Skip to main content

Many websites don't work and keep getting infected with Rogue.Antispywares

Comments

70 comments

  • Customer

    Hello

     

    Disable resident protections (Antivirus...); you'll re-enable them after the scan

     

    Download Lop S&D < here

     

    Double-click Lop S&D.exe

    Choose the language, then choose Option 1 (Search)

    Wait till the end of the scan

    Post the log which is created: (%SystemDrive%\lopR.txt)

    0
  • Customer

    Hi Rorschach112 and Thanks for the help.

     

    I forgot to mention that i have to Send Error Reports for 1076308579.exe and psyche.exe at startup.

     

    Here is the LopS&D Log :

     

     

    --------------------\\ Lop S&D 4.2.4-9c XP/Vista

     

    Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3

    X86-based PC ( Uniprocessor Free : Intel Celeron processor )

    BIOS : Version 3.06

    USER : Mahamed ( Administrator )

    BOOT : Normal boot

    A:\ (USB)

    C:\ (Local Disk) - NTFS - Total:74 Go (Free:55 Go)

     

    "C:\Lop SD" ( MAJ : 01-11-2008|16:30 )

    Option : [1] ( Sat 15/11/2008| 8:39 )

     

    --------------------\\ Listing folders in APPLIC~1

     

    [12/11/2008|08:05] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

     

    [15/11/2008|08:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe

    [25/10/2008|05:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg8

    [12/11/2008|04:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ESET

    [18/10/2008|02:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\gbgjghcz

    [15/09/2008|05:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\gvwrifqb

    [15/09/2008|05:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft

    [15/09/2008|05:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes

    [23/09/2008|01:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!

    [27/10/2008|12:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft

    [12/11/2008|04:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help

    [03/11/2008|09:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6

    [25/09/2008|08:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS

    [09/11/2008|09:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Okay meta anti lite

    [26/10/2008|10:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real

    [17/09/2008|12:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SITEguard

    [03/11/2008|04:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\STOPzilla!

    [04/11/2008|10:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com

    [13/09/2008|11:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec

    [15/09/2008|04:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP

    [17/09/2008|12:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

    [21/09/2008|12:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

     

    [13/09/2008|11:42] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

     

    [25/10/2008|08:09] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

     

    [26/09/2008|05:00] C:\DOCUME~1\Mahamed\APPLIC~1\Adobe

    [12/11/2008|10:57] C:\DOCUME~1\Mahamed\APPLIC~1\Apple Computer

    [25/09/2008|07:13] C:\DOCUME~1\Mahamed\APPLIC~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

    [12/11/2008|10:42] C:\DOCUME~1\Mahamed\APPLIC~1\Comodo

    [07/11/2008|08:25] C:\DOCUME~1\Mahamed\APPLIC~1\DivX

    [10/11/2008|11:07] C:\DOCUME~1\Mahamed\APPLIC~1\DNA

    [15/09/2008|02:13] C:\DOCUME~1\Mahamed\APPLIC~1\Help

    [13/09/2008|11:53] C:\DOCUME~1\Mahamed\APPLIC~1\Identities

    [14/11/2008|02:15] C:\DOCUME~1\Mahamed\APPLIC~1\LimeWire

    [09/11/2008|09:11] C:\DOCUME~1\Mahamed\APPLIC~1\loadmeetwin

    [14/09/2008|12:10] C:\DOCUME~1\Mahamed\APPLIC~1\Macromedia

    [15/09/2008|05:03] C:\DOCUME~1\Mahamed\APPLIC~1\Malwarebytes

    [03/10/2008|12:13] C:\DOCUME~1\Mahamed\APPLIC~1\Media Player Classic

    [28/10/2008|08:37] C:\DOCUME~1\Mahamed\APPLIC~1\Microsoft

    [10/11/2008|07:02] C:\DOCUME~1\Mahamed\APPLIC~1\Mozilla

    [03/11/2008|01:16] C:\DOCUME~1\Mahamed\APPLIC~1\MSN6

    [28/10/2008|03:44] C:\DOCUME~1\Mahamed\APPLIC~1\Real

    [06/11/2008|10:02] C:\DOCUME~1\Mahamed\APPLIC~1\Sun

    [04/11/2008|10:07] C:\DOCUME~1\Mahamed\APPLIC~1\SUPERAntiSpyware.com

    [14/09/2008|12:18] C:\DOCUME~1\Mahamed\APPLIC~1\Uniblue

    [21/10/2008|05:31] C:\DOCUME~1\Mahamed\APPLIC~1\uTorrent

    [25/10/2008|07:18] C:\DOCUME~1\Mahamed\APPLIC~1\Windows Desktop Search

    [03/11/2008|08:04] C:\DOCUME~1\Mahamed\APPLIC~1\Windows Search

    [15/09/2008|04:57] C:\DOCUME~1\Mahamed\APPLIC~1\WinRAR

     

    [25/10/2008|05:14] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

     

    --------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

     

    [14/11/2008 11:00][--ah-----] C:\WINDOWS\tasks\ABAF221991D0D625.job

    [15/11/2008 08:15][--ah-----] C:\WINDOWS\tasks\SA.DAT

    [31/03/2003 11:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

     

    ( ABAF221991D0D625.job )=( c:\docume~1\mahamed\applic~1\loadme~1\MESSENCWMA.exe )

     

    --------------------\\ Listing Folders in C:\Program Files

     

    [09/11/2008|10:56] C:\Program Files\3ivx

    [15/11/2008|08:19] C:\Program Files\Adobe

    [10/11/2008|05:56] C:\Program Files\Alwil Software

    [02/10/2008|06:53] C:\Program Files\AskBarDis

    [16/09/2008|12:46] C:\Program Files\AVG

    [03/10/2008|11:49] C:\Program Files\Combined Community Codec Pack

    [13/11/2008|06:19] C:\Program Files\Common Files

    [12/11/2008|10:42] C:\Program Files\COMODO

    [13/09/2008|11:38] C:\Program Files\ComPlus Applications

    [25/10/2008|07:14] C:\Program Files\CONEXANT

    [13/09/2008|11:54] C:\Program Files\DIFX

    [07/11/2008|05:17] C:\Program Files\DivX

    [10/11/2008|06:45] C:\Program Files\DNA

    [11/11/2008|03:27] C:\Program Files\DomPlayer

    [12/11/2008|06:28] C:\Program Files\Enigma Software Group

    [12/11/2008|04:24] C:\Program Files\Free FLV Converter

    [12/11/2008|07:02] C:\Program Files\Internet Explorer

    [06/11/2008|10:27] C:\Program Files\Java

    [13/11/2008|06:35] C:\Program Files\Lavasoft

    [13/11/2008|01:26] C:\Program Files\LimeWire

    [09/11/2008|09:10] C:\Program Files\loadmeetwin

    [12/11/2008|04:24] C:\Program Files\Malwarebytes' Anti-Malware

    [12/11/2008|04:18] C:\Program Files\Messenger

    [22/09/2008|10:00] C:\Program Files\Messenger Plus! Live

    [13/09/2008|11:43] C:\Program Files\microsoft frontpage

    [19/09/2008|02:13] C:\Program Files\Microsoft Office

    [19/09/2008|02:05] C:\Program Files\Microsoft Visual Studio

    [19/09/2008|02:15] C:\Program Files\Microsoft Works

    [19/09/2008|02:01] C:\Program Files\Microsoft.NET

    [16/09/2008|10:37] C:\Program Files\Movie Maker

    [15/11/2008|08:36] C:\Program Files\Mozilla Firefox

    [19/09/2008|02:14] C:\Program Files\MSBuild

    [13/09/2008|11:37] C:\Program Files\MSN

    [13/09/2008|11:36] C:\Program Files\MSN Gaming Zone

    [16/09/2008|10:31] C:\Program Files\NetMeeting

    [25/09/2008|08:10] C:\Program Files\NOS

    [13/09/2008|11:41] C:\Program Files\Online Services

    [12/11/2008|04:18] C:\Program Files\Outlook Express

    [12/11/2008|04:24] C:\Program Files\QuickGamma

    [13/11/2008|06:20] C:\Program Files\QuickTime

    [28/10/2008|03:43] C:\Program Files\Real

    [26/10/2008|10:21] C:\Program Files\Real Alternative

    [13/11/2008|05:25] C:\Program Files\RogueRemover FREE

    [09/11/2008|09:40] C:\Program Files\Service Packs

    [03/11/2008|09:15] C:\Program Files\Smart Virus Remover

    [06/11/2008|10:31] C:\Program Files\Sun

    [13/11/2008|05:23] C:\Program Files\SUPERAntiSpyware

    [14/11/2008|07:54] C:\Program Files\Trend Micro

    [13/09/2008|11:52] C:\Program Files\Uninstall Information

    [25/10/2008|07:16] C:\Program Files\Windows Desktop Search

    [21/09/2008|01:04] C:\Program Files\Windows Live

    [18/10/2008|02:38] C:\Program Files\Windows Media Connect 2

    [12/11/2008|04:17] C:\Program Files\Windows Media Player

    [16/09/2008|10:31] C:\Program Files\Windows NT

    [14/09/2008|12:05] C:\Program Files\WindowsUpdate

    [12/11/2008|04:24] C:\Program Files\WinRAR

    [18/10/2008|02:12] C:\Program Files\wzxtkhb

    [13/09/2008|11:43] C:\Program Files\xerox

    [30/09/2008|04:28] C:\Program Files\Xvid

     

    --------------------\\ Listing Folders in C:\Program Files\Common Files

     

    [15/11/2008|08:20] C:\Program Files\Common Files\Adobe

    [25/09/2008|07:11] C:\Program Files\Common Files\Adobe AIR

    [19/09/2008|02:05] C:\Program Files\Common Files\DESIGNER

    [15/09/2008|04:40] C:\Program Files\Common Files\Download Manager

    [02/10/2008|06:53] C:\Program Files\Common Files\DVDVideoSoft

    [22/10/2008|08:17] C:\Program Files\Common Files\InstallShield

    [17/09/2008|12:26] C:\Program Files\Common Files\iS3

    [20/09/2008|02:52] C:\Program Files\Common Files\Microsoft Shared

    [13/09/2008|11:39] C:\Program Files\Common Files\MSSoap

    [14/09/2008|09:27] C:\Program Files\Common Files\ODBC

    [28/10/2008|03:44] C:\Program Files\Common Files\Real

    [13/09/2008|11:39] C:\Program Files\Common Files\Services

    [14/09/2008|09:27] C:\Program Files\Common Files\SpeechEngines

    [19/09/2008|01:45] C:\Program Files\Common Files\System

    [21/09/2008|01:02] C:\Program Files\Common Files\WindowsLiveInstaller

    [13/11/2008|06:34] C:\Program Files\Common Files\Wise Installation Wizard

    [28/10/2008|03:44] C:\Program Files\Common Files\xing shared

     

    --------------------\\ Process

     

    ( 47 Processes )

     

    iexplore.exe ~ [PID:2896]

     

    --------------------\\ Searching with S_Lop

     

    C:\DOCUME~1\Mahamed\APPLIC~1\LOADME~1

    C:\DOCUME~1\Mahamed\APPLIC~1\LOADME~1\Manager web stupid.exe

    C:\DOCUME~1\Mahamed\APPLIC~1\LOADME~1\MESS ENC WMA.exe

    C:\DOCUME~1\Mahamed\APPLIC~1\LOADME~1\qpilzyjm.exe

     

    --------------------\\ Searching for Lop Files - Folders

     

    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Okay meta anti lite

    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Okay meta anti lite\program junk.exe

    C:\DOCUME~1\Mahamed\APPLIC~1\loadme~1

    C:\DOCUME~1\Mahamed\APPLIC~1\loadme~1\Manager web stupid.exe

    C:\DOCUME~1\Mahamed\APPLIC~1\loadme~1\MESS ENC WMA.exe

    C:\DOCUME~1\Mahamed\APPLIC~1\loadme~1\qpilzyjm.exe

    C:\Program Files\loadme~1

    C:\Program Files\DomPlayer

    C:\DOCUME~1\Mahamed\Desktop\DomPlayer-2.1.0.0-setup.exe

    C:\WINDOWS\Tasks\ABAF221991D0D625.job

     

    --------------------\\ Searching within the Registry

     

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\exit body lite]

    "DisplayName"="CiD Help"

    "UninstallString"="C:\\DOCUME~1\\Mahamed\\APPLIC~1\\LOADME~1\\Manager web stupid.exe -uninstall"

     

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

     

    --------------------\\ Checking the Hosts file

     

    Hosts file CLEAN

     

     

    --------------------\\ Searching for hidden files with Catchme

     

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-11-15 09:03:00

    Windows 5.1.2600 Service Pack 3 NTFS

    detected NTDLL code modification:

    ZwOpenFile, ZwQuerySystemInformation

    scanning hidden processes ...

    C:\WINDOWS\System32\svchost.exe [3708]

    scanning hidden files ...

    C:\WINDOWS\System32\svchost.exe:ext.exe 37376 bytes executable

    C:\WINDOWS\System32\psyche.exe 216576 bytes executable

    scan completed successfully

    hidden processes: 1

    hidden files: 3

     

    --------------------\\ Searching for other infections

     

    C:\WINDOWS\system32\ggQpYJlm.ini

    C:\WINDOWS\system32\ggQpYJlm.ini2

    C:\WINDOWS\system32\mlJYpQgg.dll

    ==> VUNDO <==

     

    --------------------\\ ROOTKIT !!

     

    Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\legacy_tdssserv.sys]

    Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\legacy_tdssserv.sys]

    Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\legacy_tdssserv.sys]

     

    --------------------\\ Suspect ..

     

    C:\WINDOWS\system32\TDSSbrsr.dll

    C:\WINDOWS\system32\TDSSkkbi.log

    C:\WINDOWS\system32\TDSSlxwp.dll

    C:\WINDOWS\system32\TDSSoiqh.dll

    C:\WINDOWS\system32\TDSSosvd.dat

    C:\WINDOWS\system32\TDSSriqp.dll

    C:\WINDOWS\system32\TDSSxfum.dll

     

     

     

    [F:20][D:11]-> C:\DOCUME~1\Mahamed\LOCALS~1\Temp

    [F:1][D:0]-> C:\DOCUME~1\Mahamed\Cookies

    [F:6][D:4]-> C:\DOCUME~1\Mahamed\LOCALS~1\TEMPOR~1\content.IE5

     

    1 - "C:\Lop SD\LopR_1.txt" - Sat 15/11/2008| 9:10 - Option : [1]

     

    --------------------\\ Scan completed at 9:10:05

    0
  • Customer

    Hello

     

    Please download the OTMoveIt3 by OldTimer or from here.


    • Save it to your desktop.


    • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).



    • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
       
      :Processes
      explorer.exe

      :Services

      :Reg

      :Files
      C:\DOCUME~1\ALLUSE~1\APPLIC~1\gbgjghcz
      C:\DOCUME~1\ALLUSE~1\APPLIC~1\gvwrifqb
      C:\DOCUME~1\ALLUSE~1\APPLIC~1\Okay meta anti lite
      C:\DOCUME~1\Mahamed\APPLIC~1\loadmeetwin
      C:\WINDOWS\tasks\ABAF221991D0D625.job
      C:\Program Files\wzxtkhb
      C:\Program Files\loadme~1
      C:\Program Files\DomPlayer
      C:\DOCUME~1\Mahamed\Desktop\DomPlayer-2.1.0.0-setup.exe
      C:\WINDOWS\system32\ggQpYJlm.ini
      C:\WINDOWS\system32\ggQpYJlm.ini2
      C:\WINDOWS\system32\mlJYpQgg.dll


      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]



       


    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
       


    • Click the red Moveit! button.



    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.


    • Close OTMoveIt3



    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

     

     

     

     

    Download ComboFix from one of these locations:

     

    Link 1

    Link 2

    Link 3

     

     

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

     


    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
       
       


    • Double click on ComboFix.exe & follow the prompts.
       
       


    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
       
       


    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.



    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

     

     


     

     

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

     

     

     

    Click on Yes, to continue scanning for malware.

     

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    0
  • Customer

    Heres the OTMoveIt3 log. Going to scan with ComboFix now.

     

    EDIT: Unchecked Word Wrap in Notepad

     

    ========== PROCESSES ==========

    Process explorer.exe killed successfully.

    ========== SERVICES/DRIVERS ==========

    ========== REGISTRY ==========

    ========== FILES ==========

    C:\DOCUME~1\ALLUSE~1\APPLIC~1\gbgjghcz moved successfully.

    C:\DOCUME~1\ALLUSE~1\APPLIC~1\gvwrifqb moved successfully.

    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Okay meta anti lite moved successfully.

    C:\DOCUME~1\Mahamed\APPLIC~1\loadmeetwin moved successfully.

    C:\WINDOWS\tasks\ABAF221991D0D625.job moved successfully.

    C:\Program Files\wzxtkhb moved successfully.

    C:\Program Files\loadmeetwin moved successfully.

    C:\Program Files\DomPlayer moved successfully.

    C:\DOCUME~1\Mahamed\Desktop\DomPlayer-2.1.0.0-setup.exe moved successfully.

    C:\WINDOWS\system32\ggQpYJlm.ini moved successfully.

    C:\WINDOWS\system32\ggQpYJlm.ini2 moved successfully.

    DllUnregisterServer procedure not found in C:\WINDOWS\system32\mlJYpQgg.dll

    C:\WINDOWS\system32\mlJYpQgg.dll NOT unregistered.

    C:\WINDOWS\system32\mlJYpQgg.dll moved successfully.

    ========== COMMANDS ==========

    File delete failed. C:\DOCUME~1\Mahamed\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

    File delete failed. C:\DOCUME~1\Mahamed\LOCALS~1\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.

    File delete failed. C:\DOCUME~1\Mahamed\LOCALS~1\Temp\Cookies\index.dat scheduled to be deleted on reboot.

    File delete failed. C:\DOCUME~1\Mahamed\LOCALS~1\Temp\etilqs_7vHeGToftABC2bSD8v7p scheduled to be deleted on reboot.

    User's Temp folder emptied.

    User's Temporary Internet Files folder emptied.

    User's Internet Explorer cache folder emptied.

    Local Service Temp folder emptied.

    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

    Local Service Temporary Internet Files folder emptied.

    File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_56c.dat scheduled to be deleted on reboot.

    Windows Temp folder emptied.

    Java cache emptied.

    File delete failed. C:\Documents and Settings\Mahamed\Local Settings\Application Data\Mozilla\Firefox\Profiles\hv8n2fz6.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.

    File delete failed. C:\Documents and Settings\Mahamed\Local Settings\Application Data\Mozilla\Firefox\Profiles\hv8n2fz6.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.

    File delete failed. C:\Documents and Settings\Mahamed\Local Settings\Application Data\Mozilla\Firefox\Profiles\hv8n2fz6.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.

    File delete failed. C:\Documents and Settings\Mahamed\Local Settings\Application Data\Mozilla\Firefox\Profiles\hv8n2fz6.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.

    File delete failed. C:\Documents and Settings\Mahamed\Local Settings\Application Data\Mozilla\Firefox\Profiles\hv8n2fz6.default\urlclassifier3.sqlite scheduled to be deleted on reboot.

    File delete failed. C:\Documents and Settings\Mahamed\Local Settings\Application Data\Mozilla\Firefox\Profiles\hv8n2fz6.default\XUL.mfl scheduled to be deleted on reboot.

    FireFox cache emptied.

    Temp folders emptied.

    Explorer started successfully

     

    OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11152008_092930

     

    Files moved on Reboot...

    C:\DOCUME~1\Mahamed\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\index.dat moved successfully.

    C:\DOCUME~1\Mahamed\LOCALS~1\Temp\History\History.IE5\index.dat moved successfully.

    C:\DOCUME~1\Mahamed\LOCALS~1\Temp\Cookies\index.dat moved successfully.

    File C:\DOCUME~1\Mahamed\LOCALS~1\Temp\etilqs_7vHeGToftABC2bSD8v7p not found!

    File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.

    File C:\WINDOWS\temp\Perflib_Perfdata_56c.dat not found!

    C:\Documents and Settings\Mahamed\Local Settings\Application Data\Mozilla\Firefox\Profiles\hv8n2fz6.default\Cache\_CACHE_001_ moved successfully.

    C:\Documents and Settings\Mahamed\Local Settings\Application Data\Mozilla\Firefox\Profiles\hv8n2fz6.default\Cache\_CACHE_002_ moved successfully.

    C:\Documents and Settings\Mahamed\Local Settings\Application Data\Mozilla\Firefox\Profiles\hv8n2fz6.default\Cache\_CACHE_003_ moved successfully.

    C:\Documents and Settings\Mahamed\Local Settings\Application Data\Mozilla\Firefox\Profiles\hv8n2fz6.default\Cache\_CACHE_MAP_ moved successfully.

    C:\Documents and Settings\Mahamed\Local Settings\Application Data\Mozilla\Firefox\Profiles\hv8n2fz6.default\urlclassifier3.sqlite moved successfully.

    C:\Documents and Settings\Mahamed\Local Settings\Application Data\Mozilla\Firefox\Profiles\hv8n2fz6.default\XUL.mfl moved successfully.

    0
  • Customer

    Ok post the ComboFix log

    0
  • Customer

    Just to let you now Rorscharch112, all websites work now.

    0
  • Customer

    ComboFix 08-11-12.02 - Mahamed 2008-11-15 10:22:20.1 - NTFSx86

    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.183 [GMT 11:00]

    * Created a new restore point

    .

    ADS - svchost.exe: deleted 37376 bytes in 1 streams.

     

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

     

    c:\documents and settings\LocalService\Application Data\1076308579.exe

    c:\documents and settings\LocalService\Application Data\1132935139.exe

    c:\documents and settings\LocalService\Application Data\1136998617.exe

    c:\documents and settings\LocalService\Application Data\1185104979.exe

    c:\documents and settings\LocalService\Application Data\1194018419.exe

    c:\documents and settings\LocalService\Application Data\1203194019.exe

    c:\documents and settings\Mahamed\Local Settings\Temporary Internet Files\ekifacafan._dl

    c:\documents and settings\Mahamed\Local Settings\Temporary Internet Files\ivuteconog.scr

    c:\documents and settings\Mahamed\Local Settings\Temporary Internet Files\jajybaqaj.scr

    c:\documents and settings\Mahamed\Local Settings\Temporary Internet Files\ozigyxulon.dl

    c:\windows\ctfmon.exe

    c:\windows\rasqervy.dll

    c:\windows\sdfinacs.dll

    c:\windows\sdfixwcs.dll

    c:\windows\system\_sv_CMD_

    c:\windows\system32\__c00750F9.dat

    c:\windows\system32\__c00BC26A.dat

    c:\windows\system32\__c00C9F9A.dat

    c:\windows\system32\adult.txt

    c:\windows\system32\afuvixwh.ini

    c:\windows\system32\awtrSihH.dll

    c:\windows\system32\bpujih.dll

    c:\windows\system32\CbEvtSvc.exe

    c:\windows\system32\csm.txt

    c:\windows\system32\csrssw.dll

    c:\windows\system32\dcpqes.dll

    c:\windows\system32\djlgcflj.dll

    c:\windows\system32\drivers\ati6rvxx.sys

    c:\windows\system32\drivers\str.sys

    c:\windows\system32\finance.txt

    c:\windows\system32\hcfnujod.dll

    c:\windows\system32\hcfnujod32.dll

    c:\windows\system32\hwxivufa.dll

    c:\windows\system32\imktlmbf.dll

    c:\windows\system32\jipumonc.dll

    c:\windows\system32\jqcqrg.dll

    c:\windows\system32\karna.dat

    c:\windows\system32\lt.res

    c:\windows\system32\mqcbgn.dll

    c:\windows\system32\muluycpo.ini

    c:\windows\system32\oghafrhv.dll

    c:\windows\system32\other.txt

    c:\windows\system32\##nospam.txt

    c:\windows\system32\psyche.exe

    c:\windows\system32\reastl.dll

    c:\windows\system32\rs32net.exe

    c:\windows\system32\sft.res

    c:\windows\system32\TDSSbrsr.dll

    c:\windows\system32\TDSSkkbi.log

    c:\windows\system32\TDSSlxwp.dll

    c:\windows\system32\TDSSoiqh.dll

    c:\windows\system32\TDSSosvd.dat

    c:\windows\system32\TDSSriqp.dll

    c:\windows\system32\TDSSxfum.dll

    c:\windows\system32\tmguuwmc.dll

    c:\windows\system32\urhqkxef.dll

    c:\windows\system32\vtUmnlig.dll

    c:\windows\system32\vyannwby.dll

    c:\windows\system32\wini10331.exe

    c:\windows\system32\wini10451631.exe

    c:\windows\system32\wynblool.dll

    c:\windows\system32\yrvljeaf.ini

    c:\windows\wuasirvy.dll

     

    c:\windows\system32\lsass.exe . . . is infected!!

     

    c:\windows\system32\winlogon.exe . . . is infected!!

     

    c:\windows\system32\services.exe . . . is infected!!

     

    c:\windows\system32\svchost.exe . . . is infected!!

     

    c:\windows\system32\spoolsv.exe . . . is infected!!

     

    c:\windows\explorer.exe . . . is infected!!

     

    .

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .

     

    -------\Service_Psyche

    -------\Legacy_Psyche

    -------\Legacy_ATI6RVXX

    -------\Legacy_fci

    -------\Legacy_icf

    -------\Legacy_LPTRDCSRV

    -------\Legacy_synsend

    -------\Legacy_SYSREST.SYS

    -------\Legacy_tdssserv.sys

    -------\Service_ati6rvxx

    -------\Service_CbEvtSvc

    -------\Service_FCI

    -------\Service_ICF

    -------\Service_restore

    -------\Service_synsend

     

     

    ((((((((((((((((((((((((( Files Created from 2008-10-14 to 2008-11-14 )))))))))))))))))))))))))))))))

    .

     

    2008-12-22 15:59 . 2008-12-22 15:59 447,200 --a------ c:\windows\system32\OpenQuicktimeLib.dll

    2008-12-22 15:59 . 2008-12-22 15:59 332,512 --a------ c:\windows\system32\3ivxVfWCodec.dll

    2008-12-22 15:59 . 2008-12-22 15:59 25,312 --a------ c:\windows\system32\SamsungVfWCodec.dll

    2008-12-22 15:59 . 2008-12-22 15:59 25,312 --a------ c:\windows\system32\DivXVfWCodec.dll

    2008-12-22 15:58 . 2008-12-22 15:58 1,155,808 --a------ c:\windows\system32\3ivx.dll

    2008-12-22 15:52 . 2008-12-22 15:52 66,272 --a------ c:\windows\system32\libfaac.dll

    2008-11-15 09:29 . 2008-11-15 09:29 <DIR> d-------- C:\_OTMoveIt

    2008-11-15 08:35 . 2008-11-15 09:10 <DIR> d-------- C:\Lop SD

    2008-11-15 08:18 . 2008-11-15 08:18 33,792 --a------ c:\windows\system32\ckds16.dll

    2008-11-14 21:09 . 2008-11-14 21:09 44 --a------ c:\windows\system32\94.tmp

    2008-11-14 21:09 . 2008-11-14 21:09 18 --a------ c:\windows\system32\96.tmp

    2008-11-14 19:54 . 2008-11-14 19:54 <DIR> d-------- c:\program files\Trend Micro

    2008-11-14 19:11 . 2008-11-14 19:11 44 --a------ c:\windows\system32\54.tmp

    2008-11-14 19:11 . 2008-11-14 19:12 18 --a------ c:\windows\system32\56.tmp

    2008-11-14 17:34 . 2008-11-14 17:34 18 --a------ c:\windows\system32\35.tmp

    2008-11-14 17:33 . 2008-11-14 17:34 44 --a------ c:\windows\system32\33.tmp

    2008-11-14 12:01 . 2008-11-14 12:01 44 --a------ c:\windows\system32\1C.tmp

    2008-11-14 12:01 . 2008-11-14 12:01 18 --a------ c:\windows\system32\1E.tmp

    2008-11-14 11:13 . 2008-11-14 11:13 18 --a------ c:\windows\system32\11.tmp

    2008-11-14 11:12 . 2008-11-14 11:12 44 --a------ c:\windows\system32\A.tmp

    2008-11-14 02:02 . 2008-11-14 02:02 146,860 --a------ c:\windows\vmmreg32.exe

    2008-11-14 02:02 . 2008-11-14 02:02 146,860 --a------ c:\windows\system32\bio-22-10-2.exe

    2008-11-14 01:56 . 2008-11-14 02:01 51,864 --a------ c:\windows\system32\head-22-10-2.exe

    2008-11-14 01:50 . 2008-11-14 01:50 88 --a------ c:\windows\system32\C.tmp

    2008-11-14 01:50 . 2008-11-14 01:50 18 --a------ c:\windows\system32\10.tmp

    2008-11-13 23:53 . 2008-11-13 23:53 18 --a------ c:\windows\system32\69.tmp

    2008-11-13 23:52 . 2008-11-13 23:52 88 --a------ c:\windows\system32\66.tmp

    2008-11-13 15:21 . 2008-11-13 15:21 19,475 --a------ c:\windows\ejitabane.inf

    2008-11-13 15:21 . 2008-11-13 15:21 19,017 --a------ c:\windows\system32\geqizigeke.bat

    2008-11-13 15:21 . 2008-11-13 15:21 18,675 --a------ c:\documents and settings\Mahamed\Application Data\xixavezy.pif

    2008-11-13 15:21 . 2008-11-13 15:21 17,986 --a------ c:\documents and settings\All Users\Application Data\opifesut.com

    2008-11-13 15:21 . 2008-11-13 15:21 17,003 --a------ c:\program files\Common Files\ykijy.com

    2008-11-13 15:21 . 2008-11-13 15:21 16,071 --a------ c:\documents and settings\All Users\Application Data\ketuxo.exe

    2008-11-13 15:21 . 2008-11-13 15:21 10,949 --a------ c:\documents and settings\All Users\Application Data\uhebihomy.vbs

    2008-11-13 15:21 . 2008-11-13 15:21 10,793 --a------ c:\program files\Common Files\ytenyhi.dll

    2008-11-13 15:21 . 2008-11-13 15:21 10,367 --a------ c:\windows\lymu.exe

    2008-11-13 12:45 . 2008-11-13 12:45 19,256 --a------ c:\windows\qilajotim._dl

    2008-11-13 12:45 . 2008-11-13 12:45 18,481 --a------ c:\documents and settings\Mahamed\Application Data\amubeqidun.dll

    2008-11-13 12:45 . 2008-11-13 12:45 17,831 --a------ c:\windows\unisoja.dll

    2008-11-13 12:45 . 2008-11-13 12:45 17,432 --a------ c:\windows\system32\fefix.com

    2008-11-13 12:45 . 2008-11-13 12:45 15,120 --a------ c:\documents and settings\All Users\Application Data\yhesiko.scr

    2008-11-13 12:45 . 2008-11-13 12:45 14,393 --a------ c:\program files\Common Files\omugurysox.reg

    2008-11-13 12:45 . 2008-11-13 12:45 13,978 --a------ c:\windows\mujot.ban

    2008-11-13 12:45 . 2008-11-13 12:45 13,912 --a------ c:\windows\system32\ihywofemyh.com

    2008-11-13 12:45 . 2008-11-13 12:45 13,726 --a------ c:\program files\Common Files\jipovaguro.exe

    2008-11-13 12:45 . 2008-11-13 12:45 11,037 --a------ c:\windows\emyx.exe

    2008-11-13 12:45 . 2008-11-13 12:45 10,964 --a------ c:\windows\system32\ronuces.sys

    2008-11-13 12:45 . 2008-11-13 12:45 10,954 --a------ c:\program files\Common Files\ybavizevim.bin

    2008-11-13 12:45 . 2008-11-13 12:45 10,372 --a------ c:\windows\ecyz.reg

    2008-11-13 12:45 . 2008-11-13 12:45 10,066 --a------ c:\windows\ysez.vbs

    2008-11-13 11:04 . 2008-11-15 08:41 16,451 --a------ c:\windows\gmail.com-error.html

    2008-11-13 11:04 . 2008-11-15 08:42 6,182 --a------ c:\windows\live.com-error.html

    2008-11-13 11:04 . 2008-11-15 08:41 5,596 --a------ c:\windows\aol.com-error.html

    2008-11-13 11:04 . 2008-11-15 08:41 3,696 --a------ c:\windows\google.com-error.html

    2008-11-13 11:04 . 2008-11-15 08:42 1,997 --a------ c:\windows\search.yahoo.com-error.html

    2008-11-13 10:56 . 2008-11-13 10:56 48 --a------ c:\windows\system32\B.tmp

    2008-11-13 10:56 . 2008-11-13 10:56 18 --a------ c:\windows\system32\D.tmp

    2008-11-12 19:13 . 2008-11-12 19:13 <DIR> d-------- c:\documents and settings\Administrator\DoctorWeb

    2008-11-12 18:49 . 2008-11-12 18:49 <DIR> d-------- c:\documents and settings\Mahamed\DoctorWeb

    2008-11-12 18:44 . 2008-11-12 18:44 230 --a------ c:\windows\system32\spupdsvc.inf

    2008-11-12 17:35 . 2008-11-15 09:39 5,760 --a------ c:\windows\system32\drivers\restore.sys

    2008-11-12 17:21 . 2008-11-12 18:31 65,024 --a------ c:\windows\system32\sac32.dll

    2008-11-12 17:17 . 2008-11-12 17:17 10,000 --a------ c:\windows\system32\jsne87fidgf.dll

    2008-11-12 17:07 . 2008-11-12 18:28 <DIR> d-------- c:\program files\Enigma Software Group

    2008-11-12 17:00 . 2008-11-12 17:00 48 --a------ c:\windows\system32\3.tmp

    2008-11-12 17:00 . 2008-11-12 17:00 18 --a------ c:\windows\system32\7.tmp

    2008-11-12 16:51 . 2008-11-12 16:51 48 --a------ c:\windows\system32\1F3.tmp

    2008-11-12 16:51 . 2008-11-12 16:52 18 --a------ c:\windows\system32\1F5.tmp

    2008-11-12 16:17 . 2008-11-12 16:28 15,083,520 --a------ c:\program files\spybotsd160.exe

    2008-11-12 16:00 . 2008-11-12 16:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET

    2008-11-12 15:57 . 2008-11-12 15:57 2,015 -rah----- c:\windows\system32\drivers\hosts

    2008-11-12 15:54 . 2008-11-13 17:25 <DIR> d-------- c:\program files\RogueRemover FREE

    2008-11-12 15:53 . 2008-09-05 04:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll

    2008-11-12 15:53 . 2008-10-24 22:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

    2008-11-12 14:12 . 2008-11-12 14:12 48 --a------ c:\windows\system32\6.tmp

    2008-11-12 14:12 . 2008-11-12 14:12 18 --a------ c:\windows\system32\8.tmp

    2008-11-12 13:16 . 2008-11-12 13:16 19,960 --a------ c:\windows\azeheh.exe

    2008-11-12 13:16 . 2008-11-12 13:16 19,571 --a------ c:\program files\Common Files\isesad.exe

    2008-11-12 13:16 . 2008-11-12 13:16 16,049 --a------ c:\windows\system32\imudas.pif

    2008-11-12 13:16 . 2008-11-12 13:16 15,567 --a------ c:\windows\uwezy.dl

    2008-11-12 13:16 . 2008-11-12 13:16 15,106 --a------ c:\windows\yqometon.com

    2008-11-12 13:16 . 2008-11-12 13:16 15,082 --a------ c:\windows\ixalogynic.reg

    2008-11-12 13:16 . 2008-11-12 13:16 14,895 --a------ c:\windows\system32\wupiluto.pif

    2008-11-12 13:16 . 2008-11-12 13:16 14,356 --a------ c:\windows\zoguhah.vbs

    2008-11-12 13:16 . 2008-11-12 13:16 14,043 --a------ c:\documents and settings\All Users\Application Data\gogafo.exe

    2008-11-12 13:16 . 2008-11-12 13:16 13,509 --a------ c:\documents and settings\Mahamed\Application Data\ajeton.sys

    2008-11-12 13:16 . 2008-11-12 13:16 13,111 --a------ c:\windows\heto._sy

    2008-11-12 13:16 . 2008-11-12 13:16 11,660 --a------ c:\windows\vukiv.dl

    2008-11-12 13:16 . 2008-11-12 13:16 11,198 --a------ c:\windows\mepeke.sys

    2008-11-12 13:16 . 2008-11-12 13:16 10,565 --a------ c:\windows\system32\ebidipar.dll

    2008-11-12 10:57 . 2008-11-12 10:57 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\Apple Computer

    2008-11-12 10:56 . 2008-11-12 10:56 48 --a------ c:\windows\system32\2.tmp

    2008-11-12 10:56 . 2008-11-12 10:56 18 --a------ c:\windows\system32\5.tmp

    2008-11-11 20:14 . 2008-11-13 18:35 <DIR> d-------- c:\program files\Lavasoft

    2008-11-11 19:37 . 2008-11-11 19:59 25,129,080 --a------ c:\program files\antivir_workstation_winu_en_h(2).exe

    2008-11-11 17:01 . 2008-11-11 17:17 23,804,784 --a------ c:\program files\aaw2008.exe

    2008-11-10 17:56 . 2008-11-10 17:56 <DIR> d-------- c:\program files\Alwil Software

    2008-11-09 10:56 . 2008-11-09 10:56 <DIR> d-------- c:\program files\3ivx

    2008-11-09 10:04 . 2008-11-09 10:49 <DIR> d-------- c:\windows\system32\quicktime

    2008-11-09 09:49 . 2008-11-13 18:20 <DIR> d-------- c:\program files\QuickTime

    2008-11-09 09:39 . 2008-11-09 09:40 <DIR> d-------- c:\program files\Service Packs

    2008-11-08 11:02 . 2008-11-14 02:15 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\LimeWire

    2008-11-08 11:01 . 2008-11-13 13:26 <DIR> d-------- c:\program files\LimeWire

    2008-11-07 23:18 . 2008-11-07 23:18 <DIR> d-------- c:\windows\Sun

    2008-11-07 19:16 . 2008-11-10 18:45 <DIR> d-------- c:\program files\DNA

    2008-11-07 19:16 . 2008-11-10 23:07 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\DNA

    2008-11-07 17:54 . 2008-11-07 20:25 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\DivX

    2008-11-07 17:15 . 2008-11-07 17:17 <DIR> d-------- c:\program files\DivX

    2008-11-06 22:31 . 2008-11-06 22:31 <DIR> d-------- c:\program files\Sun

    2008-11-06 22:28 . 2008-11-06 22:27 410,976 --a------ c:\windows\system32\deploytk.dll

    2008-11-06 22:28 . 2008-11-06 22:27 73,728 --a------ c:\windows\system32\javacpl.cpl

    2008-11-06 22:27 . 2008-11-06 22:27 <DIR> d-------- c:\program files\Java

    2008-11-04 18:23 . 2008-11-04 18:25 <DIR> d-------- c:\windows\system32\NtmsData

    2008-11-04 10:08 . 2008-11-04 10:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

    2008-11-04 10:07 . 2008-11-13 17:23 <DIR> d-------- c:\program files\SUPERAntiSpyware

    2008-11-04 10:07 . 2008-11-04 10:07 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\SUPERAntiSpyware.com

    2008-11-04 10:04 . 2008-11-13 18:34 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard

    2008-11-03 20:04 . 2008-11-03 20:04 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\Windows Search

    2008-11-03 18:53 . 2008-11-12 10:42 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\Comodo

    2008-11-03 15:00 . 2008-11-12 10:42 <DIR> d-------- c:\program files\COMODO

    2008-11-03 09:17 . 2008-11-03 09:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\MSN6

    2008-11-03 09:12 . 2008-11-12 19:13 <DIR> d-------- c:\documents and settings\Administrator

    2008-11-03 08:09 . 2008-11-03 09:15 <DIR> d-------- c:\program files\Smart Virus Remover

    2008-11-03 01:16 . 2008-11-03 01:16 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\MSN6

    2008-10-29 09:36 . 2008-10-29 09:36 823,296 --a------ c:\windows\system32\divx_xx0c.dll

     

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2008-11-14 22:40 17,408 ----a-w c:\windows\system32\svchost.exe

    2008-11-14 21:20 --------- d-----w c:\program files\Common Files\Adobe

    2008-11-12 05:43 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

    2008-11-12 05:24 --------- d-----w c:\program files\Malwarebytes' Anti-Malware

    2008-11-12 05:24 --------- d-----w c:\program files\Free FLV Converter

    2008-11-12 02:16 19,762 ----a-w c:\program files\Common Files\ynojysu.ban

    2008-11-07 08:06 263 ----a-w c:\program files\gapa.ini

    2008-11-03 05:58 --------- d-----w c:\documents and settings\All Users\Application Data\STOPzilla!

