Many websites don't work and keep getting infected with Rogue.Antispywares

Morphling · November 20, 2008

Mozilla Firefox suddenly crashed while i was scanning with Kaspersky. Going to scan with Kaspersky on Saturday because im too busy with my exams today and tomorrow. Then i'll follow the next steps you told me.

Thanks again

Morphling · November 20, 2008

The Kasperksy online scan website doesn't work again and when i try to open HijackThis or anything from the Control Panel i get an Application Error.

Edited November 20, 2008 by Morphling

Morphling · November 20, 2008

explorer.exe crashed and wasn't starting up. My task manager was also disabled so i was forced to use system restore.

It fixed the Application error but the Kaspersky online scan website still doesn't work.

Task manager works now and i have 22 svchost.exe again and, iexplore.exe is running too.

Edited November 20, 2008 by Morphling

Morphling · November 20, 2008

Do this after Kaspersky

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O4 - HKLM\..\Run: [system Config Boot] syscgboot.exe

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

Then post a new HJT log

The Kaspersky website still doesn't work.

Here is the new HJT Log after checking O4 - HKLM\..\Run: [system Config Boot] syscgboot.exe and clicking "Fix Checked".

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:24:37, on 20/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: (no name) - {BF95FDC3-8AA3-4480-833F-A5CB31A26602} - C:\WINDOWS\system32\pmnnLEXo.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [reader] C:\WINDOWS\System32\reader.exe

O4 - HKLM\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe

O4 - HKLM\..\Run: [NvSvc] C:\WINDOWS\system32\nvsvc32.exe

O4 - HKLM\..\Run: [system Config Boot] syscgboot.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1221311057437

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1221801125421

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: crypt - C:\WINDOWS\SYSTEM32\crypts.dll

O20 - Winlogon Notify: efcDUkIy - C:\WINDOWS\SYSTEM32\efcDUkIy.dll

O20 - Winlogon Notify: hcfnujod - C:\WINDOWS\SYSTEM32\hcfnujod.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--

End of file - 5054 bytes

Rorschach112 · November 20, 2008

Something is returning

Download ComboFix from one of these locations:

Link 1

Link 2

Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Morphling · November 21, 2008

ComboFix 08-11-19.08 - Mahamed 2008-11-21 17:51:19.5 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.174 [GMT 11:00]

Running from: c:\documents and settings\Mahamed\Desktop\ComboFix.exe

* Created a new restore point

.

ADS - svchost.exe: deleted 37376 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\ctfmon.exe

c:\windows\system\_sv_CMD_

c:\windows\system\_sv_CMD_\_U_.exe

c:\windows\system32\__c0047B94.dat

c:\windows\system32\__c009A4F9.dat

c:\windows\system32\__c00D38B1.dat

c:\windows\system32\A.tmp

c:\windows\system32\ahwxsfgv.dll

c:\windows\system32\crypts.dll

c:\windows\system32\D.tmp

c:\windows\system32\drivers\ati5imxx.sys

c:\windows\system32\drivers\ntndis.exe

c:\windows\system32\drivers\ntndis.sys

c:\windows\system32\E.tmp

c:\windows\system32\hcfnujod.dll

c:\windows\system32\hcfnujod32(2)(2).dll

c:\windows\system32\hcfnujod32.dll

c:\windows\system32\jkkLBstS.dll

c:\windows\system32\mcrh.tmp

c:\windows\system32\oXELnnmp.ini

c:\windows\system32\qgukdjmx.ini

c:\windows\system32\rqRIbxxv.dll

c:\windows\system32\rs32net.exe

c:\windows\system32\StsBLkkj.ini

c:\windows\system32\StsBLkkj.ini2

c:\windows\system32\uhoggs.dll

c:\windows\system32\wfsqbggf.dll

c:\windows\system32\xmjdkugq.dll

c:\windows\Tasks\bakueynm.job

c:\windows\system32\lsass.exe . . . is infected!!

c:\windows\system32\winlogon.exe . . . is infected!!

c:\windows\system32\services.exe . . . is infected!!

c:\windows\system32\svchost.exe . . . is infected!!

c:\windows\system32\spoolsv.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!!

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_ATI5IMXX

-------\Legacy_FCI

-------\Legacy_ICF

-------\Legacy_LPTRDCSRV

-------\Legacy_TCPSR

-------\Service_ati5imxx

-------\Service_FCI

-------\Service_ICF

-------\Service_tcpsr

((((((((((((((((((((((((( Files Created from 2008-10-21 to 2008-11-21 )))))))))))))))))))))))))))))))

.

2008-12-22 15:59 . 2008-12-22 15:59 447,200 --a------ c:\windows\system32\OpenQuicktimeLib.dll

2008-12-22 15:59 . 2008-12-22 15:59 332,512 --a------ c:\windows\system32\3ivxVfWCodec.dll

2008-12-22 15:59 . 2008-12-22 15:59 25,312 --a------ c:\windows\system32\SamsungVfWCodec.dll

2008-12-22 15:59 . 2008-12-22 15:59 25,312 --a------ c:\windows\system32\DivXVfWCodec.dll

2008-12-22 15:58 . 2008-12-22 15:58 1,155,808 --a------ c:\windows\system32\3ivx.dll

2008-12-22 15:52 . 2008-12-22 15:52 66,272 --a------ c:\windows\system32\libfaac.dll

2008-11-21 00:09 . 2008-11-21 00:09 38,400 --a------ c:\windows\system32\geBrOefg.dll

2008-11-21 00:08 . 2008-11-21 00:08 88 --a------ c:\windows\system32\B.tmp

2008-11-21 00:08 . 2008-11-21 00:08 0 --a------ c:\windows\system32\14.tmp

2008-11-20 23:29 . 2008-11-20 23:29 38,400 --a------ c:\windows\system32\geBsSLDw.dll

2008-11-20 22:05 . 2008-11-20 22:05 88 --a------ c:\windows\system32\18.tmp

2008-11-20 22:05 . 2008-11-20 22:05 0 --a------ c:\windows\system32\1B.tmp

2008-11-20 21:33 . 2008-11-20 21:33 88 --a------ c:\windows\system32\3.tmp

2008-11-20 21:33 . 2008-11-20 21:33 0 --a------ c:\windows\system32\7.tmp

2008-11-20 15:41 . 2008-11-20 15:42 245,760 --a------ c:\windows\system32\pmnnLEXo.dll

2008-11-20 15:36 . 2008-11-20 15:36 38,400 --a------ c:\windows\system32\efcDUkIy.dll

2008-11-20 15:34 . 2008-11-20 15:34 88 --a------ c:\windows\system32\2.tmp

2008-11-20 15:34 . 2008-11-20 15:34 0 --a------ c:\windows\system32\5.tmp

2008-11-20 13:48 . 2008-11-20 13:48 0 --a------ c:\windows\system32\A2.tmp

2008-11-20 12:42 . 2008-11-20 12:42 0 --a------ c:\windows\system32\7B.tmp

2008-11-19 22:01 . 2008-11-19 22:01 0 --a------ c:\windows\system32\16.tmp

2008-11-19 22:00 . 2008-11-19 22:00 88 --a------ c:\windows\system32\12.tmp

2008-11-19 18:14 . 2008-11-19 18:14 88 --a------ c:\windows\system32\67.tmp

2008-11-19 18:14 . 2008-11-19 18:14 0 --a------ c:\windows\system32\6A.tmp

2008-11-19 17:21 . 2008-11-19 17:21 244 --ah----- C:\sqmnoopt07.sqm

2008-11-19 17:21 . 2008-11-19 17:21 232 --ah----- C:\sqmdata07.sqm

2008-11-19 13:50 . 2008-11-19 13:50 64,512 --a------ c:\windows\system32\nvsvc32.exe

