Jump to content
Sign in to follow this  
dbfever

No ICONS, TASKBAR only desktop background

Recommended Posts

I need serious help. When I reboot my computer, my icons and taskbar don't appear at all. The only way to access my computer is through Task Manager when I boot into Safe Mode.

 

I know I have viruses and trojans infecting my computer so I need help in removing them.

 

Here's my HJT log:

 

Logfile of HijackThis v1.99.1

Scan saved at 3:52:44 PM, on 21/10/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\BACKUP\HJT\hijackthis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://home.sweetim.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,

O2 - BHO: IEVkbdBHO - {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll

O2 - BHO: link filter bho - {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (file missing)

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles

O4 - HKLM\..\Run: [Nokia FastStart] "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart

O4 - HKLM\..\Run: [Windows Update Service] msnmsgrs32.exe

O4 - HKLM\..\Run: [Windows Client] client.exe

O4 - HKLM\..\Run: [Windows Rundll Center] msmsgrs.exe

O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\OAui.exe"

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"

O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.8.0\QOELoader.exe"

O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\RunOnce: [ccube_Install_Lock] "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cazz_001.exe" /null

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: &Virtual keyboard - {4248fe82-7fcb-46ac-b270-339f08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: URLs c&heck - {ccf151d8-d089-449f-a5a4-d9909053f20f} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Exterminate...opAntiVirus.dll

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - AppInit_DLLs: semasema.dll c:\windows\system32\vimuvayo.dll,pewekasi.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: avp - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" -r (file missing)

O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - %fystemRoot%\system32\svchost.exe (file missing)

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe

O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Online Armor Helper Service (oacat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Online Armor (svconlinearmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

O23 - Service: TwonkyMedia - PacketVideo - C:\Program Files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe

O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

O23 - Service: Automatic Updates (wuauserv) - Unknown owner - %fystemroot%\system32\svchost.exe (file missing)

 

Thank you in advance

Share this post


Link to post
Share on other sites

Hi,

 

Please do the following:

 

Please download DDS from either of these links

 

LINK 1

LINK 2

 

and save it to your desktop.

  • Disable any script blocking protection
  • Double click dds.pif to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------

Please include the contents of the following in your next reply:

 

DDS.txt

Attach.txt.

 

NEXT

 

 

Posted Image

Download GMER Rootkit Scanner from here or here.

  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

     

    Posted Image

    Click the image to enlarge it

  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.

  • Save it where you can easily find it, such as your desktop, and post it in your next reply.
**Caution**

Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Share this post


Link to post
Share on other sites

Thank you so much for your prompt response. Here are the logs:

 

 

DDS (Ver_09-10-24.03) - NTFSx86 NETWORK

Run by Administrator at 11:04:28.46 on Sun 25/10/2009

Internet Explorer: 6.0.2900.5512

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.google.com

mDefault_Search_URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101849&gct=&gc=1&q=

mStart Page = hxxp://www.google.com

uInternet Connection Wizard,ShellNext = hxxp://home.sweetim.com/

BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\ievkbd.dll

BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: SweetIM Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} -

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c

uRunOnce: [uniblueRegistryBooster] "launcher.exe" delay 20000

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1

mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"

mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles

mRun: [Nokia FastStart] "c:\program files\nokia\nokia music\NokiaMusic.exe" /command:faststart

mRun: [Windows Update Service] msnmsgrs32.exe

mRun: [Windows Client] client.exe

mRun: [Windows Rundll Center] msmsgrs.exe

mRun: [@OnlineArmor GUI] "c:\program files\tall emu\online armor\OAui.exe"

mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2010\avp.exe"

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"

mRun: [QOELOADER] "c:\program files\ca\ca internet security suite\ca anti-spam\qsp-5.1.8.0\QOELoader.exe"

mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"

mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe

mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35.exe" /scan:boot

mRun: [sDFix] c:\sdfix\RunThis.bat /second

mRunOnce: [ccube_Install_Lock] "c:\docume~1\admini~1\locals~1\temp\cazz_001.exe" /null

mRunOnce: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {4248fe82-7fcb-46ac-b270-339f08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

IE: {ccf151d8-d089-449f-a5a4-d9909053f20f} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll

LSP: c:\windows\system32\VetRedir.dll

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB

DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll

Notify: igfxcui - igfxdev.dll

Notify: klogon - c:\windows\system32\klogon.dll

AppInit_DLLs: semasema.dll c:\windows\system32\vimuvayo.dll,pewekasi.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\tallem~1\online~1\oaevent.dll

LSA: Notification Packages = scecli dejufedu.dll titeyota.dll sfifian.dll

 

================= FIREFOX ===================

 

FF - ProfilePath -

 

============= SERVICES / DRIVERS ===============

 

 

=============== Created Last 30 ================

 

2009-10-21 10:05:48 0 d-----w- c:\windows\ERUNT

2009-10-21 10:04:41 0 d-----w- C:\SDFix

2009-10-21 09:57:04 12800 ----a-w- c:\windows\system32\bootdelete.exe

2009-10-21 09:33:46 11904 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2009-10-21 09:33:10 0 d-----w- c:\program files\Hitman Pro 3.5

2009-10-21 09:33:10 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro

2009-10-21 09:20:04 0 d-----w- c:\docume~1\admini~1\applic~1\Uniblue

2009-10-21 09:20:00 0 d-----w- c:\program files\Uniblue

2009-10-21 08:21:36 0 d-----w- C:\VundoFix Backups

2009-10-21 05:38:12 0 d-----w- c:\documents and settings\administrator\Tracing

2009-10-21 04:47:41 2927104 ----a-w- c:\windows\explorer.exe

2009-10-21 02:16:41 0 d-----w- c:\docume~1\admini~1\applic~1\SUPERAntiSpyware.com

2009-10-21 00:59:09 43 ----a-w- c:\windows\system32\SKYNETyvcvnhnq.dat

2009-10-21 00:19:52 0 d-s---w- c:\documents and settings\administrator\UserData

2009-10-20 12:09:41 0 d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes

2009-10-20 12:08:57 95760 ----a-w- c:\windows\system32\isafeif.dll

2009-10-20 12:08:57 75280 ----a-w- c:\windows\system32\vetredir.dll

2009-10-20 12:08:57 75280 ----a-w- c:\windows\system32\isafprod.dll

2009-10-20 12:08:57 629264 ----a-w- c:\windows\system32\drivers\vetefile.sys

2009-10-20 12:08:57 32528 ----a-w- c:\windows\system32\drivers\vetmonnt.sys

2009-10-20 12:08:57 26640 ----a-w- c:\windows\system32\drivers\vet-filt.sys

2009-10-20 12:08:57 21648 ----a-w- c:\windows\system32\drivers\vetfddnt.sys

2009-10-20 12:08:57 21392 ----a-w- c:\windows\system32\drivers\vet-rec.sys

2009-10-20 12:08:57 108592 ----a-w- c:\windows\system32\drivers\veteboot.sys

2009-10-20 12:07:08 0 d-----w- c:\docume~1\alluse~1\applic~1\CA

2009-10-20 12:07:07 0 d-----w- c:\program files\CA

2009-10-15 01:33:14 0 ----a-w- c:\windows\system32\winhelper.dll

2009-10-15 01:32:39 25088 ----a-w- C:\aons.exe

2009-10-14 04:48:01 94643 ----a-w- c:\windows\system32\drivers\klick.dat

2009-10-14 04:48:01 105395 ----a-w- c:\windows\system32\drivers\klin.dat

2009-10-14 04:47:44 19472 ----a-w- c:\windows\system32\drivers\klmouflt.sys

2009-10-14 04:47:42 33808 ----a-w- c:\windows\system32\drivers\klbg.sys

2009-10-14 04:47:19 0 d-----w- c:\program files\Kaspersky Lab

2009-10-14 04:47:19 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab

2009-10-14 04:46:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files

2009-10-01 00:05:46 1033728 -c--a-w- c:\windows\system32\dllcache\explorer.exe

2009-09-30 12:53:05 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys

2009-09-30 12:53:05 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys

2009-09-30 12:53:04 659968 ----a-w- c:\windows\system32\nmwcdcocls.dll

2009-09-30 12:53:04 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys

2009-09-30 12:53:04 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys

2009-09-30 12:53:04 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll

 

==================== Find3M ====================

 

2009-10-21 00:59:09 923510 ----a-w- c:\windows\system32\SKYNETeoupjtvy.dat

2009-09-17 02:40:59 1072 ----a-w- c:\program files\nywjltd.txt

2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-03-21 11:46:49 10504864 ----a-w- c:\program files\iMeshV8.exe

2009-03-19 08:03:57 3073749 ----a-w- c:\program files\Setup_MagicISO.exe

2009-03-09 06:03:14 15727416 ----a-w- c:\program files\brico-pack-crystal-xp-crystalxp.net-en-117.zip

2009-03-09 05:49:33 547496 ----a-w- c:\program files\ChromeSetup.exe

2007-09-13 05:51:14 9679815 ----a-w- c:\program files\vlc-0.8.6c-win32.exe

 

============= FINISH: 11:04:41.96 ===============

 

 

 

 

 

 

 

 

 

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_09-10-24.03)

 

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 21/02/2009 10:22:55 AM

System Uptime: 25/10/2009 10:59:14 AM (1 hours ago)

 

Motherboard: ASUSTeK Computer INC. | | P5KPL-AM/PS

Processor: Intel Pentium III Xeon processor | Socket 775 | 2500/200mhz

 

==== Disk Partitions =========================

 

A: is Removable

C: is FIXED (NTFS) - 466 GiB total, 286.755 GiB free.

D: is CDROM ()

 

==== Disabled Device Manager Items =============

 

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}

Description: Microsoft PS/2 Mouse

Device ID: ACPI\PNP0F03\4&2C575ACB&0

Manufacturer: Microsoft

Name: Microsoft PS/2 Mouse

PNP Device ID: ACPI\PNP0F03\4&2C575ACB&0

Service: i8042prt

 

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}

Description: Nokia Windows Portable Device Driver

Device ID: ROOT\WPD\0000

Manufacturer: Nokia

Name: Nokia N97

PNP Device ID: ROOT\WPD\0000

Service: WUDFRd

 

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}

Description: Nokia 6110 Navigator

Device ID: ROOT\WPD\0001

Manufacturer: Nokia

Name: Nokia 6110 Navigator

PNP Device ID: ROOT\WPD\0001

Service: WUDFRd

 

==== System Restore Points ===================

 

No restore point in system.

 

==== Installed Programs ======================

 

2007 Microsoft Office Suite Service Pack 1 (SP1)

a-squared Free 4.5

A4 Video Converter

Acrobat.com

Adobe AIR

Adobe Anchor Service CS3

Adobe Asset Services CS3

Adobe Bridge 1.0

Adobe Bridge CS3

Adobe Bridge Start Meeting

Adobe Camera Raw 4.0

Adobe CMaps

Adobe Color - Photoshop Specific

Adobe Color Common Settings

Adobe Color EU Extra Settings

Adobe Color JA Extra Settings

Adobe Color NA Recommended Settings

Adobe Common File Installer

Adobe Default Language CS3

Adobe Device Central CS3

Adobe ExtendScript Toolkit 2

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Fonts All

Adobe Help Center 1.0

Adobe Help Viewer CS3

Adobe Illustrator CS3

Adobe InDesign CS3

Adobe InDesign CS3 Icon Handler

Adobe Linguistics CS3

Adobe PDF Library Files

Adobe Photoshop CS2

Adobe Photoshop CS3

Adobe Reader 9.1.2

Adobe Setup

Adobe SING CS3

Adobe Stock Photos 1.0

Adobe Stock Photos CS3

Adobe Type Support

Adobe Update Manager CS3

Adobe Version Cue CS3 Client

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS3

Any Video Converter 2.7.6

ArcSoft PhotoImpression 5

Ashampoo Burning Studio 6

Ask Toolbar

Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver

avast! Antivirus

CA Anti-Spam

CA Anti-Virus

CA Internet Security Suite

Choice Guard

Clubbox ÆÄÀÏÀü¼Û°ü¸®ÀÚ

Convert FLV to MP3 1.0

DVD Suite

EPSON Attach To Email

EPSON Copy Utility 3

EPSON Easy Photo Print

EPSON File Manager

EPSON Image Clip Palette

EPSON Printer Software

EPSON Scan

EPSON Scan Assistant

EPSON Web-To-Page

ESPRX530 User's Guide

ffdshow [rev 3026] [2009-07-05]

Free DVD Creator version 2.0

Free Studio version 4.2

Free Video to Mp3 Converter version 3.1

Free YouTube FLV Converter v1.0

Google Chrome

HijackThis 1.99.1

Hitman Pro 3.5

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB954708)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Intel® Graphics Media Accelerator Driver

Japanese Language Support

Java 6 Update 14

Junk Mail filter update

K-Lite Codec Pack 4.3.1 (Full)

Kaspersky Anti-Virus 2010

LAME v3.98.2 for Audacity

Logitech Audio Echo Cancellation Component

Logitech QuickCam

Logitech Video Enumerator

Logitech® Camera Driver

Magic DVD Ripper V5.4.2

Magic ISO Maker v5.5 (build 0274)

Malwarebytes' Anti-Malware

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Live Add-in 1.3

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Search Enhancement Pack

Microsoft Software Update for Web Folders (English) 12

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft User-Mode Driver Framework Feature Pack 1.5

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Mozilla Firefox (3.0.11)

MSN

MSVC80_x86

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 6.0 Parser (KB933579)

MVision

Nero 7 Essentials

neroxml

Nokia Connectivity Cable Driver

Nokia Home Media Server

Nokia Map Loader

Nokia Music

Nokia Ovi Application Installer

Nokia Ovi Application Installer 6.85.3011

Nokia Ovi Content Copier

Nokia Ovi Content Copier 6.85.3011

Nokia Ovi One Touch Access

Nokia Ovi One Touch Access 6.85.3011

Nokia Ovi Suite

Nokia Ovi System Utilities

Nokia Ovi System Utilities 6.85.3013

Nokia PC Suite

Nokia Photos

Nokia Software Updater

Online Armor 3.5

Pack Crystal XP 3.0

PC Connectivity Solution

PC Pitstop Exterminate2 2.0

PDF Settings

PIF DESIGNER

Platform

PowerDVD

PowerProducer

REALTEK GbE & FE Ethernet PCI-E NIC Driver

Realtek High Definition Audio Driver

RocketDock 1.3.5

Security Update for 2007 Microsoft Office System (KB951550)

Security Update for 2007 Microsoft Office System (KB951944)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB969679)

Security Update for CAPICOM (KB931906)

Security Update for Microsoft Office Excel 2007 (KB969682)

Security Update for Microsoft Office OneNote 2007 (KB950130)

Security Update for Microsoft Office PowerPoint 2007 (KB957789)

Security Update for Microsoft Office Publisher 2007 (KB969693)

Security Update for Microsoft Office system 2007 (KB954326)

Security Update for Microsoft Office system 2007 (KB969613)

Security Update for Microsoft Office Word 2007 (KB969604)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB973540)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958215)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960714)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB963027)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969897)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972260)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Segoe UI

STOIK Video Converter 2

SUPERAntiSpyware Free Edition

SweetIM for Messenger 2.7

SweetIM Toolbar for Internet Explorer 3.4

TwonkyMedia

Uniblue RegistryBooster 2010

Uninstall 1.0.0.1

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office Outlook 2007 (KB969907)

Update for Outlook 2007 Junk Email Filter (kb972691)

Update for Windows XP (KB898461)

Update for Windows XP (KB951978)

Update for Windows XP (KB955839)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB973815)

VIA Platform Device Manager

Video To MPEG Converter 1.00

VideoLAN VLC media player 0.8.6c

WebFldrs XP

Windows Driver Package - Nokia Modem (02/15/2007 3.1)

Windows Driver Package - Nokia Modem (02/23/2009 7.01.0.2)

Windows Driver Package - Nokia Modem (02/24/2009 4.0)

Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Toolbar

Windows Live Upload Tool

Windows Live Writer

Windows Media Format 11 runtime

WinRAR archiver

 

==== Event Viewer Messages From Past Week ========

 

21/10/2009 9:10:34 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified.

21/10/2009 9:10:33 PM, error: SRService [104] - The System Restore initialization process failed.

21/10/2009 6:50:01 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

21/10/2009 6:24:20 PM, error: Service Control Manager [7000] - The aswRdr service failed to start due to the following error: Access is denied.

21/10/2009 3:31:51 PM, error: Service Control Manager [7000] - The Logitech LVPr2Mon Driver service failed to start due to the following error: Access is denied.

21/10/2009 3:31:51 PM, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: Access is denied.

21/10/2009 3:31:51 PM, error: Service Control Manager [7000] - The avast! Mail Scanner service failed to start due to the following error: Access is denied.

21/10/2009 3:31:50 PM, error: Service Control Manager [7022] - The TwonkyMedia service hung on starting.

21/10/2009 2:21:26 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSP Fips intelppm oadevice SASDIFSV SASKUTIL VET-FILT VET-REC VETEFILE VETMONNT

21/10/2009 2:20:32 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

21/10/2009 2:18:25 PM, error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector service which failed to start because of the following error: Access is denied.

21/10/2009 2:18:25 PM, error: Service Control Manager [7001] - The VET Message Service service depends on the CAISafe service which failed to start because of the following error: Access is denied.

21/10/2009 2:18:25 PM, error: Service Control Manager [7000] - The WebDav Client Redirector service failed to start due to the following error: Access is denied.

21/10/2009 2:18:25 PM, error: Service Control Manager [7000] - The vzaywoe service failed to start due to the following error: The system cannot find the file specified.

21/10/2009 2:18:25 PM, error: Service Control Manager [7000] - The lcbxpq service failed to start due to the following error: The system cannot find the file specified.

21/10/2009 2:18:25 PM, error: Service Control Manager [7000] - The CAISafe service failed to start due to the following error: Access is denied.

21/10/2009 2:18:25 PM, error: Service Control Manager [7000] - The avp service failed to start due to the following error: The system cannot find the path specified.

21/10/2009 2:18:25 PM, error: Service Control Manager [7000] - The Automatic Updates service failed to start due to the following error: The system cannot find the file specified.

21/10/2009 11:59:48 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm oadevice SASDIFSV SASKUTIL

21/10/2009 1:35:49 PM, error: Dhcp [1002] - The IP address lease 114.76.230.217 for the Network Card with network address 002215BDA82F has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

21/10/2009 1:14:30 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

20/10/2009 11:09:05 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service CaCCProvSP with arguments "" in order to run the server: {AACF4A1C-BC69-4359-9518-DF3F77E462BF}

20/10/2009 11:09:00 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

20/10/2009 11:05:59 PM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk0\D.

 

==== End Of File ===========================

 

 

 

 

 

 

 

 

 

 

 

 

 

GMER 1.0.15.15163 - http://www.gmer.net

Rootkit scan 2009-10-25 12:01:35

Windows 5.1.2600 Service Pack 3

Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kfdcrkob.sys

 

 

---- Devices - GMER 1.0.15 ----

 

Device \Driver\Tcpip \Device\Ip OAmon.sys (TDI Helper Driver/Tall Emu)

 

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

 

Device \Driver\Tcpip \Device\Tcp OAmon.sys (TDI Helper Driver/Tall Emu)

 

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

 

Device \Driver\Tcpip \Device\Udp OAmon.sys (TDI Helper Driver/Tall Emu)

 

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

 

Device \Driver\Tcpip \Device\RawIp OAmon.sys (TDI Helper Driver/Tall Emu)

 

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

 

Device \Driver\Tcpip \Device\IPMULTICAST OAmon.sys (TDI Helper Driver/Tall Emu)

 

---- Services - GMER 1.0.15 ----

 

Service system32\drivers\SKYNETbirrskly.sys (*** hidden *** ) [sYSTEM] SKYNETbayxyfdx <-- ROOTKIT !!!