    2008-10-27 16:43 499,712 ----a-w c:\windows\system32\msvcp71.dll

    2008-10-27 16:43 348,160 ----a-w c:\windows\system32\msvcr71.dll

    2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys

    2008-10-21 06:31 --------- d-----w c:\documents and settings\Mahamed\Application Data\uTorrent

    2008-10-03 01:13 --------- d-----w c:\documents and settings\Mahamed\Application Data\Media Player Classic

    2008-10-03 00:49 --------- d-----w c:\program files\Combined Community Codec Pack

    2008-10-02 07:53 --------- d-----w c:\program files\Common Files\DVDVideoSoft

    2008-10-02 07:53 --------- d-----w c:\program files\AskBarDis

    2008-09-30 05:28 --------- d-----w c:\program files\Xvid

    2008-09-25 09:10 --------- d-----w c:\program files\NOS

    2008-09-25 09:10 --------- d-----w c:\documents and settings\All Users\Application Data\NOS

    2008-09-25 08:13 --------- d-----w c:\documents and settings\Mahamed\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

    2008-09-25 08:11 --------- d-----w c:\program files\Common Files\Adobe AIR

    2008-09-25 08:03 81,920 ----a-w c:\windows\system32\dpl100.dll

    2008-09-25 08:03 593,920 ----a-w c:\windows\system32\dpuGUI11.dll

    2008-09-25 08:03 57,344 ----a-w c:\windows\system32\dpv11.dll

    2008-09-25 08:03 536,576 ----a-w c:\windows\system32\DivXsm.exe

    2008-09-25 08:03 53,248 ----a-w c:\windows\system32\dpuGUI10.dll

    2008-09-25 08:03 344,064 ----a-w c:\windows\system32\dpus11.dll

    2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu11.dll

    2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu10.dll

    2008-09-25 08:03 196,608 ----a-w c:\windows\system32\dtu100.dll

    2008-09-25 08:03 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe

    2008-09-23 02:51 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!

    2008-09-22 11:00 --------- d-----w c:\program files\Messenger Plus! Live

    2008-09-21 02:04 --------- d-----w c:\program files\Windows Live

    2008-09-21 02:02 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller

    2008-09-21 01:55 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller

    2008-09-19 21:57 9,464 ----a-w c:\windows\system32\drivers\cdralw2k.sys

    2008-09-19 21:57 9,336 ----a-w c:\windows\system32\drivers\cdr4_xp.sys

    2008-09-19 21:57 43,528 ----a-w c:\windows\system32\drivers\PxHelp20.sys

    2008-09-19 21:57 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll

    2008-09-19 21:57 129,784 ----a-w c:\windows\system32\pxafs.dll

    2008-09-19 21:57 120,056 ----a-w c:\windows\system32\pxcpyi64.exe

    2008-09-19 21:57 118,520 ----a-w c:\windows\system32\pxinsi64.exe

    2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll

    2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll

    2008-09-19 21:54 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll

    2008-09-19 03:15 --------- d-----w c:\program files\Microsoft Works

    2008-09-19 03:14 --------- d-----w c:\program files\MSBuild

    2008-09-19 03:01 --------- d-----w c:\program files\Microsoft.NET

    2008-09-16 13:27 --------- d-----w c:\documents and settings\All Users\Application Data\SITEguard

    2008-09-16 13:26 --------- d-----w c:\program files\Common Files\iS3

    2008-09-15 13:46 --------- d-----w c:\program files\AVG

    2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys

    2008-09-15 06:44 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft

    2008-09-15 06:03 --------- d-----w c:\documents and settings\Mahamed\Application Data\Malwarebytes

    2008-09-15 06:03 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes

    2008-09-15 05:52 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

    2008-09-15 05:40 --------- d-----w c:\program files\Common Files\Download Manager

    2008-09-12 18:30 278,528 ----a-w c:\windows\system32\TubeFinder.exe

    2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll

    2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll

    2008-08-20 05:30 666,112 ----a-w c:\windows\system32\wininet.dll

    2008-08-14 10:11 2,189,184 ----a-w c:\windows\system32\ntoskrnl.exe

    2008-08-14 09:33 2,066,048 ----a-w c:\windows\system32\ntkrnlpa.exe

    .

     

    ------- Sigcheck -------

     

    2004-08-04 01:56 14336 5de5b5c556f04f26dd6068267644a8ca c:\windows\$NtServicePackUninstall$\svchost.exe

    2008-04-14 06:42 23040 06fcb16ca84dcc11302fd1854b6b246c c:\windows\ServicePackFiles\i386\svchost.exe

    2004-08-04 18:56 23040 385a7e4e53c27ae4047816c5ec582f5e c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\svchost.exe

    2008-11-15 09:40 17408 757bfb408b7ea07648188f30d027cb6e c:\windows\system32\svchost.exe

     

    2004-08-04 01:56 502272 19f92aaf6870b66d25b351e230abc6ea c:\windows\$NtServicePackUninstall$\winlogon.exe

    2008-04-14 06:42 516608 808f4f0941af51bd295eded8071a286b c:\windows\ServicePackFiles\i386\winlogon.exe

    2004-08-04 18:56 510976 8c45beb4d178e0b993ca55ab14ce53fd c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\winlogon.exe

    2008-04-14 06:42 512000 d4b1151878c946abd7013197a2a58a86 c:\windows\system32\winlogon.exe

     

    2008-04-14 06:42 1048576 32b05ffd8ee421e8d135922f94a09779 c:\windows\explorer.exe

    2004-08-04 01:56 1032192 56195559d22a24d39c0d04b954fb1901 c:\windows\$NtServicePackUninstall$\explorer.exe

    2008-04-14 06:42 1042432 8aab8f71347002bc2ac64ae0beb5e905 c:\windows\ServicePackFiles\i386\explorer.exe

    2004-08-04 18:56 1040896 0c8ec25cd14642a3cd74d794176645b5 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\explorer.exe

     

    2004-08-04 01:56 108032 1800469178c252c5977f711b468c00a1 c:\windows\$NtServicePackUninstall$\services.exe

    2008-04-14 06:42 117248 ef1758444f1504c33b79c26a5926d69b c:\windows\ServicePackFiles\i386\services.exe

    2004-08-04 18:56 116736 b83fefe879296a209915092ee67437fa c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\services.exe

    2008-04-14 06:42 111104 8f0b1f3a69379f2fb94a7ea9927d7ae6 c:\windows\system32\services.exe

     

    2004-08-04 01:56 13312 5877be9b08f740e5bd64e7c86608a93f c:\windows\$NtServicePackUninstall$\lsass.exe

    2008-04-14 06:42 22016 0df2519a636ddbf74e43c73f6db43943 c:\windows\ServicePackFiles\i386\lsass.exe

    2004-08-04 18:56 22016 0b6bba57a1bb9998e542d911e27b5bd6 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\lsass.exe

    2008-04-14 06:42 14848 75a4df4fcd68e97e5ad34543f18bbc86 c:\windows\system32\lsass.exe

     

    2004-08-04 01:56 15360 fe408f07f63eece65f4e3f8ce09030d5 c:\windows\$NtServicePackUninstall$\ctfmon.exe

    2008-04-14 06:42 24064 7799f2ecb1713979335e8abc1ec42bcf c:\windows\ServicePackFiles\i386\ctfmon.exe

    2004-08-04 18:56 24064 e0e0a63fa6e13fcee9d77d729a14e7b1 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ctfmon.exe

    2008-04-14 06:42 15360 b61439f0bc14b836101d6387197715e8 c:\windows\system32\CTFMON.EXE

     

    2005-06-11 11:17 57856 8cfa993f4fdf5568aff15d99765c21d6 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe

    2005-06-11 10:53 57856 07763dfe5ea3c14946d4052c56ba377d c:\windows\$NtServicePackUninstall$\spoolsv.exe

    2004-08-04 01:56 57856 cb39079b8adca54c691db044351b94bf c:\windows\$NtUninstallKB896423$\spoolsv.exe

    2008-04-14 06:42 66560 5a45de4b505cbbc52e4b09706357c050 c:\windows\ServicePackFiles\i386\spoolsv.exe

    2004-08-04 18:56 66560 234df4f1361db1af65a3fe7ef06925fe c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\spoolsv.exe

    2008-04-14 06:42 58368 9611bbfa386db3a3d6f32aa8dc92ef42 c:\windows\system32\spoolsv.exe

     

    2004-08-04 01:56 24576 27f29f65bf97a1dd81d50229b5023745 c:\windows\$NtServicePackUninstall$\userinit.exe

    2008-04-14 06:42 34816 f7746144dda31959e03610f052c33d92 c:\windows\ServicePackFiles\i386\userinit.exe

    2004-08-04 18:56 33280 215be2b305baa8e049760ba95cb8b6ba c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\userinit.exe

    2008-04-14 06:42 26112 31c92b93500c4ee80248b3d67acf4480 c:\windows\system32\userinit.exe

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

    "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

     

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

    "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

     

    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

     

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-06 136600]

    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-28 185872]

    "Movie Maker"="c:\windows\vmmreg32.exe" [2008-11-14 146860]

    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

     

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

     

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

    "NoDispScrSavPage"= 0 (0x0)

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

    "NoClose"= 0 (0x0)

     

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

    "ForceClassicControlPanel"= 1 (0x1)

    "NoFolderOptions"= 0 (0x0)

     

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon]

    2008-07-23 16:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

    "vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

    "vidc.3IV2"= 3ivxVfWCodec.dll

    "vidc.SEDG"= SamsungVfWCodec.dll

    "vidc.DX50"= DivXVfWCodec.dll

     

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WG111v2 Smart Wizard Wireless Setting.lnk]

    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WG111v2 Smart Wizard Wireless Setting.lnk

    backup=c:\windows\pss\WG111v2 Smart Wizard Wireless Setting.lnkCommon Startup

     

    [HKLM\~\startupfolder\c:^documents and settings^all users^start menu^programs^startup^windows search.lnk]

    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

    backup=c:\windows\pss\Windows Search.lnkCommon Startup

     

    [HKLM\~\startupfolder\c:^documents and settings^mahamed^start menu^programs^startup^limewire on startup.lnk]

    path=c:\documents and settings\Mahamed\Start Menu\Programs\Startup\LimeWire On Startup.lnk

    backup=c:\windows\pss\LimeWire On Startup.lnkStartup

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

    --a------ 2008-11-07 19:16 342336 c:\program files\DNA\btdna.exe

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

    --a------ 2008-04-14 06:42 1695232 c:\program files\Messenger\msmsgs.exe

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

    --a------ 2008-10-28 03:43 185872 c:\program files\Common Files\Real\Update_OB\realsched.exe

     

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]

    "AntiVirusDisableNotify"=dword:00000001

    "FirewallDisableNotify"=dword:00000001

    "UpdatesDisableNotify"=dword:00000001

     

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

    "EnableFirewall"= 0 (0x0)

     

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    "c:\\Program Files\\Messenger\\msmsgs.exe"=

    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    "c:\\Program Files\\DNA\\btdna.exe"=

    "c:\\Program Files\\LimeWire\\LimeWire.exe"=

    "c:\\Program Files\\Malwarebytes' Anti-Malware\\MBAM.EXE"=

    "c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=

     

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

    "6112:TCP"= 6112:TCP:WarcraftIII

    "6112:UDP"= 6112:UDP:WarcraftIII

     

    R3 genmcmnusb;USB Scroll Mouse Driver;c:\windows\system32\DRIVERS\gflmouhid.sys [2004-04-19 6656]

    S1 dc25c492;dc25c492;c:\windows\system32\drivers\dc25c492.sys [ ]

    S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]

     

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d7957d4-8b60-11dd-88d0-87b7f15e7697}]

    \Shell\Auto\command - Start.exe

    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

     

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d1788cc-8c40-11dd-88d2-ebac918a8ae3}]

    \Shell\AutoRun\command - F:\setupSNK.exe

     

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A744F16C-B2D5-4138-81A2-085CDFCDE83A}]

    rundll32 ckds16.dll,InitModule

    .

    - - - - ORPHANS REMOVED - - - -

     

    BHO-{59644c8e-b2ac-4232-9a5d-97421d36219f} - c:\windows\system32\reastl.dll

    BHO-{ABA72497-84DB-4C31-A266-9DC04C9AF958} - c:\windows\system32\mlJYpQgg.dll

    HKLM-Run-rs32net - c:\windows\System32\rs32net.exe

    HKLM-Run-c05a7ddd - c:\windows\system32\hwxivufa.dll

    HKU-Default-Run-brastk - c:\windows\system32\brastk.exe

    MSConfigStartUp-ANTI LITE TITLE DEBUG - c:\documents and settings\All Users\Application Data\Okay meta anti lite\program junk.exe

    MSConfigStartUp-antivirus pro 2009 - c:\program files\AntivirusPro2009\AntivirusPro2009.exe

    MSConfigStartUp-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe

    MSConfigStartUp-brastk - c:\windows\system32\brastk.exe

    MSConfigStartUp-DriverUpdaterPro - c:\program files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe

    MSConfigStartUp-jnskdfmf9eldfd - c:\docume~1\Mahamed\LOCALS~1\Temp\csrssc.exe

    MSConfigStartUp-rs32net - c:\windows\System32\rs32net.exe

    MSConfigStartUp-site multi - c:\docume~1\Mahamed\APPLIC~1\LOADME~1\Manager web stupid.exe

    MSConfigStartUp-spyhunter security suite - c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe

    MSConfigStartUp-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe

    MSConfigStartUp-xsjfn83jkemfofght - c:\docume~1\Mahamed\LOCALS~1\Temp\winlogin.exe

     

     

    .

    ------- Supplementary Scan -------

    .

    FireFox -: Profile - c:\documents and settings\Mahamed\Application Data\Mozilla\Firefox\Profiles\hv8n2fz6.default\

    FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll

    FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll

    FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll

    FF -: plugin - c:\program files\Mozilla Firefox\plugins\np_gp.dll

    FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll

    .

     

    **************************************************************************

     

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-11-15 10:34:02

    Windows 5.1.2600 Service Pack 3 NTFS

     

    detected NTDLL code modification:

    ZwOpenFile

     

    scanning hidden processes ...

     

    scanning hidden autostart entries ...

     

    scanning hidden files ...

     

    scan completed successfully

    hidden files: 0

     

    **************************************************************************

    .

    ------------------------ Other Running Processes ------------------------

    .

    c:\program files\Lavasoft\Ad-Aware\aawservice.exe

    c:\program files\Java\jre6\bin\jqs.exe

    c:\windows\system32\TASKMGR.EXE

    .

    **************************************************************************

    .

    Completion time: 2008-11-15 10:41:26 - machine was rebooted

    ComboFix-quarantined-files.txt 2008-11-14 23:41:16

     

    Pre-Run: 59,401,392,128 bytes free

    Post-Run: 59,297,554,432 bytes free

     

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

    [boot loader]

    timeout=2

    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

    [operating systems]

    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

     

    470 --- E O F --- 2008-11-12 05:44:00

    0
  • Customer

    Bit more malware there unfortunately

     

    Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.

     

     

    Download SDFix and save it to your Desktop.

     

    Double click SDFix.exe and it will extract the files to %systemdrive%

    (Drive that contains the Windows Directory, typically C:\SDFix)

     

    Please then reboot your computer in Safe Mode by doing the following :


    • Restart your computer


    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;


    • Instead of Windows loading as normal, the Advanced Options Menu should appear;


    • Select the first option, to run Windows in Safe Mode, then press Enter.


    • Choose your usual account.




    • Open the extracted SDFix folder and double click RunThis.bat to start the script.


    • Type Y to begin the cleanup process.


    • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.


    • Press any Key and it will restart the PC.


    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.


    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
      (Report.txt will also be copied to Clipboard ready for posting back on the forum).


    • Finally paste the contents of the Report.txt back on the forum.



     

     

     

    Open notepad and copy/paste the text in the quotebox below into it:

    http://www.lavasoftsupport.com/index.php?showtopic=21732&st=0entry88884

    Collect::
    c:\windows\system32\ckds16.dll
    c:\windows\system32\94.tmp
    c:\windows\system32\96.tmp
    c:\windows\system32\54.tmp
    c:\windows\system32\56.tmp
    c:\windows\system32\35.tmp
    c:\windows\system32\33.tmp
    c:\windows\system32\1C.tmp
    c:\windows\system32\1E.tmp
    c:\windows\system32\11.tmp
    c:\windows\system32\A.tmp
    c:\windows\vmmreg32.exe
    c:\windows\system32\bio-22-10-2.exe
    c:\windows\system32\head-22-10-2.exe
    c:\windows\system32\C.tmp
    c:\windows\system32\10.tmp
    c:\windows\system32\69.tmp
    c:\windows\system32\66.tmp
    c:\windows\ejitabane.inf
    c:\windows\system32\geqizigeke.bat
    c:\documents and settings\Mahamed\Application Data\xixavezy.pif
    c:\documents and settings\All Users\Application Data\opifesut.com
    c:\program files\Common Files\ykijy.com
    c:\documents and settings\All Users\Application Data\ketuxo.exe
    c:\documents and settings\All Users\Application Data\uhebihomy.vbs
    c:\program files\Common Files\ytenyhi.dll
    c:\windows\lymu.exe
    c:\windows\qilajotim._dl
    c:\documents and settings\Mahamed\Application Data\amubeqidun.dll
    c:\windows\unisoja.dll
    c:\windows\system32\fefix.com
    c:\documents and settings\All Users\Application Data\yhesiko.scr
    c:\program files\Common Files\omugurysox.reg
    c:\windows\mujot.ban
    c:\windows\system32\ihywofemyh.com
    c:\program files\Common Files\jipovaguro.exe
    c:\windows\emyx.exe
    c:\windows\system32\ronuces.sys
    c:\program files\Common Files\ybavizevim.bin
    c:\windows\ecyz.reg
    c:\windows\ysez.vbs
    c:\windows\gmail.com-error.html
    c:\windows\live.com-error.html
    c:\windows\aol.com-error.html
    c:\windows\google.com-error.html
    c:\windows\search.yahoo.com-error.html
    c:\windows\system32\B.tmp
    c:\windows\system32\D.tmp
    c:\windows\system32\drivers\restore.sys
    c:\windows\system32\sac32.dll
    c:\windows\system32\jsne87fidgf.dll
    c:\windows\system32\3.tmp
    c:\windows\system32\7.tmp
    c:\windows\system32\1F3.tmp
    c:\windows\system32\1F5.tmp
    c:\windows\system32\6.tmp
    c:\windows\system32\8.tmp
    c:\windows\azeheh.exe
    c:\program files\Common Files\isesad.exe
    c:\windows\system32\imudas.pif
    c:\windows\uwezy.dl
    c:\windows\yqometon.com
    c:\windows\ixalogynic.reg
    c:\windows\system32\wupiluto.pif
    c:\windows\zoguhah.vbs
    c:\documents and settings\All Users\Application Data\gogafo.exe
    c:\documents and settings\Mahamed\Application Data\ajeton.sys
    c:\windows\heto._sy
    c:\windows\vukiv.dl
    c:\windows\mepeke.sys
    c:\windows\system32\ebidipar.dll
    c:\windows\system32\2.tmp
    c:\windows\system32\5.tmp


    Driver::
    dc25c492

    Registry::
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d7957d4-8b60-11dd-88d0-87b7f15e7697}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d1788cc-8c40-11dd-88d2-ebac918a8ae3}]

    FCopy::
    C:\WINDOWS\system32\dllcache\lsass.exe | c:\windows\system32\lsass.exe
    C:\WINDOWS\system32\dllcache\winlogon.exe | c:\windows\system32\winlogon.exe
    C:\WINDOWS\system32\dllcache\services.exe | c:\windows\system32\services.exe
    C:\WINDOWS\system32\dllcache\svchost.exe | c:\windows\system32\svchost.exe
    C:\WINDOWS\system32\dllcache\spoolsv.exe | c:\windows\system32\spoolsv.exe
    C:\WINDOWS\system32\dllcache\explorer.exe | c:\windows\explorer.exe

    Suspect::


    Save this as CFScript.txt

     

     

     

    Refering to the picture above, drag CFScript.txt into ComboFix.exe

     

    When finished, it shall produce a log for you. Post that log in your next reply.

     

    **Note**

     

    When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.


    • Ensure you are connected to the internet and click OK on the message box.


    • A browser will open.


    • Simply follow the instructions to copy/paste/send the requested file.



    0
  • Customer

    SDFix: Version 1.240

    Run by Mahamed on Sat 15/11/2008 at 11:47

     

    Microsoft Windows XP [Version 5.1.2600]

    Running From: C:\SDFix

     

    Checking Services :

     

     

    Restoring Default Security Values

    Restoring Default Hosts File

     

    Rebooting

     

     

    Checking Files :

     

    Trojan Files Found:

     

    C:\Documents and Settings\Mahamed\Start Menu\Programs\AntivirusPro2009\AntivirusPro2009.lnk - Deleted

    C:\Documents and Settings\Mahamed\Start Menu\Programs\AntivirusPro2009\Uninstall.lnk - Deleted

    C:\WINDOWS\heto._sy - Deleted

    C:\WINDOWS\aol.com-error.html - Deleted

    C:\WINDOWS\gmail.com-error.html - Deleted

    C:\WINDOWS\google.com-error.html - Deleted

    C:\WINDOWS\live.com-error.html - Deleted

    C:\WINDOWS\search.yahoo.com-error.html - Deleted

    C:\WINDOWS\system32\2.tmp - Deleted

    C:\WINDOWS\system32\3.tmp - Deleted

    C:\WINDOWS\system32\5.tmp - Deleted

    C:\WINDOWS\system32\6.tmp - Deleted

    C:\WINDOWS\system32\7.tmp - Deleted

    C:\WINDOWS\system32\8.tmp - Deleted

    C:\WINDOWS\system32\A.tmp - Deleted

    C:\WINDOWS\system32\B.tmp - Deleted

    C:\WINDOWS\system32\C.tmp - Deleted

    C:\WINDOWS\system32\D.tmp - Deleted

    C:\WINDOWS\system32\2.tmp - Deleted

    C:\WINDOWS\system32\10.tmp - Deleted

    C:\WINDOWS\system32\11.tmp - Deleted

    C:\WINDOWS\system32\1C.tmp - Deleted

    C:\WINDOWS\system32\1E.tmp - Deleted

    C:\WINDOWS\system32\1F3.tmp - Deleted

    C:\WINDOWS\system32\1F5.tmp - Deleted

    C:\WINDOWS\system32\drivers\hosts - Deleted

    C:\WINDOWS\system32\sac32.dll - Deleted

    C:\WINDOWS\system32\drivers\restore.sys - Deleted

     

     

     

     

     

    Removing Temp Files

     

    ADS Check :

     

     

     

    Final Check :

     

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-11-15 11:56:09

    Windows 5.1.2600 Service Pack 3 NTFS

     

    detected NTDLL code modification:

    ZwOpenFile

     

    scanning hidden processes ...

     

    scanning hidden services & system hive ...

     

    scanning hidden registry entries ...

     

    scanning hidden files ...

     

    scan completed successfully

    hidden processes: 0

    hidden services: 0

    hidden files: 0

     

     

    Remaining Services :

     

     

     

     

    Authorized Application Key Export:

     

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

    "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"

    "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    "C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"

    "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

    "C:\\Program Files\\Malwarebytes' Anti-Malware\\MBAM.EXE"="C:\\Program Files\\Malwarebytes' Anti-Malware\\MBAM.EXE:*:Enabled:Malwarebytes' Anti-Malware"

    "C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe:*:Enabled:SUPERAntiSpyware Free Edition"

    "\\??\\C:\\WINDOWS\\system32\\winlogon.exe"="\\??\\C:\\WINDOWS\\system32\\winlogon.exe:*:enabled:@shell32.dll,-1"

     

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

     

    Remaining Files :

     

     

    File Backups: - C:\SDFix\backups\backups.zip

     

    Files with Hidden Attributes :

     

    Sat 18 Oct 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

    Sat 15 Nov 2008 15,452,536 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d7694bef8bd7032a201cda9934644640\BIT4.tmp"

     

    Finished!

    0
  • Customer

    ComboFix 08-11-12.02 - Mahamed 2008-11-15 12:08:27.2 - NTFSx86

    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.92 [GMT 11:00]

    Running from: c:\documents and settings\Mahamed\Desktop\ComboFix.exe

    Command switches used :: c:\documents and settings\Mahamed\Desktop\CFScript.txt

    * Created a new restore point

    .

     

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

     

    c:\documents and settings\All Users\Application Data\gogafo.exe

    c:\documents and settings\All Users\Application Data\ketuxo.exe

    c:\documents and settings\All Users\Application Data\opifesut.com

    c:\documents and settings\All Users\Application Data\uhebihomy.vbs

    c:\documents and settings\All Users\Application Data\yhesiko.scr

    c:\documents and settings\Mahamed\Application Data\ajeton.sys

    c:\documents and settings\Mahamed\Application Data\amubeqidun.dll

    c:\documents and settings\Mahamed\Application Data\xixavezy.pif

    c:\program files\Common Files\isesad.exe

    c:\program files\Common Files\jipovaguro.exe

    c:\program files\Common Files\omugurysox.reg

    c:\program files\Common Files\ybavizevim.bin

    c:\program files\Common Files\ykijy.com

    c:\program files\Common Files\ytenyhi.dll

    c:\windows\azeheh.exe

    c:\windows\ecyz.reg

    c:\windows\ejitabane.inf

    c:\windows\emyx.exe

    c:\windows\ixalogynic.reg

    c:\windows\lymu.exe

    c:\windows\mepeke.sys

    c:\windows\mujot.ban

    c:\windows\qilajotim._dl

    c:\windows\system32\33.tmp

    c:\windows\system32\35.tmp

    c:\windows\system32\54.tmp

    c:\windows\system32\56.tmp

    c:\windows\system32\66.tmp

    c:\windows\system32\69.tmp

    c:\windows\system32\94.tmp

    c:\windows\system32\96.tmp

    c:\windows\system32\bio-22-10-2.exe

    c:\windows\system32\ckds16.dll

    c:\windows\system32\csrssw.dll

    c:\windows\system32\ebidipar.dll

    c:\windows\system32\fefix.com

    c:\windows\system32\geqizigeke.bat

    c:\windows\system32\head-22-10-2.exe

    c:\windows\system32\ihywofemyh.com

    c:\windows\system32\imudas.pif

    c:\windows\system32\jsne87fidgf.dll

    c:\windows\system32\ronuces.sys

    c:\windows\system32\wupiluto.pif

    c:\windows\unisoja.dll

    c:\windows\uwezy.dl

    c:\windows\vmmreg32.exe

    c:\windows\vukiv.dl

    c:\windows\yqometon.com

    c:\windows\ysez.vbs

    c:\windows\zoguhah.vbs

     

    c:\windows\system32\lsass.exe . . . is infected!!

     

    c:\windows\system32\winlogon.exe . . . is infected!!

     

    c:\windows\system32\services.exe . . . is infected!!

     

    c:\windows\system32\svchost.exe . . . is infected!!

     

    c:\windows\system32\spoolsv.exe . . . is infected!!

     

    c:\windows\explorer.exe . . . is infected!!

     

    .

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .

     

    -------\Service_dc25c492

     

     

    ((((((((((((((((((((((((( Files Created from 2008-10-15 to 2008-11-15 )))))))))))))))))))))))))))))))

    .

     

    2008-12-22 15:59 . 2008-12-22 15:59 447,200 --a------ c:\windows\system32\OpenQuicktimeLib.dll

    2008-12-22 15:59 . 2008-12-22 15:59 332,512 --a------ c:\windows\system32\3ivxVfWCodec.dll

    2008-12-22 15:59 . 2008-12-22 15:59 25,312 --a------ c:\windows\system32\SamsungVfWCodec.dll

    2008-12-22 15:59 . 2008-12-22 15:59 25,312 --a------ c:\windows\system32\DivXVfWCodec.dll

    2008-12-22 15:58 . 2008-12-22 15:58 1,155,808 --a------ c:\windows\system32\3ivx.dll

    2008-12-22 15:52 . 2008-12-22 15:52 66,272 --a------ c:\windows\system32\libfaac.dll

    2008-11-15 12:02 . 2008-11-14 02:02 146,860 --a------ c:\windows\unisoja.exe

    2008-11-15 11:46 . 2008-11-15 11:46 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll

    2008-11-15 11:42 . 2008-11-15 11:42 <DIR> d-------- c:\windows\ERUNT

    2008-11-15 11:18 . 2008-11-15 12:02 <DIR> d-------- C:\SDFix

    2008-11-15 09:29 . 2008-11-15 09:29 <DIR> d-------- C:\_OTMoveIt

    2008-11-15 08:35 . 2008-11-15 09:10 <DIR> d-------- C:\Lop SD

    2008-11-14 19:54 . 2008-11-14 19:54 <DIR> d-------- c:\program files\Trend Micro

    2008-11-12 19:13 . 2008-11-12 19:13 <DIR> d-------- c:\documents and settings\Administrator\DoctorWeb

    2008-11-12 18:49 . 2008-11-12 18:49 <DIR> d-------- c:\documents and settings\Mahamed\DoctorWeb

    2008-11-12 18:44 . 2008-11-12 18:44 230 --a------ c:\windows\system32\spupdsvc.inf

    2008-11-12 17:07 . 2008-11-12 18:28 <DIR> d-------- c:\program files\Enigma Software Group

    2008-11-12 16:17 . 2008-11-12 16:28 15,083,520 --a------ c:\program files\spybotsd160.exe

    2008-11-12 16:00 . 2008-11-12 16:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET

    2008-11-12 15:54 . 2008-11-13 17:25 <DIR> d-------- c:\program files\RogueRemover FREE

    2008-11-12 15:53 . 2008-09-05 04:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll

    2008-11-12 15:53 . 2008-10-24 22:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

    2008-11-12 10:57 . 2008-11-12 10:57 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\Apple Computer

    2008-11-11 20:14 . 2008-11-13 18:35 <DIR> d-------- c:\program files\Lavasoft

    2008-11-11 19:37 . 2008-11-11 19:59 25,129,080 --a------ c:\program files\antivir_workstation_winu_en_h(2).exe

    2008-11-11 17:01 . 2008-11-11 17:17 23,804,784 --a------ c:\program files\aaw2008.exe

    2008-11-10 17:56 . 2008-11-10 17:56 <DIR> d-------- c:\program files\Alwil Software

    2008-11-09 10:56 . 2008-11-09 10:56 <DIR> d-------- c:\program files\3ivx

    2008-11-09 10:04 . 2008-11-09 10:49 <DIR> d-------- c:\windows\system32\quicktime

    2008-11-09 09:49 . 2008-11-13 18:20 <DIR> d-------- c:\program files\QuickTime

    2008-11-09 09:39 . 2008-11-09 09:40 <DIR> d-------- c:\program files\Service Packs

    2008-11-08 11:02 . 2008-11-14 02:15 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\LimeWire

    2008-11-08 11:01 . 2008-11-13 13:26 <DIR> d-------- c:\program files\LimeWire

    2008-11-07 23:18 . 2008-11-07 23:18 <DIR> d-------- c:\windows\Sun

    2008-11-07 19:16 . 2008-11-10 18:45 <DIR> d-------- c:\program files\DNA

    2008-11-07 19:16 . 2008-11-10 23:07 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\DNA

    2008-11-07 17:54 . 2008-11-07 20:25 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\DivX

    2008-11-07 17:15 . 2008-11-07 17:17 <DIR> d-------- c:\program files\DivX

    2008-11-06 22:31 . 2008-11-06 22:31 <DIR> d-------- c:\program files\Sun

    2008-11-06 22:28 . 2008-11-06 22:27 410,976 --a------ c:\windows\system32\deploytk.dll

    2008-11-06 22:28 . 2008-11-06 22:27 73,728 --a------ c:\windows\system32\javacpl.cpl

    2008-11-06 22:27 . 2008-11-06 22:27 <DIR> d-------- c:\program files\Java

    2008-11-04 18:23 . 2008-11-04 18:25 <DIR> d-------- c:\windows\system32\NtmsData

    2008-11-04 10:08 . 2008-11-04 10:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

    2008-11-04 10:07 . 2008-11-13 17:23 <DIR> d-------- c:\program files\SUPERAntiSpyware

    2008-11-04 10:07 . 2008-11-04 10:07 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\SUPERAntiSpyware.com

    2008-11-04 10:04 . 2008-11-13 18:34 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard

    2008-11-03 20:04 . 2008-11-03 20:04 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\Windows Search

    2008-11-03 18:53 . 2008-11-12 10:42 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\Comodo

    2008-11-03 15:00 . 2008-11-12 10:42 <DIR> d-------- c:\program files\COMODO

    2008-11-03 09:17 . 2008-11-03 09:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\MSN6

    2008-11-03 09:12 . 2008-11-12 19:13 <DIR> d-------- c:\documents and settings\Administrator

    2008-11-03 08:09 . 2008-11-03 09:15 <DIR> d-------- c:\program files\Smart Virus Remover

    2008-11-03 01:16 . 2008-11-03 01:16 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\MSN6

    2008-10-29 09:36 . 2008-10-29 09:36 823,296 --a------ c:\windows\system32\divx_xx0c.dll

    2008-10-29 09:36 . 2008-10-29 09:36 823,296 --a------ c:\windows\system32\divx_xx07.dll

    2008-10-29 09:35 . 2008-10-29 09:35 815,104 --a------ c:\windows\system32\divx_xx0a.dll

    2008-10-29 09:35 . 2008-10-29 09:35 802,816 --a------ c:\windows\system32\divx_xx11.dll

    2008-10-28 03:44 . 2008-10-28 03:44 <DIR> d-------- c:\program files\Common Files\xing shared

    2008-10-28 03:43 . 2008-10-28 03:43 <DIR> d-------- c:\program files\Real

    2008-10-26 22:21 . 2008-10-26 22:21 <DIR> d-------- c:\program files\Real Alternative

    2008-10-26 22:21 . 2008-10-28 03:44 <DIR> d-------- c:\program files\Common Files\Real

    2008-10-25 19:18 . 2008-10-25 19:18 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\Windows Desktop Search

    2008-10-25 19:16 . 2008-10-25 19:16 <DIR> d-------- c:\windows\system32\GroupPolicy

    2008-10-25 19:16 . 2008-10-25 19:16 <DIR> d-------- c:\program files\Windows Desktop Search

    2008-10-25 19:15 . 2008-03-08 04:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll

    2008-10-25 19:15 . 2008-03-08 04:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll

    2008-10-25 19:15 . 2008-03-08 04:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll

    2008-10-25 19:14 . 2008-10-25 19:14 <DIR> d-------- c:\program files\CONEXANT

    2008-10-25 19:13 . 2008-10-16 03:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

    2008-10-25 17:16 . 2008-10-25 17:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8

    2008-10-24 21:31 . 2008-04-14 05:42 159,232 --a------ c:\windows\system32\ptpusd.dll

    2008-10-24 21:31 . 2008-04-14 00:15 15,104 --a------ c:\windows\system32\drivers\usbscan.sys

    2008-10-24 21:31 . 2008-04-14 00:15 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys

    2008-10-24 21:31 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll

    2008-10-22 20:17 . 2008-10-22 20:17 <DIR> d-------- c:\program files\Common Files\InstallShield

    2008-10-19 11:49 . 2008-09-08 23:38 99,840 --a------ c:\windows\system32\AntiXPVSTFix.exe

    2008-10-19 11:49 . 2008-10-10 08:58 94,208 --a------ c:\windows\system32\o4Patch.exe

    2008-10-19 11:49 . 2008-10-10 08:58 94,208 --a------ c:\windows\system32\IEDFix.C.exe

    2008-10-19 11:49 . 2008-08-18 12:19 84,992 --a------ c:\windows\system32\404FIX.EXE

    2008-10-19 11:48 . 2007-09-06 00:22 289,144 --a------ c:\windows\system32\VCCLSID.exe

    2008-10-19 11:48 . 2006-04-27 17:49 288,417 --a------ c:\windows\system32\SrchSTS.exe

    2008-10-19 11:48 . 2008-10-01 15:51 98,816 --a------ c:\windows\system32\VACFix.exe

    2008-10-19 11:48 . 2008-05-18 21:40 94,208 --a------ c:\windows\system32\IEDFix.exe

    2008-10-19 11:48 . 2003-06-05 21:13 65,536 --a------ c:\windows\system32\Process.exe

    2008-10-19 11:48 . 2004-07-31 18:50 59,904 --a------ c:\windows\system32\dumphive.exe

    2008-10-19 11:48 . 2007-10-04 00:36 37,888 --a------ c:\windows\system32\WS2Fix.exe

    2008-10-18 14:38 . 2008-10-18 14:38 <DIR> d-------- c:\program files\Windows Media Connect 2

    2008-10-18 14:33 . 2008-10-18 14:33 <DIR> d-------- c:\windows\system32\LogFiles

    2008-10-18 14:33 . 2008-10-27 12:26 <DIR> d-------- c:\windows\system32\drivers\UMDF

    2008-10-18 11:08 . 2008-10-18 11:08 10,752 --a------ c:\windows\system32\horjiqot.exe

    2008-10-18 01:31 . 2008-10-18 01:31 <DIR> dr------- C:\Aslam

    2008-10-17 22:53 . 2008-10-17 22:53 244 --ah----- C:\sqmnoopt06.sqm

    2008-10-17 22:53 . 2008-10-17 22:53 232 --ah----- C:\sqmdata06.sqm

    2008-10-17 22:28 . 2008-10-17 22:28 244 --ah----- C:\sqmnoopt05.sqm

    2008-10-17 22:28 . 2008-10-17 22:28 232 --ah----- C:\sqmdata05.sqm

    2008-10-17 22:17 . 2008-10-17 22:17 244 --ah----- C:\sqmnoopt04.sqm

    2008-10-17 22:17 . 2008-10-17 22:17 232 --ah----- C:\sqmdata04.sqm

    2008-10-17 21:54 . 2008-10-17 21:54 244 --ah----- C:\sqmnoopt03.sqm

    2008-10-17 21:54 . 2008-10-17 21:54 232 --ah----- C:\sqmdata03.sqm

    2008-10-17 18:53 . 2002-11-21 11:56 119,296 --a------ c:\program files\gapa.exe

    2008-10-17 17:50 . 2008-11-12 16:24 <DIR> d-------- c:\program files\QuickGamma

    2008-10-17 02:09 . 2008-10-17 02:09 <DIR> d-------- C:\802b506a90741843c7

    2008-10-16 17:44 . 2008-09-08 21:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys

    2008-10-16 17:43 . 2008-08-14 21:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe

    2008-10-16 17:43 . 2008-08-14 21:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe

    2008-10-16 17:43 . 2008-08-14 20:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe

    2008-10-16 17:43 . 2008-08-14 20:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe

    2008-10-16 17:43 . 2008-09-15 23:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys

    2008-10-15 21:33 . 2003-09-16 12:59 191,488 --a------ c:\windows\w4e_motivational.scr

    2008-10-15 21:33 . 2008-10-15 22:07 94 --a------ c:\windows\w4e_motivational.ini

     

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2008-11-15 01:23 69,632 ----a-w c:\windows\system32\csrssw.dll

    2008-11-14 22:40 17,408 ----a-w c:\windows\system32\svchost.exe

    2008-11-14 21:20 --------- d-----w c:\program files\Common Files\Adobe

    2008-11-12 05:43 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

    2008-11-12 05:24 --------- d-----w c:\program files\Malwarebytes' Anti-Malware

    2008-11-12 05:24 --------- d-----w c:\program files\Free FLV Converter

    2008-11-12 02:16 19,762 ----a-w c:\program files\Common Files\ynojysu.ban

    2008-11-07 08:06 263 ----a-w c:\program files\gapa.ini

    2008-11-03 05:58 --------- d-----w c:\documents and settings\All Users\Application Data\STOPzilla!

