTOMER.SYMANTEC.COM

Item Id: 500000146 Value: IP Address: 127.0.0.1 Host Name: LIVEUPDATE.SYMANTEC.COM

Item Id: 500000148 Value: IP Address: 127.0.0.1 Host Name: UPDATES.SYMANTEC.COM

Item Id: 500000152 Value: IP Address: 127.0.0.1 Host Name: DOWNLOAD.MCAFEE.COM

Item Id: 500000154 Value: IP Address: 127.0.0.1 Host Name: MAST.MCAFEE.COM

Item Id: 500000156 Value: IP Address: 127.0.0.1 Host Name: WWW.CA.COM

Item Id: 500000160 Value: IP Address: 127.0.0.1 Host Name: WWW.KASPERSKY.COM

Item Id: 500000161 Value: IP Address: 127.0.0.1 Host Name: WWW.AVP.COM

Item Id: 500000166 Value: IP Address: 127.0.0.1 Host Name: WWW.F-SECURE.COM

Item Id: 500000168 Value: IP Address: 127.0.0.1 Host Name: WWW.VIRUSLIST.COM

Item Id: 500000169 Value: IP Address: 127.0.0.1 Host Name: LIVEUPDATE.SYMANTECLIVEUPDATE.COM

Item Id: 500000170 Value: IP Address: 127.0.0.1 Host Name: WWW.MCAFEE.COM

Item Id: 500000172 Value: IP Address: 127.0.0.1 Host Name: WWW.SOPHOS.COM

Item Id: 500000173 Value: IP Address: 127.0.0.1 Host Name: SECURITYRESPONSE.SYMANTEC.COM

Item Id: 500000174 Value: IP Address: 127.0.0.1 Host Name: WWW.SYMANTEC.COM

Item Id: 500000256 Value: IP Address: 127.0.0.1 Host Name: WWW.IKAKA.COM

Item Id: 500000258 Value: IP Address: 127.0.0.1 Host Name: WWW.360SAFE.COM

Item Id: 500000307 Value: IP Address: 127.0.0.1 Host Name: WWW.GRISOFT.COM

Item Id: 500000311 Value: IP Address: 127.0.0.1 Host Name: WWW.KASPERSKY-LABS.COM

Item Id: 500000464 Value: IP Address: 127.0.0.1 Host Name: UPDATE.SYMANTEC.COM

Item Id: 500000608 Value: IP Address: 127.0.0.1 Host Name: WWW.VIRUSTOTAL.COM

Family Id: 725 Name: Tracking Cookie Category: DataMiner TAI:3

Item Id: 600000212 Value: Browser: Internet Explorer Cookie: C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat msnaccountservices.112.2o7.net s_vi /

Item Id: 600000212 Value: Browser: Internet Explorer Cookie: C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat 2o7.net s_vi_x7Cbx7Fx7Ctcrdbeprx60acx7Eu /

Item Id: 600000179 Value: Browser: Internet Explorer Cookie: C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat atdmt.com AA002 /

Item Id: 600000171 Value: Browser: Internet Explorer Cookie: C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat bs.serving-sys.com eyeblaster /

Item Id: 600000144 Value: Browser: Internet Explorer Cookie: C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat doubleclick.net test_cookie /

Item Id: 600000408 Value: Browser: Internet Explorer Cookie: C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat serving-sys.com A2 /

Item Id: 600000408 Value: Browser: Internet Explorer Cookie: C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat serving-sys.com B2 /

Item Id: 600000408 Value: Browser: Internet Explorer Cookie: C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat serving-sys.com C3 /

Item Id: 600000408 Value: Browser: Internet Explorer Cookie: C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat serving-sys.com D3 /

Item Id: 600000408 Value: Browser: Internet Explorer Cookie: C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat serving-sys.com E2 /

Item Id: 600000408 Value: Browser: Internet Explorer Cookie: C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat serving-sys.com U /

Item Id: 600000179 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Mahamed\Cookies\index.dat atdmt.com AA002 /

Item Id: 600000171 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Mahamed\Cookies\index.dat bs.serving-sys.com eyeblaster /

Item Id: 600000212 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Mahamed\Cookies\index.dat msnaccountservices.112.2o7.net s_vi /

Item Id: 600000101 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Mahamed\Cookies\index.dat overture.com CMUserData /

Item Id: 600000408 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Mahamed\Cookies\index.dat serving-sys.com A2 /

Item Id: 600000408 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Mahamed\Cookies\index.dat serving-sys.com B2 /

Item Id: 600000408 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Mahamed\Cookies\index.dat serving-sys.com C3 /

Item Id: 600000408 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Mahamed\Cookies\index.dat serving-sys.com D3 /

Item Id: 600000408 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Mahamed\Cookies\index.dat serving-sys.com E2 /

Item Id: 600000408 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Mahamed\Cookies\index.dat serving-sys.com U /

Item Id: 600000212 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Mahamed\Cookies\index.dat msnportal.112.2o7.net s_vi /

Family Id: 763 Name: Virtumonde Category: Malware TAI:10

Item Id: 181106 Value: File: C:\Qoobox\Quarantine\C\WINDOWS\system32\djlgcflj.dll.vir

Item Id: 181106 Value: File: C:\Qoobox\Quarantine\C\WINDOWS\system32\imktlmbf.dll.vir

Item Id: 181106 Value: File: C:\Qoobox\Quarantine\C\WINDOWS\system32\tmguuwmc.dll.vir

Item Id: 181106 Value: File: C:\Qoobox\Quarantine\C\WINDOWS\system32\__c00750F9.dat.vir

Item Id: 181106 Value: File: C:\Qoobox\Quarantine\C\WINDOWS\system32\__c00BC26A.dat.vir

Item Id: 181106 Value: File: C:\Qoobox\Quarantine\C\WINDOWS\system32\__c00C9F9A.dat.vir

Family Id: 988 Name: Win32.Trojan.Spy Category: Virus TAI:10

Item Id: 244003 Value: File: C:\Qoobox\Quarantine\[4][email protected]

Family Id: 1333 Name: Win32.Rootkit.Agent Category: Malware TAI:10

Item Id: 239893 Value: File: C:\SDFix\backups\catchme.zip

Family Id: 9999 Name: MRU Object Category: MRU Object TAI:0

Item Id: 1 Value: MRU Path: C:\Documents and Settings\Mahamed\Recent Count: 161

Item Id: 2 Value: MRU Registry Key: S-1-5-21-343818398-926492609-725345543-1004\Software\Microsoft\Search Assistant\ACMru\5603 Count: 5

Item Id: 3 Value: MRU Registry Key: S-1-5-21-343818398-926492609-725345543-1004\Software\Microsoft\Internet Explorer\TypedURLs Count: 2

 

Items Ignored During Scan

===========================

 

 

Listing of running processes

===========================

C:\WINDOWS\SYSTEM32\SMSS.EXE

c:\windows\system32\smss.exe

 

c:\windows\system32\ntdll.dll

 

C:\WINDOWS\SYSTEM32\CSRSS.EXE

c:\windows\system32\csrss.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\csrsrv.dll

 

c:\windows\system32\basesrv.dll

 

c:\windows\system32\winsrv.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\sxs.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\apphelp.dll

 

c:\windows\system32\version.dll

 

C:\WINDOWS\SYSTEM32\WINLOGON.EXE

c:\windows\system32\winlogon.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\authz.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\crypt32.dll

 

c:\windows\system32\msasn1.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\nddeapi.dll

 

c:\windows\system32\profmap.dll

 

c:\windows\system32\netapi32.dll

 

c:\windows\system32\userenv.dll

 

c:\windows\system32\psapi.dll

 

c:\windows\system32\regapi.dll

 

c:\windows\system32\setupapi.dll

 

c:\windows\system32\version.dll

 

c:\windows\system32\winsta.dll

 

c:\windows\system32\wintrust.dll

 

c:\windows\system32\imagehlp.dll

 

c:\windows\system32\ws2_32.dll

 

c:\windows\system32\ws2help.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\system32\msgina.dll

