Two Trojans - Cannot Remove

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > HijackThis Logs and Malware Removal

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages

1 2 >

Two Trojans - Cannot Remove

Options

matt8188 View Member Profile	May 29 2008, 01:59 PM Post #1
New Member Group: Members Posts: 11 Joined: 29-May 08 Member No.: 212,625	Hello any help with my problem would be much appreciated. Recently my AVG software identified two trojans on my computer. Downloader.Delf.12.AN (acctreso.dll) and Clicker.NDN (clbs.dll). The main consequence of these trojans are that they have rapidly slowed down my computer to the point that it's taking over 10 minutes for the computer to fully start up, it's regularly crashing and there are loads of pop ups when I can finally load internet explorer. I have followed advice on other sites. I have tried different spyware removers, tried hijack this, killbox and a number of other applications but with no joy. I cannot delete the two system files acctreso.dll and clbs.dll. I'm at the point now where I am ready just to reformat the computer but after googling the problem I came accross this website. I would really appreciate if anyone can help with these problems. I have uploaded my hijack thislog. Many thanks Matt Attached File(s) hijackthis.log ( 4.71k ) Number of downloads: 13

matt8188 View Member Profile	May 30 2008, 08:24 AM Post #2
New Member Group: Members Posts: 11 Joined: 29-May 08 Member No.: 212,625	Could anyone help with this problem please?

steamwiz View Member Profile	May 30 2008, 03:11 PM Post #3
Forum Addict Group: HJT Team Posts: 1,019 Joined: 14-February 08 Member No.: 190,186	Hi First ... please Copy & paste all logs, only attach if asked to do so ... You can't delete those files because they are registered dll's and they are "in use" they must be deleted before windows loads ... I want you to run some programs for me & post the logs ... if the files are still there or there are any other problems, we'll take care of them then ... Please run a Kaspersky Online Scan Please do an online scan with Kaspersky WebScanner Click on Kaspersky Online Scanner Click Accept You will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make sure that the following are selected: Scan using the following Anti-Virus database: Extended (if available otherwise Standard) Scan Options: Scan Archives Scan Mail Bases Click OK Now under select a target to scan: Select My Computer The program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button: Once finished, save the log to your Desktop as filename KAV.txt THEN ... Please Download Malwarebytes' Anti-Malware from Here :- http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html or here :- http://www.besttechie.net/tools/mbam-setup.exe Double Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Quick Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * Copy and Paste the entire report in your next reply. THEN ... Please follow these directions to run Combofix & post a log. http://www.bleepingcomputer.com/combofix/how-to-use-combofix steam -------------------- MICROSOFT MVP - Windows Security 2004/9 member of ASAP since 2004 member of U.N.I.T.E If I have helped you, please consider a small donation to help me continue my online fight in the war against malware

matt8188 View Member Profile	Jun 1 2008, 07:35 PM Post #4
New Member Group: Members Posts: 11 Joined: 29-May 08 Member No.: 212,625	Hello, Thankyou for the reply, please find requested Malwarebytes and Combofix log info below, I have also attached the Kaspersky Online Scan log. Malwarebytes' Anti-Malware 1.14 Database version: 813 01:08:41 02/06/2008 mbam-log-6-2-2008 (01-08-41).txt Scan type: Quick Scan Objects scanned: 42282 Time elapsed: 10 minute(s), 37 second(s) Memory Processes Infected: 0 Memory Modules Infected: 2 Registry Keys Infected: 5 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 42 Files Infected: 56 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS.0\system32\acctreso.dll (Trojan.Vundo) -> Unloaded module successfully. C:\Program Files\alot\bin\alot.dll (Adware.BHO) -> Unloaded module successfully. Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\alot (Adware.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\alotToolbar (Adware.BHO) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} (Adware.BHO) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\Ares Gold (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Data (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Casino (Adware.Casino) -> Quarantined and deleted successfully. C:\Program Files\alot (Adware.BHO) -> Delete on reboot. C:\Program Files\alot\bin (Adware.BHO) -> Delete on reboot. C:\Documents and Settings\Administrator\Application Data\alot (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\BrowserSearch (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Button_0 (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Button_1 (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Button_10 (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Button_11 (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Button_2 (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Button_3 (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Button_4 (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Button_5 (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Button_6 (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Button_7 (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Button_8 (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Button_9 (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\configurator (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\ErrorSearch (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\postInstallLayout (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\products (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Resources (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\TimerManager (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\ToolbarSearch (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Updater (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Resources\Button_0 (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Resources\Button_1 (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Resources\Button_2 (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Resources\Button_3 (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Resources\Button_4 (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Resources\Button_5 (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Resources\Shared (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Resources\Button_0\images (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Resources\Button_1\images (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Resources\Button_2\images (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Resources\Button_3\images (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Resources\Button_4\images (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Resources\Button_5\images (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Resources\Shared\images (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\vic\Start Menu\Programs\WhenU (Adware.WhenUSave) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS.0\system32\acctreso.dll (Trojan.Vundo) -> Delete on reboot. C:\Program Files\alot\bin\alot.dll (Adware.BHO) -> Delete on reboot. C:\Program Files\Ares Gold\Data\cache.net (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Data\MyMedia.edb (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Data\searchkeys.dat (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Data\ultracache.net (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\Ares Gold\Data\webcache.net (Adware.WhenUSave) -> Quarantined and deleted successfully. C:\Program Files\alot\alotUninst.exe (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\toolbar.xml (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\BrowserSearch\BrowserSearch.xml (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\BrowserSearch\BrowserSearch.xml.backup (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Button_0\Button_0.xml (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Button_0\Button_0.xml.backup (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Button_1\Button_1.xml (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Button_1\Button_1.xml.backup (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Button_10\Button_10.xml (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Button_10\Button_10.xml.backup (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Button_11\Button_11.xml (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Button_11\Button_11.xml.backup (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Button_2\Button_2.xml (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Button_2\Button_2.xml.backup (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Button_3\Button_3.xml (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Button_3\Button_3.xml.backup (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Button_4\Button_4.xml (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Button_4\Button_4.xml.backup (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Button_5\Button_5.xml (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Button_5\Button_5.xml.backup (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Button_6\Button_6.xml (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Button_6\Button_6.xml.backup (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Button_7\Button_7.xml (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Button_7\Button_7.xml.backup (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Button_8\Button_8.xml (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Button_8\Button_8.xml.backup (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Button_9\Button_9.xml (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Button_9\Button_9.xml.backup (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\configurator\configurator.xml (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\configurator\configurator.xml.backup (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\ErrorSearch\ErrorSearch.xml (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\ErrorSearch\ErrorSearch.xml.backup (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\postInstallLayout\postInstallLayout.xml (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\products\products.xml (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\products\products.xml.backup (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Resources\Button_0\images\alot_icon_35x16.bmp (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Resources\Button_1\images\alot_search_24x16.bmp (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Resources\Button_2\images\default_233_alot_music_musicsearch.bmp (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Resources\Button_3\images\default_234_alot_music_onlineradio.bmp (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Resources\Button_4\images\default_317_alot_music_mymusic.bmp (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Resources\Button_5\images\default_232_alot_mrkt_tv_play.bmp (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Resources\Shared\images\alot_brand.png (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\TimerManager\TimerManager.xml (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\TimerManager\TimerManager.xml.backup (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\ToolbarSearch\ToolbarSearch.xml (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Updater\Updater.xml (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\alot\Updater\Updater.xml.backup (Adware.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\vic\Start Menu\Programs\WhenU\Uninstall.lnk (Adware.WhenUSave) -> Quarantined and deleted successfully. ComboFix 08-05-29.1 - Administrator 2008-06-02 1:15:18.2 - NTFSx86 Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS.0\system32\clbs.dll . . . . failed to delete . ((((((((((((((((((((((((( Files Created from 2008-05-02 to 2008-06-02 ))))))))))))))))))))))))))))))) . 2008-06-02 00:38 . 2008-06-02 00:38 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-06-02 00:38 . 2008-06-02 00:38 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Malwarebytes 2008-06-02 00:38 . 2008-06-02 00:38 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes 2008-06-02 00:38 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS.0\system32\drivers\mbamcatchme.sys 2008-06-02 00:38 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS.0\system32\drivers\mbam.sys 2008-06-01 20:41 . 2008-06-01 20:41 <DIR> d-------- C:\WINDOWS.0\system32\Kaspersky Lab 2008-06-01 20:41 . 2008-06-01 20:41 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Kaspersky Lab 2008-06-01 17:07 . 2008-06-01 17:07 <DIR> d-------- C:\Program Files\Common Files\Apple 2008-05-31 21:07 . 2008-05-31 21:07 <DIR> d--h----- C:\WINDOWS.0\$hf_mig$ 2008-05-31 20:58 . 2008-05-31 20:58 <DIR> d-------- C:\WINDOWS.0\%DownloadedProgramFiles% 2008-05-31 20:56 . 2006-07-27 13:52 367 --a------ C:\WINDOWS.0\system32\LegitCheckControl.inf 2008-05-31 08:38 . 2008-05-31 08:38 <DIR> d-------- C:\WINDOWS.0\system32\xircom 2008-05-31 08:38 . 2008-05-31 08:38 <DIR> d-------- C:\WINDOWS.0\mui 2008-05-31 08:37 . 2008-05-31 08:37 <DIR> d-------- C:\WINDOWS.0\msagent 2008-05-30 20:41 . 2006-10-04 15:06 1,197,294 -----c--- C:\WINDOWS.0\system32\dllcache\sysmain.sdb 2008-05-30 20:41 . 2006-10-04 15:06 764,868 -----c--- C:\WINDOWS.0\system32\dllcache\apph_sp.sdb 2008-05-30 20:41 . 2006-10-04 15:06 217,118 -----c--- C:\WINDOWS.0\system32\dllcache\apphelp.sdb 2008-05-30 20:34 . 2008-05-30 20:34 <DIR> d-------- C:\Program Files\Windows Media Connect 2 2008-05-29 22:36 . 2008-05-29 22:36 <DIR> d-------- C:\WINDOWS.0\system32\LogFiles 2008-05-29 22:36 . 2008-05-30 20:25 <DIR> d-------- C:\WINDOWS.0\system32\drivers\UMDF 2008-05-29 22:35 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS.0\system32\spupdsvc.exe 2008-05-29 21:51 . 2008-05-29 21:51 <DIR> d-------- C:\Program Files\Channel4 2008-05-29 21:49 . 2008-05-29 21:49 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Channel4 2008-05-26 19:23 . 2008-05-27 18:48 <DIR> d-------- C:\!KillBox 2008-05-26 17:36 . 2008-05-26 17:36 <DIR> d-------- C:\WINDOWS.0\F8BA8B13856D4DFBA28F7EC868142453.TMP 2008-05-25 01:32 . 2008-05-25 01:32 <DIR> d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\ymjmieen 2008-05-22 22:10 . 2008-05-22 22:10 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ymjmieen 2008-05-22 22:07 . 2008-05-22 22:07 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SuperAdBlocker.com 2008-05-22 22:06 . 2008-05-22 22:14 <DIR> d-------- C:\Program Files\SuperAdBlocker.com 2008-05-22 22:03 . 2008-05-22 22:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-05-21 00:09 . 2008-05-21 00:09 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Avg7 2008-05-21 00:02 . 2008-06-02 01:20 54,156 --ah----- C:\WINDOWS.0\QTFont.qfn 2008-05-21 00:02 . 2008-06-01 17:09 1,409 --a------ C:\WINDOWS.0\QTFont.for 2008-05-20 23:51 . 2008-05-20 23:51 <DIR> d-------- C:\Program Files\Bonjour 2008-05-20 23:03 . 2008-05-20 23:04 <DIR> d-------- C:\Program Files\Apple Software Update 2008-05-20 23:00 . 2008-06-01 18:47 <DIR> d----c--- C:\WINDOWS.0\system32\DRVSTORE 2008-05-20 22:54 . 2008-05-20 22:54 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Apple 2008-05-07 20:59 . 2008-05-22 22:06 <DIR> d-------- C:\Program Files\Common Files\Mozilla Shared 2008-05-07 20:58 . 2008-05-07 20:58 20,608 --a------ C:\WINDOWS.0\system32\drivers\lfhboxfp.dat 2008-05-06 20:10 . 2008-06-02 01:08 88,064 --a------ C:\WINDOWS.0\system32\acctreso.dll 2008-05-05 22:47 . 2008-05-05 22:47 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Ahead 2008-05-05 10:52 . 2008-05-05 10:56 1,992 --a------ C:\WINDOWS.0\desctemp.