 Security Tool & Other spyware need help..., Security tool, and rederected webpages TheFeedYard.com |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Want a New HP LaserJet MFP? Trade in your old printer and receive $1,000 in savings!
Trade in your old printer and receive up to $1,000 in saving on a new HP LaserJet Multifunction Printer. Click here for savings!
Forum Guidelines
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.
Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help DO NOT RUN ComboFix unless requested to. Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Oct 10 2009, 07:34 PM
Post
#1
|
|
|
New Member  Group: Members Posts: 11 Joined: 9-October 09 From: USA, Midwest Member No.: 388,183  |
Moved, finally got my computer set up last week. I had my computer running for a few on the net and i picked up a windows securty pro2010. Did some google searches and came up with MBAM. Malware bytes. I ran the program and it seemed to fix everything for about 2 weeks. I then started my computer one day and noticed that my windows securty center did't start up with windows. (Also it still isnt started up.) I checked to see if my firewall was activated it said it was. I went on the net and not long found myself victum of spyware and or malware once again. This one however seemes to be more difficult to remove. And first it was a "Police Pro" or something like that. Then i got a "windows securty center" I was not able to runMBAM untill i ran it in safe mode. Everything seemed to be okay after runnning it in safe mode, Till i went back on the net and noticed now that im being rederteced to ill legitamite websites. Like "THEFEEDYARD.COM" So I did more searches yesterday and cam up with a Spybot Search and Destroy. I ran that program Wich seemed to find more malwar then MBAM. Ran it then restarted Spybot started again on windows startup ran it again. Then after that went to check back online and surf the web and im still getting them awful websites. And still my windoes securty icon fails to show up on my toolbare.. So as of right now Im in safe mode with networkeing and Hopefully somone one on here will be able to help me get threw this. For anyone that takes the time for helping me with personal help will be appreceated. Thanks again. Ill check back soon to see if there is a post back. Im also new to this thread so ill have to figure out how things work. Also everything seems to be fine in safe mode, my websites are actually going were there supposed to be going. But once every 5 mins or so i get a popup. Alot better then running it off safe mode.. But I don't want to be running in safe mode forever.... THANKS AGAIN PEOPLE i really need some help thanks..... again.... Here are my logs. Thanks again for anyone looking to take the time out for some help...
Attached File(s)
DDS.txt ( 13.28k )
Number of downloads: 5
Attach.txt ( 5.56k )
Number of downloads: 2
RootRepeal_report_10_09_09__18_38_51_.txt ( 27.81k )
Number of downloads: 1 |
 |
 
|
|
Oct 21 2009, 03:55 PM
Post
#2
|
|
 Forum Addict Group: Malware Response Team Posts: 4,879 Joined: 16-October 06 From: Southeast Finland Member No.: 90,463 |
Hi,
Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds log, please. -------------------- Microsoft MVP Consumer Security 2008 2009 2010
ASAP & UNITE member since 2006   Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please. |
|
|
|
|
Oct 24 2009, 01:47 PM
Post
#3
|
|
|
New Member Group: Members Posts: 11 Joined: 9-October 09 From: USA, Midwest Member No.: 388,183 |
Yes thank you. I will post a new dds log asap. I seem to have gotten rid of all the other malewares... I now have Antiviruspro2010. Im gonna go threw the tut on bleepings main page to see if I can rid this 2010. I'll post back soon.
Well here are my new logs, Ill check back in a lil bit.... This post has been edited by Genesys: Oct 24 2009, 02:05 PM
Attached File(s)
|
|
|
|
|
Oct 25 2009, 04:15 AM
Post
#4
|
|
|
Forum Addict Group: Malware Response Team Posts: 4,879 Joined: 16-October 06 From: Southeast Finland Member No.: 90,463 |
Hi,
uTorrent LimeWire Both above listed are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs. Please visit this webpage for download links, and instructions for running ComboFix tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix Please ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. Once installed, you should see a blue screen prompt that says: The Recovery Console was successfully installed. Please continue as follows:
When the tool is finished, it will produce a report for you. Please include the following reports for further review, and so we may continue cleansing the system: C:\ComboFix.txt New dds.txt log. A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use. -------------------- Microsoft MVP Consumer Security 2008 2009 2010
ASAP & UNITE member since 2006 Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please. |
|
|
|
|
Oct 25 2009, 12:23 PM
Post
#5
|
|
|
New Member Group: Members Posts: 11 Joined: 9-October 09 From: USA, Midwest Member No.: 388,183 |
Okay. Ran combo fix. Heres the log. Also the new dds.
ComboFix 09-10-24.06 - Papa 10/25/2009 12:11.1.2 - NTFSx86 NETWORK Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.801 [GMT -5:00] Running from: c:\documents and settings\Papa\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\78059736 c:\documents and settings\All Users\Application Data\78059736\78059736.bat c:\documents and settings\All Users\Application Data\78059736\78059736.exe c:\documents and settings\All Users\Application Data\akimiv.inf c:\documents and settings\All Users\Application Data\bycebizimi.bat c:\documents and settings\All Users\Application Data\foveqewuse.com c:\documents and settings\All Users\Application Data\kinenetinu._dl c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\documents and settings\All Users\Application Data\sejimit.sys c:\documents and settings\All Users\Application Data\xynosuja.lib c:\documents and settings\All Users\Application Data\yhope.com c:\documents and settings\All Users\Application Data\ysupojutoj.bin c:\documents and settings\All Users\Application Data\zify.com c:\documents and settings\All Users\Documents\abiw.dl c:\documents and settings\All Users\Documents\elefutiset.bat c:\documents and settings\All Users\Documents\ikari.dl c:\documents and settings\All Users\Documents\kenysinuko.sys c:\documents and settings\All Users\Documents\poxyhehuv.sys c:\documents and settings\All Users\Documents\qesarege.vbs c:\documents and settings\All Users\Documents\qylequqo.vbs c:\documents and settings\All Users\Documents\ubakomece.com c:\documents and settings\All Users\Documents\ufokoxu.bat c:\documents and settings\All Users\Documents\xageqadohe.dll c:\documents and settings\All Users\Documents\yvihih._dl c:\documents and settings\All Users\Documents\zedagyriwu.inf c:\documents and settings\Papa\Application Data\ilame.vbs c:\documents and settings\Papa\Application Data\iniasd.txt c:\documents and settings\Papa\Application Data\qudijov.lib c:\documents and settings\Papa\Application Data\uvokoji.bin c:\documents and settings\Papa\Application Data\virefiwyfu.dl c:\documents and settings\Papa\Application Data\xetukyro.sys c:\documents and settings\Papa\Cookies\bobonu.db c:\documents and settings\Papa\Cookies\colificab.pif c:\documents and settings\Papa\Cookies\dywocoby.ban c:\documents and settings\Papa\Cookies\ebohu.sys c:\documents and settings\Papa\Cookies\ekaqy.scr c:\documents and settings\Papa\Cookies\fador.dll c:\documents and settings\Papa\Cookies\faqozyle.ban c:\documents and settings\Papa\Cookies\gazetybeh.inf c:\documents and settings\Papa\Cookies\ihekutiq.lib c:\documents and settings\Papa\Cookies\jafer.dll c:\documents and settings\Papa\Cookies\myfihuhi.reg c:\documents and settings\Papa\Cookies\nedal.vbs c:\documents and settings\Papa\Cookies\ovitohyhil.ban c:\documents and settings\Papa\Cookies\sujewoxini.com c:\documents and settings\Papa\Cookies\uzotuxa.db c:\documents and settings\Papa\Cookies\wivat.ban c:\documents and settings\Papa\Cookies\ydimovetih.ban c:\documents and settings\Papa\Cookies\yvynalebex.com c:\documents and settings\Papa\Local Settings\Application Data\aminoj._sy c:\documents and settings\Papa\Local Settings\Application Data\camefatiny.pif c:\documents and settings\Papa\Local Settings\Application Data\domuda.scr c:\documents and settings\Papa\Local Settings\Application Data\ehaw.vbs c:\documents and settings\Papa\Local Settings\Application Data\isytaxy._dl c:\documents and settings\Papa\Local Settings\Application Data\item._dl c:\documents and settings\Papa\Local Settings\Application Data\jehaxud.exe c:\documents and settings\Papa\Local Settings\Application Data\kowevuvu.sys c:\documents and settings\Papa\Local Settings\Application Data\lavicu.dl c:\documents and settings\Papa\Local Settings\Application Data\numubola.ban c:\documents and settings\Papa\Local Settings\Application Data\radimur.dl c:\documents and settings\Papa\Local Settings\Application Data\tahen.sys c:\documents and settings\Papa\Local Settings\Application Data\umelaq.sys c:\documents and settings\Papa\Local Settings\Application Data\umixu.sys c:\documents and settings\Papa\Local Settings\Application Data\upogyvyroj.com c:\documents and settings\Papa\Local Settings\Application Data\utejiq.ban c:\documents and settings\Papa\Local Settings\Application Data\wetuzylyf.exe c:\documents and settings\Papa\Local Settings\Application Data\xylyh.bin c:\documents and settings\Papa\Local Settings\Application Data\zutusof.inf c:\documents and settings\Papa\Local Settings\Application Data\zycezof.scr c:\documents and settings\Papa\ntuser.dll C:\p2hhr.bat c:\program files\AskSearch\bin\DeFAultsearch.dll c:\program files\Common Files\bevo._dl c:\program files\Common Files\detaly._dl c:\program files\Common Files\fucup.dl c:\program files\Common Files\gadirof.bin c:\program files\Common Files\hifa._dl c:\program files\Common Files\huxazy.dl c:\program files\Common Files\hyhy.bin c:\program files\Common Files\keduba.dl c:\program files\Common Files\laxobo._dl c:\program files\Common Files\lirycogehi.ban c:\program files\Common Files\omirov.com c:\program files\Common Files\pabugino.scr c:\program files\Common Files\texageg.reg c:\program files\Common Files\tukecuky.pif c:\program files\Common Files\tuliwyt.bat c:\program files\Common Files\vagezelace.reg c:\program files\Common Files\yquw.ban c:\program files\Common Files\ytevyje.dl c:\windows\alikudo._dl c:\windows\amatase.bat c:\windows\bojit._sy c:\windows\colidabeda._dl c:\windows\dexadupiji.inf c:\windows\eqafadate.dll c:\windows\fudo._sy c:\windows\guhok._dl c:\windows\hicufydo.dll c:\windows\ikuqe.reg c:\windows\ilur.bin c:\windows\ipurawumifora.dll c:\windows\jakonikit.dl c:\windows\jestertb.dll c:\windows\kyzigoq.exe c:\windows\lewywo.bat c:\windows\ninytawec.bin c:\windows\odobydu.ban c:\windows\ofixa.vbs c:\windows\ofymudow.pif c:\windows\ojagaxaze._sy c:\windows\olygy.reg c:\windows\ominimyjo.bin c:\windows\oxipymyz._dl c:\windows\oxur.exe c:\windows\ozimuduqit.inf c:\windows\ponuzi._dl c:\windows\qygiduf.inf c:\windows\system32\18467.exe c:\windows\system32\41.exe c:\windows\system32\6334.exe c:\windows\system32\aryjurexi.inf c:\windows\system32\calc.dll c:\windows\system32\comyzekis.exe c:\windows\system32\davafuhu.exe c:\windows\system32\delejome.exe c:\windows\system32\dojapode.dll c:\windows\system32\dopunidi.exe c:\windows\system32\dukeyiwa.exe c:\windows\system32\durifesu.exe c:\windows\system32\fetepaze.exe c:\windows\system32\gomebomu.exe c:\windows\system32\howiduga.exe c:\windows\system32\huvizuba.dll c:\windows\system32\images c:\windows\system32\images\i1.gif c:\windows\system32\images\i2.gif c:\windows\system32\images\i3.gif c:\windows\system32\images\j1.gif c:\windows\system32\images\j2.gif c:\windows\system32\images\j3.gif c:\windows\system32\images\jj1.gif c:\windows\system32\images\jj2.gif c:\windows\system32\images\jj3.gif c:\windows\system32\images\l1.gif c:\windows\system32\images\l2.gif c:\windows\system32\images\l3.gif c:\windows\system32\images\pix.gif c:\windows\system32\images\t1.gif c:\windows\system32\images\t2.gif c:\windows\system32\images\up1.gif c:\windows\system32\images\up2.gif c:\windows\system32\images\w1.gif c:\windows\system32\images\w11.gif c:\windows\system32\images\w2.gif c:\windows\system32\images\w3.gif c:\windows\system32\images\w3.jpg c:\windows\system32\images\wt1.gif c:\windows\system32\images\wt2.gif c:\windows\system32\images\wt3.gif c:\windows\system32\jagepeyu.dll c:\windows\system32\jiyazami.dll c:\windows\system32\jumifix.sys c:\windows\system32\kebajuvi.dll c:\windows\system32\kivereza.dll c:\windows\system32\kudafane.dll c:\windows\system32\lafokune.dll c:\windows\system32\lewuseze.exe c:\windows\system32\luyehije.exe c:\windows\system32\mirajehi.dll c:\windows\system32\mize.bin c:\windows\system32\narerope.exe c:\windows\system32\nojepake.dll c:\windows\system32\nutowuko.dll c:\windows\system32\piyudijo.exe c:\windows\system32\putabami.dll c:\windows\system32\rijilutu.dll c:\windows\system32\schtml c:\windows\system32\schtml\dbsinit.exe c:\windows\system32\schtml\images\i1.gif c:\windows\system32\schtml\images\i2.gif c:\windows\system32\schtml\images\i3.gif c:\windows\system32\schtml\images\j1.gif c:\windows\system32\schtml\images\j2.gif