2008-11-19 13:43 . 2008-11-19 13:43 132 --a------ c:\windows\system32\8.tmp

2008-11-19 13:43 . 2008-11-19 13:43 0 --a------ c:\windows\system32\C.tmp

2008-11-18 22:45 . 2008-11-18 22:45 0 --a------ c:\windows\system32\20.tmp

2008-11-18 22:36 . 2008-11-18 22:36 0 --a------ c:\windows\system32\17.tmp

2008-11-18 22:27 . 2008-11-18 22:27 0 --a------ c:\windows\system32\11.tmp

2008-11-18 18:21 . 2008-11-18 18:21 80,896 --a------ c:\windows\system32\10.tmp

2008-11-18 18:21 . 2008-11-18 18:21 132 --a------ c:\windows\system32\F.tmp

2008-11-18 18:21 . 2008-11-18 18:21 0 --a------ c:\windows\system32\13.tmp

2008-11-18 16:57 . 2008-11-18 16:57 80,896 --a------ c:\windows\system32\DC2.tmp

2008-11-18 16:57 . 2008-11-18 16:57 0 --a------ c:\windows\system32\DC5.tmp

2008-11-18 16:56 . 2008-11-18 16:57 132 --a------ c:\windows\system32\DC1.tmp

2008-11-18 15:44 . 2008-11-20 19:11 32,768 --a------ c:\windows\system32\drivers\ati5imxx(5).sys

2008-11-18 15:44 . 2008-11-20 21:11 32,768 --a------ c:\windows\system32\drivers\ati5imxx(4).sys

2008-11-18 15:44 . 2008-11-20 21:34 32,768 --a------ c:\windows\system32\drivers\ati5imxx(3).sys

2008-11-18 15:44 . 2008-11-20 15:36 32,768 --a------ c:\windows\system32\drivers\ati5imxx(2).sys

2008-11-18 15:44 . 2008-11-18 15:44 0 --a------ c:\windows\system32\81.tmp

2008-11-18 15:43 . 2008-11-18 15:43 80,896 --a------ c:\windows\system32\7E.tmp

2008-11-18 15:43 . 2008-11-18 15:43 132 --a------ c:\windows\system32\7D.tmp

2008-11-17 20:28 . 2008-11-17 20:28 12,800 --a------ c:\windows\system32\74.tmp

2008-11-17 20:28 . 2008-11-17 20:28 0 --a------ c:\windows\system32\77.tmp

2008-11-17 20:27 . 2008-11-17 20:28 88 --a------ c:\windows\system32\70.tmp

2008-11-17 19:37 . 2008-11-21 00:08 31,744 --a------ c:\windows\system32\reader.exe

2008-11-17 19:37 . 2008-11-17 19:37 12,800 --a------ c:\windows\system32\2F.tmp

2008-11-17 19:37 . 2008-11-17 19:37 128 --a------ c:\windows\system32\2E.tmp

2008-11-17 19:37 . 2008-11-17 19:37 0 --a------ c:\windows\system32\32.tmp

2008-11-17 19:35 . 2008-11-03 13:18 36,864 -rahs---- c:\windows\system32\syscgboot.exe

2008-11-17 14:23 . 2008-11-17 14:23 44 --a------ c:\windows\system32\4E.tmp

2008-11-17 14:23 . 2008-11-17 14:23 0 --a------ c:\windows\system32\50.tmp

2008-11-17 13:53 . 2008-11-17 13:53 44 --a------ c:\windows\system32\35.tmp

2008-11-17 13:53 . 2008-11-17 13:53 0 --a------ c:\windows\system32\37.tmp

2008-11-17 00:45 . 2008-11-17 00:45 44 --a------ c:\windows\system32\88.tmp

2008-11-17 00:45 . 2008-11-17 00:45 0 --a------ c:\windows\system32\8A.tmp

2008-11-16 17:40 . 2008-11-16 17:40 44 --a------ c:\windows\system32\2A.tmp

2008-11-16 17:40 . 2008-11-16 17:40 0 --a------ c:\windows\system32\2D.tmp

2008-11-15 14:19 . 2008-11-15 14:19 207,360 --a--c--- c:\windows\system32\dllcache\ndis.sys

2008-11-15 11:46 . 2008-11-15 11:46 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll

2008-11-15 11:42 . 2008-11-15 11:42 <DIR> d-------- c:\windows\ERUNT

2008-11-15 11:18 . 2008-11-15 12:02 <DIR> d-------- C:\SDFix

2008-11-15 09:29 . 2008-11-15 09:29 <DIR> d-------- C:\_OTMoveIt

2008-11-15 08:35 . 2008-11-15 09:10 <DIR> d-------- C:\Lop SD

2008-11-14 19:54 . 2008-11-14 19:54 <DIR> d-------- c:\program files\Trend Micro

2008-11-12 19:13 . 2008-11-12 19:13 <DIR> d-------- c:\documents and settings\Administrator\DoctorWeb

2008-11-12 18:49 . 2008-11-12 18:49 <DIR> d-------- c:\documents and settings\Mahamed\DoctorWeb

2008-11-12 17:07 . 2008-11-12 18:28 <DIR> d-------- c:\program files\Enigma Software Group

2008-11-12 16:17 . 2008-11-12 16:28 15,083,520 --a------ c:\program files\spybotsd160.exe

2008-11-12 16:00 . 2008-11-12 16:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET

2008-11-12 15:54 . 2008-11-13 17:25 <DIR> d-------- c:\program files\RogueRemover FREE

2008-11-12 15:53 . 2008-09-05 04:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll

2008-11-12 15:53 . 2008-10-24 22:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

2008-11-12 10:57 . 2008-11-12 10:57 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\Apple Computer

2008-11-11 20:14 . 2008-11-13 18:35 <DIR> d-------- c:\program files\Lavasoft

2008-11-11 19:37 . 2008-11-11 19:59 25,129,080 --a------ c:\program files\antivir_workstation_winu_en_h(2).exe

2008-11-11 17:01 . 2008-11-11 17:17 23,804,784 --a------ c:\program files\aaw2008.exe

2008-11-10 17:56 . 2008-11-10 17:56 <DIR> d-------- c:\program files\Alwil Software

2008-11-09 10:56 . 2008-11-09 10:56 <DIR> d-------- c:\program files\3ivx

2008-11-09 10:04 . 2008-11-09 10:49 <DIR> d-------- c:\windows\system32\quicktime

2008-11-09 09:49 . 2008-11-13 18:20 <DIR> d-------- c:\program files\QuickTime

2008-11-09 09:39 . 2008-11-09 09:40 <DIR> d-------- c:\program files\Service Packs

2008-11-08 11:02 . 2008-11-14 02:15 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\LimeWire

2008-11-08 11:01 . 2008-11-13 13:26 <DIR> d-------- c:\program files\LimeWire

2008-11-07 23:18 . 2008-11-07 23:18 <DIR> d-------- c:\windows\Sun

2008-11-07 19:16 . 2008-11-10 18:45 <DIR> d-------- c:\program files\DNA

2008-11-07 19:16 . 2008-11-10 23:07 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\DNA