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-02 00:22 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Kontiki 2008-06-01 16:08 --------- d-----w C:\Program Files\iTunes 2008-06-01 16:08 --------- d-----w C:\Program Files\iPod 2008-05-30 06:57 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent 2008-05-29 21:36 --------- d-----w C:\Program Files\eMule 2008-05-29 20:51 --------- d-----w C:\Program Files\Kontiki 2008-05-26 15:55 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Lavasoft 2008-05-22 22:17 --------- d-----w C:\Program Files\MyEmoticons 2008-05-20 23:09 --------- d-----w C:\Program Files\Absolute Poker 2008-05-20 22:46 --------- d-----w C:\Program Files\QuickTime Alternative 2008-05-20 22:33 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Apple Computer 2008-05-20 21:17 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Apple Computer 2008-05-20 21:06 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-05-20 20:26 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Spybot - Search & Destroy 2008-05-05 21:47 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Ahead 2008-05-01 08:17 --------- d-----w C:\Program Files\UltimateBet 2008-04-20 22:27 --------- d-----w C:\Program Files\Winamp 2008-04-20 22:00 --------- d-----w C:\Program Files\Common Files\Ahead 2008-04-20 21:57 --------- d-----w C:\Program Files\Nero 2008-04-20 21:57 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Nero 2008-04-20 19:24 --------- d-----w C:\Program Files\Ahead 2006-03-25 23:51 774,144 ----a-w C:\Program Files\RngInterstitial.dll . ------- Sigcheck ------- 2008-03-02 00:36 359936 780fe678dde99b809e8336fb74d587a1 C:\WINDOWS.0\system32\dllcache\TCPIP.SYS 2008-03-02 00:36 359936 780fe678dde99b809e8336fb74d587a1 C:\WINDOWS.0\system32\drivers\TCPIP.SYS . ((((((((((((((((((((((((((((( snapshot@2008-05-31_ 0.14.02.18 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-30 23:08:28 2,048 --s-a-w C:\WINDOWS.0\bootstat.dat + 2008-06-02 00:19:39 2,048 --s-a-w C:\WINDOWS.0\bootstat.dat + 2002-12-31 12:00:00 61,440 -c----w C:\WINDOWS.0\ie7\admparse.dll + 2002-12-31 12:00:00 99,840 -c----w C:\WINDOWS.0\ie7\advpack.dll + 2002-12-31 12:00:00 1,019,904 -c----w C:\WINDOWS.0\ie7\browseui.dll + 2002-12-31 12:00:00 35,328 -c----w C:\WINDOWS.0\ie7\corpol.dll + 2002-12-31 12:00:00 357,888 -c----w C:\WINDOWS.0\ie7\dxtmsft.dll + 2002-12-31 12:00:00 201,728 -c----w C:\WINDOWS.0\ie7\dxtrans.dll + 2002-12-31 12:00:00 55,808 -c----w C:\WINDOWS.0\ie7\extmgr.dll + 2002-12-31 12:00:00 38,912 -c----w C:\WINDOWS.0\ie7\hmmapi.dll + 2002-12-31 12:00:00 34,304 -c----w C:\WINDOWS.0\ie7\ie4uinit.exe + 2002-12-31 12:00:00 139,264 -c----w C:\WINDOWS.0\ie7\ieakeng.dll + 2002-12-31 12:00:00 216,576 -c----w C:\WINDOWS.0\ie7\ieaksie.dll + 2002-12-31 12:00:00 221,184 -c----w C:\WINDOWS.0\ie7\ieakui.dll + 2002-12-31 12:00:00 323,584 -c----w C:\WINDOWS.0\ie7\iedkcs32.dll + 2002-12-31 12:00:00 18,432 -c----w C:\WINDOWS.0\ie7\iedw.exe + 2002-12-31 12:00:00 81,920 -c----w C:\WINDOWS.0\ie7\ieencode.dll + 2002-12-31 12:00:00 250,880 -c----w C:\WINDOWS.0\ie7\iepeers.dll + 2002-12-31 12:00:00 48,640 -c----w C:\WINDOWS.0\ie7\iernonce.dll + 2002-12-31 12:00:00 62,976 -c----w C:\WINDOWS.0\ie7\iesetup.dll + 2002-12-31 12:00:00 93,184 -c----w C:\WINDOWS.0\ie7\iexplore.exe + 2002-12-31 12:00:00 35,840 -c----w C:\WINDOWS.0\ie7\imgutil.dll + 2002-12-31 12:00:00 96,256 -c----w C:\WINDOWS.0\ie7\inseng.dll + 2002-12-31 12:00:00 450,560 -c----w C:\WINDOWS.0\ie7\jscript.dll + 2002-12-31 12:00:00 15,872 -c----w C:\WINDOWS.0\ie7\jsproxy.dll + 2002-12-31 12:00:00 22,016 -c----w C:\WINDOWS.0\ie7\licmgr10.dll + 2002-12-31 12:00:00 29,184 -c----w C:\WINDOWS.0\ie7\mshta.exe + 2002-12-31 12:00:00 3,014,144 -c----w C:\WINDOWS.0\ie7\mshtml.dll + 2002-12-31 12:00:00 448,512 -c----w C:\WINDOWS.0\ie7\mshtmled.dll + 2002-12-31 12:00:00 56,832 -c----w C:\WINDOWS.0\ie7\mshtmler.dll + 2002-12-31 12:00:00 146,432 -c----w C:\WINDOWS.0\ie7\msls31.dll + 2002-12-31 12:00:00 146,432 -c----w C:\WINDOWS.0\ie7\msrating.dll + 2002-12-31 12:00:00 530,432 -c----w C:\WINDOWS.0\ie7\mstime.dll + 2002-12-31 12:00:00 96,256 -c----w C:\WINDOWS.0\ie7\occache.dll + 2002-12-31 12:00:00 39,424 -c----w C:\WINDOWS.0\ie7\pngfilt.dll + 2002-12-31 12:00:00 1,484,800 -c----w C:\WINDOWS.0\ie7\shdocvw.dll + 2002-12-31 12:00:00 473,600 -c----w C:\WINDOWS.0\ie7\shlwapi.dll + 2006-01-20 13:33:12 238,400 -c----w C:\WINDOWS.0\ie7\spuninst\iecustom.dll + 2006-09-06 16:43:16 213,216 -c----w C:\WINDOWS.0\ie7\spuninst\spuninst.exe + 2006-09-06 16:43:18 371,424 -c----w C:\WINDOWS.0\ie7\spuninst\updspapi.dll + 2002-12-31 12:00:00 37,888 -c----w C:\WINDOWS.0\ie7\url.dll + 2002-12-31 12:00:00 608,256 -c----w C:\WINDOWS.0\ie7\urlmon.dll + 2002-12-31 12:00:00 417,792 -c----w C:\WINDOWS.0\ie7\vbscript.dll + 2002-12-31 12:00:00 848,896 -c----w C:\WINDOWS.0\ie7\vgx.dll + 2002-12-31 12:00:00 276,480 -c----w C:\WINDOWS.0\ie7\webcheck.dll + 2002-12-31 12:00:00 658,944 -c----w C:\WINDOWS.0\ie7\wininet.dll + 2008-06-01 17:48:01 4,456,448 ----a-r C:\WINDOWS.0\Installer\{20ED157B-1A84-4DF7-945E-4951A38A9CBA}\iPodResetUtility.exe - 2008-05-20 23:02:18 102,400 ----a-r C:\WINDOWS.0\Installer\{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}\iTunesIco.exe + 2008-06-01 16:09:02 102,400 ----a-r C:\WINDOWS.0\Installer\{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}\iTunesIco.exe - 2002-12-31 12:00:00 61,440 ----a-w C:\WINDOWS.0\system32\admparse.dll + 2006-10-17 12:01:08 71,680 ----a-w C:\WINDOWS.0\system32\admparse.dll - 2002-12-31 12:00:00 99,840 ----a-w C:\WINDOWS.0\system32\advpack.dll + 2006-10-17 12:00:50 123,904 ----a-w C:\WINDOWS.0\system32\advpack.dll - 2002-12-31 12:00:00 1,019,904 ----a-w C:\WINDOWS.0\system32\browseui.dll + 2006-09-23 12:12:50 1,022,976 ----a-w C:\WINDOWS.0\system32\browseui.dll + 2006-10-17 12:01:08 71,680 -c----w C:\WINDOWS.0\system32\dllcache\admparse.dll + 2006-10-17 12:00:50 123,904 -c----w C:\WINDOWS.0\system32\dllcache\advpack.dll + 2006-09-23 12:12:50 1,022,976 -c----w C:\WINDOWS.0\system32\dllcache\browseui.dll + 2006-10-17 12:03:56 17,408 -c----w C:\WINDOWS.0\system32\dllcache\corpol.dll + 2006-10-17 12:33:40 33,792 -c----w C:\WINDOWS.0\system32\dllcache\custsat.dll + 2006-10-17 11:58:06 346,624 -c----w C:\WINDOWS.0\system32\dllcache\dxtmsft.dll + 2006-10-17 11:57:50 214,528 -c----w C:\WINDOWS.0\system32\dllcache\dxtrans.dll + 2006-10-17 12:33:40 131,584 -c----w C:\WINDOWS.0\system32\dllcache\extmgr.dll + 2006-10-17 11:44:36 60,416 -c----w C:\WINDOWS.0\system32\dllcache\hmmapi.dll + 2006-10-17 12:00:56 54,784 -c----w C:\WINDOWS.0\system32\dllcache\ie4uinit.exe + 2006-10-17 12:01:20 152,064 -c----w C:\WINDOWS.0\system32\dllcache\ieakeng.dll + 2006-10-17 12:01:34 229,376 -c----w C:\WINDOWS.0\system32\dllcache\ieaksie.dll + 2006-10-17 11:23:08 161,792 -c----w C:\WINDOWS.0\system32\dllcache\ieakui.dll + 2006-10-17 12:01:22 382,976 -c----w C:\WINDOWS.0\system32\dllcache\iedkcs32.dll + 2006-10-17 12:04:50 69,120 -c----w C:\WINDOWS.0\system32\dllcache\iedw.exe + 2006-10-17 12:06:00 78,336 -c----w C:\WINDOWS.0\system32\dllcache\ieencode.dll + 2006-10-17 12:33:40 191,488 -c----w C:\WINDOWS.0\system32\dllcache\iepeers.dll + 2006-10-17 12:00:58 43,008 -c----w C:\WINDOWS.0\system32\dllcache\iernonce.dll + 2006-10-17 12:01:06 55,296 -c----w C:\WINDOWS.0\system32\dllcache\iesetup.dll + 2006-10-17 12:04:40 622,080 -c----w C:\WINDOWS.0\system32\dllcache\iexplore.exe + 2006-10-17 11:57:58 36,352 -c----w C:\WINDOWS.0\system32\dllcache\imgutil.dll + 2006-10-17 12:00:54 92,672 -c----w C:\WINDOWS.0\system32\dllcache\inseng.dll + 2006-10-17 12:00:00 491,520 -c----w C:\WINDOWS.0\system32\dllcache\jscript.dll + 2006-10-17 12:33:40 27,136 -c----w C:\WINDOWS.0\system32\dllcache\jsproxy.dll + 2006-10-17 12:05:10 40,960 -c----w C:\WINDOWS.0\system32\dllcache\licmgr10.dll + 2006-10-17 11:56:10 45,568 -c----w C:\WINDOWS.0\system32\dllcache\mshta.exe + 2006-10-17 12:33:42 3,577,856 -c----w C:\WINDOWS.0\system32\dllcache\mshtml.dll + 2006-10-17 12:33:40 475,648 -c----w C:\WINDOWS.0\system32\dllcache\mshtmled.dll + 2006-10-17 11:28:56 48,128 -c----w C:\WINDOWS.0\system32\dllcache\mshtmler.dll + 2006-10-17 12:33:40 156,160 -c----w C:\WINDOWS.0\system32\dllcache\msls31.dll + 2006-10-17 12:05:10 192,000 -c----w C:\WINDOWS.0\system32\dllcache\msrating.dll + 2006-10-17 12:33:40 670,720 -c----w C:\WINDOWS.0\system32\dllcache\mstime.dll + 2006-10-17 12:04:46 101,376 -c----w C:\WINDOWS.0\system32\dllcache\occache.dll + 2006-10-17 11:58:08 44,544 -c----w C:\WINDOWS.0\system32\dllcache\pngfilt.dll + 2006-09-23 12:12:50 1,497,088 -c----w C:\WINDOWS.0\system32\dllcache\shdocvw.dll + 2006-09-23 12:12:50 474,112 -c----w C:\WINDOWS.0\system32\dllcache\shlwapi.dll + 2006-10-17 12:05:22 105,984 -c----w C:\WINDOWS.0\system32\dllcache\url.dll + 2006-10-17 12:33:40 1,162,240 -c----w C:\WINDOWS.0\system32\dllcache\urlmon.dll + 2006-10-17 12:33:40 413,696 -c----w C:\WINDOWS.0\system32\dllcache\vbscript.dll + 2006-10-17 12:33:40 765,952 -c----w C:\WINDOWS.0\system32\dllcache\VGX.dll + 2006-10-17 12:33:40 231,424 -c----w C:\WINDOWS.0\system32\dllcache\webcheck.dll + 2006-10-17 12:33:40 818,688 -c----w C:\WINDOWS.0\system32\dllcache\wininet.dll + 2008-04-23 19:28:18 68,216 -c--a-w C:\WINDOWS.0\system32\DRVSTORE\StMp3Rec_5C7ED6AF794D3543E9BAAF5776DB8EFD2139DA58\StMp3Rec.sys + 2008-02-18 10:16:24 30,464 -c--a-w C:\WINDOWS.0\system32\DRVSTORE\usbaapl_4351B7DAFF62FD33510D77DFAE3CF8CC82517571\usbaapl.sys - 2002-12-31 12:00:00 357,888 ----a-w C:\WINDOWS.0\system32\dxtmsft.dll + 2006-10-17 11:58:06 346,624 ----a-w C:\WINDOWS.0\system32\dxtmsft.dll - 2002-12-31 12:00:00 201,728 ----a-w C:\WINDOWS.0\system32\dxtrans.dll + 2006-10-17 11:57:50 214,528 ----a-w C:\WINDOWS.0\system32\dxtrans.dll - 2002-12-31 12:00:00 55,808 ----a-w C:\WINDOWS.0\system32\extmgr.dll + 2006-10-17 12:33:40 131,584 ----a-w C:\WINDOWS.0\system32\extmgr.dll + 2006-10-17 11:58:20 61,952 ------w C:\WINDOWS.0\system32\icardie.dll + 2006-06-29 07:05:44 26,112 ------w C:\WINDOWS.0\system32\idndl.dll - 2002-12-31 12:00:00 34,304 ----a-w C:\WINDOWS.0\system32\ie4uinit.exe + 2006-10-17 12:00:56 54,784 ----a-w C:\WINDOWS.0\system32\ie4uinit.exe - 2002-12-31 12:00:00 139,264 ----a-w C:\WINDOWS.0\system32\ieakeng.dll + 2006-10-17 12:01:20 152,064 ----a-w C:\WINDOWS.0\system32\ieakeng.dll - 2002-12-31 12:00:00 216,576 ----a-w C:\WINDOWS.0\system32\ieaksie.dll + 2006-10-17 12:01:34 229,376 ----a-w C:\WINDOWS.0\system32\ieaksie.dll - 2002-12-31 12:00:00 221,184 ----a-w C:\WINDOWS.0\system32\ieakui.dll + 2006-10-17 11:23:08 161,792 ----a-w C:\WINDOWS.0\system32\ieakui.dll + 2006-09-05 23:01:26 2,451,824 ------w C:\WINDOWS.0\system32\ieapfltr.dat + 2006-10-17 11:27:56 380,928 ------w C:\WINDOWS.0\system32\ieapfltr.dll - 2002-12-31 12:00:00 323,584 ----a-w C:\WINDOWS.0\system32\iedkcs32.dll + 2006-10-17 12:01:22 382,976 ----a-w C:\WINDOWS.0\system32\iedkcs32.dll - 2002-12-31 12:00:00 81,920 ----a-w C:\WINDOWS.0\system32\ieencode.dll + 2006-10-17 12:06:00 78,336 ----a-w C:\WINDOWS.0\system32\ieencode.dll + 2006-10-17 12:33:42 6,049,280 ------w C:\WINDOWS.0\system32\ieframe.dll - 2002-12-31 12:00:00 250,880 ----a-w C:\WINDOWS.0\system32\iepeers.dll + 2006-10-17 12:33:40 191,488 ----a-w C:\WINDOWS.0\system32\iepeers.dll - 2002-12-31 12:00:00 