c:\windows\system32\schtml\images\j3.gif c:\windows\system32\schtml\images\jj1.gif c:\windows\system32\schtml\images\jj2.gif c:\windows\system32\schtml\images\jj3.gif c:\windows\system32\schtml\images\l1.gif c:\windows\system32\schtml\images\l2.gif c:\windows\system32\schtml\images\l3.gif c:\windows\system32\schtml\images\pix.gif c:\windows\system32\schtml\images\t1.gif c:\windows\system32\schtml\images\t2.gif c:\windows\system32\schtml\images\up1.gif c:\windows\system32\schtml\images\up2.gif c:\windows\system32\schtml\images\w1.gif c:\windows\system32\schtml\images\w11.gif c:\windows\system32\schtml\images\w2.gif c:\windows\system32\schtml\images\w3.gif c:\windows\system32\schtml\images\w3.jpg c:\windows\system32\schtml\images\word.doc c:\windows\system32\schtml\images\wt1.gif c:\windows\system32\schtml\images\wt2.gif c:\windows\system32\schtml\images\wt3.gif c:\windows\system32\schtml\wispex.html c:\windows\system32\sehuwuri.exe c:\windows\system32\tehisuvo.exe c:\windows\system32\temofar.bat c:\windows\system32\tovebogi.exe c:\windows\system32\towozoha.exe c:\windows\system32\ufuwyr.ban c:\windows\system32\uhim.bin c:\windows\system32\ulit.bin c:\windows\system32\umih.inf c:\windows\system32\vezipoyo.exe c:\windows\system32\vugivodi.exe c:\windows\system32\vuhuviti.exe c:\windows\system32\wbem\proquota.exe c:\windows\system32\wijahupu.exe c:\windows\system32\wuduluto.dll c:\windows\system32\xowyfa.vbs c:\windows\system32\xyje._dl c:\windows\system32\yagerumu.exe c:\windows\system32\yasijote.exe c:\windows\system32\ybyme.exe c:\windows\system32\ydumugu.ban c:\windows\system32\ylyqevecoh.scr c:\windows\system32\yonolafo.dll c:\windows\system32\ypezuv.ban c:\windows\system32\ypijyte.pif c:\windows\system32\yusayena.dll c:\windows\system32\zalo.scr c:\windows\system32\zehakebo.dll c:\windows\system32\zele.pif c:\windows\system32\zilozama.exe c:\windows\system32\zurubefo.exe c:\windows\tide.vbs c:\windows\ufinuwiw._sy c:\windows\uquca.dl c:\windows\zodo.inf c:\windows\zypame.scr E:\Autorun.inf ----- BITS: Possible infected sites ----- hxxp://82.98.235.208 c:\windows\system32\proquota.exe was missing Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe . ((((((((((((((((((((((((( Files Created from 2009-09-25 to 2009-10-25 ))))))))))))))))))))))))))))))) . 2009-10-25 17:07 . 2009-10-25 17:07 -------- d-----w- C:\thcbytes 2009-10-22 04:31 . 2009-10-22 04:31 16784 ----a-w- c:\windows\system32\xevidi.dat 2009-10-19 00:14 . 2009-10-19 00:14 15716 ----a-w- c:\program files\Common Files\isemizi.dat 2009-10-16 02:09 . 2009-10-16 02:09 19879 ----a-w- c:\windows\jebysu.com 2009-10-16 02:09 . 2009-10-16 02:09 18996 ----a-w- c:\documents and settings\Papa\Local Settings\Application Data\gecy.dat 2009-10-16 01:45 . 2009-10-16 01:45 16715 ----a-w- c:\windows\system32\uworomi.dat 2009-10-15 01:57 . 2009-10-15 01:57 17903 ----a-w- c:\windows\system32\byzyxoxis.com 2009-10-15 01:57 . 2009-10-15 01:57 17662 ----a-w- c:\program files\Common Files\deqaxeseh.dat 2009-10-15 01:57 . 2009-10-15 01:57 11720 ----a-w- c:\program files\Common Files\ylacowuga.dat 2009-10-15 01:57 . 2009-10-15 01:57 10385 ----a-w- c:\windows\tete.com 2009-10-10 01:06 . 2009-10-14 00:43 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-10-09 03:22 . 2009-10-09 05:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-10-09 03:22 . 2009-10-09 03:25 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-10-07 00:39 . 2009-10-07 00:39 131731 ----a-w- c:\windows\system32\dbsinit.exe 2009-10-04 03:59 . 2001-08-18 03:36 19456 ----a-w- c:\windows\system32\dllcache\brbidiif.dll 2009-10-04 03:59 . 2001-08-18 03:36 102400 ----a-w- c:\windows\system32\dllcache\binlsvc.dll 2009-10-04 03:57 . 2008-04-14 03:06 84480 ----a-w- c:\windows\system32\dllcache\ac97via.sys 2009-10-01 03:33 . 2009-10-01 03:33 -------- d-----w- c:\program files\AC3Filter 2009-10-01 01:53 . 2009-10-01 01:53 -------- d-----w- c:\documents and settings\Papa\Application Data\DivX 2009-09-30 22:23 . 2009-05-13 21:56 120056 ------w- c:\windows\system32\pxcpyi64.exe 2009-09-30 22:22 . 2009-09-30 22:23 -------- d-----w- c:\program files\DivX 2009-09-30 22:22 . 2009-09-30 22:22 -------- d-----w- c:\program files\Common Files\DivX Shared 2009-09-28 23:08 . 2009-09-28 23:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Pianosoft 2009-09-27 01:32 . 2009-09-27 03:17 -------- d-----w- c:\documents and settings\Papa\Application Data\U3 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-19 00:14 . 2009-10-19 00:14 15254 ----a-w- c:\documents and settings\Papa\Application Data\wylyciky.dat 2009-10-16 02:09 . 2009-10-16 02:09 12028 ----a-w- c:\program files\Common Files\cipa.db 2009-10-16 01:45 . 2009-10-16 01:45 14773 ----a-w- c:\documents and settings\All Users\Application Data\hebenokoxe.dat 2009-10-15 01:57 . 2009-10-15 01:57 19632 ----a-w- c:\documents and settings\All Users\Application Data\hoxy.dat 2009-10-15 01:57 . 2009-10-15 01:57 16932 ----a-w- c:\program files\Common Files\zysucu.db 2009-10-14 23:26 . 2009-09-21 02:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-07 23:05 . 2009-05-02 18:20 -------- d-----w- c:\documents and settings\Papa\Application Data\uTorrent 2009-09-24 16:26 . 2009-09-24 16:26 -------- d-----w- c:\documents and settings\Papa\Application Data\Uniblue 2009-09-23 00:44 . 2009-09-23 00:44 71680 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-09-22 18:08 . 2009-08-02 20:34 -------- d-----w- c:\documents and settings\Papa\Application Data\Apple Computer 2009-09-22 18:06 . 2009-09-22 18:06 17712 ---ha-w- c:\windows\system32\mlfcache.dat 2009-09-22 18:01 . 2009-09-22 18:01 -------- d-----w- c:\program files\iPhone Configuration Utility 2009-09-22 18:00 . 2009-09-22 17:59 -------- d-----w- c:\program files\iTunes 2009-09-22 18:00 . 2009-09-22 17:59 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-09-22 17:59 . 2009-09-22 17:59 -------- d-----w- c:\program files\iPod 2009-09-22 17:59 . 2009-08-02 20:32 -------- d-----w- c:\program files\Common Files\Apple 2009-09-22 17:58 . 2009-09-22 17:58 -------- d-----w- c:\program files\QuickTime 2009-09-21 19:47 . 2009-09-21 02:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-09-21 03:42 . 2006-08-04 08:30 -------- d-----w- c:\program files\Java 2009-09-21 03:18 . 2009-06-21 22:50 17464 ----a-w- c:\documents and settings\Papa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-21 02:54 . 2009-09-21 02:54 -------- d-----w- c:\documents and settings\Papa\Application Data\Malwarebytes 2009-09-21 02:54 . 2009-09-21 02:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-09-21 00:09 . 2009-09-21 00:09 -------- d-----w- c:\program files\MSBuild 2009-09-21 00:09 . 2009-09-21 00:09 -------- d-----w- c:\program files\Reference Assemblies 2009-09-20 23:49 . 2009-09-20 23:49 120 ----a-w- c:\windows\Eticeyeva.dat 2009-09-20 23:49 . 2009-09-20 23:49 0 ----a-w- c:\windows\Dyojodemadavaku.bin 2009-09-10 19:54 . 2009-09-21 02:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 19:53 . 2009-09-21 02:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-07 00:24 . 2004-08-10 17:02 327896 ----a-w- c:\windows\system32\wucltui.dll 2009-08-07 00:24 . 2004-08-10 17:02 209632 ----a-w- c:\windows\system32\wuweb.dll 2009-08-07 00:24 . 2009-01-04 12:00 44768 ----a-w- c:\windows\system32\wups2.dll 2009-08-07 00:24 . 2004-08-10 17:02 35552 ----a-w- c:\windows\system32\wups.dll 2009-08-07 00:24 . 2004-08-10 17:02 53472 ----a-w- c:\windows\system32\wuauclt.exe 2009-08-07 00:24 . 2004-08-10 16:50 96480 ----a-w- c:\windows\system32\cdm.dll 2009-08-07 00:23 . 2004-08-10 17:02 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-08-07 00:23 . 2004-08-10 17:02 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2009-08-05 09:01 . 2004-08-10 16:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\bytes.exe.exe" [2009-09-10 1312080] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-23 339968] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-4 24576] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "RasMan"=3 (0x3) "RasAuto"=3 (0x3) "MskService"=2 (0x2) "MpfService"=2 (0x2) "mnmsrvc"=3 (0x3) "mcupdmgr.exe"=3 (0x3) "McTskshd.exe"=2 (0x2) "McShield"=2 (0x2) "McDetect.exe"=2 (0x2) "AOL ACS"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\iPod\\bin\\iPodService.exe"= "c:\\Program Files\\Yahoo!\\SoftwareUpdate\\YahooAUService.exe"= "c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundRouterRequest"= 1 (0x1) . Contents of the 'Scheduled Tasks' folder 2009-09-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000 . - - - - ORPHANS REMOVED - - - - BHO-{375c8e5d-e162-4ea6-991b-795c287f58b7} - yonolafo.dll BHO-{ca499376-10b1-4fbe-a5ba-309ce29f84e9} - wibovaha.dll HKLM-Run-78059736 - c:\documents and settings\All Users\Application Data\78059736\78059736.exe HKLM-Run-hamefusoh - c:\windows\system32\rijilutu.dll HKLM-Run-lohohuhigo - putabami.dll SharedTaskScheduler-{fa0f539b-0785-4b36-8dad-9f10e7849644} - c:\windows\system32\zelayira.dll SharedTaskScheduler-{deca11a9-c601-4c1d-ab9b-e40c038e2738} - c:\windows\system32\wenigewe.dll SharedTaskScheduler-{f51120bc-9fa9-45df-b702-9897db8b0760} - c:\windows\system32\fidofepu.dll SharedTaskScheduler-{b3d40d3d-f7ea-4a0c-a004-00814b575831} - c:\windows\system32\popukalu.dll SharedTaskScheduler-{a252cd67-a975-4aa1-8d94-1bdb7ca4679d} - c:\windows\system32\niyihifi.dll SharedTaskScheduler-{015b55ff-78f7-424b-8fe9-05b1f7304955} - c:\windows\system32\rijilutu.dll SSODL-munamadoy-{fa0f539b-0785-4b36-8dad-9f10e7849644} - c:\windows\system32\zelayira.dll SSODL-suvutizab-{deca11a9-c601-4c1d-ab9b-e40c038e2738} - c:\windows\system32\wenigewe.dll SSODL-duyehozat-{f51120bc-9fa9-45df-b702-9897db8b0760} - c:\windows\system32\fidofepu.dll SSODL-yiwemesaw-{b3d40d3d-f7ea-4a0c-a004-00814b575831} - c:\windows\system32\popukalu.dll SSODL-yelalimib-{a252cd67-a975-4aa1-8d94-1bdb7ca4679d} - c:\windows\system32\niyihifi.dll SSODL-jubefopat-{015b55ff-78f7-424b-8fe9-05b1f7304955} - c:\windows\system32\rijilutu.dll AddRemove-AVIcodec - c:\program files\AVIcodec\uninst.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-25 12:16 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(1548) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files\Windows Media Player\WMPNetwk.exe c:\combofix\CF31140.exe c:\windows\system32\wscntfy.exe c:\combofix\PEV.cfxxe . ************************************************************************** . Completion time: 2009-10-25 12:19 - machine was rebooted ComboFix-quarantined-files.txt 2009-10-25 17:19 Pre-Run: 59,103,191,040 bytes free Post-Run: 57,808,277,504 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - 9F0F3ADF352344B466AD5C843F9227F0 This post has been edited by Genesys: Oct 25 2009, 12:24 PM
Attached File(s)
|
|
|
|
|
Oct 25 2009, 01:07 PM
Post
#6
|
|
|
Forum Addict Group: Malware Response Team Posts: 4,879 Joined: 16-October 06 From: Southeast Finland Member No.: 90,463 |
Hi,
Open notepad and copy/paste the text in the quotebox below into it: CODE http://www.bleepingcomputer.com/forums/topic263580.html#entry1471625 Collect:: c:\windows\system32\xevidi.dat c:\program files\Common Files\isemizi.dat c:\windows\jebysu.com c:\documents and settings\Papa\Local Settings\Application Data\gecy.dat c:\windows\system32\uworomi.dat c:\windows\system32\byzyxoxis.com c:\program files\Common Files\deqaxeseh.dat c:\program files\Common Files\ylacowuga.dat c:\windows\tete.com c:\documents and settings\Papa\Application Data\wylyciky.dat c:\program files\Common Files\cipa.db c:\documents and settings\All Users\Application Data\hebenokoxe.dat c:\documents and settings\All Users\Application Data\hoxy.dat c:\program files\Common Files\zysucu.db c:\windows\Eticeyeva.dat c:\windows\Dyojodemadavaku.bin c:\windows\system32\rizedeye c:\windows\buhakym.lib c:\program files\common files\cipa.db c:\program files\common files\zysucu.db c:\windows\uxiluwiv.sys c:\docume~1\papa\applic~1\awuquxoh.bin c:\windows\system32\xelovas.dat c:\program files\common files\yqeqecotuq.sys c:\windows\amuxybumy.bin c:\docume~1\papa\applic~1\ebonypoquj.pif c:\windows\kofy.com c:\windows\yjyhy.dat c:\docume~1\papa\applic~1\ijucolaxas.scr c:\docume~1\papa\applic~1\kyky.sys c:\windows\cabu.com DDS:: uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=%s BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File Save this as CFScript A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.  Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe. Then post the resultant log. Uninstall old Adobe Reader versions and get the latest one (9.2) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here. Check here to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here. Fresh version can be obtained here. Uninstall this vulnerable Java: Java 2 Runtime Environment, SE v1.4.2_03 Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop. Double-click ATF Cleaner.exe to open it Under Main choose: Windows Temp Current User Temp All Users Temp Cookies Temporary Internet Files Prefetch Java Cache *The other boxes are optional* Then click the Empty Selected button. If you use Firefox: Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click NO at the prompt. If you use Opera: Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click NO at the prompt. Click Exit on the Main menu to close the program. * Go here to run an online scanner from ESET.