2008-11-07 17:54 . 2008-11-07 20:25 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\DivX

2008-11-07 17:15 . 2008-11-07 17:17 <DIR> d-------- c:\program files\DivX

2008-11-06 22:31 . 2008-11-06 22:31 <DIR> d-------- c:\program files\Sun

2008-11-06 22:28 . 2008-11-06 22:27 410,976 --a------ c:\windows\system32\deploytk.dll

2008-11-06 22:28 . 2008-11-06 22:27 73,728 --a------ c:\windows\system32\javacpl.cpl

2008-11-06 22:27 . 2008-11-06 22:27 <DIR> d-------- c:\program files\Java

2008-11-04 18:23 . 2008-11-04 18:25 <DIR> d-------- c:\windows\system32\NtmsData

2008-11-04 10:08 . 2008-11-04 10:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2008-11-04 10:07 . 2008-11-13 17:23 <DIR> d-------- c:\program files\SUPERAntiSpyware

2008-11-04 10:07 . 2008-11-04 10:07 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\SUPERAntiSpyware.com

2008-11-04 10:04 . 2008-11-13 18:34 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard

2008-11-03 20:04 . 2008-11-03 20:04 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\Windows Search

2008-11-03 18:53 . 2008-11-12 10:42 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\Comodo

2008-11-03 15:00 . 2008-11-12 10:42 <DIR> d-------- c:\program files\COMODO

2008-11-03 09:17 . 2008-11-03 09:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\MSN6

2008-11-03 09:12 . 2008-11-20 23:18 <DIR> d-------- c:\documents and settings\Administrator

2008-11-03 08:09 . 2008-11-03 09:15 <DIR> d-------- c:\program files\Smart Virus Remover

2008-11-03 01:16 . 2008-11-03 01:16 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\MSN6

2008-10-29 09:36 . 2008-10-29 09:36 823,296 --a------ c:\windows\system32\divx_xx0c.dll

2008-10-29 09:36 . 2008-10-29 09:36 823,296 --a------ c:\windows\system32\divx_xx07.dll

2008-10-29 09:35 . 2008-10-29 09:35 815,104 --a------ c:\windows\system32\divx_xx0a.dll

2008-10-29 09:35 . 2008-10-29 09:35 802,816 --a------ c:\windows\system32\divx_xx11.dll

2008-10-28 03:44 . 2008-10-28 03:44 <DIR> d-------- c:\program files\Common Files\xing shared

2008-10-28 03:43 . 2008-10-28 03:43 <DIR> d-------- c:\program files\Real

2008-10-26 22:21 . 2008-10-26 22:21 <DIR> d-------- c:\program files\Real Alternative

2008-10-26 22:21 . 2008-10-28 03:44 <DIR> d-------- c:\program files\Common Files\Real

2008-10-25 19:18 . 2008-10-25 19:18 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\Windows Desktop Search

2008-10-25 19:16 . 2008-10-25 19:16 <DIR> d-------- c:\windows\system32\GroupPolicy

2008-10-25 19:16 . 2008-10-25 19:16 <DIR> d-------- c:\program files\Windows Desktop Search

2008-10-25 19:15 . 2008-03-08 04:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll

2008-10-25 19:15 . 2008-03-08 04:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll

2008-10-25 19:15 . 2008-03-08 04:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll

2008-10-25 19:14 . 2008-10-25 19:14 <DIR> d-------- c:\program files\CONEXANT

2008-10-25 19:13 . 2008-10-16 03:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

2008-10-25 17:16 . 2008-10-25 17:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-21 00:21 23,040 ----a-w c:\windows\system32\svchost.exe

2008-11-20 11:37 23,040 ----a-w c:\windows\system32\svchost(2)(2).exe

2008-11-15 04:52 --------- d-----w c:\program files\Malwarebytes' Anti-Malware

2008-11-15 03:19 207,360 ----a-w c:\windows\system32\drivers\ndis.sys

2008-11-14 21:20 --------- d-----w c:\program files\Common Files\Adobe

2008-11-12 05:43 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

2008-11-12 05:24 --------- d-----w c:\program files\QuickGamma

2008-11-12 05:24 --------- d-----w c:\program files\Free FLV Converter

2008-11-12 02:16 19,762 ----a-w c:\program files\Common Files\ynojysu.ban

2008-11-07 08:06 263 ----a-w c:\program files\gapa.ini

2008-11-03 05:58 --------- d-----w c:\documents and settings\All Users\Application Data\STOPzilla!

2008-10-27 16:43 499,712 ----a-w c:\windows\system32\msvcp71.dll

2008-10-27 16:43 348,160 ----a-w c:\windows\system32\msvcr71.dll

2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-22 05:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2008-10-22 05:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2008-10-21 06:31 --------- d-----w c:\documents and settings\Mahamed\Application Data\uTorrent

2008-10-18 03:38 --------- d-----w c:\program files\Windows Media Connect 2

2008-10-09 21:58 94,208 ----a-w c:\windows\system32\o4Patch.exe

2008-10-09 21:58 94,208 ----a-w c:\windows\system32\IEDFix.C.exe

2008-10-03 01:13 --------- d-----w c:\documents and settings\Mahamed\Application Data\Media Player Classic

2008-10-03 00:49 --------- d-----w c:\program files\Combined Community Codec Pack

2008-10-02 07:53 --------- d-----w c:\program files\Common Files\DVDVideoSoft

2008-10-02 07:53 --------- d-----w c:\program files\AskBarDis

2008-10-01 04:51 98,816 ----a-w c:\windows\system32\VACFix.exe

2008-09-30 05:28 --------- d-----w c:\program files\Xvid

2008-09-25 09:10 --------- d-----w c:\program files\NOS

2008-09-25 09:10 --------- d-----w c:\documents and settings\All Users\Application Data\NOS

2008-09-25 08:13 --------- d-----w c:\documents and settings\Mahamed\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2008-09-25 08:11 --------- d-----w c:\program files\Common Files\Adobe AIR

2008-09-25 08:03 81,920 ----a-w c:\windows\system32\dpl100.dll

2008-09-25 08:03 593,920 ----a-w c:\windows\system32\dpuGUI11.dll

2008-09-25 08:03 57,344 ----a-w c:\windows\system32\dpv11.dll

2008-09-25 08:03 536,576 ----a-w c:\windows\system32\DivXsm.exe

2008-09-25 08:03 53,248 ----a-w c:\windows\system32\dpuGUI10.dll

2008-09-25 08:03 344,064 ----a-w c:\windows\system32\dpus11.dll

2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu11.dll

2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu10.dll

2008-09-25 08:03 196,608 ----a-w c:\windows\system32\dtu100.dll

2008-09-25 08:03 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe

2008-09-23 02:51 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!

2008-09-22 11:00 --------- d-----w c:\program files\Messenger Plus! Live

2008-09-21 02:04 --------- d-----w c:\program files\Windows Live

2008-09-21 02:02 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller

2008-09-21 01:55 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller

2008-09-19 21:57 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll

2008-09-19 21:57 129,784 ----a-w c:\windows\system32\pxafs.dll

2008-09-19 21:57 120,056 ----a-w c:\windows\system32\pxcpyi64.exe

2008-09-19 21:57 118,520 ----a-w c:\windows\system32\pxinsi64.exe

2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll

2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll

2008-09-19 21:54 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll

2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys

2008-09-12 18:30 278,528 ----a-w c:\windows\system32\TubeFinder.exe

2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll

2008-09-08 12:38 99,840 ----a-w c:\windows\system32\AntiXPVSTFix.exe

2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll

.