    2008-10-27 16:43 499,712 ----a-w c:\windows\system32\msvcp71.dll

    2008-10-27 16:43 348,160 ----a-w c:\windows\system32\msvcr71.dll

    2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys

    2008-10-21 06:31 --------- d-----w c:\documents and settings\Mahamed\Application Data\uTorrent

    2008-10-03 01:13 --------- d-----w c:\documents and settings\Mahamed\Application Data\Media Player Classic

    2008-10-03 00:49 --------- d-----w c:\program files\Combined Community Codec Pack

    2008-10-02 07:53 --------- d-----w c:\program files\Common Files\DVDVideoSoft

    2008-10-02 07:53 --------- d-----w c:\program files\AskBarDis

    2008-09-30 05:28 --------- d-----w c:\program files\Xvid

    2008-09-25 09:10 --------- d-----w c:\program files\NOS

    2008-09-25 09:10 --------- d-----w c:\documents and settings\All Users\Application Data\NOS

    2008-09-25 08:13 --------- d-----w c:\documents and settings\Mahamed\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

    2008-09-25 08:11 --------- d-----w c:\program files\Common Files\Adobe AIR

    2008-09-25 08:03 81,920 ----a-w c:\windows\system32\dpl100.dll

    2008-09-25 08:03 593,920 ----a-w c:\windows\system32\dpuGUI11.dll

    2008-09-25 08:03 57,344 ----a-w c:\windows\system32\dpv11.dll

    2008-09-25 08:03 536,576 ----a-w c:\windows\system32\DivXsm.exe

    2008-09-25 08:03 53,248 ----a-w c:\windows\system32\dpuGUI10.dll

    2008-09-25 08:03 344,064 ----a-w c:\windows\system32\dpus11.dll

    2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu11.dll

    2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu10.dll

    2008-09-25 08:03 196,608 ----a-w c:\windows\system32\dtu100.dll

    2008-09-25 08:03 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe

    2008-09-23 02:51 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!

    2008-09-22 11:00 --------- d-----w c:\program files\Messenger Plus! Live

    2008-09-21 02:04 --------- d-----w c:\program files\Windows Live

    2008-09-21 02:02 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller

    2008-09-21 01:55 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller

    2008-09-19 21:57 9,464 ----a-w c:\windows\system32\drivers\cdralw2k.sys

    2008-09-19 21:57 9,336 ----a-w c:\windows\system32\drivers\cdr4_xp.sys

    2008-09-19 21:57 43,528 ----a-w c:\windows\system32\drivers\PxHelp20.sys

    2008-09-19 21:57 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll

    2008-09-19 21:57 129,784 ----a-w c:\windows\system32\pxafs.dll

    2008-09-19 21:57 120,056 ----a-w c:\windows\system32\pxcpyi64.exe

    2008-09-19 21:57 118,520 ----a-w c:\windows\system32\pxinsi64.exe

    2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll

    2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll

    2008-09-19 21:54 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll

    2008-09-19 03:15 --------- d-----w c:\program files\Microsoft Works

    2008-09-19 03:14 --------- d-----w c:\program files\MSBuild

    2008-09-19 03:01 --------- d-----w c:\program files\Microsoft.NET

    2008-09-16 13:27 --------- d-----w c:\documents and settings\All Users\Application Data\SITEguard

    2008-09-16 13:26 --------- d-----w c:\program files\Common Files\iS3

    2008-09-15 13:46 --------- d-----w c:\program files\AVG

    2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys

    2008-09-15 06:44 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft

    2008-09-15 06:03 --------- d-----w c:\documents and settings\Mahamed\Application Data\Malwarebytes

    2008-09-15 06:03 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes

    2008-09-15 05:52 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

    2008-09-15 05:40 --------- d-----w c:\program files\Common Files\Download Manager

    2008-09-12 18:30 278,528 ----a-w c:\windows\system32\TubeFinder.exe

    2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll

    2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll

    2008-08-20 05:30 666,112 ----a-w c:\windows\system32\wininet.dll

    .

     

    ------- Sigcheck -------

     

    2004-08-04 01:56 14336 5de5b5c556f04f26dd6068267644a8ca c:\windows\$NtServicePackUninstall$\svchost.exe

    2008-04-14 06:42 23040 06fcb16ca84dcc11302fd1854b6b246c c:\windows\ServicePackFiles\i386\svchost.exe

    2004-08-04 18:56 23040 385a7e4e53c27ae4047816c5ec582f5e c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\svchost.exe

    2008-11-15 09:40 17408 757bfb408b7ea07648188f30d027cb6e c:\windows\system32\svchost.exe

     

    2004-08-04 01:56 502272 19f92aaf6870b66d25b351e230abc6ea c:\windows\$NtServicePackUninstall$\winlogon.exe

    2008-04-14 06:42 516608 808f4f0941af51bd295eded8071a286b c:\windows\ServicePackFiles\i386\winlogon.exe

    2004-08-04 18:56 510976 8c45beb4d178e0b993ca55ab14ce53fd c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\winlogon.exe

    2008-04-14 06:42 512000 d4b1151878c946abd7013197a2a58a86 c:\windows\system32\winlogon.exe

     

    2008-04-14 06:42 1048576 32b05ffd8ee421e8d135922f94a09779 c:\windows\explorer.exe

    2004-08-04 01:56 1032192 56195559d22a24d39c0d04b954fb1901 c:\windows\$NtServicePackUninstall$\explorer.exe

    2008-04-14 06:42 1042432 8aab8f71347002bc2ac64ae0beb5e905 c:\windows\ServicePackFiles\i386\explorer.exe

    2004-08-04 18:56 1040896 0c8ec25cd14642a3cd74d794176645b5 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\explorer.exe

     

    2004-08-04 01:56 108032 1800469178c252c5977f711b468c00a1 c:\windows\$NtServicePackUninstall$\services.exe

    2008-04-14 06:42 117248 ef1758444f1504c33b79c26a5926d69b c:\windows\ServicePackFiles\i386\services.exe

    2004-08-04 18:56 116736 b83fefe879296a209915092ee67437fa c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\services.exe

    2008-04-14 06:42 111104 8f0b1f3a69379f2fb94a7ea9927d7ae6 c:\windows\system32\services.exe

     

    2004-08-04 01:56 13312 5877be9b08f740e5bd64e7c86608a93f c:\windows\$NtServicePackUninstall$\lsass.exe

    2008-04-14 06:42 22016 0df2519a636ddbf74e43c73f6db43943 c:\windows\ServicePackFiles\i386\lsass.exe

    2004-08-04 18:56 22016 0b6bba57a1bb9998e542d911e27b5bd6 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\lsass.exe

    2008-04-14 06:42 14848 75a4df4fcd68e97e5ad34543f18bbc86 c:\windows\system32\lsass.exe

     

    2004-08-04 01:56 15360 fe408f07f63eece65f4e3f8ce09030d5 c:\windows\$NtServicePackUninstall$\ctfmon.exe

    2008-04-14 06:42 24064 7799f2ecb1713979335e8abc1ec42bcf c:\windows\ServicePackFiles\i386\ctfmon.exe

    2004-08-04 18:56 24064 e0e0a63fa6e13fcee9d77d729a14e7b1 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ctfmon.exe

    2008-04-14 06:42 15360 b61439f0bc14b836101d6387197715e8 c:\windows\system32\CTFMON.EXE

     

    2005-06-11 11:17 57856 8cfa993f4fdf5568aff15d99765c21d6 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe

    2005-06-11 10:53 57856 07763dfe5ea3c14946d4052c56ba377d c:\windows\$NtServicePackUninstall$\spoolsv.exe

    2004-08-04 01:56 57856 cb39079b8adca54c691db044351b94bf c:\windows\$NtUninstallKB896423$\spoolsv.exe

    2008-04-14 06:42 66560 5a45de4b505cbbc52e4b09706357c050 c:\windows\ServicePackFiles\i386\spoolsv.exe

    2004-08-04 18:56 66560 234df4f1361db1af65a3fe7ef06925fe c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\spoolsv.exe

    2008-04-14 06:42 58368 9611bbfa386db3a3d6f32aa8dc92ef42 c:\windows\system32\spoolsv.exe

     

    2004-08-04 01:56 24576 27f29f65bf97a1dd81d50229b5023745 c:\windows\$NtServicePackUninstall$\userinit.exe

    2008-04-14 06:42 34816 f7746144dda31959e03610f052c33d92 c:\windows\ServicePackFiles\i386\userinit.exe

    2004-08-04 18:56 33280 215be2b305baa8e049760ba95cb8b6ba c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\userinit.exe

    2008-04-14 06:42 26112 31c92b93500c4ee80248b3d67acf4480 c:\windows\system32\userinit.exe

    .

    ((((((((((((((((((((((((((((( snapshot@2008-11-15_10.40.06.95 )))))))))))))))))))))))))))))))))))))))))

    .

    + 2008-11-15 01:16:17 1,790 ----a-w c:\windows\ERDNT\CFUNDO.dat

    + 2008-08-07 04:27:04 175,616 ----a-w c:\windows\ERUNT\SDFIX\ERDNT.EXE

    + 2008-11-15 00:42:34 4,595,712 ----a-w c:\windows\ERUNT\SDFIX\Users\00000001\ntuser.dat

    + 2008-11-15 00:42:34 294,912 ----a-w c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat

    + 2008-08-07 04:27:04 175,616 ----a-w c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE

    + 2008-11-15 00:42:21 4,595,712 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat

    + 2008-11-15 00:42:21 294,912 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat

    - 2008-11-14 23:33:52 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat

    + 2008-11-15 01:23:55 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat

    - 2008-11-14 23:33:52 65,536 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

    + 2008-11-15 01:23:55 65,536 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

    - 2008-11-14 23:33:55 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

    + 2008-11-15 01:23:55 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

    + 2008-11-15 01:22:59 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_194.dat

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

    "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

     

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

    "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

     

    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

     

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-06 136600]

    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-28 185872]

    "Movie Maker"="c:\windows\vmmreg32.exe" [2008-11-14 146860]

    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

    "MSBuild"="c:\windows\vmmreg32.exe" [2008-11-14 146860]

     

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

     

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon]

    2008-07-23 16:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

    "vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

    "vidc.3IV2"= 3ivxVfWCodec.dll

    "vidc.SEDG"= SamsungVfWCodec.dll

    "vidc.DX50"= DivXVfWCodec.dll

     

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WG111v2 Smart Wizard Wireless Setting.lnk]

    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WG111v2 Smart Wizard Wireless Setting.lnk

    backup=c:\windows\pss\WG111v2 Smart Wizard Wireless Setting.lnkCommon Startup

     

    [HKLM\~\startupfolder\c:^documents and settings^all users^start menu^programs^startup^windows search.lnk]

    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

    backup=c:\windows\pss\Windows Search.lnkCommon Startup

     

    [HKLM\~\startupfolder\c:^documents and settings^mahamed^start menu^programs^startup^limewire on startup.lnk]

    path=c:\documents and settings\Mahamed\Start Menu\Programs\Startup\LimeWire On Startup.lnk

    backup=c:\windows\pss\LimeWire On Startup.lnkStartup

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

    --a------ 2008-11-07 19:16 342336 c:\program files\DNA\btdna.exe

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

    --a------ 2008-04-14 06:42 1695232 c:\program files\Messenger\msmsgs.exe

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

    --a------ 2008-10-28 03:43 185872 c:\program files\Common Files\Real\Update_OB\realsched.exe

     

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

    "EnableFirewall"= 0 (0x0)

     

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    "c:\\Program Files\\Messenger\\msmsgs.exe"=

    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    "c:\\Program Files\\DNA\\btdna.exe"=

    "c:\\Program Files\\LimeWire\\LimeWire.exe"=

    "c:\\Program Files\\Malwarebytes' Anti-Malware\\MBAM.EXE"=

    "c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=

     

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

    "6112:TCP"= 6112:TCP:WarcraftIII

    "6112:UDP"= 6112:UDP:WarcraftIII

     

    R3 genmcmnusb;USB Scroll Mouse Driver;c:\windows\system32\DRIVERS\gflmouhid.sys [2004-04-19 6656]

    S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]

    .

     

    **************************************************************************

     

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-11-15 12:23:03

    Windows 5.1.2600 Service Pack 3 NTFS

     

    detected NTDLL code modification:

    ZwOpenFile

     

    scanning hidden processes ...

     

    scanning hidden autostart entries ...

     

    scanning hidden files ...

     

     

    c:\docume~1\Mahamed\LOCALS~1\Temp\RGI1.tmp

    c:\windows\system32\csrssw.dll 69632 bytes executable

     

    scan completed successfully

    hidden files: 2

     

    **************************************************************************

    .

    ------------------------ Other Running Processes ------------------------

    .

    c:\program files\Lavasoft\Ad-Aware\aawservice.exe

    c:\program files\Java\jre6\bin\jqs.exe

    c:\windows\system32\searchindexer.exe

    c:\windows\system32\wscntfy.exe

    .

    **************************************************************************

    .

    Completion time: 2008-11-15 12:30:36 - machine was rebooted

    ComboFix-quarantined-files.txt 2008-11-15 01:30:22

    ComboFix2.txt 2008-11-14 23:41:28

     

    Pre-Run: 59,169,300,480 bytes free

    Post-Run: 59,153,608,704 bytes free

     

    398 --- E O F --- 2008-11-12 05:44:00

    0
  • Customer

    Hello

     

    Open notepad and copy/paste the text in the quotebox below into it:

    http://www.lavasoftsupport.com/index.php?showtopic=21732&st=0entry88892

    Collect::
    c:\windows\unisoja.exe
    c:\windows\system32\horjiqot.exe
    c:\program files\gapa.exe
    c:\windows\system32\csrssw.dll


    Suspect::


    Save this as CFScript.txt

     

     

     

    Refering to the picture above, drag CFScript.txt into ComboFix.exe

     

    When finished, it shall produce a log for you. Post that log in your next reply.

     

    **Note**

     

    When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.


    • Ensure you are connected to the internet and click OK on the message box.


    • A browser will open.


    • Simply follow the instructions to copy/paste/send the requested file.



     

     

    Please download Malwarebytes' Anti-Malware from Here or Here

     

    Double Click mbam-setup.exe to install the application.


    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


    • If an update is found, it will download and install the latest version.


    • Once the program has loaded, select "Perform Quick Scan", then click Scan.


    • The scan may take some time to finish,so please be patient.


    • When the scan is complete, click OK, then Show Results to view the results.


    • Make sure that everything is checked, and click Remove Selected.


    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)


    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.


    • Copy&Paste the entire report in your next reply.



    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

    0
  • Customer

    ComboFix 08-11-13.01 - Mahamed 2008-11-15 15:13:46.3 - NTFSx86

    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.166 [GMT 11:00]

    Running from: c:\documents and settings\Mahamed\Desktop\ComboFix.exe

    Command switches used :: c:\documents and settings\Mahamed\Desktop\CFScript.txt

    * Created a new restore point

    .

     

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

     

    c:\program files\gapa.exe

    c:\windows\system32\csrssw.dll

    c:\windows\system32\horjiqot.exe

    c:\windows\unisoja.exe

     

    c:\windows\system32\lsass.exe . . . is infected!!

     

    c:\windows\system32\winlogon.exe . . . is infected!!

     

    c:\windows\system32\services.exe . . . is infected!!

     

    c:\windows\system32\svchost.exe . . . is infected!!

     

    c:\windows\system32\spoolsv.exe . . . is infected!!

     

    c:\windows\explorer.exe . . . is infected!!

     

    .

    ((((((((((((((((((((((((( Files Created from 2008-10-15 to 2008-11-15 )))))))))))))))))))))))))))))))

    .

     

    2008-12-22 15:59 . 2008-12-22 15:59 447,200 --a------ c:\windows\system32\OpenQuicktimeLib.dll

    2008-12-22 15:59 . 2008-12-22 15:59 332,512 --a------ c:\windows\system32\3ivxVfWCodec.dll

    2008-12-22 15:59 . 2008-12-22 15:59 25,312 --a------ c:\windows\system32\SamsungVfWCodec.dll

    2008-12-22 15:59 . 2008-12-22 15:59 25,312 --a------ c:\windows\system32\DivXVfWCodec.dll

    2008-12-22 15:58 . 2008-12-22 15:58 1,155,808 --a------ c:\windows\system32\3ivx.dll

    2008-12-22 15:52 . 2008-12-22 15:52 66,272 --a------ c:\windows\system32\libfaac.dll

    2008-11-15 15:26 . 2008-11-14 02:02 146,860 --a------ c:\windows\twain.exe

    2008-11-15 14:19 . 2008-11-15 14:19 207,360 --a--c--- c:\windows\system32\dllcache\ndis.sys

    2008-11-15 14:18 . 2008-11-15 14:18 31,744 --a------ c:\windows\system32\reader.exe

    2008-11-15 14:18 . 2008-11-15 14:18 18 --a------ c:\windows\system32\5A.tmp

    2008-11-15 14:17 . 2008-11-15 14:17 44 --a------ c:\windows\system32\58.tmp

    2008-11-15 12:23 . 2008-11-14 02:02 146,860 --a------ c:\windows\vmmreg32.exe

    2008-11-15 11:46 . 2008-11-15 11:46 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll

    2008-11-15 11:42 . 2008-11-15 11:42 <DIR> d-------- c:\windows\ERUNT

    2008-11-15 11:18 . 2008-11-15 12:02 <DIR> d-------- C:\SDFix

    2008-11-15 09:29 . 2008-11-15 09:29 <DIR> d-------- C:\_OTMoveIt

    2008-11-15 08:35 . 2008-11-15 09:10 <DIR> d-------- C:\Lop SD

    2008-11-14 19:54 . 2008-11-14 19:54 <DIR> d-------- c:\program files\Trend Micro

    2008-11-12 19:13 . 2008-11-12 19:13 <DIR> d-------- c:\documents and settings\Administrator\DoctorWeb

    2008-11-12 18:49 . 2008-11-12 18:49 <DIR> d-------- c:\documents and settings\Mahamed\DoctorWeb

    2008-11-12 18:44 . 2008-11-12 18:44 230 --a------ c:\windows\system32\spupdsvc.inf

    2008-11-12 17:07 . 2008-11-12 18:28 <DIR> d-------- c:\program files\Enigma Software Group

    2008-11-12 16:17 . 2008-11-12 16:28 15,083,520 --a------ c:\program files\spybotsd160.exe

    2008-11-12 16:00 . 2008-11-12 16:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET

    2008-11-12 15:54 . 2008-11-13 17:25 <DIR> d-------- c:\program files\RogueRemover FREE

    2008-11-12 15:53 . 2008-09-05 04:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll

    2008-11-12 15:53 . 2008-10-24 22:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

    2008-11-12 10:57 . 2008-11-12 10:57 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\Apple Computer

    2008-11-11 20:14 . 2008-11-13 18:35 <DIR> d-------- c:\program files\Lavasoft

    2008-11-11 19:37 . 2008-11-11 19:59 25,129,080 --a------ c:\program files\antivir_workstation_winu_en_h(2).exe

    2008-11-11 17:01 . 2008-11-11 17:17 23,804,784 --a------ c:\program files\aaw2008.exe

    2008-11-10 17:56 . 2008-11-10 17:56 <DIR> d-------- c:\program files\Alwil Software

    2008-11-09 10:56 . 2008-11-09 10:56 <DIR> d-------- c:\program files\3ivx

    2008-11-09 10:04 . 2008-11-09 10:49 <DIR> d-------- c:\windows\system32\quicktime

    2008-11-09 09:49 . 2008-11-13 18:20 <DIR> d-------- c:\program files\QuickTime

    2008-11-09 09:39 . 2008-11-09 09:40 <DIR> d-------- c:\program files\Service Packs

    2008-11-08 11:02 . 2008-11-14 02:15 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\LimeWire

    2008-11-08 11:01 . 2008-11-13 13:26 <DIR> d-------- c:\program files\LimeWire

    2008-11-07 23:18 . 2008-11-07 23:18 <DIR> d-------- c:\windows\Sun

    2008-11-07 19:16 . 2008-11-10 18:45 <DIR> d-------- c:\program files\DNA

    2008-11-07 19:16 . 2008-11-10 23:07 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\DNA

    2008-11-07 17:54 . 2008-11-07 20:25 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\DivX

    2008-11-07 17:15 . 2008-11-07 17:17 <DIR> d-------- c:\program files\DivX

    2008-11-06 22:31 . 2008-11-06 22:31 <DIR> d-------- c:\program files\Sun

    2008-11-06 22:28 . 2008-11-06 22:27 410,976 --a------ c:\windows\system32\deploytk.dll

    2008-11-06 22:28 . 2008-11-06 22:27 73,728 --a------ c:\windows\system32\javacpl.cpl

    2008-11-06 22:27 . 2008-11-06 22:27 <DIR> d-------- c:\program files\Java

    2008-11-04 18:23 . 2008-11-04 18:25 <DIR> d-------- c:\windows\system32\NtmsData

    2008-11-04 10:08 . 2008-11-04 10:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

    2008-11-04 10:07 . 2008-11-13 17:23 <DIR> d-------- c:\program files\SUPERAntiSpyware

    2008-11-04 10:07 . 2008-11-04 10:07 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\SUPERAntiSpyware.com

    2008-11-04 10:04 . 2008-11-13 18:34 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard

    2008-11-03 20:04 . 2008-11-03 20:04 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\Windows Search

    2008-11-03 18:53 . 2008-11-12 10:42 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\Comodo

    2008-11-03 15:00 . 2008-11-12 10:42 <DIR> d-------- c:\program files\COMODO

    2008-11-03 09:17 . 2008-11-03 09:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\MSN6

    2008-11-03 09:12 . 2008-11-12 19:13 <DIR> d-------- c:\documents and settings\Administrator

    2008-11-03 08:09 . 2008-11-03 09:15 <DIR> d-------- c:\program files\Smart Virus Remover

    2008-11-03 01:16 . 2008-11-03 01:16 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\MSN6

    2008-10-29 09:36 . 2008-10-29 09:36 823,296 --a------ c:\windows\system32\divx_xx0c.dll

    2008-10-29 09:36 . 2008-10-29 09:36 823,296 --a------ c:\windows\system32\divx_xx07.dll

    2008-10-29 09:35 . 2008-10-29 09:35 815,104 --a------ c:\windows\system32\divx_xx0a.dll

    2008-10-29 09:35 . 2008-10-29 09:35 802,816 --a------ c:\windows\system32\divx_xx11.dll

    2008-10-28 03:44 . 2008-10-28 03:44 <DIR> d-------- c:\program files\Common Files\xing shared

    2008-10-28 03:43 . 2008-10-28 03:43 <DIR> d-------- c:\program files\Real

    2008-10-26 22:21 . 2008-10-26 22:21 <DIR> d-------- c:\program files\Real Alternative

    2008-10-26 22:21 . 2008-10-28 03:44 <DIR> d-------- c:\program files\Common Files\Real

    2008-10-25 19:18 . 2008-10-25 19:18 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\Windows Desktop Search

    2008-10-25 19:16 . 2008-10-25 19:16 <DIR> d-------- c:\windows\system32\GroupPolicy

    2008-10-25 19:16 . 2008-10-25 19:16 <DIR> d-------- c:\program files\Windows Desktop Search

    2008-10-25 19:15 . 2008-03-08 04:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll

    2008-10-25 19:15 . 2008-03-08 04:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll

    2008-10-25 19:15 . 2008-03-08 04:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll

    2008-10-25 19:14 . 2008-10-25 19:14 <DIR> d-------- c:\program files\CONEXANT

    2008-10-25 19:13 . 2008-10-16 03:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

    2008-10-25 17:16 . 2008-10-25 17:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8

    2008-10-24 21:31 . 2008-04-14 05:42 159,232 --a------ c:\windows\system32\ptpusd.dll

    2008-10-24 21:31 . 2008-04-14 00:15 15,104 --a------ c:\windows\system32\drivers\usbscan.sys

    2008-10-24 21:31 . 2008-04-14 00:15 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys

    2008-10-24 21:31 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll

    2008-10-22 20:17 . 2008-10-22 20:17 <DIR> d-------- c:\program files\Common Files\InstallShield

    2008-10-19 11:49 . 2008-09-08 23:38 99,840 --a------ c:\windows\system32\AntiXPVSTFix.exe

    2008-10-19 11:49 . 2008-10-10 08:58 94,208 --a------ c:\windows\system32\o4Patch.exe

    2008-10-19 11:49 . 2008-10-10 08:58 94,208 --a------ c:\windows\system32\IEDFix.C.exe

    2008-10-19 11:49 . 2008-08-18 12:19 84,992 --a------ c:\windows\system32\404FIX.EXE

    2008-10-19 11:48 . 2007-09-06 00:22 289,144 --a------ c:\windows\system32\VCCLSID.exe

    2008-10-19 11:48 . 2006-04-27 17:49 288,417 --a------ c:\windows\system32\SrchSTS.exe

    2008-10-19 11:48 . 2008-10-01 15:51 98,816 --a------ c:\windows\system32\VACFix.exe

    2008-10-19 11:48 . 2008-05-18 21:40 94,208 --a------ c:\windows\system32\IEDFix.exe

    2008-10-19 11:48 . 2003-06-05 21:13 65,536 --a------ c:\windows\system32\Process.exe

    2008-10-19 11:48 . 2004-07-31 18:50 59,904 --a------ c:\windows\system32\dumphive.exe

    2008-10-19 11:48 . 2007-10-04 00:36 37,888 --a------ c:\windows\system32\WS2Fix.exe

    2008-10-18 14:38 . 2008-10-18 14:38 <DIR> d-------- c:\program files\Windows Media Connect 2

    2008-10-18 14:33 . 2008-10-18 14:33 <DIR> d-------- c:\windows\system32\LogFiles

    2008-10-18 14:33 . 2008-10-27 12:26 <DIR> d-------- c:\windows\system32\drivers\UMDF

    2008-10-18 01:31 . 2008-10-18 01:31 <DIR> dr------- C:\Aslam

    2008-10-17 22:53 . 2008-10-17 22:53 244 --ah----- C:\sqmnoopt06.sqm

    2008-10-17 22:53 . 2008-10-17 22:53 232 --ah----- C:\sqmdata06.sqm

    2008-10-17 22:28 . 2008-10-17 22:28 244 --ah----- C:\sqmnoopt05.sqm

    2008-10-17 22:28 . 2008-10-17 22:28 232 --ah----- C:\sqmdata05.sqm

    2008-10-17 22:17 . 2008-10-17 22:17 244 --ah----- C:\sqmnoopt04.sqm

    2008-10-17 22:17 . 2008-10-17 22:17 232 --ah----- C:\sqmdata04.sqm

    2008-10-17 21:54 . 2008-10-17 21:54 244 --ah----- C:\sqmnoopt03.sqm

    2008-10-17 21:54 . 2008-10-17 21:54 232 --ah----- C:\sqmdata03.sqm

    2008-10-17 17:50 . 2008-11-12 16:24 <DIR> d-------- c:\program files\QuickGamma

    2008-10-17 02:09 . 2008-10-17 02:09 <DIR> d-------- C:\802b506a90741843c7

    2008-10-16 17:44 . 2008-09-08 21:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys

    2008-10-16 17:43 . 2008-08-14 21:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe

    2008-10-16 17:43 . 2008-08-14 21:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe

    2008-10-16 17:43 . 2008-08-14 20:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe

    2008-10-16 17:43 . 2008-08-14 20:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe

    2008-10-16 17:43 . 2008-09-15 23:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys

    2008-10-15 21:33 . 2003-09-16 12:59 191,488 --a------ c:\windows\w4e_motivational.scr

    2008-10-15 21:33 . 2008-10-15 22:07 94 --a------ c:\windows\w4e_motivational.ini

     

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2008-11-15 04:26 69,632 ----a-w c:\windows\system32\csrssw.dll

    2008-11-15 03:19 207,360 ----a-w c:\windows\system32\drivers\ndis.sys

    2008-11-14 22:40 17,408 ----a-w c:\windows\system32\svchost.exe

    2008-11-14 21:20 --------- d-----w c:\program files\Common Files\Adobe

    2008-11-12 05:43 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

    2008-11-12 05:24 --------- d-----w c:\program files\Malwarebytes' Anti-Malware

    2008-11-12 05:24 --------- d-----w c:\program files\Free FLV Converter

    2008-11-12 02:16 19,762 ----a-w c:\program files\Common Files\ynojysu.ban

    2008-11-07 08:06 263 ----a-w c:\program files\gapa.ini

    2008-11-03 05:58 --------- d-----w c:\documents and settings\All Users\Application Data\STOPzilla!

    2008-10-27 16:43 499,712 ----a-w c:\windows\system32\msvcp71.dll

    2008-10-27 16:43 348,160 ----a-w c:\windows\system32\msvcr71.dll

    2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys

    2008-10-21 06:31 --------- d-----w c:\documents and settings\Mahamed\Application Data\uTorrent

    2008-10-03 01:13 --------- d-----w c:\documents and settings\Mahamed\Application Data\Media Player Classic

    2008-10-03 00:49 --------- d-----w c:\program files\Combined Community Codec Pack

    2008-10-02 07:53 --------- d-----w c:\program files\Common Files\DVDVideoSoft

    2008-10-02 07:53 --------- d-----w c:\program files\AskBarDis

    2008-09-30 05:28 --------- d-----w c:\program files\Xvid

    2008-09-25 09:10 --------- d-----w c:\program files\NOS

    2008-09-25 09:10 --------- d-----w c:\documents and settings\All Users\Application Data\NOS

    2008-09-25 08:13 --------- d-----w c:\documents and settings\Mahamed\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

    2008-09-25 08:11 --------- d-----w c:\program files\Common Files\Adobe AIR

    2008-09-25 08:03 81,920 ----a-w c:\windows\system32\dpl100.dll

    2008-09-25 08:03 593,920 ----a-w c:\windows\system32\dpuGUI11.dll

    2008-09-25 08:03 57,344 ----a-w c:\windows\system32\dpv11.dll

    2008-09-25 08:03 536,576 ----a-w c:\windows\system32\DivXsm.exe

    2008-09-25 08:03 53,248 ----a-w c:\windows\system32\dpuGUI10.dll

    2008-09-25 08:03 344,064 ----a-w c:\windows\system32\dpus11.dll

    2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu11.dll

    2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu10.dll

    2008-09-25 08:03 196,608 ----a-w c:\windows\system32\dtu100.dll

    2008-09-25 08:03 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe

    2008-09-23 02:51 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!

    2008-09-22 11:00 --------- d-----w c:\program files\Messenger Plus! Live

    2008-09-21 02:04 --------- d-----w c:\program files\Windows Live

    2008-09-21 02:02 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller

    2008-09-21 01:55 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller

    2008-09-19 21:57 9,464 ----a-w c:\windows\system32\drivers\cdralw2k.sys

    2008-09-19 21:57 9,336 ----a-w c:\windows\system32\drivers\cdr4_xp.sys

    2008-09-19 21:57 43,528 ----a-w c:\windows\system32\drivers\PxHelp20.sys

    2008-09-19 21:57 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll

    2008-09-19 21:57 129,784 ----a-w c:\windows\system32\pxafs.dll

    2008-09-19 21:57 120,056 ----a-w c:\windows\system32\pxcpyi64.exe

    2008-09-19 21:57 118,520 ----a-w c:\windows\system32\pxinsi64.exe

    2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll

    2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll

    2008-09-19 21:54 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll

    2008-09-19 03:15 --------- d-----w c:\program files\Microsoft Works

    2008-09-19 03:14 --------- d-----w c:\program files\MSBuild

    2008-09-19 03:01 --------- d-----w c:\program files\Microsoft.NET

    2008-09-16 13:27 --------- d-----w c:\documents and settings\All Users\Application Data\SITEguard

    2008-09-16 13:26 --------- d-----w c:\program files\Common Files\iS3

    2008-09-15 13:46 --------- d-----w c:\program files\AVG

    2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys

    2008-09-15 06:44 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft

    2008-09-15 06:03 --------- d-----w c:\documents and settings\Mahamed\Application Data\Malwarebytes

    2008-09-15 06:03 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes

    2008-09-15 05:52 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

    2008-09-15 05:40 --------- d-----w c:\program files\Common Files\Download Manager

    2008-09-12 18:30 278,528 ----a-w c:\windows\system32\TubeFinder.exe

    2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll

    2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll

    2008-08-20 05:30 666,112 ----a-w c:\windows\system32\wininet.dll

    .

