random number exe
-
random number exe
Hi, my laptop got infected with some spyware. I see strange process running like 3680475734.exe but number changes. When I am browsing with IE I am often redirected to completly different website like besttopnet.com or different.
SpyBot finds and removes few Trojans like:
- DNSFlush.cws
- PWS.LDPinchIE
but they come back.
I hope someone can help me to get rid of it.
Here is my log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:58:48 PM, on 4/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\windows\system32\brsvc01a.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\brss01a.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\windows\system32\vmnat.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\windows\system32\vmnetdhcp.exe
C:\windows\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\Notebook Hardware Control\nhc.exe
C:\Program Files\VMware\VMware Player\hqtray.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Microsoft Office Communicator\Communicator.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\sqldbatips\SQL2005 Service Manager\SQL2005 Service Manager.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\DOCUME~1\Artur\LOCALS~1\Temp\3680475734.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\windows\system32\mmc.exe
C:\windows\system32\taskmgr.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://proxy-atm.atm.lmco.com/
O2 - BHO: C:\windows\system32\jh9fgo4ksdgf.dll - {D7BF4552-94F1-42BD-F434-3604812C856D} - C:\windows\system32\jh9fgo4ksdgf.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Delicious Toolbar - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Player\hqtray.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Windows Live Sync] "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" /background
O4 - HKCU\..\Run: [Diagnostic Manager] C:\DOCUME~1\Artur\LOCALS~1\Temp\3680475734.exe
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Resurections] C:\windows\TEMP\adqksiw6.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Diagnostic Manager] C:\windows\TEMP\1207768528.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'Default user')
O4 - Startup: SQL2005 Service Manager.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O8 - Extra context menu item: &Spurl! - http://www.spurl.net/rclick.php
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download All by ASUS Download - C:\Program Files\ASUS\WL-500W Wireless Router Utilities\ASDownloadAll.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download using ASUS Download - C:\Program Files\ASUS\WL-500W Wireless Router Utilities\ASDownload.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Delicious - {2C887991-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
O9 - Extra button: Bookmarks - {2C887992-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
O9 - Extra button: Tag - {2C887993-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Spurl! - {057AB0AA-0896-44A7-9940-1D3118C870FB} - http://www.spurl.net/rclick.php (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Bookmark the current page to Spurl.net - {057AB0AA-0896-44A7-9940-1D3118C870FB} - http://www.spurl.net/rclick.php (file missing) (HKCU)
O9 - Extra button: Spurl bar - {104D0F17-ED01-4E81-8EFF-53E956FC6D49} - Shdocvw.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Spurl bar - {104D0F17-ED01-4E81-8EFF-53E956FC6D49} - Shdocvw.dll (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll
O15 - Trusted Zone: http://*.delicious.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/ae/en/securityadvi...n/pestscan.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1201844994562
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6...ws-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: sfdawtawgreage4tregrgae34 - {D7BF4552-94F1-42BD-F434-3604812C856D} - C:\windows\system32\jh9fgo4ksdgf.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\windows\system32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\windows\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\windows\system32\vmnat.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 17503 bytes
-
Welcome,
I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:- Run Spybot-S&D
- Go to the Mode menu, and make sure "Advanced Mode" is selected
- On the left hand side, choose Tools -> Resident
- Uncheck "Resident TeaTimer" and OK any prompts
You can reenable TeaTimer once your system is clean.
* Open Windows Defender
* Click Tools
* Click General Settings
* Scroll down to Real Time Protection Options
* Uncheck Turn on Real Time Protection (recommended)
* After you uncheck this, click on the Save button
* Close Windows Defender
Once your system has been deemed free from malware, you can re-enable Windows Defender's Real Time Protection.
* Please download Malwarebytes' Anti-Malware from HERE or HERE
Double Click mbam-setup.exe to install the application.
* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and zLaunch Malwarebytes Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Full Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
What is going on now?
-
Hi,
I performed all the steps as instructed. Everything went well.
Below are the logs:
================================================== ========
Malwarebytes' Anti-Malware 1.36
Database version: 2016
Windows 5.1.2600 Service Pack 3
4/20/2009 8:40:14 PM
mbam-log-2009-04-20 (20-40-14).txt
Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 496981
Time elapsed: 1 hour(s), 55 minute(s), 41 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 3
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 17
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\jh9fgo4ksdgf.dll (Trojan.Ertfor) -> Delete on reboot.
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{d7bf4552-94f1-42bd-f434-3604812c856d} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{d7bf4552-94f1-42bd-f434-3604812c856d} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{d7bf4552-94f1-42bd-f434-3604812c856d} (Trojan.Ertfor) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler\{d7bf4552-94f1-42bd-f434-3604812c856d} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\diagnostic manager (Trojan.Downloader) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\jh9fgo4ksdgf.dll (Trojan.Zlob.H) -> Delete on reboot.
C:\Documents and Settings\Artur\Local Settings\Temp\1163517206.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Artur\Local Settings\Temp\198251840.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Artur\Local Settings\Temp\2682397890.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Artur\Local Settings\Temp\2826413234.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Artur\Local Settings\Temp\287939340.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Artur\Local Settings\Temp\3074585390.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Artur\Local Settings\Temp\3267176232.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Artur\Local Settings\Temp\3292819484.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Artur\Local Settings\Temp\4267125386.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Artur\Local Settings\Temp\867267206.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20090420-084240-515.dll (Trojan.Ertfor) -> Quarantined and deleted successfully.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20090420-085530-903.dll (Trojan.Ertfor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Artur\Application Data\Adobe\Player.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\p2hhr.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Artur\Local Settings\Temp\811486000.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ak1.exe (Virus.Virut) -> Quarantined and deleted successfully.
================================================== ========
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:48:32 PM, on 4/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\windows\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\windows\system32\brsvc01a.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\brss01a.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\windows\system32\vmnat.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\windows\system32\vmnetdhcp.exe
C:\windows\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\Notebook Hardware Control\nhc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\VMware\VMware Player\hqtray.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Microsoft Office Communicator\Communicator.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
C:\windows\system32\wuauclt.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\sqldbatips\SQL2005 Service Manager\SQL2005 Service Manager.exe
C:\windows\system32\wuauclt.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://proxy-atm.atm.lmco.com/
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Delicious Toolbar - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Player\hqtray.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Windows Live Sync] "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Resurections] C:\windows\TEMP\wlgrcf.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'Default user')
O4 - Startup: SQL2005 Service Manager.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Spurl! - http://www.spurl.net/rclick.php
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download All by ASUS Download - C:\Program Files\ASUS\WL-500W Wireless Router Utilities\ASDownloadAll.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download using ASUS Download - C:\Program Files\ASUS\WL-500W Wireless Router Utilities\ASDownload.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Delicious - {2C887991-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
O9 - Extra button: Bookmarks - {2C887992-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
O9 - Extra button: Tag - {2C887993-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Spurl! - {057AB0AA-0896-44A7-9940-1D3118C870FB} - http://www.spurl.net/rclick.php (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Bookmark the current page to Spurl.net - {057AB0AA-0896-44A7-9940-1D3118C870FB} - http://www.spurl.net/rclick.php (file missing) (HKCU)
O9 - Extra button: Spurl bar - {104D0F17-ED01-4E81-8EFF-53E956FC6D49} - Shdocvw.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Spurl bar - {104D0F17-ED01-4E81-8EFF-53E956FC6D49} - Shdocvw.dll (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll
O15 - Trusted Zone: http://*.delicious.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/ae/en/securityadvi...n/pestscan.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1201844994562
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6...ws-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\windows\system32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\windows\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\windows\system32\vmnat.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 16531 bytes
================================================== ========
================================================== ========
My laptop works a lot better. No weird pop-ups, strange browser re-directs and numbers executables.
Am I clean?
Last edited by arturk; 21-04-2009 at 02:54 AM.
-
More trouble this morning :-(
I removed with Malwarebytes.
Malwarebytes' Anti-Malware 1.36
Database version: 2017
Windows 5.1.2600 Service Pack 3
4/21/2009 8:18:28 AM
mbam-log-2009-04-21 (08-18-28).txt
Scan type: Full Scan (C:\|)
Objects scanned: 226815
Time elapsed: 42 minute(s), 53 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 3
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\ativtmx.dll (Trojan.Downloader) -> Delete on reboot.