-------------------- Microsoft MVP Consumer Security 2008 2009 2010
ASAP & UNITE member since 2006 Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please. |
|
|
|
|
Oct 25 2009, 01:28 PM
Post
#7
|
|
|
New Member Group: Members Posts: 11 Joined: 9-October 09 From: USA, Midwest Member No.: 388,183 |
Heres the new log i believe.
ComboFix 09-10-24.06 - Papa 10/25/2009 13:30.2.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.650 [GMT -5:00] Running from: c:\documents and settings\Papa\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Papa\Desktop\CFScript.txt file zipped: c:\docume~1\papa\applic~1\awuquxoh.bin file zipped: c:\docume~1\papa\applic~1\ebonypoquj.pif file zipped: c:\docume~1\papa\applic~1\ijucolaxas.scr file zipped: c:\docume~1\papa\applic~1\kyky.sys file zipped: c:\documents and settings\All Users\Application Data\hebenokoxe.dat file zipped: c:\documents and settings\All Users\Application Data\hoxy.dat file zipped: c:\documents and settings\Papa\Application Data\wylyciky.dat file zipped: c:\documents and settings\Papa\Local Settings\Application Data\gecy.dat file zipped: c:\program files\Common Files\cipa.db file zipped: c:\program files\Common Files\deqaxeseh.dat file zipped: c:\program files\Common Files\isemizi.dat file zipped: c:\program files\Common Files\ylacowuga.dat file zipped: c:\program files\common files\yqeqecotuq.sys file zipped: c:\program files\Common Files\zysucu.db file zipped: c:\windows\amuxybumy.bin file zipped: c:\windows\buhakym.lib file zipped: c:\windows\cabu.com file zipped: c:\windows\Dyojodemadavaku.bin file zipped: c:\windows\Eticeyeva.dat file zipped: c:\windows\jebysu.com file zipped: c:\windows\kofy.com file zipped: c:\windows\system32\byzyxoxis.com file zipped: c:\windows\system32\rizedeye file zipped: c:\windows\system32\uworomi.dat file zipped: c:\windows\system32\xelovas.dat file zipped: c:\windows\system32\xevidi.dat file zipped: c:\windows\tete.com file zipped: c:\windows\uxiluwiv.sys file zipped: c:\windows\yjyhy.dat . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\papa\applic~1\awuquxoh.bin c:\docume~1\papa\applic~1\ebonypoquj.pif c:\docume~1\papa\applic~1\ijucolaxas.scr c:\docume~1\papa\applic~1\kyky.sys c:\documents and settings\All Users\Application Data\hebenokoxe.dat c:\documents and settings\All Users\Application Data\hoxy.dat c:\documents and settings\Papa\Application Data\wylyciky.dat c:\documents and settings\Papa\Local Settings\Application Data\gecy.dat c:\program files\Common Files\cipa.db c:\program files\Common Files\deqaxeseh.dat c:\program files\Common Files\isemizi.dat c:\program files\Common Files\ylacowuga.dat c:\program files\common files\yqeqecotuq.sys c:\program files\Common Files\zysucu.db c:\windows\amuxybumy.bin c:\windows\buhakym.lib c:\windows\cabu.com c:\windows\Dyojodemadavaku.bin c:\windows\Eticeyeva.dat c:\windows\jebysu.com c:\windows\kofy.com c:\windows\system32\byzyxoxis.com c:\windows\system32\rizedeye c:\windows\system32\uworomi.dat c:\windows\system32\xelovas.dat c:\windows\system32\xevidi.dat c:\windows\tete.com c:\windows\uxiluwiv.sys c:\windows\yjyhy.dat . ((((((((((((((((((((((((( Files Created from 2009-09-25 to 2009-10-25 ))))))))))))))))))))))))))))))) . 2009-10-25 17:07 . 2009-10-25 17:07 -------- d-----w- C:\thcbytes 2009-10-10 01:06 . 2009-10-14 00:43 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-10-09 03:22 . 2009-10-09 05:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-10-09 03:22 . 2009-10-09 03:25 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-10-07 00:39 . 2009-10-07 00:39 131731 ----a-w- c:\windows\system32\dbsinit.exe 2009-10-04 03:59 . 2001-08-18 03:36 19456 ----a-w- c:\windows\system32\dllcache\brbidiif.dll 2009-10-04 03:59 . 2001-08-18 03:36 102400 ----a-w- c:\windows\system32\dllcache\binlsvc.dll 2009-10-04 03:57 . 2008-04-14 03:06 84480 ----a-w- c:\windows\system32\dllcache\ac97via.sys 2009-10-01 03:33 . 2009-10-01 03:33 -------- d-----w- c:\program files\AC3Filter 2009-10-01 01:53 . 2009-10-01 01:53 -------- d-----w- c:\documents and settings\Papa\Application Data\DivX 2009-09-30 22:23 . 2009-05-13 21:56 120056 ------w- c:\windows\system32\pxcpyi64.exe 2009-09-30 22:22 . 2009-09-30 22:23 -------- d-----w- c:\program files\DivX 2009-09-30 22:22 . 2009-09-30 22:22 -------- d-----w- c:\program files\Common Files\DivX Shared 2009-09-28 23:08 . 2009-09-28 23:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Pianosoft 2009-09-27 01:32 . 2009-09-27 03:17 -------- d-----w- c:\documents and settings\Papa\Application Data\U3 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-14 23:26 . 2009-09-21 02:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-07 23:05 . 2009-05-02 18:20 -------- d-----w- c:\documents and settings\Papa\Application Data\uTorrent 2009-09-24 16:26 . 2009-09-24 16:26 -------- d-----w- c:\documents and settings\Papa\Application Data\Uniblue 2009-09-23 00:44 . 2009-09-23 00:44 71680 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-09-22 18:08 . 2009-08-02 20:34 -------- d-----w- c:\documents and settings\Papa\Application Data\Apple Computer 2009-09-22 18:06 . 2009-09-22 18:06 17712 ---ha-w- c:\windows\system32\mlfcache.dat 2009-09-22 18:01 . 2009-09-22 18:01 -------- d-----w- c:\program files\iPhone Configuration Utility 2009-09-22 18:00 . 2009-09-22 17:59 -------- d-----w- c:\program files\iTunes 2009-09-22 18:00 . 2009-09-22 17:59 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-09-22 17:59 . 2009-09-22 17:59 -------- d-----w- c:\program files\iPod 2009-09-22 17:59 . 2009-08-02 20:32 -------- d-----w- c:\program files\Common Files\Apple 2009-09-22 17:58 . 2009-09-22 17:58 -------- d-----w- c:\program files\QuickTime 2009-09-21 19:47 . 2009-09-21 02:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-09-21 03:42 . 2006-08-04 08:30 -------- d-----w- c:\program files\Java 2009-09-21 03:18 . 2009-06-21 22:50 17464 ----a-w- c:\documents and settings\Papa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-21 02:54 . 2009-09-21 02:54 -------- d-----w- c:\documents and settings\Papa\Application Data\Malwarebytes 2009-09-21 02:54 . 2009-09-21 02:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-09-21 00:09 . 2009-09-21 00:09 -------- d-----w- c:\program files\MSBuild 2009-09-21 00:09 . 2009-09-21 00:09 -------- d-----w- c:\program files\Reference Assemblies 2009-09-20 23:47 . 2009-09-20 23:47 18936 ----a-w- c:\documents and settings\Papa\Local Settings\Application Data\elymyga.pif 2009-09-20 23:47 . 2009-09-20 23:47 10812 ----a-w- c:\documents and settings\Papa\Local Settings\Application Data\ohanuh.scr 2009-09-11 14:18 . 2009-09-11 14:18 136192 ----a-w- c:\windows\system32\SET1F.tmp 2009-09-10 19:54 . 2009-09-21 02:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 19:53 . 2009-09-21 02:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-04 21:03 . 2009-09-04 21:03 58880 ----a-w- c:\windows\system32\SETAB.tmp 2009-08-26 08:00 . 2004-08-10 16:51 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-07 00:24 . 2004-08-10 17:02 327896 ----a-w- c:\windows\system32\wucltui.dll 2009-08-07 00:24 . 2004-08-10 17:02 209632 ----a-w- c:\windows\system32\wuweb.dll 2009-08-07 00:24 . 2009-01-04 12:00 44768 ----a-w- c:\windows\system32\wups2.dll 2009-08-07 00:24 . 2004-08-10 17:02 35552 ----a-w- c:\windows\system32\wups.dll 2009-08-07 00:24 . 2004-08-10 17:02 53472 ------w- c:\windows\system32\wuauclt.exe 2009-08-07 00:24 . 2004-08-10 16:50 96480 ----a-w- c:\windows\system32\cdm.dll 2009-08-07 00:23 . 2004-08-10 17:02 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-08-07 00:23 . 2004-08-10 17:02 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2009-08-05 09:01 . 2004-08-10 16:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-04 15:13 . 2004-08-10 16:51 2145280 ------w- c:\windows\system32\ntoskrnl.exe 2009-08-04 14:20 . 2004-08-04 02:59 2023936 ------w- c:\windows\system32\ntkrnlpa.exe . ((((((((((((((((((((((((((((( SnapShot@2009-10-25_17.16.50 ))))))))))))))))))))))))))))))))))))))))) . - 2009-05-18 05:22 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll + 2009-05-18 05:22 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll - 2004-08-10 16:51 . 2009-09-21 00:15 71732 c:\windows\system32\perfc009.dat + 2004-08-10 16:51 . 2009-10-25 17:35 71732 c:\windows\system32\perfc009.dat + 2009-09-04 21:03 . 2009-09-04 21:03 58880 c:\windows\system32\dllcache\msasn1.dll + 2009-06-25 00:56 . 2009-06-25 00:56 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe + 2008-05-28 05:49 . 2008-05-28 05:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll - 2007-04-14 02:58 . 2007-04-14 02:58 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll - 2007-04-14 02:57 . 2007-04-14 02:57 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll + 2008-05-28 05:49 . 2008-05-28 05:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll - 2007-04-14 02:57 . 2007-04-14 02:57 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll + 2008-05-28 05:49 . 2008-05-28 05:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll - 2007-04-14 03:30 . 2007-04-14 03:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe + 2008-05-28 06:30 . 2008-05-28 06:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe + 2009-10-25 17:28 . 2009-10-25 17:28 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_783b537d\System.Drawing.Design.dll + 2009-10-25 17:28 . 2009-10-25 17:28 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_647bf400\CustomMarshalers.dll + 2009-10-25 17:38 . 2009-10-25 17:38 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\b4a9e413d5cd6d6ec2d50aa05381e293\UIAutomationProvider.ni.dll + 2009-10-25 17:36 . 2009-10-25 17:36 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3dd0f86c966c75755d62eab8ddf0634c\PresentationFontCache.ni.exe + 2009-10-25 17:36 . 2009-10-25 17:36 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\034d081fe294bab1ee1ecc98c1181424\PresentationCFFRasterizer.ni.dll - 2009-09-21 00:15 . 2009-09-21 00:15 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll + 2009-10-25 17:34 . 2009-10-25 17:34 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll - 2009-09-21 00:15 . 2009-09-21 00:15 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll + 2009-10-25 17:34 . 2009-10-25 17:34 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll - 2009-09-21 00:15 . 2009-09-21 00:15 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll + 2009-10-25 17:35 . 2009-10-25 17:35 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll + 2009-10-25 17:35 . 2009-10-25 17:35 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll - 2009-09-21 00:15 . 2009-09-21 00:15 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll - 2009-09-21 00:15 . 2009-09-21 00:15 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll + 2009-10-25 17:35 . 2009-10-25 17:35 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll + 2009-10-25 17:35 . 2009-10-25 17:35 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll - 2009-09-21 00:15 . 2009-09-21 00:15 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll + 2009-10-25 17:35 . 2009-10-25 17:35 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll - 2009-09-21 00:15 . 2009-09-21 00:15 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll + 2009-10-25 17:35 . 2009-10-25 17:35 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll - 2009-09-21 00:15 . 2009-09-21 00:15 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll - 2009-09-21 00:15 . 2009-09-21 00:15 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll + 2009-10-25 17:34 . 2009-10-25 17:34 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll - 2009-09-21 00:15 . 2009-09-21 00:15 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll + 2009-10-25 17:34 . 2009-10-25 17:34 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll + 2009-10-25 17:34 . 2009-10-25 17:34 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll - 2009-09-21 00:15 . 2009-09-21 00:15 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll - 2009-09-21 00:15 . 2009-09-21 00:15 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll + 2009-10-25 17:35 . 2009-10-25 17:35 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll + 2009-10-25 17:34 . 2009-10-25 17:34 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll - 2009-09-21 00:15 . 2009-09-21 00:15 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll - 2009-09-21 00:15 . 2009-09-21 00:15 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll + 2009-10-25 17:34 . 2009-10-25 17:34 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll + 2009-10-25 17:35 . 2009-10-25 17:35 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll - 2009-09-21 00:15 . 2009-09-21 00:15 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll + 2009-10-25 17:35 . 2009-10-25 17:35 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll - 2009-09-21 00:15 . 2009-09-21 00:15 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll + 2009-10-25 17:35 . 2009-10-25 17:35 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll - 2009-09-21 00:15 . 2009-09-21 00:15 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll + 2009-10-25 17:34 . 2009-10-25 17:34 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll - 2009-09-21 00:15 . 2009-09-21 00:15 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll + 2009-10-25 17:35 . 2009-10-25 17:35 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll - 2009-09-21 00:15 . 2009-09-21 00:15 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll - 2009-09-21 00:15 . 2009-09-21 00:15 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll + 2009-10-25 17:35 . 2009-10-25 17:35 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll + 2004-08-10 16:51 . 2009-04-02 04:02 604160 c:\windows\system32\wmspdmod.dll - 2004-08-10 16:51 . 2009-09-21 00:15 442466 c:\windows\system32\perfh009.dat + 2004-08-10 16:51 . 2009-10-25 17:35 442466 c:\windows\system32\perfh009.dat + 2004-08-10 16:51 . 2009-04-02 04:02 604160 c:\windows\system32\dllcache\wmspdmod.dll + 2004-08-10 16:51 . 2009-08-26 08:00 247326 c:\windows\system32\dllcache\strmdll.dll - 2004-08-10 16:51 . 2008-10-03 10:02 247326 c:\windows\system32\dllcache\strmdll.dll + 2009-06-25 08:25 . 2009-09-11 14:18 136192 c:\windows\system32\dllcache\msv1_0.dll - 2009-06-25 08:25 . 2009-06-25 08:25 136192 c:\windows\system32\dllcache\msv1_0.dll + 2009-08-08 04:51 . 2009-08-08 04:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll - 2007-04-14 02:58 . 2007-04-14 02:58 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll + 2008-05-28 05:49 . 2008-05-28 05:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll - 2007-04-14 02:56 . 2007-04-14 02:56 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll + 2008-05-28 05:48 . 2008-05-28 05:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll + 2008-05-28 06:30 . 2008-05-28 06:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll - 2007-04-14 03:30 . 2007-04-14 03:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll + 2009-10-25 17:28 . 2009-10-25 17:28 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_6ebfda65\System.Drawing.dll + 2009-10-25 17:28 . 2009-10-25 17:28 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_3047d2a2\System.Drawing.Design.dll + 2009-10-25 17:28 . 2009-10-25 17:28 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_6f26a92a\CustomMarshalers.dll + 2009-10-25 17:38 . 2009-10-25 17:38 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\bf92bc207f927cbbd6dfc9dc0c3eae68\WindowsFormsIntegration.ni.dll + 2009-10-25 17:38 . 2009-10-25 17:38 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\6f488b7644dc50a083868e91a4014466\UIAutomationTypes.ni.dll + 2009-10-25 17:38 . 2009-10-25 17:38 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\c2fbf25609b704061a93500efa6f241d\UIAutomationClient.ni.dll + 2009-10-25 17:37 . 2009-10-25 17:37 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\ca6d7208c0fb72ff97429f2636ced321\System.Drawing.Design.ni.dll + 2009-10-25 17:37 . 