------- Sigcheck -------

2004-08-04 01:56 14336 5de5b5c556f04f26dd6068267644a8ca c:\windows\$NtServicePackUninstall$\svchost.exe

2008-04-14 06:42 23040 06fcb16ca84dcc11302fd1854b6b246c c:\windows\ServicePackFiles\i386\svchost.exe

2004-08-04 18:56 23040 385a7e4e53c27ae4047816c5ec582f5e c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\svchost.exe

2008-11-21 11:21 23040 06fcb16ca84dcc11302fd1854b6b246c c:\windows\system32\svchost.exe

2004-08-04 01:56 502272 19f92aaf6870b66d25b351e230abc6ea c:\windows\$NtServicePackUninstall$\winlogon.exe

2008-04-14 06:42 516608 808f4f0941af51bd295eded8071a286b c:\windows\ServicePackFiles\i386\winlogon.exe

2004-08-04 18:56 510976 8c45beb4d178e0b993ca55ab14ce53fd c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\winlogon.exe

2004-08-04 01:56 502272 19f92aaf6870b66d25b351e230abc6ea c:\windows\system32\winlogon.exe

2004-08-04 00:14 182912 1df7f42665c94b825322fae71721130d c:\windows\$NtServicePackUninstall$\ndis.sys

2008-04-14 01:50 182656 1df7f42665c94b825322fae71721130d c:\windows\ServicePackFiles\i386\ndis.sys

2004-08-04 17:14 182912 1df7f42665c94b825322fae71721130d c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ndis.sys

2008-11-15 14:19 207360 1df7f42665c94b825322fae71721130d c:\windows\system32\dllcache\ndis.sys

2008-11-15 14:19 207360 1df7f42665c94b825322fae71721130d c:\windows\system32\drivers\ndis.sys

2004-08-04 01:56 1032192 56195559d22a24d39c0d04b954fb1901 c:\windows\explorer.exe

2004-08-04 01:56 1032192 56195559d22a24d39c0d04b954fb1901 c:\windows\$NtServicePackUninstall$\explorer.exe

2008-04-14 06:42 1042432 8aab8f71347002bc2ac64ae0beb5e905 c:\windows\ServicePackFiles\i386\explorer.exe

2004-08-04 18:56 1040896 0c8ec25cd14642a3cd74d794176645b5 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\explorer.exe

2004-08-04 01:56 108032 1800469178c252c5977f711b468c00a1 c:\windows\$NtServicePackUninstall$\services.exe

2008-04-14 06:42 117248 ef1758444f1504c33b79c26a5926d69b c:\windows\ServicePackFiles\i386\services.exe

2004-08-04 18:56 116736 b83fefe879296a209915092ee67437fa c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\services.exe

2004-08-04 01:56 108032 1800469178c252c5977f711b468c00a1 c:\windows\system32\services.exe

2004-08-04 01:56 13312 5877be9b08f740e5bd64e7c86608a93f c:\windows\$NtServicePackUninstall$\lsass.exe

2008-04-14 06:42 22016 0df2519a636ddbf74e43c73f6db43943 c:\windows\ServicePackFiles\i386\lsass.exe

2004-08-04 18:56 22016 0b6bba57a1bb9998e542d911e27b5bd6 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\lsass.exe

2004-08-04 01:56 13312 5877be9b08f740e5bd64e7c86608a93f c:\windows\system32\lsass.exe

2004-08-04 01:56 15360 fe408f07f63eece65f4e3f8ce09030d5 c:\windows\$NtServicePackUninstall$\ctfmon.exe

2008-04-14 06:42 24064 7799f2ecb1713979335e8abc1ec42bcf c:\windows\ServicePackFiles\i386\ctfmon.exe

2004-08-04 18:56 24064 e0e0a63fa6e13fcee9d77d729a14e7b1 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ctfmon.exe

2008-04-14 06:42 15360 b61439f0bc14b836101d6387197715e8 c:\windows\system32\CTFMON.EXE

2005-06-11 11:17 57856 8cfa993f4fdf5568aff15d99765c21d6 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe

2005-06-11 10:53 57856 07763dfe5ea3c14946d4052c56ba377d c:\windows\$NtServicePackUninstall$\spoolsv.exe

2004-08-04 01:56 57856 cb39079b8adca54c691db044351b94bf c:\windows\$NtUninstallKB896423$\spoolsv.exe

2008-04-14 06:42 66560 5a45de4b505cbbc52e4b09706357c050 c:\windows\ServicePackFiles\i386\spoolsv.exe

2004-08-04 18:56 66560 234df4f1361db1af65a3fe7ef06925fe c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\spoolsv.exe

2005-06-11 11:17 57856 8cfa993f4fdf5568aff15d99765c21d6 c:\windows\system32\spoolsv.exe

2004-08-04 01:56 24576 27f29f65bf97a1dd81d50229b5023745 c:\windows\$NtServicePackUninstall$\userinit.exe

2008-04-14 06:42 34816 f7746144dda31959e03610f052c33d92 c:\windows\ServicePackFiles\i386\userinit.exe

2004-08-04 18:56 33280 215be2b305baa8e049760ba95cb8b6ba c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\userinit.exe

2008-04-14 06:42 26112 31c92b93500c4ee80248b3d67acf4480 c:\windows\system32\userinit.exe

.

((((((((((((((((((((((((((((( [email protected]_10.40.06.95 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-11-21 07:03:36 4,475 ----a-w c:\windows\ERDNT\CFUNDO.dat

+ 2008-08-07 04:27:04 175,616 ----a-w c:\windows\ERUNT\SDFIX\ERDNT.EXE

+ 2008-11-15 00:42:34 4,595,712 ----a-w c:\windows\ERUNT\SDFIX\Users\00000001\ntuser.dat

+ 2008-11-15 00:42:34 294,912 ----a-w c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat

+ 2008-08-07 04:27:04 175,616 ----a-w c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE

+ 2008-11-15 00:42:21 4,595,712 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat

+ 2008-11-15 00:42:21 294,912 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat

+ 2008-04-13 19:41:50 61,440 -c--a-w c:\windows\ie7\admparse.dll

+ 2008-04-13 19:41:50 99,840 -c--a-w c:\windows\ie7\advpack.dll

+ 2008-04-13 19:41:52 33,792 -c--a-w c:\windows\ie7\custsat.dll

+ 2008-04-13 19:41:54 357,888 -c--a-w c:\windows\ie7\dxtmsft.dll

+ 2008-04-13 19:41:54 205,312 -c--a-w c:\windows\ie7\dxtrans.dll

+ 2008-04-13 19:41:54 55,808 -c--a-w c:\windows\ie7\extmgr.dll

+ 2008-04-13 19:41:56 38,912 -c--a-w c:\windows\ie7\hmmapi.dll

+ 2008-04-13 19:42:24 34,304 -c--a-w c:\windows\ie7\ie4uinit.exe

+ 2008-04-13 19:41:56 143,360 -c--a-w c:\windows\ie7\ieakeng.dll

+ 2008-04-13 19:41:56 216,576 -c--a-w c:\windows\ie7\ieaksie.dll

+ 2003-03-31 12:00:00 221,184 -c--a-w c:\windows\ie7\ieakui.dll

+ 2008-04-13 19:41:56 323,584 -c--a-w c:\windows\ie7\iedkcs32.dll

+ 2008-04-13 19:42:24 18,432 -c--a-w c:\windows\ie7\iedw.exe

+ 2008-04-13 19:41:56 251,904 -c--a-w c:\windows\ie7\iepeers.dll

+ 2008-04-13 19:41:56 48,640 -c--a-w c:\windows\ie7\iernonce.dll

+ 2008-04-13 19:41:56 62,976 -c--a-w c:\windows\ie7\iesetup.dll

+ 2008-04-13 19:42:24 93,184 -c--a-w c:\windows\ie7\iexplore.exe

+ 2008-04-13 19:41:56 35,840 -c--a-w c:\windows\ie7\imgutil.dll

+ 2008-04-13 19:41:56 96,256 -c--a-w c:\windows\ie7\inseng.dll

+ 2008-04-13 19:41:58 15,872 -c--a-w c:\windows\ie7\jsproxy.dll

+ 2008-04-13 19:41:58 22,016 -c--a-w c:\windows\ie7\licmgr10.dll

+ 2008-04-13 19:42:28 37,888 -c--a-w c:\windows\ie7\mshta.exe

+ 2008-08-20 05:30:53 3,067,904 -c--a-w c:\windows\ie7\mshtml.dll

+ 2008-04-13 19:42:00 449,024 -c--a-w c:\windows\ie7\mshtmled.dll

+ 2008-04-13 11:56:28 56,832 -c--a-w c:\windows\ie7\mshtmler.dll

+ 2003-03-31 12:00:00 146,432 -c--a-w c:\windows\ie7\msls31.dll

+ 2008-04-13 19:42:02 146,432 -c--a-w c:\windows\ie7\msrating.dll

+ 2008-04-13 19:42:02 532,480 -c--a-w c:\windows\ie7\mstime.dll

+ 2008-04-13 19:42:04 96,256 -c--a-w c:\windows\ie7\occache.dll

+ 2008-04-13 19:42:04 39,424 -c--a-w c:\windows\ie7\pngfilt.dll

+ 2007-08-13 07:54:42 32,960 -c--a-w c:\windows\ie7\spuninst\iecustom.dll

+ 2007-08-13 07:52:06 66,048 -c--a-w c:\windows\ie7\spuninst\ieResetIcons.exe

+ 2006-09-06 06:43:16 213,216 -c--a-w c:\windows\ie7\spuninst\spuninst.exe

+ 2006-09-06 06:43:18 371,424 -c--a-w c:\windows\ie7\spuninst\updspapi.dll

+ 2008-04-13 19:42:10 37,888 -c--a-w c:\windows\ie7\url.dll

+ 2008-08-20 05:30:52 619,520 -c--a-w c:\windows\ie7\urlmon.dll

+ 2008-04-13 19:42:10 851,968 -c--a-w c:\windows\ie7\vgx.dll

+ 2008-04-13 19:42:10 276,480 -c--a-w c:\windows\ie7\webcheck.dll

+ 2008-08-20 05:30:51 666,112 -c--a-w c:\windows\ie7\wininet.dll

- 2008-04-13 19:41:50 61,440 ----a-w c:\windows\system32\admparse.dll

+ 2007-08-13 07:39:20 71,680 ----a-w c:\windows\system32\admparse.dll

- 2008-04-13 19:41:50 99,840 ----a-w c:\windows\system32\advpack.dll

+ 2007-08-13 07:39:00 123,904 ----a-w c:\windows\system32\advpack.dll

+ 2008-11-20 13:24:00 32,768 --sha-w c:\windows\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\UserData\index.dat

- 2008-11-14 23:33:52 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2008-11-21 00:21:58 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat

- 2008-11-14 23:33:52 65,536 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2008-11-21 00:21:58 327,680 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2008-11-21 00:25:28 49,152 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008112120081122\index.dat

- 2008-11-14 23:33:55 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2008-11-21 00:21:58 327,680 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2007-08-13 07:39:20 71,680 -c----w c:\windows\system32\dllcache\admparse.dll

+ 2007-08-13 07:39:00 123,904 -c----w c:\windows\system32\dllcache\advpack.dll

+ 2006-09-23 02:12:50 1,022,976 -c----w c:\windows\system32\dllcache\browseui.dll