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{64e9bb1b-b4cc-439f-9d91-ce04d5d5ef06} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{64e9bb1b-b4cc-439f-9d91-ce04d5d5ef06} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{64e9bb1b-b4cc-439f-9d91-ce04d5d5ef06} (Trojan.Downloader) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\ativtmx.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Artur\Local Settings\Temporary Internet Files\Content.IE5\TQ7ABQRZ\1[1].gif (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\~.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
And latest HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:27:57 AM, on 4/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\windows\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\windows\system32\brsvc01a.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\brss01a.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\windows\system32\vmnat.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\windows\system32\vmnetdhcp.exe
C:\windows\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\Notebook Hardware Control\nhc.exe
C:\Program Files\VMware\VMware Player\hqtray.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Microsoft Office Communicator\Communicator.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\sqldbatips\SQL2005 Service Manager\SQL2005 Service Manager.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe
C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousManager.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://proxy-atm.atm.lmco.com/
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Delicious Toolbar - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Player\hqtray.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Windows Live Sync] "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Resurections] C:\windows\TEMP\wlgrcf.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'Default user')
O4 - Startup: SQL2005 Service Manager.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Spurl! - http://www.spurl.net/rclick.php
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download All by ASUS Download - C:\Program Files\ASUS\WL-500W Wireless Router Utilities\ASDownloadAll.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download using ASUS Download - C:\Program Files\ASUS\WL-500W Wireless Router Utilities\ASDownload.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Delicious - {2C887991-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
O9 - Extra button: Bookmarks - {2C887992-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
O9 - Extra button: Tag - {2C887993-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Spurl! - {057AB0AA-0896-44A7-9940-1D3118C870FB} - http://www.spurl.net/rclick.php (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Bookmark the current page to Spurl.net - {057AB0AA-0896-44A7-9940-1D3118C870FB} - http://www.spurl.net/rclick.php (file missing) (HKCU)
O9 - Extra button: Spurl bar - {104D0F17-ED01-4E81-8EFF-53E956FC6D49} - Shdocvw.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Spurl bar - {104D0F17-ED01-4E81-8EFF-53E956FC6D49} - Shdocvw.dll (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll
O15 - Trusted Zone: http://*.delicious.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/ae/en/securityadvi...n/pestscan.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1201844994562
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6...ws-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\windows\system32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\windows\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\windows\system32\vmnat.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 16699 bytes
-
do me a favor and run malwarebytes again but this time from safe mode explained below and post the log please.
Now reboot into safe mode( without networking support) by tapping your F8 key upon restart and safe mode screen appears, select safe mode and press enter.
Now run malwarebytes again please
-
Malwarebytes did not detect anything in safe mode.
I think DNSFlush.cws and PWS.LDPinchIE are still around.
The biggest problem now is that I am constantly being redirected to "poiskin.ru" and other similiar websites, specially when clicking on google links.
Also avast detects attempts of contacting some suspicious websites (one of them directifast.com or something) but they are blocked.
Very anoying, laptop is almost unusable, I fear the worst.
Below is the latest log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:45:26 PM, on 4/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\windows\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\brsvc01a.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\brss01a.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe
C:\windows\system32\vmnat.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\windows\system32\vmnetdhcp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\Notebook Hardware Control\nhc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\VMware\VMware Player\hqtray.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Microsoft Office Communicator\Communicator.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\sqldbatips\SQL2005 Service Manager\SQL2005 Service Manager.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousManager.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://proxy-atm.atm.lmco.com/
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Delicious Toolbar - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Player\hqtray.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Windows Live Sync] "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'Default user')
O4 - Startup: SQL2005 Service Manager.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Spurl! - http://www.spurl.net/rclick.php
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download All by ASUS Download - C:\Program Files\ASUS\WL-500W Wireless Router Utilities\ASDownloadAll.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download using ASUS Download - C:\Program Files\ASUS\WL-500W Wireless Router Utilities\ASDownload.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Delicious - {2C887991-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
O9 - Extra button: Bookmarks - {2C887992-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
O9 - Extra button: Tag - {2C887993-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Spurl! - {057AB0AA-0896-44A7-9940-1D3118C870FB} - http://www.spurl.net/rclick.php (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Bookmark the current page to Spurl.net - {057AB0AA-0896-44A7-9940-1D3118C870FB} - http://www.spurl.net/rclick.php (file missing) (HKCU)
O9 - Extra button: Spurl bar - {104D0F17-ED01-4E81-8EFF-53E956FC6D49} - Shdocvw.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Spurl bar - {104D0F17-ED01-4E81-8EFF-53E956FC6D49} - Shdocvw.dll (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll
O15 - Trusted Zone: http://*.delicious.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/ae/en/securityadvi...n/pestscan.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1201844994562
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6...ws-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\windows\system32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\windows\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\windows\system32\vmnat.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 16041 bytes
Last edited by arturk; 25-04-2009 at 05:11 AM.
-
Visit this page below to familiarize yourself to the tool below and download from one of the links provided.
A guide and tutorial on using ComboFix
If you have previously downloaded ComboFix,please delete that version now.
It is IMPORTANT that it is saved directly to your desktop
Close any open browsers.
Disconnect from the Internet.
Please do not re-connect your machine back to the Internet until Combofix has completely finished.
Disable your antivirus program and any realtime malware scanners and script blockers now
How To Disable
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.
Do NOT post the ComboFix-quarantined-files.txt unless I ask.