2009-10-25 17:37 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96f74da5fc40b92f09069230bc0df4f0\PresentationFramework.Royale.ni.dll + 2009-10-25 17:37 . 2009-10-25 17:37 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bb4d16b042b72c2c85a0f8ac9d48f28\PresentationFramework.Luna.ni.dll + 2009-10-25 17:37 . 2009-10-25 17:37 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\30c5c2682d3c5bdaa83bb9a36ee48afa\PresentationFramework.Aero.ni.dll + 2009-10-25 17:37 . 2009-10-25 17:37 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07e952efd70f5608e221a008e6231ace\PresentationFramework.Classic.ni.dll + 2009-10-25 17:34 . 2009-10-25 17:34 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll - 2009-09-21 00:15 . 2009-09-21 00:15 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll + 2009-10-25 17:34 . 2009-10-25 17:34 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll - 2009-09-21 00:15 . 2009-09-21 00:15 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll + 2009-10-25 17:35 . 2009-10-25 17:35 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll - 2009-09-21 00:15 . 2009-09-21 00:15 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll + 2009-10-25 17:35 . 2009-10-25 17:35 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll - 2009-09-21 00:15 . 2009-09-21 00:15 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll - 2009-09-21 00:15 . 2009-09-21 00:15 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll + 2009-10-25 17:35 . 2009-10-25 17:35 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll + 2009-10-25 17:35 . 2009-10-25 17:35 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll - 2009-09-21 00:15 . 2009-09-21 00:15 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll - 2009-09-21 00:15 . 2009-09-21 00:15 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll + 2009-10-25 17:35 . 2009-10-25 17:35 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll - 2009-09-21 00:15 . 2009-09-21 00:15 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll + 2009-10-25 17:35 . 2009-10-25 17:35 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll - 2009-09-21 00:15 . 2009-09-21 00:15 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll + 2009-10-25 17:35 . 2009-10-25 17:35 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll - 2009-09-21 00:15 . 2009-09-21 00:15 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll + 2009-10-25 17:35 . 2009-10-25 17:35 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll + 2009-10-25 17:34 . 2009-10-25 17:34 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll - 2009-09-21 00:15 . 2009-09-21 00:15 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll + 2009-10-25 17:35 . 2009-10-25 17:35 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll - 2009-09-21 00:15 . 2009-09-21 00:15 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll + 2009-10-25 17:35 . 2009-10-25 17:35 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll - 2009-09-21 00:15 . 2009-09-21 00:15 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll - 2009-09-21 00:15 . 2009-09-21 00:15 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll + 2009-10-25 17:35 . 2009-10-25 17:35 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll + 2009-10-25 17:35 . 2009-10-25 17:35 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll - 2009-09-21 00:15 . 2009-09-21 00:15 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll - 2009-09-21 00:15 . 2009-09-21 00:15 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll + 2009-10-25 17:35 . 2009-10-25 17:35 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll - 2009-09-21 00:15 . 2009-09-21 00:15 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll + 2009-10-25 17:35 . 2009-10-25 17:35 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll + 2009-10-25 17:35 . 2009-10-25 17:35 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll - 2009-09-21 00:15 . 2009-09-21 00:15 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll + 2009-10-25 17:35 . 2009-10-25 17:35 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll - 2009-09-21 00:15 . 2009-09-21 00:15 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll + 2009-10-25 17:35 . 2009-10-25 17:35 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll - 2009-09-21 00:15 . 2009-09-21 00:15 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll + 2009-10-25 17:35 . 2009-10-25 17:35 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll - 2009-09-21 00:15 . 2009-09-21 00:15 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll - 2009-09-21 00:15 . 2009-09-21 00:15 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll + 2009-10-25 17:34 . 2009-10-25 17:34 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll - 2009-09-21 00:15 . 2009-09-21 00:15 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll + 2009-10-25 17:35 . 2009-10-25 17:35 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll + 2009-10-25 17:35 . 2009-10-25 17:35 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll - 2009-09-21 00:15 . 2009-09-21 00:15 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll + 2009-10-25 17:35 . 2009-10-25 17:35 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll - 2009-09-21 00:15 . 2009-09-21 00:15 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll - 2009-09-21 00:15 . 2009-09-21 00:15 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll + 2009-10-25 17:35 . 2009-10-25 17:35 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll + 2009-10-25 17:19 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll - 2004-08-10 16:51 . 2008-04-14 00:12 1435648 c:\windows\system32\query.dll + 2004-08-10 16:51 . 2009-07-17 16:22 1435648 c:\windows\system32\query.dll + 2009-07-17 16:22 . 2009-07-17 16:22 1435648 c:\windows\system32\dllcache\query.dll + 2009-01-04 22:24 . 2009-08-05 01:44 2189184 c:\windows\system32\dllcache\ntoskrnl.exe - 2009-01-04 22:24 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\ntkrpamp.exe + 2009-01-04 22:24 . 2009-08-04 14:20 2023936 c:\windows\system32\dllcache\ntkrpamp.exe + 2009-01-04 22:24 . 2009-08-04 14:20 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe - 2009-01-04 22:24 . 2009-02-08 00:02 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe - 2004-08-10 16:51 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe + 2004-08-10 16:51 . 2009-08-04 15:13 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe + 2009-08-08 04:51 . 2009-08-08 04:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll - 2008-11-25 09:59 . 2008-11-25 09:59 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll + 2009-08-08 04:51 . 2009-08-08 04:51 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll + 2008-05-28 06:35 . 2008-05-28 06:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll - 2007-04-14 03:35 . 2007-04-14 03:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll - 2007-04-14 03:35 . 2007-04-14 03:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll + 2008-05-28 06:35 . 2008-05-28 06:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll + 2008-05-28 05:48 . 2008-05-28 05:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll - 2007-04-14 02:57 . 2007-04-14 02:57 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll - 2007-04-14 02:57 . 2007-04-14 02:57 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll + 2008-05-28 05:48 . 2008-05-28 05:48 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll - 2007-04-14 02:50 . 2007-04-14 02:50 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll + 2008-05-28 05:43 . 2008-05-28 05:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll + 2009-01-04 22:24 . 2009-08-05 01:44 2189184 c:\windows\Driver Cache\i386\ntoskrnl.exe + 2009-01-04 22:24 . 2009-08-04 14:20 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe - 2009-01-04 22:24 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe - 2009-01-04 22:24 . 2009-02-08 00:02 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe + 2009-01-04 22:24 . 2009-08-04 14:20 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe + 2009-01-04 22:24 . 2009-08-04 15:13 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe - 2009-01-04 22:24 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe + 2009-10-25 17:28 . 2009-10-25 17:28 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_f501a0dc\System.dll + 2009-10-25 17:28 . 2009-10-25 17:28 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_8ab14e82\System.dll + 2009-10-25 17:28 . 2009-10-25 17:28 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_b497e8b4\System.Xml.dll + 2009-10-25 17:28 . 2009-10-25 17:28 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_9d974b77\System.Xml.dll + 2009-10-25 17:28 . 2009-10-25 17:28 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_650734ec\System.Windows.Forms.dll + 2009-10-25 17:28 . 2009-10-25 17:28 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_3fc2b534\System.Windows.Forms.dll + 2009-10-25 17:28 . 2009-10-25 17:28 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_6ffb1988\System.Drawing.dll + 2009-10-25 17:28 . 2009-10-25 17:28 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_704f1e99\System.Design.dll + 2009-10-25 17:28 . 2009-10-25 17:28 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_0575d253\System.Design.dll + 2009-10-25 17:28 . 2009-10-25 17:28 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_e5ace4ec\mscorlib.dll + 2009-10-25 17:29 . 2009-10-25 17:29 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_9968c1e1\mscorlib.dll + 2009-10-25 17:36 . 2009-10-25 17:36 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\204d6e5b335134f23ca37638b9227ecf\WindowsBase.ni.dll + 2009-10-25 17:38 . 2009-10-25 17:38 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\0f2ed6a204eb13841e99b77025464afc\UIAutomationClientsideProviders.ni.dll + 2009-10-25 17:36 . 2009-10-25 17:36 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\System\3de5bd01124463d7862bd173af90bc83\System.ni.dll + 2009-10-25 17:38 . 2009-10-25 17:38 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5913d3f81e77194ec833991b1047a532\System.Xml.ni.dll + 2009-10-25 17:37 . 2009-10-25 17:37 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\99594bae1d022502925f5b9dfcdaae9a\System.Speech.ni.dll + 2009-10-25 17:37 . 2009-10-25 17:37 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\e5313735a40c0800f116e27fba4754db\System.Printing.ni.dll + 2009-10-25 17:37 . 2009-10-25 17:37 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\abb2ac7e08bee026f857d8fa36f9fe6f\System.Drawing.ni.dll + 2009-10-25 17:37 . 2009-10-25 17:37 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\694c07365e0fd6bba0bc304d4d2404a7\System.Data.ni.dll + 2009-10-25 17:37 . 2009-10-25 17:37 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\32788c58ff9f8324460604cf1fe7681b\System.Data.Linq.ni.dll + 2009-10-25 17:37 . 2009-10-25 17:37 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\c0a42d2ad8a4078040b334f6770ea11f\System.Core.ni.dll + 2009-10-25 17:37 . 2009-10-25 17:37 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\954685c29689d2a6126ceca1fd55e904\ReachFramework.ni.dll + 2009-10-25 17:37 . 2009-10-25 17:37 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a3a6f52ce1d09a7bdccc8e7fc664792d\PresentationUI.ni.dll + 2009-10-25 17:36 . 2009-10-25 17:36 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\f906701365083c1473db31519147e263\PresentationBuildTasks.ni.dll + 2009-10-25 17:35 . 2009-10-25 17:35 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll - 2009-09-21 00:15 . 2009-09-21 00:15 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll - 2009-09-21 00:15 . 2009-09-21 00:15 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll + 2009-10-25 17:35 . 2009-10-25 17:35 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll - 2009-09-21 00:15 . 2009-09-21 00:15 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll + 2009-10-25 17:34 . 2009-10-25 17:34 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll - 2009-09-21 00:15 . 2009-09-21 00:15 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll + 2009-10-25 17:34 . 2009-10-25 17:34 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll - 2009-09-21 00:15 . 2009-09-21 00:15 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll + 2009-10-25 17:34 . 2009-10-25 17:34 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll + 2009-10-25 17:35 . 2009-10-25 17:35 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll - 2009-09-21 00:15 . 2009-09-21 00:15 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll + 2009-10-25 17:35 . 2009-10-25 17:35 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll - 2009-09-21 00:15 . 2009-09-21 00:15 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll - 2009-01-05 09:02 . 2009-01-05 09:02 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll + 2009-10-25 17:28 . 2009-10-25 17:28 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll + 2009-10-25 17:28 . 2009-10-25 17:28 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll - 2009-01-05 09:02 . 2009-01-05 09:02 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll + 2009-10-25 17:28 . 2009-10-02 16:01 25198016 c:\windows\system32\MRT.exe + 2009-08-11 02:08 . 2009-08-11 02:08 11315712 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp + 2009-08-15 01:32 . 2009-08-15 01:32 11110912 c:\windows\Installer\b0ccb.msp + 2009-08-10 19:09 . 2009-08-10 19:09 17254912 c:\windows\Installer\b0cc2.msp + 2009-10-25 17:38 . 2009-10-25 17:38 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2ea8d76f015817db1607075812b555f\System.Windows.Forms.ni.dll + 2009-10-25 17:37 . 2009-10-25 17:37 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8b82e08c008924d51833cb0884bcbfc5\System.Design.ni.dll + 2009-10-25 17:37 . 2009-10-25 17:37 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\58c7ac6b6054038dc9346d7ec8e32b4c\PresentationFramework.ni.dll + 2009-10-25 17:36 . 2009-10-25 17:36 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\94badbd64df59de7da249f71da38b1c2\PresentationCore.ni.dll + 2009-10-25 17:35 . 2009-10-25 17:35 11486720 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\bytes.exe.exe" [2009-09-10 1312080] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-23 339968] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-4 24576] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "RasMan"=3 (0x3) "RasAuto"=3 (0x3) "MskService"=2 (0x2) "MpfService"=2 (0x2) "mnmsrvc"=3 (0x3) "mcupdmgr.exe"=3 (0x3) "McTskshd.exe"=2 (0x2) "McShield"=2 (0x2) "McDetect.exe"=2 (0x2) "AOL ACS"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\iPod\\bin\\iPodService.exe"= "c:\\Program Files\\Yahoo!\\SoftwareUpdate\\YahooAUService.exe"= "c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundRouterRequest"= 1 (0x1) . Contents of the 'Scheduled Tasks' folder 2009-09-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-25 13:34 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2009-10-25 13:35 ComboFix-quarantined-files.txt 2009-10-25 18:35 ComboFix2.txt 2009-10-25 17:19 Pre-Run: 57,440,260,096 bytes free Post-Run: 57,408,913,408 bytes free - - End Of File - - 6B5ABAC236EC99AF5C0ADF705EEC8C4F Upload was successful This post has been edited by Genesys: Oct 25 2009, 01:40 PM |
|
|
|
|
Oct 25 2009, 01:39 PM
Post
#8
|
|
|
Forum Addict Group: Malware Response Team Posts: 4,879 Joined: 16-October 06 From: Southeast Finland Member No.: 90,463 |
Hi,
Follow the steps in same order as they are listed there. -------------------- Microsoft MVP Consumer Security 2008 2009 2010
ASAP & UNITE member since 2006 Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please. |
|
|
|
|
Oct 25 2009, 02:32 PM
Post
#9
|
|
|
New Member Group: Members Posts: 11 Joined: 9-October 09 From: USA, Midwest Member No.: 388,183 |
Sorry but my combo log was posted erlier..