     

    ------- Sigcheck -------

     

    2004-08-04 01:56 14336 5de5b5c556f04f26dd6068267644a8ca c:\windows\$NtServicePackUninstall$\svchost.exe

    2008-04-14 06:42 23040 06fcb16ca84dcc11302fd1854b6b246c c:\windows\ServicePackFiles\i386\svchost.exe

    2004-08-04 18:56 23040 385a7e4e53c27ae4047816c5ec582f5e c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\svchost.exe

    2008-11-15 09:40 17408 757bfb408b7ea07648188f30d027cb6e c:\windows\system32\svchost.exe

     

    2004-08-04 01:56 502272 19f92aaf6870b66d25b351e230abc6ea c:\windows\$NtServicePackUninstall$\winlogon.exe

    2008-04-14 06:42 516608 808f4f0941af51bd295eded8071a286b c:\windows\ServicePackFiles\i386\winlogon.exe

    2004-08-04 18:56 510976 8c45beb4d178e0b993ca55ab14ce53fd c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\winlogon.exe

    2008-04-14 06:42 512000 d4b1151878c946abd7013197a2a58a86 c:\windows\system32\winlogon.exe

     

    2004-08-04 00:14 182912 1df7f42665c94b825322fae71721130d c:\windows\$NtServicePackUninstall$\ndis.sys

    2008-04-14 01:50 182656 1df7f42665c94b825322fae71721130d c:\windows\ServicePackFiles\i386\ndis.sys

    2004-08-04 17:14 182912 1df7f42665c94b825322fae71721130d c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ndis.sys

    2008-11-15 14:19 207360 1df7f42665c94b825322fae71721130d c:\windows\system32\dllcache\ndis.sys

    2008-11-15 14:19 207360 1df7f42665c94b825322fae71721130d c:\windows\system32\drivers\ndis.sys

     

    2008-04-14 06:42 1048576 32b05ffd8ee421e8d135922f94a09779 c:\windows\explorer.exe

    2004-08-04 01:56 1032192 56195559d22a24d39c0d04b954fb1901 c:\windows\$NtServicePackUninstall$\explorer.exe

    2008-04-14 06:42 1042432 8aab8f71347002bc2ac64ae0beb5e905 c:\windows\ServicePackFiles\i386\explorer.exe

    2004-08-04 18:56 1040896 0c8ec25cd14642a3cd74d794176645b5 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\explorer.exe

     

    2004-08-04 01:56 108032 1800469178c252c5977f711b468c00a1 c:\windows\$NtServicePackUninstall$\services.exe

    2008-04-14 06:42 117248 ef1758444f1504c33b79c26a5926d69b c:\windows\ServicePackFiles\i386\services.exe

    2004-08-04 18:56 116736 b83fefe879296a209915092ee67437fa c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\services.exe

    2008-04-14 06:42 111104 8f0b1f3a69379f2fb94a7ea9927d7ae6 c:\windows\system32\services.exe

     

    2004-08-04 01:56 13312 5877be9b08f740e5bd64e7c86608a93f c:\windows\$NtServicePackUninstall$\lsass.exe

    2008-04-14 06:42 22016 0df2519a636ddbf74e43c73f6db43943 c:\windows\ServicePackFiles\i386\lsass.exe

    2004-08-04 18:56 22016 0b6bba57a1bb9998e542d911e27b5bd6 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\lsass.exe

    2008-04-14 06:42 14848 75a4df4fcd68e97e5ad34543f18bbc86 c:\windows\system32\lsass.exe

     

    2004-08-04 01:56 15360 fe408f07f63eece65f4e3f8ce09030d5 c:\windows\$NtServicePackUninstall$\ctfmon.exe

    2008-04-14 06:42 24064 7799f2ecb1713979335e8abc1ec42bcf c:\windows\ServicePackFiles\i386\ctfmon.exe

    2004-08-04 18:56 24064 e0e0a63fa6e13fcee9d77d729a14e7b1 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ctfmon.exe

    2008-04-14 06:42 15360 b61439f0bc14b836101d6387197715e8 c:\windows\system32\CTFMON.EXE

     

    2005-06-11 11:17 57856 8cfa993f4fdf5568aff15d99765c21d6 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe

    2005-06-11 10:53 57856 07763dfe5ea3c14946d4052c56ba377d c:\windows\$NtServicePackUninstall$\spoolsv.exe

    2004-08-04 01:56 57856 cb39079b8adca54c691db044351b94bf c:\windows\$NtUninstallKB896423$\spoolsv.exe

    2008-04-14 06:42 66560 5a45de4b505cbbc52e4b09706357c050 c:\windows\ServicePackFiles\i386\spoolsv.exe

    2004-08-04 18:56 66560 234df4f1361db1af65a3fe7ef06925fe c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\spoolsv.exe

    2008-04-14 06:42 58368 9611bbfa386db3a3d6f32aa8dc92ef42 c:\windows\system32\spoolsv.exe

     

    2004-08-04 01:56 24576 27f29f65bf97a1dd81d50229b5023745 c:\windows\$NtServicePackUninstall$\userinit.exe

    2008-04-14 06:42 34816 f7746144dda31959e03610f052c33d92 c:\windows\ServicePackFiles\i386\userinit.exe

    2004-08-04 18:56 33280 215be2b305baa8e049760ba95cb8b6ba c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\userinit.exe

    2008-04-14 06:42 26112 31c92b93500c4ee80248b3d67acf4480 c:\windows\system32\userinit.exe

    .

    ((((((((((((((((((((((((((((( snapshot@2008-11-15_10.40.06.95 )))))))))))))))))))))))))))))))))))))))))

    .

    + 2008-11-15 04:21:46 2,685 ----a-w c:\windows\ERDNT\CFUNDO.dat

    + 2008-08-07 04:27:04 175,616 ----a-w c:\windows\ERUNT\SDFIX\ERDNT.EXE

    + 2008-11-15 00:42:34 4,595,712 ----a-w c:\windows\ERUNT\SDFIX\Users\00000001\ntuser.dat

    + 2008-11-15 00:42:34 294,912 ----a-w c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat

    + 2008-08-07 04:27:04 175,616 ----a-w c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE

    + 2008-11-15 00:42:21 4,595,712 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat

    + 2008-11-15 00:42:21 294,912 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat

    - 2008-11-14 23:33:52 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat

    + 2008-11-15 04:26:34 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat

    - 2008-11-14 23:33:52 65,536 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

    + 2008-11-15 04:26:34 65,536 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

    - 2008-11-14 23:33:55 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

    + 2008-11-15 04:26:34 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

    + 2008-11-15 04:25:49 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_744.dat

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

    "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

     

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

    "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

     

    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

     

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-06 136600]

    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-28 185872]

    "Movie Maker"="c:\windows\vmmreg32.exe" [2008-11-14 146860]

    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

    "MSBuild"="c:\windows\vmmreg32.exe" [2008-11-14 146860]

    "reader"="c:\windows\System32\reader.exe" [2008-11-15 31744]

    "xerox"="c:\windows\twain.exe" [2008-11-14 146860]

     

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

     

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon]

    2008-07-23 16:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

    "vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

    "vidc.3IV2"= 3ivxVfWCodec.dll

    "vidc.SEDG"= SamsungVfWCodec.dll

    "vidc.DX50"= DivXVfWCodec.dll

     

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WG111v2 Smart Wizard Wireless Setting.lnk]

    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WG111v2 Smart Wizard Wireless Setting.lnk

    backup=c:\windows\pss\WG111v2 Smart Wizard Wireless Setting.lnkCommon Startup

     

    [HKLM\~\startupfolder\c:^documents and settings^all users^start menu^programs^startup^windows search.lnk]

    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

    backup=c:\windows\pss\Windows Search.lnkCommon Startup

     

    [HKLM\~\startupfolder\c:^documents and settings^mahamed^start menu^programs^startup^limewire on startup.lnk]

    path=c:\documents and settings\Mahamed\Start Menu\Programs\Startup\LimeWire On Startup.lnk

    backup=c:\windows\pss\LimeWire On Startup.lnkStartup

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

    --a------ 2008-11-07 19:16 342336 c:\program files\DNA\btdna.exe

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

    --a------ 2008-04-14 06:42 1695232 c:\program files\Messenger\msmsgs.exe

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

    --a------ 2008-10-28 03:43 185872 c:\program files\Common Files\Real\Update_OB\realsched.exe

     

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

    "EnableFirewall"= 0 (0x0)

     

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    "c:\\Program Files\\Messenger\\msmsgs.exe"=

    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    "c:\\Program Files\\DNA\\btdna.exe"=

    "c:\\Program Files\\LimeWire\\LimeWire.exe"=

    "c:\\Program Files\\Malwarebytes' Anti-Malware\\MBAM.EXE"=

    "c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=

     

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

    "6112:TCP"= 6112:TCP:WarcraftIII

    "6112:UDP"= 6112:UDP:WarcraftIII

     

    R3 genmcmnusb;USB Scroll Mouse Driver;c:\windows\system32\DRIVERS\gflmouhid.sys [2004-04-19 6656]

    S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]

    .

     

    **************************************************************************

     

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-11-15 15:25:56

    Windows 5.1.2600 Service Pack 3 NTFS

     

    detected NTDLL code modification:

    ZwOpenFile

     

    scanning hidden processes ...

     

    scanning hidden autostart entries ...

     

    scanning hidden files ...

     

     

    c:\windows\system32\csrssw.dll 69632 bytes executable

     

    scan completed successfully

    hidden files: 1

     

    **************************************************************************

    .

    ------------------------ Other Running Processes ------------------------

    .

    c:\program files\Lavasoft\Ad-Aware\aawservice.exe

    c:\program files\Java\jre6\bin\jqs.exe

    c:\windows\system32\searchindexer.exe

    c:\windows\system32\wscntfy.exe

    .

    **************************************************************************

    .

    Completion time: 2008-11-15 15:34:55 - machine was rebooted

    ComboFix-quarantined-files.txt 2008-11-15 04:34:39

    ComboFix2.txt 2008-11-15 01:30:39

    ComboFix3.txt 2008-11-14 23:41:28

     

    Pre-Run: 59,121,426,432 bytes free

    Post-Run: 59,105,665,024 bytes free

     

    360 --- E O F --- 2008-11-12 05:44:00

    0
  • Customer

    Malwarebytes' Anti-Malware 1.28

    Database version: 1154

    Windows 5.1.2600 Service Pack 3

     

    15/11/2008 03:40:49 PM

    mbam-log-2008-11-15 (15-40-49).txt

     

    Scan type: Quick Scan

    Objects scanned: 46777

    Time elapsed: 4 minute(s), 59 second(s)

     

    Memory Processes Infected: 0

    Memory Modules Infected: 1

    Registry Keys Infected: 1

    Registry Values Infected: 4

    Registry Data Items Infected: 0

    Folders Infected: 0

    Files Infected: 4

     

    Memory Processes Infected:

    (No malicious items detected)

     

    Memory Modules Infected:

    C:\WINDOWS\system32\csrssw.dll (Trojan.Agent) -> Delete on reboot.

     

    Registry Keys Infected:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{474fe679-b667-42ae-99aa-adc21ccbbe14} (Malware.Trace) -> Quarantined and deleted successfully.

     

    Registry Values Infected:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xerox (Trojan.Agent) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\movie maker (Trojan.Agent) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msbuild (Trojan.Agent) -> Quarantined and deleted successfully.

     

    Registry Data Items Infected:

    (No malicious items detected)

     

    Folders Infected:

    (No malicious items detected)

     

    Files Infected:

    C:\WINDOWS\system32\reader.exe (Trojan.FakeAlert.H) -> Delete on reboot.

    C:\WINDOWS\system32\csrssw.dll (Trojan.Agent) -> Delete on reboot.

    C:\WINDOWS\twain.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    C:\WINDOWS\vmmreg32.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    0
  • Customer

    I accidentally scanned with the Malwarebytes Anti-malware i already had, thinking that it was the newest version. Now i am downloading the newest version and i will replace the reply above with the new log.

     

    Sorry for that Rorscharch112.

    0
  • Customer

    I decided to leave the old MBAM log incase you wanted to see it.

     

    Here's the new MBAM log :

     

    Malwarebytes' Anti-Malware 1.30

    Database version: 1399

    Windows 5.1.2600 Service Pack 3

     

    15/11/2008 04:07:16 PM

    mbam-log-2008-11-15 (16-07-16).txt

     

    Scan type: Quick Scan

    Objects scanned: 51316

    Time elapsed: 8 minute(s), 43 second(s)

     

    Memory Processes Infected: 0

    Memory Modules Infected: 0

    Registry Keys Infected: 2

    Registry Values Infected: 0

    Registry Data Items Infected: 0

    Folders Infected: 1

    Files Infected: 0

     

    Memory Processes Infected:

    (No malicious items detected)

     

    Memory Modules Infected:

    (No malicious items detected)

     

    Registry Keys Infected:

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0574d50f-c261-490d-bf39-4e91183c4efb} (Trojan.Vundo) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f1f1537f-671e-41c2-8b7e-c3042f59c7ed} (Trojan.Vundo) -> Quarantined and deleted successfully.

     

    Registry Values Infected:

    (No malicious items detected)

     

    Registry Data Items Infected:

    (No malicious items detected)

     

    Folders Infected:

    C:\Documents and Settings\Mahamed\Start Menu\Programs\AntivirusPro2009 (Rogue.AntivirusPro2009) -> Quarantined and deleted successfully.

     

    Files Infected:

    (No malicious items detected)

    0
  • Customer

    Hi Rorschach112, really sorry for the quadruple post but i thought i needed to tell you this.

    Earlier today(few hours after Malwarebytes removed some infections) Mozilla Firefox crashed. Then when i tried opening Mozilla firefox i got an error saying " there weren't enough sources on the system to perform the task". THen suddenly explorer.exe crashed and when i tried to open Task Manager(Ctrl+Alt+Delete) i got an application error. So i turned of my computer(by holding the power button) and turned it back on. Explorer.exe didn't startup and i still got an Application Error so i reset my computer again. Now everything seems to be fine.

    Any clue why this might have happened and is this anything to be worried about?

    0
  • Customer

    Its just the malware, got some nasties around still

     

    1. Close any open browsers.

     

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

     

    3. Open notepad and copy/paste the text in the quotebox below into it:

     

    File::

    c:\windows\system32\reader.exe

    c:\windows\system32\5A.tmp

    c:\windows\system32\58.tmp

    c:\windows\vmmreg32.exe

    c:\windows\system32\csrssw.dll

     

    FCopy::

    c:\windows\$NtServicePackUninstall$\lsass.exe | c:\windows\system32\lsass.exe

    c:\windows\$NtServicePackUninstall$\winlogon.exe | c:\windows\system32\winlogon.exe

    c:\windows\$NtServicePackUninstall$\services.exe | c:\windows\system32\services.exe

    c:\windows\ServicePackFiles\i386\svchost.exe | c:\windows\system32\svchost.exe

    c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe | c:\windows\system32\spoolsv.exe

    c:\windows\$NtServicePackUninstall$\explorer.exe | c:\windows\explorer.exe

     

     

     

    Folder::

     

    Registry::

     

    Driver::


     

    Save this as CFScript.txt, in the same location as ComboFix.exe

     

     

     

    Refering to the picture above, drag CFScript into ComboFix.exe

     

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


    • Make sure to use Internet Explorer for this


    • Please go to VirSCAN.org FREE on-line scan service


    • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:

      • c:\windows\system32\drivers\ndis.sys


      [*]Click on the Upload button

      [*]Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.

      [*]Paste the contents of the Clipboard in your next reply.



    0
  • Customer

    The uploading seems to be taking forever since my internet is capped. After 87% has uploaded my "Est. Speed" keeps going down and it doesn't look like its going to finish. Right now it says "Est. Time Left : 3 min" and "Elapsed Time : 21 min".

    EDIT : Is there any other way because the progress isn't moving from 87%.

    Here is the ComboFix log

     

    ComboFix 08-11-13.02 - Mahamed 2008-11-16 11:18:56.4 - NTFSx86

    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.159 [GMT 11:00]

    Running from: c:\documents and settings\Mahamed\Desktop\ComboFix.exe

    Command switches used :: c:\documents and settings\Mahamed\Desktop\CFScript.txt

    * Created a new restore point

     

    FILE ::

    c:\windows\system32\58.tmp

    c:\windows\system32\5A.tmp

    c:\windows\system32\csrssw.dll

    c:\windows\system32\reader.exe

    c:\windows\vmmreg32.exe

    .

     

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

     

    c:\windows\system32\58.tmp

    c:\windows\system32\5A.tmp

    c:\windows\system32\drivers\ntndis.exe

    c:\windows\system32\drivers\ntndis.sys

    c:\windows\system32\reader.exe

     

    c:\windows\system32\lsass.exe . . . is infected!!

     

    c:\windows\system32\winlogon.exe . . . is infected!!

     

    c:\windows\system32\services.exe . . . is infected!!

     

    c:\windows\system32\svchost.exe . . . is infected!!

     

    c:\windows\system32\spoolsv.exe . . . is infected!!

     

    c:\windows\explorer.exe . . . is infected!!

     

    .

    --------------- FCopy ---------------

     

    c:\windows\$NtServicePackUninstall$\lsass.exe --> c:\windows\system32\lsass.exe

    c:\windows\$NtServicePackUninstall$\winlogon.exe --> c:\windows\system32\winlogon.exe

    c:\windows\$NtServicePackUninstall$\services.exe --> c:\windows\system32\services.exe

    c:\windows\ServicePackFiles\i386\svchost.exe --> c:\windows\system32\svchost.exe

    c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe --> c:\windows\system32\spoolsv.exe

    c:\windows\$NtServicePackUninstall$\explorer.exe --> c:\windows\explorer.exe

    .

    ((((((((((((((((((((((((( Files Created from 2008-10-16 to 2008-11-16 )))))))))))))))))))))))))))))))

    .

     

    2008-12-22 15:59 . 2008-12-22 15:59 447,200 --a------ c:\windows\system32\OpenQuicktimeLib.dll

    2008-12-22 15:59 . 2008-12-22 15:59 332,512 --a------ c:\windows\system32\3ivxVfWCodec.dll

    2008-12-22 15:59 . 2008-12-22 15:59 25,312 --a------ c:\windows\system32\SamsungVfWCodec.dll

    2008-12-22 15:59 . 2008-12-22 15:59 25,312 --a------ c:\windows\system32\DivXVfWCodec.dll

    2008-12-22 15:58 . 2008-12-22 15:58 1,155,808 --a------ c:\windows\system32\3ivx.dll

    2008-12-22 15:52 . 2008-12-22 15:52 66,272 --a------ c:\windows\system32\libfaac.dll

    2008-11-15 22:49 . 2008-11-15 22:49 44 --a------ c:\windows\system32\27.tmp

    2008-11-15 22:49 . 2008-11-15 22:49 0 --a------ c:\windows\system32\29.tmp

    2008-11-15 21:35 . 2008-11-15 21:35 44 --a------ c:\windows\system32\43.tmp

    2008-11-15 21:35 . 2008-11-15 21:35 18 --a------ c:\windows\system32\45.tmp

    2008-11-15 20:38 . 2008-11-15 20:38 44 --a------ c:\windows\system32\2C.tmp

    2008-11-15 20:38 . 2008-11-15 20:38 18 --a------ c:\windows\system32\2E.tmp

    2008-11-15 19:56 . 2008-11-15 19:56 44 --a------ c:\windows\system32\10.tmp

    2008-11-15 19:56 . 2008-11-15 19:56 18 --a------ c:\windows\system32\12.tmp

    2008-11-15 16:00 . 2008-11-15 16:00 44 --a------ c:\windows\system32\2.tmp

    2008-11-15 16:00 . 2008-11-15 16:00 0 --a------ c:\windows\system32\4.tmp

    2008-11-15 14:19 . 2008-11-15 14:19 207,360 --a--c--- c:\windows\system32\dllcache\ndis.sys

    2008-11-15 11:46 . 2008-11-15 11:46 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll

    2008-11-15 11:42 . 2008-11-15 11:42 <DIR> d-------- c:\windows\ERUNT

    2008-11-15 11:18 . 2008-11-15 12:02 <DIR> d-------- C:\SDFix

    2008-11-15 09:29 . 2008-11-15 09:29 <DIR> d-------- C:\_OTMoveIt

    2008-11-15 08:35 . 2008-11-15 09:10 <DIR> d-------- C:\Lop SD

    2008-11-14 19:54 . 2008-11-14 19:54 <DIR> d-------- c:\program files\Trend Micro

    2008-11-12 19:13 . 2008-11-12 19:13 <DIR> d-------- c:\documents and settings\Administrator\DoctorWeb

    2008-11-12 18:49 . 2008-11-12 18:49 <DIR> d-------- c:\documents and settings\Mahamed\DoctorWeb

    2008-11-12 18:44 . 2008-11-12 18:44 230 --a------ c:\windows\system32\spupdsvc.inf

    2008-11-12 17:07 . 2008-11-12 18:28 <DIR> d-------- c:\program files\Enigma Software Group

    2008-11-12 16:17 . 2008-11-12 16:28 15,083,520 --a------ c:\program files\spybotsd160.exe

    2008-11-12 16:00 . 2008-11-12 16:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET

    2008-11-12 15:54 . 2008-11-13 17:25 <DIR> d-------- c:\program files\RogueRemover FREE

    2008-11-12 15:53 . 2008-09-05 04:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll

    2008-11-12 15:53 . 2008-10-24 22:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

    2008-11-12 10:57 . 2008-11-12 10:57 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\Apple Computer

    2008-11-11 20:14 . 2008-11-13 18:35 <DIR> d-------- c:\program files\Lavasoft

    2008-11-11 19:37 . 2008-11-11 19:59 25,129,080 --a------ c:\program files\antivir_workstation_winu_en_h(2).exe

    2008-11-11 17:01 . 2008-11-11 17:17 23,804,784 --a------ c:\program files\aaw2008.exe

    2008-11-10 17:56 . 2008-11-10 17:56 <DIR> d-------- c:\program files\Alwil Software

    2008-11-09 10:56 . 2008-11-09 10:56 <DIR> d-------- c:\program files\3ivx

    2008-11-09 10:04 . 2008-11-09 10:49 <DIR> d-------- c:\windows\system32\quicktime

    2008-11-09 09:49 . 2008-11-13 18:20 <DIR> d-------- c:\program files\QuickTime

    2008-11-09 09:39 . 2008-11-09 09:40 <DIR> d-------- c:\program files\Service Packs

    2008-11-08 11:02 . 2008-11-14 02:15 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\LimeWire

    2008-11-08 11:01 . 2008-11-13 13:26 <DIR> d-------- c:\program files\LimeWire

    2008-11-07 23:18 . 2008-11-07 23:18 <DIR> d-------- c:\windows\Sun

    2008-11-07 19:16 . 2008-11-10 18:45 <DIR> d-------- c:\program files\DNA

    2008-11-07 19:16 . 2008-11-10 23:07 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\DNA

    2008-11-07 17:54 . 2008-11-07 20:25 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\DivX

    2008-11-07 17:15 . 2008-11-07 17:17 <DIR> d-------- c:\program files\DivX

    2008-11-06 22:31 . 2008-11-06 22:31 <DIR> d-------- c:\program files\Sun

    2008-11-06 22:28 . 2008-11-06 22:27 410,976 --a------ c:\windows\system32\deploytk.dll

    2008-11-06 22:28 . 2008-11-06 22:27 73,728 --a------ c:\windows\system32\javacpl.cpl

    2008-11-06 22:27 . 2008-11-06 22:27 <DIR> d-------- c:\program files\Java

    2008-11-04 18:23 . 2008-11-04 18:25 <DIR> d-------- c:\windows\system32\NtmsData

    2008-11-04 10:08 . 2008-11-04 10:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

    2008-11-04 10:07 . 2008-11-13 17:23 <DIR> d-------- c:\program files\SUPERAntiSpyware

    2008-11-04 10:07 . 2008-11-04 10:07 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\SUPERAntiSpyware.com

    2008-11-04 10:04 . 2008-11-13 18:34 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard

    2008-11-03 20:04 . 2008-11-03 20:04 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\Windows Search

    2008-11-03 18:53 . 2008-11-12 10:42 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\Comodo

    2008-11-03 15:00 . 2008-11-12 10:42 <DIR> d-------- c:\program files\COMODO

    2008-11-03 09:17 . 2008-11-03 09:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\MSN6

    2008-11-03 09:12 . 2008-11-12 19:13 <DIR> d-------- c:\documents and settings\Administrator

    2008-11-03 08:09 . 2008-11-03 09:15 <DIR> d-------- c:\program files\Smart Virus Remover

    2008-11-03 01:16 . 2008-11-03 01:16 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\MSN6

    2008-10-29 09:36 . 2008-10-29 09:36 823,296 --a------ c:\windows\system32\divx_xx0c.dll

    2008-10-29 09:36 . 2008-10-29 09:36 823,296 --a------ c:\windows\system32\divx_xx07.dll

    2008-10-29 09:35 . 2008-10-29 09:35 815,104 --a------ c:\windows\system32\divx_xx0a.dll

    2008-10-29 09:35 . 2008-10-29 09:35 802,816 --a------ c:\windows\system32\divx_xx11.dll

    2008-10-28 03:44 . 2008-10-28 03:44 <DIR> d-------- c:\program files\Common Files\xing shared

    2008-10-28 03:43 . 2008-10-28 03:43 <DIR> d-------- c:\program files\Real

    2008-10-26 22:21 . 2008-10-26 22:21 <DIR> d-------- c:\program files\Real Alternative

    2008-10-26 22:21 . 2008-10-28 03:44 <DIR> d-------- c:\program files\Common Files\Real

    2008-10-25 19:18 . 2008-10-25 19:18 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\Windows Desktop Search

    2008-10-25 19:16 . 2008-10-25 19:16 <DIR> d-------- c:\windows\system32\GroupPolicy

    2008-10-25 19:16 . 2008-10-25 19:16 <DIR> d-------- c:\program files\Windows Desktop Search

    2008-10-25 19:15 . 2008-03-08 04:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll

    2008-10-25 19:15 . 2008-03-08 04:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll

    2008-10-25 19:15 . 2008-03-08 04:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll

    2008-10-25 19:14 . 2008-10-25 19:14 <DIR> d-------- c:\program files\CONEXANT

    2008-10-25 19:13 . 2008-10-16 03:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

    2008-10-25 17:16 . 2008-10-25 17:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8

    2008-10-24 21:31 . 2008-04-14 05:42 159,232 --a------ c:\windows\system32\ptpusd.dll

    2008-10-24 21:31 . 2008-04-14 00:15 15,104 --a------ c:\windows\system32\drivers\usbscan.sys

    2008-10-24 21:31 . 2008-04-14 00:15 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys

    2008-10-24 21:31 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll

    2008-10-22 20:17 . 2008-10-22 20:17 <DIR> d-------- c:\program files\Common Files\InstallShield

    2008-10-19 11:49 . 2008-09-08 23:38 99,840 --a------ c:\windows\system32\AntiXPVSTFix.exe

    2008-10-19 11:49 . 2008-10-10 08:58 94,208 --a------ c:\windows\system32\o4Patch.exe

    2008-10-19 11:49 . 2008-10-10 08:58 94,208 --a------ c:\windows\system32\IEDFix.C.exe

    2008-10-19 11:49 . 2008-08-18 12:19 84,992 --a------ c:\windows\system32\404FIX.EXE

    2008-10-19 11:48 . 2007-09-06 00:22 289,144 --a------ c:\windows\system32\VCCLSID.exe

    2008-10-19 11:48 . 2006-04-27 17:49 288,417 --a------ c:\windows\system32\SrchSTS.exe

    2008-10-19 11:48 . 2008-10-01 15:51 98,816 --a------ c:\windows\system32\VACFix.exe

    2008-10-19 11:48 . 2008-05-18 21:40 94,208 --a------ c:\windows\system32\IEDFix.exe

    2008-10-19 11:48 . 2003-06-05 21:13 65,536 --a------ c:\windows\system32\Process.exe

    2008-10-19 11:48 . 2004-07-31 18:50 59,904 --a------ c:\windows\system32\dumphive.exe

    2008-10-19 11:48 . 2007-10-04 00:36 37,888 --a------ c:\windows\system32\WS2Fix.exe

    2008-10-18 14:38 . 2008-10-18 14:38 <DIR> d-------- c:\program files\Windows Media Connect 2

    2008-10-18 14:33 . 2008-10-18 14:33 <DIR> d-------- c:\windows\system32\LogFiles

    2008-10-18 14:33 . 2008-10-27 12:26 <DIR> d-------- c:\windows\system32\drivers\UMDF

    2008-10-18 01:31 . 2008-10-18 01:31 <DIR> dr------- C:\Aslam

    2008-10-17 22:53 . 2008-10-17 22:53 244 --ah----- C:\sqmnoopt06.sqm

    2008-10-17 22:53 . 2008-10-17 22:53 232 --ah----- C:\sqmdata06.sqm

    2008-10-17 22:28 . 2008-10-17 22:28 244 --ah----- C:\sqmnoopt05.sqm

    2008-10-17 22:28 . 2008-10-17 22:28 232 --ah----- C:\sqmdata05.sqm

    2008-10-17 22:17 . 2008-10-17 22:17 244 --ah----- C:\sqmnoopt04.sqm

    2008-10-17 22:17 . 2008-10-17 22:17 232 --ah----- C:\sqmdata04.sqm

    2008-10-17 21:54 . 2008-10-17 21:54 244 --ah----- C:\sqmnoopt03.sqm

    2008-10-17 21:54 . 2008-10-17 21:54 232 --ah----- C:\sqmdata03.sqm

    2008-10-17 17:50 . 2008-11-12 16:24 <DIR> d-------- c:\program files\QuickGamma

    2008-10-17 02:09 . 2008-10-17 02:09 <DIR> d-------- C:\802b506a90741843c7

    2008-10-16 17:44 . 2008-09-08 21:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys

    2008-10-16 17:43 . 2008-08-14 21:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe

    2008-10-16 17:43 . 2008-08-14 21:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe

    2008-10-16 17:43 . 2008-08-14 20:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe

    2008-10-16 17:43 . 2008-08-14 20:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe

    2008-10-16 17:43 . 2008-09-15 23:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys

     

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2008-11-15 04:52 --------- d-----w c:\program files\Malwarebytes' Anti-Malware

    2008-11-15 03:19 207,360 ----a-w c:\windows\system32\drivers\ndis.sys

    2008-11-14 21:20 --------- d-----w c:\program files\Common Files\Adobe

    2008-11-12 05:43 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

    2008-11-12 05:24 --------- d-----w c:\program files\Free FLV Converter

    2008-11-12 02:16 19,762 ----a-w c:\program files\Common Files\ynojysu.ban

    2008-11-07 08:06 263 ----a-w c:\program files\gapa.ini

    2008-11-03 05:58 --------- d-----w c:\documents and settings\All Users\Application Data\STOPzilla!

    2008-10-27 16:43 499,712 ----a-w c:\windows\system32\msvcp71.dll

    2008-10-27 16:43 348,160 ----a-w c:\windows\system32\msvcr71.dll

    2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys

    2008-10-22 05:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

    2008-10-22 05:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

    2008-10-21 06:31 --------- d-----w c:\documents and settings\Mahamed\Application Data\uTorrent

    2008-10-03 01:13 --------- d-----w c:\documents and settings\Mahamed\Application Data\Media Player Classic

    2008-10-03 00:49 --------- d-----w c:\program files\Combined Community Codec Pack

    2008-10-02 07:53 --------- d-----w c:\program files\Common Files\DVDVideoSoft

    2008-10-02 07:53 --------- d-----w c:\program files\AskBarDis

    2008-09-30 05:28 --------- d-----w c:\program files\Xvid

    2008-09-25 09:10 --------- d-----w c:\program files\NOS

    2008-09-25 09:10 --------- d-----w c:\documents and settings\All Users\Application Data\NOS

    2008-09-25 08:13 --------- d-----w c:\documents and settings\Mahamed\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

    2008-09-25 08:11 --------- d-----w c:\program files\Common Files\Adobe AIR

    2008-09-25 08:03 81,920 ----a-w c:\windows\system32\dpl100.dll

    2008-09-25 08:03 593,920 ----a-w c:\windows\system32\dpuGUI11.dll

    2008-09-25 08:03 57,344 ----a-w c:\windows\system32\dpv11.dll

    2008-09-25 08:03 536,576 ----a-w c:\windows\system32\DivXsm.exe

    2008-09-25 08:03 53,248 ----a-w c:\windows\system32\dpuGUI10.dll

    2008-09-25 08:03 344,064 ----a-w c:\windows\system32\dpus11.dll

    2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu11.dll

    2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu10.dll

    2008-09-25 08:03 196,608 ----a-w c:\windows\system32\dtu100.dll

    2008-09-25 08:03 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe

    2008-09-23 02:51 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!

    2008-09-22 11:00 --------- d-----w c:\program files\Messenger Plus! Live

    2008-09-21 02:04 --------- d-----w c:\program files\Windows Live

    2008-09-21 02:02 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller

    2008-09-21 01:55 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller

    2008-09-19 21:57 9,464 ----a-w c:\windows\system32\drivers\cdralw2k.sys

    2008-09-19 21:57 9,336 ----a-w c:\windows\system32\drivers\cdr4_xp.sys

    2008-09-19 21:57 43,528 ----a-w c:\windows\system32\drivers\PxHelp20.sys

    2008-09-19 21:57 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll

    2008-09-19 21:57 129,784 ----a-w c:\windows\system32\pxafs.dll

    2008-09-19 21:57 120,056 ----a-w c:\windows\system32\pxcpyi64.exe

    2008-09-19 21:57 118,520 ----a-w c:\windows\system32\pxinsi64.exe

    2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll

    2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll

    2008-09-19 21:54 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll

    2008-09-19 03:15 --------- d-----w c:\program files\Microsoft Works

    2008-09-19 03:14 --------- d-----w c:\program files\MSBuild

    2008-09-19 03:01 --------- d-----w c:\program files\Microsoft.NET

    2008-09-16 13:27 --------- d-----w c:\documents and settings\All Users\Application Data\SITEguard

    2008-09-16 13:26 --------- d-----w c:\program files\Common Files\iS3

    2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys

    2008-09-12 18:30 278,528 ----a-w c:\windows\system32\TubeFinder.exe

    2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll

    2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll

    2008-08-20 05:30 666,112 ----a-w c:\windows\system32\wininet.dll

    .

     

    ------- Sigcheck -------

     

    2004-08-04 01:56 14336 5de5b5c556f04f26dd6068267644a8ca c:\windows\$NtServicePackUninstall$\svchost.exe

    2008-04-14 06:42 23040 06fcb16ca84dcc11302fd1854b6b246c c:\windows\ServicePackFiles\i386\svchost.exe

    2004-08-04 18:56 23040 385a7e4e53c27ae4047816c5ec582f5e c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\svchost.exe

    2008-04-14 06:42 23040 06fcb16ca84dcc11302fd1854b6b246c c:\windows\system32\svchost.exe

     

    2004-08-04 01:56 502272 19f92aaf6870b66d25b351e230abc6ea c:\windows\$NtServicePackUninstall$\winlogon.exe

    2008-04-14 06:42 516608 808f4f0941af51bd295eded8071a286b c:\windows\ServicePackFiles\i386\winlogon.exe

    2004-08-04 18:56 510976 8c45beb4d178e0b993ca55ab14ce53fd c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\winlogon.exe

    2004-08-04 01:56 502272 19f92aaf6870b66d25b351e230abc6ea c:\windows\system32\winlogon.exe

     

    2004-08-04 00:14 182912 1df7f42665c94b825322fae71721130d c:\windows\$NtServicePackUninstall$\ndis.sys

    2008-04-14 01:50 182656 1df7f42665c94b825322fae71721130d c:\windows\ServicePackFiles\i386\ndis.sys

    2004-08-04 17:14 182912 1df7f42665c94b825322fae71721130d c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ndis.sys

    2008-11-15 14:19 207360 1df7f42665c94b825322fae71721130d c:\windows\system32\dllcache\ndis.sys

    2008-11-15 14:19 207360 1df7f42665c94b825322fae71721130d c:\windows\system32\drivers\ndis.sys

     

    2004-08-04 01:56 1032192 56195559d22a24d39c0d04b954fb1901 c:\windows\explorer.exe

    2004-08-04 01:56 1032192 56195559d22a24d39c0d04b954fb1901 c:\windows\$NtServicePackUninstall$\explorer.exe

    2008-04-14 06:42 1042432 8aab8f71347002bc2ac64ae0beb5e905 c:\windows\ServicePackFiles\i386\explorer.exe

    2004-08-04 18:56 1040896 0c8ec25cd14642a3cd74d794176645b5 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\explorer.exe

     

    2004-08-04 01:56 108032 1800469178c252c5977f711b468c00a1 c:\windows\$NtServicePackUninstall$\services.exe

    2008-04-14 06:42 117248 ef1758444f1504c33b79c26a5926d69b c:\windows\ServicePackFiles\i386\services.exe

    2004-08-04 18:56 116736 b83fefe879296a209915092ee67437fa c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\services.exe

    2004-08-04 01:56 108032 1800469178c252c5977f711b468c00a1 c:\windows\system32\services.exe

     

    2004-08-04 01:56 13312 5877be9b08f740e5bd64e7c86608a93f c:\windows\$NtServicePackUninstall$\lsass.exe

    2008-04-14 06:42 22016 0df2519a636ddbf74e43c73f6db43943 c:\windows\ServicePackFiles\i386\lsass.exe

    2004-08-04 18:56 22016 0b6bba57a1bb9998e542d911e27b5bd6 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\lsass.exe

    2004-08-04 01:56 13312 5877be9b08f740e5bd64e7c86608a93f c:\windows\system32\lsass.exe

     

    2004-08-04 01:56 15360 fe408f07f63eece65f4e3f8ce09030d5 c:\windows\$NtServicePackUninstall$\ctfmon.exe

    2008-04-14 06:42 24064 7799f2ecb1713979335e8abc1ec42bcf c:\windows\ServicePackFiles\i386\ctfmon.exe

    2004-08-04 18:56 24064 e0e0a63fa6e13fcee9d77d729a14e7b1 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ctfmon.exe

    2008-04-14 06:42 15360 b61439f0bc14b836101d6387197715e8 c:\windows\system32\CTFMON.EXE

     

    2005-06-11 11:17 57856 8cfa993f4fdf5568aff15d99765c21d6 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe

    2005-06-11 10:53 57856 07763dfe5ea3c14946d4052c56ba377d c:\windows\$NtServicePackUninstall$\spoolsv.exe

    2004-08-04 01:56 57856 cb39079b8adca54c691db044351b94bf c:\windows\$NtUninstallKB896423$\spoolsv.exe

    2008-04-14 06:42 66560 5a45de4b505cbbc52e4b09706357c050 c:\windows\ServicePackFiles\i386\spoolsv.exe

    2004-08-04 18:56 66560 234df4f1361db1af65a3fe7ef06925fe c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\spoolsv.exe

    2005-06-11 11:17 57856 8cfa993f4fdf5568aff15d99765c21d6 c:\windows\system32\spoolsv.exe

     

    2004-08-04 01:56 24576 27f29f65bf97a1dd81d50229b5023745 c:\windows\$NtServicePackUninstall$\userinit.exe

    2008-04-14 06:42 34816 f7746144dda31959e03610f052c33d92 c:\windows\ServicePackFiles\i386\userinit.exe

    2004-08-04 18:56 33280 215be2b305baa8e049760ba95cb8b6ba c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\userinit.exe

    2008-04-14 06:42 26112 31c92b93500c4ee80248b3d67acf4480 c:\windows\system32\userinit.exe

    .

    ((((((((((((((((((((((((((((( snapshot@2008-11-15_10.40.06.95 )))))))))))))))))))))))))))))))))))))))))

    .