Re-enable your anti-virus and re-connect back to the internet and post the combofix log.
*Note*
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.
ComboFix SHOULD NOT be used unless requested by a forum helper.
-
Here is the log:
ComboFix 09-04-25.A3 - Artur 04/26/2009 1:54.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1326 [GMT -4:00]
Running from: c:\documents and settings\Artur\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090425-0] *On-access scanning disabled* (Updated)
.
((((((((((((((((((((((((( Files Created from 2009-05-26 to 2009-4-26 )))))))))))))))))))))))))))))))
.
2009-04-26 05:44 . 2009-04-26 05:44 118 ----a-w c:\windows\system32\MRT.INI
2009-04-23 20:32 . 2008-10-28 22:03 31280 ----a-r c:\windows\system32\drivers\vmusb.sys
2009-04-23 17:13 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-23 17:13 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-23 17:13 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-23 17:13 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-23 17:13 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-23 17:13 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-23 17:13 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-23 17:13 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-23 17:13 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-23 17:13 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-23 17:09 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-23 17:09 . 2009-03-27 06:58 1203922 ------w c:\windows\system32\dllcache\sysmain.sdb
2009-04-23 17:09 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-22 06:03 . 2009-04-22 06:03 -------- d-----w c:\program files\Alwil Software
2009-04-20 22:39 . 2009-04-20 22:39 -------- d-----w c:\documents and settings\Artur\Application Data\Malwarebytes
2009-04-20 22:39 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-20 22:39 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-20 22:39 . 2009-04-20 22:39 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-20 22:39 . 2009-04-20 22:39 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-20 01:58 . 2009-04-20 01:58 -------- d-----w c:\program files\Trend Micro
2009-04-10 22:44 . 2009-04-10 22:44 -------- d-----w c:\documents and settings\Artur\Application Data\OfficeUpdate12
2009-04-09 00:37 . 2009-04-09 00:37 -------- d-----w c:\documents and settings\Artur\Local Settings\Application Data\Intuit
2009-04-09 00:36 . 2009-04-09 00:36 -------- d-----w c:\documents and settings\Artur\Application Data\Intuit
2009-04-09 00:36 . 2009-04-09 00:36 -------- d-----w c:\program files\Common Files\AnswerWorks 5.0
2009-04-09 00:32 . 2009-04-09 00:32 -------- d-----w c:\program files\TurboTax
2009-04-03 07:03 . 2009-04-03 07:03 -------- d-sh--w c:\documents and settings\Artur\IECompatCache
2009-04-03 07:02 . 2009-04-03 07:02 -------- d-sh--w c:\documents and settings\Artur\PrivacIE
2009-04-03 07:00 . 2009-04-03 07:00 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-04-03 06:59 . 2009-04-03 06:59 -------- d-sh--w c:\documents and settings\NetworkService\IETldCache
2009-04-03 06:59 . 2009-04-03 06:59 -------- d-sh--w c:\documents and settings\Artur\IETldCache
2009-04-03 06:54 . 2009-04-15 13:07 -------- d-----w c:\windows\ie8updates
2009-04-03 06:47 . 2009-02-20 18:09 78336 ----a-w c:\windows\system32\ieencode.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-04-26 05:50 . 2008-09-11 14:43 -------- d-----w c:\documents and settings\Artur\Application Data\Delicious IE Extension
2009-04-26 05:50 . 2008-02-01 19:35 -------- d-----w c:\documents and settings\Artur\Application Data\Skype
2009-04-26 05:49 . 2008-02-01 19:37 -------- d-----w c:\documents and settings\Artur\Application Data\skypePM
2009-04-26 05:48 . 2008-07-26 02:42 22528 ----a-w c:\windows\system32\drivers\nhcDriver.sys
2009-04-26 05:47 . 2008-02-08 19:01 -------- d-----w c:\documents and settings\All Users\Application Data\VMware
2009-04-26 05:47 . 2008-02-08 19:05 -------- d-----w c:\documents and settings\LocalService\Application Data\VMware
2009-04-26 04:56 . 2009-04-26 04:56 17729 ----a-w C:\ComboFix1.txt
2009-04-24 16:03 . 2008-02-08 22:03 -------- d-----w c:\documents and settings\Artur\Application Data\VMware
2009-04-22 05:55 . 2008-02-10 05:49 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-22 05:55 . 2007-07-26 05:58 -------- d-----w c:\program files\Symantec
2009-04-22 05:55 . 2007-07-26 05:58 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-04-22 05:55 . 2008-02-10 05:49 -------- d-----w c:\program files\Symantec AntiVirus
2009-04-21 03:39 . 2008-09-07 00:48 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-21 03:39 . 2008-09-07 00:47 -------- d-----w c:\program files\SpywareBlaster
2009-04-19 06:48 . 2008-01-31 02:34 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-19 06:14 . 2008-01-31 02:34 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-19 05:36 . 2008-02-04 22:20 -------- d-----w c:\documents and settings\Artur\Application Data\Free Download Manager
2009-04-09 00:36 . 2007-07-26 05:35 68728 ----a-w c:\documents and settings\Artur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-09 00:34 . 2006-01-03 21:49 -------- d-----w c:\documents and settings\All Users\Application Data\Intuit
2009-04-09 00:34 . 2006-01-03 21:49 -------- d-----w c:\program files\Common Files\Intuit
2009-03-21 14:06 . 2009-03-21 14:06 989696 ------w c:\windows\system32\dllcache\kernel32.dll
2009-03-21 05:28 . 2009-03-21 03:59 -------- d-----w c:\program files\Mikroelektronika
2009-03-21 03:47 . 2009-03-21 03:47 -------- d-----w c:\program files\DIFX
2009-03-16 22:42 . 2009-03-16 22:42 524288 ----a-w c:\windows\opuc.dll
2009-03-11 02:47 . 2009-03-11 02:47 -------- d-----w c:\program files\Microsoft Silverlight
2009-03-06 14:22 . 2004-08-11 23:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-06 14:18 . 2009-03-06 14:18 -------- d-----w c:\documents and settings\Artur\Application Data\Apple Computer
2009-03-03 00:18 . 2007-10-11 05:57 826368 ----a-w c:\windows\system32\dllcache\wininet.dll
2009-03-03 00:18 . 2004-08-11 23:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-28 04:54 . 2007-08-13 23:43 636072 ----a-w c:\windows\system32\dllcache\iexplore.exe
2009-02-20 10:20 . 2008-01-31 00:16 13824 ------w c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 10:20 . 2007-08-13 23:39 70656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 05:14 . 2007-08-13 22:56 161792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2009-02-09 12:10 . 2004-08-11 23:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-11 23:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2004-08-11 23:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-11 23:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2009-01-25 06:47 1846784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 11:13 . 2004-08-11 23:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 23:02 . 2009-01-25 06:46 2066048 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-07 23:02 . 2004-08-04 04:59 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-06 11:11 . 2004-08-11 23:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2009-01-25 06:46 2189056 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 11:08 . 2004-08-11 23:00 2189056 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 11:06 . 2009-01-25 06:46 2145280 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 10:39 . 2004-08-11 23:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2009-01-25 06:46 2023936 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-03 19:59 . 2009-02-03 19:59 56832 ------w c:\windows\system32\dllcache\secur32.dll
2009-02-03 19:59 . 2004-08-11 23:00 56832 ----a-w c:\windows\system32\secur32.dll
2009-01-28 01:42 . 2008-02-08 19:03 1024 ----a-w C:\.rnd
2009-01-16 03:11 . 2009-01-16 03:11 2311 ----a-w c:\documents and settings\All Users\Application Data\xml2A0.tmp
2009-01-16 03:11 . 2009-01-16 03:11 13054 ----a-w c:\documents and settings\All Users\Application Data\xml29F.tmp
2009-01-16 03:11 . 2009-01-16 03:11 16854 ----a-w c:\documents and settings\All Users\Application Data\xml29E.tmp
2008-11-06 03:23 . 2008-11-06 03:23 548047 ----a-w c:\program files\lame3.98-final.zip
2008-02-14 04:37 . 2008-02-14 04:37 128 ----a-w c:\documents and settings\Artur\Local Settings\Application Data\fusioncache.dat