 

c:\windows\system32\comctl32.dll

 

c:\windows\system32\odbc32.dll

 

c:\windows\system32\comdlg32.dll

 

c:\windows\system32\shell32.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

 

c:\windows\system32\odbcint.dll

 

c:\windows\system32\shsvcs.dll

 

c:\windows\system32\sfc.dll

 

c:\windows\system32\sfc_os.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\apphelp.dll

 

c:\windows\system32\msctfime.ime

 

c:\windows\system32\winscard.dll

 

c:\windows\system32\wtsapi32.dll

 

c:\windows\system32\wsock32.dll

 

c:\windows\system32\wininet.dll

 

c:\windows\system32\normaliz.dll

 

c:\windows\system32\iertutil.dll

 

c:\windows\system32\rasapi32.dll

 

c:\windows\system32\rasman.dll

 

c:\windows\system32\tapi32.dll

 

c:\windows\system32\rtutils.dll

 

c:\windows\system32\winmm.dll

 

c:\windows\system32\sxs.dll

 

c:\windows\system32\uxtheme.dll

 

c:\program files\superantispyware\saswinlo.dll

 

c:\windows\system32\oleaut32.dll

 

c:\windows\system32\rsaenh.dll

 

c:\windows\system32\cscdll.dll

 

c:\windows\system32\dimsntfy.dll

 

c:\windows\system32\wlnotify.dll

 

c:\windows\system32\mpr.dll

 

c:\windows\system32\winspool.drv

 

c:\windows\system32\samlib.dll

 

c:\windows\system32\msv1_0.dll

 

c:\windows\system32\iphlpapi.dll

 

c:\windows\system32\mprapi.dll

 

c:\windows\system32\activeds.dll

 

c:\windows\system32\adsldpc.dll

 

c:\windows\system32\wldap32.dll

 

c:\windows\system32\atl.dll

 

c:\windows\system32\xpsp2res.dll

 

c:\windows\system32\ntmarta.dll

 

c:\windows\system32\comres.dll

 

c:\windows\system32\clbcatq.dll

 

c:\windows\system32\wdmaud.drv

 

c:\windows\system32\msacm32.drv

 

c:\windows\system32\msacm32.dll

 

c:\windows\system32\midimap.dll

 

c:\windows\system32\sensapi.dll

 

c:\windows\system32\mswsock.dll

 

c:\windows\system32\dnsapi.dll

 

c:\windows\system32\winrnr.dll

 

c:\windows\system32\rasadhlp.dll

 

c:\windows\system32\hnetcfg.dll

 

c:\windows\system32\wshtcpip.dll

 

c:\windows\system32\cryptnet.dll

 

c:\windows\system32\winhttp.dll

 

c:\windows\system32\sclgntfy.dll

 

c:\windows\system32\drprov.dll

 

c:\windows\system32\ntlanman.dll

 

c:\windows\system32\netui0.dll

 

c:\windows\system32\netui1.dll

 

c:\windows\system32\netrap.dll

 

c:\windows\system32\davclnt.dll

 

c:\windows\system32\cscui.dll

 

c:\windows\system32\urlmon.dll

 

C:\WINDOWS\SYSTEM32\SERVICES.EXE

c:\windows\system32\services.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\userenv.dll

 

c:\windows\system32\scesrv.dll

 

c:\windows\system32\authz.dll

 

c:\windows\system32\umpnpmgr.dll

 

c:\windows\system32\winsta.dll

 

c:\windows\system32\netapi32.dll

 

c:\windows\system32\ncobjapi.dll

 

c:\windows\system32\msvcp60.dll

 

c:\windows\system32\shimeng.dll

 

c:\windows\apppatch\acadproc.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\system32\apphelp.dll

 

c:\windows\system32\version.dll

 

c:\windows\system32\eventlog.dll

 

c:\windows\system32\psapi.dll

 

c:\windows\system32\ws2_32.dll

 

c:\windows\system32\ws2help.dll

 

c:\windows\system32\wtsapi32.dll

 

c:\windows\system32\mswsock.dll

 

c:\windows\system32\hnetcfg.dll

 

c:\windows\system32\wshtcpip.dll

 

c:\windows\system32\rasadhlp.dll

 

C:\WINDOWS\SYSTEM32\LSASS.EXE

c:\windows\system32\lsass.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\lsasrv.dll

 

c:\windows\system32\mpr.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\msasn1.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\netapi32.dll

 

c:\windows\system32\ntdsapi.dll

 

c:\windows\system32\dnsapi.dll

 

c:\windows\system32\ws2_32.dll

 

c:\windows\system32\ws2help.dll

 

c:\windows\system32\wldap32.dll

 

c:\windows\system32\samlib.dll

 

c:\windows\system32\samsrv.dll

 

c:\windows\system32\cryptdll.dll

 

c:\windows\system32\shimeng.dll

 

c:\windows\apppatch\acgenral.dll

 

c:\windows\system32\winmm.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\oleaut32.dll

 

c:\windows\system32\msacm32.dll

 

c:\windows\system32\version.dll

 

c:\windows\system32\shell32.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\userenv.dll

 

c:\windows\system32\uxtheme.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

 

c:\windows\system32\comctl32.dll

 

c:\windows\system32\msprivs.dll

 

c:\windows\system32\kerberos.dll

 

c:\windows\system32\msv1_0.dll

 

c:\windows\system32\iphlpapi.dll

 

c:\windows\system32\netlogon.dll

 

c:\windows\system32\w32time.dll

 

c:\windows\system32\msvcp60.dll

 

c:\windows\system32\schannel.dll

 

c:\windows\system32\crypt32.dll

 

c:\windows\system32\wdigest.dll

 

c:\windows\system32\rsaenh.dll

 

c:\windows\system32\scecli.dll

 

c:\windows\system32\setupapi.dll

 

c:\windows\system32\ipsecsvc.dll

 

c:\windows\system32\authz.dll

 

c:\windows\system32\oakley.dll

 

c:\windows\system32\winipsec.dll

 

c:\windows\system32\pstorsvc.dll

 

c:\windows\system32\psbase.dll

 

c:\windows\system32\mswsock.dll

 

c:\windows\system32\hnetcfg.dll

 

c:\windows\system32\wshtcpip.dll

 

c:\windows\system32\dssenh.dll

 

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

c:\windows\system32\svchost.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\shimeng.dll

 

c:\windows\apppatch\acgenral.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\winmm.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\oleaut32.dll

 

c:\windows\system32\msacm32.dll

 

c:\windows\system32\version.dll

 

c:\windows\system32\shell32.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\userenv.dll

 

c:\windows\system32\uxtheme.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

 

c:\windows\system32\comctl32.dll

 

c:\windows\system32\ntmarta.dll

 

c:\windows\system32\samlib.dll

 

c:\windows\system32\wldap32.dll

 

c:\windows\system32\rpcss.dll

 

c:\windows\system32\ws2_32.dll

 

c:\windows\system32\ws2help.dll

 

c:\windows\system32\xpsp2res.dll

 

c:\windows\system32\wtsapi32.dll

 

c:\windows\system32\winsta.dll

 

c:\windows\system32\netapi32.dll

 

c:\windows\system32\msv1_0.dll

 

c:\windows\system32\iphlpapi.dll

 

c:\windows\system32\clbcatq.dll

 

c:\windows\system32\comres.dll

 

c:\windows\system32\termsrv.dll

 

c:\windows\system32\icaapi.dll

 

c:\windows\system32\setupapi.dll

 

c:\windows\system32\wintrust.dll

 

c:\windows\system32\crypt32.dll

 

c:\windows\system32\msasn1.dll

 

c:\windows\system32\imagehlp.dll

 

c:\windows\system32\authz.dll

 

c:\windows\system32\mstlsapi.dll

 

c:\windows\system32\activeds.dll

 

c:\windows\system32\adsldpc.dll

 

c:\windows\system32\atl.dll

 

c:\windows\system32\regapi.dll

 

c:\windows\system32\rsaenh.dll

 

c:\windows\system32\apphelp.dll

 

c:\windows\system32\svchost.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\shimeng.dll