48,640 ----a-w C:\WINDOWS.0\system32\iernonce.dll + 2006-10-17 12:00:58 43,008 ----a-w C:\WINDOWS.0\system32\iernonce.dll + 2006-10-17 11:57:20 266,752 ------w C:\WINDOWS.0\system32\iertutil.dll - 2002-12-31 12:00:00 62,976 ----a-w C:\WINDOWS.0\system32\iesetup.dll + 2006-10-17 12:01:06 55,296 ----a-w C:\WINDOWS.0\system32\iesetup.dll + 2006-10-17 12:01:00 13,312 ----a-w C:\WINDOWS.0\system32\ieudinit.exe + 2006-10-17 12:33:40 180,736 ------w C:\WINDOWS.0\system32\ieui.dll - 2002-12-31 12:00:00 35,840 ----a-w C:\WINDOWS.0\system32\imgutil.dll + 2006-10-17 11:57:58 36,352 ----a-w C:\WINDOWS.0\system32\imgutil.dll - 2002-12-31 12:00:00 96,256 ----a-w C:\WINDOWS.0\system32\inseng.dll + 2006-10-17 12:00:54 92,672 ----a-w C:\WINDOWS.0\system32\inseng.dll - 2002-12-31 12:00:00 450,560 ----a-w C:\WINDOWS.0\system32\jscript.dll + 2006-10-17 12:00:00 491,520 ----a-w C:\WINDOWS.0\system32\jscript.dll - 2002-12-31 12:00:00 15,872 ----a-w C:\WINDOWS.0\system32\jsproxy.dll + 2006-10-17 12:33:40 27,136 ----a-w C:\WINDOWS.0\system32\jsproxy.dll + 2005-05-24 11:27:16 213,048 ----a-w C:\WINDOWS.0\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll + 2007-08-29 14:47:20 94,208 ----a-w C:\WINDOWS.0\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe + 2007-08-29 14:49:54 950,272 ----a-w C:\WINDOWS.0\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll - 2008-03-20 17:06:36 1,480,232 ----a-w C:\WINDOWS.0\system32\LegitCheckControl.DLL + 2006-09-12 06:08:02 1,484,592 ----a-w C:\WINDOWS.0\system32\LegitCheckControl.dll - 2002-12-31 12:00:00 22,016 ----a-w C:\WINDOWS.0\system32\licmgr10.dll + 2006-10-17 12:05:10 40,960 ----a-w C:\WINDOWS.0\system32\licmgr10.dll + 2006-10-17 12:33:40 458,752 ------w C:\WINDOWS.0\system32\msfeeds.dll + 2006-10-17 12:33:40 50,688 ------w C:\WINDOWS.0\system32\msfeedsbs.dll + 2006-10-17 11:58:32 12,288 ------w C:\WINDOWS.0\system32\msfeedssync.exe - 2002-12-31 12:00:00 29,184 ----a-w C:\WINDOWS.0\system32\mshta.exe + 2006-10-17 11:56:10 45,568 ----a-w C:\WINDOWS.0\system32\mshta.exe - 2002-12-31 12:00:00 3,014,144 ----a-w C:\WINDOWS.0\system32\mshtml.dll + 2006-10-17 12:33:42 3,577,856 ----a-w C:\WINDOWS.0\system32\mshtml.dll - 2002-12-31 12:00:00 448,512 ----a-w C:\WINDOWS.0\system32\mshtmled.dll + 2006-10-17 12:33:40 475,648 ----a-w C:\WINDOWS.0\system32\mshtmled.dll - 2002-12-31 12:00:00 56,832 ----a-w C:\WINDOWS.0\system32\mshtmler.dll + 2006-10-17 11:28:56 48,128 ----a-w C:\WINDOWS.0\system32\mshtmler.dll - 2002-12-31 12:00:00 146,432 ----a-w C:\WINDOWS.0\system32\msls31.dll + 2006-10-17 12:33:40 156,160 ----a-w C:\WINDOWS.0\system32\msls31.dll - 2002-12-31 12:00:00 146,432 ----a-w C:\WINDOWS.0\system32\msrating.dll + 2006-10-17 12:05:10 192,000 ----a-w C:\WINDOWS.0\system32\msrating.dll - 2002-12-31 12:00:00 530,432 ----a-w C:\WINDOWS.0\system32\mstime.dll + 2006-10-17 12:33:40 670,720 ----a-w C:\WINDOWS.0\system32\mstime.dll + 2006-06-28 16:59:26 24,576 ------w C:\WINDOWS.0\system32\nlsdl.dll + 2006-06-29 07:05:44 23,552 ------w C:\WINDOWS.0\system32\normaliz.dll - 2002-12-31 12:00:00 96,256 ----a-w C:\WINDOWS.0\system32\occache.dll + 2006-10-17 12:04:46 101,376 ----a-w C:\WINDOWS.0\system32\occache.dll - 2008-05-30 21:36:41 63,188 ----a-w C:\WINDOWS.0\system32\perfc009.dat + 2008-06-02 00:16:12 63,188 ----a-w C:\WINDOWS.0\system32\perfc009.dat - 2008-05-30 21:36:41 403,968 ----a-w C:\WINDOWS.0\system32\perfh009.dat + 2008-06-02 00:16:12 403,968 ----a-w C:\WINDOWS.0\system32\perfh009.dat - 2002-12-31 12:00:00 39,424 ----a-w C:\WINDOWS.0\system32\pngfilt.dll + 2006-10-17 11:58:08 44,544 ----a-w C:\WINDOWS.0\system32\pngfilt.dll - 2002-12-31 12:00:00 1,484,800 ----a-w C:\WINDOWS.0\system32\shdocvw.dll + 2006-09-23 12:12:50 1,497,088 ----a-w C:\WINDOWS.0\system32\shdocvw.dll - 2002-12-31 12:00:00 473,600 ----a-w C:\WINDOWS.0\system32\shlwapi.dll + 2006-09-23 12:12:50 474,112 ----a-w C:\WINDOWS.0\system32\shlwapi.dll - 2002-12-31 12:00:00 37,888 ----a-w C:\WINDOWS.0\system32\url.dll + 2006-10-17 12:05:22 105,984 ----a-w C:\WINDOWS.0\system32\url.dll - 2002-12-31 12:00:00 608,256 ----a-w C:\WINDOWS.0\system32\urlmon.dll + 2006-10-17 12:33:40 1,162,240 ----a-w C:\WINDOWS.0\system32\urlmon.dll - 2002-12-31 12:00:00 417,792 ----a-w C:\WINDOWS.0\system32\vbscript.dll + 2006-10-17 12:33:40 413,696 ----a-w C:\WINDOWS.0\system32\vbscript.dll - 2002-12-31 12:00:00 276,480 ----a-w C:\WINDOWS.0\system32\webcheck.dll + 2006-10-17 12:33:40 231,424 ----a-w C:\WINDOWS.0\system32\webcheck.dll + 2006-10-17 12:05:58 206,336 ------w C:\WINDOWS.0\system32\WinFXDocObj.exe - 2002-12-31 12:00:00 658,944 ----a-w C:\WINDOWS.0\system32\wininet.dll + 2006-10-17 12:33:40 818,688 ----a-w C:\WINDOWS.0\system32\wininet.dll + 2006-07-14 15:51:51 121,856 ------w C:\WINDOWS.0\system32\xmllite.dll + 2008-06-02 00:19:49 16,384 ----atw C:\WINDOWS.0\Temp\Perflib_Perfdata_6b8.dat . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B80E9EF-66A0-40C7-856E-916C0CDA78A7}] 2002-12-31 13:00 81920 --a------ c:\windows.0\system32\clbs.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A98E2672-774B-4802-86EF-3E6D47CB989A}] 2008-06-02 01:08 88064 --a------ C:\WINDOWS.0\system32\acctreso.