+ 2007-08-13 07:42:54 17,408 -c----w c:\windows\system32\dllcache\corpol.dll

- 2008-04-13 19:41:52 33,792 -c--a-w c:\windows\system32\dllcache\custsat.dll

+ 2007-08-13 07:54:10 33,792 -c--a-w c:\windows\system32\dllcache\custsat.dll

+ 2007-08-13 07:35:46 346,624 -c----w c:\windows\system32\dllcache\dxtmsft.dll

+ 2007-08-13 07:35:38 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll

+ 2007-08-13 07:54:10 131,584 -c----w c:\windows\system32\dllcache\extmgr.dll

+ 2007-08-13 07:18:02 60,416 -c----w c:\windows\system32\dllcache\hmmapi.dll

+ 2007-08-13 07:39:06 54,784 -c----w c:\windows\system32\dllcache\ie4uinit.exe

+ 2007-08-13 07:39:26 152,064 -c----w c:\windows\system32\dllcache\ieakeng.dll

+ 2007-08-13 07:39:54 229,376 -c----w c:\windows\system32\dllcache\ieaksie.dll

- 2003-03-31 12:00:00 221,184 -c--a-w c:\windows\system32\dllcache\ieakui.dll

+ 2007-08-13 06:56:54 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll

+ 2007-08-13 07:39:50 382,976 -c----w c:\windows\system32\dllcache\iedkcs32.dll

+ 2007-08-13 07:44:02 69,120 -c----w c:\windows\system32\dllcache\iedw.exe

+ 2007-08-13 07:45:18 78,336 -c----w c:\windows\system32\dllcache\ieencode.dll

+ 2007-08-13 07:54:10 191,488 -c----w c:\windows\system32\dllcache\iepeers.dll

+ 2007-08-13 07:39:10 43,008 -c----w c:\windows\system32\dllcache\iernonce.dll

+ 2007-08-13 07:39:12 55,296 -c----w c:\windows\system32\dllcache\iesetup.dll

+ 2007-08-13 07:43:56 622,080 -c----w c:\windows\system32\dllcache\iexplore.exe

+ 2007-08-13 07:36:06 36,352 -c----w c:\windows\system32\dllcache\imgutil.dll

+ 2007-08-13 07:39:02 92,672 -c----w c:\windows\system32\dllcache\inseng.dll

+ 2007-08-13 07:38:04 491,520 -c----w c:\windows\system32\dllcache\jscript.dll

+ 2007-08-13 07:54:10 27,136 -c----w c:\windows\system32\dllcache\jsproxy.dll

+ 2007-08-13 07:44:18 40,960 -c----w c:\windows\system32\dllcache\licmgr10.dll

+ 2007-08-13 07:32:30 45,568 -c----w c:\windows\system32\dllcache\mshta.exe

- 2008-08-20 05:30:53 3,067,904 -c--a-w c:\windows\system32\dllcache\mshtml.dll

+ 2007-08-13 07:54:12 3,578,368 -c--a-w c:\windows\system32\dllcache\mshtml.dll

+ 2007-08-13 07:54:10 475,648 -c----w c:\windows\system32\dllcache\mshtmled.dll

+ 2007-08-13 07:01:12 48,128 -c----w c:\windows\system32\dllcache\mshtmler.dll

- 2003-03-31 12:00:00 146,432 -c--a-w c:\windows\system32\dllcache\msls31.dll

+ 2007-08-13 07:54:10 156,160 -c--a-w c:\windows\system32\dllcache\msls31.dll

+ 2007-08-13 07:44:26 192,000 -c----w c:\windows\system32\dllcache\msrating.dll

+ 2007-08-13 07:54:10 670,720 -c----w c:\windows\system32\dllcache\mstime.dll

+ 2007-08-13 07:44:06 101,376 -c----w c:\windows\system32\dllcache\occache.dll

+ 2007-08-13 07:36:12 44,544 -c----w c:\windows\system32\dllcache\pngfilt.dll

+ 2006-09-23 02:12:50 474,112 -c----w c:\windows\system32\dllcache\shlwapi.dll

+ 2007-08-13 07:44:30 105,984 -c----w c:\windows\system32\dllcache\url.dll

- 2008-08-20 05:30:52 619,520 -c--a-w c:\windows\system32\dllcache\urlmon.dll

+ 2007-08-13 07:54:10 1,162,240 -c--a-w c:\windows\system32\dllcache\urlmon.dll

+ 2007-08-13 07:54:10 413,696 -c----w c:\windows\system32\dllcache\vbscript.dll

+ 2007-08-13 07:54:10 765,952 -c----w c:\windows\system32\dllcache\VGX.dll

+ 2007-08-13 07:54:10 231,424 -c----w c:\windows\system32\dllcache\webcheck.dll

- 2008-08-20 05:30:51 666,112 -c--a-w c:\windows\system32\dllcache\wininet.dll

+ 2007-08-13 07:54:10 818,688 -c--a-w c:\windows\system32\dllcache\wininet.dll

- 2008-04-13 19:41:54 357,888 ----a-w c:\windows\system32\dxtmsft.dll

+ 2007-08-13 07:35:46 346,624 ----a-w c:\windows\system32\dxtmsft.dll

- 2008-04-13 19:41:54 205,312 ----a-w c:\windows\system32\dxtrans.dll

+ 2007-08-13 07:35:38 214,528 ----a-w c:\windows\system32\dxtrans.dll

- 2008-04-13 19:41:54 55,808 ----a-w c:\windows\system32\extmgr.dll

+ 2007-08-13 07:54:10 131,584 ----a-w c:\windows\system32\extmgr.dll

- 2008-11-14 23:20:25 264,616 ----a-w c:\windows\system32\FNTCACHE.DAT

+ 2008-11-17 05:49:16 264,616 ----a-w c:\windows\system32\FNTCACHE.DAT

+ 2007-08-13 07:36:26 61,952 ----a-w c:\windows\system32\icardie.dll

- 2008-04-13 19:42:24 34,304 ----a-w c:\windows\system32\ie4uinit.exe

+ 2007-08-13 07:39:06 63,488 ----a-w c:\windows\system32\ie4uinit.exe

- 2008-04-13 19:41:56 143,360 ----a-w c:\windows\system32\ieakeng.dll

+ 2007-08-13 07:39:26 152,064 ----a-w c:\windows\system32\ieakeng.dll

- 2008-04-13 19:41:56 216,576 ----a-w c:\windows\system32\ieaksie.dll

+ 2007-08-13 07:39:54 229,376 ----a-w c:\windows\system32\ieaksie.dll

- 2003-03-31 12:00:00 221,184 ----a-w c:\windows\system32\ieakui.dll

+ 2007-08-13 06:56:54 161,792 ----a-w c:\windows\system32\ieakui.dll

+ 2007-02-12 05:10:12 2,451,312 ----a-w c:\windows\system32\ieapfltr.dat

+ 2007-07-11 01:27:48 383,488 ----a-w c:\windows\system32\ieapfltr.dll

- 2008-04-13 19:41:56 323,584 ----a-w c:\windows\system32\iedkcs32.dll

+ 2007-08-13 07:39:50 382,976 ----a-w c:\windows\system32\iedkcs32.dll

+ 2007-08-13 07:54:10 6,049,280 ----a-w c:\windows\system32\ieframe.dll

- 2008-04-13 19:41:56 251,904 ----a-w c:\windows\system32\iepeers.dll

+ 2007-08-13 07:54:10 191,488 ----a-w c:\windows\system32\iepeers.dll

- 2008-04-13 19:41:56 48,640 ----a-w c:\windows\system32\iernonce.dll

+ 2007-08-13 07:39:10 43,008 ----a-w c:\windows\system32\iernonce.dll

+ 2007-08-13 07:34:04 266,752 ----a-w c:\windows\system32\iertutil.dll

- 2008-04-13 19:41:56 62,976 ----a-w c:\windows\system32\iesetup.dll

+ 2007-08-13 07:39:12 55,296 ----a-w c:\windows\system32\iesetup.dll

- 2008-08-25 08:38:00 13,824 ----a-w c:\windows\system32\ieudinit.exe

+ 2007-08-13 07:39:10 22,016 ----a-w c:\windows\system32\ieudinit.exe

+ 2007-08-13 07:54:10 180,736 ----a-w c:\windows\system32\ieui.dll

- 2008-04-13 19:41:56 35,840 ----a-w c:\windows\system32\imgutil.dll

+ 2007-08-13 07:36:06 36,352 ----a-w c:\windows\system32\imgutil.dll

- 2008-04-13 19:41:56 96,256 ----a-w c:\windows\system32\inseng.dll

+ 2007-08-13 07:39:02 92,672 ----a-w c:\windows\system32\inseng.dll

- 2008-04-13 19:41:58 15,872 ----a-w c:\windows\system32\jsproxy.dll

+ 2007-08-13 07:54:10 27,136 ----a-w c:\windows\system32\jsproxy.dll

- 2008-04-13 19:41:58 22,016 ----a-w c:\windows\system32\licmgr10.dll

+ 2007-08-13 07:44:18 40,960 ----a-w c:\windows\system32\licmgr10.dll

+ 2007-08-13 07:54:10 458,752 ----a-w c:\windows\system32\msfeeds.dll

+ 2007-08-13 07:54:10 50,688 ----a-w c:\windows\system32\msfeedsbs.dll

+ 2007-08-13 07:36:40 20,992 ----a-w c:\windows\system32\msfeedssync.exe

- 2008-04-13 19:42:28 37,888 ----a-w c:\windows\system32\mshta.exe

+ 2007-08-13 07:32:30 54,272 ----a-w c:\windows\system32\mshta.exe

- 2008-08-20 05:30:53 3,067,904 ----a-w c:\windows\system32\mshtml.dll

+ 2007-08-13 07:54:12 3,578,368 ----a-w c:\windows\system32\mshtml.dll

- 2008-04-13 19:42:00 449,024 ----a-w c:\windows\system32\mshtmled.dll

+ 2007-08-13 07:54:10 475,648 ----a-w c:\windows\system32\mshtmled.dll

- 2008-04-13 11:56:28 56,832 ----a-w c:\windows\system32\mshtmler.dll

+ 2007-08-13 07:01:12 48,128 ----a-w c:\windows\system32\mshtmler.dll

- 2003-03-31 12:00:00 146,432 ----a-w c:\windows\system32\msls31.dll

+ 2007-08-13 07:54:10 156,160 ----a-w c:\windows\system32\msls31.dll

- 2008-04-13 19:42:02 146,432 ----a-w c:\windows\system32\msrating.dll

+ 2007-08-13 07:44:26 192,000 ----a-w c:\windows\system32\msrating.dll

- 2008-04-13 19:42:02 532,480 ----a-w c:\windows\system32\mstime.dll