 

c:\windows\apppatch\acgenral.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\winmm.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\oleaut32.dll

 

c:\windows\system32\msacm32.dll

 

c:\windows\system32\version.dll

 

c:\windows\system32\shell32.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\userenv.dll

 

c:\windows\system32\uxtheme.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

 

c:\windows\system32\comctl32.dll

 

c:\windows\system32\rpcss.dll

 

c:\windows\system32\ws2_32.dll

 

c:\windows\system32\ws2help.dll

 

c:\windows\system32\xpsp2res.dll

 

c:\windows\system32\rsaenh.dll

 

c:\windows\system32\mswsock.dll

 

c:\windows\system32\hnetcfg.dll

 

c:\windows\system32\wshtcpip.dll

 

c:\windows\system32\dnsapi.dll

 

c:\windows\system32\iphlpapi.dll

 

c:\windows\system32\winrnr.dll

 

c:\windows\system32\wldap32.dll

 

c:\windows\system32\rasadhlp.dll

 

c:\windows\system32\clbcatq.dll

 

c:\windows\system32\comres.dll

 

c:\windows\system32\svchost.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\shimeng.dll

 

c:\windows\apppatch\acgenral.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\winmm.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\oleaut32.dll

 

c:\windows\system32\msacm32.dll

 

c:\windows\system32\version.dll

 

c:\windows\system32\shell32.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\userenv.dll

 

c:\windows\system32\uxtheme.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

 

c:\windows\system32\comctl32.dll

 

c:\windows\system32\ntmarta.dll

 

c:\windows\system32\samlib.dll

 

c:\windows\system32\wldap32.dll

 

c:\windows\system32\xpsp2res.dll

 

c:\windows\system32\shsvcs.dll

 

c:\windows\system32\winsta.dll

 

c:\windows\system32\netapi32.dll

 

c:\windows\system32\rsaenh.dll

 

c:\windows\system32\dhcpcsvc.dll

 

c:\windows\system32\dnsapi.dll

 

c:\windows\system32\ws2_32.dll

 

c:\windows\system32\ws2help.dll

 

c:\windows\system32\iphlpapi.dll

 

c:\windows\system32\wzcsvc.dll

 

c:\windows\system32\rtutils.dll

 

c:\windows\system32\wmi.dll

 

c:\windows\system32\crypt32.dll

 

c:\windows\system32\msasn1.dll

 

c:\windows\system32\eapolqec.dll

 

c:\windows\system32\atl.dll

 

c:\windows\system32\qutil.dll

 

c:\windows\system32\msvcp60.dll

 

c:\windows\system32\dot3api.dll

 

c:\windows\system32\wtsapi32.dll

 

c:\windows\system32\esent.dll

 

c:\windows\system32\clbcatq.dll

 

c:\windows\system32\comres.dll

 

c:\windows\system32\rastls.dll

 

c:\windows\system32\cryptui.dll

 

c:\windows\system32\wininet.dll

 

c:\windows\system32\normaliz.dll

 

c:\windows\system32\iertutil.dll

 

c:\windows\system32\wintrust.dll

 

c:\windows\system32\imagehlp.dll

 

c:\windows\system32\mprapi.dll

 

c:\windows\system32\activeds.dll

 

c:\windows\system32\adsldpc.dll

 

c:\windows\system32\setupapi.dll

 

c:\windows\system32\rasapi32.dll

 

c:\windows\system32\rasman.dll

 

c:\windows\system32\tapi32.dll

 

c:\windows\system32\schannel.dll

 

c:\windows\system32\winscard.dll

 

c:\windows\system32\psapi.dll

 

c:\windows\system32\raschap.dll

 

c:\windows\system32\msv1_0.dll

 

c:\windows\system32\schedsvc.dll

 

c:\windows\system32\ntdsapi.dll

 

c:\windows\system32\msidle.dll

 

c:\windows\system32\audiosrv.dll

 

c:\windows\system32\wkssvc.dll

 

c:\windows\system32\qmgr.dll

 

c:\windows\system32\mpr.dll

 

c:\windows\system32\shfolder.dll

 

c:\windows\system32\winhttp.dll

 

c:\windows\pchealth\helpctr\binaries\pchsvc.dll

 

c:\windows\system32\es.dll

 

c:\windows\system32\ersvc.dll

 

c:\windows\system32\cryptsvc.dll

 

c:\windows\system32\certcli.dll

 

c:\windows\system32\mswsock.dll

 

c:\windows\system32\hnetcfg.dll

 

c:\windows\system32\wshtcpip.dll

 

c:\windows\system32\netman.dll

 

c:\windows\system32\netshell.dll

 

c:\windows\system32\credui.dll

 

c:\windows\system32\dot3dlg.dll

 

c:\windows\system32\onex.dll

 

c:\windows\system32\eappcfg.dll

 

c:\windows\system32\eappprxy.dll

 

c:\windows\system32\wzcsapi.dll

 

c:\windows\system32\srvsvc.dll

 

c:\windows\system32\sens.dll

 

c:\windows\system32\seclogon.dll

 

c:\windows\system32\srsvc.dll

 

c:\windows\system32\powrprof.dll

 

c:\windows\system32\trkwks.dll

 

c:\windows\system32\w32time.dll

 

c:\windows\system32\wbem\wmisvc.dll

 

c:\windows\system32\vssapi.dll

 

c:\windows\system32\sxs.dll

 

c:\windows\system32\comsvcs.dll

 

c:\windows\system32\colbact.dll

 

c:\windows\system32\mtxclu.dll

 

c:\windows\system32\wsock32.dll

 

c:\windows\system32\clusapi.dll

 

c:\windows\system32\resutils.dll

 

c:\windows\system32\wuauserv.dll

 

c:\windows\system32\wscsvc.dll

 

c:\windows\system32\msi.dll

 

c:\windows\system32\wuaueng.dll

 

c:\windows\system32\winspool.drv

 

c:\windows\system32\cabinet.dll

 

c:\windows\system32\mspatcha.dll

 

c:\windows\system32\ipnathlp.dll

 

c:\windows\system32\authz.dll

 

c:\windows\system32\browser.dll

 

c:\windows\system32\wbem\wbemcomn.dll

 

c:\windows\system32\wbem\wbemcore.dll

 

c:\windows\system32\wbem\esscli.dll

 

c:\windows\system32\wbem\fastprox.dll

 

c:\windows\system32\sfc.dll

 

c:\windows\system32\sfc_os.dll

 

c:\windows\system32\wbem\wmiutils.dll

 

c:\windows\system32\wbem\repdrvfs.dll

 

c:\windows\system32\upnp.dll

 

c:\windows\system32\ssdpapi.dll

 

c:\windows\system32\rasmans.dll

 

c:\windows\system32\winipsec.dll

 

c:\windows\system32\netcfgx.dll

 

c:\windows\system32\wbem\wmiprvsd.dll

 

c:\windows\system32\ncobjapi.dll

 

c:\windows\system32\wbem\wbemess.dll

 

c:\windows\system32\wbem\ncprov.dll

 

c:\windows\system32\tapisrv.dll

 

c:\windows\system32\rastapi.dll

 

c:\windows\system32\rasadhlp.dll

 

c:\windows\system32\unimdm.tsp

 

c:\windows\system32\uniplat.dll

 

c:\windows\system32\unimdmat.dll

 

c:\windows\system32\modemui.dll

 

c:\windows\system32\kmddsp.tsp

 

c:\windows\system32\ndptsp.tsp

 

c:\windows\system32\ipconf.tsp

 

c:\windows\system32\h323.tsp

 

c:\windows\system32\hidphone.tsp

 

c:\windows\system32\hid.dll

 

c:\windows\system32\rasppp.dll

 

c:\windows\system32\ntlsapi.dll

 

c:\windows\system32\kerberos.dll

 

c:\windows\system32\cryptdll.dll

 

c:\windows\system32\rasqec.dll

 

c:\windows\system32\rasdlg.dll

 

c:\windows\system32\apphelp.dll

 

c:\windows\system32\catsrvut.dll

 

c:\windows\system32\catsrv.dll

 

c:\windows\system32\mfcsubs.dll

 

c:\windows\system32\urlmon.dll

 

c:\windows\system32\wbem\wbemsvc.dll

 

c:\windows\system32\svchost.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\shimeng.dll