Here is the eset log ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=6.00.2900.5512 (xpsp.080413-2105) # OnlineScanner.ocx=1.0.0.6210 # api_version=3.0.2 # EOSSerial=a1639f5c5f81354297f32cede1c5564d # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2009-10-25 07:28:38 # local_time=2009-10-25 02:28:38 (-0600, Central Daylight Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=63704 # found=72 # cleaned=0 # scan_time=1893 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp1.zip Win32/Bagle.gen.zip worm 00000000000000000000000000000000 I C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudAdvancedVirusRemover3.zip Win32/Bagle.gen.zip worm 00000000000000000000000000000000 I C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudAntivirusPlus.zip Win32/Bagle.gen.zip worm 00000000000000000000000000000000 I C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudAntivirusPro3.zip Win32/Bagle.gen.zip worm 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\dukeyiwa.exe.vir a variant of Win32/Kryptik.AVV trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\durifesu.exe.vir Win32/TrojanDownloader.FakeAlert.AMS trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\fetepaze.exe.vir Win32/TrojanDownloader.FakeAlert.AED trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\howiduga.exe.vir a variant of Win32/Kryptik.AVV trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\luyehije.exe.vir a variant of Win32/Kryptik.AVV trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\piyudijo.exe.vir a variant of Win32/Kryptik.AVX trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\sehuwuri.exe.vir a variant of Win32/Kryptik.AVX trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\towozoha.exe.vir a variant of Win32/Kryptik.AVV trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\vezipoyo.exe.vir Win32/TrojanDownloader.FakeAlert.AED trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\vuhuviti.exe.vir a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\yagerumu.exe.vir a variant of Win32/Kryptik.AQE trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\schtml\dbsinit.exe.vir Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\schtml\wispex.html.vir Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\wbem\proquota.exe.vir a variant of Win32/Kryptik.AIQ trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0000086.exe a variant of Win32/Kryptik.AVV trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0000105.exe probably a variant of Win32/TrojanDownloader.FakeAlert.GU trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0000138.exe a variant of Win32/Kryptik.AOK trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0000139.exe Win32/TrojanDownloader.FakeAlert.AED trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0000140.exe probably unknown NewHeur_PE virus 00000000000000000000000000000000 I C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0000146.exe a variant of Win32/Kryptik.ASB trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0000201.exe a variant of Win32/Kryptik.AVV trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0000244.exe a variant of Win32/Kryptik.ASB trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0000251.exe a variant of Win32/Kryptik.AOK trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0000282.exe a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0000283.exe a variant of Win32/Kryptik.ASB trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0000287.exe Win32/TrojanDownloader.FakeAlert.AMS trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0000288.exe a variant of Win32/Kryptik.AOK trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0000304.exe a variant of Win32/Kryptik.ASB trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0000328.exe a variant of Win32/Kryptik.AVX trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0000341.exe Win32/TrojanDownloader.FakeAlert.AED trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0000342.exe a variant of Win32/Kryptik.AOK trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0000360.exe a variant of Win32/Kryptik.AOK trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0000369.exe a variant of Win32/Kryptik.ASB trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0000372.cpl a variant of Win32/Kryptik.AVJ trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0000373.exe a variant of Win32/Kryptik.AOK trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0000386.exe a variant of Win32/Kryptik.ASB trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0000395.exe a variant of Win32/Kryptik.AOK trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0000424.exe a variant of Win32/Kryptik.AOK trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\A0000438.exe a variant of Win32/Kryptik.ASB trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP4\A0000453.exe a variant of Win32/Kryptik.AOK trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP4\A0000458.exe a variant of Win32/Kryptik.ASB trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP4\A0000471.exe a variant of Win32/Kryptik.AOK trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP4\A0001492.exe a variant of Win32/Kryptik.ASB trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP4\A0001493.exe a variant of Win32/Kryptik.ASB trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0001529.exe Win32/TrojanDropper.Agent.OJT trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0001530.exe Win32/TrojanDownloader.FakeAlert.AED trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0001531.exe Win32/TrojanDownloader.Small.NTQ trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0001532.exe a variant of Win32/Kryptik.AMD trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0001534.exe a variant of Win32/Kryptik.ASV trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0001535.exe a variant of Win32/Kryptik.ASA trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0001537.exe a variant of Win32/Kryptik.AOK trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0001538.exe a variant of Win32/Kryptik.AOK trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0001542.exe a variant of Win32/Kryptik.ASB trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0001575.exe a variant of Win32/Kryptik.ASB trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0001667.exe a variant of Win32/Kryptik.AVV trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0001668.exe Win32/TrojanDownloader.FakeAlert.AMS trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0001669.exe Win32/TrojanDownloader.FakeAlert.AED trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0001670.exe a variant of Win32/Kryptik.AVV trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0001678.exe a variant of Win32/Kryptik.AVV trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0001683.exe a variant of Win32/Kryptik.AVX trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0001684.exe Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0001685.exe a variant of Win32/Kryptik.AVX trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0001689.exe a variant of Win32/Kryptik.AVV trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0001691.exe Win32/TrojanDownloader.FakeAlert.AED trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0001693.exe a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0001694.exe a variant of Win32/Kryptik.AIQ trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0001698.exe a variant of Win32/Kryptik.AQE trojan 00000000000000000000000000000000 I C:\WINDOWS\system32\dbsinit.exe Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I also here is the dds DDS (Ver_09-09-29.01) - NTFSx86 Run by Papa at 14:34:36.85 on Sun 10/25/2009 Internet Explorer: 6.0.2900.5512 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.580 [GMT -5:00] ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Digital Line Detect\DLG.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Papa\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ mStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=%s BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [SigmatelSysTrayApp] stsystra.exe mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe" mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\bytes.exe.exe" /runcleanupscript mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [SunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000 IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {F4430FE8-2638-42e5-B849-800749B94EED} - c:\program files\partygaming.net\partypokernet\RunPF.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} IE: {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - {7DD73374-7187-4103-8F29-622AA25E7C40} - c:\program files\mcafee\spamkiller\mcapfbho.dll DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231070389890 DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ============= SERVICES / DRIVERS =============== R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392] S4 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2006-8-4 126976] S4 McShield;McAfee.com McShield;c:\progra~1\mcafee.com\vso\mcshield.exe --> c:\progra~1\mcafee.com\vso\mcshield.exe [?] S4 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2006-8-4 122368] S4 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2006-8-4 245760] =============== Created Last 30 ================ 2009-10-25 13:53 <DIR> --d----- c:\program files\ESET 2009-10-25 12:14 50,176 a------- c:\windows\system32\proquota.exe 2009-10-25 12:10 <DIR> a-dshr-- C:\cmdcons 2009-10-25 12:09 236,544 a------- c:\windows\PEV.exe 2009-10-25 12:09 161,792 a------- c:\windows\SWREG.exe 2009-10-25 12:09 98,816 a------- c:\windows\sed.exe 2009-10-25 12:07 <DIR> --d----- C:\thcbytes 2009-10-09 20:06 664 a------- c:\windows\system32\d3d9caps.dat 2009-10-08 22:22 <DIR> --d----- c:\program files\Spybot - Search & Destroy 2009-10-08 22:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2009-10-06 19:39 131,731 a------- c:\windows\system32\dbsinit.exe 2009-10-06 19:33 107 a------- c:\windows\system32\wwp.htm 2009-10-03 22:59 82,172 a------- c:\windows\system32\dllcache\bopomofo.nls 2009-10-03 22:59 19,456 a------- c:\windows\system32\dllcache\brbidiif.dll 2009-10-03 22:59 102,400 a------- c:\windows\system32\dllcache\binlsvc.dll 2009-10-03 22:59 66,728 a------- c:\windows\system32\dllcache\big5.nls 2009-10-03 22:57 84,480 a------- c:\windows\system32\dllcache\ac97via.sys 2009-09-30 22:33 <DIR> --d----- c:\program files\AC3Filter 2009-09-30 17:23 120,056 -------- c:\windows\system32\pxcpyi64.exe 2009-09-30 17:22 <DIR> --d----- c:\program files\DivX 2009-09-30 17:22 <DIR> --d----- c:\program files\common files\DivX Shared 2009-09-28 18:08 140,488 a------- c:\windows\system32\comdlg32.ocx 2009-09-28 18:08 6,832 a------- c:\windows\system32\PulseSoundTouchForVB.tlb 2009-09-28 18:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Pianosoft ==================== Find3M ==================== 2009-09-22 13:06 17,712 a---h--- c:\windows\system32\mlfcache.dat 2009-09-11 09:18 136,192 a------- c:\windows\system32\SET1F.tmp 2009-09-11 09:18 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll 2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-09-04 16:03 58,880 a------- c:\windows\system32\SETAB.tmp 2009-09-04 16:03 58,880 -------- c:\windows\system32\dllcache\msasn1.dll 2009-08-26 03:00 247,326 a------- c:\windows\system32\strmdll.dll 2009-08-26 03:00 247,326 a------- c:\windows\system32\dllcache\strmdll.dll 2009-08-13 10:16 512,000 a------- c:\windows\system32\dllcache\jscript.dll 2009-08-06 19:24 327,896 a------- c:\windows\system32\dllcache\wucltui.dll 2009-08-06 19:24 209,632 a------- c:\windows\system32\dllcache\wuweb.dll 2009-08-06 19:24 35,552 a------- c:\windows\system32\dllcache\wups.dll 2009-08-06 19:24 53,472 a------- c:\windows\system32\dllcache\wuauclt.exe 2009-08-06 19:24 96,480 a------- c:\windows\system32\dllcache\cdm.dll 2009-08-06 19:23 575,704 a------- c:\windows\system32\dllcache\wuapi.dll 2009-08-06 19:23 1,929,952 a------- c:\windows\system32\dllcache\wuaueng.dll 2009-08-05 04:01 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-08-05 04:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll 2009-08-04 20:44 2,189,184 a------- c:\windows\system32\dllcache\ntoskrnl.exe 2009-08-04 10:13 2,145,280 a------- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-08-04 10:13 2,145,280 -------- c:\windows\system32\ntoskrnl.exe 2009-08-04 09:20 2,023,936 -------- c:\windows\system32\ntkrnlpa.exe 2009-08-04 09:20 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe 2009-08-04 09:20 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-07-12 22:44 34 a------- c:\documents and settings\papa\jagex_runescape_preferences.dat ============= FINISH: 14:35:04.68 =============== This post has been edited by Genesys: Oct 25 2009, 02:37 PM |
|
|
|
|
Oct 25 2009, 04:42 PM
Post
#10
|
|
|
Forum Addict Group: Malware Response Team Posts: 4,879 Joined: 16-October 06 From: Southeast Finland Member No.: 90,463 |
Open notepad and copy/paste the text in the quotebox below into it:
CODE File:: c:\windows\system32\dbsinit.exe c:\documents and settings\Papa\Local Settings\Application Data\elymyga.pif c:\documents and settings\Papa\Local Settings\Application Data\ohanuh.scr C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp1.zip C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudAdvancedVirusRemover3.zip C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudAntivirusPlus.zip C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudAntivirusPro3.zip DirLook:: C:\thcbytes Registry:: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "@"="" Save this as CFScript A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use. Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe Then post the resultant log & fresh dds.txt. How's the system running? -------------------- Microsoft MVP Consumer Security 2008 2009 2010
ASAP & UNITE member since 2006 Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please. |
|
|
|
|
Oct 25 2009, 05:01 PM
Post
#11
|
|
|
New Member Group: Members Posts: 11 Joined: 9-October 09 From: USA, Midwest Member No.: 388,183 |
The system is running good after the first combofix. I got my windows sercurity icon back. im able to be on the internet without safe modes help.