2008-02-01 19:37 . 2008-02-01 19:37 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-01-31 01:34 . 2008-01-31 01:34 114856 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-01-06 03:2008-01-31 02:02 16:50 . c:\program files\mozilla firefox\components\jar50.dll
2009-01-06 03:2008-01-31 02:02 16:50 . c:\program files\mozilla firefox\components\jsd3250.dll
2009-01-06 03:2008-01-31 02:02 16:50 . c:\program files\mozilla firefox\components\myspell.dll
2009-01-06 03:2008-01-31 02:02 16:50 . c:\program files\mozilla firefox\components\spellchk.dll
2009-01-06 03:2008-01-31 02:02 16:50 . c:\program files\mozilla firefox\components\xpinstal.dll
2008-07-25 19:33 . 2008-07-25 19:33 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008072520080 726\index.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-04-26_04.54.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-26 05:47 . 2009-04-26 05:47 16384 c:\windows\Temp\Perflib_Perfdata_bc8.dat
+ 2009-04-26 05:47 . 2009-04-26 05:47 16384 c:\windows\Temp\Perflib_Perfdata_2d8.dat
+ 2004-08-11 23:00 . 2009-02-20 18:09 44544 c:\windows\system32\pngfilt.dll
- 2004-08-11 23:00 . 2008-10-16 20:38 44544 c:\windows\system32\pngfilt.dll
- 2004-08-11 23:11 . 2008-04-14 09:42 91648 c:\windows\system32\mtxoci.dll
+ 2004-08-11 23:11 . 2008-06-12 14:23 91648 c:\windows\system32\mtxoci.dll
- 2004-08-11 23:00 . 2008-04-14 09:42 66560 c:\windows\system32\mtxclu.dll
+ 2004-08-11 23:00 . 2008-06-12 14:23 66560 c:\windows\system32\mtxclu.dll
- 2007-08-13 23:54 . 2008-10-16 20:38 52224 c:\windows\system32\msfeedsbs.dll
+ 2007-08-13 23:54 . 2009-02-20 18:09 52224 c:\windows\system32\msfeedsbs.dll
- 2004-08-11 23:11 . 2008-04-14 09:42 58880 c:\windows\system32\msdtclog.dll
+ 2004-08-11 23:11 . 2008-06-12 14:23 58880 c:\windows\system32\msdtclog.dll
- 2004-08-11 23:00 . 2008-10-16 20:38 27648 c:\windows\system32\jsproxy.dll
+ 2004-08-11 23:00 . 2009-02-20 18:09 27648 c:\windows\system32\jsproxy.dll
- 2004-08-11 23:00 . 2008-10-16 20:38 44544 c:\windows\system32\iernonce.dll
+ 2004-08-11 23:00 . 2009-02-20 18:09 44544 c:\windows\system32\iernonce.dll
+ 2004-08-11 23:00 . 2009-02-20 10:20 70656 c:\windows\system32\ie4uinit.exe
- 2004-08-11 23:00 . 2008-10-16 13:11 70656 c:\windows\system32\ie4uinit.exe
+ 2007-08-13 23:36 . 2009-02-20 18:09 63488 c:\windows\system32\icardie.dll
- 2007-08-13 23:36 . 2008-10-16 20:38 63488 c:\windows\system32\icardie.dll
+ 2007-10-11 05:57 . 2009-02-20 18:09 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2007-10-11 05:57 . 2008-10-16 20:38 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 66560 c:\windows\system32\dllcache\mtxclu.dll
- 2008-01-31 00:16 . 2008-10-16 20:38 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-01-31 00:16 . 2009-02-20 18:09 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2007-10-11 05:57 . 2009-02-20 18:09 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2007-10-11 05:57 . 2008-10-16 20:38 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2007-08-13 23:39 . 2008-10-16 20:38 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2007-08-13 23:39 . 2009-02-20 18:09 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2009-02-20 18:09 . 2009-02-20 18:09 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2008-01-31 00:16 . 2009-02-20 18:09 63488 c:\windows\system32\dllcache\icardie.dll
- 2008-01-31 00:16 . 2008-10-16 20:38 63488 c:\windows\system32\dllcache\icardie.dll
- 2007-07-26 05:15 . 2009-04-25 03:38 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-07-26 05:15 . 2009-04-26 05:46 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-07-26 05:15 . 2009-04-25 03:38 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-07-26 05:15 . 2009-04-26 05:46 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-07-26 05:15 . 2009-04-25 03:38 16384 c:\windows\system32\config\systemprofile\Cookies\i ndex.dat
+ 2007-07-26 05:15 . 2009-04-26 05:46 16384 c:\windows\system32\config\systemprofile\Cookies\i ndex.dat
+ 2007-07-26 05:14 . 2009-04-26 05:45 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-07-26 05:14 . 2009-01-25 07:10 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2007-07-26 05:14 . 2009-04-26 05:45 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2007-07-26 05:14 . 2009-01-25 07:10 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2007-07-26 05:14 . 2009-04-26 05:45 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2007-07-26 05:14 . 2009-01-25 07:10 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2007-07-26 05:14 . 2009-01-25 07:10 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2007-07-26 05:14 . 2009-04-26 05:45 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2007-07-26 05:14 . 2009-04-26 05:45 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2007-07-26 05:14 . 2009-01-25 07:10 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2007-07-26 05:14 . 2009-01-25 07:10 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-07-26 05:14 . 2009-04-26 05:45 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-04-26 05:44 . 2008-10-16 20:38 44544 c:\windows\ie7updates\KB963027-IE7\pngfilt.dll
+ 2009-04-26 05:44 . 2008-10-16 20:38 52224 c:\windows\ie7updates\KB963027-IE7\msfeedsbs.dll
+ 2009-04-26 05:44 . 2008-10-16 20:38 27648 c:\windows\ie7updates\KB963027-IE7\jsproxy.dll
+ 2009-04-26 05:44 . 2008-10-16 13:11 13824 c:\windows\ie7updates\KB963027-IE7\ieudinit.exe
+ 2009-04-26 05:44 . 2008-10-16 20:38 44544 c:\windows\ie7updates\KB963027-IE7\iernonce.dll
+ 2009-04-26 05:44 . 2008-04-14 09:41 81920 c:\windows\ie7updates\KB963027-IE7\ieencode.dll
+ 2009-04-26 05:44 . 2008-10-16 13:11 70656 c:\windows\ie7updates\KB963027-IE7\ie4uinit.exe
+ 2009-04-26 05:44 . 2008-10-16 20:38 63488 c:\windows\ie7updates\KB963027-IE7\icardie.dll
+ 2009-04-25 14:46 . 2009-04-26 05:45 9668 c:\windows\SoftwareDistribution\EventCache\{37051B 2F-DED5-4325-BFC9-EE38E569CD68}.bin
+ 2007-07-26 05:14 . 2009-04-26 05:45 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2007-07-26 05:14 . 2009-01-25 07:10 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2004-08-11 23:00 . 2008-12-16 12:30 354304 c:\windows\system32\winhttp.dll
- 2004-08-11 23:00 . 2008-04-14 09:42 354304 c:\windows\system32\winhttp.dll
- 2004-08-11 23:00 . 2008-10-16 20:38 233472 c:\windows\system32\webcheck.dll
+ 2004-08-11 23:00 . 2009-02-20 18:09 233472 c:\windows\system32\webcheck.dll
+ 2004-08-11 23:11 . 2009-02-06 10:10 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2004-08-11 23:11 . 2009-02-09 12:10 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2004-08-11 23:11 . 2009-02-09 12:10 473600 c:\windows\system32\wbem\fastprox.dll
- 2004-08-11 23:00 . 2008-10-16 20:38 105984 c:\windows\system32\url.dll
+ 2004-08-11 23:00 . 2009-02-20 18:09 105984 c:\windows\system32\url.dll
+ 2004-08-11 23:00 . 2008-12-05 06:54 144896 c:\windows\system32\schannel.dll
+ 2004-08-11 23:00 . 2009-04-26 05:52 576510 c:\windows\system32\perfh009.dat
- 2004-08-11 23:00 . 2009-04-03 07:01 576510 c:\windows\system32\perfh009.dat
+ 2004-08-11 23:00 . 2009-04-26 05:52 116502 c:\windows\system32\perfc009.dat
- 2004-08-11 23:00 . 2009-04-03 07:01 116502 c:\windows\system32\perfc009.dat
+ 2004-08-11 23:00 . 2009-02-20 18:09 102912 c:\windows\system32\occache.dll
- 2004-08-11 23:00 . 2008-10-16 20:38 102912 c:\windows\system32\occache.dll
- 2004-08-11 23:00 . 2008-10-16 20:38 671232 c:\windows\system32\mstime.dll
+ 2004-08-11 23:00 . 2009-02-20 18:09 671232 c:\windows\system32\mstime.dll
- 2004-08-11 23:00 . 2008-10-16 20:38 193024 c:\windows\system32\msrating.dll
+ 2004-08-11 23:00 . 2009-02-20 18:09 193024 c:\windows\system32\msrating.dll
+ 2004-08-11 23:00 . 2009-02-20 18:09 477696 c:\windows\system32\mshtmled.dll
- 2004-08-11 23:00 . 2008-10-16 20:38 477696 c:\windows\system32\mshtmled.dll
+ 2007-08-13 23:54 . 2009-02-20 18:09 459264 c:\windows\system32\msfeeds.dll
- 2007-08-13 23:54 . 2008-10-16 20:38 459264 c:\windows\system32\msfeeds.dll
- 2004-08-11 23:11 . 2008-04-14 09:42 161792 c:\windows\system32\msdtcuiu.dll
+ 2004-08-11 23:11 . 2008-06-12 14:23 161792 c:\windows\system32\msdtcuiu.dll
+ 2004-08-11 23:11 . 2008-06-12 14:23 956928 c:\windows\system32\msdtctm.dll
- 2004-08-11 23:11 . 2008-04-14 09:42 956928 c:\windows\system32\msdtctm.dll