 

c:\windows\apppatch\acgenral.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\winmm.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\oleaut32.dll

 

c:\windows\system32\msacm32.dll

 

c:\windows\system32\version.dll

 

c:\windows\system32\shell32.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\userenv.dll

 

c:\windows\system32\uxtheme.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

 

c:\windows\system32\comctl32.dll

 

c:\windows\system32\wudfsvc.dll

 

c:\windows\system32\setupapi.dll

 

c:\windows\system32\wudfplatform.dll

 

c:\windows\system32\wintrust.dll

 

c:\windows\system32\crypt32.dll

 

c:\windows\system32\msasn1.dll

 

c:\windows\system32\imagehlp.dll

 

c:\windows\system32\svchost.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\shimeng.dll

 

c:\windows\apppatch\acgenral.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\winmm.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\oleaut32.dll

 

c:\windows\system32\msacm32.dll

 

c:\windows\system32\version.dll

 

c:\windows\system32\shell32.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\userenv.dll

 

c:\windows\system32\uxtheme.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

 

c:\windows\system32\comctl32.dll

 

c:\windows\system32\dnsrslvr.dll

 

c:\windows\system32\dnsapi.dll

 

c:\windows\system32\ws2_32.dll

 

c:\windows\system32\ws2help.dll

 

c:\windows\system32\iphlpapi.dll

 

c:\windows\system32\rsaenh.dll

 

c:\windows\system32\mswsock.dll

 

c:\windows\system32\hnetcfg.dll

 

c:\windows\system32\wshtcpip.dll

 

c:\windows\system32\svchost.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\shimeng.dll

 

c:\windows\apppatch\acgenral.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\winmm.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\oleaut32.dll

 

c:\windows\system32\msacm32.dll

 

c:\windows\system32\version.dll

 

c:\windows\system32\shell32.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\userenv.dll

 

c:\windows\system32\uxtheme.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

 

c:\windows\system32\comctl32.dll

 

c:\windows\system32\ntmarta.dll

 

c:\windows\system32\samlib.dll

 

c:\windows\system32\wldap32.dll

 

c:\windows\system32\xpsp2res.dll

 

c:\windows\system32\lmhsvc.dll

 

c:\windows\system32\iphlpapi.dll

 

c:\windows\system32\ws2_32.dll

 

c:\windows\system32\ws2help.dll

 

c:\windows\system32\webclnt.dll

 

c:\windows\system32\wininet.dll

 

c:\windows\system32\normaliz.dll

 

c:\windows\system32\iertutil.dll

 

c:\windows\system32\ssdpsrv.dll

 

c:\windows\system32\hnetcfg.dll

 

c:\windows\system32\clbcatq.dll

 

c:\windows\system32\comres.dll

 

c:\windows\system32\mswsock.dll

 

c:\windows\system32\wshtcpip.dll

 

C:\PROGRAM FILES\LAVASOFT\AD-AWARE\AAWSERVICE.EXE

c:\program files\lavasoft\ad-aware\aawservice.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\program files\lavasoft\ad-aware\ceapi.dll

 

c:\windows\system32\wininet.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\normaliz.dll

 

c:\windows\system32\iertutil.dll

 

c:\windows\system32\ws2_32.dll

 

c:\windows\system32\ws2help.dll

 

c:\program files\lavasoft\ad-aware\pkarchive85u.dll

 

c:\windows\system32\shell32.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\crypt32.dll

 

c:\windows\system32\msasn1.dll

 

c:\windows\system32\wldap32.dll

 

c:\windows\system32\psapi.dll

 

c:\windows\system32\version.dll

 

c:\windows\system32\userenv.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

 

c:\windows\system32\comctl32.dll

 

c:\windows\system32\rsaenh.dll

 

C:\WINDOWS\SYSTEM32\SPOOLSV.EXE

c:\windows\system32\spoolsv.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\shimeng.dll

 

c:\windows\apppatch\acgenral.dll

 

c:\windows\system32\winmm.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\oleaut32.dll

 

c:\windows\system32\msacm32.dll

 

c:\windows\system32\version.dll

 

c:\windows\system32\shell32.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\userenv.dll

 

c:\windows\system32\uxtheme.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

 

c:\windows\system32\comctl32.dll

 

c:\windows\system32\spoolss.dll

 

c:\windows\system32\ws2_32.dll

 

c:\windows\system32\ws2help.dll

 

c:\windows\system32\dnsapi.dll

 

c:\windows\system32\iphlpapi.dll

 

c:\windows\system32\rasadhlp.dll

 

c:\windows\system32\localspl.dll

 

c:\windows\system32\sfc_os.dll

 

c:\windows\system32\wintrust.dll

 

c:\windows\system32\crypt32.dll

 

c:\windows\system32\msasn1.dll

 

c:\windows\system32\imagehlp.dll

 

c:\windows\system32\winspool.drv

 

c:\windows\system32\netapi32.dll

 

c:\windows\system32\cnbjmon.dll

 

c:\windows\system32\pjlmon.dll

 

c:\windows\system32\msonpmon.dll

 

c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcr80.dll

 

c:\windows\system32\msi.dll

 

c:\windows\system32\tcpmon.dll

 

c:\windows\system32\usbmon.dll

 

c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll

 

c:\windows\system32\mswsock.dll

 

c:\windows\system32\winrnr.dll

 

c:\windows\system32\wldap32.dll

 

c:\windows\system32\win32spl.dll

 

c:\windows\system32\netrap.dll

 

c:\windows\system32\ntdsapi.dll

 

c:\windows\system32\clbcatq.dll

 

c:\windows\system32\comres.dll

 

c:\windows\system32\xpsp2res.dll

 

c:\windows\system32\inetpp.dll

 

C:\PROGRAM FILES\JAVA\JRE6\BIN\JQS.EXE

c:\program files\java\jre6\bin\jqs.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\ws2_32.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\ws2help.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\user32.dll

 

c:\program files\java\jre6\bin\msvcr71.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\system32\psapi.dll

 

c:\windows\system32\pdh.dll

 

c:\windows\system32\comdlg32.dll

 

c:\windows\system32\comctl32.dll

 

c:\windows\system32\shell32.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\crypt32.dll

 

c:\windows\system32\msasn1.dll

 

c:\windows\system32\odbc32.dll

 

c:\windows\system32\odbcbcp.dll

 

c:\windows\system32\version.dll

 

c:\windows\system32\oleaut32.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

 

c:\windows\system32\odbcint.dll

 

c:\windows\system32\mswsock.dll

 

c:\windows\system32\hnetcfg.dll

 

c:\windows\system32\wshtcpip.dll

 

c:\windows\system32\perfos.dll

 

c:\windows\system32\perfdisk.dll

 