 

---- Registry - GMER 1.0.15 ----

 

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETbayxyfdx@start 1

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETbayxyfdx@type 1

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETbayxyfdx@group file system

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETbayxyfdx@imagepath \systemroot\system32\drivers\SKYNETbirrskly.sys

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETbayxyfdx\main (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETbayxyfdx\main@aid 10001

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETbayxyfdx\main@sid 1

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETbayxyfdx\main@cmddelay 14400

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETbayxyfdx\main\delete (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETbayxyfdx\main\injector (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETbayxyfdx\main\injector@* SKYNETwsp8.dll

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETbayxyfdx\main\tasks (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETbayxyfdx\modules (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETbayxyfdx\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETbirrskly.sys

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETbayxyfdx\modules@SKYNETcmd.dll \systemroot\system32\SKYNETsuhtivmr.dll

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETbayxyfdx\modules@SKYNETlog.dat \systemroot\system32\SKYNETeoupjtvy.dat

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETbayxyfdx\modules@SKYNETwsp.dll \systemroot\system32\SKYNETmtvebiyo.dll

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETbayxyfdx\modules@SKYNET.dat \systemroot\system32\SKYNETyvcvnhnq.dat

Reg HKLM\SYSTEM\ControlSet001\Services\SKYNETbayxyfdx\modules@SKYNETwsp8.dll \systemroot\system32\SKYNETaiyqxrme.dll

Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETbayxyfdx@start 1

Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETbayxyfdx@type 1

Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETbayxyfdx@group file system

Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETbayxyfdx@imagepath \systemroot\system32\drivers\SKYNETbirrskly.sys

Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETbayxyfdx\main (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETbayxyfdx\main@aid 10001

Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETbayxyfdx\main@sid 1

Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETbayxyfdx\main@cmddelay 14400

Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETbayxyfdx\main\delete (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETbayxyfdx\main\injector (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETbayxyfdx\main\injector@* SKYNETwsp8.dll

Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETbayxyfdx\main\tasks (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETbayxyfdx\modules (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETbayxyfdx\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETbirrskly.sys

Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETbayxyfdx\modules@SKYNETcmd.dll \systemroot\system32\SKYNETsuhtivmr.dll

Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETbayxyfdx\modules@SKYNETlog.dat \systemroot\system32\SKYNETeoupjtvy.dat

Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETbayxyfdx\modules@SKYNETwsp.dll \systemroot\system32\SKYNETmtvebiyo.dll

Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETbayxyfdx\modules@SKYNET.dat \systemroot\system32\SKYNETyvcvnhnq.dat

Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETbayxyfdx\modules@SKYNETwsp8.dll \systemroot\system32\SKYNETaiyqxrme.dll

Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETbayxyfdx@start 1

Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETbayxyfdx@type 1

Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETbayxyfdx@group file system

Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETbayxyfdx@imagepath \systemroot\system32\drivers\SKYNETbirrskly.sys

Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETbayxyfdx\main (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETbayxyfdx\main@aid 10001

Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETbayxyfdx\main@sid 1

Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETbayxyfdx\main@cmddelay 14400

Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETbayxyfdx\main\delete (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETbayxyfdx\main\injector (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETbayxyfdx\main\injector@* SKYNETwsp8.dll

Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETbayxyfdx\main\tasks (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETbayxyfdx\modules (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETbayxyfdx\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETbirrskly.sys

Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETbayxyfdx\modules@SKYNETcmd.dll \systemroot\system32\SKYNETsuhtivmr.dll

Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETbayxyfdx\modules@SKYNETlog.dat \systemroot\system32\SKYNETeoupjtvy.dat

Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETbayxyfdx\modules@SKYNETwsp.dll \systemroot\system32\SKYNETmtvebiyo.dll

Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETbayxyfdx\modules@SKYNET.dat \systemroot\system32\SKYNETyvcvnhnq.dat

Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETbayxyfdx\modules@SKYNETwsp8.dll \systemroot\system32\SKYNETaiyqxrme.dll

Reg HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 2

Reg HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256

Reg HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7

Reg HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256

Reg HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 35

Reg HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256

Reg HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4

Reg HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256

Reg HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4

Reg HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256

Reg HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4

Reg HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256

Reg HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7

Reg HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256

Reg HKLM\SYSTEM\CurrentControlSet\Services\MRxDAV\EncryptedDirectories@

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETbayxyfdx@start 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETbayxyfdx@type 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETbayxyfdx@group file system

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETbayxyfdx@imagepath \systemroot\system32\drivers\SKYNETbirrskly.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETbayxyfdx\main

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETbayxyfdx\main@aid 10001

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETbayxyfdx\main@sid 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETbayxyfdx\main@cmddelay 14400

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETbayxyfdx\main\delete

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETbayxyfdx\main\injector

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETbayxyfdx\main\injector@* SKYNETwsp8.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETbayxyfdx\main\injector@svchost.exe SKYNETcont.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETbayxyfdx\main\tasks

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETbayxyfdx\modules

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETbayxyfdx\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETbirrskly.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETbayxyfdx\modules@SKYNETcmd.dll \systemroot\system32\SKYNETsuhtivmr.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETbayxyfdx\modules@SKYNETlog.dat \systemroot\system32\SKYNETeoupjtvy.dat

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETbayxyfdx\modules@SKYNETwsp.dll \systemroot\system32\SKYNETmtvebiyo.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETbayxyfdx\modules@SKYNET.dat \systemroot\system32\SKYNETyvcvnhnq.dat

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETbayxyfdx\modules@SKYNETwsp8.dll \systemroot\system32\SKYNETaiyqxrme.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETbayxyfdx\modules@SKYNETconz.dll \systemroot\system32\SKYNETnsswqlth.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETbayxyfdx\modules@SKYNETwsp8p.dll \systemroot\system32\SKYNETparmpfvi.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETbayxyfdx\modules@SKYNETconw.dll \systemroot\system32\SKYNEThrbqjxfu.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETbayxyfdx\modules@SKYNETcont.dll \systemroot\system32\SKYNETecxotews.dll

Reg HKLM\SYSTEM\controlset005\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 2

Reg HKLM\SYSTEM\controlset005\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256

Reg HKLM\SYSTEM\controlset005\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7

Reg HKLM\SYSTEM\controlset005\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256

Reg HKLM\SYSTEM\controlset005\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 35

Reg HKLM\SYSTEM\controlset005\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256

Reg HKLM\SYSTEM\controlset005\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4

Reg HKLM\SYSTEM\controlset005\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256

Reg HKLM\SYSTEM\controlset005\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4

Reg HKLM\SYSTEM\controlset005\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256

Reg HKLM\SYSTEM\controlset005\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4

Reg HKLM\SYSTEM\controlset005\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256

Reg HKLM\SYSTEM\controlset005\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7

Reg HKLM\SYSTEM\controlset005\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256

Reg HKLM\SYSTEM\controlset005\Services\MRxDAV\EncryptedDirectories@

Reg HKLM\SYSTEM\controlset005\Services\SKYNETbayxyfdx@start 1

Reg HKLM\SYSTEM\controlset005\Services\SKYNETbayxyfdx@type 1

Reg HKLM\SYSTEM\controlset005\Services\SKYNETbayxyfdx@group file system

Reg HKLM\SYSTEM\controlset005\Services\SKYNETbayxyfdx@imagepath \systemroot\system32\drivers\SKYNETbirrskly.sys

Reg HKLM\SYSTEM\controlset005\Services\SKYNETbayxyfdx\main

Reg HKLM\SYSTEM\controlset005\Services\SKYNETbayxyfdx\main@aid 10001

Reg HKLM\SYSTEM\controlset005\Services\SKYNETbayxyfdx\main@sid 1

Reg HKLM\SYSTEM\controlset005\Services\SKYNETbayxyfdx\main@cmddelay 14400

Reg HKLM\SYSTEM\controlset005\Services\SKYNETbayxyfdx\main\delete

Reg HKLM\SYSTEM\controlset005\Services\SKYNETbayxyfdx\main\injector

Reg HKLM\SYSTEM\controlset005\Services\SKYNETbayxyfdx\main\injector@* SKYNETwsp8.dll

Reg HKLM\SYSTEM\controlset005\Services\SKYNETbayxyfdx\main\injector@svchost.exe SKYNETcont.dll

Reg HKLM\SYSTEM\controlset005\Services\SKYNETbayxyfdx\main\tasks

Reg HKLM\SYSTEM\controlset005\Services\SKYNETbayxyfdx\modules

Reg HKLM\SYSTEM\controlset005\Services\SKYNETbayxyfdx\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETbirrskly.sys

Reg HKLM\SYSTEM\controlset005\Services\SKYNETbayxyfdx\modules@SKYNETcmd.dll \systemroot\system32\SKYNETsuhtivmr.dll

Reg HKLM\SYSTEM\controlset005\Services\SKYNETbayxyfdx\modules@SKYNETlog.dat \systemroot\system32\SKYNETeoupjtvy.dat

Reg HKLM\SYSTEM\controlset005\Services\SKYNETbayxyfdx\modules@SKYNETwsp.dll \systemroot\system32\SKYNETmtvebiyo.dll

Reg HKLM\SYSTEM\controlset005\Services\SKYNETbayxyfdx\modules@SKYNET.dat \systemroot\system32\SKYNETyvcvnhnq.dat

Reg HKLM\SYSTEM\controlset005\Services\SKYNETbayxyfdx\modules@SKYNETwsp8.dll \systemroot\system32\SKYNETaiyqxrme.dll

Reg HKLM\SYSTEM\controlset005\Services\SKYNETbayxyfdx\modules@SKYNETconz.dll \systemroot\system32\SKYNETnsswqlth.dll

Reg HKLM\SYSTEM\controlset005\Services\SKYNETbayxyfdx\modules@SKYNETwsp8p.dll \systemroot\system32\SKYNETparmpfvi.dll

Reg HKLM\SYSTEM\controlset005\Services\SKYNETbayxyfdx\modules@SKYNETconw.dll \systemroot\system32\SKYNEThrbqjxfu.dll

Reg HKLM\SYSTEM\controlset005\Services\SKYNETbayxyfdx\modules@SKYNETcont.dll \systemroot\system32\SKYNETecxotews.dll

Reg HKLM\SYSTEM\controlset006\Services\MRxDAV\EncryptedDirectories@

Reg HKLM\SYSTEM\controlset006\Services\SKYNETbayxyfdx@start 1

Reg HKLM\SYSTEM\controlset006\Services\SKYNETbayxyfdx@type 1

Reg HKLM\SYSTEM\controlset006\Services\SKYNETbayxyfdx@group file system

Reg HKLM\SYSTEM\controlset006\Services\SKYNETbayxyfdx@imagepath \systemroot\system32\drivers\SKYNETbirrskly.sys

Reg HKLM\SYSTEM\controlset006\Services\SKYNETbayxyfdx\main

Reg HKLM\SYSTEM\controlset006\Services\SKYNETbayxyfdx\main@aid 10001

Reg HKLM\SYSTEM\controlset006\Services\SKYNETbayxyfdx\main@sid 1

Reg HKLM\SYSTEM\controlset006\Services\SKYNETbayxyfdx\main@cmddelay 14400

Reg HKLM\SYSTEM\controlset006\Services\SKYNETbayxyfdx\main\delete

Reg HKLM\SYSTEM\controlset006\Services\SKYNETbayxyfdx\main\injector

Reg HKLM\SYSTEM\controlset006\Services\SKYNETbayxyfdx\main\injector@* SKYNETwsp8.dll

Reg HKLM\SYSTEM\controlset006\Services\SKYNETbayxyfdx\main\injector@svchost.exe SKYNETcont.dll

Reg HKLM\SYSTEM\controlset006\Services\SKYNETbayxyfdx\main\tasks

Reg HKLM\SYSTEM\controlset006\Services\SKYNETbayxyfdx\modules

Reg HKLM\SYSTEM\controlset006\Services\SKYNETbayxyfdx\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETbirrskly.sys

Reg HKLM\SYSTEM\controlset006\Services\SKYNETbayxyfdx\modules@SKYNETcmd.dll \systemroot\system32\SKYNETsuhtivmr.dll

Reg HKLM\SYSTEM\controlset006\Services\SKYNETbayxyfdx\modules@SKYNETlog.dat \systemroot\system32\SKYNETeoupjtvy.dat

Reg HKLM\SYSTEM\controlset006\Services\SKYNETbayxyfdx\modules@SKYNETwsp.dll \systemroot\system32\SKYNETmtvebiyo.dll

Reg HKLM\SYSTEM\controlset006\Services\SKYNETbayxyfdx\modules@SKYNET.dat \systemroot\system32\SKYNETyvcvnhnq.dat

Reg HKLM\SYSTEM\controlset006\Services\SKYNETbayxyfdx\modules@SKYNETwsp8.dll \systemroot\system32\SKYNETaiyqxrme.dll

Reg HKLM\SYSTEM\controlset006\Services\SKYNETbayxyfdx\modules@SKYNETconz.dll \systemroot\system32\SKYNETnsswqlth.dll

Reg HKLM\SYSTEM\controlset006\Services\SKYNETbayxyfdx\modules@SKYNETwsp8p.dll \systemroot\system32\SKYNETparmpfvi.dll

Reg HKLM\SYSTEM\controlset006\Services\SKYNETbayxyfdx\modules@SKYNETconw.dll \systemroot\system32\SKYNEThrbqjxfu.dll

Reg HKLM\SYSTEM\controlset006\Services\SKYNETbayxyfdx\modules@SKYNETcont.dll \systemroot\system32\SKYNETecxotews.dll

Reg HKLM\SYSTEM\controlset007\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 2

Reg HKLM\SYSTEM\controlset007\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256

Reg HKLM\SYSTEM\controlset007\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7

Reg HKLM\SYSTEM\controlset007\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256

Reg HKLM\SYSTEM\controlset007\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 35

Reg HKLM\SYSTEM\controlset007\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256

Reg HKLM\SYSTEM\controlset007\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4

Reg HKLM\SYSTEM\controlset007\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256

Reg HKLM\SYSTEM\controlset007\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4

Reg HKLM\SYSTEM\controlset007\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256

Reg HKLM\SYSTEM\controlset007\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4

Reg HKLM\SYSTEM\controlset007\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256

Reg HKLM\SYSTEM\controlset007\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7

Reg HKLM\SYSTEM\controlset007\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\

Share this post


Link to post
Share on other sites

Hi,

 

Please do the following:

 

Download Combofix from either of the links below. You must rename it to combafix.exe before saving it.

Save it to your desktop. Change the save as file type to "all files"

 

**Note: In the event you already have Combofix, delete it, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  • If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".
Link 1

Link 2

 

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

     

    -----------------------------------------------------------

  • NOTE: If ComboFix asks to install the Recovery Console, please ALLOW it to do so.

     

    -----------------------------------------------------------

  • Double click on the renamed ComboFix.exe & follow the prompts. When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

-----------------------------------------------------------

Share this post


Link to post
Share on other sites

I had a bit of trouble to do this. I wasn't able to disable my avast anti-virus. Hopefully this helps

 

 

ComboFix 09-10-24.01 - Administrator 25/10/2009 14:42:54.2.2 - NTFSx86 NETWORK

Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.2038.1661 [GMT 11:00]

Running from: C:\Documents and Settings\Administrator\My Documents\Downloads\CombaFix.exe

AV: avast! antivirus 4.8.1356 [VPS 091020-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: CA Anti-Virus *On-access scanning disabled* (Outdated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

C:\Program Files\AskSearch\bin\DeFAultsearch.dll

C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1077

C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811

C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1858

C:\RECYCLER\S-1-5-21-0436675446-6106824708-193181879-1384

C:\RECYCLER\S-1-5-21-2091357402-7534291351-025854831-1856

C:\RECYCLER\S-1-5-21-2136668279-0791161837-642342874-7211

C:\RECYCLER\S-1-5-21-3347005939-7994171054-986942115-0946

C:\RECYCLER\S-1-5-21-3531409751-9662294514-659151017-1709

C:\RECYCLER\S-1-5-21-3700320301-2380749505-262297573-8345

C:\RECYCLER\S-1-5-21-3819627929-7373166484-097288089-3599

C:\RECYCLER\S-1-5-21-3834516953-6121873270-365056543-2197

C:\RECYCLER\S-1-5-21-4304124927-8108449801-229539284-9617

C:\RECYCLER\S-1-5-21-4723922867-2310321570-812006838-4466

C:\RECYCLER\S-1-5-21-5031003637-6164218256-267466069-1296

C:\RECYCLER\S-1-5-21-5514062644-3969005856-511445229-5933

C:\RECYCLER\S-1-5-21-6355572160-0515868168-721533118-2834

C:\RECYCLER\S-1-5-21-6523937135-8584304275-297508218-7209

C:\RECYCLER\S-1-5-21-6843023624-5268867187-634335933-1332

C:\RECYCLER\S-1-5-21-8167772497-9242771264-219432031-9571

C:\RECYCLER\S-1-5-21-9091029488-6970651333-741125211-2386

C:\RECYCLER\S-1-5-21-9664632150-9715992005-309689359-7950

C:\RECYCLER\S-1-5-21-9723687509-2064555907-967983583-2467

C:\WINDOWS\system32\SKYNETeoupjtvy.dat

C:\WINDOWS\system32\SKYNETyvcvnhnq.dat

C:\WINDOWS\system32\winhelper.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_SKYNETbayxyfdx

-------\Service_SKYNETbayxyfdx

 

 

((((((((((((((((((((((((( Files Created from 2009-09-25 to 2009-10-25 )))))))))))))))))))))))))))))))

.

 

2009-10-25 02:57:06 . 2009-10-25 03:11:26 0 d-----w- C:\CombaFix

2009-10-21 10:05:48 . 2009-10-21 10:05:50 0 d-----w- C:\WINDOWS\ERUNT

2009-10-21 10:04:41 . 2009-10-21 10:09:10 0 d-----w- C:\SDFix

2009-10-21 09:57:04 . 2009-10-21 09:57:04 12800 ----a-w- C:\WINDOWS\system32\bootdelete.exe

2009-10-21 09:33:46 . 2009-10-21 09:33:46 11904 ----a-w- C:\WINDOWS\system32\drivers\hitmanpro35.sys

2009-10-21 09:33:10 . 2009-10-21 09:56:59 0 d-----w- C:\Documents and Settings\All Users\Application Data\Hitman Pro

2009-10-21 09:33:10 . 2009-10-21 09:33:10 0 d-----w- C:\Program Files\Hitman Pro 3.5

2009-10-21 09:20:04 . 2009-10-21 09:20:04 0 d-----w- C:\Documents and Settings\Administrator\Application Data\Uniblue

2009-10-21 09:20:00 . 2009-10-21 09:20:00 0 d-----w- C:\Program Files\Uniblue

2009-10-21 08:21:36 . 2009-10-21 08:21:36 0 d-----w- C:\VundoFix Backups

2009-10-21 07:50:02 . 2009-10-21 07:52:09 0 d-----w- C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp

2009-10-21 07:50:00 . 2009-10-21 07:50:17 0 d-----w- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google

2009-10-21 07:49:20 . 2009-10-21 07:50:00 0 d-----w- C:\Documents and Settings\Administrator\Local Settings\Application Data\Deployment

2009-10-21 07:46:40 . 2009-10-21 07:46:40 92608 ----a-w- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-10-21 05:38:12 . 2009-10-21 07:43:47 0 d-----w- C:\Documents and Settings\Administrator\Tracing

2009-10-21 04:47:41 . 2009-01-26 23:04:45 2927104 ----a-w- C:\WINDOWS\explorer.exe

2009-10-21 02:16:41 . 2009-10-21 02:16:41 0 d-----w- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com

2009-10-21 00:51:34 . 2009-09-15 09:54:21 23152 ----a-w- C:\WINDOWS\system32\drivers\aswRdr.sys

2009-10-21 00:51:33 . 2009-09-15 09:54:30 52368 ----a-w- C:\WINDOWS\system32\drivers\aswTdi.sys

2009-10-21 00:51:32 . 2009-09-15 09:53:24 27408 ----a-w- C:\WINDOWS\system32\drivers\aavmker4.sys

2009-10-21 00:51:30 . 2009-09-15 09:55:30 114768 ----a-w- C:\WINDOWS\system32\drivers\aswSP.sys

2009-10-21 00:51:30 . 2009-09-15 09:55:19 20560 ----a-w- C:\WINDOWS\system32\drivers\aswFsBlk.sys

2009-10-21 00:51:30 . 2009-09-15 09:53:01 97480 ----a-w- C:\WINDOWS\system32\AvastSS.scr

2009-10-21 00:51:29 . 2009-09-15 09:56:21 93424 ----a-w- C:\WINDOWS\system32\drivers\aswmon.sys

2009-10-21 00:51:29 . 2009-09-15 09:56:14 94160 ----a-w- C:\WINDOWS\system32\drivers\aswmon2.sys

2009-10-21 00:51:16 . 2009-09-15 09:59:36 1279968 ----a-w- C:\WINDOWS\system32\aswBoot.exe

2009-10-21 00:51:15 . 2009-10-21 00:51:15 0 d-----w- C:\Program Files\Alwil Software

2009-10-21 00:19:52 . 2009-10-21 00:19:52 0 d-s---w- C:\Documents and Settings\Administrator\UserData

2009-10-20 12:09:41 . 2009-10-20 12:09:41 0 d-----w- C:\Documents and Settings\Administrator\Application Data\Malwarebytes