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "kdx"="C:\Program Files\Kontiki\KHost.exe" [2007-11-14 18:53 1032376] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SiS Tray"="C:\WINDOWS\system32\sistray.EXE" [2003-10-30 23:10 667648] "4oD"="C:\Program Files\Kontiki\KHost.exe" [2007-11-14 18:53 1032376] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "combofix"="C:\WINDOWS.0\system32\CF13735.exe" [2002-12-31 13:00 389120] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] "washindex"="C:\Program Files\Washer\washidx.exe" [2002-07-17 12:07 33792] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000D7}"= C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSEHB.DLL [2006-11-07 12:58 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rvqvufoh] clbs.dll 2002-12-31 13:00 81920 C:\WINDOWS.0\system32\clbs.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.HFYU"= huffyuv.dll "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll "msacm.divxa32"= DivXa32.acm "msacm.avis"= ff_acm.acm "vidc.i263"= C:\WINDOWS.0\system32\i263_32.drv "msacm.imc"= C:\WINDOWS.0\system32\imc32.acm [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Start Menu^Programs^Startup^BlueSoleil.lnk] path=C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\BlueSoleil.lnk backup=C:\WINDOWS.0\pss\BlueSoleil.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] path=C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\Kodak EasyShare software.lnk backup=C:\WINDOWS.0\pss\Kodak EasyShare software.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer] --a------ 2003-03-20 22:21 1855488 C:\WINDOWS.0\mixer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] --a------ 2006-10-27 01:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx] --a------ 2007-11-14 18:53 1032376 C:\Program Files\Kontiki\KHost.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS.0\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2002-12-31 13:00 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime Alternative\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics] --a------ 2007-06-11 08:06 901120 C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperAdBlocker] --a------ 2007-08-01 09:28 1564672 C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2007-09-30 03:18 24576 C:\Program Files\Winamp\Winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\workflow] E:\installs\workflow.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "C:\\Documents and Settings\\Administrator\\My Documents\\BlueSoleil.exe"= "C:\\Program Files\\Kontiki\\KService.exe"= "C:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "C:\\Program Files\\SopCast\\SopCast.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\BitTornado\\btdownloadgui.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\WINDOWS.0\\explorer.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "34320:TCP"= 34320:TCP:@xpsp2res.dll,-22009 "80:TCP"= 80:TCP:@xpsp2res.dll,-22009 "44062:TCP"= 44062:TCP:@xpsp2res.dll,-22009 "6860:TCP"= 6860:TCP:@xpsp2res.dll,-22009 "5923:TCP"= 5923:TCP:@xpsp2res.dll,-22009 "28078:TCP"= 28078:TCP:@xpsp2res.dll,-22009 "45873:TCP"= 45873:TCP:@xpsp2res.dll,-22009 "421:TCP"= 421:TCP:@xpsp2res.dll,-22009 "10415:TCP"= 10415:TCP:@xpsp2res.dll,-22009 "32539:TCP"= 32539:TCP:@xpsp2res.dll,-22009 "40013:TCP"= 40013:TCP:@xpsp2res.dll,-22009 "27804:TCP"= 27804:TCP:@xpsp2res.dll,-22009 "29052:TCP"= 29052:TCP:@xpsp2res.dll,-22009 "39424:TCP"= 39424:TCP:@xpsp2res.dll,-22009 R0 geiawbxn;geiawbxn;C:\WINDOWS.0\system32\drivers\geiawbxn.sys [2002-12-31 13:00] R1 SABDIFSV;SABDIFSV;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABDIFSV.SYS [2005-09-21 11:17] R1 SABKUTIL;SABKUTIL;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [2007-02-20 16:02] R3 cmipci;CMI8738/8768 Audio Driver;C:\WINDOWS.0\system32\drivers\cmipci.sys [2007-10-02 03:10] S3 UnlockerDriver4;UnlockerDriver4 Driver;C:\WINDOWS.0\system32\UnlockerDriver4.sys [2005-04-24 13:08] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs pneniaee . Contents of the 'Scheduled Tasks' folder "2008-05-20 22:04:43 C:\WINDOWS.0\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-02 01:20:27 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Documents and Settings\Administrator\My Documents\BTNtService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Kontiki\KService.exe C:\WINDOWS.0\system32\oodag.exe C:\Program Files\iPod\bin\iPodService.exe . ********************************************************************** . Completion time: 2008-06-02 1:25:28 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-02 00:25:24 ComboFix2.txt 2008-05-30 23:14:27 Pre-Run: 27,396,403,200 bytes free Post-Run: 27,398,549,504 bytes free 423 Attached File(s)** KAV.txt ( 115.25k ) Number of downloads: 9

matt8188 View Member Profile	Jun 2 2008, 11:59 AM Post #5
New Member Group: Members Posts: 11 Joined: 29-May 08 Member No.: 212,625	Here's my most recent hijackthis log as well; Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:58:47, on 02/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Boot mode: Normal Running processes: C:\WINDOWS.0\System32\smss.exe C:\WINDOWS.0\system32\winlogon.exe C:\WINDOWS.0\system32\services.exe C:\WINDOWS.0\system32\lsass.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\System32\svchost.exe C:\WINDOWS.0\Explorer.EXE C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE C:\WINDOWS.0\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Documents and Settings\Administrator\My Documents\BTNtService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Kontiki\KService.exe C:\WINDOWS.0\system32\oodag.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS\system32\sistray.EXE C:\Program Files\Kontiki\KHost.