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

c:\windows\system32\svchost.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\shimeng.dll

 

c:\windows\apppatch\acgenral.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\winmm.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\oleaut32.dll

 

c:\windows\system32\msacm32.dll

 

c:\windows\system32\version.dll

 

c:\windows\system32\shell32.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\userenv.dll

 

c:\windows\system32\uxtheme.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

 

c:\windows\system32\comctl32.dll

 

c:\windows\system32\wiaservc.dll

 

c:\windows\system32\cfgmgr32.dll

 

c:\windows\system32\setupapi.dll

 

c:\windows\system32\mscms.dll

 

c:\windows\system32\winspool.drv

 

c:\windows\system32\winsta.dll

 

c:\windows\system32\netapi32.dll

 

c:\windows\system32\xpsp2res.dll

 

c:\windows\system32\clbcatq.dll

 

c:\windows\system32\comres.dll

 

c:\windows\system32\wintrust.dll

 

c:\windows\system32\crypt32.dll

 

c:\windows\system32\msasn1.dll

 

c:\windows\system32\imagehlp.dll

 

c:\windows\system32\actxprxy.dll

 

C:\WINDOWS\SYSTEM32\SEARCHINDEXER.EXE

c:\windows\system32\searchindexer.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\oleaut32.dll

 

c:\windows\system32\wtsapi32.dll

 

c:\windows\system32\winsta.dll

 

c:\windows\system32\netapi32.dll

 

c:\windows\system32\tquery.dll

 

c:\windows\system32\propsys.dll

 

c:\windows\system32\wintrust.dll

 

c:\windows\system32\crypt32.dll

 

c:\windows\system32\msasn1.dll

 

c:\windows\system32\imagehlp.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\shell32.dll

 

c:\windows\system32\userenv.dll

 

c:\windows\system32\mpr.dll

 

c:\windows\system32\mssrch.dll

 

c:\windows\system32\psapi.dll

 

c:\windows\system32\wsock32.dll

 

c:\windows\system32\ws2_32.dll

 

c:\windows\system32\ws2help.dll

 

c:\windows\system32\dbghelp.dll

 

c:\windows\system32\version.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

 

c:\windows\system32\comctl32.dll

 

c:\windows\system32\xpsp2res.dll

 

c:\windows\system32\clbcatq.dll

 

c:\windows\system32\comres.dll

 

c:\windows\system32\msidle.dll

 

c:\windows\system32\uxtheme.dll

 

c:\windows\system32\query.dll

 

c:\windows\system32\xmllite.dll

 

c:\windows\system32\en-us\tquery.dll.mui

 

c:\windows\system32\esent.dll

 

c:\windows\system32\msscb.dll

 

c:\windows\system32\ntmarta.dll

 

c:\windows\system32\samlib.dll

 

c:\windows\system32\wldap32.dll

 

c:\windows\system32\perfproc.dll

 

c:\windows\system32\mssprxy.dll

 

c:\windows\system32\msv1_0.dll

 

c:\windows\system32\iphlpapi.dll

 

c:\windows\system32\sxs.dll

 

c:\windows\system32\langwrbk.dll

 

c:\windows\system32\infosoft.dll

 

c:\windows\system32\setupapi.dll

 

C:\WINDOWS\SYSTEM32\ALG.EXE

c:\windows\system32\alg.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\atl.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\oleaut32.dll

 

c:\windows\system32\wsock32.dll

 

c:\windows\system32\ws2_32.dll

 

c:\windows\system32\ws2help.dll

 

c:\windows\system32\mswsock.dll

 

c:\windows\system32\shimeng.dll

 

c:\windows\apppatch\acgenral.dll

 

c:\windows\system32\winmm.dll

 

c:\windows\system32\msacm32.dll

 

c:\windows\system32\version.dll

 

c:\windows\system32\shell32.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\userenv.dll

 

c:\windows\system32\uxtheme.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

 

c:\windows\system32\comctl32.dll

 

c:\windows\system32\clbcatq.dll

 

c:\windows\system32\comres.dll

 

c:\windows\system32\xpsp2res.dll

 

c:\windows\system32\hnetcfg.dll

 

c:\windows\system32\wshtcpip.dll

 

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

c:\windows\system32\svchost.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\ws2_32.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\ws2help.dll

 

c:\windows\system32\shimeng.dll

 

c:\windows\apppatch\acgenral.dll

 

c:\windows\system32\winmm.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\oleaut32.dll

 

c:\windows\system32\msacm32.dll

 

c:\windows\system32\version.dll

 

c:\windows\system32\shell32.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\userenv.dll

 

c:\windows\system32\uxtheme.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

 

c:\windows\system32\comctl32.dll

 

c:\windows\system32\mswsock.dll

 

c:\windows\system32\hnetcfg.dll

 

c:\windows\system32\wshtcpip.dll

 

c:\windows\system32\rasadhlp.dll

 

C:\WINDOWS\SYSTEM32\WSCNTFY.EXE

c:\windows\system32\wscntfy.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\shell32.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

 

c:\windows\system32\xpsp2res.dll

 

c:\windows\system32\uxtheme.dll

 

c:\windows\system32\msctfime.ime

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\msctf.dll

 

C:\WINDOWS\EXPLORER.EXE

c:\windows\explorer.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\shell32.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\oleaut32.dll

 

c:\windows\system32\browseui.dll

 

c:\windows\system32\shdocvw.dll

 

c:\windows\system32\crypt32.dll

 

c:\windows\system32\msasn1.dll

 

c:\windows\system32\cryptui.dll

 

c:\windows\system32\netapi32.dll

 

c:\windows\system32\version.dll

 

c:\windows\system32\wininet.dll

 

c:\windows\system32\normaliz.dll

 

c:\windows\system32\iertutil.dll

 

c:\windows\system32\wintrust.dll

 

c:\windows\system32\imagehlp.dll

 

c:\windows\system32\wldap32.dll

 

c:\windows\system32\uxtheme.dll

 

c:\windows\system32\shimeng.dll

 

c:\windows\apppatch\acgenral.dll

 

c:\windows\system32\winmm.dll

 

c:\windows\system32\msacm32.dll

 

c:\windows\system32\userenv.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

 

c:\windows\system32\comctl32.dll

 

c:\windows\system32\apphelp.dll

 

c:\windows\system32\msctfime.ime

 

c:\windows\system32\clbcatq.dll

 

c:\windows\system32\comres.dll

 

c:\program files\microsoft office\office12\grooveshellextensions.dll

 

c:\program files\microsoft office\office12\grooveutil.dll

 

c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcr80.dll

 

c:\program files\microsoft office\office12\groovenew.dll

 

c:\windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\atl80.dll

 

c:\windows\system32\rsaenh.dll

 

c:\windows\system32\msimg32.dll

 

c:\windows\system32\cscui.dll

 

c:\windows\system32\cscdll.dll

 

c:\windows\system32\themeui.dll

 

c:\windows\system32\xpsp2res.dll

 

c:\windows\system32\msutb.dll

 

c:\windows\system32\msctf.dll

 

c:\windows\system32\samlib.dll

 

c:\windows\system32\urlmon.dll

 

c:\windows\system32\linkinfo.dll

 

c:\windows\system32\ntshrui.dll

 

c:\windows\system32\atl.dll

 

c:\windows\system32\setupapi.dll

 

c:\windows\system32\ieframe.dll

 

c:\windows\system32\psapi.dll

 

c:\windows\system32\netshell.dll

 

c:\windows\system32\credui.dll

 

c:\windows\system32\dot3api.dll

 

c:\windows\system32\rtutils.dll

 

c:\windows\system32\dot3dlg.dll

 

c:\windows\system32\onex.dll

 

c:\windows\system32\wtsapi32.dll

 

c:\windows\system32\winsta.dll

 

c:\windows\system32\eappcfg.dll

 