2009-10-20 12:08:57 . 2007-04-10 06:38:48 32528 ----a-w- C:\WINDOWS\system32\drivers\vetmonnt.sys

2009-10-20 12:08:57 . 2007-04-10 06:38:46 21648 ----a-w- C:\WINDOWS\system32\drivers\vetfddnt.sys

2009-10-20 12:08:57 . 2007-04-10 06:38:44 21392 ----a-w- C:\WINDOWS\system32\drivers\vet-rec.sys

2009-10-20 12:08:57 . 2007-04-10 06:38:42 26640 ----a-w- C:\WINDOWS\system32\drivers\vet-filt.sys

2009-10-20 12:08:57 . 2007-04-10 06:38:34 75280 ----a-w- C:\WINDOWS\system32\isafprod.dll

2009-10-20 12:08:57 . 2007-04-10 06:38:32 95760 ----a-w- C:\WINDOWS\system32\isafeif.dll

2009-10-20 12:08:57 . 2006-10-02 06:17:28 629264 ----a-w- C:\WINDOWS\system32\drivers\vetefile.sys

2009-10-20 12:08:57 . 2006-10-02 06:17:28 108592 ----a-w- C:\WINDOWS\system32\drivers\veteboot.sys

2009-10-20 12:08:57 . 2006-08-05 03:21:18 75280 ----a-w- C:\WINDOWS\system32\vetredir.dll

2009-10-20 12:07:08 . 2009-10-20 12:07:08 0 d-----w- C:\Documents and Settings\All Users\Application Data\CA

2009-10-20 12:07:07 . 2009-10-20 12:07:07 0 d-----w- C:\Program Files\CA

2009-10-15 01:32:39 . 2009-10-15 01:32:40 25088 ----a-w- C:\aons.exe

2009-10-14 04:48:01 . 2009-10-14 04:48:01 94643 ----a-w- C:\WINDOWS\system32\drivers\klick.dat

2009-10-14 04:48:01 . 2009-10-14 04:48:01 105395 ----a-w- C:\WINDOWS\system32\drivers\klin.dat

2009-10-14 04:47:44 . 2009-05-16 10:59:44 19472 ----a-w- C:\WINDOWS\system32\drivers\klmouflt.sys

2009-10-14 04:47:42 . 2008-12-15 10:41:32 33808 ----a-w- C:\WINDOWS\system32\drivers\klbg.sys

2009-10-14 04:47:19 . 2009-10-16 09:19:02 0 d-----w- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2009-10-14 04:47:19 . 2009-10-14 04:47:19 0 d-----w- C:\Program Files\Kaspersky Lab

2009-10-14 04:46:36 . 2009-10-14 04:46:36 0 d-----w- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files

2009-10-01 00:05:46 . 2008-04-14 12:00:00 1033728 -c--a-w- C:\WINDOWS\system32\dllcache\explorer.exe

2009-09-30 12:53:05 . 2009-02-08 22:37:56 7808 ----a-w- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys

2009-09-30 12:53:05 . 2009-02-08 22:37:48 7808 ----a-w- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys

2009-09-30 12:53:04 . 2009-02-08 22:37:50 659968 ----a-w- C:\WINDOWS\system32\nmwcdcocls.dll

2009-09-30 12:53:04 . 2009-02-08 22:37:46 22016 ----a-w- C:\WINDOWS\system32\drivers\ccdcmbo.sys

2009-09-30 12:53:04 . 2009-02-08 22:37:46 17664 ----a-w- C:\WINDOWS\system32\drivers\ccdcmb.sys

2009-09-30 12:53:04 . 2009-02-08 22:32:36 1112288 ----a-w- C:\WINDOWS\system32\wdfcoinstaller01007.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-10-21 04:56:46 . 2009-08-11 04:32:31 1324 ----a-w- C:\WINDOWS\system32\d3d9caps.dat

2009-10-16 09:19:44 . 2009-09-23 10:56:47 0 d-----w- C:\Program Files\a-squared Free

2009-10-16 09:19:31 . 2009-03-12 06:04:42 0 d-----w- C:\Documents and Settings\User\Application Data\DNA

2009-10-16 09:18:17 . 2009-03-12 06:04:42 0 d-----w- C:\Program Files\DNA

2009-10-10 12:29:39 . 2009-03-09 05:55:58 92608 ----a-w- C:\Documents and Settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-10-07 00:40:51 . 2009-08-21 13:11:13 272048 ----a-w- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2009-10-06 23:48:30 . 2009-05-19 08:29:23 0 d---a-w- C:\Documents and Settings\All Users\Application Data\TEMP

2009-10-05 23:30:02 . 2009-02-21 01:29:32 0 d-----w- C:\Documents and Settings\All Users\Application Data\PCPitstop

2009-09-30 12:53:07 . 2009-06-08 08:34:10 0 d-----w- C:\Documents and Settings\All Users\Application Data\Installations

2009-09-30 12:52:58 . 2009-04-06 05:13:35 0 d-----w- C:\Program Files\Nokia

2009-09-30 12:51:54 . 2009-06-08 09:51:56 0 d-----w- C:\Program Files\Common Files\Nokia

2009-09-30 03:47:06 . 2009-03-21 11:48:35 0 d-----w- C:\Program Files\iMesh Applications

2009-09-30 03:46:59 . 2009-08-06 07:02:28 0 d-----w- C:\Program Files\SweetIM

2009-09-23 12:21:43 . 2009-09-23 12:21:41 0 d-----w- C:\Documents and Settings\User\Application Data\OnlineArmor

2009-09-23 12:21:41 . 2009-09-23 12:21:41 0 d-----w- C:\Documents and Settings\All Users\Application Data\OnlineArmor

2009-09-23 12:21:29 . 2009-09-23 12:21:29 0 d-----w- C:\Program Files\Tall Emu

2009-09-17 02:40:59 . 2009-09-17 02:40:59 1072 ----a-w- C:\Program Files\nywjltd.txt

2009-09-17 00:14:27 . 2009-05-28 08:36:49 0 d-----w- C:\Program Files\freestar

2009-09-16 06:20:31 . 2009-09-16 06:20:28 0 d-----w- C:\Program Files\MagicDVDRipper

2009-09-16 02:52:03 . 2009-08-18 09:34:30 0 d-----w- C:\Program Files\PCPitstop

2009-09-13 11:49:33 . 2009-09-13 10:00:00 0 d-----w- C:\Documents and Settings\All Users\Application Data\13355934

2009-08-31 11:21:44 . 2009-05-04 02:37:43 0 d-----w- C:\Documents and Settings\User\Application Data\dvdcss

2009-08-31 11:07:08 . 2009-08-31 11:03:08 0 d-----w- C:\Program Files\Free DVD Ripper

2009-08-27 00:26:08 . 2009-08-27 00:26:08 0 d-----w- C:\Documents and Settings\All Users\Application Data\8271

2009-08-26 12:45:43 . 2009-08-26 12:45:43 0 d-----w- C:\Documents and Settings\All Users\Application Data\WLInstaller

2009-08-25 09:06:03 . 2009-05-12 02:26:22 5 ----a-w- C:\WINDOWS\system32\SySvideotompeg.dat

2009-08-05 09:01:48 . 2008-04-14 12:00:00 204800 ----a-w- C:\WINDOWS\system32\mswebdvd.dll

2009-03-21 11:46:49 . 2009-03-21 11:46:13 10504864 ----a-w- C:\Program Files\iMeshV8.exe

2009-03-19 08:03:57 . 2009-03-19 08:03:34 3073749 ----a-w- C:\Program Files\Setup_MagicISO.exe

2009-03-09 06:03:14 . 2009-03-09 06:03:14 15727416 ----a-w- C:\Program Files\brico-pack-crystal-xp-crystalxp.net-en-117.zip

2009-03-09 05:49:33 . 2009-03-09 05:49:30 547496 ----a-w- C:\Program Files\ChromeSetup.exe

2007-09-13 05:51:14 . 2009-03-09 08:23:56 9679815 ----a-w- C:\Program Files\vlc-0.8.6c-win32.exe

.

Share this post


Link to post
Share on other sites

Hi,

 

Most of that ComboFix log has been cut off, it you could please post the entire log again.

 

Also I notice this is the second run of ComboFix.

 

I would like to see the log from the previous run.

 

Please navigate to C:\qoobox\combofix2.txt and post the log

 

thank-you

Share this post


Link to post
Share on other sites

yeah it is cut-off. I had to stop the full log from being loaded cos it took more than 7 hrs. I can only log into safe mode cos if i boot normally, i wont be able to use task manager.

 

this is the previous log tho:

 

ComboFix 09-10-24.01 - Administrator 25/10/2009 14:42:54.2.2 - NTFSx86 NETWORK

Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.2038.1661 [GMT 11:00]

Running from: C:\Documents and Settings\Administrator\My Documents\Downloads\CombaFix.exe

AV: avast! antivirus 4.8.1356 [VPS 091020-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: CA Anti-Virus *On-access scanning disabled* (Outdated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

C:\Program Files\AskSearch\bin\DeFAultsearch.dll

C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1077

C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811

C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1858

C:\RECYCLER\S-1-5-21-0436675446-6106824708-193181879-1384

C:\RECYCLER\S-1-5-21-2091357402-7534291351-025854831-1856

C:\RECYCLER\S-1-5-21-2136668279-0791161837-642342874-7211

C:\RECYCLER\S-1-5-21-3347005939-7994171054-986942115-0946

C:\RECYCLER\S-1-5-21-3531409751-9662294514-659151017-1709

C:\RECYCLER\S-1-5-21-3700320301-2380749505-262297573-8345

C:\RECYCLER\S-1-5-21-3819627929-7373166484-097288089-3599

C:\RECYCLER\S-1-5-21-3834516953-6121873270-365056543-2197

C:\RECYCLER\S-1-5-21-4304124927-8108449801-229539284-9617

C:\RECYCLER\S-1-5-21-4723922867-2310321570-812006838-4466

C:\RECYCLER\S-1-5-21-5031003637-6164218256-267466069-1296

C:\RECYCLER\S-1-5-21-5514062644-3969005856-511445229-5933

C:\RECYCLER\S-1-5-21-6355572160-0515868168-721533118-2834

C:\RECYCLER\S-1-5-21-6523937135-8584304275-297508218-7209

C:\RECYCLER\S-1-5-21-6843023624-5268867187-634335933-1332

C:\RECYCLER\S-1-5-21-8167772497-9242771264-219432031-9571

C:\RECYCLER\S-1-5-21-9091029488-6970651333-741125211-2386

C:\RECYCLER\S-1-5-21-9664632150-9715992005-309689359-7950

C:\RECYCLER\S-1-5-21-9723687509-2064555907-967983583-2467

C:\WINDOWS\system32\SKYNETeoupjtvy.dat

C:\WINDOWS\system32\SKYNETyvcvnhnq.dat

C:\WINDOWS\system32\winhelper.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_SKYNETbayxyfdx

-------\Service_SKYNETbayxyfdx

 

 

((((((((((((((((((((((((( Files Created from 2009-09-25 to 2009-10-25 )))))))))))))))))))))))))))))))

.

 

2009-10-25 02:57:06 . 2009-10-25 03:11:26 0 d-----w- C:\CombaFix

2009-10-21 10:05:48 . 2009-10-21 10:05:50 0 d-----w- C:\WINDOWS\ERUNT

2009-10-21 10:04:41 . 2009-10-21 10:09:10 0 d-----w- C:\SDFix

2009-10-21 09:57:04 . 2009-10-21 09:57:04 12800 ----a-w- C:\WINDOWS\system32\bootdelete.exe

2009-10-21 09:33:46 . 2009-10-21 09:33:46 11904 ----a-w- C:\WINDOWS\system32\drivers\hitmanpro35.sys

2009-10-21 09:33:10 . 2009-10-21 09:56:59 0 d-----w- C:\Documents and Settings\All Users\Application Data\Hitman Pro

2009-10-21 09:33:10 . 2009-10-21 09:33:10 0 d-----w- C:\Program Files\Hitman Pro 3.5

2009-10-21 09:20:04 . 2009-10-21 09:20:04 0 d-----w- C:\Documents and Settings\Administrator\Application Data\Uniblue

2009-10-21 09:20:00 . 2009-10-21 09:20:00 0 d-----w- C:\Program Files\Uniblue

2009-10-21 08:21:36 . 2009-10-21 08:21:36 0 d-----w- C:\VundoFix Backups

2009-10-21 07:50:02 . 2009-10-21 07:52:09 0 d-----w- C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp

2009-10-21 07:50:00 . 2009-10-21 07:50:17 0 d-----w- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google

2009-10-21 07:49:20 . 2009-10-21 07:50:00 0 d-----w- C:\Documents and Settings\Administrator\Local Settings\Application Data\Deployment

2009-10-21 07:46:40 . 2009-10-21 07:46:40 92608 ----a-w- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-10-21 05:38:12 . 2009-10-21 07:43:47 0 d-----w- C:\Documents and Settings\Administrator\Tracing

2009-10-21 04:47:41 . 2009-01-26 23:04:45 2927104 ----a-w- C:\WINDOWS\explorer.exe

2009-10-21 02:16:41 . 2009-10-21 02:16:41 0 d-----w- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com

2009-10-21 00:51:34 . 2009-09-15 09:54:21 23152 ----a-w- C:\WINDOWS\system32\drivers\aswRdr.sys

2009-10-21 00:51:33 . 2009-09-15 09:54:30 52368 ----a-w- C:\WINDOWS\system32\drivers\aswTdi.sys

2009-10-21 00:51:32 . 2009-09-15 09:53:24 27408 ----a-w- C:\WINDOWS\system32\drivers\aavmker4.sys

2009-10-21 00:51:30 . 2009-09-15 09:55:30 114768 ----a-w- C:\WINDOWS\system32\drivers\aswSP.sys

2009-10-21 00:51:30 . 2009-09-15 09:55:19 20560 ----a-w- C:\WINDOWS\system32\drivers\aswFsBlk.sys

2009-10-21 00:51:30 . 2009-09-15 09:53:01 97480 ----a-w- C:\WINDOWS\system32\AvastSS.scr

2009-10-21 00:51:29 . 2009-09-15 09:56:21 93424 ----a-w- C:\WINDOWS\system32\drivers\aswmon.sys

2009-10-21 00:51:29 . 2009-09-15 09:56:14 94160 ----a-w- C:\WINDOWS\system32\drivers\aswmon2.sys

2009-10-21 00:51:16 . 2009-09-15 09:59:36 1279968 ----a-w- C:\WINDOWS\system32\aswBoot.exe

2009-10-21 00:51:15 . 2009-10-21 00:51:15 0 d-----w- C:\Program Files\Alwil Software

2009-10-21 00:19:52 . 2009-10-21 00:19:52 0 d-s---w- C:\Documents and Settings\Administrator\UserData

2009-10-20 12:09:41 . 2009-10-20 12:09:41 0 d-----w- C:\Documents and Settings\Administrator\Application Data\Malwarebytes

2009-10-20 12:08:57 . 2007-04-10 06:38:48 32528 ----a-w- C:\WINDOWS\system32\drivers\vetmonnt.sys

2009-10-20 12:08:57 . 2007-04-10 06:38:46 21648 ----a-w- C:\WINDOWS\system32\drivers\vetfddnt.sys

2009-10-20 12:08:57 . 2007-04-10 06:38:44 21392 ----a-w- C:\WINDOWS\system32\drivers\vet-rec.sys

2009-10-20 12:08:57 . 2007-04-10 06:38:42 26640 ----a-w- C:\WINDOWS\system32\drivers\vet-filt.sys

2009-10-20 12:08:57 . 2007-04-10 06:38:34 75280 ----a-w- C:\WINDOWS\system32\isafprod.dll

2009-10-20 12:08:57 . 2007-04-10 06:38:32 95760 ----a-w- C:\WINDOWS\system32\isafeif.dll

2009-10-20 12:08:57 . 2006-10-02 06:17:28 629264 ----a-w- C:\WINDOWS\system32\drivers\vetefile.sys

2009-10-20 12:08:57 . 2006-10-02 06:17:28 108592 ----a-w- C:\WINDOWS\system32\drivers\veteboot.sys

2009-10-20 12:08:57 . 2006-08-05 03:21:18 75280 ----a-w- C:\WINDOWS\system32\vetredir.dll

2009-10-20 12:07:08 . 2009-10-20 12:07:08 0 d-----w- C:\Documents and Settings\All Users\Application Data\CA

2009-10-20 12:07:07 . 2009-10-20 12:07:07 0 d-----w- C:\Program Files\CA

2009-10-15 01:32:39 . 2009-10-15 01:32:40 25088 ----a-w- C:\aons.exe

2009-10-14 04:48:01 . 2009-10-14 04:48:01 94643 ----a-w- C:\WINDOWS\system32\drivers\klick.dat

2009-10-14 04:48:01 . 2009-10-14 04:48:01 105395 ----a-w- C:\WINDOWS\system32\drivers\klin.dat

2009-10-14 04:47:44 . 2009-05-16 10:59:44 19472 ----a-w- C:\WINDOWS\system32\drivers\klmouflt.sys

2009-10-14 04:47:42 . 2008-12-15 10:41:32 33808 ----a-w- C:\WINDOWS\system32\drivers\klbg.sys

2009-10-14 04:47:19 . 2009-10-16 09:19:02 0 d-----w- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2009-10-14 04:47:19 . 2009-10-14 04:47:19 0 d-----w- C:\Program Files\Kaspersky Lab

2009-10-14 04:46:36 . 2009-10-14 04:46:36 0 d-----w- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files

2009-10-01 00:05:46 . 2008-04-14 12:00:00 1033728 -c--a-w- C:\WINDOWS\system32\dllcache\explorer.exe

2009-09-30 12:53:05 . 2009-02-08 22:37:56 7808 ----a-w- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys

2009-09-30 12:53:05 . 2009-02-08 22:37:48 7808 ----a-w- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys

2009-09-30 12:53:04 . 2009-02-08 22:37:50 659968 ----a-w- C:\WINDOWS\system32\nmwcdcocls.dll

2009-09-30 12:53:04 . 2009-02-08 22:37:46 22016 ----a-w- C:\WINDOWS\system32\drivers\ccdcmbo.sys

2009-09-30 12:53:04 . 2009-02-08 22:37:46 17664 ----a-w- C:\WINDOWS\system32\drivers\ccdcmb.sys

2009-09-30 12:53:04 . 2009-02-08 22:32:36 1112288 ----a-w- C:\WINDOWS\system32\wdfcoinstaller01007.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-10-21 04:56:46 . 2009-08-11 04:32:31 1324 ----a-w- C:\WINDOWS\system32\d3d9caps.dat

2009-10-16 09:19:44 . 2009-09-23 10:56:47 0 d-----w- C:\Program Files\a-squared Free

2009-10-16 09:19:31 . 2009-03-12 06:04:42 0 d-----w- C:\Documents and Settings\User\Application Data\DNA

2009-10-16 09:18:17 . 2009-03-12 06:04:42 0 d-----w- C:\Program Files\DNA

2009-10-10 12:29:39 . 2009-03-09 05:55:58 92608 ----a-w- C:\Documents and Settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-10-07 00:40:51 . 2009-08-21 13:11:13 272048 ----a-w- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2009-10-06 23:48:30 . 2009-05-19 08:29:23 0 d---a-w- C:\Documents and Settings\All Users\Application Data\TEMP

2009-10-05 23:30:02 . 2009-02-21 01:29:32 0 d-----w- C:\Documents and Settings\All Users\Application Data\PCPitstop

2009-09-30 12:53:07 . 2009-06-08 08:34:10 0 d-----w- C:\Documents and Settings\All Users\Application Data\Installations

2009-09-30 12:52:58 . 2009-04-06 05:13:35 0 d-----w- C:\Program Files\Nokia

2009-09-30 12:51:54 . 2009-06-08 09:51:56 0 d-----w- C:\Program Files\Common Files\Nokia

2009-09-30 03:47:06 . 2009-03-21 11:48:35 0 d-----w- C:\Program Files\iMesh Applications

2009-09-30 03:46:59 . 2009-08-06 07:02:28 0 d-----w- C:\Program Files\SweetIM

2009-09-23 12:21:43 . 2009-09-23 12:21:41 0 d-----w- C:\Documents and Settings\User\Application Data\OnlineArmor

2009-09-23 12:21:41 . 2009-09-23 12:21:41 0 d-----w- C:\Documents and Settings\All Users\Application Data\OnlineArmor

2009-09-23 12:21:29 . 2009-09-23 12:21:29 0 d-----w- C:\Program Files\Tall Emu

2009-09-17 02:40:59 . 2009-09-17 02:40:59 1072 ----a-w- C:\Program Files\nywjltd.txt

2009-09-17 00:14:27 . 2009-05-28 08:36:49 0 d-----w- C:\Program Files\freestar

2009-09-16 06:20:31 . 2009-09-16 06:20:28 0 d-----w- C:\Program Files\MagicDVDRipper

2009-09-16 02:52:03 . 2009-08-18 09:34:30 0 d-----w- C:\Program Files\PCPitstop

2009-09-13 11:49:33 . 2009-09-13 10:00:00 0 d-----w- C:\Documents and Settings\All Users\Application Data\13355934

2009-08-31 11:21:44 . 2009-05-04 02:37:43 0 d-----w- C:\Documents and Settings\User\Application Data\dvdcss

2009-08-31 11:07:08 . 2009-08-31 11:03:08 0 d-----w- C:\Program Files\Free DVD Ripper

2009-08-27 00:26:08 . 2009-08-27 00:26:08 0 d-----w- C:\Documents and Settings\All Users\Application Data\8271

2009-08-26 12:45:43 . 2009-08-26 12:45:43 0 d-----w- C:\Documents and Settings\All Users\Application Data\WLInstaller

2009-08-25 09:06:03 . 2009-05-12 02:26:22 5 ----a-w- C:\WINDOWS\system32\SySvideotompeg.dat

2009-08-05 09:01:48 . 2008-04-14 12:00:00 204800 ----a-w- C:\WINDOWS\system32\mswebdvd.dll

2009-03-21 11:46:49 . 2009-03-21 11:46:13 10504864 ----a-w- C:\Program Files\iMeshV8.exe

2009-03-19 08:03:57 . 2009-03-19 08:03:34 3073749 ----a-w- C:\Program Files\Setup_MagicISO.exe

2009-03-09 06:03:14 . 2009-03-09 06:03:14 15727416 ----a-w- C:\Program Files\brico-pack-crystal-xp-crystalxp.net-en-117.zip

2009-03-09 05:49:33 . 2009-03-09 05:49:30 547496 ----a-w- C:\Program Files\ChromeSetup.exe

2007-09-13 05:51:14 . 2009-03-09 08:23:56 9679815 ----a-w- C:\Program Files\vlc-0.8.6c-win32.exe

.