I think i understand a little how this is working too..... Here is combofix ComboFix 09-10-25.01 - Papa 10/25/2009 16:53.3.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.541 [GMT -5:00] Running from: c:\documents and settings\Papa\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Papa\Desktop\CFScript.txt FILE :: "c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp1.zip" "c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudAdvancedVirusRemover3.zip" "c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudAntivirusPlus.zip" "c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudAntivirusPro3.zip" "c:\documents and settings\Papa\Local Settings\Application Data\elymyga.pif" "c:\documents and settings\Papa\Local Settings\Application Data\ohanuh.scr" "c:\windows\system32\dbsinit.exe" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp1.zip c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudAdvancedVirusRemover3.zip c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudAntivirusPlus.zip c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudAntivirusPro3.zip c:\documents and settings\Papa\Local Settings\Application Data\elymyga.pif c:\documents and settings\Papa\Local Settings\Application Data\ohanuh.scr c:\windows\system32\dbsinit.exe . ((((((((((((((((((((((((( Files Created from 2009-09-25 to 2009-10-25 ))))))))))))))))))))))))))))))) . 2009-10-25 18:53 . 2009-10-25 18:53 -------- d-----w- c:\program files\ESET 2009-10-25 17:07 . 2009-10-25 17:07 -------- d-----w- C:\thcbytes 2009-10-10 01:06 . 2009-10-14 00:43 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-10-09 03:22 . 2009-10-09 05:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-10-09 03:22 . 2009-10-09 03:25 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-10-04 03:59 . 2001-08-18 03:36 19456 ----a-w- c:\windows\system32\dllcache\brbidiif.dll 2009-10-04 03:59 . 2001-08-18 03:36 102400 ----a-w- c:\windows\system32\dllcache\binlsvc.dll 2009-10-04 03:57 . 2008-04-14 03:06 84480 ----a-w- c:\windows\system32\dllcache\ac97via.sys 2009-10-01 03:33 . 2009-10-01 03:33 -------- d-----w- c:\program files\AC3Filter 2009-10-01 01:53 . 2009-10-01 01:53 -------- d-----w- c:\documents and settings\Papa\Application Data\DivX 2009-09-30 22:23 . 2009-05-13 21:56 120056 ------w- c:\windows\system32\pxcpyi64.exe 2009-09-30 22:22 . 2009-09-30 22:23 -------- d-----w- c:\program files\DivX 2009-09-30 22:22 . 2009-09-30 22:22 -------- d-----w- c:\program files\Common Files\DivX Shared 2009-09-28 23:08 . 2009-09-28 23:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Pianosoft 2009-09-27 01:32 . 2009-09-27 03:17 -------- d-----w- c:\documents and settings\Papa\Application Data\U3 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-25 21:04 . 2009-05-02 18:20 -------- d-----w- c:\documents and settings\Papa\Application Data\uTorrent 2009-10-14 23:26 . 2009-09-21 02:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-24 16:26 . 2009-09-24 16:26 -------- d-----w- c:\documents and settings\Papa\Application Data\Uniblue 2009-09-23 00:44 . 2009-09-23 00:44 71680 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-09-22 18:08 . 2009-08-02 20:34 -------- d-----w- c:\documents and settings\Papa\Application Data\Apple Computer 2009-09-22 18:06 . 2009-09-22 18:06 17712 ---ha-w- c:\windows\system32\mlfcache.dat 2009-09-22 18:01 . 2009-09-22 18:01 -------- d-----w- c:\program files\iPhone Configuration Utility 2009-09-22 18:00 . 2009-09-22 17:59 -------- d-----w- c:\program files\iTunes 2009-09-22 18:00 . 2009-09-22 17:59 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-09-22 17:59 . 2009-09-22 17:59 -------- d-----w- c:\program files\iPod 2009-09-22 17:59 . 2009-08-02 20:32 -------- d-----w- c:\program files\Common Files\Apple 2009-09-22 17:58 . 2009-09-22 17:58 -------- d-----w- c:\program files\QuickTime 2009-09-21 19:47 . 2009-09-21 02:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-09-21 03:42 . 2006-08-04 08:30 -------- d-----w- c:\program files\Java 2009-09-21 03:18 . 2009-06-21 22:50 17464 ----a-w- c:\documents and settings\Papa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-21 02:54 . 2009-09-21 02:54 -------- d-----w- c:\documents and settings\Papa\Application Data\Malwarebytes 2009-09-21 02:54 . 2009-09-21 02:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-09-21 00:09 . 2009-09-21 00:09 -------- d-----w- c:\program files\MSBuild 2009-09-21 00:09 . 2009-09-21 00:09 -------- d-----w- c:\program files\Reference Assemblies 2009-09-11 14:18 . 2009-09-11 14:18 136192 ----a-w- c:\windows\system32\SET1F.tmp 2009-09-10 19:54 . 2009-09-21 02:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 19:53 . 2009-09-21 02:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-04 21:03 . 2009-09-04 21:03 58880 ----a-w- c:\windows\system32\SETAB.tmp 2009-08-26 08:00 . 2004-08-10 16:51 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-07 00:24 . 2004-08-10 17:02 327896 ----a-w- c:\windows\system32\wucltui.dll 2009-08-07 00:24 . 2004-08-10 17:02 209632 ----a-w- c:\windows\system32\wuweb.dll 2009-08-07 00:24 . 2009-01-04 12:00 44768 ----a-w- c:\windows\system32\wups2.dll 2009-08-07 00:24 . 2004-08-10 17:02 35552 ----a-w- c:\windows\system32\wups.dll 2009-08-07 00:24 . 2004-08-10 17:02 53472 ------w- c:\windows\system32\wuauclt.exe 2009-08-07 00:24 . 2004-08-10 16:50 96480 ----a-w- c:\windows\system32\cdm.dll 2009-08-07 00:23 . 2004-08-10 17:02 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-08-07 00:23 . 2004-08-10 17:02 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2009-08-05 09:01 . 2004-08-10 16:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-04 15:13 . 2004-08-10 16:51 2145280 ------w- c:\windows\system32\ntoskrnl.exe 2009-08-04 14:20 . 2004-08-04 02:59 2023936 ------w- c:\windows\system32\ntkrnlpa.exe ((((((((((((((((((((((((((((( SnapShot_2009-10-25_18.34.23 ))))))))))))))))))))))))))))))))))))))))) . + 2009-10-25 18:47 . 2009-10-25 18:47 88589 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe + 2009-10-25 19:19 . 2009-10-25 19:19 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\8acb476a0d4ee17a12881e17ae74a6af\System.Windows.Presentation.ni.dll + 2009-10-25 19:19 . 2009-10-25 19:19 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b87ca3482a3c0ee733e028ecee7de65\System.Web.DynamicData.Design.ni.dll + 2009-10-25 19:17 . 2009-10-25 19:17 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\a0c71055364bd356971791284c3fb910\System.ComponentModel.DataAnnotations.ni.dll + 2009-10-25 19:17 . 2009-10-25 19:17 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f9a75bbdc2ce7db578b5977766a09b99\System.AddIn.Contract.ni.dll + 2009-10-25 19:18 . 2009-10-25 19:18 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2673aec397c52796aef05bb9d2668df\Microsoft.Vsa.ni.dll + 2009-10-25 19:16 . 2009-10-25 19:16 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\d513fe1a81c441e7656a9b062cff4e9f\Microsoft.Build.Framework.ni.dll + 2009-10-25 19:16 . 2009-10-25 19:16 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\c5d504724d7f351b1d034615dbb72a2a\Microsoft.Build.Framework.ni.dll + 2009-10-25 19:07 . 2009-10-25 19:07 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a664ccab020f93f1d533919f57131190\dfsvc.ni.exe + 2009-10-25 18:59 . 2009-10-25 18:59 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\e63d6d26b8a664cfdfbd4ad75e03c14d\Accessibility.ni.dll + 2009-07-18 03:12 . 2009-07-18 03:12 257440 c:\windows\system32\Macromed\Flash\FlashUtil10c.exe + 2009-10-25 19:16 . 2009-10-25 19:16 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\e2098e43d115155d6ba91ba3a7e577cf\WsatConfig.ni.exe + 2009-10-25 19:19 . 2009-10-25 19:19 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\eb23b78564687badff1bd1f1d0a0ec97\System.Xml.Linq.ni.dll + 2009-10-25 19:19 . 2009-10-25 19:19 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\e7666364bf9f3ba5f4833c9efedd8218\System.Web.Routing.ni.dll + 2009-10-25 19:19 . 2009-10-25 19:19 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5f1b8791e6c47e5bd5e7018c346c586\System.Web.RegularExpressions.ni.dll + 2009-10-25 19:19 . 2009-10-25 19:19 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\884eacddf339b8b342f66aedff5f8ef9\System.Web.Extensions.Design.ni.dll + 2009-10-25 19:19 . 2009-10-25 19:19 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\9e199645bd26f1afe58ebe185d1e7f0f\System.Web.Entity.ni.dll + 2009-10-25 19:19 . 2009-10-25 19:19 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\652017ebe962ab2eb271c2524f31cd61\System.Web.Entity.Design.ni.dll + 2009-10-25 19:19 . 2009-10-25 19:19 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\d0070c1c1a642ae30394e00bc0d82336\System.Web.DynamicData.ni.dll + 2009-10-25 19:19 . 2009-10-25 19:19 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\1896753d02d146be1988d32241300f51\System.Web.Abstractions.ni.dll + 2009-10-25 19:18 . 2009-10-25 19:18 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\408e637346ef628a3f54fb1b9b83ac9f\System.Transactions.ni.dll + 2009-10-25 19:18 . 2009-10-25 19:18 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\1f61bccb700d687775cf778dd77752e9\System.ServiceProcess.ni.dll + 2009-10-25 19:16 . 2009-10-25 19:16 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\a9e9b885a6601469c4058375cc74d856\System.Security.ni.dll + 2009-10-25 19:18 . 2009-10-25 19:18 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9bc34a79af9c3ed2cf17a0226c769b4c\System.Runtime.Serialization.Formatters.Soap.ni.dll + 2009-10-25 19:18 . 2009-10-25 19:18 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\5f74a84e9d28c2332c51f6e30da0e125\System.Net.ni.dll + 2009-10-25 19:18 . 2009-10-25 19:18 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\2c208e4c5521f31057ea7d6e93c6a567\System.Management.ni.dll + 2009-10-25 19:18 . 2009-10-25 19:18 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\818b20a7c6f3b2fe97bf008ca24080c1\System.Management.Instrumentation.ni.dll + 2009-10-25 19:06 . 2009-10-25 19:06 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\6c273eb9d1ee8b66b5ecb073de4b785d\System.IO.Log.ni.dll + 2009-10-25 19:00 . 2009-10-25 19:00 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\7222db518afb4eaaa138824278249bc7\System.IdentityModel.Selectors.ni.dll + 2009-10-25 19:18 . 2009-10-25 19:18 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.Wrapper.dll + 2009-10-25 19:18 . 2009-10-25 19:18 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.ni.dll + 2009-10-25 19:18 . 2009-10-25 19:18 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c92fc19800e701c90f90ab7a2ab44c47\System.DirectoryServices.AccountManagement.ni.dll + 2009-10-25 19:18 . 2009-10-25 19:18 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\a601f47a98ee67df424685c9a66ea449\System.DirectoryServices.Protocols.ni.dll + 2009-10-25 19:18 . 2009-10-25 19:18 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\b91b44015859163646f210d284f7166a\System.Data.Services.Client.ni.dll + 2009-10-25 19:18 . 2009-10-25 19:18 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1b35297e07b85071daecdb06f96750a1\System.Data.Services.Design.ni.dll + 2009-10-25 19:18 . 2009-10-25 19:18 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\cf906bf9146d1f0013451ec63b58e064\System.Data.Entity.Design.ni.dll + 2009-10-25 19:17 . 2009-10-25 19:17 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4ff4134b0d490c090e03d74e104517c4\System.Data.DataSetExtensions.ni.dll + 2009-10-25 19:16 . 2009-10-25 19:16 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7c743462baccf29b3567b0e3ec9ac134\System.Configuration.ni.dll + 2009-10-25 19:18 . 2009-10-25 19:18 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\443e3a85c491b2de4a2ac654cb957484\System.Configuration.Install.ni.dll + 2009-10-25 19:16 . 2009-10-25 19:16 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\cba35f47925431a54d0e6ae147a292f1\System.AddIn.ni.dll + 2009-10-25 19:07 . 2009-10-25 19:07 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6af32fe5cbec0aa54e2efa6910c73651\SMSvcHost.ni.exe + 2009-10-25 19:07 . 2009-10-25 19:07 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\7602d7687fb9bd21cd9ae60d2b187c99\SMDiagnostics.ni.dll + 2009-10-25 19:07 . 2009-10-25 19:07 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a23dc25782df04533a13e348203e4dc5\ServiceModelReg.ni.exe + 2009-10-25 19:16 . 2009-10-25 19:16 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\eade8c1c9c1e8e5ffb50e6c9b9af0f6a\MSBuild.ni.exe + 2009-10-25 19:07 . 2009-10-25 19:07 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fc4d66e0a92b3767006a84f2519d2457\Microsoft.Transactions.Bridge.Dtc.ni.dll + 2009-10-25 19:16 . 