c:\windows\system32\msvcp60.dll

 

c:\windows\system32\eappprxy.dll

 

c:\windows\system32\iphlpapi.dll

 

c:\windows\system32\ws2_32.dll

 

c:\windows\system32\ws2help.dll

 

c:\windows\system32\msi.dll

 

c:\windows\system32\webcheck.dll

 

c:\windows\system32\stobject.dll

 

c:\windows\system32\batmeter.dll

 

c:\windows\system32\powrprof.dll

 

c:\windows\system32\wpdshserviceobj.dll

 

c:\windows\system32\winhttp.dll

 

c:\windows\system32\mydocs.dll

 

c:\windows\system32\wdmaud.drv

 

c:\windows\system32\portabledevicetypes.dll

 

c:\windows\system32\portabledeviceapi.dll

 

c:\windows\system32\msacm32.drv

 

c:\windows\system32\midimap.dll

 

c:\windows\system32\fxsst.dll

 

c:\windows\system32\winspool.drv

 

c:\windows\system32\fxsapi.dll

 

c:\windows\system32\ntmarta.dll

 

c:\windows\system32\mpr.dll

 

c:\windows\system32\drprov.dll

 

c:\windows\system32\ntlanman.dll

 

c:\windows\system32\netui0.dll

 

c:\windows\system32\netui1.dll

 

c:\windows\system32\netrap.dll

 

c:\windows\system32\davclnt.dll

 

c:\windows\system32\sxs.dll

 

c:\program files\windows desktop search\msnlnamespacemgr.dll

 

c:\program files\superantispyware\sasseh.dll

 

c:\program files\microsoft office\office12\groovesystemservices.dll

 

c:\program files\microsoft office\office12\groovemisc.dll

 

c:\windows\system32\msxml3.dll

 

c:\windows\system32\browselc.dll

 

c:\windows\system32\duser.dll

 

c:\windows\system32\mlang.dll

 

c:\program files\common files\adobe\acrobat\activex\pdfshell.dll

 

c:\program files\microsoft office\office12\1033\grooveintlresource.dll

 

c:\windows\system32\mswsock.dll

 

c:\windows\system32\dnsapi.dll

 

c:\windows\system32\winrnr.dll

 

c:\windows\system32\hnetcfg.dll

 

c:\windows\system32\wshtcpip.dll

 

c:\windows\system32\rasapi32.dll

 

c:\windows\system32\rasman.dll

 

c:\windows\system32\tapi32.dll

 

c:\windows\system32\msv1_0.dll

 

c:\windows\system32\sensapi.dll

 

c:\windows\system32\rasadhlp.dll

 

c:\windows\system32\msisip.dll

 

c:\windows\system32\wshext.dll

 

C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE12\GROOVEMONITOR.EXE

c:\program files\microsoft office\office12\groovemonitor.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\shell32.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\ole32.dll

 

c:\program files\microsoft office\office12\grooveutil.dll

 

c:\windows\system32\wininet.dll

 

c:\windows\system32\normaliz.dll

 

c:\windows\system32\iertutil.dll

 

c:\windows\system32\crypt32.dll

 

c:\windows\system32\msasn1.dll

 

c:\windows\system32\oleaut32.dll

 

c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcr80.dll

 

c:\program files\microsoft office\office12\groovenew.dll

 

c:\windows\system32\version.dll

 

c:\windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\atl80.dll

 

c:\windows\system32\comctl32.dll

 

c:\windows\system32\shimeng.dll

 

c:\windows\apppatch\acgenral.dll

 

c:\windows\system32\winmm.dll

 

c:\windows\system32\msacm32.dll

 

c:\windows\system32\userenv.dll

 

c:\windows\system32\uxtheme.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

 

c:\windows\system32\rsaenh.dll

 

c:\windows\system32\apphelp.dll

 

c:\windows\system32\msctfime.ime

 

c:\windows\system32\setupapi.dll

 

c:\windows\system32\clbcatq.dll

 

c:\windows\system32\comres.dll

 

c:\program files\microsoft office\office12\grooveshellextensions.dll

 

c:\windows\system32\msimg32.dll

 

c:\program files\microsoft office\office12\groovesystemservices.dll

 

c:\windows\system32\urlmon.dll

 

c:\windows\system32\msctf.dll

 

C:\PROGRAM FILES\JAVA\JRE6\BIN\JUSCHED.EXE

c:\program files\java\jre6\bin\jusched.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\wininet.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\normaliz.dll

 

c:\windows\system32\iertutil.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\shell32.dll

 

c:\windows\system32\oleaut32.dll

 

c:\windows\system32\shimeng.dll

 

c:\windows\apppatch\acgenral.dll

 

c:\windows\system32\winmm.dll

 

c:\windows\system32\msacm32.dll

 

c:\windows\system32\version.dll

 

c:\windows\system32\userenv.dll

 

c:\windows\system32\uxtheme.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

 

c:\windows\system32\comctl32.dll

 

c:\windows\system32\apphelp.dll

 

c:\windows\system32\ws2_32.dll

 

c:\windows\system32\ws2help.dll

 

c:\windows\system32\rasapi32.dll

 

c:\windows\system32\rasman.dll

 

c:\windows\system32\netapi32.dll

 

c:\windows\system32\tapi32.dll

 

c:\windows\system32\rtutils.dll

 

c:\windows\system32\msv1_0.dll

 

c:\windows\system32\iphlpapi.dll

 

c:\windows\system32\sensapi.dll

 

c:\windows\system32\mswsock.dll

 

c:\windows\system32\rasadhlp.dll

 

c:\windows\system32\urlmon.dll

 

c:\windows\system32\dnsapi.dll

 

c:\windows\system32\hnetcfg.dll

 

c:\windows\system32\wshtcpip.dll

 

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE

c:\program files\common files\real\update_ob\realsched.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\version.dll

 

c:\windows\system32\shimeng.dll

 

c:\windows\apppatch\acgenral.dll

 

c:\windows\system32\winmm.dll

 

c:\windows\system32\oleaut32.dll

 

c:\windows\system32\msacm32.dll

 

c:\windows\system32\shell32.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\userenv.dll

 

c:\windows\system32\uxtheme.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

 

c:\windows\system32\comctl32.dll

 

c:\windows\system32\setupapi.dll

 

c:\windows\system32\apphelp.dll

 

c:\windows\system32\msctfime.ime

 

c:\windows\system32\xpsp2res.dll

 

c:\windows\system32\clbcatq.dll

 

c:\windows\system32\comres.dll

 

c:\windows\system32\ntmarta.dll

 

c:\windows\system32\samlib.dll

 

c:\windows\system32\wldap32.dll

 

c:\windows\system32\msctf.dll

 

C:\WINDOWS\SYSTEM32\READER.EXE

c:\windows\system32\reader.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\ws2_32.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\ws2help.dll

 

c:\windows\system32\netapi32.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\apphelp.dll

 

c:\windows\system32\version.dll

 

C:\WINDOWS\SYSTEM32\CTFMON.EXE

c:\windows\system32\ctfmon.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\msctf.dll

 

c:\windows\system32\msutb.dll

 

c:\windows\system32\shimeng.dll

 

c:\windows\apppatch\acgenral.dll

 

c:\windows\system32\winmm.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\oleaut32.dll

 

c:\windows\system32\msacm32.dll

 

c:\windows\system32\version.dll

 

c:\windows\system32\shell32.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\userenv.dll

 

c:\windows\system32\uxtheme.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

 

c:\windows\system32\msctfime.ime

 

C:\PROGRAM FILES\WINDOWS LIVE\MESSENGER\USNSVC.EXE

c:\program files\windows live\messenger\usnsvc.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\oleaut32.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\system32\xpsp2res.dll