Share this post


Link to post
Share on other sites

Hi,

 

what was taking 7hours? The combofix log shouldn't be much longer than what you posted, there are only a couple of sections missing.

 

Please go to C:\combofix.txt and post the log that you find there.

Share this post


Link to post
Share on other sites

C:/combofix.txt doesn't exist. Everytime I try to load a log file, it stops itself there as u can see previously with my other logs.

Do you know how to turn off avast manually? Cos I don't have the system tray icon to turn it off temporarily.

 

When Combofix starts to create my log report, it takes hrs and hrs and never gets completed.

Share this post


Link to post
Share on other sites

Hi,

 

That seems to be very unusual.

 

Part of the issue may be that you have three AV's installed.

 

More than one antivirus can cause conflicts, system slow downs and crashes. Decide which AV you wish to keep and uninstall the others.

 

To disable avast > do the following: Go to Start > All programs > Avast....

 

top left corner there is a small arrow > click > Settings >

 

click on the Appearance tab > select "Show avast tray icon" OK

 

that will make it easier for you to disable in the future.

 

To disable it from the panel click > settings > troubleshooting > click the middle three boxes containing "disable" > OK

 

Then delete the copy of combofix from your desktop

 

After you have uninstalled all but one AV and have it disabled.

 

boot into safe mode and run combofix...when combofix reboots, make sure you boot back into safe mode to allow it to complete the log...then post the log

 

 

(to enter safe mode > press F8 repeatedly on boot up > arrow up to safe mode)

Share this post


Link to post
Share on other sites

Thank you so much for that. It finally worked!

 

 

 

ComboFix 09-11-04.05 - Administrator 05/11/2009 22:50.5.2 - NTFSx86 NETWORK

Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.2038.1788 [GMT 11:00]

Running from: c:\documents and settings\Administrator\Desktop\CombaFix.exe

AV: avast! antivirus 4.8.1356 [VPS 091020-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: CA Anti-Virus *On-access scanning disabled* (Outdated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_SKYNETbayxyfdx

-------\Service_SKYNETbayxyfdx

 

 

((((((((((((((((((((((((( Files Created from 2009-10-05 to 2009-11-05 )))))))))))))))))))))))))))))))

.

 

2009-10-21 10:05 . 2009-10-21 10:05 -------- d-----w- c:\windows\ERUNT

2009-10-21 10:04 . 2009-10-21 10:09 -------- d-----w- C:\SDFix

2009-10-21 09:57 . 2009-10-21 09:57 12800 ----a-w- c:\windows\system32\bootdelete.exe

2009-10-21 09:33 . 2009-10-21 09:33 11904 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2009-10-21 09:33 . 2009-10-21 09:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro

2009-10-21 09:33 . 2009-10-21 09:33 -------- d-----w- c:\program files\Hitman Pro 3.5

2009-10-21 09:20 . 2009-10-21 09:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\Uniblue

2009-10-21 09:20 . 2009-10-21 09:20 -------- d-----w- c:\program files\Uniblue

2009-10-21 08:21 . 2009-10-21 08:21 -------- d-----w- C:\VundoFix Backups

2009-10-21 07:50 . 2009-10-21 07:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp

2009-10-21 07:50 . 2009-10-21 07:50 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google

2009-10-21 07:49 . 2009-10-21 07:50 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Deployment

2009-10-21 07:46 . 2009-10-21 07:46 92608 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-10-21 05:38 . 2009-10-21 07:43 -------- d-----w- c:\documents and settings\Administrator\Tracing

2009-10-21 04:47 . 2009-01-26 23:04 2927104 ----a-w- c:\windows\explorer.exe

2009-10-21 02:19 . 2009-10-21 08:08 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2009-10-21 02:16 . 2009-10-21 02:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com

2009-10-21 00:51 . 2009-09-15 09:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2009-10-21 00:51 . 2009-09-15 09:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2009-10-21 00:51 . 2009-09-15 09:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2009-10-21 00:51 . 2009-09-15 09:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2009-10-21 00:51 . 2009-09-15 09:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2009-10-21 00:51 . 2009-09-15 09:53 97480 ----a-w- c:\windows\system32\AvastSS.scr

2009-10-21 00:51 . 2009-09-15 09:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys

2009-10-21 00:51 . 2009-09-15 09:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2009-10-21 00:51 . 2009-09-15 09:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe

2009-10-21 00:51 . 2009-10-21 00:51 -------- d-----w- c:\program files\Alwil Software

2009-10-21 00:19 . 2009-10-21 00:19 -------- d-s---w- c:\documents and settings\Administrator\UserData

2009-10-20 12:09 . 2009-10-20 12:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2009-10-20 12:08 . 2007-04-10 06:38 32528 ----a-w- c:\windows\system32\drivers\vetmonnt.sys

2009-10-20 12:08 . 2007-04-10 06:38 21648 ----a-w- c:\windows\system32\drivers\vetfddnt.sys

2009-10-20 12:08 . 2007-04-10 06:38 21392 ----a-w- c:\windows\system32\drivers\vet-rec.sys

2009-10-20 12:08 . 2007-04-10 06:38 26640 ----a-w- c:\windows\system32\drivers\vet-filt.sys

2009-10-20 12:08 . 2007-04-10 06:38 75280 ----a-w- c:\windows\system32\isafprod.dll

2009-10-20 12:08 . 2007-04-10 06:38 95760 ----a-w- c:\windows\system32\isafeif.dll

2009-10-20 12:08 . 2006-10-02 06:17 629264 ----a-w- c:\windows\system32\drivers\vetefile.sys

2009-10-20 12:08 . 2006-10-02 06:17 108592 ----a-w- c:\windows\system32\drivers\veteboot.sys

2009-10-20 12:08 . 2006-08-05 03:21 75280 ----a-w- c:\windows\system32\vetredir.dll

2009-10-20 12:07 . 2009-10-20 12:07 -------- d-----w- c:\documents and settings\All Users\Application Data\CA

2009-10-20 12:07 . 2009-10-20 12:07 -------- d-----w- c:\program files\CA

2009-10-15 01:32 . 2009-10-15 01:32 25088 ----a-w- C:\aons.exe

2009-10-14 04:48 . 2009-10-14 04:48 94643 ----a-w- c:\windows\system32\drivers\klick.dat

2009-10-14 04:48 . 2009-10-14 04:48 105395 ----a-w- c:\windows\system32\drivers\klin.dat

2009-10-14 04:47 . 2009-05-16 10:59 19472 ----a-w- c:\windows\system32\drivers\klmouflt.sys

2009-10-14 04:47 . 2008-12-15 10:41 33808 ----a-w- c:\windows\system32\drivers\klbg.sys

2009-10-14 04:47 . 2009-11-05 11:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab

2009-10-14 04:47 . 2009-10-14 04:47 -------- d-----w- c:\program files\Kaspersky Lab

2009-10-14 04:46 . 2009-10-14 04:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-10-21 04:56 . 2009-08-11 04:32 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2009-10-16 09:19 . 2009-09-23 10:56 -------- d-----w- c:\program files\a-squared Free

2009-10-16 09:19 . 2009-03-12 06:04 -------- d-----w- c:\documents and settings\User\Application Data\DNA

2009-10-16 09:19 . 2009-08-25 06:51 117760 ----a-w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2009-10-16 09:18 . 2009-03-12 06:04 -------- d-----w- c:\program files\DNA

2009-10-10 12:29 . 2009-03-09 05:55 92608 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-10-07 00:40 . 2009-08-21 13:11 272048 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2009-10-06 23:48 . 2009-05-19 08:29 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-10-05 23:30 . 2009-02-21 01:29 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop

2009-09-30 12:53 . 2009-06-08 08:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations

2009-09-30 12:52 . 2009-04-06 05:13 -------- d-----w- c:\program files\Nokia

2009-09-30 12:51 . 2009-06-08 09:51 -------- d-----w- c:\program files\Common Files\Nokia

2009-09-30 12:51 . 2009-09-30 12:51 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\Installer\CommonCustomActions\Sleep.exe

2009-09-30 12:51 . 2009-09-30 12:51 3351812 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\Installer\CommonCustomActions\msxml6Exec.exe

2009-09-30 12:51 . 2009-09-30 12:51 3181612 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\Installer\CommonCustomActions\vcredistExec.exe

2009-09-30 12:49 . 2009-09-30 12:51 24501456 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\NokiaSoftwareUpdaterSetup_1.7.3EN.exe

2009-09-30 03:47 . 2009-03-21 11:48 -------- d-----w- c:\program files\iMesh Applications

2009-09-30 03:46 . 2009-08-06 07:02 -------- d-----w- c:\program files\SweetIM

2009-09-17 02:40 . 2009-09-17 02:40 1072 ----a-w- c:\program files\nywjltd.txt

2009-09-17 00:14 . 2009-05-28 08:36 -------- d-----w- c:\program files\freestar

2009-09-16 06:20 . 2009-09-16 06:20 -------- d-----w- c:\program files\MagicDVDRipper

2009-09-16 02:52 . 2009-08-18 09:34 -------- d-----w- c:\program files\PCPitstop

2009-09-13 11:49 . 2009-09-13 10:00 -------- d-----w- c:\documents and settings\All Users\Application Data\13355934

2009-08-25 09:06 . 2009-05-12 02:26 5 ----a-w- c:\windows\system32\SySvideotompeg.dat

2009-08-25 06:47 . 2009-08-25 06:47 64 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\zzw44m2o.default\extensions\dvscontextmenuy@dvdvideosoft.com

2009-03-21 11:46 . 2009-03-21 11:46 10504864 ----a-w- c:\program files\iMeshV8.exe

2009-03-19 08:03 . 2009-03-19 08:03 3073749 ----a-w- c:\program files\Setup_MagicISO.exe

2009-03-09 06:03 . 2009-03-09 06:03 15727416 ----a-w- c:\program files\brico-pack-crystal-xp-crystalxp.net-en-117.zip

2009-03-09 05:49 . 2009-03-09 05:49 547496 ----a-w- c:\program files\ChromeSetup.exe

2007-09-13 05:51 . 2009-03-09 08:23 9679815 ----a-w- c:\program files\vlc-0.8.6c-win32.exe

.

 

------- Sigcheck -------

 

[-] 2008-10-16 . F879978F7E8E4AB8D6689A001848ECBE . 213528 . . [7.2.6001.788] . . c:\windows\system32\wuauclt.exe

[-] 2008-10-16 . F879978F7E8E4AB8D6689A001848ECBE . 213528 . . [7.2.6001.788] . . c:\windows\system32\dllcache\wuauclt.exe

 

[-] 2009-01-26 . 4F554999D7D5F05DAAEBBA7B5BA1089D . 2927104 . . [6.0.6001.18164] . . c:\windows\explorer.exe

[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-10-21 133104]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]

"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-21 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-21 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-21 137752]

"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-04-10 29757440]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-02-27 570664]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-23 33648]

"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-07 488984]

"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-07 774168]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-16 148888]

"Nokia FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2008-12-03 2372840]

"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-04-10 177680]

"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.8.0\QOELoader.exe" [2009-10-20 14352]

"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-04-10 230928]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]

"HitmanPro35"="c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2009-10-21 4840696]

"SDFix"="c:\sdfix\RunThis.bat" [2008-11-05 964661]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-16 16806400]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\User\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-22 02:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\kasperskyantivirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymedia.exe"=

"c:\\Program Files\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymediaserver.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

 

S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [21/10/2009 11:51 AM 114768]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/08/2009 5:06 PM 9968]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/08/2009 5:06 PM 74480]

S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21/10/2009 11:51 AM 20560]

S2 lcbxpq;lcbxpq;c:\windows\system32\drivers\gmgfe.sys --> c:\windows\system32\drivers\gmgfe.sys [?]

S2 TwonkyMedia;TwonkyMedia;c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 --> c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 [?]

S2 vzaywoe;vzaywoe;c:\windows\system32\drivers\uqsq.sys --> c:\windows\system32\drivers\uqsq.sys [?]

S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [21/05/2009 9:08 PM 16512]

S3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [21/02/2009 10:43 AM 36864]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/08/2009 5:06 PM 7408]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [21/02/2009 10:42 AM 222976]

S4 pcpitstop scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [16/09/2009 1:52 PM 77312]

 

--- Other Services/Drivers In Memory ---

 

*NewlyCreated* - MBR

*Deregistered* - mbr

.

Contents of the 'Scheduled Tasks' folder

 

2009-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-602162358-1801674531-1004Core.job

- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-09 05:49]

 

2009-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-602162358-1801674531-1004UA.job

- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-09 05:49]

 

2009-10-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-602162358-1801674531-500Core.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-21 07:50]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

uInternet Connection Wizard,ShellNext = hxxp://home.sweetim.com/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

LSP: c:\windows\system32\VetRedir.dll

DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll

FF - ProfilePath -

.

- - - - ORPHANS REMOVED - - - -

 

Toolbar-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)

HKCU-RunOnce-UniblueRegistryBooster - launcher.exe

HKLM-Run-Windows Client - client.exe

HKLM-Run-Windows Rundll Center - msmsgrs.exe

ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)

AddRemove-a4 video converter - update_is1 - c:\program files\A4 Video Converter\unins001.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-11-05 22:55

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(384)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

.

Completion time: 2009-11-05 22:56

ComboFix-quarantined-files.txt 2009-11-05 11:56

 

Pre-Run: 314,905,784,320 bytes free

Post-Run: 314,864,566,272 bytes free

 

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6,7

Share this post


Link to post
Share on other sites

Hi,

 

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

 

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

 

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

 

http://forums.pcpitstop.com/index.php?showtopic=173630&pid=1633296&st=10

Collect::
c:\windows\system32\drivers\gmgfe.sys
c:\windows\system32\drivers\uqsq.sys

File::
c:\program files\nywjltd.txt

Folder::
c:\documents and settings\All Users\Application Data\13355934

FCopy::
c:\windows\system32\dllcache\explorer.exe | c:\windows\explorer.exe

SRPeek::
c:\windows\system32\wuauclt.exe

Driver::
lcbxpq
vzaywoe

FixCSet::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

 

Here's how to do that:

 

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

 

Posted Image

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

 

 

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

  • Ensure you are connected to the internet and click OK on the message box.

NEXT

  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:

    C:\aons.exe

     

  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

Share this post


Link to post
Share on other sites

Thank you so much! After that last combofix scan, my desktop, icons and taskbar came back. Thank you once again for all ur help.

 

 

Scanned time : 2009/11/06 19:45:09 (EST)

Scanner results: 35% Scanner(s) (13/37) found malware!

File Name : aons.exe

File Size : 25088 byte

File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit

MD5 : ba53273f8d4b96a309144240d5c2f884

SHA1 : 2e1270ff55f57d33675c6ef3b1ed6cf05eec4efa

Online report : http://virscan.org/report/70cdc9fa67306a61...7a66c9e30a.html

 

Scanner Engine Ver Sig Ver Sig Date Time Scan result

a-squared 4.5.0.8 20091106050124 2009-11-06 4.40 Trojan.SuspectCRC!IK

AhnLab V3 2009.11.06.04 2009.11.06 2009-11-06 1.34 -

AntiVir 8.2.1.59 7.1.6.198 2009-11-06 0.08 TR/Crypt.ZPACK.Gen

Antiy 2.0.18 20091105.3216324 2009-11-05 0.02 -

Arcavir 2009 200911060304 2009-11-06 0.04 -

Authentium 5.1.1 200911052241 2009-11-05 1.25 -

AVAST! 4.7.4 091106-0 2009-11-06 0.01 -

AVG 8.5.288 270.14.52/2484 2009-11-06 0.32 Pakes.EGI

BitDefender 7.81008.4481875 7.28772 2009-11-06 3.90 Trojan.Generic.2608430

CA (VET) 35.1.0 7105 2009-11-04 5.97 Win32/AdvancedVirusRemover.V trojan.

ClamAV 0.95.2 9995 2009-11-06 0.01 -

Comodo 3.12 2857 2009-11-06 1.02 -

CP Secure 1.3.0.5 2009.11.06 2009-11-06 0.04 -

Dr.Web 4.44.0.9170 2009.11.06 2009-11-06 6.46 -

F-Prot 4.4.4.56 20091105 2009-11-05 1.19 -

F-Secure 7.02.73807 2009.11.06.04 2009-11-06 0.10 -

Fortinet 2.81-3.120 11.27 2009-11-05 0.30 PossibleThreat

GData 19.8740/19.540 20091106 2009-11-06 6.16 -

ViRobot 20091106 2009.11.06 2009-11-06 0.42 -

Ikarus T3.1.01.74 2009.11.06.74463 2009-11-06 4.02 Trojan.SuspectCRC

JiangMin 11.0.800 2009.11.06 2009-11-06 8.46 -

Kaspersky 5.5.10 2009.11.06 2009-11-06 0.07 -

KingSoft 2009.2.5.15 2009.11.6.9 2009-11-06 0.61 -

McAfee 5.3.00 5793 2009-11-05 3.61 -

Microsoft 1.5202 2009.11.06 2009-11-06 6.84 Trojan:Win32/Malat

Norman 6.01.09 6.01.00 2009-11-05 4.01 -

Panda 9.05.01 2009.11.05 2009-11-05 7.33 Adware/Antivirus2009

Trend Micro 8.700-1004 6.608.01 2009-11-05 0.03 -

Quick Heal 10.00 2009.11.06 2009-11-06 1.40 -

Rising 20.0 21.54.42.00 2009-11-06 1.41 -

Sophos 3.00.1 4.46 2009-11-06 2.93 Mal/Generic-A

Sunbelt 5491 5491 2009-11-05 2.26 Trojan.Win32.Generic!VS

Symantec 1.3.0.24 20091105.003 2009-11-05 0.08 Trojan.FakeAV

nProtect 20091106.02 6111738 2009-11-06 9.63 Trojan/W32.Agent.25088.EX

The Hacker 6.5.0.2 v00062 2009-11-05 2.15 -

VBA32 3.12.10.11 20091105.2113 2009-11-05 1.97 -

VirusBuster 4.5.11.10 10.113.8/2002554 2009-11-05 2.39 -

VirSCAN.org Scanned Report :

Scanned time : 2009/11/06 19:45:09 (EST)

Scanner results: 35% Scanner(s) (13/37) found malware!