    + 2008-11-16 00:24:52 3,580 ----a-w c:\windows\ERDNT\CFUNDO.dat

    + 2008-08-07 04:27:04 175,616 ----a-w c:\windows\ERUNT\SDFIX\ERDNT.EXE

    + 2008-11-15 00:42:34 4,595,712 ----a-w c:\windows\ERUNT\SDFIX\Users\00000001\ntuser.dat

    + 2008-11-15 00:42:34 294,912 ----a-w c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat

    + 2008-08-07 04:27:04 175,616 ----a-w c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE

    + 2008-11-15 00:42:21 4,595,712 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat

    + 2008-11-15 00:42:21 294,912 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat

    - 2008-11-14 23:33:52 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat

    + 2008-11-15 04:26:34 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat

    - 2008-11-14 23:33:52 65,536 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

    + 2008-11-15 04:26:34 65,536 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

    + 2008-11-16 00:32:44 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_6c.dat

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

    "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

     

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

    "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

     

    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

     

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-06 136600]

    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-28 185872]

    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

     

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

     

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon]

    2008-07-23 16:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

    "vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

    "vidc.3IV2"= 3ivxVfWCodec.dll

    "vidc.SEDG"= SamsungVfWCodec.dll

    "vidc.DX50"= DivXVfWCodec.dll

     

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WG111v2 Smart Wizard Wireless Setting.lnk]

    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WG111v2 Smart Wizard Wireless Setting.lnk

    backup=c:\windows\pss\WG111v2 Smart Wizard Wireless Setting.lnkCommon Startup

     

    [HKLM\~\startupfolder\c:^documents and settings^all users^start menu^programs^startup^windows search.lnk]

    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

    backup=c:\windows\pss\Windows Search.lnkCommon Startup

     

    [HKLM\~\startupfolder\c:^documents and settings^mahamed^start menu^programs^startup^limewire on startup.lnk]

    path=c:\documents and settings\Mahamed\Start Menu\Programs\Startup\LimeWire On Startup.lnk

    backup=c:\windows\pss\LimeWire On Startup.lnkStartup

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

    --a------ 2008-11-07 19:16 342336 c:\program files\DNA\btdna.exe

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

    --a------ 2008-04-14 06:42 1695232 c:\program files\Messenger\msmsgs.exe

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

    --a------ 2008-10-28 03:43 185872 c:\program files\Common Files\Real\Update_OB\realsched.exe

     

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

    "EnableFirewall"= 0 (0x0)

     

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    "c:\\Program Files\\Messenger\\msmsgs.exe"=

    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    "c:\\Program Files\\DNA\\btdna.exe"=

    "c:\\Program Files\\LimeWire\\LimeWire.exe"=

    "c:\\Program Files\\Malwarebytes' Anti-Malware\\MBAM.EXE"=

    "c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=

     

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

    "6112:TCP"= 6112:TCP:WarcraftIII

    "6112:UDP"= 6112:UDP:WarcraftIII

     

    R3 genmcmnusb;USB Scroll Mouse Driver;c:\windows\system32\DRIVERS\gflmouhid.sys [2004-04-19 6656]

    S3 getPlus� Helper;getPlus� Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-09-25 33752]

    .

    - - - - ORPHANS REMOVED - - - -

     

    HKLM-Run-reader - c:\windows\System32\reader.exe

     

     

     

    **************************************************************************

     

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-11-16 11:32:14

    Windows 5.1.2600 Service Pack 3 NTFS

     

    scanning hidden processes ...

     

    scanning hidden autostart entries ...

     

    scanning hidden files ...

     

    scan completed successfully

    hidden files: 0

     

    **************************************************************************

    .

    ------------------------ Other Running Processes ------------------------

    .

    c:\program files\Lavasoft\Ad-Aware\aawservice.exe

    c:\program files\Java\jre6\bin\jqs.exe

    c:\windows\system32\searchindexer.exe

    c:\windows\system32\wscntfy.exe

    .

    **************************************************************************

    .

    Completion time: 2008-11-16 11:40:54 - machine was rebooted [Mahamed]

    ComboFix-quarantined-files.txt 2008-11-16 00:40:42

    ComboFix2.txt 2008-11-15 04:34:58

    ComboFix3.txt 2008-11-15 01:30:39

    ComboFix4.txt 2008-11-14 23:41:28

     

    Pre-Run: 59,028,422,656 bytes free

    Post-Run: 59,015,700,480 bytes free

     

    366 --- E O F --- 2008-11-15 13:26:13

    0
  • Customer

    Hello

     

    Please download the OTMoveIt3 by OldTimer or from here.


    • Save it to your desktop.


    • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).



    • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
       
      :Processes
      explorer.exe

      :Services

      :Reg

      :files
      c:\windows\system32\27.tmp
      c:\windows\system32\29.tmp
      c:\windows\system32\43.tmp
      c:\windows\system32\45.tmp
      c:\windows\system32\2C.tmp
      c:\windows\system32\2E.tmp
      c:\windows\system32\10.tmp
      c:\windows\system32\12.tmp
      c:\windows\system32\2.tmp
      c:\windows\system32\4.tmp



      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]



       


    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
       


    • Click the red Moveit! button.



    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.


    • Close OTMoveIt3



    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

     

     

     

     

    Please download Malwarebytes' Anti-Malware from Here or Here

     

    Double Click mbam-setup.exe to install the application.


    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


    • If an update is found, it will download and install the latest version.


    • Once the program has loaded, select "Perform Quick Scan", then click Scan.


    • The scan may take some time to finish,so please be patient.


    • When the scan is complete, click OK, then Show Results to view the results.


    • Make sure that everything is checked, and click Remove Selected.


    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)


    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.


    • Copy&Paste the entire report in your next reply.



    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

     

     

     

     

    Go to Kaspersky website and perform an online antivirus scan.


    1. Read through the requirements and privacy statement and click on Accept button.


    2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.


    3. When the downloads have finished, click on Settings.


    4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

        Spyware, Adware, Dialers, and other potentially dangerous programs
        Archives
        Mail databases




    [*]Click on My Computer under Scan.

    [*]Once the scan is complete, it will display the results. Click on View Scan Report.

    [*]You will see a list of infected items there. Click on Save Report As....

    [*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

    0
  • Customer

    Scanning with Kaspersky now. Here are the OTMoveIT3 and MBAM logs.

     

    ========== PROCESSES ==========

    Process explorer.exe killed successfully.

    ========== SERVICES/DRIVERS ==========

    ========== REGISTRY ==========

    ========== FILES ==========

    c:\windows\system32\27.tmp moved successfully.

    c:\windows\system32\29.tmp moved successfully.

    c:\windows\system32\43.tmp moved successfully.

    c:\windows\system32\45.tmp moved successfully.

    c:\windows\system32\2C.tmp moved successfully.

    c:\windows\system32\2E.tmp moved successfully.

    c:\windows\system32\10.tmp moved successfully.

    c:\windows\system32\12.tmp moved successfully.

    c:\windows\system32\2.tmp moved successfully.

    c:\windows\system32\4.tmp moved successfully.

    ========== COMMANDS ==========

    User's Temp folder emptied.

    User's Temporary Internet Files folder emptied.

    User's Internet Explorer cache folder emptied.

    Local Service Temp folder emptied.

    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

    Local Service Temporary Internet Files folder emptied.

    File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_24c.dat scheduled to be deleted on reboot.

    Windows Temp folder emptied.

    Java cache emptied.

    File delete failed. C:\Documents and Settings\Mahamed\Local Settings\Application Data\Mozilla\Firefox\Profiles\hv8n2fz6.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.

    File delete failed. C:\Documents and Settings\Mahamed\Local Settings\Application Data\Mozilla\Firefox\Profiles\hv8n2fz6.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.

    File delete failed. C:\Documents and Settings\Mahamed\Local Settings\Application Data\Mozilla\Firefox\Profiles\hv8n2fz6.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.

    File delete failed. C:\Documents and Settings\Mahamed\Local Settings\Application Data\Mozilla\Firefox\Profiles\hv8n2fz6.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.

    File delete failed. C:\Documents and Settings\Mahamed\Local Settings\Application Data\Mozilla\Firefox\Profiles\hv8n2fz6.default\urlclassifier3.sqlite scheduled to be deleted on reboot.

    File delete failed. C:\Documents and Settings\Mahamed\Local Settings\Application Data\Mozilla\Firefox\Profiles\hv8n2fz6.default\XUL.mfl scheduled to be deleted on reboot.

    FireFox cache emptied.

    Temp folders emptied.

    Explorer started successfully

     

    OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11172008_163745

     

    Files moved on Reboot...

    File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.

    File C:\WINDOWS\temp\Perflib_Perfdata_24c.dat not found!

    C:\Documents and Settings\Mahamed\Local Settings\Application Data\Mozilla\Firefox\Profiles\hv8n2fz6.default\Cache\_CACHE_001_ moved successfully.

    C:\Documents and Settings\Mahamed\Local Settings\Application Data\Mozilla\Firefox\Profiles\hv8n2fz6.default\Cache\_CACHE_002_ moved successfully.

    C:\Documents and Settings\Mahamed\Local Settings\Application Data\Mozilla\Firefox\Profiles\hv8n2fz6.default\Cache\_CACHE_003_ moved successfully.

    C:\Documents and Settings\Mahamed\Local Settings\Application Data\Mozilla\Firefox\Profiles\hv8n2fz6.default\Cache\_CACHE_MAP_ moved successfully.

    C:\Documents and Settings\Mahamed\Local Settings\Application Data\Mozilla\Firefox\Profiles\hv8n2fz6.default\urlclassifier3.sqlite moved successfully.

    C:\Documents and Settings\Mahamed\Local Settings\Application Data\Mozilla\Firefox\Profiles\hv8n2fz6.default\XUL.mfl moved successfully.

     

     

     

     

    Malwarebytes' Anti-Malware 1.30

    Database version: 1399

    Windows 5.1.2600 Service Pack 3

     

    17/11/2008 04:48:11 PM

    mbam-log-2008-11-17 (16-48-11).txt

     

    Scan type: Quick Scan

    Objects scanned: 51284

    Time elapsed: 5 minute(s), 38 second(s)

     

    Memory Processes Infected: 1

    Memory Modules Infected: 0

    Registry Keys Infected: 1

    Registry Values Infected: 1

    Registry Data Items Infected: 1

    Folders Infected: 0

    Files Infected: 2

     

    Memory Processes Infected:

    C:\WINDOWS\system\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully.

     

    Memory Modules Infected:

    (No malicious items detected)

     

    Registry Keys Infected:

    HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

     

    Registry Values Infected:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

     

    Registry Data Items Infected:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: c:\windows\system\svchost.exe -> Quarantined and deleted successfully.

     

    Folders Infected:

    (No malicious items detected)

     

    Files Infected:

    C:\WINDOWS\system32\reader.exe (Trojan.FakeAlert.H) -> Delete on reboot.

    C:\WINDOWS\system\svchost.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

    0
  • Customer

    Post a new HJT log with the Kaspersky log

    0
  • Customer

    Many websites stopped working again including the online Kaspersky site. My shutdown button is missing from the start menu and when i press Ctrl+Alt+Delete it says " Task manager has been disabled by your administrator".

     

    Here is the Hijackthis Log:

     

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 03:38:43, on 18/11/2008

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.5730.0013)

    Boot mode: Normal

     

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Java\jre6\bin\jqs.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\SearchIndexer.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

    C:\Program Files\Java\jre6\bin\jusched.exe

    C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    C:\WINDOWS\System32\reader.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Windows Live\Messenger\usnsvc.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

     

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [system Config Boot] syscgboot.exe

    O4 - HKLM\..\Run: [reader] C:\WINDOWS\System32\reader.exe

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1221311057437

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1221801125421

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

    O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

    O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

     

    --

    End of file - 4402 bytes

    0
  • Customer

    After running an Ad-Aware scan and removing the infections, Kaspersky's online scanner works now. Scanning with Kaspersky right now.

     

    Here is the Ad-Aware Log:

     

    Ad-Aware Build

    Log File Created on: 2008-11-18 17:13:55

    Using Definitions File: C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\core.aawdef

    Computer name: ABBAS-GW2095HV1

    Name of user performing scan: SYSTEM

     

    System information

    ===========================

    Number of processors: 1

    Processor type:

    Memory Available: 29%

    Total Physical Memory: 401063936 Bytes

    Available Physical Memory: 113324032 Bytes

    Total Page File Size: 1430175744 Bytes

    Available On Page File: 188284928 Bytes

    Total Virtual Memory: 2147352576 Bytes

    Available Virtual Memory: 1769365504 Bytes

    OS: Microsoft Windows XP Service Pack 3 (Build 2600)

     

    Ad-Aware Settings

    ===========================

    Skipping files larger than 1048576 kB

    Ignoring infections with lower TAI than: 3

     

     

    Extended Ad-Aware Settings

    ===========================

    Unloading known modules during scan

    Ignoring spanned files when scanning cab archives

    Reanalyzing results after scanning before displaying results

    Trying to unload modules prior to removal

    Let Windows remove files currently in use at next reboot

    Removing quarantined objects after restore

    Deactivating Ad-Watch during scans

    Writeprotecting system files after repairs

    Include info about ignored objects in log file

    Including basic settings in log file

    Including advanced settings in log file

    Including user and computer name in log file

    Create and save WebUpdate log file

     

    Databaseinfo

    ===========================

    Version number: 122

    Build Number: 0

    Build Date and Time: 2008/09/18 16:12:33

     

    Scan Statistics

    ===========================

    Method: Full

    Scan tracking cookies.............................: On

    Scan ADS filestreams..............................: Off

     

    Item Scanned: 287345

    Infections Detected: 55

    Infections Ignored: 0

     

    Scan detailed statistics

    ===========================

    Type Critical Total

    Process Scan....: 0 0

    Registry Scan...: 0 0

    Registry PE Scan: 0 0

    Hosts File Scan.: 22 22

    File Scan.......: 0 0

    Folder Scan.....: 0 0

    LSP Scan........: 0 0

    ADS Scan........: 0 0

    Cookie Scan.....: 22 22

    File Hash Scan..: 8 8

     

    Infections Found

    ===========================

    Family Id: 563 Name: Redirected hostfile entry Category: Misc TAI:4

    Item Id: 500000144 Value: IP Address: 127.0.0.1 Host Name: WWW.TRENDMICRO.COM

    Item Id: 500000145 Value: IP Address: 127.0.0.1 Host Name: CUSTOMER.SYMANTEC.COM

    Item Id: 500000146 Value: IP Address: 127.0.0.1 Host Name: LIVEUPDATE.SYMANTEC.COM

    Item Id: 500000148 Value: IP Address: 127.0.0.1 Host Name: UPDATES.SYMANTEC.COM

    Item Id: 500000152 Value: IP Address: 127.0.0.1 Host Name: DOWNLOAD.MCAFEE.COM

    Item Id: 500000154 Value: IP Address: 127.0.0.1 Host Name: MAST.MCAFEE.COM

    Item Id: 500000156 Value: IP Address: 127.0.0.1 Host Name: WWW.CA.COM

    Item Id: 500000160 Value: IP Address: 127.0.0.1 Host Name: WWW.KASPERSKY.COM

    Item Id: 500000161 Value: IP Address: 127.0.0.1 Host Name: WWW.AVP.COM

    Item Id: 500000166 Value: IP Address: 127.0.0.1 Host Name: WWW.F-SECURE.COM

    Item Id: 500000168 Value: IP Address: 127.0.0.1 Host Name: WWW.VIRUSLIST.COM

    Item Id: 500000169 Value: IP Address: 127.0.0.1 Host Name: LIVEUPDATE.SYMANTECLIVEUPDATE.COM

    Item Id: 500000170 Value: IP Address: 127.0.0.1 Host Name: WWW.MCAFEE.COM

    Item Id: 500000172 Value: IP Address: 127.0.0.1 Host Name: WWW.SOPHOS.COM

    Item Id: 500000173 Value: IP Address: 127.0.0.1 Host Name: SECURITYRESPONSE.SYMANTEC.COM

    Item Id: 500000174 Value: IP Address: 127.0.0.1 Host Name: WWW.SYMANTEC.COM

    Item Id: 500000256 Value: IP Address: 127.0.0.1 Host Name: WWW.IKAKA.COM

    Item Id: 500000258 Value: IP Address: 127.0.0.1 Host Name: WWW.360SAFE.COM

    Item Id: 500000307 Value: IP Address: 127.0.0.1 Host Name: WWW.GRISOFT.COM

    Item Id: 500000311 Value: IP Address: 127.0.0.1 Host Name: WWW.KASPERSKY-LABS.COM

    Item Id: 500000464 Value: IP Address: 127.0.0.1 Host Name: UPDATE.SYMANTEC.COM

    Item Id: 500000608 Value: IP Address: 127.0.0.1 Host Name: WWW.VIRUSTOTAL.COM

    Family Id: 725 Name: Tracking Cookie Category: DataMiner TAI:3

    Item Id: 600000212 Value: Browser: Internet Explorer Cookie: C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat msnaccountservices.112.2o7.net s_vi /

    Item Id: 600000212 Value: Browser: Internet Explorer Cookie: C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat 2o7.net s_vi_x7Cbx7Fx7Ctcrdbeprx60acx7Eu /

    Item Id: 600000179 Value: Browser: Internet Explorer Cookie: C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat atdmt.com AA002 /

    Item Id: 600000171 Value: Browser: Internet Explorer Cookie: C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat bs.serving-sys.com eyeblaster /

    Item Id: 600000144 Value: Browser: Internet Explorer Cookie: C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat doubleclick.net test_cookie /

    Item Id: 600000408 Value: Browser: Internet Explorer Cookie: C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat serving-sys.com A2 /

    Item Id: 600000408 Value: Browser: Internet Explorer Cookie: C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat serving-sys.com B2 /

    Item Id: 600000408 Value: Browser: Internet Explorer Cookie: C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat serving-sys.com C3 /

    Item Id: 600000408 Value: Browser: Internet Explorer Cookie: C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat serving-sys.com D3 /

    Item Id: 600000408 Value: Browser: Internet Explorer Cookie: C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat serving-sys.com E2 /

    Item Id: 600000408 Value: Browser: Internet Explorer Cookie: C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat serving-sys.com U /

    Item Id: 600000179 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Mahamed\Cookies\index.dat atdmt.com AA002 /

    Item Id: 600000171 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Mahamed\Cookies\index.dat bs.serving-sys.com eyeblaster /

    Item Id: 600000212 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Mahamed\Cookies\index.dat msnaccountservices.112.2o7.net s_vi /

    Item Id: 600000101 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Mahamed\Cookies\index.dat overture.com CMUserData /

    Item Id: 600000408 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Mahamed\Cookies\index.dat serving-sys.com A2 /

    Item Id: 600000408 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Mahamed\Cookies\index.dat serving-sys.com B2 /

    Item Id: 600000408 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Mahamed\Cookies\index.dat serving-sys.com C3 /

    Item Id: 600000408 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Mahamed\Cookies\index.dat serving-sys.com D3 /

    Item Id: 600000408 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Mahamed\Cookies\index.dat serving-sys.com E2 /

    Item Id: 600000408 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Mahamed\Cookies\index.dat serving-sys.com U /

    Item Id: 600000212 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Mahamed\Cookies\index.dat msnportal.112.2o7.net s_vi /

    Family Id: 763 Name: Virtumonde Category: Malware TAI:10

    Item Id: 181106 Value: File: C:\Qoobox\Quarantine\C\WINDOWS\system32\djlgcflj.dll.vir

    Item Id: 181106 Value: File: C:\Qoobox\Quarantine\C\WINDOWS\system32\imktlmbf.dll.vir

    Item Id: 181106 Value: File: C:\Qoobox\Quarantine\C\WINDOWS\system32\tmguuwmc.dll.vir

    Item Id: 181106 Value: File: C:\Qoobox\Quarantine\C\WINDOWS\system32\__c00750F9.dat.vir

    Item Id: 181106 Value: File: C:\Qoobox\Quarantine\C\WINDOWS\system32\__c00BC26A.dat.vir

    Item Id: 181106 Value: File: C:\Qoobox\Quarantine\C\WINDOWS\system32\__c00C9F9A.dat.vir

    Family Id: 988 Name: Win32.Trojan.Spy Category: Virus TAI:10

    Item Id: 244003 Value: File: C:\Qoobox\Quarantine\[4]-Submit_2008-11-15@15.13.zip

    Family Id: 1333 Name: Win32.Rootkit.Agent Category: Malware TAI:10

    Item Id: 239893 Value: File: C:\SDFix\backups\catchme.zip

    Family Id: 9999 Name: MRU Object Category: MRU Object TAI:0

    Item Id: 1 Value: MRU Path: C:\Documents and Settings\Mahamed\Recent Count: 161

    Item Id: 2 Value: MRU Registry Key: S-1-5-21-343818398-926492609-725345543-1004\Software\Microsoft\Search Assistant\ACMru\5603 Count: 5

    Item Id: 3 Value: MRU Registry Key: S-1-5-21-343818398-926492609-725345543-1004\Software\Microsoft\Internet Explorer\TypedURLs Count: 2

     

    Items Ignored During Scan

    ===========================

     

     

    Listing of running processes

    ===========================

    C:\WINDOWS\SYSTEM32\SMSS.EXE

    c:\windows\system32\smss.exe

     

    c:\windows\system32\ntdll.dll

     

    C:\WINDOWS\SYSTEM32\CSRSS.EXE

    c:\windows\system32\csrss.exe

     

    c:\windows\system32\ntdll.dll

     

    c:\windows\system32\csrsrv.dll

     

    c:\windows\system32\basesrv.dll

     

    c:\windows\system32\winsrv.dll

     

    c:\windows\system32\gdi32.dll

     

    c:\windows\system32\kernel32.dll

     

    c:\windows\system32\user32.dll

     

    c:\windows\system32\sxs.dll

     

    c:\windows\system32\advapi32.dll

     

    c:\windows\system32\rpcrt4.dll

     

    c:\windows\system32\secur32.dll

     

    c:\windows\system32\apphelp.dll

     

    c:\windows\system32\version.dll

     

    C:\WINDOWS\SYSTEM32\WINLOGON.EXE

    c:\windows\system32\winlogon.exe

     

    c:\windows\system32\ntdll.dll

     

    c:\windows\system32\kernel32.dll

     

    c:\windows\system32\advapi32.dll

     

    c:\windows\system32\rpcrt4.dll

     

    c:\windows\system32\secur32.dll

     

    c:\windows\system32\authz.dll

     

    c:\windows\system32\msvcrt.dll

     

    c:\windows\system32\crypt32.dll

     

    c:\windows\system32\msasn1.dll

     

    c:\windows\system32\user32.dll

     

    c:\windows\system32\gdi32.dll

     

    c:\windows\system32\nddeapi.dll

     

    c:\windows\system32\profmap.dll

     

    c:\windows\system32\netapi32.dll

     

    c:\windows\system32\userenv.dll

     

    c:\windows\system32\psapi.dll

     

    c:\windows\system32\regapi.dll

     

    c:\windows\system32\setupapi.dll

     

    c:\windows\system32\version.dll

     

    c:\windows\system32\winsta.dll

     

    c:\windows\system32\wintrust.dll

     

    c:\windows\system32\imagehlp.dll

     

    c:\windows\system32\ws2_32.dll

     

    c:\windows\system32\ws2help.dll

     

    c:\windows\system32\imm32.dll

     

    c:\windows\system32\msgina.dll

     

    c:\windows\system32\comctl32.dll

     

    c:\windows\system32\odbc32.dll

     

    c:\windows\system32\comdlg32.dll

     

    c:\windows\system32\shell32.dll

     

    c:\windows\system32\shlwapi.dll

     

    c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

     

    c:\windows\system32\odbcint.dll

     

    c:\windows\system32\shsvcs.dll

     

    c:\windows\system32\sfc.dll

     

    c:\windows\system32\sfc_os.dll

     

    c:\windows\system32\ole32.dll

     

    c:\windows\system32\apphelp.dll

     

    c:\windows\system32\msctfime.ime

     

    c:\windows\system32\winscard.dll

     

    c:\windows\system32\wtsapi32.dll

     

    c:\windows\system32\wsock32.dll

     

    c:\windows\system32\wininet.dll

     

    c:\windows\system32\normaliz.dll

     

    c:\windows\system32\iertutil.dll

     

    c:\windows\system32\rasapi32.dll

     

    c:\windows\system32\rasman.dll

     

    c:\windows\system32\tapi32.dll

     

    c:\windows\system32\rtutils.dll

     

    c:\windows\system32\winmm.dll

     

    c:\windows\system32\sxs.dll

     

    c:\windows\system32\uxtheme.dll

     

    c:\program files\superantispyware\saswinlo.dll

     

    c:\windows\system32\oleaut32.dll

     

    c:\windows\system32\rsaenh.dll

     

    c:\windows\system32\cscdll.dll

     

    c:\windows\system32\dimsntfy.dll

     

    c:\windows\system32\wlnotify.dll

     

    c:\windows\system32\mpr.dll

     

    c:\windows\system32\winspool.drv

     

    c:\windows\system32\samlib.dll

     

    c:\windows\system32\msv1_0.dll

     

    c:\windows\system32\iphlpapi.dll

     

    c:\windows\system32\mprapi.dll

     

    c:\windows\system32\activeds.dll

     

    c:\windows\system32\adsldpc.dll

     

    c:\windows\system32\wldap32.dll

     

    c:\windows\system32\atl.dll

     

    c:\windows\system32\xpsp2res.dll

     

    c:\windows\system32\ntmarta.dll

     

    c:\windows\system32\comres.dll

     

    c:\windows\system32\clbcatq.dll

     

    c:\windows\system32\wdmaud.drv

     

    c:\windows\system32\msacm32.drv

     

    c:\windows\system32\msacm32.dll

     

    c:\windows\system32\midimap.dll

     

    c:\windows\system32\sensapi.dll

     

    c:\windows\system32\mswsock.dll

     

    c:\windows\system32\dnsapi.dll

     

    c:\windows\system32\winrnr.dll

     

    c:\windows\system32\rasadhlp.dll

     

    c:\windows\system32\hnetcfg.dll

     

    c:\windows\system32\wshtcpip.dll

     

    c:\windows\system32\cryptnet.dll

     

    c:\windows\system32\winhttp.dll

     

    c:\windows\system32\sclgntfy.dll

     

    c:\windows\system32\drprov.dll

     

    c:\windows\system32\ntlanman.dll

     

    c:\windows\system32\netui0.dll

     

    c:\windows\system32\netui1.dll

     

    c:\windows\system32\netrap.dll

     

    c:\windows\system32\davclnt.dll

     

    c:\windows\system32\cscui.dll

     

    c:\windows\system32\urlmon.dll

     

    C:\WINDOWS\SYSTEM32\SERVICES.EXE

    c:\windows\system32\services.exe

     

    c:\windows\system32\ntdll.dll

     

    c:\windows\system32\kernel32.dll

     

    c:\windows\system32\msvcrt.dll

     

    c:\windows\system32\advapi32.dll

     

    c:\windows\system32\rpcrt4.dll

     

    c:\windows\system32\secur32.dll

     

    c:\windows\system32\user32.dll

     

    c:\windows\system32\gdi32.dll

     

    c:\windows\system32\userenv.dll

     

    c:\windows\system32\scesrv.dll

     

    c:\windows\system32\authz.dll

     

    c:\windows\system32\umpnpmgr.dll

     

    c:\windows\system32\winsta.dll

     

    c:\windows\system32\netapi32.dll

     

    c:\windows\system32\ncobjapi.dll

     

    c:\windows\system32\msvcp60.dll

     

    c:\windows\system32\shimeng.dll

     

    c:\windows\apppatch\acadproc.dll

     

    c:\windows\system32\imm32.dll

     

    c:\windows\system32\apphelp.dll

     

    c:\windows\system32\version.dll

     

    c:\windows\system32\eventlog.dll

     

    c:\windows\system32\psapi.dll

     

    c:\windows\system32\ws2_32.dll

     

    c:\windows\system32\ws2help.dll

     

    c:\windows\system32\wtsapi32.dll

     

    c:\windows\system32\mswsock.dll

     

    c:\windows\system32\hnetcfg.dll

     

    c:\windows\system32\wshtcpip.dll

     

    c:\windows\system32\rasadhlp.dll

     

    C:\WINDOWS\SYSTEM32\LSASS.EXE

    c:\windows\system32\lsass.exe

     

    c:\windows\system32\ntdll.dll

     

    c:\windows\system32\kernel32.dll

     

    c:\windows\system32\advapi32.dll

     

    c:\windows\system32\rpcrt4.dll

     

    c:\windows\system32\secur32.dll

     

    c:\windows\system32\lsasrv.dll

     

    c:\windows\system32\mpr.dll

     

    c:\windows\system32\user32.dll

     

    c:\windows\system32\gdi32.dll

     

    c:\windows\system32\msasn1.dll

     

    c:\windows\system32\msvcrt.dll

     

    c:\windows\system32\netapi32.dll

     

    c:\windows\system32\ntdsapi.dll

     

    c:\windows\system32\dnsapi.dll

     

    c:\windows\system32\ws2_32.dll

     

    c:\windows\system32\ws2help.dll

     

    c:\windows\system32\wldap32.dll

     

    c:\windows\system32\samlib.dll

     

    c:\windows\system32\samsrv.dll

     

    c:\windows\system32\cryptdll.dll

     

    c:\windows\system32\shimeng.dll

     

    c:\windows\apppatch\acgenral.dll

     

    c:\windows\system32\winmm.dll

     

    c:\windows\system32\ole32.dll

     

    c:\windows\system32\oleaut32.dll

     

    c:\windows\system32\msacm32.dll

     

    c:\windows\system32\version.dll

     

    c:\windows\system32\shell32.dll

     

    c:\windows\system32\shlwapi.dll

     

    c:\windows\system32\userenv.dll

     

    c:\windows\system32\uxtheme.dll

     

    c:\windows\system32\imm32.dll

     

    c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

     

    c:\windows\system32\comctl32.dll

     

    c:\windows\system32\msprivs.dll

     

    c:\windows\system32\kerberos.dll

     

    c:\windows\system32\msv1_0.dll

     

    c:\windows\system32\iphlpapi.dll

     

    c:\windows\system32\netlogon.dll

     

    c:\windows\system32\w32time.dll

     

    c:\windows\system32\msvcp60.dll

     

    c:\windows\system32\schannel.dll

     

    c:\windows\system32\crypt32.dll

     

    c:\windows\system32\wdigest.dll

     

    c:\windows\system32\rsaenh.dll

     

    c:\windows\system32\scecli.dll

     

    c:\windows\system32\setupapi.dll

     

    c:\windows\system32\ipsecsvc.dll

     

    c:\windows\system32\authz.dll

     

    c:\windows\system32\oakley.dll

     

    c:\windows\system32\winipsec.dll

     

    c:\windows\system32\pstorsvc.dll

     

    c:\windows\system32\psbase.dll

     

    c:\windows\system32\mswsock.dll

     

    c:\windows\system32\hnetcfg.dll

     

    c:\windows\system32\wshtcpip.dll

     

    c:\windows\system32\dssenh.dll

     

    C:\WINDOWS\SYSTEM32\SVCHOST.EXE

    c:\windows\system32\svchost.exe

     

    c:\windows\system32\ntdll.dll

     

    c:\windows\system32\kernel32.dll

     

    c:\windows\system32\advapi32.dll

     

    c:\windows\system32\rpcrt4.dll

     

    c:\windows\system32\secur32.dll

     

    c:\windows\system32\shimeng.dll

     

    c:\windows\apppatch\acgenral.dll

     

    c:\windows\system32\user32.dll

     

    c:\windows\system32\gdi32.dll

     

    c:\windows\system32\winmm.dll

     

    c:\windows\system32\ole32.dll

     

    c:\windows\system32\msvcrt.dll

     

    c:\windows\system32\oleaut32.dll

     

    c:\windows\system32\msacm32.dll

     

    c:\windows\system32\version.dll

     

    c:\windows\system32\shell32.dll

     

    c:\windows\system32\shlwapi.dll

     

    c:\windows\system32\userenv.dll

     

    c:\windows\system32\uxtheme.dll

     

    c:\windows\system32\imm32.dll

     

    c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

     

    c:\windows\system32\comctl32.dll

     

    c:\windows\system32\ntmarta.dll

     

    c:\windows\system32\samlib.dll

     

    c:\windows\system32\wldap32.dll

     

    c:\windows\system32\rpcss.dll

     

    c:\windows\system32\ws2_32.dll

     

    c:\windows\system32\ws2help.dll

     

    c:\windows\system32\xpsp2res.dll

     

    c:\windows\system32\wtsapi32.dll

     

    c:\windows\system32\winsta.dll

     

    c:\windows\system32\netapi32.dll

     

    c:\windows\system32\msv1_0.dll

     

    c:\windows\system32\iphlpapi.dll

     

    c:\windows\system32\clbcatq.dll

     

    c:\windows\system32\comres.dll

     

    c:\windows\system32\termsrv.dll

     

    c:\windows\system32\icaapi.dll

     

    c:\windows\system32\setupapi.dll

     

    c:\windows\system32\wintrust.dll

     

    c:\windows\system32\crypt32.dll

     

    c:\windows\system32\msasn1.dll

     

    c:\windows\system32\imagehlp.dll

     

    c:\windows\system32\authz.dll

     

    c:\windows\system32\mstlsapi.dll

     

    c:\windows\system32\activeds.dll

     

    c:\windows\system32\adsldpc.dll

     

    c:\windows\system32\atl.dll

     

    c:\windows\system32\regapi.dll

     

    c:\windows\system32\rsaenh.dll

     

    c:\windows\system32\apphelp.dll

     

    c:\windows\system32\svchost.exe

     

    c:\windows\system32\ntdll.dll

     

    c:\windows\system32\kernel32.dll

     

    c:\windows\system32\advapi32.dll

     

    c:\windows\system32\rpcrt4.dll

     

    c:\windows\system32\secur32.dll

     

    c:\windows\system32\shimeng.dll

     

    c:\windows\apppatch\acgenral.dll

     

    c:\windows\system32\user32.dll

     

    c:\windows\system32\gdi32.dll

     

    c:\windows\system32\winmm.dll

     

    c:\windows\system32\ole32.dll

     

    c:\windows\system32\msvcrt.dll

     

    c:\windows\system32\oleaut32.dll

     

    c:\windows\system32\msacm32.dll

     

    c:\windows\system32\version.dll

     

    c:\windows\system32\shell32.dll

     

    c:\windows\system32\shlwapi.dll

     

    c:\windows\system32\userenv.dll

     

    c:\windows\system32\uxtheme.dll

     

    c:\windows\system32\imm32.dll

     

    c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

     

    c:\windows\system32\comctl32.dll

     

    c:\windows\system32\rpcss.dll

     

    c:\windows\system32\ws2_32.dll

     

    c:\windows\system32\ws2help.dll

     

    c:\windows\system32\xpsp2res.dll

     

    c:\windows\system32\rsaenh.dll

     

    c:\windows\system32\mswsock.dll

     

    c:\windows\system32\hnetcfg.dll

     

    c:\windows\system32\wshtcpip.dll

     

    c:\windows\system32\dnsapi.dll

     

    c:\windows\system32\iphlpapi.dll

     

    c:\windows\system32\winrnr.dll

     

    c:\windows\system32\wldap32.dll

     

    c:\windows\system32\rasadhlp.dll

     

    c:\windows\system32\clbcatq.dll

     

    c:\windows\system32\comres.dll

     

    c:\windows\system32\svchost.exe

     

    c:\windows\system32\ntdll.dll

     

    c:\windows\system32\kernel32.dll

     

    c:\windows\system32\advapi32.dll

     

    c:\windows\system32\rpcrt4.dll

     

    c:\windows\system32\secur32.dll

     

    c:\windows\system32\shimeng.dll

     

    c:\windows\apppatch\acgenral.dll

     

    c:\windows\system32\user32.dll

     

    c:\windows\system32\gdi32.dll

     

    c:\windows\system32\winmm.dll

     

    c:\windows\system32\ole32.dll

     

    c:\windows\system32\msvcrt.dll

     

    c:\windows\system32\oleaut32.dll

     

    c:\windows\system32\msacm32.dll

     

    c:\windows\system32\version.dll

     

    c:\windows\system32\shell32.dll

     

    c:\windows\system32\shlwapi.dll

     

    c:\windows\system32\userenv.dll

     

    c:\windows\system32\uxtheme.dll

     

    c:\windows\system32\imm32.dll

     

    c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

     

    c:\windows\system32\comctl32.dll

     

    c:\windows\system32\ntmarta.dll

     

    c:\windows\system32\samlib.dll

     

    c:\windows\system32\wldap32.dll

     

    c:\windows\system32\xpsp2res.dll

     

    c:\windows\system32\shsvcs.dll

     

    c:\windows\system32\winsta.dll

     

    c:\windows\system32\netapi32.dll

     

    c:\windows\system32\rsaenh.dll

     

    c:\windows\system32\dhcpcsvc.dll

     

    c:\windows\system32\dnsapi.dll

     

    c:\windows\system32\ws2_32.dll

     

    c:\windows\system32\ws2help.dll

     

    c:\windows\system32\iphlpapi.dll

     

    c:\windows\system32\wzcsvc.dll

     

    c:\windows\system32\rtutils.dll

     

    c:\windows\system32\wmi.dll

     

    c:\windows\system32\crypt32.dll

     

    c:\windows\system32\msasn1.dll

     

    c:\windows\system32\eapolqec.dll

     

    c:\windows\system32\atl.dll

     

    c:\windows\system32\qutil.dll

     

    c:\windows\system32\msvcp60.dll

     

    c:\windows\system32\dot3api.dll

     

    c:\windows\system32\wtsapi32.dll

     

    c:\windows\system32\esent.dll

     

    c:\windows\system32\clbcatq.dll

     

    c:\windows\system32\comres.dll

     

    c:\windows\system32\rastls.dll

     

    c:\windows\system32\cryptui.dll

     

    c:\windows\system32\wininet.dll

     

    c:\windows\system32\normaliz.dll

     

    c:\windows\system32\iertutil.dll

     

    c:\windows\system32\wintrust.dll

     

    c:\windows\system32\imagehlp.dll

     

    c:\windows\system32\mprapi.dll

     

    c:\windows\system32\activeds.dll

     

    c:\windows\system32\adsldpc.dll

     

    c:\windows\system32\setupapi.dll

     

    c:\windows\system32\rasapi32.dll

     

    c:\windows\system32\rasman.dll

     

    c:\windows\system32\tapi32.dll

     

    c:\windows\system32\schannel.dll

     

    c:\windows\system32\winscard.dll

     

    c:\windows\system32\psapi.dll

     

    c:\windows\system32\raschap.dll

     

    c:\windows\system32\msv1_0.dll

     

    c:\windows\system32\schedsvc.dll

     

    c:\windows\system32\ntdsapi.dll

     

    c:\windows\system32\msidle.dll

     

    c:\windows\system32\audiosrv.dll

     

    c:\windows\system32\wkssvc.dll

     

    c:\windows\system32\qmgr.dll

     

    c:\windows\system32\mpr.dll

     

    c:\windows\system32\shfolder.dll

     

    c:\windows\system32\winhttp.dll

     

    c:\windows\pchealth\helpctr\binaries\pchsvc.dll

     

    c:\windows\system32\es.dll

     

    c:\windows\system32\ersvc.dll

     

    c:\windows\system32\cryptsvc.dll

     

    c:\windows\system32\certcli.dll

     