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Administrator\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {4B80E9EF-66A0-40C7-856E-916C0CDA78A7} - c:\windows.0\system32\clbs.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL O2 - BHO: (no name) - {A98E2672-774B-4802-86EF-3E6D47CB989A} - C:\WINDOWS.0\system32\acctreso.dll O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "Administrator" O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - http://www.williamhillcasino.com (file missing) (HKCU) O9 - Extra 'Tools' menuitem: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - http://www.williamhillcasino.com (file missing) (HKCU) O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D680E59C-EECE-4E47-8674-7D4D58BB5DE5}: NameServer = 194.168.4.100 194.168.8.100 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O20 - Winlogon Notify: rvqvufoh - C:\WINDOWS.0\SYSTEM32\clbs.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Documents and Settings\Administrator\My Documents\BTNtService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS.0\system32\oodag.exe O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE -- End of file - 5791 bytes

steamwiz View Member Profile	Jun 2 2008, 04:48 PM Post #6
Forum Addict Group: HJT Team Posts: 1,019 Joined: 14-February 08 Member No.: 190,186	Hi Do you have 2 installs of windows on the same C: partition ? Please go here and upload this file ... C:\WINDOWS.0\system32\CF13735.exe http://www.virustotal.com/flash/index_en.html Click the browse button & browse to the file on your computer Post back the results ... right click on the page > select all right click again copy post the results in your next post here... THEN do the same with this one :- C:\WINDOWS.0\system32\drivers\geiawbxn.sys steam -------------------- MICROSOFT MVP - Windows Security 2004/9 member of ASAP since 2004 member of U.N.I.T.E If I have helped you, please consider a small donation to help me continue my online fight in the war against malware

matt8188 View Member Profile	Jun 3 2008, 04:32 PM Post #7
New Member Group: Members Posts: 11 Joined: 29-May 08 Member No.: 212,625	Thank you for your reply Steam. Yes it's my girlfriend's computer, I belive she installed a newer version of XP on the computer. There was a dual boot option but I removed this as we only use one version of XP. However there still are a number of files on the computer belonging to the original version. I have searched but cannot find the file C:\WINDOWS.0\system32\CF13735.exe. It doesn't seem to be on the system anymore. I have uploaded the file C:\WINDOWS.0\system32\drivers\geiawbxn.sys. Here are the log results. Many thanks. File geiawbxn.sys received on 06.03.2008 23:22:05 (CET) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 1/32 (3.13%) Loading server information... Your file is queued in position: ___. Estimated start time is between ___ and ___ . Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result AhnLab-V3 2008.5.30.1 2008.06.03 - AntiVir 7.8.0.26 2008.06.03 - Authentium 5.1.0.4 2008.06.03 - Avast 4.8.1195.0 2008.06.03 - AVG 7.5.0.516 2008.06.03 - BitDefender 7.2 2008.06.03 - CAT-QuickHeal 9.50 2008.06.03 - ClamAV 0.92.1 2008.06.03 - DrWeb 4.44.0.09170 2008.06.03 - eSafe 7.0.15.0 2008.06.03 - eTrust-Vet 31.4.5845 2008.06.03 - Ewido 4.0 2008.06.03 - F-Prot 4.4.4.56 2008.06.02 - F-Secure 6.70.13260.0 2008.06.03 - Fortinet 3.14.0.0 2008.06.03 - GData 2.0.7306.1023 2008.06.03 - Ikarus T3.1.1.26.0 2008.06.03 - Kaspersky 7.0.0.125 2008.06.03 - McAfee 5309 2008.06.03 - Microsoft 1.3604 2008.06.03 - NOD32v2 3156 2008.06.03 - Norman 5.80.02 2008.06.03 - Panda 9.0.0.4 2008.06.03 - Prevx1 V2 2008.06.03 - Rising 20.47.12.00 2008.06.03 - Sophos 4.29.0 2008.06.03 - Sunbelt 3.0.1143.1 2008.06.03 - Symantec 10 2008.06.03 - TheHacker 6.2.92.333 2008.06.03 - VBA32 3.12.6.7 2008.06.03 - VirusBuster 4.3.26:9 2008.06.03 - Webwasher-Gateway 6.6.2 2008.06.03 BlockReason.0 Additional information File size: 22016 bytes MD5...: 85f42cd01dabda2aabb2bb918f489ba6 SHA1..: 263c0272bba48a1745a819e3f25b7823fb557f1f SHA256: 6fa2cdf52935d805f317f7c7f8a577426b9b2318de4061f1d6f90b26a0b17961 SHA512: c82f265346d722632ecd14e24d630c3dc414338bd29ddd932a7e417d523fe52a 4c07ba2f132991eb8a6ef732370953f0d284c1c322a257a6f7acd7af1850e6fe PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x14000 timedatestamp.....: 0x3b7d840a (Fri Aug 17 20:52:26 2001) machinetype.......: 0x14c (I386) ( 8 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x300 0xb87 0xc00 6.81 744c1d4043ed972652223089ed7ec56e .rdata 0xf00 0xa0 0x100 2.69 ba72c8bd86767e4d0cb57337265f18a8 PAGECDNC 0x1000 0x153a 0x1580 6.42 7d0d84f5cdac7334b8be4d257b38664b PAGECDOT 0x2580 0x1a01 0x1a80 6.41 1f3242a3a13a8e6fd232ba8fdf7ac251 INIT 0x4000 0x2b2 0x300 5.01 81ee96a8feddf761737efd8717fe6a62 .ddqn 0x4300 0xd00 0xd00 6.85 1bab2c97f1b6391e7c6bbc45366ad433 .rsrc 0x5000 0x3f0 0x400 3.33 389ca3c0de76854c5ed07faeee8cfd44 .reloc 0x5400 0x1dc 0x200 5.55 3eff2beb322e9d0cb2175ee58a54f0df ( 1 imports ) > ntoskrnl.exe: KeWaitForSingleObject, IofCallDriver, IoBuildDeviceIoControlRequest, KeInitializeEvent, KeSetEvent, RtlCompareMemory, ExFreePoolWithTag, ExAllocatePoolWithTag, IofCompleteRequest, IoSetHardErrorOrVerifyDevice, KeDelayExecutionThread, PoCallDriver, PoStartNextPowerIrp, IoDeleteDevice, IoAttachDeviceToDeviceStack, IoCreateDevice, MmLockPagableDataSection, ZwClose, RtlQueryRegistryValues, IoOpenDeviceRegistryKey, RtlWriteRegistryValue ( 0 exports ) This post has been edited by matt8188: Jun 3 2008, 04:34 PM