2009-10-25 19:16 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\58ca3ecc52b7246b448c109817198a0b\Microsoft.Build.Utilities.ni.dll + 2009-10-25 19:16 . 2009-10-25 19:16 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4dd43724dd92026577c6f588270137a0\Microsoft.Build.Utilities.v3.5.ni.dll + 2009-10-25 19:16 . 2009-10-25 19:16 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\8c651f75bb741330370986dcad8e9e5b\Microsoft.Build.Engine.ni.dll + 2009-10-25 19:16 . 2009-10-25 19:16 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\a6dcbae619ccd938bfe808c54d6d3ae0\Microsoft.Build.Conversion.v3.5.ni.dll + 2009-10-25 19:16 . 2009-10-25 19:16 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\77688ce14f221ed94a9f442ae4736123\CustomMarshalers.ni.dll + 2009-10-25 19:07 . 2009-10-25 19:07 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a17c65f0cffaa4f792dd38d50df9d526\ComSvcConfig.ni.exe + 2009-10-25 18:59 . 2009-10-25 18:59 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\85d7c111956b478766d90625b35d963f\AspNetMMCExt.ni.dll + 2009-10-25 19:19 . 2009-10-25 19:19 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\fa48917b13629d8effa80dd4a2f2973d\System.WorkflowServices.ni.dll + 2009-10-25 19:19 . 2009-10-25 19:19 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6fe66ee6f3c81996bc148f1ebe7ec030\System.Workflow.Runtime.ni.dll + 2009-10-25 19:19 . 2009-10-25 19:19 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\9d0b61f2f1ebdc300bd970f594c422ef\System.Workflow.ComponentModel.ni.dll + 2009-10-25 19:19 . 2009-10-25 19:19 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\65328898148a720d394f802f192fc2a0\System.Workflow.Activities.ni.dll + 2009-10-25 19:19 . 2009-10-25 19:19 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\ea07ac791bb5cb9f83679e3dd1a0c0cc\System.Web.Services.ni.dll + 2009-10-25 19:19 . 2009-10-25 19:19 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\29e2f8b1fb691ced973acf49fcee6ec1\System.Web.Mobile.ni.dll + 2009-10-25 19:19 . 2009-10-25 19:19 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\981dea02bc63c0c083e335adf9018788\System.Web.Extensions.ni.dll + 2009-10-25 19:18 . 2009-10-25 19:18 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\e182695d05ea57257568bc5f3208aca7\System.ServiceModel.Web.ni.dll + 2009-10-25 19:06 . 2009-10-25 19:06 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\67ad55827f2542552b576170f0a7dc56\System.Runtime.Serialization.ni.dll + 2009-10-25 19:00 . 2009-10-25 19:00 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c3b18fef5c6dc3bcdbe5df699fd21a55\System.IdentityModel.ni.dll + 2009-10-25 19:18 . 2009-10-25 19:18 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f47ebb9db460874b1bcbfc391dc970b1\System.DirectoryServices.ni.dll + 2009-10-25 19:18 . 2009-10-25 19:18 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\c94a427baa7683f4221b91f90c18461b\System.Deployment.ni.dll + 2009-10-25 19:16 . 2009-10-25 19:16 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\272152f0cc139490729e215611a4b244\System.Data.SqlXml.ni.dll + 2009-10-25 19:18 . 2009-10-25 19:18 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\112a48e34620a0210eb850040da8a31b\System.Data.Services.ni.dll + 2009-10-25 19:17 . 2009-10-25 19:17 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\9012cac7819660f61f1c69cf8e4f2ccf\System.Data.Entity.ni.dll + 2009-10-25 19:16 . 2009-10-25 19:16 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6eee9b772b6d12d3dbd82f118c2ab2e5\Microsoft.VisualBasic.ni.dll + 2009-10-25 19:07 . 2009-10-25 19:07 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f19e9b439636d0744597fff1331cad04\Microsoft.Transactions.Bridge.ni.dll + 2009-10-25 19:18 . 2009-10-25 19:18 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\5b1af7b5be24c7ace065fe1c81c2b650\Microsoft.JScript.ni.dll + 2009-10-25 19:16 . 2009-10-25 19:16 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\9eec1cc7ac37e0c7f3205e8156149c5a\Microsoft.Build.Tasks.ni.dll + 2009-10-25 19:16 . 2009-10-25 19:16 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\28c0730288453d57d5dcd62903c4d31b\Microsoft.Build.Tasks.v3.5.ni.dll + 2009-10-25 19:16 . 2009-10-25 19:16 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5dd4f58999eed37c12aee7ea9f9863ac\Microsoft.Build.Engine.ni.dll + 2009-10-25 19:18 . 2009-10-25 19:18 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5cea03cfb008f2eac1439a9905467f37\System.Web.ni.dll + 2009-10-25 19:07 . 2009-10-25 19:07 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\06d6eab93282d2b136a377bd50b7c5a9\System.ServiceModel.ni.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\bytes.exe.exe" [2009-09-10 1312080] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-23 339968] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-4 24576] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "RasMan"=3 (0x3) "RasAuto"=3 (0x3) "MskService"=2 (0x2) "MpfService"=2 (0x2) "mnmsrvc"=3 (0x3) "mcupdmgr.exe"=3 (0x3) "McTskshd.exe"=2 (0x2) "McShield"=2 (0x2) "McDetect.exe"=2 (0x2) "AOL ACS"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\iPod\\bin\\iPodService.exe"= "c:\\Program Files\\Yahoo!\\SoftwareUpdate\\YahooAUService.exe"= "c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundRouterRequest"= 1 (0x1) --- Other Services/Drivers In Memory --- *NewlyCreated* - MBR *Deregistered* - mbr . Contents of the 'Scheduled Tasks' folder 2009-09-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000 DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-25 16:56 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2009-10-25 16:58 ComboFix-quarantined-files.txt 2009-10-25 21:58 ComboFix2.txt 2009-10-25 18:36 ComboFix3.txt 2009-10-25 17:19 Pre-Run: 57,258,807,296 bytes free Post-Run: 57,226,878,976 bytes free - - End Of File - - 1BE156109B27523E2A92411E5B81342D This post has been edited by Blade81: Oct 25 2009, 05:08 PM |
|
|
|
|
Oct 25 2009, 05:01 PM
Post
#12
|
|
|
New Member Group: Members Posts: 11 Joined: 9-October 09 From: USA, Midwest Member No.: 388,183 |
The system is running good after the first combofix. I got my windows sercurity icon back. im able to be on the internet without safe modes help.
I think i understand a little how this is working too..... Here is combofix ComboFix 09-10-25.01 - Papa 10/25/2009 16:53.3.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.541 [GMT -5:00] Running from: c:\documents and settings\Papa\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Papa\Desktop\CFScript.txt FILE :: "c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp1.zip" "c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudAdvancedVirusRemover3.zip" "c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudAntivirusPlus.zip" "c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudAntivirusPro3.zip" "c:\documents and settings\Papa\Local Settings\Application Data\elymyga.pif" "c:\documents and settings\Papa\Local Settings\Application Data\ohanuh.scr" "c:\windows\system32\dbsinit.exe" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp1.zip c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudAdvancedVirusRemover3.zip c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudAntivirusPlus.zip c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudAntivirusPro3.zip c:\documents and settings\Papa\Local Settings\Application Data\elymyga.pif c:\documents and settings\Papa\Local Settings\Application Data\ohanuh.scr c:\windows\system32\dbsinit.exe . ((((((((((((((((((((((((( Files Created from 2009-09-25 to 2009-10-25 ))))))))))))))))))))))))))))))) . 2009-10-25 18:53 . 2009-10-25 18:53 -------- d-----w- c:\program files\ESET 2009-10-25 17:07 . 2009-10-25 17:07 -------- d-----w- C:\thcbytes 2009-10-10 01:06 . 2009-10-14 00:43 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-10-09 03:22 . 2009-10-09 05:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-10-09 03:22 . 2009-10-09 03:25 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-10-04 03:59 . 2001-08-18 03:36 19456 ----a-w- c:\windows\system32\dllcache\brbidiif.dll 2009-10-04 03:59 . 2001-08-18 03:36 102400 ----a-w- c:\windows\system32\dllcache\binlsvc.dll 2009-10-04 03:57 . 2008-04-14 03:06 84480 ----a-w- c:\windows\system32\dllcache\ac97via.sys 2009-10-01 03:33 . 2009-10-01 03:33 -------- d-----w- c:\program files\AC3Filter 2009-10-01 01:53 . 2009-10-01 01:53 -------- d-----w- c:\documents and settings\Papa\Application Data\DivX 2009-09-30 22:23 . 2009-05-13 21:56 120056 ------w- c:\windows\system32\pxcpyi64.exe 2009-09-30 22:22 . 2009-09-30 22:23 -------- d-----w- c:\program files\DivX 2009-09-30 22:22 . 2009-09-30 22:22 -------- d-----w- c:\program files\Common Files\DivX Shared 2009-09-28 23:08 . 2009-09-28 23:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Pianosoft 2009-09-27 01:32 . 2009-09-27 03:17 -------- d-----w- c:\documents and settings\Papa\Application Data\U3 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-25 21:04 . 2009-05-02 18:20 -------- d-----w- c:\documents and settings\Papa\Application Data\uTorrent 2009-10-14 23:26 . 2009-09-21 02:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-24 16:26 . 2009-09-24 16:26 -------- d-----w- c:\documents and settings\Papa\Application Data\Uniblue 2009-09-23 00:44 . 2009-09-23 00:44 71680 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-09-22 18:08 . 2009-08-02 20:34 -------- d-----w- c:\documents and settings\Papa\Application Data\Apple Computer 2009-09-22 18:06 . 2009-09-22 18:06 17712 ---ha-w- c:\windows\system32\mlfcache.dat 2009-09-22 18:01 . 2009-09-22 18:01 -------- d-----w- c:\program files\iPhone Configuration Utility 2009-09-22 18:00 . 2009-09-22 17:59 -------- d-----w- c:\program files\iTunes 2009-09-22 18:00 . 2009-09-22 17:59 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-09-22 17:59 . 2009-09-22 17:59 -------- d-----w- c:\program files\iPod 2009-09-22 17:59 . 2009-08-02 20:32 -------- d-----w- c:\program files\Common Files\Apple 2009-09-22 17:58 . 2009-09-22 17:58 -------- d-----w- c:\program files\QuickTime 2009-09-21 19:47 . 2009-09-21 02:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-09-21 03:42 . 2006-08-04 08:30 -------- d-----w- c:\program files\Java 2009-09-21 03:18 . 2009-06-21 22:50 17464 ----a-w- c:\documents and settings\Papa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-21 02:54 . 2009-09-21 02:54 -------- d-----w- c:\documents and settings\Papa\Application Data\Malwarebytes 2009-09-21 02:54 . 2009-09-21 02:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-09-21 00:09 . 2009-09-21 00:09 -------- d-----w- c:\program files\MSBuild 2009-09-21 00:09 . 2009-09-21 00:09 -------- d-----w- c:\program files\Reference Assemblies 2009-09-11 14:18 . 2009-09-11 14:18 136192 ----a-w- c:\windows\system32\SET1F.tmp 2009-09-10 19:54 . 2009-09-21 02:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 19:53 . 2009-09-21 02:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-04 21:03 . 2009-09-04 21:03 58880 ----a-w- c:\windows\system32\SETAB.tmp 2009-08-26 08:00 . 2004-08-10 16:51 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-07 00:24 . 2004-08-10 17:02 327896 ----a-w- c:\windows\system32\wucltui.dll 2009-08-07 00:24 . 2004-08-10 17:02 209632 ----a-w- c:\windows\system32\wuweb.dll 2009-08-07 00:24 . 2009-01-04 12:00 44768 ----a-w- c:\windows\system32\wups2.dll 2009-08-07 00:24 . 2004-08-10 17:02 35552 ----a-w- c:\windows\system32\wups.dll 2009-08-07 00:24 . 2004-08-10 17:02 53472 ------w- c:\windows\system32\wuauclt.exe 2009-08-07 00:24 . 2004-08-10 16:50 96480 ----a-w- c:\windows\system32\cdm.dll 2009-08-07 00:23 . 2004-08-10 17:02 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-08-07 00:23 . 2004-08-10 17:02 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2009-08-05 09:01 . 2004-08-10 16:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-04 15:13 . 2004-08-10 16:51 2145280 ------w- c:\windows\system32\ntoskrnl.exe 2009-08-04 14:20 . 2004-08-04 02:59 2023936 ------w- c:\windows\system32\ntkrnlpa.exe ((((((((((((((((((((((((((((( SnapShot_2009-10-25_18.34.23 ))))))))))))))))))))))))))))))))))))))))) . + 2009-10-25 18:47 . 2009-10-25 18:47 88589 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe + 2009-10-25 19:19 . 2009-10-25 19:19 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\8acb476a0d4ee17a12881e17ae74a6af\System.Windows.Presentation.ni.dll + 2009-10-25 19:19 . 2009-10-25 19:19 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b87ca3482a3c0ee733e028ecee7de65\System.Web.DynamicData.Design.ni.dll + 2009-10-25 19:17 . 