    c:\windows\system32\mswsock.dll

     

    c:\windows\system32\hnetcfg.dll

     

    c:\windows\system32\wshtcpip.dll

     

    c:\windows\system32\netman.dll

     

    c:\windows\system32\netshell.dll

     

    c:\windows\system32\credui.dll

     

    c:\windows\system32\dot3dlg.dll

     

    c:\windows\system32\onex.dll

     

    c:\windows\system32\eappcfg.dll

     

    c:\windows\system32\eappprxy.dll

     

    c:\windows\system32\wzcsapi.dll

     

    c:\windows\system32\srvsvc.dll

     

    c:\windows\system32\sens.dll

     

    c:\windows\system32\seclogon.dll

     

    c:\windows\system32\srsvc.dll

     

    c:\windows\system32\powrprof.dll

     

    c:\windows\system32\trkwks.dll

     

    c:\windows\system32\w32time.dll

     

    c:\windows\system32\wbem\wmisvc.dll

     

    c:\windows\system32\vssapi.dll

     

    c:\windows\system32\sxs.dll

     

    c:\windows\system32\comsvcs.dll

     

    c:\windows\system32\colbact.dll

     

    c:\windows\system32\mtxclu.dll

     

    c:\windows\system32\wsock32.dll

     

    c:\windows\system32\clusapi.dll

     

    c:\windows\system32\resutils.dll

     

    c:\windows\system32\wuauserv.dll

     

    c:\windows\system32\wscsvc.dll

     

    c:\windows\system32\msi.dll

     

    c:\windows\system32\wuaueng.dll

     

    c:\windows\system32\winspool.drv

     

    c:\windows\system32\cabinet.dll

     

    c:\windows\system32\mspatcha.dll

     

    c:\windows\system32\ipnathlp.dll

     

    c:\windows\system32\authz.dll

     

    c:\windows\system32\browser.dll

     

    c:\windows\system32\wbem\wbemcomn.dll

     

    c:\windows\system32\wbem\wbemcore.dll

     

    c:\windows\system32\wbem\esscli.dll

     

    c:\windows\system32\wbem\fastprox.dll

     

    c:\windows\system32\sfc.dll

     

    c:\windows\system32\sfc_os.dll

     

    c:\windows\system32\wbem\wmiutils.dll

     

    c:\windows\system32\wbem\repdrvfs.dll

     

    c:\windows\system32\upnp.dll

     

    c:\windows\system32\ssdpapi.dll

     

    c:\windows\system32\rasmans.dll

     

    c:\windows\system32\winipsec.dll

     

    c:\windows\system32\netcfgx.dll

     

    c:\windows\system32\wbem\wmiprvsd.dll

     

    c:\windows\system32\ncobjapi.dll

     

    c:\windows\system32\wbem\wbemess.dll

     

    c:\windows\system32\wbem\ncprov.dll

     

    c:\windows\system32\tapisrv.dll

     

    c:\windows\system32\rastapi.dll

     

    c:\windows\system32\rasadhlp.dll

     

    c:\windows\system32\unimdm.tsp

     

    c:\windows\system32\uniplat.dll

     

    c:\windows\system32\unimdmat.dll

     

    c:\windows\system32\modemui.dll

     

    c:\windows\system32\kmddsp.tsp

     

    c:\windows\system32\ndptsp.tsp

     

    c:\windows\system32\ipconf.tsp

     

    c:\windows\system32\h323.tsp

     

    c:\windows\system32\hidphone.tsp

     

    c:\windows\system32\hid.dll

     

    c:\windows\system32\rasppp.dll

     

    c:\windows\system32\ntlsapi.dll

     

    c:\windows\system32\kerberos.dll

     

    c:\windows\system32\cryptdll.dll

     

    c:\windows\system32\rasqec.dll

     

    c:\windows\system32\rasdlg.dll

     

    c:\windows\system32\apphelp.dll

     

    c:\windows\system32\catsrvut.dll

     

    c:\windows\system32\catsrv.dll

     

    c:\windows\system32\mfcsubs.dll

     

    c:\windows\system32\urlmon.dll

     

    c:\windows\system32\wbem\wbemsvc.dll

     

    c:\windows\system32\svchost.exe

     

    c:\windows\system32\ntdll.dll

     

    c:\windows\system32\kernel32.dll

     

    c:\windows\system32\advapi32.dll

     

    c:\windows\system32\rpcrt4.dll

     

    c:\windows\system32\secur32.dll

     

    c:\windows\system32\shimeng.dll

     

    c:\windows\apppatch\acgenral.dll

     

    c:\windows\system32\user32.dll

     

    c:\windows\system32\gdi32.dll

     

    c:\windows\system32\winmm.dll

     

    c:\windows\system32\ole32.dll

     

    c:\windows\system32\msvcrt.dll

     

    c:\windows\system32\oleaut32.dll

     

    c:\windows\system32\msacm32.dll

     

    c:\windows\system32\version.dll

     

    c:\windows\system32\shell32.dll

     

    c:\windows\system32\shlwapi.dll

     

    c:\windows\system32\userenv.dll

     

    c:\windows\system32\uxtheme.dll

     

    c:\windows\system32\imm32.dll

     

    c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

     

    c:\windows\system32\comctl32.dll

     

    c:\windows\system32\wudfsvc.dll

     

    c:\windows\system32\setupapi.dll

     

    c:\windows\system32\wudfplatform.dll

     

    c:\windows\system32\wintrust.dll

     

    c:\windows\system32\crypt32.dll

     

    c:\windows\system32\msasn1.dll

     

    c:\windows\system32\imagehlp.dll

     

    c:\windows\system32\svchost.exe

     

    c:\windows\system32\ntdll.dll

     

    c:\windows\system32\kernel32.dll

     

    c:\windows\system32\advapi32.dll

     

    c:\windows\system32\rpcrt4.dll

     

    c:\windows\system32\secur32.dll

     

    c:\windows\system32\shimeng.dll

     

    c:\windows\apppatch\acgenral.dll

     

    c:\windows\system32\user32.dll

     

    c:\windows\system32\gdi32.dll

     

    c:\windows\system32\winmm.dll

     

    c:\windows\system32\ole32.dll

     

    c:\windows\system32\msvcrt.dll

     

    c:\windows\system32\oleaut32.dll

     

    c:\windows\system32\msacm32.dll

     

    c:\windows\system32\version.dll

     

    c:\windows\system32\shell32.dll

     

    c:\windows\system32\shlwapi.dll

     

    c:\windows\system32\userenv.dll

     

    c:\windows\system32\uxtheme.dll

     

    c:\windows\system32\imm32.dll

     

    c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

     

    c:\windows\system32\comctl32.dll

     

    c:\windows\system32\dnsrslvr.dll

     

    c:\windows\system32\dnsapi.dll

     

    c:\windows\system32\ws2_32.dll

     

    c:\windows\system32\ws2help.dll

     

    c:\windows\system32\iphlpapi.dll

     

    c:\windows\system32\rsaenh.dll

     

    c:\windows\system32\mswsock.dll

     

    c:\windows\system32\hnetcfg.dll

     

    c:\windows\system32\wshtcpip.dll

     

    c:\windows\system32\svchost.exe

     

    c:\windows\system32\ntdll.dll

     

    c:\windows\system32\kernel32.dll

     

    c:\windows\system32\advapi32.dll

     

    c:\windows\system32\rpcrt4.dll

     

    c:\windows\system32\secur32.dll

     

    c:\windows\system32\shimeng.dll

     

    c:\windows\apppatch\acgenral.dll

     

    c:\windows\system32\user32.dll

     

    c:\windows\system32\gdi32.dll

     

    c:\windows\system32\winmm.dll

     

    c:\windows\system32\ole32.dll

     

    c:\windows\system32\msvcrt.dll

     

    c:\windows\system32\oleaut32.dll

     

    c:\windows\system32\msacm32.dll

     

    c:\windows\system32\version.dll

     

    c:\windows\system32\shell32.dll

     

    c:\windows\system32\shlwapi.dll

     

    c:\windows\system32\userenv.dll

     

    c:\windows\system32\uxtheme.dll

     

    c:\windows\system32\imm32.dll

     

    c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

     

    c:\windows\system32\comctl32.dll

     

    c:\windows\system32\ntmarta.dll

     

    c:\windows\system32\samlib.dll

     

    c:\windows\system32\wldap32.dll

     

    c:\windows\system32\xpsp2res.dll

     

    c:\windows\system32\lmhsvc.dll

     

    c:\windows\system32\iphlpapi.dll

     

    c:\windows\system32\ws2_32.dll

     

    c:\windows\system32\ws2help.dll

     

    c:\windows\system32\webclnt.dll

     

    c:\windows\system32\wininet.dll

     

    c:\windows\system32\normaliz.dll

     

    c:\windows\system32\iertutil.dll

     

    c:\windows\system32\ssdpsrv.dll

     

    c:\windows\system32\hnetcfg.dll

     

    c:\windows\system32\clbcatq.dll

     

    c:\windows\system32\comres.dll

     

    c:\windows\system32\mswsock.dll

     

    c:\windows\system32\wshtcpip.dll

     

    C:\PROGRAM FILES\LAVASOFT\AD-AWARE\AAWSERVICE.EXE

    c:\program files\lavasoft\ad-aware\aawservice.exe

     

    c:\windows\system32\ntdll.dll

     

    c:\windows\system32\kernel32.dll

     

    c:\program files\lavasoft\ad-aware\ceapi.dll

     

    c:\windows\system32\wininet.dll

     

    c:\windows\system32\msvcrt.dll

     

    c:\windows\system32\shlwapi.dll

     

    c:\windows\system32\advapi32.dll

     

    c:\windows\system32\rpcrt4.dll

     

    c:\windows\system32\secur32.dll

     

    c:\windows\system32\gdi32.dll

     

    c:\windows\system32\user32.dll

     

    c:\windows\system32\normaliz.dll

     

    c:\windows\system32\iertutil.dll

     

    c:\windows\system32\ws2_32.dll

     

    c:\windows\system32\ws2help.dll

     

    c:\program files\lavasoft\ad-aware\pkarchive85u.dll

     

    c:\windows\system32\shell32.dll

     

    c:\windows\system32\ole32.dll

     

    c:\windows\system32\crypt32.dll

     

    c:\windows\system32\msasn1.dll

     

    c:\windows\system32\wldap32.dll

     

    c:\windows\system32\psapi.dll

     

    c:\windows\system32\version.dll

     

    c:\windows\system32\userenv.dll

     

    c:\windows\system32\imm32.dll

     

    c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

     

    c:\windows\system32\comctl32.dll

     

    c:\windows\system32\rsaenh.dll

     

    C:\WINDOWS\SYSTEM32\SPOOLSV.EXE

    c:\windows\system32\spoolsv.exe

     

    c:\windows\system32\ntdll.dll

     

    c:\windows\system32\kernel32.dll

     

    c:\windows\system32\advapi32.dll

     

    c:\windows\system32\rpcrt4.dll

     

    c:\windows\system32\secur32.dll

     

    c:\windows\system32\gdi32.dll

     

    c:\windows\system32\user32.dll

     

    c:\windows\system32\msvcrt.dll

     

    c:\windows\system32\shimeng.dll

     

    c:\windows\apppatch\acgenral.dll

     

    c:\windows\system32\winmm.dll

     

    c:\windows\system32\ole32.dll

     

    c:\windows\system32\oleaut32.dll

     

    c:\windows\system32\msacm32.dll

     

    c:\windows\system32\version.dll

     

    c:\windows\system32\shell32.dll

     

    c:\windows\system32\shlwapi.dll

     

    c:\windows\system32\userenv.dll

     

    c:\windows\system32\uxtheme.dll

     

    c:\windows\system32\imm32.dll

     

    c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

     

    c:\windows\system32\comctl32.dll

     

    c:\windows\system32\spoolss.dll

     

    c:\windows\system32\ws2_32.dll

     

    c:\windows\system32\ws2help.dll

     

    c:\windows\system32\dnsapi.dll

     

    c:\windows\system32\iphlpapi.dll

     

    c:\windows\system32\rasadhlp.dll

     

    c:\windows\system32\localspl.dll

     

    c:\windows\system32\sfc_os.dll

     

    c:\windows\system32\wintrust.dll

     

    c:\windows\system32\crypt32.dll

     

    c:\windows\system32\msasn1.dll

     

    c:\windows\system32\imagehlp.dll

     

    c:\windows\system32\winspool.drv

     

    c:\windows\system32\netapi32.dll

     

    c:\windows\system32\cnbjmon.dll

     

    c:\windows\system32\pjlmon.dll

     

    c:\windows\system32\msonpmon.dll

     

    c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcr80.dll

     

    c:\windows\system32\msi.dll

     

    c:\windows\system32\tcpmon.dll

     

    c:\windows\system32\usbmon.dll

     

    c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll

     

    c:\windows\system32\mswsock.dll

     

    c:\windows\system32\winrnr.dll

     

    c:\windows\system32\wldap32.dll

     

    c:\windows\system32\win32spl.dll

     

    c:\windows\system32\netrap.dll

     

    c:\windows\system32\ntdsapi.dll

     

    c:\windows\system32\clbcatq.dll

     

    c:\windows\system32\comres.dll

     

    c:\windows\system32\xpsp2res.dll

     

    c:\windows\system32\inetpp.dll

     

    C:\PROGRAM FILES\JAVA\JRE6\BIN\JQS.EXE

    c:\program files\java\jre6\bin\jqs.exe

     

    c:\windows\system32\ntdll.dll

     

    c:\windows\system32\kernel32.dll

     

    c:\windows\system32\ws2_32.dll

     

    c:\windows\system32\advapi32.dll

     

    c:\windows\system32\rpcrt4.dll

     

    c:\windows\system32\secur32.dll

     

    c:\windows\system32\msvcrt.dll

     

    c:\windows\system32\ws2help.dll

     

    c:\windows\system32\ole32.dll

     

    c:\windows\system32\gdi32.dll

     

    c:\windows\system32\user32.dll

     

    c:\program files\java\jre6\bin\msvcr71.dll

     

    c:\windows\system32\imm32.dll

     

    c:\windows\system32\psapi.dll

     

    c:\windows\system32\pdh.dll

     

    c:\windows\system32\comdlg32.dll

     

    c:\windows\system32\comctl32.dll

     

    c:\windows\system32\shell32.dll

     

    c:\windows\system32\shlwapi.dll

     

    c:\windows\system32\crypt32.dll

     

    c:\windows\system32\msasn1.dll

     

    c:\windows\system32\odbc32.dll

     

    c:\windows\system32\odbcbcp.dll

     

    c:\windows\system32\version.dll

     

    c:\windows\system32\oleaut32.dll

     

    c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

     

    c:\windows\system32\odbcint.dll

     

    c:\windows\system32\mswsock.dll

     

    c:\windows\system32\hnetcfg.dll

     

    c:\windows\system32\wshtcpip.dll

     

    c:\windows\system32\perfos.dll

     

    c:\windows\system32\perfdisk.dll

     

    C:\WINDOWS\SYSTEM32\SVCHOST.EXE

    c:\windows\system32\svchost.exe

     

    c:\windows\system32\ntdll.dll

     

    c:\windows\system32\kernel32.dll

     

    c:\windows\system32\advapi32.dll

     

    c:\windows\system32\rpcrt4.dll

     

    c:\windows\system32\secur32.dll

     

    c:\windows\system32\shimeng.dll

     

    c:\windows\apppatch\acgenral.dll

     

    c:\windows\system32\user32.dll

     

    c:\windows\system32\gdi32.dll

     

    c:\windows\system32\winmm.dll

     

    c:\windows\system32\ole32.dll

     

    c:\windows\system32\msvcrt.dll

     

    c:\windows\system32\oleaut32.dll

     

    c:\windows\system32\msacm32.dll

     

    c:\windows\system32\version.dll

     

    c:\windows\system32\shell32.dll

     

    c:\windows\system32\shlwapi.dll

     

    c:\windows\system32\userenv.dll

     

    c:\windows\system32\uxtheme.dll

     

    c:\windows\system32\imm32.dll

     

    c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

     

    c:\windows\system32\comctl32.dll

     

    c:\windows\system32\wiaservc.dll

     

    c:\windows\system32\cfgmgr32.dll

     

    c:\windows\system32\setupapi.dll

     

    c:\windows\system32\mscms.dll

     

    c:\windows\system32\winspool.drv

     

    c:\windows\system32\winsta.dll

     

    c:\windows\system32\netapi32.dll

     

    c:\windows\system32\xpsp2res.dll

     

    c:\windows\system32\clbcatq.dll

     

    c:\windows\system32\comres.dll

     

    c:\windows\system32\wintrust.dll

     

    c:\windows\system32\crypt32.dll

     

    c:\windows\system32\msasn1.dll

     

    c:\windows\system32\imagehlp.dll

     

    c:\windows\system32\actxprxy.dll

     

    C:\WINDOWS\SYSTEM32\SEARCHINDEXER.EXE

    c:\windows\system32\searchindexer.exe

     

    c:\windows\system32\ntdll.dll

     

    c:\windows\system32\kernel32.dll

     

    c:\windows\system32\advapi32.dll

     

    c:\windows\system32\rpcrt4.dll

     

    c:\windows\system32\secur32.dll

     

    c:\windows\system32\user32.dll

     

    c:\windows\system32\gdi32.dll

     

    c:\windows\system32\msvcrt.dll

     

    c:\windows\system32\ole32.dll

     

    c:\windows\system32\oleaut32.dll

     

    c:\windows\system32\wtsapi32.dll

     

    c:\windows\system32\winsta.dll

     

    c:\windows\system32\netapi32.dll

     

    c:\windows\system32\tquery.dll

     

    c:\windows\system32\propsys.dll

     

    c:\windows\system32\wintrust.dll

     

    c:\windows\system32\crypt32.dll

     

    c:\windows\system32\msasn1.dll

     

    c:\windows\system32\imagehlp.dll

     

    c:\windows\system32\shlwapi.dll

     

    c:\windows\system32\shell32.dll

     

    c:\windows\system32\userenv.dll

     

    c:\windows\system32\mpr.dll

     

    c:\windows\system32\mssrch.dll

     

    c:\windows\system32\psapi.dll

     

    c:\windows\system32\wsock32.dll

     

    c:\windows\system32\ws2_32.dll

     

    c:\windows\system32\ws2help.dll

     

    c:\windows\system32\dbghelp.dll

     

    c:\windows\system32\version.dll

     

    c:\windows\system32\imm32.dll

     

    c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

     

    c:\windows\system32\comctl32.dll

     

    c:\windows\system32\xpsp2res.dll

     

    c:\windows\system32\clbcatq.dll

     

    c:\windows\system32\comres.dll

     

    c:\windows\system32\msidle.dll

     

    c:\windows\system32\uxtheme.dll

     

    c:\windows\system32\query.dll

     

    c:\windows\system32\xmllite.dll

     

    c:\windows\system32\en-us\tquery.dll.mui

     

    c:\windows\system32\esent.dll

     

    c:\windows\system32\msscb.dll

     

    c:\windows\system32\ntmarta.dll

     

    c:\windows\system32\samlib.dll

     

    c:\windows\system32\wldap32.dll

     

    c:\windows\system32\perfproc.dll

     

    c:\windows\system32\mssprxy.dll

     

    c:\windows\system32\msv1_0.dll

     

    c:\windows\system32\iphlpapi.dll

     

    c:\windows\system32\sxs.dll

     

    c:\windows\system32\langwrbk.dll

     

    c:\windows\system32\infosoft.dll

     

    c:\windows\system32\setupapi.dll

     

    C:\WINDOWS\SYSTEM32\ALG.EXE

    c:\windows\system32\alg.exe

     

    c:\windows\system32\ntdll.dll

     

    c:\windows\system32\kernel32.dll

     

    c:\windows\system32\msvcrt.dll

     

    c:\windows\system32\atl.dll

     

    c:\windows\system32\user32.dll

     

    c:\windows\system32\gdi32.dll

     

    c:\windows\system32\advapi32.dll

     

    c:\windows\system32\rpcrt4.dll

     

    c:\windows\system32\secur32.dll

     

    c:\windows\system32\ole32.dll

     

    c:\windows\system32\oleaut32.dll

     

    c:\windows\system32\wsock32.dll

     

    c:\windows\system32\ws2_32.dll

     

    c:\windows\system32\ws2help.dll

     

    c:\windows\system32\mswsock.dll

     

    c:\windows\system32\shimeng.dll

     

    c:\windows\apppatch\acgenral.dll

     

    c:\windows\system32\winmm.dll

     

    c:\windows\system32\msacm32.dll

     

    c:\windows\system32\version.dll

     

    c:\windows\system32\shell32.dll

     

    c:\windows\system32\shlwapi.dll

     

    c:\windows\system32\userenv.dll

     

    c:\windows\system32\uxtheme.dll

     

    c:\windows\system32\imm32.dll

     

    c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

     

    c:\windows\system32\comctl32.dll

     

    c:\windows\system32\clbcatq.dll

     

    c:\windows\system32\comres.dll

     

    c:\windows\system32\xpsp2res.dll

     

    c:\windows\system32\hnetcfg.dll

     

    c:\windows\system32\wshtcpip.dll

     

    C:\WINDOWS\SYSTEM32\SVCHOST.EXE

    c:\windows\system32\svchost.exe

     

    c:\windows\system32\ntdll.dll

     

    c:\windows\system32\kernel32.dll

     

    c:\windows\system32\user32.dll

     

    c:\windows\system32\gdi32.dll

     

    c:\windows\system32\advapi32.dll

     

    c:\windows\system32\rpcrt4.dll

     

    c:\windows\system32\secur32.dll

     

    c:\windows\system32\ws2_32.dll

     

    c:\windows\system32\msvcrt.dll

     

    c:\windows\system32\ws2help.dll

     

    c:\windows\system32\shimeng.dll

     

    c:\windows\apppatch\acgenral.dll

     

    c:\windows\system32\winmm.dll

     

    c:\windows\system32\ole32.dll

     

    c:\windows\system32\oleaut32.dll

     

    c:\windows\system32\msacm32.dll

     

    c:\windows\system32\version.dll

     

    c:\windows\system32\shell32.dll

     

    c:\windows\system32\shlwapi.dll

     

    c:\windows\system32\userenv.dll

     

    c:\windows\system32\uxtheme.dll

     

    c:\windows\system32\imm32.dll

     

    c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

     

    c:\windows\system32\comctl32.dll

     

    c:\windows\system32\mswsock.dll

     

    c:\windows\system32\hnetcfg.dll

     

    c:\windows\system32\wshtcpip.dll

     

    c:\windows\system32\rasadhlp.dll

     

    C:\WINDOWS\SYSTEM32\WSCNTFY.EXE

    c:\windows\system32\wscntfy.exe

     

    c:\windows\system32\ntdll.dll

     

    c:\windows\system32\kernel32.dll

     

    c:\windows\system32\msvcrt.dll

     

    c:\windows\system32\user32.dll

     

    c:\windows\system32\gdi32.dll

     

    c:\windows\system32\shell32.dll

     

    c:\windows\system32\advapi32.dll

     

    c:\windows\system32\rpcrt4.dll

     

    c:\windows\system32\secur32.dll

     

    c:\windows\system32\shlwapi.dll

     

    c:\windows\system32\imm32.dll

     

    c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

     

    c:\windows\system32\xpsp2res.dll

     

    c:\windows\system32\uxtheme.dll

     

    c:\windows\system32\msctfime.ime

     

    c:\windows\system32\ole32.dll

     

    c:\windows\system32\msctf.dll

     

    C:\WINDOWS\EXPLORER.EXE

    c:\windows\explorer.exe

     

    c:\windows\system32\ntdll.dll

     

    c:\windows\system32\kernel32.dll

     

    c:\windows\system32\msvcrt.dll

     

    c:\windows\system32\advapi32.dll

     

    c:\windows\system32\rpcrt4.dll

     

    c:\windows\system32\secur32.dll

     

    c:\windows\system32\gdi32.dll

     

    c:\windows\system32\user32.dll

     

    c:\windows\system32\shlwapi.dll

     

    c:\windows\system32\shell32.dll

     

    c:\windows\system32\ole32.dll

     

    c:\windows\system32\oleaut32.dll

     

    c:\windows\system32\browseui.dll

     

    c:\windows\system32\shdocvw.dll

     

    c:\windows\system32\crypt32.dll

     

    c:\windows\system32\msasn1.dll

     

    c:\windows\system32\cryptui.dll

     

    c:\windows\system32\netapi32.dll

     

    c:\windows\system32\version.dll

     

    c:\windows\system32\wininet.dll

     

    c:\windows\system32\normaliz.dll

     

    c:\windows\system32\iertutil.dll

     

    c:\windows\system32\wintrust.dll

     

    c:\windows\system32\imagehlp.dll

     

    c:\windows\system32\wldap32.dll

     

    c:\windows\system32\uxtheme.dll

     

    c:\windows\system32\shimeng.dll

     

    c:\windows\apppatch\acgenral.dll

     

    c:\windows\system32\winmm.dll

     

    c:\windows\system32\msacm32.dll

     

    c:\windows\system32\userenv.dll

     

    c:\windows\system32\imm32.dll

     

    c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

     

    c:\windows\system32\comctl32.dll

     

    c:\windows\system32\apphelp.dll

     

    c:\windows\system32\msctfime.ime

     

    c:\windows\system32\clbcatq.dll

     

    c:\windows\system32\comres.dll

     

    c:\program files\microsoft office\office12\grooveshellextensions.dll

     

    c:\program files\microsoft office\office12\grooveutil.dll

     

    c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcr80.dll

     

    c:\program files\microsoft office\office12\groovenew.dll

     

    c:\windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\atl80.dll

     

    c:\windows\system32\rsaenh.dll

     

    c:\windows\system32\msimg32.dll

     

    c:\windows\system32\cscui.dll

     

    c:\windows\system32\cscdll.dll

     

    c:\windows\system32\themeui.dll

     

    c:\windows\system32\xpsp2res.dll

     

    c:\windows\system32\msutb.dll

     

    c:\windows\system32\msctf.dll

     

    c:\windows\system32\samlib.dll

     

    c:\windows\system32\urlmon.dll

     

    c:\windows\system32\linkinfo.dll

     

    c:\windows\system32\ntshrui.dll

     

    c:\windows\system32\atl.dll

     

    c:\windows\system32\setupapi.dll

     

    c:\windows\system32\ieframe.dll

     

    c:\windows\system32\psapi.dll

     

    c:\windows\system32\netshell.dll

     

    c:\windows\system32\credui.dll

     

    c:\windows\system32\dot3api.dll

     

    c:\windows\system32\rtutils.dll

     

    c:\windows\system32\dot3dlg.dll

     

    c:\windows\system32\onex.dll

     

    c:\windows\system32\wtsapi32.dll

     

    c:\windows\system32\winsta.dll

     

    c:\windows\system32\eappcfg.dll

     

    c:\windows\system32\msvcp60.dll

     

    c:\windows\system32\eappprxy.dll

     

    c:\windows\system32\iphlpapi.dll

     

    c:\windows\system32\ws2_32.dll

     

    c:\windows\system32\ws2help.dll

     

    c:\windows\system32\msi.dll

     

    c:\windows\system32\webcheck.dll

     

    c:\windows\system32\stobject.dll

     

    c:\windows\system32\batmeter.dll

     

    c:\windows\system32\powrprof.dll

     

    c:\windows\system32\wpdshserviceobj.dll

     

    c:\windows\system32\winhttp.dll

     

    c:\windows\system32\mydocs.dll

     

    c:\windows\system32\wdmaud.drv

     

    c:\windows\system32\portabledevicetypes.dll

     

    c:\windows\system32\portabledeviceapi.dll

     

    c:\windows\system32\msacm32.drv

     

    c:\windows\system32\midimap.dll

     

    c:\windows\system32\fxsst.dll

     

    c:\windows\system32\winspool.drv

     

    c:\windows\system32\fxsapi.dll

     

    c:\windows\system32\ntmarta.dll

     

    c:\windows\system32\mpr.dll

     

    c:\windows\system32\drprov.dll

     

    c:\windows\system32\ntlanman.dll

     

    c:\windows\system32\netui0.dll

     

    c:\windows\system32\netui1.dll

     

    c:\windows\system32\netrap.dll

     

    c:\windows\system32\davclnt.dll

     

    c:\windows\system32\sxs.dll

     

    c:\program files\windows desktop search\msnlnamespacemgr.dll

     

    c:\program files\superantispyware\sasseh.dll

     

    c:\program files\microsoft office\office12\groovesystemservices.dll

     

    c:\program files\microsoft office\office12\groovemisc.dll

     

    c:\windows\system32\msxml3.dll

     

    c:\windows\system32\browselc.dll

     

    c:\windows\system32\duser.dll

     

    c:\windows\system32\mlang.dll

     

    c:\program files\common files\adobe\acrobat\activex\pdfshell.dll

     

    c:\program files\microsoft office\office12\1033\grooveintlresource.dll

     

    c:\windows\system32\mswsock.dll

     

    c:\windows\system32\dnsapi.dll

     

    c:\windows\system32\winrnr.dll

     

    c:\windows\system32\hnetcfg.dll

     

    c:\windows\system32\wshtcpip.dll

     

    c:\windows\system32\rasapi32.dll

     

    c:\windows\system32\rasman.dll

     

    c:\windows\system32\tapi32.dll

     

    c:\windows\system32\msv1_0.dll

     

    c:\windows\system32\sensapi.dll

     

    c:\windows\system32\rasadhlp.dll

     

    c:\windows\system32\msisip.dll

     

    c:\windows\system32\wshext.dll

     

    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE12\GROOVEMONITOR.EXE

    c:\program files\microsoft office\office12\groovemonitor.exe

     

    c:\windows\system32\ntdll.dll

     

    c:\windows\system32\kernel32.dll

     

    c:\windows\system32\user32.dll

     

    c:\windows\system32\gdi32.dll

     

    c:\windows\system32\shell32.dll

     

    c:\windows\system32\advapi32.dll

     

    c:\windows\system32\rpcrt4.dll

     

    c:\windows\system32\secur32.dll

     

    c:\windows\system32\msvcrt.dll

     

    c:\windows\system32\shlwapi.dll

     

    c:\windows\system32\ole32.dll

     

    c:\program files\microsoft office\office12\grooveutil.dll

     

    c:\windows\system32\wininet.dll

     

    c:\windows\system32\normaliz.dll

     

    c:\windows\system32\iertutil.dll

     

    c:\windows\system32\crypt32.dll

     

    c:\windows\system32\msasn1.dll

     

    c:\windows\system32\oleaut32.dll

     

    c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcr80.dll

     

    c:\program files\microsoft office\office12\groovenew.dll

     

    c:\windows\system32\version.dll

     

    c:\windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\atl80.dll

     

    c:\windows\system32\comctl32.dll

     

    c:\windows\system32\shimeng.dll

     

    c:\windows\apppatch\acgenral.dll

     

    c:\windows\system32\winmm.dll

     

    c:\windows\system32\msacm32.dll

     

    c:\windows\system32\userenv.dll

     

    c:\windows\system32\uxtheme.dll

     

    c:\windows\system32\imm32.dll

     

    c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

     

    c:\windows\system32\rsaenh.dll

     

    c:\windows\system32\apphelp.dll

     

    c:\windows\system32\msctfime.ime

     

    c:\windows\system32\setupapi.dll

     

    c:\windows\system32\clbcatq.dll

     

    c:\windows\system32\comres.dll

     

    c:\program files\microsoft office\office12\grooveshellextensions.dll

     

    c:\windows\system32\msimg32.dll

     

    c:\program files\microsoft office\office12\groovesystemservices.dll

     

    c:\windows\system32\urlmon.dll

     

    c:\windows\system32\msctf.dll

     

    C:\PROGRAM FILES\JAVA\JRE6\BIN\JUSCHED.EXE

    c:\program files\java\jre6\bin\jusched.exe

     

    c:\windows\system32\ntdll.dll

     

    c:\windows\system32\kernel32.dll

     

    c:\windows\system32\advapi32.dll

     

    c:\windows\system32\rpcrt4.dll

     

    c:\windows\system32\secur32.dll

     

    c:\windows\system32\gdi32.dll

     

    c:\windows\system32\user32.dll

     

    c:\windows\system32\wininet.dll

     

    c:\windows\system32\msvcrt.dll

     

    c:\windows\system32\shlwapi.dll

     

    c:\windows\system32\normaliz.dll

     

    c:\windows\system32\iertutil.dll

     

    c:\windows\system32\ole32.dll

     

    c:\windows\system32\shell32.dll

     

    c:\windows\system32\oleaut32.dll

     

    c:\windows\system32\shimeng.dll

     

    c:\windows\apppatch\acgenral.dll

     

    c:\windows\system32\winmm.dll

     

    c:\windows\system32\msacm32.dll

     

    c:\windows\system32\version.dll

     

    c:\windows\system32\userenv.dll

     

    c:\windows\system32\uxtheme.dll

     

    c:\windows\system32\imm32.dll

     

    c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

     

    c:\windows\system32\comctl32.dll

     

    c:\windows\system32\apphelp.dll

     

    c:\windows\system32\ws2_32.dll

     

    c:\windows\system32\ws2help.dll

     

    c:\windows\system32\rasapi32.dll

     

    c:\windows\system32\rasman.dll

     

    c:\windows\system32\netapi32.dll

     

    c:\windows\system32\tapi32.dll

     

    c:\windows\system32\rtutils.dll

     

    c:\windows\system32\msv1_0.dll

     

    c:\windows\system32\iphlpapi.dll

     

    c:\windows\system32\sensapi.dll

     

    c:\windows\system32\mswsock.dll

     

    c:\windows\system32\rasadhlp.dll

     

    c:\windows\system32\urlmon.dll

     

    c:\windows\system32\dnsapi.dll

     

    c:\windows\system32\hnetcfg.dll

     

    c:\windows\system32\wshtcpip.dll

     

    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE

    c:\program files\common files\real\update_ob\realsched.exe

     

    c:\windows\system32\ntdll.dll

     

    c:\windows\system32\kernel32.dll

     

    c:\windows\system32\ole32.dll

     

    c:\windows\system32\advapi32.dll

     

    c:\windows\system32\rpcrt4.dll

     

    c:\windows\system32\secur32.dll

     

    c:\windows\system32\gdi32.dll

     

    c:\windows\system32\user32.dll

     

    c:\windows\system32\msvcrt.dll

     

    c:\windows\system32\version.dll

     

    c:\windows\system32\shimeng.dll

     

    c:\windows\apppatch\acgenral.dll

     

    c:\windows\system32\winmm.dll

     

    c:\windows\system32\oleaut32.dll

     

    c:\windows\system32\msacm32.dll

     

    c:\windows\system32\shell32.dll

     

    c:\windows\system32\shlwapi.dll

     

    c:\windows\system32\userenv.dll

     

    c:\windows\system32\uxtheme.dll

     

    c:\windows\system32\imm32.dll

     

    c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

     

    c:\windows\system32\comctl32.dll

     

    c:\windows\system32\setupapi.dll

     

    c:\windows\system32\apphelp.dll

     

    c:\windows\system32\msctfime.ime

     

    c:\windows\system32\xpsp2res.dll

     

    c:\windows\system32\clbcatq.dll

     

    c:\windows\system32\comres.dll

     

    c:\windows\system32\ntmarta.dll

     

    c:\windows\system32\samlib.dll

     

    c:\windows\system32\wldap32.dll

     

    c:\windows\system32\msctf.dll

     

    C:\WINDOWS\SYSTEM32\READER.EXE

    c:\windows\system32\reader.exe

     

    c:\windows\system32\ntdll.dll

     

    c:\windows\system32\kernel32.dll

     

    c:\windows\system32\ws2_32.dll

     

    c:\windows\system32\advapi32.dll

     

    c:\windows\system32\rpcrt4.dll

     

    c:\windows\system32\secur32.dll

     

    c:\windows\system32\msvcrt.dll

     

    c:\windows\system32\ws2help.dll

     

    c:\windows\system32\netapi32.dll

     

    c:\windows\system32\user32.dll

     

    c:\windows\system32\gdi32.dll

     

    c:\windows\system32\imm32.dll

     

    c:\windows\system32\shlwapi.dll

     

    c:\windows\system32\apphelp.dll

     

    c:\windows\system32\version.dll

     

    C:\WINDOWS\SYSTEM32\CTFMON.EXE

    c:\windows\system32\ctfmon.exe

     

    c:\windows\system32\ntdll.dll

     

    c:\windows\system32\kernel32.dll

     

    c:\windows\system32\msvcrt.dll

     

    c:\windows\system32\advapi32.dll

     

    c:\windows\system32\rpcrt4.dll

     

    c:\windows\system32\secur32.dll

     

    c:\windows\system32\user32.dll

     

    c:\windows\system32\gdi32.dll

     

    c:\windows\system32\msctf.dll

     

    c:\windows\system32\msutb.dll

     

    c:\windows\system32\shimeng.dll

     

    c:\windows\apppatch\acgenral.dll

     

    c:\windows\system32\winmm.dll

     

    c:\windows\system32\ole32.dll

     

    c:\windows\system32\oleaut32.dll

     

    c:\windows\system32\msacm32.dll

     

    c:\windows\system32\version.dll

     

    c:\windows\system32\shell32.dll

     

    c:\windows\system32\shlwapi.dll

     

    c:\windows\system32\userenv.dll

     

    c:\windows\system32\uxtheme.dll

     

    c:\windows\system32\imm32.dll

     

    c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

     

    c:\windows\system32\msctfime.ime

     

    C:\PROGRAM FILES\WINDOWS LIVE\MESSENGER\USNSVC.EXE

    c:\program files\windows live\messenger\usnsvc.exe

     

    c:\windows\system32\ntdll.dll

     

    c:\windows\system32\kernel32.dll

     

    c:\windows\system32\advapi32.dll

     

    c:\windows\system32\rpcrt4.dll

     

    c:\windows\system32\secur32.dll

     

    c:\windows\system32\ole32.dll

     

    c:\windows\system32\gdi32.dll

     

    c:\windows\system32\user32.dll

     

    c:\windows\system32\msvcrt.dll

     

    c:\windows\system32\oleaut32.dll

     

    c:\windows\system32\imm32.dll

     

    c:\windows\system32\xpsp2res.dll

     

    c:\windows\system32\clbcatq.dll

     

    c:\windows\system32\comres.dll

     

    c:\windows\system32\version.dll

     

    c:\program files\windows live\messenger\usnsvcps.dll

     

    c:\windows\system32\rsaenh.dll

     