+ 2007-08-13 07:54:10 670,720 ----a-w c:\windows\system32\mstime.dll

- 2008-04-13 19:42:04 96,256 ----a-w c:\windows\system32\occache.dll

+ 2007-08-13 07:44:06 101,376 ----a-w c:\windows\system32\occache.dll

- 2008-04-13 19:42:04 39,424 ----a-w c:\windows\system32\pngfilt.dll

+ 2007-08-13 07:36:12 44,544 ----a-w c:\windows\system32\pngfilt.dll

- 2008-11-10 07:43:20 270,584 ----a-w c:\windows\system32\Restore\rstrlog.dat

+ 2008-11-20 12:18:36 363,188 ----a-w c:\windows\system32\Restore\rstrlog.dat

- 2008-04-13 19:42:10 37,888 ----a-w c:\windows\system32\url.dll

+ 2007-08-13 07:44:30 105,984 ----a-w c:\windows\system32\url.dll

- 2008-08-20 05:30:52 619,520 ----a-w c:\windows\system32\urlmon.dll

+ 2007-08-13 07:54:10 1,162,240 ----a-w c:\windows\system32\urlmon.dll

- 2008-04-13 19:42:10 276,480 ----a-w c:\windows\system32\webcheck.dll

+ 2007-08-13 07:54:10 231,424 ----a-w c:\windows\system32\webcheck.dll

+ 2007-08-13 07:45:16 215,040 ----a-w c:\windows\system32\WinFXDocObj.exe

- 2008-08-20 05:30:51 666,112 ----a-w c:\windows\system32\wininet.dll

+ 2007-08-13 07:54:10 818,688 ----a-w c:\windows\system32\wininet.dll

+ 2008-11-21 07:10:26 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_674.dat

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17872498-72C4-43D3-88ED-AAB13B850F4D}]

2008-11-21 18:16 247296 --a------ c:\windows\system32\ddcCuspQ.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E007A5F-299F-44FC-8B6B-F06B61867A2E}]

2008-11-21 00:09 38400 --a------ c:\windows\system32\geBrOefg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BF95FDC3-8AA3-4480-833F-A5CB31A26602}]

2008-11-20 15:42 245760 --a------ c:\windows\system32\pmnnLEXo.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"reader"="c:\windows\System32\reader.exe" [2008-11-21 31744]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-06 136600]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-28 185872]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"NvSvc"="c:\windows\system32\nvsvc32.exe" [2008-11-19 64512]

"System Config Boot"="syscgboot.exe" [2008-11-03 c:\windows\system32\syscgboot.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

"{4E007A5F-299F-44FC-8B6B-F06B61867A2E}"= "c:\windows\system32\geBrOefg.dll" [2008-11-21 38400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon]

2008-07-23 16:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcDUkIy]

2008-11-20 15:36 38400 c:\windows\system32\efcDUkIy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBrOefg]

2008-11-21 00:09 38400 c:\windows\system32\geBrOefg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

"vidc.3IV2"= 3ivxVfWCodec.dll

"vidc.SEDG"= SamsungVfWCodec.dll

"vidc.DX50"= DivXVfWCodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 c:\windows\system32\ddcCuspQ

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WG111v2 Smart Wizard Wireless Setting.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WG111v2 Smart Wizard Wireless Setting.lnk

backup=c:\windows\pss\WG111v2 Smart Wizard Wireless Setting.lnkCommon Startup

[HKLM\~\startupfolder\c:^documents and settings^all users^start menu^programs^startup^windows search.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\c:^documents and settings^mahamed^start menu^programs^startup^limewire on startup.lnk]

path=c:\documents and settings\Mahamed\Start Menu\Programs\Startup\LimeWire On Startup.lnk

backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

--a------ 2008-11-07 19:16 342336 c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2008-04-14 06:42 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2008-10-28 03:43 185872 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\MBAM.EXE"=

"c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=

"c:\\WINDOWS\\system32\\nvsvc32.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6112:TCP"= 6112:TCP:WarcraftIII

"6112:UDP"= 6112:UDP:WarcraftIII

R3 genmcmnusb;USB Scroll Mouse Driver;c:\windows\system32\DRIVERS\gflmouhid.sys [2004-04-19 6656]

S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-09-25 33752]

.

- - - - ORPHANS REMOVED - - - -

BHO-{97945ADD-8D6C-4842-B17D-E843D3F6F650} - c:\windows\system32\jkkLBstS.dll

HKCU-Run-rs32net - c:\windows\System32\rs32net.exe

HKU-Default-Run-rs32net - c:\windows\System32\rs32net.exe

.

------- Supplementary Scan -------

.

FireFox -: Profile - c:\documents and settings\Mahamed\Application Data\Mozilla\Firefox\Profiles\hv8n2fz6.default\

FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll

FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll

FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll

FF -: plugin - c:\program files\Mozilla Firefox\plugins\np_gp.dll

FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-21 18:10:36

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

c:\windows\system32\syscgboot.exe [1372] 0x832A2DA0

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\system32\svchost(2)(2).exe:ext.exe 25088 bytes executable

c:\windows\system32\ddcCuspQ.dll 247296 bytes executable

scan completed successfully

hidden files: 2

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: c:\windows\system32\winlogon.exe

-> c:\windows\system32\geBrOefg.dll

-> c:\windows\system32\mlJYsrPh.dll

PROCESS: c:\windows\explorer.exe

-> c:\windows\system32\ynubdaxm.dll

-> c:\windows\system32\ddcCuspQ.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Lavasoft\Ad-Aware\aawservice.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\RUNDLL32.EXE

.

**************************************************************************

.

Completion time: 2008-11-21 18:19:37 - machine was rebooted

ComboFix-quarantined-files.txt 2008-11-21 07:19:18

ComboFix2.txt 2008-11-16 00:40:56

ComboFix3.txt 2008-11-15 04:34:58

ComboFix4.txt 2008-11-15 01:30:39

ComboFix5.txt 2008-11-21 06:49:25

Pre-Run: 59,606,605,824 bytes free

Post-Run: 59,689,213,952 bytes free

604 --- E O F --- 2008-11-15 13:26:13

Rorschach112 · November 21, 2008

Hello

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

file::
c:\windows\system32\geBrOefg.dll

c:\windows\system32\B.tmp

c:\windows\system32\14.tmp

c:\windows\system32\geBsSLDw.dll

c:\windows\system32\18.tmp

c:\windows\system32\1B.tmp

c:\windows\system32\3.tmp

c:\windows\system32\7.tmp

c:\windows\system32\pmnnLEXo.dll

c:\windows\system32\efcDUkIy.dll

c:\windows\system32\2.tmp

c:\windows\system32\5.tmp

c:\windows\system32\A2.tmp

c:\windows\system32\7B.tmp

c:\windows\system32\16.tmp

c:\windows\system32\12.tmp

c:\windows\system32\67.tmp

c:\windows\system32\6A.tmp

c:\windows\system32\8.tmp

c:\windows\system32\C.tmp

c:\windows\system32\20.tmp

c:\windows\system32\17.tmp

c:\windows\system32\11.tmp

c:\windows\system32\10.tmp

c:\windows\system32\F.tmp

c:\windows\system32\13.tmp

c:\windows\system32\DC2.tmp

c:\windows\system32\DC5.tmp

c:\windows\system32\DC1.tmp

c:\windows\system32\81.tmp

c:\windows\system32\7E.tmp

c:\windows\system32\7D.tmp

c:\windows\system32\74.tmp

c:\windows\system32\77.tmp

c:\windows\system32\70.tmp

c:\windows\system32\reader.exe

c:\windows\system32\2F.tmp

c:\windows\system32\2E.tmp

c:\windows\system32\32.tmp

c:\windows\system32\syscgboot.exe

c:\windows\system32\4E.tmp

c:\windows\system32\50.tmp

c:\windows\system32\35.tmp

c:\windows\system32\37.tmp

c:\windows\system32\88.tmp

c:\windows\system32\8A.tmp

c:\windows\system32\2A.tmp

c:\windows\system32\2D.tmp

c:\program files\Common Files\ynojysu.ban

c:\program files\gapa.ini

Folder::