File Name : aons.exe

File Size : 25088 byte

File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit

MD5 : ba53273f8d4b96a309144240d5c2f884

SHA1 : 2e1270ff55f57d33675c6ef3b1ed6cf05eec4efa

Online report : http://virscan.org/report/70cdc9fa67306a61...7a66c9e30a.html

 

Scanner Engine Ver Sig Ver Sig Date Time Scan result

a-squared 4.5.0.8 20091106050124 2009-11-06 4.40 Trojan.SuspectCRC!IK

AhnLab V3 2009.11.06.04 2009.11.06 2009-11-06 1.34 -

AntiVir 8.2.1.59 7.1.6.198 2009-11-06 0.08 TR/Crypt.ZPACK.Gen

Antiy 2.0.18 20091105.3216324 2009-11-05 0.02 -

Arcavir 2009 200911060304 2009-11-06 0.04 -

Authentium 5.1.1 200911052241 2009-11-05 1.25 -

AVAST! 4.7.4 091106-0 2009-11-06 0.01 -

AVG 8.5.288 270.14.52/2484 2009-11-06 0.32 Pakes.EGI

BitDefender 7.81008.4481875 7.28772 2009-11-06 3.90 Trojan.Generic.2608430

CA (VET) 35.1.0 7105 2009-11-04 5.97 Win32/AdvancedVirusRemover.V trojan.

ClamAV 0.95.2 9995 2009-11-06 0.01 -

Comodo 3.12 2857 2009-11-06 1.02 -

CP Secure 1.3.0.5 2009.11.06 2009-11-06 0.04 -

Dr.Web 4.44.0.9170 2009.11.06 2009-11-06 6.46 -

F-Prot 4.4.4.56 20091105 2009-11-05 1.19 -

F-Secure 7.02.73807 2009.11.06.04 2009-11-06 0.10 -

Fortinet 2.81-3.120 11.27 2009-11-05 0.30 PossibleThreat

GData 19.8740/19.540 20091106 2009-11-06 6.16 -

ViRobot 20091106 2009.11.06 2009-11-06 0.42 -

Ikarus T3.1.01.74 2009.11.06.74463 2009-11-06 4.02 Trojan.SuspectCRC

JiangMin 11.0.800 2009.11.06 2009-11-06 8.46 -

Kaspersky 5.5.10 2009.11.06 2009-11-06 0.07 -

KingSoft 2009.2.5.15 2009.11.6.9 2009-11-06 0.61 -

McAfee 5.3.00 5793 2009-11-05 3.61 -

Microsoft 1.5202 2009.11.06 2009-11-06 6.84 Trojan:Win32/Malat

Norman 6.01.09 6.01.00 2009-11-05 4.01 -

Panda 9.05.01 2009.11.05 2009-11-05 7.33 Adware/Antivirus2009

Trend Micro 8.700-1004 6.608.01 2009-11-05 0.03 -

Quick Heal 10.00 2009.11.06 2009-11-06 1.40 -

Rising 20.0 21.54.42.00 2009-11-06 1.41 -

Sophos 3.00.1 4.46 2009-11-06 2.93 Mal/Generic-A

Sunbelt 5491 5491 2009-11-05 2.26 Trojan.Win32.Generic!VS

Symantec 1.3.0.24 20091105.003 2009-11-05 0.08 Trojan.FakeAV

nProtect 20091106.02 6111738 2009-11-06 9.63 Trojan/W32.Agent.25088.EX

The Hacker 6.5.0.2 v00062 2009-11-05 2.15 -

VBA32 3.12.10.11 20091105.2113 2009-11-05 1.97 -

VirusBuster 4.5.11.10 10.113.8/2002554 2009-11-05 2.39 -

Share this post


Link to post
Share on other sites

Sorry. Here you go.

 

 

 

ComboFix 09-11-04.05 - Administrator 06/11/2009 20:35.6.2 - NTFSx86 NETWORK

Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.2038.1736 [GMT 11:00]

Running from: c:\documents and settings\Administrator\Desktop\CombaFix.exe

Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt

AV: avast! antivirus 4.8.1356 [VPS 091020-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: CA Anti-Virus *On-access scanning disabled* (Outdated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

 

FILE ::

"c:\program files\nywjltd.txt"

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\All Users\Application Data\13355934

c:\documents and settings\All Users\Application Data\13355934\13355934

c:\documents and settings\All Users\Application Data\13355934\pc13355934ins

c:\program files\nywjltd.txt

 

.

--------------- FCopy ---------------

 

c:\windows\system32\dllcache\explorer.exe --> c:\windows\explorer.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_LCBXPQ

-------\Legacy_VZAYWOE

-------\Service_lcbxpq

-------\Service_vzaywoe

 

 

((((((((((((((((((((((((( Files Created from 2009-10-06 to 2009-11-06 )))))))))))))))))))))))))))))))

.

 

2009-11-05 11:50 . 2009-11-05 12:04 -------- d-----w- C:\CombaFix17696C

2009-11-05 11:46 . 2009-11-05 11:47 -------- d-----w- C:\CombaFix17998C

2009-10-30 10:51 . 2009-10-30 10:56 -------- d-----w- C:\CombaFix12294C

2009-10-30 10:44 . 2009-10-30 10:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe

2009-10-25 04:32 . 2009-10-30 10:24 -------- d-----w- C:\CombaFix1202C

2009-10-25 03:42 . 2009-10-30 10:24 -------- d-----w- C:\CombaFix24855C

2009-10-25 02:57 . 2009-10-30 10:24 -------- d-----w- C:\CombaFix

2009-10-21 10:05 . 2009-10-21 10:05 -------- d-----w- c:\windows\ERUNT

2009-10-21 10:04 . 2009-11-06 09:41 -------- d-----w- C:\SDFix

2009-10-21 09:57 . 2009-10-21 09:57 12800 ----a-w- c:\windows\system32\bootdelete.exe

2009-10-21 09:33 . 2009-10-21 09:33 11904 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2009-10-21 09:33 . 2009-10-21 09:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro

2009-10-21 09:33 . 2009-10-21 09:33 -------- d-----w- c:\program files\Hitman Pro 3.5

2009-10-21 09:20 . 2009-10-21 09:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\Uniblue

2009-10-21 09:20 . 2009-10-21 09:20 -------- d-----w- c:\program files\Uniblue

2009-10-21 08:21 . 2009-10-21 08:21 -------- d-----w- C:\VundoFix Backups

2009-10-21 07:50 . 2009-10-21 07:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp

2009-10-21 07:50 . 2009-10-21 07:50 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google

2009-10-21 07:49 . 2009-10-21 07:50 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Deployment

2009-10-21 07:46 . 2009-10-21 07:46 92608 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-10-21 05:38 . 2009-10-21 07:43 -------- d-----w- c:\documents and settings\Administrator\Tracing

2009-10-21 04:47 . 2008-04-14 12:00 1033728 ----a-w- c:\windows\explorer.exe

2009-10-21 02:19 . 2009-10-21 08:08 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2009-10-21 02:16 . 2009-10-21 02:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com

2009-10-21 00:51 . 2009-09-15 09:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2009-10-21 00:51 . 2009-09-15 09:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2009-10-21 00:51 . 2009-09-15 09:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2009-10-21 00:51 . 2009-09-15 09:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2009-10-21 00:51 . 2009-09-15 09:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2009-10-21 00:51 . 2009-09-15 09:53 97480 ----a-w- c:\windows\system32\AvastSS.scr

2009-10-21 00:51 . 2009-09-15 09:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys

2009-10-21 00:51 . 2009-09-15 09:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2009-10-21 00:51 . 2009-09-15 09:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe

2009-10-21 00:51 . 2009-10-21 00:51 -------- d-----w- c:\program files\Alwil Software

2009-10-21 00:19 . 2009-10-21 00:19 -------- d-s---w- c:\documents and settings\Administrator\UserData

2009-10-20 12:09 . 2009-10-20 12:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2009-10-20 12:08 . 2007-04-10 06:38 32528 ----a-w- c:\windows\system32\drivers\vetmonnt.sys

2009-10-20 12:08 . 2007-04-10 06:38 21648 ----a-w- c:\windows\system32\drivers\vetfddnt.sys

2009-10-20 12:08 . 2007-04-10 06:38 21392 ----a-w- c:\windows\system32\drivers\vet-rec.sys

2009-10-20 12:08 . 2007-04-10 06:38 26640 ----a-w- c:\windows\system32\drivers\vet-filt.sys

2009-10-20 12:08 . 2007-04-10 06:38 75280 ----a-w- c:\windows\system32\isafprod.dll

2009-10-20 12:08 . 2007-04-10 06:38 95760 ----a-w- c:\windows\system32\isafeif.dll

2009-10-20 12:08 . 2006-10-02 06:17 629264 ----a-w- c:\windows\system32\drivers\vetefile.sys

2009-10-20 12:08 . 2006-10-02 06:17 108592 ----a-w- c:\windows\system32\drivers\veteboot.sys

2009-10-20 12:08 . 2006-08-05 03:21 75280 ----a-w- c:\windows\system32\vetredir.dll

2009-10-20 12:07 . 2009-10-20 12:07 -------- d-----w- c:\documents and settings\All Users\Application Data\CA

2009-10-20 12:07 . 2009-10-20 12:07 -------- d-----w- c:\program files\CA

2009-10-15 01:32 . 2009-10-15 01:32 25088 ----a-w- C:\aons.exe

2009-10-14 04:48 . 2009-10-14 04:48 94643 ----a-w- c:\windows\system32\drivers\klick.dat

2009-10-14 04:48 . 2009-10-14 04:48 105395 ----a-w- c:\windows\system32\drivers\klin.dat

2009-10-14 04:47 . 2009-05-16 10:59 19472 ----a-w- c:\windows\system32\drivers\klmouflt.sys

2009-10-14 04:47 . 2008-12-15 10:41 33808 ----a-w- c:\windows\system32\drivers\klbg.sys

2009-10-14 04:47 . 2009-11-05 11:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab

2009-10-14 04:47 . 2009-10-14 04:47 -------- d-----w- c:\program files\Kaspersky Lab

2009-10-14 04:46 . 2009-10-14 04:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-06 09:42 . 2009-08-25 06:51 117760 ----a-w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2009-11-06 09:41 . 2009-03-12 06:04 -------- d-----w- c:\program files\DNA

2009-11-06 09:41 . 2009-03-12 06:04 -------- d-----w- c:\documents and settings\User\Application Data\DNA

2009-10-21 04:56 . 2009-08-11 04:32 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2009-10-16 09:19 . 2009-09-23 10:56 -------- d-----w- c:\program files\a-squared Free

2009-10-10 12:29 . 2009-03-09 05:55 92608 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-10-07 00:40 . 2009-08-21 13:11 272048 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2009-10-06 23:48 . 2009-05-19 08:29 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-10-05 23:30 . 2009-02-21 01:29 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop

2009-09-30 12:53 . 2009-06-08 08:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations

2009-09-30 12:52 . 2009-04-06 05:13 -------- d-----w- c:\program files\Nokia

2009-09-30 12:51 . 2009-06-08 09:51 -------- d-----w- c:\program files\Common Files\Nokia

2009-09-30 12:51 . 2009-09-30 12:51 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\Installer\CommonCustomActions\Sleep.exe

2009-09-30 12:51 . 2009-09-30 12:51 3351812 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\Installer\CommonCustomActions\msxml6Exec.exe

2009-09-30 12:51 . 2009-09-30 12:51 3181612 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\Installer\CommonCustomActions\vcredistExec.exe

2009-09-30 12:49 . 2009-09-30 12:51 24501456 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\NokiaSoftwareUpdaterSetup_1.7.3EN.exe

2009-09-30 03:47 . 2009-03-21 11:48 -------- d-----w- c:\program files\iMesh Applications

2009-09-30 03:46 . 2009-08-06 07:02 -------- d-----w- c:\program files\SweetIM

2009-09-17 00:14 . 2009-05-28 08:36 -------- d-----w- c:\program files\freestar

2009-09-16 06:20 . 2009-09-16 06:20 -------- d-----w- c:\program files\MagicDVDRipper

2009-09-16 02:52 . 2009-08-18 09:34 -------- d-----w- c:\program files\PCPitstop

2009-08-25 09:06 . 2009-05-12 02:26 5 ----a-w- c:\windows\system32\SySvideotompeg.dat

2009-08-25 06:47 . 2009-08-25 06:47 64 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\zzw44m2o.default\extensions\dvscontextmenuy@dvdvideosoft.com

2009-03-21 11:46 . 2009-03-21 11:46 10504864 ----a-w- c:\program files\iMeshV8.exe

2009-03-19 08:03 . 2009-03-19 08:03 3073749 ----a-w- c:\program files\Setup_MagicISO.exe

2009-03-09 06:03 . 2009-03-09 06:03 15727416 ----a-w- c:\program files\brico-pack-crystal-xp-crystalxp.net-en-117.zip

2009-03-09 05:49 . 2009-03-09 05:49 547496 ----a-w- c:\program files\ChromeSetup.exe

2007-09-13 05:51 . 2009-03-09 08:23 9679815 ----a-w- c:\program files\vlc-0.8.6c-win32.exe

.

 

(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

((((((((((((((((((((((((((((( SnapShot@2009-11-05_11.55.09 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-11-06 09:40 . 2009-11-06 09:40 16384 c:\windows\temp\Perflib_Perfdata_6e4.dat

+ 2009-11-06 09:40 . 2009-11-06 09:40 16384 c:\windows\temp\Perflib_Perfdata_48c.dat

+ 2009-11-06 09:41 . 2009-11-06 09:41 1536 c:\windows\temp\NEventMessages.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-09 133104]

"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-03-12 321344]

"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-05-18 1312256]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-08-05 1830128]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]

"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-21 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-21 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-21 137752]

"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-04-10 29757440]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-02-27 570664]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-23 33648]

"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-07 488984]

"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-07 774168]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-16 148888]

"Nokia FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2008-12-03 2372840]

"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-04-10 177680]

"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.8.0\QOELoader.exe" [2009-10-20 14352]

"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-04-10 230928]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]

"HitmanPro35"="c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2009-11-06 4877048]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-16 16806400]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\User\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-22 02:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\kasperskyantivirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymedia.exe"=

"c:\\Program Files\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymediaserver.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

 

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [21/10/2009 11:51 AM 114768]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/08/2009 5:06 PM 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/08/2009 5:06 PM 74480]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21/10/2009 11:51 AM 20560]

R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [21/10/2009 8:33 PM 11904]

R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/08/2009 5:06 PM 7408]

S2 TwonkyMedia;TwonkyMedia;c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 --> c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 [?]

S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [21/05/2009 9:08 PM 16512]

S3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [21/02/2009 10:43 AM 36864]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [21/02/2009 10:42 AM 222976]

S4 pcpitstop scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [16/09/2009 1:52 PM 77312]

 

--- Other Services/Drivers In Memory ---

 

*NewlyCreated* - ASWRDR

*NewlyCreated* - HITMANPRO35

*Deregistered* - mbr

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1aefa755-1862-11de-a4c2-002215bda82f}]

\shell\autorun\command - e:\recycler\autorun.exe

\shell\open\command - e:\recycler\autorun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3658855c-11b4-11de-a4ba-002215bda82f}]

\Shell\AutoRun\command - e:\autorun\AutoStart.exe

\Shell\Explore\Command - e:\autorun\AutoStart.exe

\Shell\Open\Command - e:\autorun\AutoStart.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{685c1991-12b7-11de-a4bb-002215bda82f}]

\Shell\AutoRun\command - e:\autorun\AutoStart.exe

\Shell\Explore\Command - e:\autorun\AutoStart.exe

\Shell\Open\Command - e:\autorun\AutoStart.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0843ee4-2d66-11de-a4df-002215bda82f}]

\Shell\AutoRun\command - e:\autorun\AutoStart.exe

\Shell\Explore\Command - e:\autorun\AutoStart.exe

\Shell\Open\Command - e:\autorun\AutoStart.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de2e0d80-4dab-11de-a50a-002215bda82f}]

\shell\autorun\command - e:\recycler\autorun.exe

\shell\open\command - e:\recycler\autorun.exe

.

Contents of the 'Scheduled Tasks' folder

 

2009-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-602162358-1801674531-1004Core.job

- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-09 05:49]

 

2009-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-602162358-1801674531-1004UA.job

- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-09 05:49]

 

2009-10-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-602162358-1801674531-500Core.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-21 07:50]

.

.

------- Supplementary Scan -------

.

mStart Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

LSP: c:\windows\system32\VetRedir.dll

Trusted Zone: clubbox.co.kr

DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll

FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\zzw44m2o.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=

FF - prefs.js: browser.search.selectedEngine - SweetIM Search

FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com

FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=

FF - component: c:\program files\Common Files\DVDVideoSoft\Dll\FFContextMenuY\components\FFContextMenu.dll

FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

.

- - - - ORPHANS REMOVED - - - -

 

URLSearchHooks-{C94E154B-1459-4A47-966B-4B843BEFC7DB} - (no file)

URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)

HKCU-Run-msnmsgr - ~c:\program files\Windows Live\Messenger\msnmsgr.exe

HKCU-Run-LogitechSetup - d:\setup\Setup.exe

HKCU-Run-AntiSpyware Service - c:\docume~1\User\LOCALS~1\Temp\oar7a.exe

HKCU-Run-WinUpdater AutoRun - c:\autoprotect\DrvMonitor.exe

HKCU-Run-Login Software 2009 - c:\docume~1\User\LOCALS~1\Temp\ie6nbzqfm.exe

HKCU-Run-12CFG214-K641-12SF-N85P - c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe

HKCU-Run-Windows Client - client.exe

AddRemove-BitTorrent - c:\program files\BitTorrent\uninst.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-11-06 20:41

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

msnmsgr = ~"c:\program files\Windows Live\Messenger\msnmsgr.exe" /background?

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(544)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

 

- - - - - - - > 'lsass.exe'(600)

c:\windows\system32\VetRedir.dll

c:\windows\system32\ISafeIf.dll

 

- - - - - - - > 'explorer.exe'(1184)

c:\program files\RocketDock\RocketDock.dll

c:\windows\system32\ntshrui.dll

c:\windows\system32\NETSHELL.dll

c:\windows\system32\credui.dll

c:\windows\system32\MSVCP60.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll

c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL

c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr

c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr

c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\docume~1\User\LOCALS~1\Temp\catchme.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Alwil Software\Avast4\aswUpdSv.exe

c:\program files\Alwil Software\Avast4\ashServ.exe

c:\program files\a-squared Free\a2service.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe

c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe

c:\program files\Alwil Software\Avast4\ashMaiSv.exe

c:\program files\Alwil Software\Avast4\ashWebSv.exe

c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe

c:\windows\system32\wscntfy.exe

c:\program files\PC Connectivity Solution\ServiceLayer.exe

c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe

c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe

c:\program files\Java\jre6\bin\jucheck.exe

c:\program files\CA\CA Internet Security Suite\ccupdate\CCUpdate.exe

c:\program files\CA\CA Internet Security Suite\ccprovsp.exe

c:\sdfix\apps\Cghtme.exe

.

**************************************************************************

.

Completion time: 2009-11-06 20:50 - machine was rebooted [user]

ComboFix-quarantined-files.txt 2009-11-06 09:50

ComboFix2.txt 2009-11-05 12:04

 

Pre-Run: 314,877,861,888 bytes free

Post-Run: 314,707,525,632 bytes free

Share this post


Link to post
Share on other sites

Hi,

 

You have several antivirus programs Avast, Kaspersky and CA, you need to remove two of them. Having more than one antivirus program causes system slow downs, conflicts and crashes.

 

Please do the following:

 

Please plug in your usb when you run this script. You appear to have an infection on your usb also.

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

 

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

 

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

 

http://forums.pcpitstop.com/index.php?showtopic=173630&pid=1633904&st=10

Collect::
C:\aons.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1aefa755-1862-11de-a4c2-002215bda82f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3658855c-11b4-11de-a4ba-002215bda82f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{685c1991-12b7-11de-a4bb-002215bda82f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0843ee4-2d66-11de-a4df-002215bda82f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de2e0d80-4dab-11de-a50a-002215bda82f}]

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

 

Here's how to do that:

 

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

 

Posted Image

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

 

 

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

  • Ensure you are connected to the internet and click OK on the message box.

 

NEXT

 

Please do this for all your usb drives:

 

Download Flash_Disinfector.exe from HERE and save it to your desktop.

  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Edited by CatByte

Share this post


Link to post
Share on other sites

ComboFix 09-11-04.05 - User 08/11/2009 20:43.7.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.2038.1255 [GMT 11:00]

Running from: c:\documents and settings\User\Desktop\CombaFix.exe

Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt

AV: avast! antivirus 4.8.1356 [VPS 091107-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

 

file zipped: C:\aons.exe

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\aons.exe

 

.

((((((((((((((((((((((((( Files Created from 2009-10-08 to 2009-11-08 )))))))))))))))))))))))))))))))

.