    C:\WINDOWS\SYSTEM32\SVCHOST.EXE

    c:\windows\system32\svchost.exe

     

    c:\windows\system32\ntdll.dll

     

    c:\windows\system32\kernel32.dll

     

    c:\windows\system32\advapi32.dll

     

    c:\windows\system32\rpcrt4.dll

     

    c:\windows\system32\secur32.dll

     

    c:\windows\system32\shimeng.dll

     

    c:\windows\apppatch\acgenral.dll

     

    c:\windows\system32\user32.dll

     

    c:\windows\system32\gdi32.dll

     

    c:\windows\system32\winmm.dll

     

    c:\windows\system32\ole32.dll

     

    c:\windows\system32\msvcrt.dll

     

    c:\windows\system32\oleaut32.dll

     

    c:\windows\system32\msacm32.dll

     

    c:\windows\system32\version.dll

     

    c:\windows\system32\shell32.dll

     

    c:\windows\system32\shlwapi.dll

     

    c:\windows\system32\userenv.dll

     

    c:\windows\system32\uxtheme.dll

     

    c:\windows\system32\imm32.dll

     

    c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

     

    c:\windows\system32\comctl32.dll

     

    c:\windows\system32\urlmon.dll

     

    c:\windows\system32\iertutil.dll

     

    c:\windows\system32\wininet.dll

     

    c:\windows\system32\normaliz.dll

     

    c:\windows\system32\ws2_32.dll

     

    c:\windows\system32\ws2help.dll

     

    c:\windows\system32\mswsock.dll

     

    c:\windows\system32\hnetcfg.dll

     

    c:\windows\system32\wshtcpip.dll

     

    c:\windows\system32\rasapi32.dll

     

    c:\windows\system32\rasman.dll

     

    c:\windows\system32\netapi32.dll

     

    c:\windows\system32\tapi32.dll

     

    c:\windows\system32\rtutils.dll

     

    c:\windows\system32\msv1_0.dll

     

    c:\windows\system32\iphlpapi.dll

     

    c:\windows\system32\sensapi.dll

     

    c:\windows\system32\rasadhlp.dll

     

    c:\windows\system32\dnsapi.dll

     

    c:\windows\system32\apphelp.dll

     

    C:\WINDOWS\SYSTEM32\RS32NET.EXE

    c:\windows\system32\rs32net.exe

     

    c:\windows\system32\ntdll.dll

     

    c:\windows\system32\kernel32.dll

     

    c:\windows\system32\ws2_32.dll

     

    c:\windows\system32\advapi32.dll

     

    c:\windows\system32\rpcrt4.dll

     

    c:\windows\system32\secur32.dll

     

    c:\windows\system32\msvcrt.dll

     

    c:\windows\system32\ws2help.dll

     

    c:\windows\system32\user32.dll

     

    c:\windows\system32\gdi32.dll

     

    c:\windows\system32\imm32.dll

     

    c:\windows\system32\shlwapi.dll

     

    c:\windows\system32\apphelp.dll

     

    c:\windows\system32\version.dll

     

    C:\WINDOWS\SYSTEM32\SVCHOST.EXE

    c:\windows\system32\svchost.exe

     

    c:\windows\system32\ntdll.dll

     

    c:\windows\system32\kernel32.dll

     

    c:\windows\system32\advapi32.dll

     

    c:\windows\system32\rpcrt4.dll

     

    c:\windows\system32\secur32.dll

     

    c:\windows\system32\ws2_32.dll

     

    c:\windows\system32\msvcrt.dll

     

    c:\windows\system32\ws2help.dll

     

    c:\windows\system32\shimeng.dll

     

    c:\windows\apppatch\acgenral.dll

     

    c:\windows\system32\user32.dll

     

    c:\windows\system32\gdi32.dll

     

    c:\windows\system32\winmm.dll

     

    c:\windows\system32\ole32.dll

     

    c:\windows\system32\oleaut32.dll

     

    c:\windows\system32\msacm32.dll

     

    c:\windows\system32\version.dll

     

    c:\windows\system32\shell32.dll

     

    c:\windows\system32\shlwapi.dll

     

    c:\windows\system32\userenv.dll

     

    c:\windows\system32\uxtheme.dll

     

    c:\windows\system32\imm32.dll

     

    c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

     

    c:\windows\system32\comctl32.dll

     

    c:\windows\system32\mswsock.dll

     

    c:\windows\system32\hnetcfg.dll

     

    c:\windows\system32\wshtcpip.dll

     

    c:\windows\system32\apphelp.dll

     

    C:\WINDOWS\SYSTEM32\READER.EXE

    c:\windows\system32\reader.exe

     

    c:\windows\system32\ntdll.dll

     

    c:\windows\system32\kernel32.dll

     

    c:\windows\system32\ws2_32.dll

     

    c:\windows\system32\advapi32.dll

     

    c:\windows\system32\rpcrt4.dll

     

    c:\windows\system32\secur32.dll

     

    c:\windows\system32\msvcrt.dll

     

    c:\windows\system32\ws2help.dll

     

    c:\windows\system32\netapi32.dll

     

    c:\windows\system32\user32.dll

     

    c:\windows\system32\gdi32.dll

     

    c:\windows\system32\imm32.dll

     

    c:\windows\system32\shlwapi.dll

     

    c:\windows\system32\apphelp.dll

     

    c:\windows\system32\version.dll

     

    C:\WINDOWS\SYSTEM32\SVCHOST.EXE

    c:\windows\system32\svchost.exe

     

    c:\windows\system32\ntdll.dll

     

    c:\windows\system32\kernel32.dll

     

    c:\windows\system32\advapi32.dll

     

    c:\windows\system32\rpcrt4.dll

     

    c:\windows\system32\secur32.dll

     

    c:\windows\system32\shlwapi.dll

     

    c:\windows\system32\gdi32.dll

     

    c:\windows\system32\user32.dll

     

    c:\windows\system32\msvcrt.dll

     

    c:\windows\system32\ws2_32.dll

     

    c:\windows\system32\ws2help.dll

     

    c:\windows\system32\wininet.dll

     

    c:\windows\system32\normaliz.dll

     

    c:\windows\system32\iertutil.dll

     

    c:\windows\system32\dnsapi.dll

     

    c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\gdiplus.dll

     

    c:\windows\system32\ole32.dll

     

    c:\windows\system32\shell32.dll

     

    c:\windows\system32\imm32.dll

     

    c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

     

    c:\windows\system32\comctl32.dll

     

    c:\windows\system32\mswsock.dll

     

    c:\windows\system32\hnetcfg.dll

     

    c:\windows\system32\wshtcpip.dll

     

    c:\windows\system32\rsaenh.dll

     

    c:\windows\system32\rasadhlp.dll

     

    c:\windows\system32\svchost.exe

     

    c:\windows\system32\ntdll.dll

     

    c:\windows\system32\kernel32.dll

     

    c:\windows\system32\ws2_32.dll

     

    c:\windows\system32\advapi32.dll

     

    c:\windows\system32\rpcrt4.dll

     

    c:\windows\system32\secur32.dll

     

    c:\windows\system32\msvcrt.dll

     

    c:\windows\system32\ws2help.dll

     

    c:\windows\system32\shlwapi.dll

     

    c:\windows\system32\gdi32.dll

     

    c:\windows\system32\user32.dll

     

    c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\gdiplus.dll

     

    c:\windows\system32\ole32.dll

     

    c:\windows\system32\wininet.dll

     

    c:\windows\system32\normaliz.dll

     

    c:\windows\system32\iertutil.dll

     

    c:\windows\system32\shell32.dll

     

    c:\windows\system32\oleaut32.dll

     

    c:\windows\system32\imm32.dll

     

    c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

     

    c:\windows\system32\comctl32.dll

     

    c:\windows\system32\mswsock.dll

     

    c:\windows\system32\hnetcfg.dll

     

    c:\windows\system32\wshtcpip.dll

     

    c:\windows\system32\uxtheme.dll

     

    c:\windows\system32\rasapi32.dll

     

    c:\windows\system32\rasman.dll

     

    c:\windows\system32\netapi32.dll

     

    c:\windows\system32\tapi32.dll

     

    c:\windows\system32\rtutils.dll

     

    c:\windows\system32\winmm.dll

     

    c:\windows\system32\userenv.dll

     

    c:\windows\system32\msv1_0.dll

     

    c:\windows\system32\iphlpapi.dll

     

    c:\windows\system32\sensapi.dll

     

    c:\windows\system32\dnsapi.dll

     

    c:\windows\system32\rasadhlp.dll

     

    c:\windows\system32\urlmon.dll

     

    c:\windows\system32\clbcatq.dll

     

    c:\windows\system32\comres.dll

     

    c:\windows\system32\version.dll

     

    c:\windows\system32\msxml3.dll

     

    c:\windows\system32\xpsp2res.dll

     

    c:\windows\system32\sxs.dll

     

    c:\windows\system32\actxprxy.dll

     

    c:\windows\system32\winrnr.dll

     

    c:\windows\system32\wldap32.dll

     

    c:\windows\system32\svchost.exe

     

    c:\windows\system32\ntdll.dll

     

    c:\windows\system32\kernel32.dll

     

    c:\windows\system32\ws2_32.dll

     

    c:\windows\system32\advapi32.dll

     

    c:\windows\system32\rpcrt4.dll

     

    c:\windows\system32\secur32.dll

     

    c:\windows\system32\msvcrt.dll

     

    c:\windows\system32\ws2help.dll

     

    c:\windows\system32\shlwapi.dll

     

    c:\windows\system32\gdi32.dll

     

    c:\windows\system32\user32.dll

     

    c:\windows\system32\imm32.dll

     

    c:\windows\system32\svchost.exe

     

    c:\windows\system32\ntdll.dll

     

    c:\windows\system32\kernel32.dll

     

    c:\windows\system32\advapi32.dll

     

    c:\windows\system32\rpcrt4.dll

     

    c:\windows\system32\secur32.dll

     

    c:\windows\system32\shlwapi.dll

     

    c:\windows\system32\gdi32.dll

     

    c:\windows\system32\user32.dll

     

    c:\windows\system32\msvcrt.dll

     

    c:\windows\system32\ws2_32.dll

     

    c:\windows\system32\ws2help.dll

     

    c:\windows\system32\wininet.dll

     

    c:\windows\system32\normaliz.dll

     

    c:\windows\system32\iertutil.dll

     

    c:\windows\system32\dnsapi.dll

     

    c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\gdiplus.dll

     

    c:\windows\system32\ole32.dll

     

    c:\windows\system32\shell32.dll

     

    c:\windows\system32\imm32.dll

     

    c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

     

    c:\windows\system32\comctl32.dll

     

    c:\windows\system32\svchost.exe

     

    c:\windows\system32\ntdll.dll

     

    c:\windows\system32\kernel32.dll

     

    c:\windows\system32\ws2_32.dll

     

    c:\windows\system32\advapi32.dll

     

    c:\windows\system32\rpcrt4.dll

     

    c:\windows\system32\secur32.dll

     

    c:\windows\system32\msvcrt.dll

     

    c:\windows\system32\ws2help.dll

     

    c:\windows\system32\shlwapi.dll

     

    c:\windows\system32\gdi32.dll

     

    c:\windows\system32\user32.dll

     

    c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\gdiplus.dll

     

    c:\windows\system32\ole32.dll

     

    c:\windows\system32\wininet.dll

     

    c:\windows\system32\normaliz.dll

     

    c:\windows\system32\iertutil.dll

     

    c:\windows\system32\shell32.dll

     

    c:\windows\system32\oleaut32.dll

     

    c:\windows\system32\imm32.dll

     

    c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

     

    c:\windows\system32\comctl32.dll

     

    c:\windows\system32\mswsock.dll

     

    c:\windows\system32\hnetcfg.dll

     

    c:\windows\system32\wshtcpip.dll

     

    c:\windows\system32\svchost.exe

     

    c:\windows\system32\ntdll.dll

     

    c:\windows\system32\kernel32.dll

     

    c:\windows\system32\ws2_32.dll

     

    c:\windows\system32\advapi32.dll

     

    c:\windows\system32\rpcrt4.dll

     

    c:\windows\system32\secur32.dll

     

    c:\windows\system32\msvcrt.dll

     

    c:\windows\system32\ws2help.dll

     

    c:\windows\system32\shlwapi.dll

     

    c:\windows\system32\gdi32.dll

     

    c:\windows\system32\user32.dll

     

    c:\windows\system32\imm32.dll

     

    C:\DOCUME~1\MAHAMED\LOCALS~1\TEMP\EE6F.TMP

    c:\docume~1\mahamed\locals~1\temp\ee6f.tmp

     

    c:\windows\system32\ntdll.dll

     

    c:\windows\system32\kernel32.dll

     

    c:\windows\system32\gdi32.dll

     

    c:\windows\system32\user32.dll

     

    c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\gdiplus.dll

     

    c:\windows\system32\advapi32.dll

     

    c:\windows\system32\rpcrt4.dll

     

    c:\windows\system32\secur32.dll

     

    c:\windows\system32\ole32.dll

     

    c:\windows\system32\msvcrt.dll

     

    c:\windows\system32\oleaut32.dll

     

    c:\windows\system32\shell32.dll

     

    c:\windows\system32\shlwapi.dll

     

    c:\windows\system32\wininet.dll

     

    c:\windows\system32\normaliz.dll

     

    c:\windows\system32\iertutil.dll

     

    c:\windows\system32\winmm.dll

     

    c:\windows\system32\ws2_32.dll

     

    c:\windows\system32\ws2help.dll

     

    c:\windows\system32\shimeng.dll

     

    c:\windows\apppatch\acgenral.dll

     

    c:\windows\system32\msacm32.dll

     

    c:\windows\system32\version.dll

     

    c:\windows\system32\userenv.dll

     

    c:\windows\system32\uxtheme.dll

     

    c:\windows\system32\imm32.dll

     

    c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

     

    c:\windows\system32\comctl32.dll

     

    c:\windows\system32\dnsapi.dll

     

    c:\windows\system32\rasapi32.dll

     

    c:\windows\system32\rasman.dll

     

    c:\windows\system32\netapi32.dll

     

    c:\windows\system32\tapi32.dll

     

    c:\windows\system32\rtutils.dll

     

    c:\windows\system32\msv1_0.dll

     

    c:\windows\system32\iphlpapi.dll

     

    c:\windows\system32\sensapi.dll

     

    c:\windows\system32\mswsock.dll

     

    c:\windows\system32\rasadhlp.dll

     

    c:\windows\system32\hnetcfg.dll

     

    c:\windows\system32\wshtcpip.dll

     

    c:\windows\system32\crypt32.dll

     

    c:\windows\system32\msasn1.dll

     

    c:\windows\system32\wintrust.dll

     

    c:\windows\system32\imagehlp.dll

     

    c:\windows\system32\schannel.dll

     

    c:\windows\system32\apphelp.dll

     

    c:\windows\system32\rsaenh.dll

     

    c:\windows\system32\dssenh.dll

     

    c:\windows\system32\xpsp2res.dll

     

    c:\windows\system32\cryptnet.dll

     

    c:\windows\system32\psapi.dll

     

    c:\windows\system32\winhttp.dll

     

    c:\windows\system32\wldap32.dll

     

    c:\windows\system32\cabinet.dll

     

    c:\windows\system32\winrnr.dll

     

    c:\windows\system32\urlmon.dll

     

    c:\docume~1\mahamed\locals~1\temp\ee6f.tmp

     

    c:\windows\system32\ntdll.dll

     

    c:\windows\system32\kernel32.dll

     

    c:\windows\system32\gdi32.dll

     

    c:\windows\system32\user32.dll

     

    c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\gdiplus.dll

     

    c:\windows\system32\advapi32.dll

     

    c:\windows\system32\rpcrt4.dll

     

    c:\windows\system32\secur32.dll

     

    c:\windows\system32\ole32.dll

     

    c:\windows\system32\msvcrt.dll

     

    c:\windows\system32\oleaut32.dll

     

    c:\windows\system32\shell32.dll

     

    c:\windows\system32\shlwapi.dll

     

    c:\windows\system32\wininet.dll

     

    c:\windows\system32\normaliz.dll

     

    c:\windows\system32\iertutil.dll

     

    c:\windows\system32\winmm.dll

     

    c:\windows\system32\ws2_32.dll

     

    c:\windows\system32\ws2help.dll

     

    c:\windows\system32\shimeng.dll

     

    c:\windows\apppatch\acgenral.dll

     

    c:\windows\system32\msacm32.dll

     

    c:\windows\system32\version.dll

     

    c:\windows\system32\userenv.dll

     

    c:\windows\system32\uxtheme.dll

     

    c:\windows\system32\imm32.dll

     

    c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

     

    c:\windows\system32\comctl32.dll

     

    c:\windows\system32\dnsapi.dll

     

    c:\windows\system32\rasapi32.dll

     

    c:\windows\system32\rasman.dll

     

    c:\windows\system32\netapi32.dll

     

    c:\windows\system32\tapi32.dll

     

    c:\windows\system32\rtutils.dll

     

    c:\windows\system32\msv1_0.dll

     

    c:\windows\system32\iphlpapi.dll

     

    c:\windows\system32\sensapi.dll

     

    c:\windows\system32\mswsock.dll

     

    c:\windows\system32\rasadhlp.dll

     

    c:\windows\system32\hnetcfg.dll

     

    c:\windows\system32\wshtcpip.dll

     

    c:\windows\system32\winrnr.dll

     

    c:\windows\system32\wldap32.dll

     

    c:\windows\system32\crypt32.dll

     

    c:\windows\system32\msasn1.dll

     

    c:\windows\system32\wintrust.dll

     

    c:\windows\system32\imagehlp.dll

     

    c:\windows\system32\schannel.dll

     

    c:\windows\system32\rsaenh.dll

     

    c:\windows\system32\dssenh.dll

     

    c:\windows\system32\xpsp2res.dll

     

    c:\windows\system32\cryptnet.dll

     

    c:\windows\system32\psapi.dll

     

    c:\windows\system32\winhttp.dll

     

    c:\windows\system32\cabinet.dll

     

    c:\windows\system32\msctf.dll

     

    c:\windows\system32\apphelp.dll

     

    c:\windows\system32\msctfime.ime

     

    c:\windows\system32\clbcatq.dll

     

    c:\windows\system32\comres.dll

     

    c:\windows\system32\ieframe.dll

     

    c:\windows\system32\urlmon.dll

     

    c:\windows\system32\mshtml.dll

     

    c:\windows\system32\msls31.dll

     

    c:\windows\system32\mlang.dll

     

    c:\windows\system32\msimtf.dll

     

    C:\PROGRAM FILES\LAVASOFT\AD-AWARE\AD-AWARE.EXE

    c:\program files\lavasoft\ad-aware\ad-aware.exe

     

    c:\windows\system32\ntdll.dll

     

    c:\windows\system32\kernel32.dll

     

    c:\windows\system32\oleaut32.dll

     

    c:\windows\system32\advapi32.dll

     

    c:\windows\system32\rpcrt4.dll

     

    c:\windows\system32\secur32.dll

     

    c:\windows\system32\gdi32.dll

     

    c:\windows\system32\user32.dll

     

    c:\windows\system32\msvcrt.dll

     

    c:\windows\system32\ole32.dll

     

    c:\windows\system32\version.dll

     

    c:\windows\system32\comctl32.dll

     

    c:\windows\system32\imm32.dll

     

    c:\windows\system32\shell32.dll

     

    c:\windows\system32\shlwapi.dll

     

    c:\windows\system32\comdlg32.dll

     

    c:\program files\lavasoft\ad-aware\lavalicense.dll

     

    c:\windows\system32\wininet.dll

     

    c:\windows\system32\normaliz.dll

     

    c:\windows\system32\iertutil.dll

     

    c:\windows\system32\winmm.dll

     

    c:\windows\system32\oleacc.dll

     

    c:\windows\system32\msvcp60.dll

     

    c:\windows\system32\shfolder.dll

     

    c:\windows\system32\shimeng.dll

     

    c:\windows\apppatch\acgenral.dll

     

    c:\windows\system32\msacm32.dll

     

    c:\windows\system32\userenv.dll

     

    c:\windows\system32\uxtheme.dll

     

    c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

     

    c:\windows\system32\msctf.dll

     

    c:\windows\system32\apphelp.dll

     

    c:\windows\system32\msctfime.ime

     

    c:\windows\system32\setupapi.dll

     

    c:\windows\system32\clbcatq.dll

     

    c:\windows\system32\comres.dll

     

    c:\program files\microsoft office\office12\grooveshellextensions.dll

     

    c:\program files\microsoft office\office12\grooveutil.dll

     

    c:\windows\system32\crypt32.dll

     

    c:\windows\system32\msasn1.dll

     

    c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcr80.dll

     

    c:\program files\microsoft office\office12\groovenew.dll

     

    c:\windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\atl80.dll

     

    c:\windows\system32\rsaenh.dll

     

    c:\windows\system32\msimg32.dll

     

    c:\windows\system32\olepro32.dll

     

    c:\program files\lavasoft\ad-aware\lavamessage.dll

     

    c:\windows\system32\ntmarta.dll

     

    c:\windows\system32\samlib.dll

     

    c:\windows\system32\wldap32.dll

     

    C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE

    c:\program files\mozilla firefox\firefox.exe

     

    c:\windows\system32\ntdll.dll

     

    c:\windows\system32\kernel32.dll

     

    c:\program files\mozilla firefox\xul.dll

     

    c:\program files\mozilla firefox\sqlite3.dll

     

    c:\program files\mozilla firefox\mozcrt19.dll

     

    c:\windows\system32\msvcrt.dll

     

    c:\program files\mozilla firefox\js3250.dll

     

    c:\program files\mozilla firefox\nspr4.dll

     

    c:\windows\system32\advapi32.dll

     

    c:\windows\system32\rpcrt4.dll

     

    c:\windows\system32\secur32.dll

     

    c:\windows\system32\wsock32.dll

     

    c:\windows\system32\ws2_32.dll

     

    c:\windows\system32\ws2help.dll

     

    c:\windows\system32\winmm.dll

     

    c:\windows\system32\gdi32.dll

     

    c:\windows\system32\user32.dll

     

    c:\program files\mozilla firefox\smime3.dll

     

    c:\program files\mozilla firefox\nss3.dll

     

    c:\program files\mozilla firefox\nssutil3.dll

     

    c:\program files\mozilla firefox\plc4.dll

     

    c:\program files\mozilla firefox\plds4.dll

     

    c:\program files\mozilla firefox\ssl3.dll

     

    c:\windows\system32\shell32.dll

     

    c:\windows\system32\shlwapi.dll

     

    c:\windows\system32\ole32.dll

     

    c:\windows\system32\version.dll

     

    c:\windows\system32\winspool.drv

     

    c:\windows\system32\comdlg32.dll

     

    c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

     

    c:\windows\system32\imm32.dll

     

    c:\windows\system32\msimg32.dll

     

    c:\windows\system32\usp10.dll

     

    c:\windows\system32\oleaut32.dll

     

    c:\program files\mozilla firefox\xpcom.dll

     

    c:\windows\system32\shimeng.dll

     

    c:\windows\apppatch\acgenral.dll

     

    c:\windows\system32\msacm32.dll

     

    c:\windows\system32\userenv.dll

     

    c:\windows\system32\uxtheme.dll

     

    c:\windows\system32\dbghelp.dll

     

    c:\windows\system32\msctf.dll

     

    c:\windows\system32\setupapi.dll

     

    c:\windows\system32\apphelp.dll

     

    c:\windows\system32\msctfime.ime

     

    c:\windows\system32\clbcatq.dll

     

    c:\windows\system32\comres.dll

     

    End of Scan Section

    ===========================

    0
  • Customer

    Do this after Kaspersky

     

    1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

     

    O4 - HKLM\..\Run: [system Config Boot] syscgboot.exe

     

    2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

     

     

     

    Then post a new HJT log

    0
  • Customer

    Mozilla Firefox suddenly crashed while i was scanning with Kaspersky. Going to scan with Kaspersky on Saturday because im too busy with my exams today and tomorrow. Then i'll follow the next steps you told me.

     

    Thanks again

    0
  • Customer

    The Kasperksy online scan website doesn't work again and when i try to open HijackThis or anything from the Control Panel i get an Application Error.

    0
  • Customer

    explorer.exe crashed and wasn't starting up. My task manager was also disabled so i was forced to use system restore.

    It fixed the Application error but the Kaspersky online scan website still doesn't work.

    Task manager works now and i have 22 svchost.exe again and, iexplore.exe is running too.

    0
  • Customer

    Do this after Kaspersky

     

    1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

     

    O4 - HKLM\..\Run: [system Config Boot] syscgboot.exe

     

    2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

    Then post a new HJT log


     

    The Kaspersky website still doesn't work.

    Here is the new HJT Log after checking O4 - HKLM\..\Run: [system Config Boot] syscgboot.exe and clicking "Fix Checked".

     

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 11:24:37, on 20/11/2008

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.5730.0013)

    Boot mode: Normal

     

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Java\jre6\bin\jqs.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

    C:\Program Files\Java\jre6\bin\jusched.exe

    C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

     

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    O2 - BHO: (no name) - {BF95FDC3-8AA3-4480-833F-A5CB31A26602} - C:\WINDOWS\system32\pmnnLEXo.dll

    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [reader] C:\WINDOWS\System32\reader.exe

    O4 - HKLM\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe

    O4 - HKLM\..\Run: [NvSvc] C:\WINDOWS\system32\nvsvc32.exe

    O4 - HKLM\..\Run: [system Config Boot] syscgboot.exe

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1221311057437

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1221801125421

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

    O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    O20 - Winlogon Notify: crypt - C:\WINDOWS\SYSTEM32\crypts.dll

    O20 - Winlogon Notify: efcDUkIy - C:\WINDOWS\SYSTEM32\efcDUkIy.dll

    O20 - Winlogon Notify: hcfnujod - C:\WINDOWS\SYSTEM32\hcfnujod.dll

    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

    O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe

    O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

    O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe

    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

     

    --

    End of file - 5054 bytes

    0
  • Customer

    Something is returning

     

    Download ComboFix from one of these locations:

     

    Link 1

    Link 2

    Link 3

     

     

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

     


    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
       
       


    • Double click on ComboFix.exe & follow the prompts.
       
       


    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
       
       


    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.



    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

     

     


     

     

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

     

     

     

    Click on Yes, to continue scanning for malware.

     

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    0
  • Customer

    ComboFix 08-11-19.08 - Mahamed 2008-11-21 17:51:19.5 - NTFSx86

    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.174 [GMT 11:00]

    Running from: c:\documents and settings\Mahamed\Desktop\ComboFix.exe

    * Created a new restore point

    .

    ADS - svchost.exe: deleted 37376 bytes in 1 streams.

     

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

     

    c:\windows\ctfmon.exe

    c:\windows\system\_sv_CMD_

    c:\windows\system\_sv_CMD_\_U_.exe

    c:\windows\system32\__c0047B94.dat

    c:\windows\system32\__c009A4F9.dat

    c:\windows\system32\__c00D38B1.dat

    c:\windows\system32\A.tmp

    c:\windows\system32\ahwxsfgv.dll

    c:\windows\system32\crypts.dll

    c:\windows\system32\D.tmp

    c:\windows\system32\drivers\ati5imxx.sys

    c:\windows\system32\drivers\ntndis.exe

    c:\windows\system32\drivers\ntndis.sys

    c:\windows\system32\E.tmp

    c:\windows\system32\hcfnujod.dll

    c:\windows\system32\hcfnujod32(2)(2).dll

    c:\windows\system32\hcfnujod32.dll

    c:\windows\system32\jkkLBstS.dll

    c:\windows\system32\mcrh.tmp

    c:\windows\system32\oXELnnmp.ini

    c:\windows\system32\qgukdjmx.ini

    c:\windows\system32\rqRIbxxv.dll

    c:\windows\system32\rs32net.exe

    c:\windows\system32\StsBLkkj.ini

    c:\windows\system32\StsBLkkj.ini2

    c:\windows\system32\uhoggs.dll

    c:\windows\system32\wfsqbggf.dll

    c:\windows\system32\xmjdkugq.dll

    c:\windows\Tasks\bakueynm.job

     

    c:\windows\system32\lsass.exe . . . is infected!!

     

    c:\windows\system32\winlogon.exe . . . is infected!!

     

    c:\windows\system32\services.exe . . . is infected!!

     

    c:\windows\system32\svchost.exe . . . is infected!!

     

    c:\windows\system32\spoolsv.exe . . . is infected!!

     

    c:\windows\explorer.exe . . . is infected!!

     

    .

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .

     

    -------\Legacy_ATI5IMXX

    -------\Legacy_FCI

    -------\Legacy_ICF

    -------\Legacy_LPTRDCSRV

    -------\Legacy_TCPSR

    -------\Service_ati5imxx

    -------\Service_FCI

    -------\Service_ICF

    -------\Service_tcpsr

     

     

    ((((((((((((((((((((((((( Files Created from 2008-10-21 to 2008-11-21 )))))))))))))))))))))))))))))))

    .

     

    2008-12-22 15:59 . 2008-12-22 15:59 447,200 --a------ c:\windows\system32\OpenQuicktimeLib.dll

    2008-12-22 15:59 . 2008-12-22 15:59 332,512 --a------ c:\windows\system32\3ivxVfWCodec.dll

    2008-12-22 15:59 . 2008-12-22 15:59 25,312 --a------ c:\windows\system32\SamsungVfWCodec.dll

    2008-12-22 15:59 . 2008-12-22 15:59 25,312 --a------ c:\windows\system32\DivXVfWCodec.dll

    2008-12-22 15:58 . 2008-12-22 15:58 1,155,808 --a------ c:\windows\system32\3ivx.dll

    2008-12-22 15:52 . 2008-12-22 15:52 66,272 --a------ c:\windows\system32\libfaac.dll

    2008-11-21 00:09 . 2008-11-21 00:09 38,400 --a------ c:\windows\system32\geBrOefg.dll

    2008-11-21 00:08 . 2008-11-21 00:08 88 --a------ c:\windows\system32\B.tmp

    2008-11-21 00:08 . 2008-11-21 00:08 0 --a------ c:\windows\system32\14.tmp

    2008-11-20 23:29 . 2008-11-20 23:29 38,400 --a------ c:\windows\system32\geBsSLDw.dll

    2008-11-20 22:05 . 2008-11-20 22:05 88 --a------ c:\windows\system32\18.tmp

    2008-11-20 22:05 . 2008-11-20 22:05 0 --a------ c:\windows\system32\1B.tmp

    2008-11-20 21:33 . 2008-11-20 21:33 88 --a------ c:\windows\system32\3.tmp

    2008-11-20 21:33 . 2008-11-20 21:33 0 --a------ c:\windows\system32\7.tmp

    2008-11-20 15:41 . 2008-11-20 15:42 245,760 --a------ c:\windows\system32\pmnnLEXo.dll

    2008-11-20 15:36 . 2008-11-20 15:36 38,400 --a------ c:\windows\system32\efcDUkIy.dll

    2008-11-20 15:34 . 2008-11-20 15:34 88 --a------ c:\windows\system32\2.tmp

    2008-11-20 15:34 . 2008-11-20 15:34 0 --a------ c:\windows\system32\5.tmp

    2008-11-20 13:48 . 2008-11-20 13:48 0 --a------ c:\windows\system32\A2.tmp

    2008-11-20 12:42 . 2008-11-20 12:42 0 --a------ c:\windows\system32\7B.tmp

    2008-11-19 22:01 . 2008-11-19 22:01 0 --a------ c:\windows\system32\16.tmp

    2008-11-19 22:00 . 2008-11-19 22:00 88 --a------ c:\windows\system32\12.tmp

    2008-11-19 18:14 . 2008-11-19 18:14 88 --a------ c:\windows\system32\67.tmp

    2008-11-19 18:14 . 2008-11-19 18:14 0 --a------ c:\windows\system32\6A.tmp

    2008-11-19 17:21 . 2008-11-19 17:21 244 --ah----- C:\sqmnoopt07.sqm

    2008-11-19 17:21 . 2008-11-19 17:21 232 --ah----- C:\sqmdata07.sqm

    2008-11-19 13:50 . 2008-11-19 13:50 64,512 --a------ c:\windows\system32\nvsvc32.exe

    2008-11-19 13:43 . 2008-11-19 13:43 132 --a------ c:\windows\system32\8.tmp

    2008-11-19 13:43 . 2008-11-19 13:43 0 --a------ c:\windows\system32\C.tmp

    2008-11-18 22:45 . 2008-11-18 22:45 0 --a------ c:\windows\system32\20.tmp

    2008-11-18 22:36 . 2008-11-18 22:36 0 --a------ c:\windows\system32\17.tmp

    2008-11-18 22:27 . 2008-11-18 22:27 0 --a------ c:\windows\system32\11.tmp

    2008-11-18 18:21 . 2008-11-18 18:21 80,896 --a------ c:\windows\system32\10.tmp

    2008-11-18 18:21 . 2008-11-18 18:21 132 --a------ c:\windows\system32\F.tmp

    2008-11-18 18:21 . 2008-11-18 18:21 0 --a------ c:\windows\system32\13.tmp

    2008-11-18 16:57 . 2008-11-18 16:57 80,896 --a------ c:\windows\system32\DC2.tmp

    2008-11-18 16:57 . 2008-11-18 16:57 0 --a------ c:\windows\system32\DC5.tmp

    2008-11-18 16:56 . 2008-11-18 16:57 132 --a------ c:\windows\system32\DC1.tmp

    2008-11-18 15:44 . 2008-11-20 19:11 32,768 --a------ c:\windows\system32\drivers\ati5imxx(5).sys

    2008-11-18 15:44 . 2008-11-20 21:11 32,768 --a------ c:\windows\system32\drivers\ati5imxx(4).sys

    2008-11-18 15:44 . 2008-11-20 21:34 32,768 --a------ c:\windows\system32\drivers\ati5imxx(3).sys

    2008-11-18 15:44 . 2008-11-20 15:36 32,768 --a------ c:\windows\system32\drivers\ati5imxx(2).sys

    2008-11-18 15:44 . 2008-11-18 15:44 0 --a------ c:\windows\system32\81.tmp

    2008-11-18 15:43 . 2008-11-18 15:43 80,896 --a------ c:\windows\system32\7E.tmp

    2008-11-18 15:43 . 2008-11-18 15:43 132 --a------ c:\windows\system32\7D.tmp

    2008-11-17 20:28 . 2008-11-17 20:28 12,800 --a------ c:\windows\system32\74.tmp

    2008-11-17 20:28 . 2008-11-17 20:28 0 --a------ c:\windows\system32\77.tmp

    2008-11-17 20:27 . 2008-11-17 20:28 88 --a------ c:\windows\system32\70.tmp

    2008-11-17 19:37 . 2008-11-21 00:08 31,744 --a------ c:\windows\system32\reader.exe

    2008-11-17 19:37 . 2008-11-17 19:37 12,800 --a------ c:\windows\system32\2F.tmp

    2008-11-17 19:37 . 2008-11-17 19:37 128 --a------ c:\windows\system32\2E.tmp

    2008-11-17 19:37 . 2008-11-17 19:37 0 --a------ c:\windows\system32\32.tmp

    2008-11-17 19:35 . 2008-11-03 13:18 36,864 -rahs---- c:\windows\system32\syscgboot.exe

    2008-11-17 14:23 . 2008-11-17 14:23 44 --a------ c:\windows\system32\4E.tmp

    2008-11-17 14:23 . 2008-11-17 14:23 0 --a------ c:\windows\system32\50.tmp

    2008-11-17 13:53 . 2008-11-17 13:53 44 --a------ c:\windows\system32\35.tmp

    2008-11-17 13:53 . 2008-11-17 13:53 0 --a------ c:\windows\system32\37.tmp

    2008-11-17 00:45 . 2008-11-17 00:45 44 --a------ c:\windows\system32\88.tmp

    2008-11-17 00:45 . 2008-11-17 00:45 0 --a------ c:\windows\system32\8A.tmp

    2008-11-16 17:40 . 2008-11-16 17:40 44 --a------ c:\windows\system32\2A.tmp

    2008-11-16 17:40 . 2008-11-16 17:40 0 --a------ c:\windows\system32\2D.tmp

    2008-11-15 14:19 . 2008-11-15 14:19 207,360 --a--c--- c:\windows\system32\dllcache\ndis.sys

    2008-11-15 11:46 . 2008-11-15 11:46 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll

    2008-11-15 11:42 . 2008-11-15 11:42 <DIR> d-------- c:\windows\ERUNT

    2008-11-15 11:18 . 2008-11-15 12:02 <DIR> d-------- C:\SDFix

    2008-11-15 09:29 . 2008-11-15 09:29 <DIR> d-------- C:\_OTMoveIt

    2008-11-15 08:35 . 2008-11-15 09:10 <DIR> d-------- C:\Lop SD

    2008-11-14 19:54 . 2008-11-14 19:54 <DIR> d-------- c:\program files\Trend Micro

    2008-11-12 19:13 . 2008-11-12 19:13 <DIR> d-------- c:\documents and settings\Administrator\DoctorWeb

    2008-11-12 18:49 . 2008-11-12 18:49 <DIR> d-------- c:\documents and settings\Mahamed\DoctorWeb

    2008-11-12 17:07 . 2008-11-12 18:28 <DIR> d-------- c:\program files\Enigma Software Group

    2008-11-12 16:17 . 2008-11-12 16:28 15,083,520 --a------ c:\program files\spybotsd160.exe

    2008-11-12 16:00 . 2008-11-12 16:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET

    2008-11-12 15:54 . 2008-11-13 17:25 <DIR> d-------- c:\program files\RogueRemover FREE

    2008-11-12 15:53 . 2008-09-05 04:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll

    2008-11-12 15:53 . 2008-10-24 22:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

    2008-11-12 10:57 . 2008-11-12 10:57 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\Apple Computer

    2008-11-11 20:14 . 2008-11-13 18:35 <DIR> d-------- c:\program files\Lavasoft

    2008-11-11 19:37 . 2008-11-11 19:59 25,129,080 --a------ c:\program files\antivir_workstation_winu_en_h(2).exe

    2008-11-11 17:01 . 2008-11-11 17:17 23,804,784 --a------ c:\program files\aaw2008.exe

    2008-11-10 17:56 . 2008-11-10 17:56 <DIR> d-------- c:\program files\Alwil Software

    2008-11-09 10:56 . 2008-11-09 10:56 <DIR> d-------- c:\program files\3ivx

    2008-11-09 10:04 . 2008-11-09 10:49 <DIR> d-------- c:\windows\system32\quicktime

    2008-11-09 09:49 . 2008-11-13 18:20 <DIR> d-------- c:\program files\QuickTime

    2008-11-09 09:39 . 2008-11-09 09:40 <DIR> d-------- c:\program files\Service Packs

    2008-11-08 11:02 . 2008-11-14 02:15 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\LimeWire

    2008-11-08 11:01 . 2008-11-13 13:26 <DIR> d-------- c:\program files\LimeWire

    2008-11-07 23:18 . 2008-11-07 23:18 <DIR> d-------- c:\windows\Sun

    2008-11-07 19:16 . 2008-11-10 18:45 <DIR> d-------- c:\program files\DNA

    2008-11-07 19:16 . 2008-11-10 23:07 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\DNA

    2008-11-07 17:54 . 2008-11-07 20:25 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\DivX

    2008-11-07 17:15 . 2008-11-07 17:17 <DIR> d-------- c:\program files\DivX

    2008-11-06 22:31 . 2008-11-06 22:31 <DIR> d-------- c:\program files\Sun

    2008-11-06 22:28 . 2008-11-06 22:27 410,976 --a------ c:\windows\system32\deploytk.dll

    2008-11-06 22:28 . 2008-11-06 22:27 73,728 --a------ c:\windows\system32\javacpl.cpl

    2008-11-06 22:27 . 2008-11-06 22:27 <DIR> d-------- c:\program files\Java

    2008-11-04 18:23 . 2008-11-04 18:25 <DIR> d-------- c:\windows\system32\NtmsData

    2008-11-04 10:08 . 2008-11-04 10:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

    2008-11-04 10:07 . 2008-11-13 17:23 <DIR> d-------- c:\program files\SUPERAntiSpyware

    2008-11-04 10:07 . 2008-11-04 10:07 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\SUPERAntiSpyware.com

    2008-11-04 10:04 . 2008-11-13 18:34 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard

    2008-11-03 20:04 . 2008-11-03 20:04 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\Windows Search

    2008-11-03 18:53 . 2008-11-12 10:42 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\Comodo

    2008-11-03 15:00 . 2008-11-12 10:42 <DIR> d-------- c:\program files\COMODO

    2008-11-03 09:17 . 2008-11-03 09:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\MSN6

    2008-11-03 09:12 . 2008-11-20 23:18 <DIR> d-------- c:\documents and settings\Administrator

    2008-11-03 08:09 . 2008-11-03 09:15 <DIR> d-------- c:\program files\Smart Virus Remover

    2008-11-03 01:16 . 2008-11-03 01:16 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\MSN6

    2008-10-29 09:36 . 2008-10-29 09:36 823,296 --a------ c:\windows\system32\divx_xx0c.dll

    2008-10-29 09:36 . 2008-10-29 09:36 823,296 --a------ c:\windows\system32\divx_xx07.dll

    2008-10-29 09:35 . 2008-10-29 09:35 815,104 --a------ c:\windows\system32\divx_xx0a.dll

    2008-10-29 09:35 . 2008-10-29 09:35 802,816 --a------ c:\windows\system32\divx_xx11.dll

    2008-10-28 03:44 . 2008-10-28 03:44 <DIR> d-------- c:\program files\Common Files\xing shared

    2008-10-28 03:43 . 2008-10-28 03:43 <DIR> d-------- c:\program files\Real

    2008-10-26 22:21 . 2008-10-26 22:21 <DIR> d-------- c:\program files\Real Alternative

    2008-10-26 22:21 . 2008-10-28 03:44 <DIR> d-------- c:\program files\Common Files\Real

    2008-10-25 19:18 . 2008-10-25 19:18 <DIR> d-------- c:\documents and settings\Mahamed\Application Data\Windows Desktop Search

    2008-10-25 19:16 . 2008-10-25 19:16 <DIR> d-------- c:\windows\system32\GroupPolicy

    2008-10-25 19:16 . 2008-10-25 19:16 <DIR> d-------- c:\program files\Windows Desktop Search

    2008-10-25 19:15 . 2008-03-08 04:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll

    2008-10-25 19:15 . 2008-03-08 04:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll

    2008-10-25 19:15 . 2008-03-08 04:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll

    2008-10-25 19:14 . 2008-10-25 19:14 <DIR> d-------- c:\program files\CONEXANT

    2008-10-25 19:13 . 2008-10-16 03:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

    2008-10-25 17:16 . 2008-10-25 17:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8

     

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2008-11-21 00:21 23,040 ----a-w c:\windows\system32\svchost.exe

    2008-11-20 11:37 23,040 ----a-w c:\windows\system32\svchost(2)(2).exe

    2008-11-15 04:52 --------- d-----w c:\program files\Malwarebytes' Anti-Malware

    2008-11-15 03:19 207,360 ----a-w c:\windows\system32\drivers\ndis.sys

    2008-11-14 21:20 --------- d-----w c:\program files\Common Files\Adobe

    2008-11-12 05:43 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

    2008-11-12 05:24 --------- d-----w c:\program files\QuickGamma

    2008-11-12 05:24 --------- d-----w c:\program files\Free FLV Converter

    2008-11-12 02:16 19,762 ----a-w c:\program files\Common Files\ynojysu.ban

    2008-11-07 08:06 263 ----a-w c:\program files\gapa.ini

    2008-11-03 05:58 --------- d-----w c:\documents and settings\All Users\Application Data\STOPzilla!