Registry::

Driver::

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Morphling · November 21, 2008

ComboFix 08-11-21.03 - Mahamed 2008-11-22 8:44:00.6 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.158 [GMT 11:00]

Running from: c:\documents and settings\Mahamed\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Mahamed\Desktop\CFScript.txt

* Created a new restore point

FILE ::

c:\program files\Common Files\ynojysu.ban

c:\program files\gapa.ini

c:\windows\system32\10.tmp

c:\windows\system32\11.tmp

c:\windows\system32\12.tmp

c:\windows\system32\13.tmp

c:\windows\system32\14.tmp

c:\windows\system32\16.tmp

c:\windows\system32\17.tmp

c:\windows\system32\18.tmp

c:\windows\system32\1B.tmp

c:\windows\system32\2.tmp

c:\windows\system32\20.tmp

c:\windows\system32\2A.tmp

c:\windows\system32\2D.tmp

c:\windows\system32\2E.tmp

c:\windows\system32\2F.tmp

c:\windows\system32\3.tmp

c:\windows\system32\32.tmp

c:\windows\system32\35.tmp

c:\windows\system32\37.tmp

c:\windows\system32\4E.tmp

c:\windows\system32\5.tmp

c:\windows\system32\50.tmp

c:\windows\system32\67.tmp

c:\windows\system32\6A.tmp

c:\windows\system32\7.tmp

c:\windows\system32\70.tmp

c:\windows\system32\74.tmp

c:\windows\system32\77.tmp

c:\windows\system32\7B.tmp

c:\windows\system32\7D.tmp

c:\windows\system32\7E.tmp

c:\windows\system32\8.tmp

c:\windows\system32\81.tmp

c:\windows\system32\88.tmp

c:\windows\system32\8A.tmp

c:\windows\system32\A2.tmp

c:\windows\system32\B.tmp

c:\windows\system32\C.tmp

c:\windows\system32\DC1.tmp

c:\windows\system32\DC2.tmp

c:\windows\system32\DC5.tmp

c:\windows\system32\efcDUkIy.dll

c:\windows\system32\F.tmp

c:\windows\system32\geBrOefg.dll

c:\windows\system32\geBsSLDw.dll

c:\windows\system32\pmnnLEXo.dll

c:\windows\system32\reader.exe

c:\windows\system32\syscgboot.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\Common Files\ynojysu.ban

c:\program files\gapa.ini

c:\windows\system32\__c00935A2.dat

c:\windows\system32\10.tmp

c:\windows\system32\11.tmp

c:\windows\system32\12.tmp

c:\windows\system32\13.tmp

c:\windows\system32\14.tmp

c:\windows\system32\16.tmp

c:\windows\system32\17.tmp

c:\windows\system32\18.tmp

c:\windows\system32\1B.tmp

c:\windows\system32\2.tmp

c:\windows\system32\20.tmp

c:\windows\system32\2A.tmp

c:\windows\system32\2D.tmp

c:\windows\system32\2E.tmp

c:\windows\system32\2F.tmp

c:\windows\system32\3.tmp

c:\windows\system32\32.tmp

c:\windows\system32\35.tmp

c:\windows\system32\37.tmp

c:\windows\system32\4E.tmp

c:\windows\system32\5.tmp

c:\windows\system32\50.tmp

c:\windows\system32\67.tmp

c:\windows\system32\6A.tmp

c:\windows\system32\7.tmp

c:\windows\system32\70.tmp

c:\windows\system32\74.tmp

c:\windows\system32\77.tmp

c:\windows\system32\7B.tmp

c:\windows\system32\7D.tmp

c:\windows\system32\7E.tmp

c:\windows\system32\8.tmp

c:\windows\system32\81.tmp

c:\windows\system32\88.tmp

c:\windows\system32\8A.tmp

c:\windows\system32\A2.tmp

c:\windows\system32\adpsshco.dll

c:\windows\system32\B.tmp

c:\windows\system32\brastk.exe

c:\windows\system32\C.tmp

c:\windows\system32\DC1.tmp

c:\windows\system32\DC2.tmp

c:\windows\system32\DC5.tmp

c:\windows\system32\ddcCuspQ.dll

c:\windows\system32\DelSelf.bat

c:\windows\system32\drivers\ntndis.exe

c:\windows\system32\drivers\ntndis.sys

c:\windows\system32\efcDUkIy.dll

c:\windows\system32\F.tmp

c:\windows\system32\geBrOefg.dll

c:\windows\system32\geBsSLDw.dll

c:\windows\system32\jonyyq.dll

c:\windows\system32\mlJYsrPh.dll

c:\windows\system32\mxadbuny.ini

c:\windows\system32\pmnnLEXo.dll

c:\windows\system32\QpsuCcdd.ini

c:\windows\system32\QpsuCcdd.ini2

c:\windows\system32\reader.exe

c:\windows\system32\syscgboot.exe

c:\windows\system32\ynubdaxm.dll

c:\windows\system32\lsass.exe . . . is infected!!

c:\windows\system32\winlogon.exe . . . is infected!!

c:\windows\system32\services.exe . . . is infected!!

c:\windows\system32\svchost.exe . . . is infected!!

c:\windows\system32\spoolsv.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!!

.

((((((((((((((((((((((((( Files Created from 2008-10-21 to 2008-11-21 )))))))))))))))))))))))))))))))

.

2008-12-22 15:59 . 2008-12-22 15:59 447,200 --a------ c:\windows\system32\OpenQuicktimeLib.dll

2008-12-22 15:59 . 2008-12-22 15:59 332,512 --a------ c:\windows\system32\3ivxVfWCodec.dll

2008-12-22 15:59 . 2008-12-22 15:59 25,312 --a------ c:\windows\system32\SamsungVfWCodec.dll

2008-12-22 15:59 . 2008-12-22 15:59 25,312 --a------ c:\windows\system32\DivXVfWCodec.dll

2008-12-22 15:58 . 2008-12-22 15:58 1,155,808 --a------ c:\windows\system32\3ivx.dll

2008-12-22 15:52 . 2008-12-22 15:52 66,272 --a------ c:\windows\system32\libfaac.dll

2008-11-21 22:58 . 2008-11-21 22:58 44,032 --a------ c:\windows\system32\B3.tmp

2008-11-21 22:58 . 2008-11-21 22:58 48 --a------ c:\windows\system32\B2.tmp

2008-11-21 22:58 . 2008-11-21 22:58 0 --a------ c:\windows\system32\B4.tmp

2008-11-21 18:22 . 2008-11-21 18:22 51,200 --a------ c:\windows\system32\xjwhlewq.dll