 

2009-11-08 05:03 . 2009-11-08 05:06 -------- d-----w- c:\windows\LastGood

2009-11-08 04:55 . 2009-11-08 04:55 -------- d-----w- c:\documents and settings\User\Application Data\Uniblue

2009-11-05 11:50 . 2009-11-05 12:04 -------- d-----w- C:\CombaFix17696C

2009-11-05 11:46 . 2009-11-05 11:47 -------- d-----w- C:\CombaFix17998C

2009-10-30 10:51 . 2009-10-30 10:56 -------- d-----w- C:\CombaFix12294C

2009-10-30 10:44 . 2009-10-30 10:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe

2009-10-25 04:32 . 2009-10-30 10:24 -------- d-----w- C:\CombaFix1202C

2009-10-25 03:42 . 2009-10-30 10:24 -------- d-----w- C:\CombaFix24855C

2009-10-25 02:57 . 2009-10-30 10:24 -------- d-----w- C:\CombaFix

2009-10-21 10:05 . 2009-10-21 10:05 -------- d-----w- c:\windows\ERUNT

2009-10-21 10:04 . 2009-11-06 09:54 -------- d-----w- C:\SDFix

2009-10-21 09:57 . 2009-10-21 09:57 12800 ----a-w- c:\windows\system32\bootdelete.exe

2009-10-21 09:33 . 2009-11-08 05:00 11904 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2009-10-21 09:33 . 2009-10-21 09:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro

2009-10-21 09:33 . 2009-10-21 09:33 -------- d-----w- c:\program files\Hitman Pro 3.5

2009-10-21 09:20 . 2009-10-21 09:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\Uniblue

2009-10-21 09:20 . 2009-10-21 09:20 -------- d-----w- c:\program files\Uniblue

2009-10-21 08:21 . 2009-10-21 08:21 -------- d-----w- C:\VundoFix Backups

2009-10-21 07:50 . 2009-10-21 07:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp

2009-10-21 07:50 . 2009-10-21 07:50 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google

2009-10-21 07:49 . 2009-10-21 07:50 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Deployment

2009-10-21 07:46 . 2009-10-21 07:46 92608 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-10-21 05:38 . 2009-10-21 07:43 -------- d-----w- c:\documents and settings\Administrator\Tracing

2009-10-21 04:47 . 2008-04-14 12:00 1033728 ------w- c:\windows\explorer.exe

2009-10-21 02:19 . 2009-10-21 08:08 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2009-10-21 02:16 . 2009-10-21 02:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com

2009-10-21 00:51 . 2009-09-15 09:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2009-10-21 00:51 . 2009-09-15 09:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2009-10-21 00:51 . 2009-09-15 09:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2009-10-21 00:51 . 2009-09-15 09:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2009-10-21 00:51 . 2009-09-15 09:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2009-10-21 00:51 . 2009-09-15 09:53 97480 ----a-w- c:\windows\system32\AvastSS.scr

2009-10-21 00:51 . 2009-09-15 09:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys

2009-10-21 00:51 . 2009-09-15 09:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2009-10-21 00:51 . 2009-09-15 09:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe

2009-10-21 00:51 . 2009-10-21 00:51 -------- d-----w- c:\program files\Alwil Software

2009-10-21 00:19 . 2009-10-21 00:19 -------- d-s---w- c:\documents and settings\Administrator\UserData

2009-10-20 12:09 . 2009-10-20 12:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-08 09:41 . 2009-03-12 06:04 -------- d-----w- c:\documents and settings\User\Application Data\DNA

2009-11-08 04:59 . 2009-08-25 06:51 117760 ----a-w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2009-11-08 04:58 . 2009-03-12 06:04 -------- d-----w- c:\program files\DNA

2009-11-08 00:19 . 2009-08-21 13:11 496328 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2009-11-06 12:32 . 2009-02-21 01:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-11-06 09:49 . 2009-10-20 12:08 26640 ----a-w- c:\windows\system32\drivers\Vet-Filt.1

2009-11-06 09:49 . 2009-10-20 12:08 21392 ----a-w- c:\windows\system32\drivers\Vet-Rec.1

2009-10-21 04:56 . 2009-08-11 04:32 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2009-10-16 09:19 . 2009-09-23 10:56 -------- d-----w- c:\program files\a-squared Free

2009-10-10 12:29 . 2009-03-09 05:55 92608 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-10-06 23:48 . 2009-05-19 08:29 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-10-05 23:30 . 2009-02-21 01:29 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop

2009-09-30 12:53 . 2009-06-08 08:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations

2009-09-30 12:52 . 2009-04-06 05:13 -------- d-----w- c:\program files\Nokia

2009-09-30 12:51 . 2009-06-08 09:51 -------- d-----w- c:\program files\Common Files\Nokia

2009-09-30 12:51 . 2009-09-30 12:51 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\Installer\CommonCustomActions\Sleep.exe

2009-09-30 12:51 . 2009-09-30 12:51 3351812 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\Installer\CommonCustomActions\msxml6Exec.exe

2009-09-30 12:51 . 2009-09-30 12:51 3181612 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\Installer\CommonCustomActions\vcredistExec.exe

2009-09-30 12:49 . 2009-09-30 12:51 24501456 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\NokiaSoftwareUpdaterSetup_1.7.3EN.exe

2009-09-30 03:47 . 2009-03-21 11:48 -------- d-----w- c:\program files\iMesh Applications

2009-09-30 03:46 . 2009-08-06 07:02 -------- d-----w- c:\program files\SweetIM

2009-09-25 05:37 . 2008-04-14 12:00 667136 ----a-w- c:\windows\system32\wininet.dll

2009-09-25 05:37 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll

2009-09-17 00:14 . 2009-05-28 08:36 -------- d-----w- c:\program files\freestar

2009-09-16 06:20 . 2009-09-16 06:20 -------- d-----w- c:\program files\MagicDVDRipper

2009-09-16 02:52 . 2009-08-18 09:34 -------- d-----w- c:\program files\PCPitstop

2009-09-11 14:18 . 2008-04-14 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-04 21:03 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll

2009-08-26 08:00 . 2008-04-14 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll

2009-08-25 09:06 . 2009-05-12 02:26 5 ----a-w- c:\windows\system32\SySvideotompeg.dat

2009-08-25 06:47 . 2009-08-25 06:47 64 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\zzw44m2o.default\extensions\dvscontextmenuy@dvdvideosoft.com

2009-08-17 12:33 . 2009-08-17 12:33 1193832 ----a-w- c:\windows\system32\FM20.DLL

2009-03-21 11:46 . 2009-03-21 11:46 10504864 ----a-w- c:\program files\iMeshV8.exe

2009-03-19 08:03 . 2009-03-19 08:03 3073749 ----a-w- c:\program files\Setup_MagicISO.exe

2009-03-09 06:03 . 2009-03-09 06:03 15727416 ----a-w- c:\program files\brico-pack-crystal-xp-crystalxp.net-en-117.zip

2009-03-09 05:49 . 2009-03-09 05:49 547496 ----a-w- c:\program files\ChromeSetup.exe

2007-09-13 05:51 . 2009-03-09 08:23 9679815 ----a-w- c:\program files\vlc-0.8.6c-win32.exe

.

 

((((((((((((((((((((((((((((( SnapShot@2009-11-05_11.55.09 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-11-08 04:58 . 2009-11-08 04:58 16384 c:\windows\temp\Perflib_Perfdata_dbc.dat

+ 2009-11-08 04:58 . 2009-11-08 04:58 16384 c:\windows\temp\Perflib_Perfdata_494.dat

+ 2008-10-16 03:09 . 2009-08-06 08:24 44768 c:\windows\system32\wups2.dll

+ 2009-02-20 23:19 . 2009-08-06 08:24 35552 c:\windows\system32\wups.dll

+ 2009-02-20 23:19 . 2009-08-06 08:24 53472 c:\windows\system32\wuauclt.exe

+ 2009-11-06 09:45 . 2009-08-06 08:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll

+ 2009-11-06 09:45 . 2009-08-06 08:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll

+ 2008-04-14 12:00 . 2009-11-06 12:35 69606 c:\windows\system32\perfc009.dat

+ 2009-02-20 23:19 . 2009-08-06 08:24 35552 c:\windows\system32\dllcache\wups.dll

+ 2009-02-20 23:19 . 2009-08-06 08:24 53472 c:\windows\system32\dllcache\wuauclt.exe

+ 2008-04-14 12:00 . 2009-09-04 21:03 58880 c:\windows\system32\dllcache\msasn1.dll

+ 2008-04-14 12:00 . 2009-09-25 05:37 81920 c:\windows\system32\dllcache\ieencode.dll

- 2008-04-14 12:00 . 2009-06-26 16:50 81920 c:\windows\system32\dllcache\ieencode.dll

+ 2008-04-14 12:00 . 2009-08-06 08:24 96480 c:\windows\system32\dllcache\cdm.dll

+ 2008-04-14 12:00 . 2009-08-06 08:24 96480 c:\windows\system32\cdm.dll

+ 2009-11-08 05:04 . 2009-05-16 10:59 19472 c:\windows\LastGood\system32\DRIVERS\klmouflt.sys

+ 2009-11-08 05:04 . 2008-12-15 10:41 33808 c:\windows\LastGood\system32\DRIVERS\klbg.sys

+ 2009-03-12 06:52 . 2009-11-06 12:32 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe

- 2009-03-12 06:52 . 2009-08-12 15:10 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe

- 2009-03-12 06:52 . 2009-08-12 15:10 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe

+ 2009-03-12 06:52 . 2009-11-06 12:32 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe

- 2009-03-12 06:52 . 2009-08-12 15:10 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe

+ 2009-03-12 06:52 . 2009-11-06 12:32 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe

+ 2006-10-26 11:58 . 2006-10-26 11:58 33080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VPREVIEW.EXE

+ 2009-11-08 09:09 . 2009-11-08 09:09 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\c1dc6dbdd2c50f2e6672881eadbab19b\WindowsLiveWriter.ni.exe

+ 2009-11-08 09:09 . 2009-11-08 09:09 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3154239f4e03d51fdc12de103957babc\WindowsLive.Writer.Api.ni.dll

+ 2009-11-08 00:03 . 2009-11-08 00:03 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\b4a9e413d5cd6d6ec2d50aa05381e293\UIAutomationProvider.ni.dll

+ 2009-11-08 09:11 . 2009-11-08 09:11 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\8acb476a0d4ee17a12881e17ae74a6af\System.Windows.Presentation.ni.dll

+ 2009-11-08 09:11 . 2009-11-08 09:11 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b87ca3482a3c0ee733e028ecee7de65\System.Web.DynamicData.Design.ni.dll

+ 2009-11-08 09:10 . 2009-11-08 09:10 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\a0c71055364bd356971791284c3fb910\System.ComponentModel.DataAnnotations.ni.dll

+ 2009-11-08 09:10 . 2009-11-08 09:10 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f9a75bbdc2ce7db578b5977766a09b99\System.AddIn.Contract.ni.dll

+ 2009-11-08 00:01 . 2009-11-08 00:01 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3dd0f86c966c75755d62eab8ddf0634c\PresentationFontCache.ni.exe

+ 2009-11-08 00:01 . 2009-11-08 00:01 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\034d081fe294bab1ee1ecc98c1181424\PresentationCFFRasterizer.ni.dll

+ 2009-11-08 09:10 . 2009-11-08 09:10 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2673aec397c52796aef05bb9d2668df\Microsoft.Vsa.ni.dll

+ 2009-11-08 09:09 . 2009-11-08 09:09 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\1ded203bd27031c3a5e3441f94b528c0\Microsoft.VisualC.ni.dll

+ 2009-11-08 09:10 . 2009-11-08 09:10 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\d513fe1a81c441e7656a9b062cff4e9f\Microsoft.Build.Framework.ni.dll

+ 2009-11-08 09:10 . 2009-11-08 09:10 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\c5d504724d7f351b1d034615dbb72a2a\Microsoft.Build.Framework.ni.dll

+ 2009-11-08 09:09 . 2009-11-08 09:09 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a664ccab020f93f1d533919f57131190\dfsvc.ni.exe

+ 2009-11-08 08:41 . 2009-11-08 08:41 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\e63d6d26b8a664cfdfbd4ad75e03c14d\Accessibility.ni.dll

- 2009-08-21 09:01 . 2009-08-21 09:01 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

+ 2009-11-06 12:34 . 2009-11-06 12:34 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

+ 2009-11-06 12:34 . 2009-11-06 12:34 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

- 2009-08-21 09:01 . 2009-08-21 09:01 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

- 2009-08-21 09:01 . 2009-08-21 09:01 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

+ 2009-11-06 12:35 . 2009-11-06 12:35 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

+ 2009-11-06 12:34 . 2009-11-06 12:34 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

- 2009-08-21 09:01 . 2009-08-21 09:01 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

- 2009-08-21 09:01 . 2009-08-21 09:01 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2009-11-06 12:34 . 2009-11-06 12:34 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2009-11-06 12:34 . 2009-11-06 12:34 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

- 2009-08-21 09:01 . 2009-08-21 09:01 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

+ 2009-11-06 12:34 . 2009-11-06 12:34 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

- 2009-08-21 09:01 . 2009-08-21 09:01 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

+ 2009-11-06 12:34 . 2009-11-06 12:34 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

- 2009-08-21 09:01 . 2009-08-21 09:01 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

+ 2009-11-06 12:34 . 2009-11-06 12:34 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

- 2009-08-21 09:01 . 2009-08-21 09:01 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

+ 2009-11-06 12:34 . 2009-11-06 12:34 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

- 2009-08-21 09:01 . 2009-08-21 09:01 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

- 2009-08-21 09:01 . 2009-08-21 09:01 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

+ 2009-11-06 12:34 . 2009-11-06 12:34 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

+ 2009-11-06 12:34 . 2009-11-06 12:34 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

- 2009-08-21 09:01 . 2009-08-21 09:01 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

- 2009-08-21 09:01 . 2009-08-21 09:01 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2009-11-06 12:34 . 2009-11-06 12:34 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2009-11-06 12:34 . 2009-11-06 12:34 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

- 2009-08-21 09:01 . 2009-08-21 09:01 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

+ 2009-11-06 12:34 . 2009-11-06 12:34 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

- 2009-08-21 09:01 . 2009-08-21 09:01 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

+ 2009-11-06 12:35 . 2009-11-06 12:35 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

- 2009-08-21 09:01 . 2009-08-21 09:01 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

- 2009-08-21 09:01 . 2009-08-21 09:01 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

+ 2009-11-06 12:34 . 2009-11-06 12:34 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

+ 2009-11-06 12:34 . 2009-11-06 12:34 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

- 2009-08-21 09:01 . 2009-08-21 09:01 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

- 2009-08-21 09:01 . 2009-08-21 09:01 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

+ 2009-11-06 12:34 . 2009-11-06 12:34 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

+ 2009-11-06 12:34 . 2009-11-06 12:34 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

- 2009-08-21 09:01 . 2009-08-21 09:01 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

+ 2009-02-20 23:19 . 2009-08-06 08:24 209632 c:\windows\system32\wuweb.dll

+ 2009-02-20 23:19 . 2009-08-06 08:24 327896 c:\windows\system32\wucltui.dll

+ 2009-02-20 23:19 . 2009-08-06 08:23 575704 c:\windows\system32\wuapi.dll

+ 2008-04-14 12:00 . 2009-04-01 12:02 604160 c:\windows\system32\wmspdmod.dll

+ 2008-04-14 12:00 . 2009-09-25 05:37 627712 c:\windows\system32\urlmon.dll

+ 2008-04-14 12:00 . 2009-11-06 12:35 437718 c:\windows\system32\perfh009.dat

+ 2009-03-12 06:54 . 2009-08-06 08:23 215920 c:\windows\system32\muweb.dll

+ 2009-03-12 06:54 . 2009-08-06 08:23 274288 c:\windows\system32\mucltui.dll

+ 2008-04-14 12:00 . 2009-08-13 15:16 512000 c:\windows\system32\jscript.dll

- 2008-04-14 12:00 . 2008-05-09 10:53 512000 c:\windows\system32\jscript.dll

+ 2009-02-20 23:19 . 2009-08-06 08:24 209632 c:\windows\system32\dllcache\wuweb.dll

+ 2009-02-20 23:19 . 2009-08-06 08:24 327896 c:\windows\system32\dllcache\wucltui.dll

+ 2009-02-20 23:19 . 2009-08-06 08:23 575704 c:\windows\system32\dllcache\wuapi.dll

+ 2008-04-14 12:00 . 2009-04-01 12:02 604160 c:\windows\system32\dllcache\wmspdmod.dll

+ 2008-04-14 12:00 . 2009-09-25 05:37 667136 c:\windows\system32\dllcache\wininet.dll

+ 2008-04-14 12:00 . 2009-09-25 05:37 627712 c:\windows\system32\dllcache\urlmon.dll

+ 2009-02-20 23:19 . 2009-06-21 21:44 153088 c:\windows\system32\dllcache\triedit.dll

- 2009-02-20 23:19 . 2008-04-14 12:00 153088 c:\windows\system32\dllcache\triedit.dll

+ 2008-04-14 12:00 . 2009-08-26 08:00 247326 c:\windows\system32\dllcache\strmdll.dll

- 2008-04-14 12:00 . 2008-10-03 10:02 247326 c:\windows\system32\dllcache\strmdll.dll

- 2008-04-14 12:00 . 2009-06-25 08:25 136192 c:\windows\system32\dllcache\msv1_0.dll

+ 2008-04-14 12:00 . 2009-09-11 14:18 136192 c:\windows\system32\dllcache\msv1_0.dll

- 2008-04-14 12:00 . 2008-05-09 10:53 512000 c:\windows\system32\dllcache\jscript.dll

+ 2008-04-14 12:00 . 2009-08-13 15:16 512000 c:\windows\system32\dllcache\jscript.dll

+ 2009-08-07 12:51 . 2009-08-07 12:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll

+ 2009-11-08 05:03 . 2008-10-16 03:06 208744 c:\windows\LastGood\system32\muweb.dll

+ 2009-11-08 05:03 . 2008-10-16 03:06 268648 c:\windows\LastGood\system32\mucltui.dll

+ 2009-11-08 05:05 . 2009-09-17 01:53 296976 c:\windows\LastGood\system32\DRIVERS\klif.sys

+ 2009-03-20 00:48 . 2009-03-20 00:48 183808 c:\windows\Installer\9c6f54.msp

+ 2009-03-12 06:52 . 2009-11-06 12:32 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe

- 2009-03-12 06:52 . 2009-08-12 15:10 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe

- 2009-03-12 06:52 . 2009-08-12 15:10 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe

+ 2009-03-12 06:52 . 2009-11-06 12:32 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe

- 2009-03-12 06:52 . 2009-08-12 15:10 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe

+ 2009-03-12 06:52 . 2009-11-06 12:32 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe

- 2009-03-12 06:52 . 2009-08-12 15:10 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe

+ 2009-03-12 06:52 . 2009-11-06 12:32 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe

+ 2009-03-12 06:52 . 2009-11-06 12:32 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe

- 2009-03-12 06:52 . 2009-08-12 15:10 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe

- 2009-03-12 06:52 . 2009-08-12 15:10 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe

+ 2009-03-12 06:52 . 2009-11-06 12:32 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe

+ 2009-03-12 06:52 . 2009-11-06 12:32 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe

- 2009-03-12 06:52 . 2009-08-12 15:10 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe

+ 2009-11-08 09:10 . 2009-11-08 09:10 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\e2098e43d115155d6ba91ba3a7e577cf\WsatConfig.ni.exe

+ 2009-11-08 09:09 . 2009-11-08 09:09 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\a9f622a002ec8f497bd1a9d7a15bc3cc\WindowsLiveLocal.WriterPlugin.ni.dll

+ 2009-11-08 09:09 . 2009-11-08 09:09 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\fe4b83365bea555b61ad18a44c82bc5f\WindowsLive.Writer.Localization.ni.dll

+ 2009-11-08 09:09 . 2009-11-08 09:09 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f91af7a087fa0fd79c6813e89bdca8e2\WindowsLive.Writer.Extensibility.ni.dll

+ 2009-11-08 09:09 . 2009-11-08 09:09 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d3f86b9030219e29458c632c9b3607b6\WindowsLive.Writer.FileDestinations.ni.dll

+ 2009-11-08 09:09 . 2009-11-08 09:09 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a9f89cb4fd6fbbf97ced86cbc4ede684\WindowsLive.Writer.Instrumentation.ni.dll

+ 2009-11-08 09:09 . 2009-11-08 09:09 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\921543e46eaefd342cba979efe010eea\WindowsLive.Writer.HtmlEditor.ni.dll

+ 2009-11-08 09:09 . 2009-11-08 09:09 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\72a19b44bac1535f419f588a5d27a120\WindowsLive.Writer.Passport.ni.dll

+ 2009-11-08 09:09 . 2009-11-08 09:09 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6ef81f4842909219ba4bf7765e1a6945\WindowsLive.Writer.BlogClient.ni.dll