    2008-10-27 16:43 499,712 ----a-w c:\windows\system32\msvcp71.dll

    2008-10-27 16:43 348,160 ----a-w c:\windows\system32\msvcr71.dll

    2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys

    2008-10-22 05:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

    2008-10-22 05:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

    2008-10-21 06:31 --------- d-----w c:\documents and settings\Mahamed\Application Data\uTorrent

    2008-10-18 03:38 --------- d-----w c:\program files\Windows Media Connect 2

    2008-10-09 21:58 94,208 ----a-w c:\windows\system32\o4Patch.exe

    2008-10-09 21:58 94,208 ----a-w c:\windows\system32\IEDFix.C.exe

    2008-10-03 01:13 --------- d-----w c:\documents and settings\Mahamed\Application Data\Media Player Classic

    2008-10-03 00:49 --------- d-----w c:\program files\Combined Community Codec Pack

    2008-10-02 07:53 --------- d-----w c:\program files\Common Files\DVDVideoSoft

    2008-10-02 07:53 --------- d-----w c:\program files\AskBarDis

    2008-10-01 04:51 98,816 ----a-w c:\windows\system32\VACFix.exe

    2008-09-30 05:28 --------- d-----w c:\program files\Xvid

    2008-09-25 09:10 --------- d-----w c:\program files\NOS

    2008-09-25 09:10 --------- d-----w c:\documents and settings\All Users\Application Data\NOS

    2008-09-25 08:13 --------- d-----w c:\documents and settings\Mahamed\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

    2008-09-25 08:11 --------- d-----w c:\program files\Common Files\Adobe AIR

    2008-09-25 08:03 81,920 ----a-w c:\windows\system32\dpl100.dll

    2008-09-25 08:03 593,920 ----a-w c:\windows\system32\dpuGUI11.dll

    2008-09-25 08:03 57,344 ----a-w c:\windows\system32\dpv11.dll

    2008-09-25 08:03 536,576 ----a-w c:\windows\system32\DivXsm.exe

    2008-09-25 08:03 53,248 ----a-w c:\windows\system32\dpuGUI10.dll

    2008-09-25 08:03 344,064 ----a-w c:\windows\system32\dpus11.dll

    2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu11.dll

    2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu10.dll

    2008-09-25 08:03 196,608 ----a-w c:\windows\system32\dtu100.dll

    2008-09-25 08:03 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe

    2008-09-23 02:51 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!

    2008-09-22 11:00 --------- d-----w c:\program files\Messenger Plus! Live

    2008-09-21 02:04 --------- d-----w c:\program files\Windows Live

    2008-09-21 02:02 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller

    2008-09-21 01:55 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller

    2008-09-19 21:57 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll

    2008-09-19 21:57 129,784 ----a-w c:\windows\system32\pxafs.dll

    2008-09-19 21:57 120,056 ----a-w c:\windows\system32\pxcpyi64.exe

    2008-09-19 21:57 118,520 ----a-w c:\windows\system32\pxinsi64.exe

    2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll

    2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll

    2008-09-19 21:54 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll

    2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys

    2008-09-12 18:30 278,528 ----a-w c:\windows\system32\TubeFinder.exe

    2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll

    2008-09-08 12:38 99,840 ----a-w c:\windows\system32\AntiXPVSTFix.exe

    2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll

    .

     

    ------- Sigcheck -------

     

    2004-08-04 01:56 14336 5de5b5c556f04f26dd6068267644a8ca c:\windows\$NtServicePackUninstall$\svchost.exe

    2008-04-14 06:42 23040 06fcb16ca84dcc11302fd1854b6b246c c:\windows\ServicePackFiles\i386\svchost.exe

    2004-08-04 18:56 23040 385a7e4e53c27ae4047816c5ec582f5e c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\svchost.exe

    2008-11-21 11:21 23040 06fcb16ca84dcc11302fd1854b6b246c c:\windows\system32\svchost.exe

     

    2004-08-04 01:56 502272 19f92aaf6870b66d25b351e230abc6ea c:\windows\$NtServicePackUninstall$\winlogon.exe

    2008-04-14 06:42 516608 808f4f0941af51bd295eded8071a286b c:\windows\ServicePackFiles\i386\winlogon.exe

    2004-08-04 18:56 510976 8c45beb4d178e0b993ca55ab14ce53fd c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\winlogon.exe

    2004-08-04 01:56 502272 19f92aaf6870b66d25b351e230abc6ea c:\windows\system32\winlogon.exe

     

    2004-08-04 00:14 182912 1df7f42665c94b825322fae71721130d c:\windows\$NtServicePackUninstall$\ndis.sys

    2008-04-14 01:50 182656 1df7f42665c94b825322fae71721130d c:\windows\ServicePackFiles\i386\ndis.sys

    2004-08-04 17:14 182912 1df7f42665c94b825322fae71721130d c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ndis.sys

    2008-11-15 14:19 207360 1df7f42665c94b825322fae71721130d c:\windows\system32\dllcache\ndis.sys

    2008-11-15 14:19 207360 1df7f42665c94b825322fae71721130d c:\windows\system32\drivers\ndis.sys

     

    2004-08-04 01:56 1032192 56195559d22a24d39c0d04b954fb1901 c:\windows\explorer.exe

    2004-08-04 01:56 1032192 56195559d22a24d39c0d04b954fb1901 c:\windows\$NtServicePackUninstall$\explorer.exe

    2008-04-14 06:42 1042432 8aab8f71347002bc2ac64ae0beb5e905 c:\windows\ServicePackFiles\i386\explorer.exe

    2004-08-04 18:56 1040896 0c8ec25cd14642a3cd74d794176645b5 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\explorer.exe

     

    2004-08-04 01:56 108032 1800469178c252c5977f711b468c00a1 c:\windows\$NtServicePackUninstall$\services.exe

    2008-04-14 06:42 117248 ef1758444f1504c33b79c26a5926d69b c:\windows\ServicePackFiles\i386\services.exe

    2004-08-04 18:56 116736 b83fefe879296a209915092ee67437fa c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\services.exe

    2004-08-04 01:56 108032 1800469178c252c5977f711b468c00a1 c:\windows\system32\services.exe

     

    2004-08-04 01:56 13312 5877be9b08f740e5bd64e7c86608a93f c:\windows\$NtServicePackUninstall$\lsass.exe

    2008-04-14 06:42 22016 0df2519a636ddbf74e43c73f6db43943 c:\windows\ServicePackFiles\i386\lsass.exe

    2004-08-04 18:56 22016 0b6bba57a1bb9998e542d911e27b5bd6 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\lsass.exe

    2004-08-04 01:56 13312 5877be9b08f740e5bd64e7c86608a93f c:\windows\system32\lsass.exe

     

    2004-08-04 01:56 15360 fe408f07f63eece65f4e3f8ce09030d5 c:\windows\$NtServicePackUninstall$\ctfmon.exe

    2008-04-14 06:42 24064 7799f2ecb1713979335e8abc1ec42bcf c:\windows\ServicePackFiles\i386\ctfmon.exe

    2004-08-04 18:56 24064 e0e0a63fa6e13fcee9d77d729a14e7b1 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ctfmon.exe

    2008-04-14 06:42 15360 b61439f0bc14b836101d6387197715e8 c:\windows\system32\CTFMON.EXE

     

    2005-06-11 11:17 57856 8cfa993f4fdf5568aff15d99765c21d6 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe

    2005-06-11 10:53 57856 07763dfe5ea3c14946d4052c56ba377d c:\windows\$NtServicePackUninstall$\spoolsv.exe

    2004-08-04 01:56 57856 cb39079b8adca54c691db044351b94bf c:\windows\$NtUninstallKB896423$\spoolsv.exe

    2008-04-14 06:42 66560 5a45de4b505cbbc52e4b09706357c050 c:\windows\ServicePackFiles\i386\spoolsv.exe

    2004-08-04 18:56 66560 234df4f1361db1af65a3fe7ef06925fe c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\spoolsv.exe

    2005-06-11 11:17 57856 8cfa993f4fdf5568aff15d99765c21d6 c:\windows\system32\spoolsv.exe

     

    2004-08-04 01:56 24576 27f29f65bf97a1dd81d50229b5023745 c:\windows\$NtServicePackUninstall$\userinit.exe

    2008-04-14 06:42 34816 f7746144dda31959e03610f052c33d92 c:\windows\ServicePackFiles\i386\userinit.exe

    2004-08-04 18:56 33280 215be2b305baa8e049760ba95cb8b6ba c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\userinit.exe

    2008-04-14 06:42 26112 31c92b93500c4ee80248b3d67acf4480 c:\windows\system32\userinit.exe

    .

    ((((((((((((((((((((((((((((( snapshot@2008-11-15_10.40.06.95 )))))))))))))))))))))))))))))))))))))))))

    .

    + 2008-11-21 07:03:36 4,475 ----a-w c:\windows\ERDNT\CFUNDO.dat

    + 2008-08-07 04:27:04 175,616 ----a-w c:\windows\ERUNT\SDFIX\ERDNT.EXE

    + 2008-11-15 00:42:34 4,595,712 ----a-w c:\windows\ERUNT\SDFIX\Users\00000001\ntuser.dat

    + 2008-11-15 00:42:34 294,912 ----a-w c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat

    + 2008-08-07 04:27:04 175,616 ----a-w c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE

    + 2008-11-15 00:42:21 4,595,712 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat

    + 2008-11-15 00:42:21 294,912 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat

    + 2008-04-13 19:41:50 61,440 -c--a-w c:\windows\ie7\admparse.dll

    + 2008-04-13 19:41:50 99,840 -c--a-w c:\windows\ie7\advpack.dll

    + 2008-04-13 19:41:52 33,792 -c--a-w c:\windows\ie7\custsat.dll

    + 2008-04-13 19:41:54 357,888 -c--a-w c:\windows\ie7\dxtmsft.dll

    + 2008-04-13 19:41:54 205,312 -c--a-w c:\windows\ie7\dxtrans.dll

    + 2008-04-13 19:41:54 55,808 -c--a-w c:\windows\ie7\extmgr.dll

    + 2008-04-13 19:41:56 38,912 -c--a-w c:\windows\ie7\hmmapi.dll

    + 2008-04-13 19:42:24 34,304 -c--a-w c:\windows\ie7\ie4uinit.exe

    + 2008-04-13 19:41:56 143,360 -c--a-w c:\windows\ie7\ieakeng.dll

    + 2008-04-13 19:41:56 216,576 -c--a-w c:\windows\ie7\ieaksie.dll

    + 2003-03-31 12:00:00 221,184 -c--a-w c:\windows\ie7\ieakui.dll

    + 2008-04-13 19:41:56 323,584 -c--a-w c:\windows\ie7\iedkcs32.dll

    + 2008-04-13 19:42:24 18,432 -c--a-w c:\windows\ie7\iedw.exe

    + 2008-04-13 19:41:56 251,904 -c--a-w c:\windows\ie7\iepeers.dll

    + 2008-04-13 19:41:56 48,640 -c--a-w c:\windows\ie7\iernonce.dll

    + 2008-04-13 19:41:56 62,976 -c--a-w c:\windows\ie7\iesetup.dll

    + 2008-04-13 19:42:24 93,184 -c--a-w c:\windows\ie7\iexplore.exe

    + 2008-04-13 19:41:56 35,840 -c--a-w c:\windows\ie7\imgutil.dll

    + 2008-04-13 19:41:56 96,256 -c--a-w c:\windows\ie7\inseng.dll

    + 2008-04-13 19:41:58 15,872 -c--a-w c:\windows\ie7\jsproxy.dll

    + 2008-04-13 19:41:58 22,016 -c--a-w c:\windows\ie7\licmgr10.dll

    + 2008-04-13 19:42:28 37,888 -c--a-w c:\windows\ie7\mshta.exe

    + 2008-08-20 05:30:53 3,067,904 -c--a-w c:\windows\ie7\mshtml.dll

    + 2008-04-13 19:42:00 449,024 -c--a-w c:\windows\ie7\mshtmled.dll

    + 2008-04-13 11:56:28 56,832 -c--a-w c:\windows\ie7\mshtmler.dll

    + 2003-03-31 12:00:00 146,432 -c--a-w c:\windows\ie7\msls31.dll

    + 2008-04-13 19:42:02 146,432 -c--a-w c:\windows\ie7\msrating.dll

    + 2008-04-13 19:42:02 532,480 -c--a-w c:\windows\ie7\mstime.dll

    + 2008-04-13 19:42:04 96,256 -c--a-w c:\windows\ie7\occache.dll

    + 2008-04-13 19:42:04 39,424 -c--a-w c:\windows\ie7\pngfilt.dll

    + 2007-08-13 07:54:42 32,960 -c--a-w c:\windows\ie7\spuninst\iecustom.dll

    + 2007-08-13 07:52:06 66,048 -c--a-w c:\windows\ie7\spuninst\ieResetIcons.exe

    + 2006-09-06 06:43:16 213,216 -c--a-w c:\windows\ie7\spuninst\spuninst.exe

    + 2006-09-06 06:43:18 371,424 -c--a-w c:\windows\ie7\spuninst\updspapi.dll

    + 2008-04-13 19:42:10 37,888 -c--a-w c:\windows\ie7\url.dll

    + 2008-08-20 05:30:52 619,520 -c--a-w c:\windows\ie7\urlmon.dll

    + 2008-04-13 19:42:10 851,968 -c--a-w c:\windows\ie7\vgx.dll

    + 2008-04-13 19:42:10 276,480 -c--a-w c:\windows\ie7\webcheck.dll

    + 2008-08-20 05:30:51 666,112 -c--a-w c:\windows\ie7\wininet.dll

    - 2008-04-13 19:41:50 61,440 ----a-w c:\windows\system32\admparse.dll

    + 2007-08-13 07:39:20 71,680 ----a-w c:\windows\system32\admparse.dll

    - 2008-04-13 19:41:50 99,840 ----a-w c:\windows\system32\advpack.dll

    + 2007-08-13 07:39:00 123,904 ----a-w c:\windows\system32\advpack.dll

    + 2008-11-20 13:24:00 32,768 --sha-w c:\windows\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\UserData\index.dat

    - 2008-11-14 23:33:52 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat

    + 2008-11-21 00:21:58 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat

    - 2008-11-14 23:33:52 65,536 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

    + 2008-11-21 00:21:58 327,680 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

    + 2008-11-21 00:25:28 49,152 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008112120081122\index.dat

    - 2008-11-14 23:33:55 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

    + 2008-11-21 00:21:58 327,680 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

    + 2007-08-13 07:39:20 71,680 -c----w c:\windows\system32\dllcache\admparse.dll

    + 2007-08-13 07:39:00 123,904 -c----w c:\windows\system32\dllcache\advpack.dll

    + 2006-09-23 02:12:50 1,022,976 -c----w c:\windows\system32\dllcache\browseui.dll

    + 2007-08-13 07:42:54 17,408 -c----w c:\windows\system32\dllcache\corpol.dll

    - 2008-04-13 19:41:52 33,792 -c--a-w c:\windows\system32\dllcache\custsat.dll

    + 2007-08-13 07:54:10 33,792 -c--a-w c:\windows\system32\dllcache\custsat.dll

    + 2007-08-13 07:35:46 346,624 -c----w c:\windows\system32\dllcache\dxtmsft.dll

    + 2007-08-13 07:35:38 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll

    + 2007-08-13 07:54:10 131,584 -c----w c:\windows\system32\dllcache\extmgr.dll

    + 2007-08-13 07:18:02 60,416 -c----w c:\windows\system32\dllcache\hmmapi.dll

    + 2007-08-13 07:39:06 54,784 -c----w c:\windows\system32\dllcache\ie4uinit.exe

    + 2007-08-13 07:39:26 152,064 -c----w c:\windows\system32\dllcache\ieakeng.dll

    + 2007-08-13 07:39:54 229,376 -c----w c:\windows\system32\dllcache\ieaksie.dll

    - 2003-03-31 12:00:00 221,184 -c--a-w c:\windows\system32\dllcache\ieakui.dll

    + 2007-08-13 06:56:54 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll

    + 2007-08-13 07:39:50 382,976 -c----w c:\windows\system32\dllcache\iedkcs32.dll

    + 2007-08-13 07:44:02 69,120 -c----w c:\windows\system32\dllcache\iedw.exe

    + 2007-08-13 07:45:18 78,336 -c----w c:\windows\system32\dllcache\ieencode.dll

    + 2007-08-13 07:54:10 191,488 -c----w c:\windows\system32\dllcache\iepeers.dll

    + 2007-08-13 07:39:10 43,008 -c----w c:\windows\system32\dllcache\iernonce.dll

    + 2007-08-13 07:39:12 55,296 -c----w c:\windows\system32\dllcache\iesetup.dll

    + 2007-08-13 07:43:56 622,080 -c----w c:\windows\system32\dllcache\iexplore.exe

    + 2007-08-13 07:36:06 36,352 -c----w c:\windows\system32\dllcache\imgutil.dll

    + 2007-08-13 07:39:02 92,672 -c----w c:\windows\system32\dllcache\inseng.dll

    + 2007-08-13 07:38:04 491,520 -c----w c:\windows\system32\dllcache\jscript.dll

    + 2007-08-13 07:54:10 27,136 -c----w c:\windows\system32\dllcache\jsproxy.dll

    + 2007-08-13 07:44:18 40,960 -c----w c:\windows\system32\dllcache\licmgr10.dll

    + 2007-08-13 07:32:30 45,568 -c----w c:\windows\system32\dllcache\mshta.exe

    - 2008-08-20 05:30:53 3,067,904 -c--a-w c:\windows\system32\dllcache\mshtml.dll

    + 2007-08-13 07:54:12 3,578,368 -c--a-w c:\windows\system32\dllcache\mshtml.dll

    + 2007-08-13 07:54:10 475,648 -c----w c:\windows\system32\dllcache\mshtmled.dll

    + 2007-08-13 07:01:12 48,128 -c----w c:\windows\system32\dllcache\mshtmler.dll

    - 2003-03-31 12:00:00 146,432 -c--a-w c:\windows\system32\dllcache\msls31.dll

    + 2007-08-13 07:54:10 156,160 -c--a-w c:\windows\system32\dllcache\msls31.dll

    + 2007-08-13 07:44:26 192,000 -c----w c:\windows\system32\dllcache\msrating.dll

    + 2007-08-13 07:54:10 670,720 -c----w c:\windows\system32\dllcache\mstime.dll

    + 2007-08-13 07:44:06 101,376 -c----w c:\windows\system32\dllcache\occache.dll

    + 2007-08-13 07:36:12 44,544 -c----w c:\windows\system32\dllcache\pngfilt.dll

    + 2006-09-23 02:12:50 474,112 -c----w c:\windows\system32\dllcache\shlwapi.dll

    + 2007-08-13 07:44:30 105,984 -c----w c:\windows\system32\dllcache\url.dll

    - 2008-08-20 05:30:52 619,520 -c--a-w c:\windows\system32\dllcache\urlmon.dll

    + 2007-08-13 07:54:10 1,162,240 -c--a-w c:\windows\system32\dllcache\urlmon.dll

    + 2007-08-13 07:54:10 413,696 -c----w c:\windows\system32\dllcache\vbscript.dll

    + 2007-08-13 07:54:10 765,952 -c----w c:\windows\system32\dllcache\VGX.dll

    + 2007-08-13 07:54:10 231,424 -c----w c:\windows\system32\dllcache\webcheck.dll

    - 2008-08-20 05:30:51 666,112 -c--a-w c:\windows\system32\dllcache\wininet.dll

    + 2007-08-13 07:54:10 818,688 -c--a-w c:\windows\system32\dllcache\wininet.dll

    - 2008-04-13 19:41:54 357,888 ----a-w c:\windows\system32\dxtmsft.dll

    + 2007-08-13 07:35:46 346,624 ----a-w c:\windows\system32\dxtmsft.dll

    - 2008-04-13 19:41:54 205,312 ----a-w c:\windows\system32\dxtrans.dll

    + 2007-08-13 07:35:38 214,528 ----a-w c:\windows\system32\dxtrans.dll

    - 2008-04-13 19:41:54 55,808 ----a-w c:\windows\system32\extmgr.dll

    + 2007-08-13 07:54:10 131,584 ----a-w c:\windows\system32\extmgr.dll

    - 2008-11-14 23:20:25 264,616 ----a-w c:\windows\system32\FNTCACHE.DAT

    + 2008-11-17 05:49:16 264,616 ----a-w c:\windows\system32\FNTCACHE.DAT

    + 2007-08-13 07:36:26 61,952 ----a-w c:\windows\system32\icardie.dll

    - 2008-04-13 19:42:24 34,304 ----a-w c:\windows\system32\ie4uinit.exe

    + 2007-08-13 07:39:06 63,488 ----a-w c:\windows\system32\ie4uinit.exe

    - 2008-04-13 19:41:56 143,360 ----a-w c:\windows\system32\ieakeng.dll

    + 2007-08-13 07:39:26 152,064 ----a-w c:\windows\system32\ieakeng.dll

    - 2008-04-13 19:41:56 216,576 ----a-w c:\windows\system32\ieaksie.dll

    + 2007-08-13 07:39:54 229,376 ----a-w c:\windows\system32\ieaksie.dll

    - 2003-03-31 12:00:00 221,184 ----a-w c:\windows\system32\ieakui.dll

    + 2007-08-13 06:56:54 161,792 ----a-w c:\windows\system32\ieakui.dll

    + 2007-02-12 05:10:12 2,451,312 ----a-w c:\windows\system32\ieapfltr.dat

    + 2007-07-11 01:27:48 383,488 ----a-w c:\windows\system32\ieapfltr.dll

    - 2008-04-13 19:41:56 323,584 ----a-w c:\windows\system32\iedkcs32.dll

    + 2007-08-13 07:39:50 382,976 ----a-w c:\windows\system32\iedkcs32.dll

    + 2007-08-13 07:54:10 6,049,280 ----a-w c:\windows\system32\ieframe.dll

    - 2008-04-13 19:41:56 251,904 ----a-w c:\windows\system32\iepeers.dll

    + 2007-08-13 07:54:10 191,488 ----a-w c:\windows\system32\iepeers.dll

    - 2008-04-13 19:41:56 48,640 ----a-w c:\windows\system32\iernonce.dll

    + 2007-08-13 07:39:10 43,008 ----a-w c:\windows\system32\iernonce.dll

    + 2007-08-13 07:34:04 266,752 ----a-w c:\windows\system32\iertutil.dll

    - 2008-04-13 19:41:56 62,976 ----a-w c:\windows\system32\iesetup.dll

    + 2007-08-13 07:39:12 55,296 ----a-w c:\windows\system32\iesetup.dll

    - 2008-08-25 08:38:00 13,824 ----a-w c:\windows\system32\ieudinit.exe

    + 2007-08-13 07:39:10 22,016 ----a-w c:\windows\system32\ieudinit.exe

    + 2007-08-13 07:54:10 180,736 ----a-w c:\windows\system32\ieui.dll

    - 2008-04-13 19:41:56 35,840 ----a-w c:\windows\system32\imgutil.dll

    + 2007-08-13 07:36:06 36,352 ----a-w c:\windows\system32\imgutil.dll

    - 2008-04-13 19:41:56 96,256 ----a-w c:\windows\system32\inseng.dll

    + 2007-08-13 07:39:02 92,672 ----a-w c:\windows\system32\inseng.dll

    - 2008-04-13 19:41:58 15,872 ----a-w c:\windows\system32\jsproxy.dll

    + 2007-08-13 07:54:10 27,136 ----a-w c:\windows\system32\jsproxy.dll

    - 2008-04-13 19:41:58 22,016 ----a-w c:\windows\system32\licmgr10.dll

    + 2007-08-13 07:44:18 40,960 ----a-w c:\windows\system32\licmgr10.dll

    + 2007-08-13 07:54:10 458,752 ----a-w c:\windows\system32\msfeeds.dll

    + 2007-08-13 07:54:10 50,688 ----a-w c:\windows\system32\msfeedsbs.dll

    + 2007-08-13 07:36:40 20,992 ----a-w c:\windows\system32\msfeedssync.exe

    - 2008-04-13 19:42:28 37,888 ----a-w c:\windows\system32\mshta.exe

    + 2007-08-13 07:32:30 54,272 ----a-w c:\windows\system32\mshta.exe

    - 2008-08-20 05:30:53 3,067,904 ----a-w c:\windows\system32\mshtml.dll

    + 2007-08-13 07:54:12 3,578,368 ----a-w c:\windows\system32\mshtml.dll

    - 2008-04-13 19:42:00 449,024 ----a-w c:\windows\system32\mshtmled.dll

    + 2007-08-13 07:54:10 475,648 ----a-w c:\windows\system32\mshtmled.dll

    - 2008-04-13 11:56:28 56,832 ----a-w c:\windows\system32\mshtmler.dll

    + 2007-08-13 07:01:12 48,128 ----a-w c:\windows\system32\mshtmler.dll

    - 2003-03-31 12:00:00 146,432 ----a-w c:\windows\system32\msls31.dll

    + 2007-08-13 07:54:10 156,160 ----a-w c:\windows\system32\msls31.dll

    - 2008-04-13 19:42:02 146,432 ----a-w c:\windows\system32\msrating.dll

    + 2007-08-13 07:44:26 192,000 ----a-w c:\windows\system32\msrating.dll

    - 2008-04-13 19:42:02 532,480 ----a-w c:\windows\system32\mstime.dll

    + 2007-08-13 07:54:10 670,720 ----a-w c:\windows\system32\mstime.dll

    - 2008-04-13 19:42:04 96,256 ----a-w c:\windows\system32\occache.dll

    + 2007-08-13 07:44:06 101,376 ----a-w c:\windows\system32\occache.dll

    - 2008-04-13 19:42:04 39,424 ----a-w c:\windows\system32\pngfilt.dll

    + 2007-08-13 07:36:12 44,544 ----a-w c:\windows\system32\pngfilt.dll

    - 2008-11-10 07:43:20 270,584 ----a-w c:\windows\system32\Restore\rstrlog.dat

    + 2008-11-20 12:18:36 363,188 ----a-w c:\windows\system32\Restore\rstrlog.dat

    - 2008-04-13 19:42:10 37,888 ----a-w c:\windows\system32\url.dll

    + 2007-08-13 07:44:30 105,984 ----a-w c:\windows\system32\url.dll

    - 2008-08-20 05:30:52 619,520 ----a-w c:\windows\system32\urlmon.dll

    + 2007-08-13 07:54:10 1,162,240 ----a-w c:\windows\system32\urlmon.dll

    - 2008-04-13 19:42:10 276,480 ----a-w c:\windows\system32\webcheck.dll

    + 2007-08-13 07:54:10 231,424 ----a-w c:\windows\system32\webcheck.dll

    + 2007-08-13 07:45:16 215,040 ----a-w c:\windows\system32\WinFXDocObj.exe

    - 2008-08-20 05:30:51 666,112 ----a-w c:\windows\system32\wininet.dll

    + 2007-08-13 07:54:10 818,688 ----a-w c:\windows\system32\wininet.dll

    + 2008-11-21 07:10:26 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_674.dat

    .

    -- Snapshot reset to current date --

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

     

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17872498-72C4-43D3-88ED-AAB13B850F4D}]

    2008-11-21 18:16 247296 --a------ c:\windows\system32\ddcCuspQ.dll

     

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E007A5F-299F-44FC-8B6B-F06B61867A2E}]

    2008-11-21 00:09 38400 --a------ c:\windows\system32\geBrOefg.dll

     

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BF95FDC3-8AA3-4480-833F-A5CB31A26602}]

    2008-11-20 15:42 245760 --a------ c:\windows\system32\pmnnLEXo.dll

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

    "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

     

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

    "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

     

    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

     

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "reader"="c:\windows\System32\reader.exe" [2008-11-21 31744]

    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-06 136600]

    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-28 185872]

    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

    "NvSvc"="c:\windows\system32\nvsvc32.exe" [2008-11-19 64512]

    "System Config Boot"="syscgboot.exe" [2008-11-03 c:\windows\system32\syscgboot.exe]

     

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

     

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    "{4E007A5F-299F-44FC-8B6B-F06B61867A2E}"= "c:\windows\system32\geBrOefg.dll" [2008-11-21 38400]

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon]

    2008-07-23 16:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcDUkIy]

    2008-11-20 15:36 38400 c:\windows\system32\efcDUkIy.dll

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBrOefg]

    2008-11-21 00:09 38400 c:\windows\system32\geBrOefg.dll

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

    "vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

    "vidc.3IV2"= 3ivxVfWCodec.dll

    "vidc.SEDG"= SamsungVfWCodec.dll

    "vidc.DX50"= DivXVfWCodec.dll

     

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

    Authentication Packages REG_MULTI_SZ msv1_0 c:\windows\system32\ddcCuspQ

     

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WG111v2 Smart Wizard Wireless Setting.lnk]

    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WG111v2 Smart Wizard Wireless Setting.lnk

    backup=c:\windows\pss\WG111v2 Smart Wizard Wireless Setting.lnkCommon Startup

     

    [HKLM\~\startupfolder\c:^documents and settings^all users^start menu^programs^startup^windows search.lnk]

    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

    backup=c:\windows\pss\Windows Search.lnkCommon Startup

     

    [HKLM\~\startupfolder\c:^documents and settings^mahamed^start menu^programs^startup^limewire on startup.lnk]

    path=c:\documents and settings\Mahamed\Start Menu\Programs\Startup\LimeWire On Startup.lnk

    backup=c:\windows\pss\LimeWire On Startup.lnkStartup

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

    --a------ 2008-11-07 19:16 342336 c:\program files\DNA\btdna.exe

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

    --a------ 2008-04-14 06:42 1695232 c:\program files\Messenger\msmsgs.exe

     

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

    --a------ 2008-10-28 03:43 185872 c:\program files\Common Files\Real\Update_OB\realsched.exe

     

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

    "EnableFirewall"= 0 (0x0)

     

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    "c:\\Program Files\\Messenger\\msmsgs.exe"=

    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    "c:\\Program Files\\DNA\\btdna.exe"=

    "c:\\Program Files\\LimeWire\\LimeWire.exe"=

    "c:\\Program Files\\Malwarebytes' Anti-Malware\\MBAM.EXE"=

    "c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=

    "c:\\WINDOWS\\system32\\nvsvc32.exe"=

     

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

    "6112:TCP"= 6112:TCP:WarcraftIII

    "6112:UDP"= 6112:UDP:WarcraftIII

     

    R3 genmcmnusb;USB Scroll Mouse Driver;c:\windows\system32\DRIVERS\gflmouhid.sys [2004-04-19 6656]

    S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-09-25 33752]

    .

    - - - - ORPHANS REMOVED - - - -

     

    BHO-{97945ADD-8D6C-4842-B17D-E843D3F6F650} - c:\windows\system32\jkkLBstS.dll

    HKCU-Run-rs32net - c:\windows\System32\rs32net.exe

    HKU-Default-Run-rs32net - c:\windows\System32\rs32net.exe

     

     

    .

    ------- Supplementary Scan -------

    .

    FireFox -: Profile - c:\documents and settings\Mahamed\Application Data\Mozilla\Firefox\Profiles\hv8n2fz6.default\

    FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll

    FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll

    FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll

    FF -: plugin - c:\program files\Mozilla Firefox\plugins\np_gp.dll

    FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll

    .

     

    **************************************************************************

     

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-11-21 18:10:36

    Windows 5.1.2600 Service Pack 3 NTFS

     

    scanning hidden processes ...

     

    c:\windows\system32\syscgboot.exe [1372] 0x832A2DA0

     

    scanning hidden autostart entries ...

     

    scanning hidden files ...

     

     

    c:\windows\system32\svchost(2)(2).exe:ext.exe 25088 bytes executable

    c:\windows\system32\ddcCuspQ.dll 247296 bytes executable

     

    scan completed successfully

    hidden files: 2

     

    **************************************************************************

    .

    --------------------- DLLs Loaded Under Running Processes ---------------------

     

    PROCESS: c:\windows\system32\winlogon.exe

    -> c:\windows\system32\geBrOefg.dll

    -> c:\windows\system32\mlJYsrPh.dll

     

    PROCESS: c:\windows\explorer.exe

    -> c:\windows\system32\ynubdaxm.dll

    -> c:\windows\system32\ddcCuspQ.dll

    .

    ------------------------ Other Running Processes ------------------------

    .

    c:\program files\Lavasoft\Ad-Aware\aawservice.exe

    c:\program files\Java\jre6\bin\jqs.exe

    c:\windows\system32\wscntfy.exe

    c:\windows\system32\RUNDLL32.EXE

    c:\windows\system32\RUNDLL32.EXE

    .

    **************************************************************************

    .

    Completion time: 2008-11-21 18:19:37 - machine was rebooted

    ComboFix-quarantined-files.txt 2008-11-21 07:19:18

    ComboFix2.txt 2008-11-16 00:40:56

    ComboFix3.txt 2008-11-15 04:34:58

    ComboFix4.txt 2008-11-15 01:30:39

    ComboFix5.txt 2008-11-21 06:49:25

     

    Pre-Run: 59,606,605,824 bytes free

    Post-Run: 59,689,213,952 bytes free

     

    604 --- E O F --- 2008-11-15 13:26:13

    0

Please sign in to leave a comment.