 

c:\windows\system32\clbcatq.dll

 

c:\windows\system32\comres.dll

 

c:\windows\system32\version.dll

 

c:\program files\windows live\messenger\usnsvcps.dll

 

c:\windows\system32\rsaenh.dll

 

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

c:\windows\system32\svchost.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\shimeng.dll

 

c:\windows\apppatch\acgenral.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\winmm.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\oleaut32.dll

 

c:\windows\system32\msacm32.dll

 

c:\windows\system32\version.dll

 

c:\windows\system32\shell32.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\userenv.dll

 

c:\windows\system32\uxtheme.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

 

c:\windows\system32\comctl32.dll

 

c:\windows\system32\urlmon.dll

 

c:\windows\system32\iertutil.dll

 

c:\windows\system32\wininet.dll

 

c:\windows\system32\normaliz.dll

 

c:\windows\system32\ws2_32.dll

 

c:\windows\system32\ws2help.dll

 

c:\windows\system32\mswsock.dll

 

c:\windows\system32\hnetcfg.dll

 

c:\windows\system32\wshtcpip.dll

 

c:\windows\system32\rasapi32.dll

 

c:\windows\system32\rasman.dll

 

c:\windows\system32\netapi32.dll

 

c:\windows\system32\tapi32.dll

 

c:\windows\system32\rtutils.dll

 

c:\windows\system32\msv1_0.dll

 

c:\windows\system32\iphlpapi.dll

 

c:\windows\system32\sensapi.dll

 

c:\windows\system32\rasadhlp.dll

 

c:\windows\system32\dnsapi.dll

 

c:\windows\system32\apphelp.dll

 

C:\WINDOWS\SYSTEM32\RS32NET.EXE

c:\windows\system32\rs32net.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\ws2_32.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\ws2help.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\apphelp.dll

 

c:\windows\system32\version.dll

 

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

c:\windows\system32\svchost.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\ws2_32.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\ws2help.dll

 

c:\windows\system32\shimeng.dll

 

c:\windows\apppatch\acgenral.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\winmm.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\oleaut32.dll

 

c:\windows\system32\msacm32.dll

 

c:\windows\system32\version.dll

 

c:\windows\system32\shell32.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\userenv.dll

 

c:\windows\system32\uxtheme.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

 

c:\windows\system32\comctl32.dll

 

c:\windows\system32\mswsock.dll

 

c:\windows\system32\hnetcfg.dll

 

c:\windows\system32\wshtcpip.dll

 

c:\windows\system32\apphelp.dll

 

C:\WINDOWS\SYSTEM32\READER.EXE

c:\windows\system32\reader.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\ws2_32.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\ws2help.dll

 

c:\windows\system32\netapi32.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\apphelp.dll

 

c:\windows\system32\version.dll

 

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

c:\windows\system32\svchost.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\ws2_32.dll

 

c:\windows\system32\ws2help.dll

 

c:\windows\system32\wininet.dll

 

c:\windows\system32\normaliz.dll

 

c:\windows\system32\iertutil.dll

 

c:\windows\system32\dnsapi.dll

 

c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\gdiplus.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\shell32.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

 

c:\windows\system32\comctl32.dll

 

c:\windows\system32\mswsock.dll

 

c:\windows\system32\hnetcfg.dll

 

c:\windows\system32\wshtcpip.dll

 

c:\windows\system32\rsaenh.dll

 

c:\windows\system32\rasadhlp.dll

 

c:\windows\system32\svchost.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\ws2_32.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\ws2help.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\user32.dll

 

c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\gdiplus.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\wininet.dll

 

c:\windows\system32\normaliz.dll

 

c:\windows\system32\iertutil.dll

 

c:\windows\system32\shell32.dll

 

c:\windows\system32\oleaut32.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

 

c:\windows\system32\comctl32.dll

 

c:\windows\system32\mswsock.dll

 

c:\windows\system32\hnetcfg.dll

 

c:\windows\system32\wshtcpip.dll

 

c:\windows\system32\uxtheme.dll

 

c:\windows\system32\rasapi32.dll

 

c:\windows\system32\rasman.dll

 

c:\windows\system32\netapi32.dll

 

c:\windows\system32\tapi32.dll

 

c:\windows\system32\rtutils.dll

 

c:\windows\system32\winmm.dll

 

c:\windows\system32\userenv.dll

 

c:\windows\system32\msv1_0.dll

 

c:\windows\system32\iphlpapi.dll

 

c:\windows\system32\sensapi.dll

 

c:\windows\system32\dnsapi.dll

 

c:\windows\system32\rasadhlp.dll

 

c:\windows\system32\urlmon.dll

 

c:\windows\system32\clbcatq.dll

 

c:\windows\system32\comres.dll

 

c:\windows\system32\version.dll

 

c:\windows\system32\msxml3.dll

 

c:\windows\system32\xpsp2res.dll

 

c:\windows\system32\sxs.dll

 

c:\windows\system32\actxprxy.dll

 

c:\windows\system32\winrnr.dll

 

c:\windows\system32\wldap32.dll

 

c:\windows\system32\svchost.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\ws2_32.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\ws2help.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\system32\svchost.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\ws2_32.dll

 

c:\windows\system32\ws2help.dll

 

c:\windows\system32\wininet.dll

 

c:\windows\system32\normaliz.dll

 

c:\windows\system32\iertutil.dll

 

c:\windows\system32\dnsapi.dll

 

c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\gdiplus.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\shell32.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

 

c:\windows\system32\comctl32.dll

 

c:\windows\system32\svchost.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\ws2_32.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\ws2help.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\user32.dll

 

c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\gdiplus.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\wininet.dll

 

c:\windows\system32\normaliz.dll

 

c:\windows\system32\iertutil.dll

 

c:\windows\system32\shell32.dll

 

c:\windows\system32\oleaut32.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

 

c:\windows\system32\comctl32.dll

 

c:\windows\system32\mswsock.dll

 

c:\windows\system32\hnetcfg.dll

 

c:\windows\system32\wshtcpip.dll

 

c:\windows\system32\svchost.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\ws2_32.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\ws2help.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\imm32.dll

 

C:\DOCUME~1\MAHAMED\LOCALS~1\TEMP\EE6F.TMP

c:\docume~1\mahamed\locals~1\temp\ee6f.tmp

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\user32.dll

 

c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\gdiplus.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\oleaut32.dll

 

c:\windows\system32\shell32.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\wininet.dll

 

c:\windows\system32\normaliz.dll

 

c:\windows\system32\iertutil.dll

 

c:\windows\system32\winmm.dll

 

c:\windows\system32\ws2_32.dll

 

c:\windows\system32\ws2help.dll

 

c:\windows\system32\shimeng.dll

 

c:\windows\apppatch\acgenral.dll

 

c:\windows\system32\msacm32.dll

 

c:\windows\system32\version.dll

 

c:\windows\system32\userenv.dll

 

c:\windows\system32\uxtheme.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

 

c:\windows\system32\comctl32.dll

 

c:\windows\system32\dnsapi.dll

 

c:\windows\system32\rasapi32.dll

 

c:\windows\system32\rasman.dll

 

c:\windows\system32\netapi32.dll

 

c:\windows\system32\tapi32.dll

 

c:\windows\system32\rtutils.dll

 

c:\windows\system32\msv1_0.dll

 

c:\windows\system32\iphlpapi.dll

 

c:\windows\system32\sensapi.dll

 

c:\windows\system32\mswsock.dll

 

c:\windows\system32\rasadhlp.dll

 

c:\windows\system32\hnetcfg.dll

 

c:\windows\system32\wshtcpip.dll

 

c:\windows\system32\crypt32.dll

 

c:\windows\system32\msasn1.dll

 

c:\windows\system32\wintrust.dll

 

c:\windows\system32\imagehlp.dll

 

c:\windows\system32\schannel.dll

 

c:\windows\system32\apphelp.dll

 

c:\windows\system32\rsaenh.dll

 

c:\windows\system32\dssenh.dll

 

c:\windows\system32\xpsp2res.dll

 

c:\windows\system32\cryptnet.dll

 

c:\windows\system32\psapi.dll

 

c:\windows\system32\winhttp.dll

 

c:\windows\system32\wldap32.dll

 

c:\windows\system32\cabinet.dll

 

c:\windows\system32\winrnr.dll

 

c:\windows\system32\urlmon.dll

 

c:\docume~1\mahamed\locals~1\temp\ee6f.tmp

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\user32.dll

 

c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\gdiplus.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\oleaut32.dll