+ 2004-08-11 23:11 . 2008-06-12 14:23 428032 c:\windows\system32\msdtcprx.dll
+ 2004-08-11 23:00 . 2009-03-21 14:06 989696 c:\windows\system32\kernel32.dll
- 2004-08-11 23:00 . 2008-04-14 09:41 989696 c:\windows\system32\kernel32.dll
+ 2008-01-31 21:59 . 2009-04-26 05:47 247856 c:\windows\system32\inetsrv\MetaBase.bin
+ 2007-08-13 23:34 . 2009-02-20 18:09 268288 c:\windows\system32\iertutil.dll
+ 2004-08-11 23:00 . 2009-02-20 18:09 385024 c:\windows\system32\iedkcs32.dll
+ 2007-07-11 17:27 . 2009-02-20 18:09 383488 c:\windows\system32\ieapfltr.dll
- 2007-07-11 17:27 . 2008-10-16 20:38 383488 c:\windows\system32\ieapfltr.dll
+ 2004-08-11 23:00 . 2009-02-20 05:14 161792 c:\windows\system32\ieakui.dll
- 2004-08-11 23:00 . 2008-10-15 07:04 161792 c:\windows\system32\ieakui.dll
- 2004-08-11 23:00 . 2008-10-16 20:38 230400 c:\windows\system32\ieaksie.dll
+ 2004-08-11 23:00 . 2009-02-20 18:09 230400 c:\windows\system32\ieaksie.dll
+ 2004-08-11 23:00 . 2009-02-20 18:09 153088 c:\windows\system32\ieakeng.dll
- 2004-08-11 23:00 . 2008-10-16 20:38 153088 c:\windows\system32\ieakeng.dll
- 2004-08-11 23:06 . 2009-04-12 22:57 255864 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-11 23:06 . 2009-04-26 05:46 255864 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-11 23:00 . 2009-02-20 18:09 133120 c:\windows\system32\extmgr.dll
- 2004-08-11 23:00 . 2008-10-16 20:38 133120 c:\windows\system32\extmgr.dll
+ 2004-08-11 23:00 . 2009-02-20 18:09 214528 c:\windows\system32\dxtrans.dll
- 2004-08-11 23:00 . 2008-10-16 20:38 214528 c:\windows\system32\dxtrans.dll
- 2004-08-11 23:00 . 2008-10-16 20:38 347136 c:\windows\system32\dxtmsft.dll
+ 2004-08-11 23:00 . 2009-02-20 18:09 347136 c:\windows\system32\dxtmsft.dll
+ 2008-12-16 12:30 . 2008-12-16 12:30 354304 c:\windows\system32\dllcache\winhttp.dll
+ 2007-08-13 23:54 . 2009-02-20 18:09 233472 c:\windows\system32\dllcache\webcheck.dll
- 2007-08-13 23:54 . 2008-10-16 20:38 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2007-08-13 23:44 . 2009-02-20 18:09 105984 c:\windows\system32\dllcache\url.dll
- 2007-08-13 23:44 . 2008-10-16 20:38 105984 c:\windows\system32\dllcache\url.dll
+ 2008-12-05 06:54 . 2008-12-05 06:54 144896 c:\windows\system32\dllcache\schannel.dll
+ 2007-08-13 23:44 . 2009-02-20 18:09 102912 c:\windows\system32\dllcache\occache.dll
- 2007-08-13 23:44 . 2008-10-16 20:38 102912 c:\windows\system32\dllcache\occache.dll
+ 2007-10-11 05:57 . 2009-02-20 18:09 671232 c:\windows\system32\dllcache\mstime.dll
- 2007-10-11 05:57 . 2008-10-16 20:38 671232 c:\windows\system32\dllcache\mstime.dll
- 2007-10-11 05:57 . 2008-10-16 20:38 193024 c:\windows\system32\dllcache\msrating.dll
+ 2007-10-11 05:57 . 2009-02-20 18:09 193024 c:\windows\system32\dllcache\msrating.dll
- 2007-10-11 05:57 . 2008-10-16 20:38 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2007-10-11 05:57 . 2009-02-20 18:09 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2008-01-31 00:16 . 2008-10-16 20:38 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-01-31 00:16 . 2009-02-20 18:09 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2008-01-31 00:16 . 2009-02-20 18:09 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2007-08-13 23:39 . 2009-02-20 18:09 385024 c:\windows\system32\dllcache\iedkcs32.dll
- 2008-01-31 00:16 . 2008-10-16 20:38 383488 c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-01-31 00:16 . 2009-02-20 18:09 383488 c:\windows\system32\dllcache\ieapfltr.dll
+ 2007-08-13 23:39 . 2009-02-20 18:09 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2007-08-13 23:39 . 2008-10-16 20:38 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2007-08-13 23:39 . 2008-10-16 20:38 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2007-08-13 23:39 . 2009-02-20 18:09 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2007-10-11 05:57 . 2009-02-20 18:09 133120 c:\windows\system32\dllcache\extmgr.dll
- 2007-10-11 05:57 . 2008-10-16 20:38 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2007-10-11 05:57 . 2009-02-20 18:09 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2007-10-11 05:57 . 2008-10-16 20:38 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2007-10-11 05:57 . 2009-02-20 18:09 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2007-10-11 05:57 . 2008-10-16 20:38 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2007-08-13 23:39 . 2009-02-20 18:09 124928 c:\windows\system32\dllcache\advpack.dll
- 2007-08-13 23:39 . 2008-10-16 20:38 124928 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-11 23:00 . 2009-02-20 18:09 124928 c:\windows\system32\advpack.dll
- 2004-08-11 23:00 . 2008-10-16 20:38 124928 c:\windows\system32\advpack.dll
- 2007-07-26 05:14 . 2009-01-25 07:10 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-07-26 05:14 . 2009-04-26 05:45 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-07-26 05:14 . 2009-04-26 05:45 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2007-07-26 05:14 . 2009-01-25 07:10 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2007-07-26 05:14 . 2009-04-26 05:45 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2007-07-26 05:14 . 2009-01-25 07:10 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2007-07-26 05:14 . 2009-01-25 07:10 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-07-26 05:14 . 2009-04-26 05:45 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2007-07-26 05:14 . 2009-01-25 07:10 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-07-26 05:14 . 2009-04-26 05:45 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2007-07-26 05:14 . 2009-01-25 07:10 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2007-07-26 05:14 . 2009-04-26 05:45 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-04-26 05:44 . 2008-10-16 20:38 826368 c:\windows\ie7updates\KB963027-IE7\wininet.dll
+ 2009-04-26 05:44 . 2008-10-16 20:38 233472 c:\windows\ie7updates\KB963027-IE7\webcheck.dll
+ 2009-04-26 05:44 . 2008-10-16 20:38 105984 c:\windows\ie7updates\KB963027-IE7\url.dll
+ 2009-04-26 05:44 . 2008-07-09 07:38 382840 c:\windows\ie7updates\KB963027-IE7\spuninst\updspapi.dll
+ 2009-04-26 05:44 . 2008-07-08 13:02 231288 c:\windows\ie7updates\KB963027-IE7\spuninst\spuninst.exe
+ 2009-04-26 05:44 . 2008-10-16 20:38 102912 c:\windows\ie7updates\KB963027-IE7\occache.dll
+ 2009-04-26 05:44 . 2008-10-16 20:38 671232 c:\windows\ie7updates\KB963027-IE7\mstime.dll
+ 2009-04-26 05:44 . 2008-10-16 20:38 193024 c:\windows\ie7updates\KB963027-IE7\msrating.dll
+ 2009-04-26 05:44 . 2008-10-16 20:38 477696 c:\windows\ie7updates\KB963027-IE7\mshtmled.dll
+ 2009-04-26 05:44 . 2008-10-16 20:38 459264 c:\windows\ie7updates\KB963027-IE7\msfeeds.dll
+ 2009-04-26 05:44 . 2008-10-15 07:06 633632 c:\windows\ie7updates\KB963027-IE7\iexplore.exe
+ 2009-04-26 05:44 . 2008-10-16 20:38 267776 c:\windows\ie7updates\KB963027-IE7\iertutil.dll
+ 2009-04-26 05:44 . 2008-10-16 20:38 384512 c:\windows\ie7updates\KB963027-IE7\iedkcs32.dll
+ 2009-04-26 05:44 . 2008-10-16 20:38 383488 c:\windows\ie7updates\KB963027-IE7\ieapfltr.dll
+ 2009-04-26 05:44 . 2008-10-15 07:04 161792 c:\windows\ie7updates\KB963027-IE7\ieakui.dll
+ 2009-04-26 05:44 . 2008-10-16 20:38 230400 c:\windows\ie7updates\KB963027-IE7\ieaksie.dll
+ 2009-04-26 05:44 . 2008-10-16 20:38 153088 c:\windows\ie7updates\KB963027-IE7\ieakeng.dll
+ 2009-04-26 05:44 . 2008-10-16 20:38 133120 c:\windows\ie7updates\KB963027-IE7\extmgr.dll
+ 2009-04-26 05:44 . 2008-10-16 20:38 214528 c:\windows\ie7updates\KB963027-IE7\dxtrans.dll
+ 2009-04-26 05:44 . 2008-10-16 20:38 347136 c:\windows\ie7updates\KB963027-IE7\dxtmsft.dll
+ 2009-04-26 05:44 . 2008-10-16 20:38 124928 c:\windows\ie7updates\KB963027-IE7\advpack.dll
- 2004-08-11 23:00 . 2008-10-16 20:38 1160192 c:\windows\system32\urlmon.dll
+ 2004-08-11 23:00 . 2009-02-20 18:09 1160192 c:\windows\system32\urlmon.dll
+ 2004-08-11 23:00 . 2008-06-17 19:02 8461312 c:\windows\system32\shell32.dll
- 2004-08-11 23:00 . 2008-04-14 09:42 8461312 c:\windows\system32\shell32.dll
+ 2004-08-11 23:00 . 2008-12-20 22:14 1288192 c:\windows\system32\quartz.dll
- 2004-08-11 23:00 . 2008-05-07 05:12 1288192 c:\windows\system32\quartz.dll
+ 2004-08-11 23:00 . 2009-02-20 18:09 3595264 c:\windows\system32\mshtml.dll
- 2007-08-13 23:54 . 2008-10-16 20:38 6066176 c:\windows\system32\ieframe.dll