+ 2009-11-08 09:09 . 2009-11-08 09:09 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\586aec89f41e693a45782661f56434c7\WindowsLive.Writer.Interop.ni.dll

+ 2009-11-08 09:09 . 2009-11-08 09:09 313856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\551d4211cde9574615ad847741667699\WindowsLive.Writer.Interop.SHDocVw.ni.dll

+ 2009-11-08 09:09 . 2009-11-08 09:09 334848 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3cc2fb9f57b84e39eb26207a4b424c3b\WindowsLive.Writer.Interop.Mshtml.ni.dll

+ 2009-11-08 09:09 . 2009-11-08 09:09 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\287c1754962c0328b9e4def098e0561b\WindowsLive.Writer.Controls.ni.dll

+ 2009-11-08 09:09 . 2009-11-08 09:09 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1e534e26d4e0252375680a6cb5403809\WindowsLive.Writer.HtmlParser.ni.dll

+ 2009-11-08 09:09 . 2009-11-08 09:09 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1978e7abc502d3514b61823ef1583156\WindowsLive.Writer.BrowserControl.ni.dll

+ 2009-11-08 09:09 . 2009-11-08 09:09 322048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0fc99e925062511881d9d6b53810ca4f\WindowsLive.Writer.SpellChecker.ni.dll

+ 2009-11-08 09:09 . 2009-11-08 09:09 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0167de94f26ba25b7d149efa7fb9a1d0\WindowsLive.Writer.Mshtml.ni.dll

+ 2009-11-08 09:09 . 2009-11-08 09:09 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\2bab3cb51d4d8c18755aa271d7d54403\WindowsLive.Client.ni.dll

+ 2009-11-08 00:03 . 2009-11-08 00:03 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\bf92bc207f927cbbd6dfc9dc0c3eae68\WindowsFormsIntegration.ni.dll

+ 2009-11-08 00:03 . 2009-11-08 00:03 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\6f488b7644dc50a083868e91a4014466\UIAutomationTypes.ni.dll

+ 2009-11-08 00:03 . 2009-11-08 00:03 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\c2fbf25609b704061a93500efa6f241d\UIAutomationClient.ni.dll

+ 2009-11-08 09:11 . 2009-11-08 09:11 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\eb23b78564687badff1bd1f1d0a0ec97\System.Xml.Linq.ni.dll

+ 2009-11-08 09:11 . 2009-11-08 09:11 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\e7666364bf9f3ba5f4833c9efedd8218\System.Web.Routing.ni.dll

+ 2009-11-08 09:09 . 2009-11-08 09:09 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5f1b8791e6c47e5bd5e7018c346c586\System.Web.RegularExpressions.ni.dll

+ 2009-11-08 09:11 . 2009-11-08 09:11 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\884eacddf339b8b342f66aedff5f8ef9\System.Web.Extensions.Design.ni.dll

+ 2009-11-08 09:11 . 2009-11-08 09:11 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\9e199645bd26f1afe58ebe185d1e7f0f\System.Web.Entity.ni.dll

+ 2009-11-08 09:11 . 2009-11-08 09:11 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\652017ebe962ab2eb271c2524f31cd61\System.Web.Entity.Design.ni.dll

+ 2009-11-08 09:11 . 2009-11-08 09:11 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\d0070c1c1a642ae30394e00bc0d82336\System.Web.DynamicData.ni.dll

+ 2009-11-08 09:11 . 2009-11-08 09:11 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\1896753d02d146be1988d32241300f51\System.Web.Abstractions.ni.dll

+ 2009-11-08 09:09 . 2009-11-08 09:09 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\408e637346ef628a3f54fb1b9b83ac9f\System.Transactions.ni.dll

+ 2009-11-08 09:09 . 2009-11-08 09:09 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\1f61bccb700d687775cf778dd77752e9\System.ServiceProcess.ni.dll

+ 2009-11-08 09:09 . 2009-11-08 09:09 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\a9e9b885a6601469c4058375cc74d856\System.Security.ni.dll

+ 2009-11-08 09:09 . 2009-11-08 09:09 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9bc34a79af9c3ed2cf17a0226c769b4c\System.Runtime.Serialization.Formatters.Soap.ni.dll

+ 2009-11-08 09:09 . 2009-11-08 09:09 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\af21e3011fb4e107b13ea5c40c351ec4\System.Runtime.Remoting.ni.dll

+ 2009-11-08 09:10 . 2009-11-08 09:10 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\5f74a84e9d28c2332c51f6e30da0e125\System.Net.ni.dll

+ 2009-11-08 09:10 . 2009-11-08 09:10 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\2c208e4c5521f31057ea7d6e93c6a567\System.Management.ni.dll

+ 2009-11-08 09:10 . 2009-11-08 09:10 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\818b20a7c6f3b2fe97bf008ca24080c1\System.Management.Instrumentation.ni.dll

+ 2009-11-08 09:08 . 2009-11-08 09:08 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\6c273eb9d1ee8b66b5ecb073de4b785d\System.IO.Log.ni.dll

+ 2009-11-08 09:08 . 2009-11-08 09:08 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\7222db518afb4eaaa138824278249bc7\System.IdentityModel.Selectors.ni.dll

+ 2009-11-08 09:09 . 2009-11-08 09:09 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.Wrapper.dll

+ 2009-11-08 09:09 . 2009-11-08 09:09 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.ni.dll

+ 2009-11-08 00:02 . 2009-11-08 00:02 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\ca6d7208c0fb72ff97429f2636ced321\System.Drawing.Design.ni.dll

+ 2009-11-08 09:10 . 2009-11-08 09:10 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c92fc19800e701c90f90ab7a2ab44c47\System.DirectoryServices.AccountManagement.ni.dll

+ 2009-11-08 09:09 . 2009-11-08 09:09 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\a601f47a98ee67df424685c9a66ea449\System.DirectoryServices.Protocols.ni.dll

+ 2009-11-08 09:10 . 2009-11-08 09:10 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\b91b44015859163646f210d284f7166a\System.Data.Services.Client.ni.dll

+ 2009-11-08 09:10 . 2009-11-08 09:10 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1b35297e07b85071daecdb06f96750a1\System.Data.Services.Design.ni.dll

+ 2009-11-08 09:10 . 2009-11-08 09:10 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\cf906bf9146d1f0013451ec63b58e064\System.Data.Entity.Design.ni.dll

+ 2009-11-08 09:10 . 2009-11-08 09:10 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4ff4134b0d490c090e03d74e104517c4\System.Data.DataSetExtensions.ni.dll

+ 2009-11-08 09:09 . 2009-11-08 09:09 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7c743462baccf29b3567b0e3ec9ac134\System.Configuration.ni.dll

+ 2009-11-08 09:09 . 2009-11-08 09:09 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\443e3a85c491b2de4a2ac654cb957484\System.Configuration.Install.ni.dll

+ 2009-11-08 09:10 . 2009-11-08 09:10 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\cba35f47925431a54d0e6ae147a292f1\System.AddIn.ni.dll

+ 2009-11-08 09:10 . 2009-11-08 09:10 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6af32fe5cbec0aa54e2efa6910c73651\SMSvcHost.ni.exe

+ 2009-11-08 09:09 . 2009-11-08 09:09 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\7602d7687fb9bd21cd9ae60d2b187c99\SMDiagnostics.ni.dll

+ 2009-11-08 09:09 . 2009-11-08 09:09 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a23dc25782df04533a13e348203e4dc5\ServiceModelReg.ni.exe

+ 2009-11-08 00:02 . 2009-11-08 00:02 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96f74da5fc40b92f09069230bc0df4f0\PresentationFramework.Royale.ni.dll

+ 2009-11-08 00:02 . 2009-11-08 00:02 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bb4d16b042b72c2c85a0f8ac9d48f28\PresentationFramework.Luna.ni.dll

+ 2009-11-08 00:02 . 2009-11-08 00:02 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\30c5c2682d3c5bdaa83bb9a36ee48afa\PresentationFramework.Aero.ni.dll

+ 2009-11-08 00:02 . 2009-11-08 00:02 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07e952efd70f5608e221a008e6231ace\PresentationFramework.Classic.ni.dll

+ 2009-11-08 09:10 . 2009-11-08 09:10 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\eade8c1c9c1e8e5ffb50e6c9b9af0f6a\MSBuild.ni.exe

+ 2009-11-08 09:09 . 2009-11-08 09:09 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fc4d66e0a92b3767006a84f2519d2457\Microsoft.Transactions.Bridge.Dtc.ni.dll

+ 2009-11-08 09:10 . 2009-11-08 09:10 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\58ca3ecc52b7246b448c109817198a0b\Microsoft.Build.Utilities.ni.dll

+ 2009-11-08 09:10 . 2009-11-08 09:10 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4dd43724dd92026577c6f588270137a0\Microsoft.Build.Utilities.v3.5.ni.dll

+ 2009-11-08 09:10 . 2009-11-08 09:10 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\8c651f75bb741330370986dcad8e9e5b\Microsoft.Build.Engine.ni.dll

+ 2009-11-08 09:10 . 2009-11-08 09:10 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\a6dcbae619ccd938bfe808c54d6d3ae0\Microsoft.Build.Conversion.v3.5.ni.dll

+ 2009-11-08 09:10 . 2009-11-08 09:10 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\77688ce14f221ed94a9f442ae4736123\CustomMarshalers.ni.dll

+ 2009-11-08 09:09 . 2009-11-08 09:09 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a17c65f0cffaa4f792dd38d50df9d526\ComSvcConfig.ni.exe

+ 2009-11-08 08:41 . 2009-11-08 08:41 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\85d7c111956b478766d90625b35d963f\AspNetMMCExt.ni.dll

- 2009-08-21 09:01 . 2009-08-21 09:01 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

+ 2009-11-06 12:34 . 2009-11-06 12:34 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

- 2009-08-21 09:01 . 2009-08-21 09:01 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

+ 2009-11-06 12:34 . 2009-11-06 12:34 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

+ 2009-11-06 12:34 . 2009-11-06 12:34 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

- 2009-08-21 09:01 . 2009-08-21 09:01 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

- 2009-08-21 09:01 . 2009-08-21 09:01 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

+ 2009-11-06 12:34 . 2009-11-06 12:34 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

+ 2009-11-06 12:34 . 2009-11-06 12:34 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

- 2009-08-21 09:01 . 2009-08-21 09:01 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

+ 2009-11-06 12:34 . 2009-11-06 12:34 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

- 2009-08-21 09:01 . 2009-08-21 09:01 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

+ 2009-11-06 12:34 . 2009-11-06 12:34 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

- 2009-08-21 09:01 . 2009-08-21 09:01 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

- 2009-08-21 09:01 . 2009-08-21 09:01 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

+ 2009-11-06 12:34 . 2009-11-06 12:34 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

+ 2009-11-06 12:34 . 2009-11-06 12:34 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

- 2009-08-21 09:01 . 2009-08-21 09:01 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

+ 2009-11-06 12:34 . 2009-11-06 12:34 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

- 2009-08-21 09:01 . 2009-08-21 09:01 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

+ 2009-11-06 12:34 . 2009-11-06 12:34 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

- 2009-08-21 09:01 . 2009-08-21 09:01 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

+ 2009-11-06 12:35 . 2009-11-06 12:35 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

- 2009-08-21 09:01 . 2009-08-21 09:01 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

- 2009-08-21 09:01 . 2009-08-21 09:01 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

+ 2009-11-06 12:35 . 2009-11-06 12:35 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

- 2009-08-21 09:01 . 2009-08-21 09:01 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

+ 2009-11-06 12:35 . 2009-11-06 12:35 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

+ 2009-11-06 12:35 . 2009-11-06 12:35 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

- 2009-08-21 09:01 . 2009-08-21 09:01 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

- 2009-08-21 09:01 . 2009-08-21 09:01 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

+ 2009-11-06 12:34 . 2009-11-06 12:34 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

+ 2009-11-06 12:34 . 2009-11-06 12:34 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

- 2009-08-21 09:01 . 2009-08-21 09:01 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

- 2009-08-21 09:01 . 2009-08-21 09:01 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

+ 2009-11-06 12:34 . 2009-11-06 12:34 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

- 2009-08-21 09:01 . 2009-08-21 09:01 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2009-11-06 12:34 . 2009-11-06 12:34 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

- 2009-08-21 09:01 . 2009-08-21 09:01 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

+ 2009-11-06 12:34 . 2009-11-06 12:34 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

+ 2009-11-06 12:34 . 2009-11-06 12:34 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

- 2009-08-21 09:01 . 2009-08-21 09:01 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

+ 2009-11-06 12:34 . 2009-11-06 12:34 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

- 2009-08-21 09:01 . 2009-08-21 09:01 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

- 2009-08-21 09:01 . 2009-08-21 09:01 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

+ 2009-11-06 12:34 . 2009-11-06 12:34 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

+ 2009-11-06 12:34 . 2009-11-06 12:34 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

- 2009-08-21 09:01 . 2009-08-21 09:01 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

- 2009-08-21 09:01 . 2009-08-21 09:01 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

+ 2009-11-06 12:34 . 2009-11-06 12:34 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

+ 2009-11-06 12:35 . 2009-11-06 12:35 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

- 2009-08-21 09:01 . 2009-08-21 09:01 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

+ 2009-11-06 09:54 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll

+ 2009-02-20 23:19 . 2009-08-06 08:23 1929952 c:\windows\system32\wuaueng.dll

- 2008-04-14 12:00 . 2008-06-17 19:03 2458112 c:\windows\system32\WMVCore.dll

+ 2008-04-14 12:00 . 2009-05-19 17:56 2458112 c:\windows\system32\WMVCore.dll

+ 2008-04-14 12:00 . 2009-09-25 05:37 1509888 c:\windows\system32\shdocvw.dll

- 2008-04-14 12:00 . 2009-07-18 16:05 1509888 c:\windows\system32\shdocvw.dll

- 2008-04-14 12:00 . 2008-04-14 12:00 1435648 c:\windows\system32\query.dll

+ 2008-04-14 12:00 . 2009-07-17 16:22 1435648 c:\windows\system32\query.dll

+ 2008-04-14 12:00 . 2009-08-04 15:13 2145280 c:\windows\system32\ntoskrnl.exe

- 2008-04-14 12:00 . 2009-02-06 11:06 2145280 c:\windows\system32\ntoskrnl.exe

- 2008-04-14 00:01 . 2009-02-06 10:32 2023936 c:\windows\system32\ntkrnlpa.exe

+ 2008-04-14 00:01 . 2009-08-04 14:20 2023936 c:\windows\system32\ntkrnlpa.exe

+ 2008-04-14 12:00 . 2009-09-25 05:37 3070976 c:\windows\system32\mshtml.dll

+ 2009-02-20 23:19 . 2009-08-06 08:23 1929952 c:\windows\system32\dllcache\wuaueng.dll

+ 2008-04-14 12:00 . 2009-05-19 17:56 2458112 c:\windows\system32\dllcache\WMVCore.dll

- 2008-04-14 12:00 . 2008-06-17 19:03 2458112 c:\windows\system32\dllcache\WMVCore.dll

- 2008-04-14 12:00 . 2009-07-18 16:05 1509888 c:\windows\system32\dllcache\shdocvw.dll

+ 2008-04-14 12:00 . 2009-09-25 05:37 1509888 c:\windows\system32\dllcache\shdocvw.dll

- 2008-04-14 12:00 . 2008-04-14 12:00 1435648 c:\windows\system32\dllcache\query.dll

+ 2008-04-14 12:00 . 2009-07-17 16:22 1435648 c:\windows\system32\dllcache\query.dll

+ 2009-03-09 05:47 . 2009-08-04 09:44 2189184 c:\windows\system32\dllcache\ntoskrnl.exe

+ 2009-03-09 05:47 . 2009-08-04 14:20 2023936 c:\windows\system32\dllcache\ntkrpamp.exe

- 2009-03-09 05:47 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\ntkrpamp.exe

- 2009-03-09 05:47 . 2009-02-07 09:02 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe

+ 2009-03-09 05:47 . 2009-08-04 14:20 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe

- 2009-03-09 05:47 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe

+ 2009-03-09 05:47 . 2009-08-04 15:13 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe

+ 2008-04-14 12:00 . 2009-09-25 05:37 3070976 c:\windows\system32\dllcache\mshtml.dll

+ 2009-08-07 12:51 . 2009-08-07 12:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

+ 2009-08-07 12:51 . 2009-08-07 12:51 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll

- 2008-11-24 18:59 . 2008-11-24 18:59 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll

+ 2009-08-04 20:49 . 2009-08-04 20:49 3457024 c:\windows\Installer\9c6f4a.msp

+ 2009-07-26 17:31 . 2009-07-26 17:31 3738624 c:\windows\Installer\9c6f32.msp

+ 2009-09-17 22:30 . 2009-09-17 22:30 5016576 c:\windows\Installer\9c6f1c.msp

+ 2009-08-18 02:08 . 2009-08-18 02:08 1373696 c:\windows\Installer\9c6f06.msp

- 2009-03-12 06:52 . 2009-08-12 15:10 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe

+ 2009-03-12 06:52 . 2009-11-06 12:32 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe

+ 2009-03-12 06:52 . 2009-11-06 12:32 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe

- 2009-03-12 06:52 . 2009-08-12 15:10 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe

+ 2007-08-23 20:10 . 2007-08-23 20:10 3735424 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\VVIEWER.DLL

+ 2007-08-23 20:10 . 2007-08-23 20:10 1846160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\VVIEWDWG.DLL

+ 2007-08-22 14:03 . 2007-08-22 14:03 1195888 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\FM20.DLL

+ 2009-03-09 05:47 . 2009-08-04 09:44 2189184 c:\windows\Driver Cache\i386\ntoskrnl.exe

- 2009-03-09 05:47 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe

+ 2009-03-09 05:47 . 2009-08-04 14:20 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe

- 2009-03-09 05:47 . 2009-02-07 09:02 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe

+ 2009-03-09 05:47 . 2009-08-04 14:20 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe

+ 2009-03-09 05:47 . 2009-08-04 15:13 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe

- 2009-03-09 05:47 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe

+ 2009-11-08 09:09 . 2009-11-08 09:09 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ae4a3cefdeb4b2fbdb05fd56d01dc8f0\WindowsLive.Writer.PostEditor.ni.dll

+ 2009-11-08 09:09 . 2009-11-08 09:09 1105920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\9825bbe6bf20ebcda60cefe422eede2c\WindowsLive.Writer.ApplicationFramework.ni.dll

+ 2009-11-08 09:09 . 2009-11-08 09:09 2002432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\376ae72881aea66d17b2e2b7ea3e93f3\WindowsLive.Writer.CoreServices.ni.dll

+ 2009-11-08 00:01 . 2009-11-08 00:01 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\204d6e5b335134f23ca37638b9227ecf\WindowsBase.ni.dll

+ 2009-11-08 00:03 . 2009-11-08 00:03 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\0f2ed6a204eb13841e99b77025464afc\UIAutomationClientsideProviders.ni.dll

+ 2009-11-08 00:01 . 2009-11-08 00:01 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\System\3de5bd01124463d7862bd173af90bc83\System.ni.dll

+ 2009-11-08 00:03 . 2009-11-08 00:03 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5913d3f81e77194ec833991b1047a532\System.Xml.ni.dll

+ 2009-11-08 09:11 . 2009-11-08 09:11 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\fa48917b13629d8effa80dd4a2f2973d\System.WorkflowServices.ni.dll

+ 2009-11-08 09:11 . 2009-11-08 09:11 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6fe66ee6f3c81996bc148f1ebe7ec030\System.Workflow.Runtime.ni.dll

+ 2009-11-08 09:11 . 2009-11-08 09:11 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\9d0b61f2f1ebdc300bd970f594c422ef\System.Workflow.ComponentModel.ni.dll

+ 2009-11-08 09:11 . 2009-11-08 09:11 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\65328898148a720d394f802f192fc2a0\System.Workflow.Activities.ni.dll

+ 2009-11-08 09:09 . 2009-11-08 09:09 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\ea07ac791bb5cb9f83679e3dd1a0c0cc\System.Web.Services.ni.dll

+ 2009-11-08 09:11 . 2009-11-08 09:11 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\29e2f8b1fb691ced973acf49fcee6ec1\System.Web.Mobile.ni.dll

+ 2009-11-08 09:11 . 2009-11-08 09:11 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\981dea02bc63c0c083e335adf9018788\System.Web.Extensions.ni.dll

+ 2009-11-08 00:02 . 2009-11-08 00:02 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\99594bae1d022502925f5b9dfcdaae9a\System.Speech.ni.dll

+ 2009-11-08 09:10 . 2009-11-08 09:10 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\e182695d05ea57257568bc5f3208aca7\System.ServiceModel.Web.ni.dl

Share this post


Link to post
Share on other sites

hi, much of that log was cut off, you may need to post it over several posts:

 

Please do the following as well:

 

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

 

 

NEXT

 

Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

 

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:

  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.