 

c:\windows\system32\shell32.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\wininet.dll

 

c:\windows\system32\normaliz.dll

 

c:\windows\system32\iertutil.dll

 

c:\windows\system32\winmm.dll

 

c:\windows\system32\ws2_32.dll

 

c:\windows\system32\ws2help.dll

 

c:\windows\system32\shimeng.dll

 

c:\windows\apppatch\acgenral.dll

 

c:\windows\system32\msacm32.dll

 

c:\windows\system32\version.dll

 

c:\windows\system32\userenv.dll

 

c:\windows\system32\uxtheme.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

 

c:\windows\system32\comctl32.dll

 

c:\windows\system32\dnsapi.dll

 

c:\windows\system32\rasapi32.dll

 

c:\windows\system32\rasman.dll

 

c:\windows\system32\netapi32.dll

 

c:\windows\system32\tapi32.dll

 

c:\windows\system32\rtutils.dll

 

c:\windows\system32\msv1_0.dll

 

c:\windows\system32\iphlpapi.dll

 

c:\windows\system32\sensapi.dll

 

c:\windows\system32\mswsock.dll

 

c:\windows\system32\rasadhlp.dll

 

c:\windows\system32\hnetcfg.dll

 

c:\windows\system32\wshtcpip.dll

 

c:\windows\system32\winrnr.dll

 

c:\windows\system32\wldap32.dll

 

c:\windows\system32\crypt32.dll

 

c:\windows\system32\msasn1.dll

 

c:\windows\system32\wintrust.dll

 

c:\windows\system32\imagehlp.dll

 

c:\windows\system32\schannel.dll

 

c:\windows\system32\rsaenh.dll

 

c:\windows\system32\dssenh.dll

 

c:\windows\system32\xpsp2res.dll

 

c:\windows\system32\cryptnet.dll

 

c:\windows\system32\psapi.dll

 

c:\windows\system32\winhttp.dll

 

c:\windows\system32\cabinet.dll

 

c:\windows\system32\msctf.dll

 

c:\windows\system32\apphelp.dll

 

c:\windows\system32\msctfime.ime

 

c:\windows\system32\clbcatq.dll

 

c:\windows\system32\comres.dll

 

c:\windows\system32\ieframe.dll

 

c:\windows\system32\urlmon.dll

 

c:\windows\system32\mshtml.dll

 

c:\windows\system32\msls31.dll

 

c:\windows\system32\mlang.dll

 

c:\windows\system32\msimtf.dll

 

C:\PROGRAM FILES\LAVASOFT\AD-AWARE\AD-AWARE.EXE

c:\program files\lavasoft\ad-aware\ad-aware.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\windows\system32\oleaut32.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\user32.dll

 

c:\windows\system32\msvcrt.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\version.dll

 

c:\windows\system32\comctl32.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\system32\shell32.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\comdlg32.dll

 

c:\program files\lavasoft\ad-aware\lavalicense.dll

 

c:\windows\system32\wininet.dll

 

c:\windows\system32\normaliz.dll

 

c:\windows\system32\iertutil.dll

 

c:\windows\system32\winmm.dll

 

c:\windows\system32\oleacc.dll

 

c:\windows\system32\msvcp60.dll

 

c:\windows\system32\shfolder.dll

 

c:\windows\system32\shimeng.dll

 

c:\windows\apppatch\acgenral.dll

 

c:\windows\system32\msacm32.dll

 

c:\windows\system32\userenv.dll

 

c:\windows\system32\uxtheme.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

 

c:\windows\system32\msctf.dll

 

c:\windows\system32\apphelp.dll

 

c:\windows\system32\msctfime.ime

 

c:\windows\system32\setupapi.dll

 

c:\windows\system32\clbcatq.dll

 

c:\windows\system32\comres.dll

 

c:\program files\microsoft office\office12\grooveshellextensions.dll

 

c:\program files\microsoft office\office12\grooveutil.dll

 

c:\windows\system32\crypt32.dll

 

c:\windows\system32\msasn1.dll

 

c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcr80.dll

 

c:\program files\microsoft office\office12\groovenew.dll

 

c:\windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\atl80.dll

 

c:\windows\system32\rsaenh.dll

 

c:\windows\system32\msimg32.dll

 

c:\windows\system32\olepro32.dll

 

c:\program files\lavasoft\ad-aware\lavamessage.dll

 

c:\windows\system32\ntmarta.dll

 

c:\windows\system32\samlib.dll

 

c:\windows\system32\wldap32.dll

 

C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE

c:\program files\mozilla firefox\firefox.exe

 

c:\windows\system32\ntdll.dll

 

c:\windows\system32\kernel32.dll

 

c:\program files\mozilla firefox\xul.dll

 

c:\program files\mozilla firefox\sqlite3.dll

 

c:\program files\mozilla firefox\mozcrt19.dll

 

c:\windows\system32\msvcrt.dll

 

c:\program files\mozilla firefox\js3250.dll

 

c:\program files\mozilla firefox\nspr4.dll

 

c:\windows\system32\advapi32.dll

 

c:\windows\system32\rpcrt4.dll

 

c:\windows\system32\secur32.dll

 

c:\windows\system32\wsock32.dll

 

c:\windows\system32\ws2_32.dll

 

c:\windows\system32\ws2help.dll

 

c:\windows\system32\winmm.dll

 

c:\windows\system32\gdi32.dll

 

c:\windows\system32\user32.dll

 

c:\program files\mozilla firefox\smime3.dll

 

c:\program files\mozilla firefox\nss3.dll

 

c:\program files\mozilla firefox\nssutil3.dll

 

c:\program files\mozilla firefox\plc4.dll

 

c:\program files\mozilla firefox\plds4.dll

 

c:\program files\mozilla firefox\ssl3.dll

 

c:\windows\system32\shell32.dll

 

c:\windows\system32\shlwapi.dll

 

c:\windows\system32\ole32.dll

 

c:\windows\system32\version.dll

 

c:\windows\system32\winspool.drv

 

c:\windows\system32\comdlg32.dll

 

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

 

c:\windows\system32\imm32.dll

 

c:\windows\system32\msimg32.dll

 

c:\windows\system32\usp10.dll

 

c:\windows\system32\oleaut32.dll

 

c:\program files\mozilla firefox\xpcom.dll

 

c:\windows\system32\shimeng.dll

 

c:\windows\apppatch\acgenral.dll

 

c:\windows\system32\msacm32.dll

 

c:\windows\system32\userenv.dll

 

c:\windows\system32\uxtheme.dll

 

c:\windows\system32\dbghelp.dll

 

c:\windows\system32\msctf.dll

 

c:\windows\system32\setupapi.dll

 

c:\windows\system32\apphelp.dll

 

c:\windows\system32\msctfime.ime

 

c:\windows\system32\clbcatq.dll

 

c:\windows\system32\comres.dll

 

End of Scan Section

===========================

Edited by Morphling

Share this post


Link to post
Share on other sites

Do this after Kaspersky

 

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

 

O4 - HKLM\..\Run: [system Config Boot] syscgboot.exe

 

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

 

 

 

Then post a new HJT log

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this