+ 2007-08-13 23:54 . 2009-02-20 18:09 6066176 c:\windows\system32\ieframe.dll
- 2007-02-12 21:10 . 2007-07-01 03:31 2455488 c:\windows\system32\ieapfltr.dat
+ 2007-02-12 21:10 . 2008-07-09 14:25 2455488 c:\windows\system32\ieapfltr.dat
+ 2007-10-11 05:57 . 2009-02-20 18:09 1160192 c:\windows\system32\dllcache\urlmon.dll
- 2007-10-11 05:57 . 2008-10-16 20:38 1160192 c:\windows\system32\dllcache\urlmon.dll
+ 2008-06-17 19:02 . 2008-06-17 19:02 8461312 c:\windows\system32\dllcache\shell32.dll
+ 2008-05-07 05:12 . 2008-12-20 22:14 1288192 c:\windows\system32\dllcache\quartz.dll
- 2008-05-07 05:12 . 2008-05-07 05:12 1288192 c:\windows\system32\dllcache\quartz.dll
+ 2007-10-30 09:55 . 2009-02-20 18:09 3595264 c:\windows\system32\dllcache\mshtml.dll
+ 2008-01-31 00:16 . 2009-02-20 18:09 6066176 c:\windows\system32\dllcache\ieframe.dll
- 2008-01-31 00:16 . 2008-10-16 20:38 6066176 c:\windows\system32\dllcache\ieframe.dll
+ 2008-01-31 00:16 . 2008-07-09 14:25 2455488 c:\windows\system32\dllcache\ieapfltr.dat
- 2008-01-31 00:16 . 2007-07-01 03:31 2455488 c:\windows\system32\dllcache\ieapfltr.dat
+ 2009-04-26 05:44 . 2008-10-16 20:38 1160192 c:\windows\ie7updates\KB963027-IE7\urlmon.dll
+ 2009-04-26 05:44 . 2008-12-13 06:40 3593216 c:\windows\ie7updates\KB963027-IE7\mshtml.dll
+ 2009-04-26 05:44 . 2008-10-16 20:38 6066176 c:\windows\ie7updates\KB963027-IE7\ieframe.dll
+ 2009-04-26 05:44 . 2007-07-01 03:31 2455488 c:\windows\ie7updates\KB963027-IE7\ieapfltr.dat
+ 2009-01-25 06:46 . 2009-02-06 11:08 2189056 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-01-25 06:46 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2009-01-25 06:46 . 2008-08-14 09:33 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-01-25 06:46 . 2009-02-07 23:02 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2009-01-25 06:46 . 2008-08-14 09:33 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-01-25 06:46 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2009-01-25 06:46 . 2008-08-14 10:09 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-01-31 00:12 . 2009-04-06 14:57 24921544 c:\windows\system32\MRT.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-01-31 144448]
"Communicator"="c:\program files\Microsoft Office Communicator\Communicator.exe" [2007-04-10 3900776]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"i8kfangui"="c:\program files\I8kfanGUI\I8kfanGUI.exe" [2007-02-16 856064]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"Windows Live Sync"="c:\program files\Windows Live\Sync\WindowsLiveSync.exe" [2008-12-03 1170256]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-20 114688]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-09-01 684032]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824]
"DMXLauncher"="c:\program files\Roxio\Media Experience\DMXLauncher.exe" [2006-08-14 102400]
"NotebookHardwareControl"="c:\program files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe" [2008-10-29 64048]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp. exe" [2009-02-05 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"Communicator"="c:\program files\Microsoft Office Communicator\Communicator.exe" [2007-04-10 3900776]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2007-03-23 39264]
c:\documents and settings\Artur\Start Menu\Programs\Startup\
SQL2005 Service Manager.lnk - c:\documents and settings\Artur\Application Data\Microsoft\Installer\{95083577-9097-4051-A45A-D146C9F21070}\_6196AB78D314038F11DAE1.exe [2008-2-4 318]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NavLogon]
[BU]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Microsoft Virtual PC\\Virtual PC.exe"=
"c:\\Program Files\\Nortel\\Nortel VPN Client\\Extranet.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"c:\\Program Files\\Tftpd32\\tftpd32.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Delicious Add-on for Internet Explorer\\DeliciousManager.exe"=
"c:\\Program Files\\ASUS\\WL-500W Wireless Router Utilities\\Download.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\Win32\\RpcDataSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\RpcSandraSrv.exe"=
"c:\\Program Files\\VMware\\VMware Player\\vmware-authd.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R3 ICAM3NT5;Intel USB Video Camera III;c:\windows\system32\Drivers\Icam3.sys [2001-08-17 141056]
R3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\DRIVERS\ipsecw2k.sys [2007-09-13 157648]
R3 USB18PRG;mikroElektronika USB18F Device (x86 Platform);c:\windows\system32\Drivers\USB18PRG.sys [2007-07-16 39424]
R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2006-12-02 2805000]
S1 aswSP;avast! Self Protection; [x]
S1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [2007-02-16 14464]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswF sBlk.sys [2009-02-05 20560]
S2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2008-10-10 13088]
S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2008-10-29 54960]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-04 13592]
S3 Eacfilt;Eacfilt Miniport;c:\windows\system32\DRIVERS\eacfilt.sys [2007-09-13 26137]
.
Contents of the 'Scheduled Tasks' folder
2009-04-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2007-07-26 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-11 09:42]
2009-04-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Spurl! - http://www.spurl.net/rclick.php
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Download All by ASUS Download - c:\program files\ASUS\WL-500W Wireless Router Utilities\ASDownloadAll.htm
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download using ASUS Download - c:\program files\ASUS\WL-500W Wireless Router Utilities\ASDownload.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\program files\VMware\VMware Player\vsocklib.dll
Trusted Zone: delicious.com
Trusted Zone: delicious.com\secure
FF - ProfilePath - c:\documents and settings\Artur\Application Data\Mozilla\Firefox\Profiles\wtaa1mwp.default\
FF - component: c:\documents and settings\Artur\Application Data\Mozilla\Firefox\Profiles\wtaa1mwp.default\ext ensions\{22119944-ED35-4ab1-910B-E619EA06A115}\components\rfproxy_19.dll
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-26 01:57
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\system32\drivers\ovfsthxdhhwsqug.sys 84992 bytes executable
c:\windows\system32\ovfsthxdstyiwlw.dll 19456 bytes executable
c:\windows\system32\ovfsthxfvfskerl.dll 61952 bytes executable
c:\windows\system32\ovfsthxgkhlotoc.dat 43 bytes
c:\windows\system32\ovfsthxltihsyao.dll 19456 bytes executable
c:\windows\system32\ovfsthxnmxdogqu.dat 1013988 bytes
scan completed successfully
hidden files: 6
************************************************** ************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\m sftesql]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\o vfsthxajelolom]
"imagepath"="\systemroot\system32\drivers\ovfsthxd hhwsqug.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3652739634-1881219044-1171626444-1005\Software\Microsoft\SystemCertificates\Address Book*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1672)
c:\windows\system32\netprovcredman.dll
- - - - - - - > 'explorer.exe'(4716)
c:\windows\system32\netprovcredman.dll
.
Completion time: 2009-04-26 2:00
ComboFix-quarantined-files.txt 2009-04-26 05:59
Pre-Run: 26,115,457,024 bytes free
Post-Run: 26,094,989,312 bytes free
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
477 --- E O F --- 2009-04-26 05:45
Last edited by arturk; 26-04-2009 at 07:04 AM.
-
Go here to learn how to show hidden files/folders:
Help Centre Home : www.telecom.co.nz/help
Re-hide after we are done
Go to next site:
VirusTotal - Free Online Virus and Malware Scan
On top you'll find 'Browse'
Click the browse button and browse to next file:
C:\WINDOWS\system32\ovfsthxdhhwsqug.sys
Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.
If that one is to busy here is another option:
Online malware scan
And
Virus File Scanner
Please do the same for these:
c:\windows\system32\ovfsthxgkhlotoc.dat
c:\windows\system32\ovfsthxfvfskerl.dll
If you are going to keep Avast then you should run the symantec uninstaller tool as lots of that is still showing.
Download and run the Norton Removal Tool
ALSO...
Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
-
Scan results:
================================================== ========
File ovfsthxdhhwsqug.sys received on 04.28.2009 03:19:11 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 14/40 (35%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 38 and 54 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:
Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.04.28 Trojan.WinNT!IK
AhnLab-V3 5.0.0.2 2009.04.27 -
AntiVir 7.9.0.156 2009.04.27 -
Antiy-AVL 2.0.3.1 2009.04.27 -
Authentium 5.1.2.4 2009.04.27 -
Avast 4.8.1335.0 2009.04.27 -
AVG 8.5.0.287 2009.04.27 Rootkit-Pakes.A
BitDefender 7.2 2009.04.28 -
CAT-QuickHeal 10.00 2009.04.27 -
ClamAV 0.94.1 2009.04.27 -
Comodo 1138 2009.04.27 -
DrWeb 4.44.0.09170 2009.04.28 BackDoor.Tdss.115
eSafe 7.0.17.0 2009.04.27 Win32.TrojanWinNTAlu
eTrust-Vet 31.6.6478 2009.04.27 -
F-Prot 4.4.4.56 2009.04.27 -
F-Secure 8.0.14470.0 2009.04.28 -
Fortinet 3.117.0.0 2009.04.28 PossibleThreat
GData 19 2009.04.28 -
Ikarus T3.1.1.49.0 2009.04.28 Trojan.WinNT
K7AntiVirus 7.10.717 2009.04.27 -
Kaspersky 7.0.0.125 2009.04.28 -
McAfee 5598 2009.04.27 -
McAfee+Artemis 5598 2009.04.27 Generic!Artemis
McAfee-GW-Edition 6.7.6 2009.04.27 Trojan.LooksLike.Vundo
Microsoft 1.4602 2009.04.27 Trojan:WinNT/Alureon.C
NOD32 4038 2009.04.27 Win32/Spy.Agent.NNL
Norman 6.00.06 2009.04.27 -
nProtect 2009.1.8.0 2009.04.27 -
Panda 10.0.0.14 2009.04.27 Suspicious file
PCTools 4.4.2.0 2009.04.27 -
Prevx1 3.0 2009.04.28 High Risk Cloaked Malware
Rising 21.27.02.00 2009.04.27 -
Sophos 4.41.0 2009.04.28 Mal/TDSSPack-G
Sunbelt 3.2.1858.2 2009.04.24 Trojan-WinNT/Alureon.C
Symantec 1.4.4.12 2009.04.28 -
TheHacker 6.3.4.1.315 2009.04.27 -
TrendMicro 8.700.0.1004 2009.04.27 -
VBA32 3.12.10.3 2009.04.27 -
ViRobot 2009.4.27.1710 2009.04.27 -
VirusBuster 4.6.5.0 2009.04.27 -
Additional information
File size: 84992 bytes
MD5...: b574dfb16850f40c095c4b8e7027c397
SHA1..: b40f10fc85b79fb8ea36ea852bcf4f45d4ab8732
SHA256: d59037644110c8971b389eb0feb7ed3eee638019b6adf65661 2e2e077a2a11c7
SHA512: 7a7ef169bc53873d9c7b364d0f056ff79377a775d6dee98269 bcdbe703463b1e
2864da7d683f6950dbeb72558be0367b72957a72a2c75c0e0a 3cb0b89c311cca
ssdeep: 1536
XDznf7xaTZ3nnM/QCe9399cgkyQ+6S9Pzll27d5wb/01qH67b3mN/f7M
Txnnl99cFS9zled5wMmu3
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x1655
timedatestamp.....: 0x49d4704c (Thu Apr 02 07:59:08 2009)
machinetype.......: 0x14c (I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xd40 0xe00 6.24 2a689d70f4378835f34ed937ae8c1d55
.rdata 0x2000 0x5dd 0x600 5.20 83301ee4b94ef961ff505cfbc9812bab
.data 0x3000 0x26c28 0x12e00 7.99 6ba260933976427a214a7759693a6b35
.rsrc 0x2a000 0x2e0 0x400 2.53 0087705b50556befc3d239e4a4bfe19a
.reloc 0x2b000 0xe 0x200 1.80 fb52bb5e4d381939e30fb0d7f0da8fea
( 2 imports )
> ntoskrnl.exe: IoGetFileObjectGenericMapping, IoRegisterLastChanceShutdownNotification, PoStartNextPowerIrp, RtlTimeToSecondsSince1980, ZwQueryVolumeInformationFile, RtlUnwind, RtlFreeHeap, IoUnregisterFsRegistrationChange, MmIsDriverVerifying, FsRtlRemoveMcbEntry, strcpy, RtlOemToUnicodeN, MmSecureVirtualMemory, RtlConvertSidToUnicodeString, ZwDisplayString, RtlCopyRangeList, ZwOpenFile, RtlClearBits, RtlCompressChunks, RtlRandom, RtlImageNtHeader, InbvDisplayString, strcmp, KeSetPriorityThread
> hal.dll: HalStartNextProcessor, KeTryToAcquireQueuedSpinLockRaiseToSynch, HalEndSystemInterrupt, KeAcquireQueuedSpinLock, HalSetDisplayParameters, HalSetRealTimeClock, HalStopProfileInterrupt, IoAssignDriveLetters, KeReleaseQueuedSpinLock, KeRaiseIrql, HalProcessorIdle, HalHandleNMI, HalAssignSlotResources, IoWritePartitionTable, HalQueryRealTimeClock, HalInitSystem, HalGetAdapter, HalBeginSystemInterrupt, KeGetCurrentIrql, HalAllProcessorsStarted, IoReadPartitionTable, WRITE_PORT_ULONG, HalSetProfileInterval, READ_PORT_BUFFER_USHORT, KeRaiseIrqlToDpcLevel, KeLowerIrql, HalGetInterruptVector, HalAllocateAdapterChannel, HalSystemVectorDispatchEntry
( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
================================================== ======== File ovfsthxgkhlotoc.dat received on 04.28.2009 03:26:43 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/40 (0%)
Loading server information...
Your file is queued in position: 2.
Estimated start time is between 44 and 63 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:
Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.04.28 -
AhnLab-V3 5.0.0.2 2009.04.27 -
AntiVir 7.9.0.156 2009.04.27 -
Antiy-AVL 2.0.3.1 2009.04.27 -
Authentium 5.1.2.4 2009.04.27 -
Avast 4.8.1335.0 2009.04.27 -
AVG 8.5.0.287 2009.04.27 -
BitDefender 7.2 2009.04.28 -
CAT-QuickHeal 10.00 2009.04.27 -
ClamAV 0.94.1 2009.04.27 -
Comodo 1138 2009.04.27 -
DrWeb 4.44.0.09170 2009.04.28 -
eSafe 7.0.17.0 2009.04.27 -
eTrust-Vet 31.6.6478 2009.04.27 -
F-Prot 4.4.4.56 2009.04.27 -
F-Secure 8.0.14470.0 2009.04.28 -
Fortinet 3.117.0.0 2009.04.28 -
GData 19 2009.04.28 -
Ikarus T3.1.1.49.0 2009.04.28 -
K7AntiVirus 7.10.717 2009.04.27 -
Kaspersky 7.0.0.125 2009.04.28 -
McAfee 5598 2009.04.27 -
McAfee+Artemis 5598 2009.04.27 -
McAfee-GW-Edition 6.7.6 2009.04.27 -
Microsoft 1.4602 2009.04.27 -
NOD32 4038 2009.04.27 -
Norman 6.00.06 2009.04.27 -
nProtect 2009.1.8.0 2009.04.27 -
Panda 10.0.0.14 2009.04.27 -
PCTools 4.4.2.0 2009.04.27 -
Prevx1 3.0 2009.04.28 -
Rising 21.27.02.00 2009.04.27 -
Sophos 4.41.0 2009.04.28 -
Sunbelt 3.2.1858.2 2009.04.24 -
Symantec 1.4.4.12 2009.04.28 -
TheHacker 6.3.4.1.315 2009.04.27 -
TrendMicro 8.700.0.1004 2009.04.27 -
VBA32 3.12.10.3 2009.04.27 -
ViRobot 2009.4.27.1710 2009.04.27 -
VirusBuster 4.6.5.0 2009.04.27 -
Additional information
File size: 43 bytes
MD5...: c34c5ec217d5a7c0868a46b56b419629
SHA1..: 0ce7c6b203f3c49cf1203d6cda30bd072de56dd6
SHA256: 627b092a12d5cabb5aa4a6ee5ae634cabefa5ec7061b5c110b 1cc05b3ccb141e
SHA512: 168e5af780228b007c5fa210595daee73387eb0880d7128ef6 6464b7a1d78b84
9a5b3c74d72b5377babf24db602601771193ff8ce5f1215584 062e57d2edc891
ssdeep: 3:vfF2/GomK1zUb:vU2b
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-
================================================== ========
File ovfsthxfvfskerl.dll received on 04.28.2009 03:31:11 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 11/40 (27.5%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:
Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.04.28 -
AhnLab-V3 5.0.0.2 2009.04.27 -
AntiVir 7.9.0.156 2009.04.27 -
Antiy-AVL 2.0.3.1 2009.04.27 -
Authentium 5.1.2.4 2009.04.27 -
Avast 4.8.1335.0 2009.04.27 Win32:Alureon-V
AVG 8.5.0.287 2009.04.27 Dropper.Generic.ALMJ
BitDefender 7.2 2009.04.28 Trojan.TDss.FJ
CAT-QuickHeal 10.00 2009.04.27 -
ClamAV 0.94.1 2009.04.27 -
Comodo 1138 2009.04.27 -
DrWeb 4.44.0.09170 2009.04.28 BackDoor.Tdss.115
eSafe 7.0.17.0 2009.04.27 Suspicious File
eTrust-Vet 31.6.6478 2009.04.27 -
F-Prot 4.4.4.56 2009.04.27 -
F-Secure 8.0.14470.0 2009.04.28 -
Fortinet 3.117.0.0 2009.04.28 -
GData 19 2009.04.28 Trojan.TDss.FJ
Ikarus T3.1.1.49.0 2009.04.28 -
K7AntiVirus 7.10.717 2009.04.27 -
Kaspersky 7.0.0.125 2009.04.28 -
McAfee 5598 2009.04.27 -
McAfee+Artemis 5598 2009.04.27 -
McAfee-GW-Edition 6.7.6 2009.04.27 -
Microsoft 1.4602 2009.04.27 -
NOD32 4038 2009.04.27 Win32/Spy.Agent.ANGV
Norman 6.00.06 2009.04.27 -
nProtect 2009.1.8.0 2009.04.28 -
Panda 10.0.0.14 2009.04.27 -
PCTools 4.4.2.0 2009.04.27 -
Prevx1 3.0 2009.04.28 High Risk Cloaked Malware
Rising 21.27.02.00 2009.04.27 -
Sophos 4.41.0 2009.04.28 Mal/TibsPk-A