Please be patient as this can take quite a long time to download.

  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.

     

    Posted Image

  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

Share this post


Link to post
Share on other sites

Hi Catbyte,

 

I have 3 mbam logs from the first time I tried scanning through just in case you need it cos I've only just completed the kaspersky one.

 

Malwarebytes' Anti-Malware 1.41

Database version: 2775

Windows 5.1.2600 Service Pack 3

 

9/11/2009 10:47:46 PM

mbam-log-2009-11-09 (22-47-46).txt

 

Scan type: Quick Scan

Objects scanned: 111472

Time elapsed: 3 minute(s), 12 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows client (Backdoor.Bot) -> Quarantined and deleted successfully.

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

 

 

 

 

Malwarebytes' Anti-Malware 1.41

Database version: 3145

Windows 5.1.2600 Service Pack 3

 

11/11/2009 9:26:29 PM

mbam-log-2009-11-11 (21-26-29).txt

 

Scan type: Quick Scan

Objects scanned: 121742

Time elapsed: 3 minute(s), 32 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ba603215-23f2-42ad-f4e4-00aac39caa53} (Trojan.Ertfor) -> Quarantined and deleted successfully.

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

Share this post


Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.41

Database version: 3153

Windows 5.1.2600 Service Pack 3

 

12/11/2009 8:05:21 PM

mbam-log-2009-11-12 (20-05-21).txt

 

Scan type: Quick Scan

Objects scanned: 123736

Time elapsed: 3 minute(s), 39 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

 

 

 

 

Kaspersky scan:

 

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Thursday, November 12, 2009

Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Thursday, November 12, 2009 09:36:34

Records in database: 3194503

--------------------------------------------------------------------------------

 

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

 

Scan area - My Computer:

A:\

C:\

D:\

 

Scan statistics:

Objects scanned: 152262

Threats found: 6

Infected objects found: 18

Suspicious objects found: 0

Scan duration: 02:23:59

 

 

File name / Threat / Threats count

C:\Program Files\Alwil Software\Avast4\DATA\moved\111.exe.vir Infected: Trojan-Downloader.Win32.FraudLoad.wtgt 1

C:\Program Files\Alwil Software\Avast4\DATA\moved\140.exe.vir Infected: Trojan-Downloader.Win32.FraudLoad.wtgt 1

C:\Program Files\Alwil Software\Avast4\DATA\moved\180.exe.vir Infected: Trojan-Downloader.Win32.FraudLoad.wtgt 1

C:\Program Files\Alwil Software\Avast4\DATA\moved\19.tmp.vir Infected: Backdoor.Win32.Agent.akwi 1

C:\Program Files\Alwil Software\Avast4\DATA\moved\230.exe.vir Infected: Trojan-Downloader.Win32.FraudLoad.wtgt 1

C:\Program Files\Alwil Software\Avast4\DATA\moved\245.exe.vir Infected: Trojan-Downloader.Win32.FraudLoad.wtgt 1

C:\Program Files\Alwil Software\Avast4\DATA\moved\258.exe.vir Infected: Trojan-Downloader.Win32.FraudLoad.wtgt 1

C:\Program Files\Alwil Software\Avast4\DATA\moved\489.exe.vir Infected: Trojan-Downloader.Win32.FraudLoad.wtgt 1

C:\Program Files\Alwil Software\Avast4\DATA\moved\549.exe.vir Infected: Trojan-Downloader.Win32.FraudLoad.wtgt 1

C:\Program Files\Alwil Software\Avast4\DATA\moved\5C.tmp.vir Infected: Backdoor.Win32.Agent.akwi 1

C:\Program Files\Alwil Software\Avast4\DATA\moved\750.exe.vir Infected: Trojan-Downloader.Win32.FraudLoad.wtgt 1

C:\Program Files\Alwil Software\Avast4\DATA\moved\850.exe.vir Infected: Trojan-Downloader.Win32.FraudLoad.wtgt 1

C:\Program Files\Alwil Software\Avast4\DATA\moved\992.exe.vir Infected: Trojan-Downloader.Win32.FraudLoad.wtgt 1

C:\Program Files\Alwil Software\Avast4\DATA\moved\995.exe.vir Infected: Trojan-Downloader.Win32.FraudLoad.wtgt 1

C:\Program Files\Alwil Software\Avast4\DATA\moved\ld15.exe.vir Infected: Net-Worm.Win32.Koobface.btj 1

C:\Program Files\Alwil Software\Avast4\DATA\moved\njdlukgq.exe.vir Infected: Trojan-Downloader.Win32.Small.anry 1

C:\Program Files\Alwil Software\Avast4\DATA\moved\pr3xy[1].exe.vir Infected: Trojan.Win32.Crypt.bgj 1

C:\Program Files\Alwil Software\Avast4\DATA\moved\SKYNETrowpaakahr.tmp.vir Infected: Packed.Win32.TDSS.z 1

 

Selected area has been scanned.

Share this post


Link to post
Share on other sites

Hi,

 

Those items are in the Avast quarantine

 

 

Please post a fresh DDS and Attach.txt and advise how your computer is running now and if there are any outstanding issues.

Share this post


Link to post
Share on other sites

DDS (Ver_09-10-26.01) - NTFSx86

Run by User at 20:13:11.20 on Mon 16/11/2009

Internet Explorer: 6.0.2900.5512

Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.2038.1379 [GMT 11:00]

 

AV: avast! antivirus 4.8.1356 [VPS 091115-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

 

============== Running Processes ===============

 

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam10\QuickCam10.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

svchost.exe

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Alwil Software\Avast4\setup\avast.setup

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\User\Desktop\dds.pif

 

============== Pseudo HJT Report ===============

 

mStart Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = *.local

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

uRun: [Google Update] "c:\documents and settings\user\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [bitTorrent DNA] "c:\program files\dna\btdna.exe"

uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"

uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles

mRun: [Nokia FastStart] "c:\program files\nokia\nokia music\NokiaMusic.exe" /command:faststart

mRun: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe

mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"

mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\user\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\user\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

Trusted Zone: clubbox.co.kr

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB

DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\zzw44m2o.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=

FF - prefs.js: browser.search.selectedEngine - SweetIM Search

FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com

FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=

FF - component: c:\program files\common files\dvdvideosoft\dll\ffcontextmenuy\components\FFContextMenu.dll

FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

 

============= SERVICES / DRIVERS ===============

 

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-10-21 114768]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-8-5 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 74480]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-10-21 20560]

R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]

R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-8-5 7408]

S2 TwonkyMedia;TwonkyMedia;c:\program files\nokia\nokia home media server\media server\twonkymedia.exe -serviceversion 0 --> c:\program files\nokia\nokia home media server\media server\TwonkyMedia.exe -serviceversion 0 [?]

S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2009-5-21 16512]

S3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2009-2-21 36864]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-2-21 222976]

S4 pcpitstop scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2009-9-16 77312]

 

=============== Created Last 30 ================

 

2009-11-16 09:12:57 0 d--h--w- c:\windows\PIF

2009-11-15 12:03:55 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf

2009-11-15 12:03:53 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll

2009-11-15 02:22:41 0 ----a-w- c:\windows\lgfwup.ini

2009-11-15 02:22:39 59904 ----a-w- c:\windows\system32\wbemdisp.tlb

2009-11-15 02:22:39 115016 ----a-w- c:\windows\system32\MSINET.OCX

2009-11-15 02:22:39 102912 ----a-w- c:\windows\system32\Vb6stkit.dll

2009-11-15 02:22:39 102160 ----a-w- c:\windows\system32\VB6KO.DLL

2009-11-08 09:55:05 0 d-sha-r- C:\autorun.inf

2009-11-08 09:42:22 0 d-----w- C:\CombaFix3070C

2009-11-08 04:55:11 0 d-----w- c:\docume~1\user\applic~1\Uniblue

2009-11-05 11:50:08 98816 ----a-w- c:\windows\sed.exe

2009-11-05 11:50:08 77312 ----a-w- c:\windows\MBR.exe

2009-11-05 11:50:08 267264 ----a-w- c:\windows\PEV.exe

2009-11-05 11:50:08 161792 ----a-w- c:\windows\SWREG.exe

2009-11-05 11:50:03 0 d-----w- C:\CombaFix17696C

2009-11-05 11:46:44 0 d-----w- C:\CombaFix17998C

2009-10-30 10:51:47 0 d-----w- C:\CombaFix12294C

2009-10-25 04:32:59 0 d-----w- C:\CombaFix1202C

2009-10-25 03:42:17 0 d-----w- C:\CombaFix24855C

2009-10-25 03:35:18 7680 --sha-w- c:\windows\Thumbs.db

2009-10-25 03:05:11 0 d-sha-r- C:\cmdcons

2009-10-25 02:57:06 0 d-----w- C:\CombaFix

2009-10-21 10:05:48 0 d-----w- c:\windows\ERUNT

2009-10-21 10:04:41 0 d-----w- C:\SDFix

2009-10-21 09:57:04 12800 ----a-w- c:\windows\system32\bootdelete.exe

2009-10-21 09:33:46 11904 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2009-10-21 09:33:10 0 d-----w- c:\program files\Hitman Pro 3.5

2009-10-21 09:33:10 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro

2009-10-21 09:20:00 0 d-----w- c:\program files\Uniblue

2009-10-21 08:21:36 0 d-----w- C:\VundoFix Backups

2009-10-21 04:47:41 1033728 ------w- c:\windows\explorer.exe

 

==================== Find3M ====================

 

2009-09-25 05:37:11 667136 ------w- c:\windows\system32\wininet.dll

2009-09-25 05:37:09 81920 ----a-w- c:\windows\system32\ieencode.dll

2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll

2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll

2009-03-21 11:46:49 10504864 ----a-w- c:\program files\iMeshV8.exe

2009-03-19 08:03:57 3073749 ----a-w- c:\program files\Setup_MagicISO.exe

2009-03-09 06:03:14 15727416 ----a-w- c:\program files\brico-pack-crystal-xp-crystalxp.net-en-117.zip

2009-03-09 05:49:33 547496 ----a-w- c:\program files\ChromeSetup.exe

2007-09-13 05:51:14 9679815 ----a-w- c:\program files\vlc-0.8.6c-win32.exe

 

============= FINISH: 20:13:29.87 ===============

 

 

 

 

 

 

 

 

 

 

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_09-10-26.01)

 

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 21/02/2009 10:22:55 AM

System Uptime: 16/11/2009 7:30:42 PM (1 hours ago)

 

Motherboard: ASUSTeK Computer INC. | | P5KPL-AM/PS

Processor: Intel Pentium III Xeon processor | Socket 775 | 2500/200mhz

 

==== Disk Partitions =========================

 

A: is Removable

C: is FIXED (NTFS) - 466 GiB total, 290.276 GiB free.

D: is CDROM ()

 

==== Disabled Device Manager Items =============

 

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}

Description: Microsoft PS/2 Mouse

Device ID: ACPI\PNP0F03\4&2C575ACB&0

Manufacturer: Microsoft

Name: Microsoft PS/2 Mouse

PNP Device ID: ACPI\PNP0F03\4&2C575ACB&0

Service: i8042prt

 

Class GUID:

Description:

Device ID: ROOT\LEGACY_BEEP\XX_LCBXPQ_XX

Manufacturer:

Name:

PNP Device ID: ROOT\LEGACY_BEEP\XX_LCBXPQ_XX

Service: lcbxpq

 

Class GUID:

Description:

Device ID: ROOT\LEGACY_BEEP\XX_VZAYWOE_XX

Manufacturer:

Name:

PNP Device ID: ROOT\LEGACY_BEEP\XX_VZAYWOE_XX

Service: vzaywoe

 

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}

Description: Nokia Windows Portable Device Driver

Device ID: ROOT\WPD\0000

Manufacturer: Nokia

Name: Nokia N97

PNP Device ID: ROOT\WPD\0000

Service: WUDFRd

 

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}

Description: Nokia 6110 Navigator

Device ID: ROOT\WPD\0001

Manufacturer: Nokia

Name: Nokia 6110 Navigator

PNP Device ID: ROOT\WPD\0001

Service: WUDFRd

 

==== System Restore Points ===================

 

RP1: 25/10/2009 2:12:47 PM - System Checkpoint

RP2: 6/11/2009 8:43:14 PM - Software Distribution Service 3.0

RP3: 6/11/2009 11:30:46 PM - Software Distribution Service 3.0

RP4: 8/11/2009 4:04:35 PM - Removed Kaspersky Anti-Virus 2010.

RP5: 8/11/2009 11:03:45 PM - Software Distribution Service 3.0

RP6: 9/11/2009 11:27:31 PM - System Checkpoint

RP7: 11/11/2009 9:44:34 PM - System Checkpoint

RP8: 12/11/2009 10:38:14 PM - Software Distribution Service 3.0

RP9: 15/11/2009 12:35:06 PM - System Checkpoint

RP10: 15/11/2009 1:24:27 PM - Removed Nero 7 Essentials

RP11: 15/11/2009 11:03:48 PM - Software Distribution Service 3.0

 

==== Installed Programs ======================

 

2007 Microsoft Office Suite Service Pack 1 (SP1)

a-squared Free 4.5

Acrobat.com

Adobe AIR

Adobe Anchor Service CS3

Adobe Asset Services CS3

Adobe Bridge 1.0

Adobe Bridge CS3

Adobe Bridge Start Meeting

Adobe Camera Raw 4.0

Adobe CMaps

Adobe Color - Photoshop Specific

Adobe Color Common Settings

Adobe Color EU Extra Settings

Adobe Color JA Extra Settings

Adobe Color NA Recommended Settings

Adobe Common File Installer

Adobe Default Language CS3

Adobe Device Central CS3

Adobe ExtendScript Toolkit 2

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Fonts All

Adobe Help Center 1.0

Adobe Help Viewer CS3

Adobe Illustrator CS3

Adobe InDesign CS3

Adobe InDesign CS3 Icon Handler

Adobe Linguistics CS3

Adobe PDF Library Files

Adobe Photoshop CS2

Adobe Photoshop CS3

Adobe Reader 9.1.2

Adobe Setup

Adobe SING CS3

Adobe Stock Photos 1.0

Adobe Stock Photos CS3

Adobe Type Support

Adobe Update Manager CS3

Adobe Version Cue CS3 Client

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS3

Any Video Converter 2.7.6

ArcSoft PhotoImpression 5

Ashampoo Burning Studio 6

Ask Toolbar

Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver

avast! Antivirus

Choice Guard

Clubbox ÆÄÀÏÀü¼Û°ü¸®ÀÚ

Convert FLV to MP3 1.0

DNA

DVD Suite

EPSON Attach To Email

EPSON Copy Utility 3

EPSON Easy Photo Print

EPSON File Manager

EPSON Image Clip Palette

EPSON Printer Software

EPSON Scan

EPSON Scan Assistant

EPSON Web-To-Page

ESPRX530 User's Guide

ffdshow [rev 3026] [2009-07-05]

Free DVD Creator version 2.0

Free Studio version 4.2

Free Video to Mp3 Converter version 3.1

Free YouTube FLV Converter v1.0

Google Chrome

HijackThis 1.99.1

Hitman Pro 3.5

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB954708)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Intel® Graphics Media Accelerator Driver

Japanese Language Support

Java 6 Update 14

Junk Mail filter update

K-Lite Codec Pack 4.3.1 (Full)

LAME v3.98.2 for Audacity

Logitech Audio Echo Cancellation Component

Logitech QuickCam

Logitech Video Enumerator

Logitech® Camera Driver

Magic DVD Ripper V5.4.2

Magic ISO Maker v5.5 (build 0274)

Malwarebytes' Anti-Malware

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Live Add-in 1.3

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Search Enhancement Pack

Microsoft Software Update for Web Folders (English) 12

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft User-Mode Driver Framework Feature Pack 1.5

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Mozilla Firefox (3.0.11)

MSN

MSVC80_x86

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 6.0 Parser (KB933579)

MVision

neroxml

Nokia Connectivity Cable Driver

Nokia Home Media Server

Nokia Map Loader

Nokia Music

Nokia Ovi Application Installer

Nokia Ovi Application Installer 6.85.3011

Nokia Ovi Content Copier

Nokia Ovi Content Copier 6.85.3011

Nokia Ovi One Touch Access

Nokia Ovi One Touch Access 6.85.3011

Nokia Ovi Suite

Nokia Ovi System Utilities

Nokia Ovi System Utilities 6.85.3013

Nokia PC Suite

Nokia Photos

Nokia Software Updater

Pack Crystal XP 3.0

PC Connectivity Solution

PC Pitstop Exterminate2 2.0

PDF Settings

PIF DESIGNER

Platform

PowerDVD

PowerProducer

REALTEK GbE & FE Ethernet PCI-E NIC Driver

Realtek High Definition Audio Driver

RocketDock 1.3.5

Security Update for 2007 Microsoft Office System (KB951550)

Security Update for 2007 Microsoft Office System (KB951944)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB973704)

Security Update for CAPICOM (KB931906)

Security Update for Microsoft Office Excel 2007 (KB973593)

Security Update for Microsoft Office OneNote 2007 (KB950130)

Security Update for Microsoft Office Outlook 2007 (KB972363)

Security Update for Microsoft Office PowerPoint 2007 (KB957789)

Security Update for Microsoft Office Publisher 2007 (KB969693)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB969613)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB969604)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958215)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960714)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB963027)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969897)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972260)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974455)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Segoe UI

STOIK Video Converter 2

Storm Hawks Sky Race

SUPERAntiSpyware Free Edition

SweetIM for Messenger 2.7

SweetIM Toolbar for Internet Explorer 3.4

TwonkyMedia

Uniblue RegistryBooster 2010

Uninstall 1.0.0.1

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Outlook 2007 Junk Email Filter (kb975960)

Update for Windows XP (KB898461)

Update for Windows XP (KB951978)

Update for Windows XP (KB955839)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB973815)

Update for Windows XP (KB976749)

VIA Platform Device Manager

Video To MPEG Converter 1.00

VideoLAN VLC media player 0.8.6c

WebFldrs XP

Windows Driver Package - Nokia Modem (02/15/2007 3.1)

Windows Driver Package - Nokia Modem (02/23/2009 7.01.0.2)

Windows Driver Package - Nokia Modem (02/24/2009 4.0)

Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Toolbar

Windows Live Upload Tool

Windows Live Writer

Windows Media Format 11 runtime

WinRAR archiver

 

==== Event Viewer Messages From Past Week ========

 

9/11/2009 9:36:59 PM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk0\D.

9/11/2009 9:12:36 PM, error: Dhcp [1002] - The IP address lease 114.76.254.188 for the Network Card with network address 002215BDA82F has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

15/11/2009 6:46:20 PM, error: Dhcp [1002] - The IP address lease 114.76.236.52 for the Network Card with network address 002215BDA82F has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

15/11/2009 4:47:39 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

15/11/2009 11:39:40 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

15/11/2009 11:24:37 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

11/11/2009 10:22:49 PM, error: Dhcp [1002] - The IP address lease 114.76.250.26 for the Network Card with network address 002215BDA82F has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

 

==== End Of File ===========================

 

 

My computer is running quite slower than usual. But other than that, it's fine.

Share this post


Link to post
Share on other sites

Hi,

 

You are clean,

 

Time fr some housekeeping:

 

please do the following:

 

Posted ImageYour Java is out of date.

Java™ 6 Update 14 can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now.

An update should begin; > follow the prompts.

 

 

NEXT

 

A defrag may improve the speed of your machine somewhat.

 

Download and run Auslogics Disc Defragmenter

 

 

NEXT

 

Follow these steps to uninstall Combofix

  • Click START then RUN
  • Now type Combofix /uninstall in the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.
Posted Image

 

 

 

 

NEXT

 

Now to remove the rest of the tools that we have used in fixing your machine:

  • Make sure you have an Internet Connection.
  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

If there are any remaining logs/tools > right click and delete them.

 

NEXT

 

 

Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article

    Strong passwords: How to create and use them

    Then consider a password keeper, to keep all your passwords safe.

  • Keep Windows updated by regularly checking their website at :

    http://windowsupdate.microsoft.com/

    This will ensure your computer has always the latest security updates available installed on your computer.

     

  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.

     

  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.

     

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

     

  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

     

    WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox, IE and chrome.

     

  • For Firefox, I highly recommend this add-on to keep your PC even more secure.
    • NoScript - for blocking ads and other potential website attacks
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

    Think Prevention.

    PC Safety and Security--What Do I Need?.

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

 

 

Thank you for your patience, and performing all of the procedures requested.

 

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×