Sunbelt 3.2.1858.2 2009.04.24 -
Symantec 1.4.4.12 2009.04.28 -
TheHacker 6.3.4.1.315 2009.04.27 Trojan/Dropper.Agent.angv
TrendMicro 8.700.0.1004 2009.04.27 -
VBA32 3.12.10.3 2009.04.27 Malware-Cryptor.Win32.Palka
ViRobot 2009.4.27.1710 2009.04.27 -
VirusBuster 4.6.5.0 2009.04.27 -
Additional information
File size: 61952 bytes
MD5...: d8c0e5a5ce699ebd98faa0b306ffa60c
SHA1..: 8c060db005b141c50abb5f641a27a85c1000608b
SHA256: c80b3aeb0a3900c67b0d5311ca538739afc406fc571a1da923 043375aafa42db
SHA512: 4b81ed58ac7086510098e1609399f8d7089ad59b16108d2510 d193bdbac148a0
aa5239ee913d05b0ecd7b9207dd5fa0756e58b01aee6b7b6ed f7352feea20dbc
ssdeep: 1536:5fJ1iO3F+U30ZT5nDc7ZMCLfRONhi0v/rTF:5fJ1iOV+cqT5Dc5Sv/
PEiD..: -
TrID..: File type identification
Win32 Dynamic Link Library (generic) (65.4%)
Generic Win/DOS Executable (17.2%)
DOS Executable Generic (17.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x177a
timedatestamp.....: 0x49d46b65 (Thu Apr 02 07:38:13 2009)
machinetype.......: 0x14c (I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x13f4 0x1400 6.36 20935de5a9db938f421ae68e0866e146
.rdata 0x3000 0xce7 0xe00 5.12 7b9f760de39e6f33f4b54b05015e3efb
.data 0x4000 0xc4bc 0xc600 7.98 9d1dcf6b8c5b10502bc8f4b1aff27f7e
.rsrc 0x11000 0x2e0 0x400 2.54 00d79abeb8fbfd881aa7f310e24271f0
.reloc 0x12000 0x10 0x200 1.86 18e167a80e017a78a009620d25e8b571
( 5 imports )
> kernel32.dll: WriteConsoleOutputA, DosPathToSessionPathA, OutputDebugStringW, SetCurrentDirectoryW, InitializeCriticalSection, GetPrivateProfileSectionNamesA, UnregisterWait, FillConsoleOutputCharacterA, GetNamedPipeHandleStateA, GetThreadContext, CallNamedPipeA, DnsHostnameToComputerNameW, HeapLock, DnsHostnameToComputerNameA, DeleteCriticalSection, SetFileTime, PrepareTape, PrivMoveFileIdentityW, SetCommConfig, CreateEventW, GetLastError, LocalCompact, GetStringTypeW, ReadConsoleInputExW, HeapFree, EraseTape, GetConsoleAliasesW, SetEnvironmentVariableA, InitializeCriticalSectionAndSpinCount, CreateWaitableTimerW, ReadConsoleW, GetOverlappedResult
> msvcrt.dll: _ecvt, _wfindfirst, _ismbcgraph, _mbsicoll, _nextafter, localtime, _wspawnlp, ldexp, _ismbbkprint, _mbsnbcmp, _cputs, _findclose, _onexit, _rmdir, _ui64tow, _ismbbpunct, _spawnle, __set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS @@@ZP6AXI0@Z@Z, _Strftime, _ismbcprint, _errno, _ismbchira
> gdi32.dll: TextOutA, GetMetaFileW, GdiPlayPageEMF, GetEnhMetaFilePixelFormat, GetGlyphOutlineWow, GdiEntry14, EngCreateDeviceSurface, HT_Get8BPPFormatPalette, RemoveFontResourceW, PolyDraw, CreatePolyPolygonRgn, XLATEOBJ_iXlate, MoveToEx, gdiPlaySpoolStream, PatBlt, GetFontAssocStatus, EngGradientFill, GetTransform, EnumObjects, PtVisible, GdiEntry15, ExtEscape, ColorMatchToTarget, DrawEscape, CreateRectRgn, GetNearestColor
> user32.dll: CharLowerA, ToUnicodeEx, DdeClientTransaction, DdeDisconnect, QuerySendMessage, CharUpperW, SetSysColors, SetShellWindow, PostThreadMessageA, SetClipboardData, MessageBoxIndirectW, FindWindowW, DdeAccessData, LoadCursorFromFileA, SendIMEMessageExW, GetMenuStringW, SetWindowsHookW, SetShellWindowEx, DdeConnect, InsertMenuA, IsCharAlphaNumericW, GetMouseMovePointsEx, SetSystemCursor
> shlwapi.dll: SHCreateStreamOnFileA, SHRegisterValidateTemplate, SHCopyKeyA, AssocQueryStringW, SHRegDeleteUSValueA, StrRChrIW, PathRenameExtensionW, UrlHashW, SHCreateStreamOnFileW, SHSetThreadRef, PathMatchSpecA, StrNCatW, SHRegGetUSValueA, PathUnquoteSpacesW, AssocQueryStringA, StrFormatByteSizeA, StrNCatA, PathIsUNCServerA, PathGetDriveNumberA, PathSetDlgItemPathA, PathCanonicalizeW, SHRegOpenUSKeyA, StrRetToStrA, StrFromTimeIntervalW, PathMakePrettyA
( 6 exports )
RrjygFpndh, SnthyJmj, ReFwrswYfznrxfKwcjddiPvj, EsiDvvqcJndhDvga, BekoZvffoeJjk, IjqMdrwmedPoxllbQd
PDFiD.: -
RDS...: NSRL Reference Data Set
-
================================================== ========
================================================== ========
================================================== ========
Uninstall List:
7-Zip 4.42
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.3
AI RoboForm (All Users)
ALPS Touch Pad Driver
AnswerWorks 5.0 English Runtime
Apple Software Update
ASUS Wireless Router WL-500W Utilities
avast! Antivirus
Belarc Advisor 7.2
Broadcom Management Programs 2
Chinese Traditional Fonts Support For Adobe Reader 8
C-Major Audio
Conexant D110 MDC V.9x Modem
Data Access Objects (DAO) 3.5
Delicious Add-on for Internet Explorer
Digital Line Detect
DivX
Exact Audio Copy 0.99pb4
Free Download Manager 2.5
HD Tune 2.54
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
I8kfanGUI V3.1
Infragistics NetAdvantage for .NET 2007 Vol. 3 CLR 2.0
Infragistics NetAdvantage for .NET 2007 Vol. 3 CLR 2.0 Help
Infragistics NetAdvantage for .NET 2007 Vol. 3 CLR 2.0 SDK
Intel(R) Graphics Media Accelerator Driver for Mobile
Intel(R) PROSet/Wireless Software
Internal Network Card Power Management
Java(TM) 6 Update 3
JAW Deploy 1.15
JTIS
Korean Fonts Support For Adobe Reader 8
Macromedia Flash Player
Malwarebytes' Anti-Malware
mCore
MCU
mDriver
mDrWiFi
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft ActiveSync
Microsoft Device Emulator version 1.0 - ENU
Microsoft Document Explorer 2005
Microsoft Document Explorer 2005
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office Communicator 2005
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Backward compatibility
Microsoft SQL Server 2005 Books Online (English)
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
Microsoft SQL Server 2005 Tools
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Virtual PC 2007
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual SourceSafe 2005 - ENU
Microsoft Visual Studio 2005 Premier Partner Edition - ENU
Microsoft Visual Studio 2005 Professional Edition - ENU
Microsoft Visual Studio 2005 Professional Edition - ENU Service Pack 1 (KB926601)
mikroC (remove only)
mikroC PRO for PIC (remove only)
mIWA
mLogView
mMHouse
Modem Helper
Mozilla Firefox (2.0.0.18)
Mozilla Thunderbird (2.0.0.17)
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
mToolkit
mWlsSafe
mWMI
mZConfig
nLite 1.4.1
Nortel VPN Client
Notebook Hardware Control 2.0 Pre-Release-06 Bugfix
PICFLASH with mikroICD (remove only)
PowerDVD 5.5
PrimoPDF
QuickSet
QuickTime
RealPlayer Basic
Roxio Easy Media Creator 9 Suite
SAMSUNG Mobile Modem Driver Set
ScanTool
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB937061)
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB947738)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Service Pack 2 for SQL Server Database Services 2005 ENU (KB921896)
Service Pack 2 for SQL Server Tools and Workstation Components 2005 ENU (KB921896)
SiSoftware Sandra Lite XII.SP1
Skype™ 3.8
Spurl.net
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
SpywareBlaster 4.2
SQL2005 Service Manager
SQLXML4
Tftpd32 Standalone Edition
TrueRTA
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wmdiper
TurboTax 2008 wrapper
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
vLite
VMware Player
WIDCOMM Bluetooth Software
Windows Defender
Windows Driver Package - mikroElektronika (USB18PRG) ClassName (05/15/2007 6.0.6000.16386)
Windows Imaging Component
Windows Live Sync
Windows Media Format Runtime
Windows Presentation Foundation
Windows XP Service Pack 3
================================================== ========
Also, I run Norton Removal Tool, above log created after removal but before computer restart.
Thanks, Artur