2009-10-25 19:17 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\a0c71055364bd356971791284c3fb910\System.ComponentModel.DataAnnotations.ni.dll + 2009-10-25 19:17 . 2009-10-25 19:17 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f9a75bbdc2ce7db578b5977766a09b99\System.AddIn.Contract.ni.dll + 2009-10-25 19:18 . 2009-10-25 19:18 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2673aec397c52796aef05bb9d2668df\Microsoft.Vsa.ni.dll + 2009-10-25 19:16 . 2009-10-25 19:16 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\d513fe1a81c441e7656a9b062cff4e9f\Microsoft.Build.Framework.ni.dll + 2009-10-25 19:16 . 2009-10-25 19:16 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\c5d504724d7f351b1d034615dbb72a2a\Microsoft.Build.Framework.ni.dll + 2009-10-25 19:07 . 2009-10-25 19:07 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\a664ccab020f93f1d533919f57131190\dfsvc.ni.exe + 2009-10-25 18:59 . 2009-10-25 18:59 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\e63d6d26b8a664cfdfbd4ad75e03c14d\Accessibility.ni.dll + 2009-07-18 03:12 . 2009-07-18 03:12 257440 c:\windows\system32\Macromed\Flash\FlashUtil10c.exe + 2009-10-25 19:16 . 2009-10-25 19:16 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\e2098e43d115155d6ba91ba3a7e577cf\WsatConfig.ni.exe + 2009-10-25 19:19 . 2009-10-25 19:19 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\eb23b78564687badff1bd1f1d0a0ec97\System.Xml.Linq.ni.dll + 2009-10-25 19:19 . 2009-10-25 19:19 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\e7666364bf9f3ba5f4833c9efedd8218\System.Web.Routing.ni.dll + 2009-10-25 19:19 . 2009-10-25 19:19 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5f1b8791e6c47e5bd5e7018c346c586\System.Web.RegularExpressions.ni.dll + 2009-10-25 19:19 . 2009-10-25 19:19 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\884eacddf339b8b342f66aedff5f8ef9\System.Web.Extensions.Design.ni.dll + 2009-10-25 19:19 . 2009-10-25 19:19 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\9e199645bd26f1afe58ebe185d1e7f0f\System.Web.Entity.ni.dll + 2009-10-25 19:19 . 2009-10-25 19:19 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\652017ebe962ab2eb271c2524f31cd61\System.Web.Entity.Design.ni.dll + 2009-10-25 19:19 . 2009-10-25 19:19 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\d0070c1c1a642ae30394e00bc0d82336\System.Web.DynamicData.ni.dll + 2009-10-25 19:19 . 2009-10-25 19:19 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\1896753d02d146be1988d32241300f51\System.Web.Abstractions.ni.dll + 2009-10-25 19:18 . 2009-10-25 19:18 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\408e637346ef628a3f54fb1b9b83ac9f\System.Transactions.ni.dll + 2009-10-25 19:18 . 2009-10-25 19:18 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\1f61bccb700d687775cf778dd77752e9\System.ServiceProcess.ni.dll + 2009-10-25 19:16 . 2009-10-25 19:16 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\a9e9b885a6601469c4058375cc74d856\System.Security.ni.dll + 2009-10-25 19:18 . 2009-10-25 19:18 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9bc34a79af9c3ed2cf17a0226c769b4c\System.Runtime.Serialization.Formatters.Soap.ni.dll + 2009-10-25 19:18 . 2009-10-25 19:18 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\5f74a84e9d28c2332c51f6e30da0e125\System.Net.ni.dll + 2009-10-25 19:18 . 2009-10-25 19:18 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\2c208e4c5521f31057ea7d6e93c6a567\System.Management.ni.dll + 2009-10-25 19:18 . 2009-10-25 19:18 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\818b20a7c6f3b2fe97bf008ca24080c1\System.Management.Instrumentation.ni.dll + 2009-10-25 19:06 . 2009-10-25 19:06 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\6c273eb9d1ee8b66b5ecb073de4b785d\System.IO.Log.ni.dll + 2009-10-25 19:00 . 2009-10-25 19:00 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\7222db518afb4eaaa138824278249bc7\System.IdentityModel.Selectors.ni.dll + 2009-10-25 19:18 . 2009-10-25 19:18 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.Wrapper.dll + 2009-10-25 19:18 . 2009-10-25 19:18 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.ni.dll + 2009-10-25 19:18 . 2009-10-25 19:18 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c92fc19800e701c90f90ab7a2ab44c47\System.DirectoryServices.AccountManagement.ni.dll + 2009-10-25 19:18 . 2009-10-25 19:18 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\a601f47a98ee67df424685c9a66ea449\System.DirectoryServices.Protocols.ni.dll + 2009-10-25 19:18 . 2009-10-25 19:18 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\b91b44015859163646f210d284f7166a\System.Data.Services.Client.ni.dll + 2009-10-25 19:18 . 2009-10-25 19:18 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1b35297e07b85071daecdb06f96750a1\System.Data.Services.Design.ni.dll + 2009-10-25 19:18 . 2009-10-25 19:18 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\cf906bf9146d1f0013451ec63b58e064\System.Data.Entity.Design.ni.dll + 2009-10-25 19:17 . 2009-10-25 19:17 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4ff4134b0d490c090e03d74e104517c4\System.Data.DataSetExtensions.ni.dll + 2009-10-25 19:16 . 2009-10-25 19:16 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7c743462baccf29b3567b0e3ec9ac134\System.Configuration.ni.dll + 2009-10-25 19:18 . 2009-10-25 19:18 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\443e3a85c491b2de4a2ac654cb957484\System.Configuration.Install.ni.dll + 2009-10-25 19:16 . 2009-10-25 19:16 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\cba35f47925431a54d0e6ae147a292f1\System.AddIn.ni.dll + 2009-10-25 19:07 . 2009-10-25 19:07 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6af32fe5cbec0aa54e2efa6910c73651\SMSvcHost.ni.exe + 2009-10-25 19:07 . 2009-10-25 19:07 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\7602d7687fb9bd21cd9ae60d2b187c99\SMDiagnostics.ni.dll + 2009-10-25 19:07 . 2009-10-25 19:07 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a23dc25782df04533a13e348203e4dc5\ServiceModelReg.ni.exe + 2009-10-25 19:16 . 2009-10-25 19:16 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\eade8c1c9c1e8e5ffb50e6c9b9af0f6a\MSBuild.ni.exe + 2009-10-25 19:07 . 2009-10-25 19:07 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fc4d66e0a92b3767006a84f2519d2457\Microsoft.Transactions.Bridge.Dtc.ni.dll + 2009-10-25 19:16 . 2009-10-25 19:16 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\58ca3ecc52b7246b448c109817198a0b\Microsoft.Build.Utilities.ni.dll + 2009-10-25 19:16 . 2009-10-25 19:16 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\4dd43724dd92026577c6f588270137a0\Microsoft.Build.Utilities.v3.5.ni.dll + 2009-10-25 19:16 . 2009-10-25 19:16 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\8c651f75bb741330370986dcad8e9e5b\Microsoft.Build.Engine.ni.dll + 2009-10-25 19:16 . 2009-10-25 19:16 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\a6dcbae619ccd938bfe808c54d6d3ae0\Microsoft.Build.Conversion.v3.5.ni.dll + 2009-10-25 19:16 . 2009-10-25 19:16 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\77688ce14f221ed94a9f442ae4736123\CustomMarshalers.ni.dll + 2009-10-25 19:07 . 2009-10-25 19:07 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a17c65f0cffaa4f792dd38d50df9d526\ComSvcConfig.ni.exe + 2009-10-25 18:59 . 2009-10-25 18:59 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\85d7c111956b478766d90625b35d963f\AspNetMMCExt.ni.dll + 2009-10-25 19:19 . 2009-10-25 19:19 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\fa48917b13629d8effa80dd4a2f2973d\System.WorkflowServices.ni.dll + 2009-10-25 19:19 . 2009-10-25 19:19 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6fe66ee6f3c81996bc148f1ebe7ec030\System.Workflow.Runtime.ni.dll + 2009-10-25 19:19 . 2009-10-25 19:19 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\9d0b61f2f1ebdc300bd970f594c422ef\System.Workflow.ComponentModel.ni.dll + 2009-10-25 19:19 . 2009-10-25 19:19 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\65328898148a720d394f802f192fc2a0\System.Workflow.Activities.ni.dll + 2009-10-25 19:19 . 2009-10-25 19:19 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\ea07ac791bb5cb9f83679e3dd1a0c0cc\System.Web.Services.ni.dll + 2009-10-25 19:19 . 2009-10-25 19:19 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\29e2f8b1fb691ced973acf49fcee6ec1\System.Web.Mobile.ni.dll + 2009-10-25 19:19 . 2009-10-25 19:19 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\981dea02bc63c0c083e335adf9018788\System.Web.Extensions.ni.dll + 2009-10-25 19:18 . 2009-10-25 19:18 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\e182695d05ea57257568bc5f3208aca7\System.ServiceModel.Web.ni.dll + 2009-10-25 19:06 . 2009-10-25 19:06 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\67ad55827f2542552b576170f0a7dc56\System.Runtime.Serialization.ni.dll + 2009-10-25 19:00 . 2009-10-25 19:00 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c3b18fef5c6dc3bcdbe5df699fd21a55\System.IdentityModel.ni.dll + 2009-10-25 19:18 . 2009-10-25 19:18 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f47ebb9db460874b1bcbfc391dc970b1\System.DirectoryServices.ni.dll + 2009-10-25 19:18 . 2009-10-25 19:18 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\c94a427baa7683f4221b91f90c18461b\System.Deployment.ni.dll + 2009-10-25 19:16 . 2009-10-25 19:16 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\272152f0cc139490729e215611a4b244\System.Data.SqlXml.ni.dll + 2009-10-25 19:18 . 2009-10-25 19:18 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\112a48e34620a0210eb850040da8a31b\System.Data.Services.ni.dll + 2009-10-25 19:17 . 2009-10-25 19:17 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\9012cac7819660f61f1c69cf8e4f2ccf\System.Data.Entity.ni.dll + 2009-10-25 19:16 . 2009-10-25 19:16 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6eee9b772b6d12d3dbd82f118c2ab2e5\Microsoft.VisualBasic.ni.dll + 2009-10-25 19:07 . 2009-10-25 19:07 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f19e9b439636d0744597fff1331cad04\Microsoft.Transactions.Bridge.ni.dll + 2009-10-25 19:18 . 2009-10-25 19:18 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\5b1af7b5be24c7ace065fe1c81c2b650\Microsoft.JScript.ni.dll + 2009-10-25 19:16 . 2009-10-25 19:16 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\9eec1cc7ac37e0c7f3205e8156149c5a\Microsoft.Build.Tasks.ni.dll + 2009-10-25 19:16 . 2009-10-25 19:16 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\28c0730288453d57d5dcd62903c4d31b\Microsoft.Build.Tasks.v3.5.ni.dll + 2009-10-25 19:16 . 2009-10-25 19:16 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5dd4f58999eed37c12aee7ea9f9863ac\Microsoft.Build.Engine.ni.dll + 2009-10-25 19:18 . 2009-10-25 19:18 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5cea03cfb008f2eac1439a9905467f37\System.Web.ni.dll + 2009-10-25 19:07 . 2009-10-25 19:07 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\06d6eab93282d2b136a377bd50b7c5a9\System.ServiceModel.ni.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\bytes.exe.exe" [2009-09-10 1312080] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-23 339968] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-4 24576] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "RasMan"=3 (0x3) "RasAuto"=3 (0x3) "MskService"=2 (0x2) "MpfService"=2 (0x2) "mnmsrvc"=3 (0x3) "mcupdmgr.exe"=3 (0x3) "McTskshd.exe"=2 (0x2) "McShield"=2 (0x2) "McDetect.exe"=2 (0x2) "AOL ACS"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\iPod\\bin\\iPodService.exe"= "c:\\Program Files\\Yahoo!\\SoftwareUpdate\\YahooAUService.exe"= "c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundRouterRequest"= 1 (0x1) --- Other Services/Drivers In Memory --- *NewlyCreated* - MBR *Deregistered* - mbr . Contents of the 'Scheduled Tasks' folder 2009-09-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000 DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-25 16:56 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2009-10-25 16:58 ComboFix-quarantined-files.txt 2009-10-25 21:58 ComboFix2.txt 2009-10-25 18:36 ComboFix3.txt 2009-10-25 17:19 Pre-Run: 57,258,807,296 bytes free Post-Run: 57,226,878,976 bytes free - - End Of File - - 1BE156109B27523E2A92411E5B81342D This post has been edited by Blade81: Oct 25 2009, 05:09 PM
Attached File(s)
|
|
|
|
|
Oct 25 2009, 05:15 PM
Post
#13
|
|
|
Forum Addict Group: Malware Response Team Posts: 4,879 Joined: 16-October 06 From: Southeast Finland Member No.: 90,463 |
Good. It's time to secure your system to prevent against further intrusions then
 THESE STEPS ARE VERY IMPORTANT Let's reset system restore Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points. 1. Turn off System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. Check Turn off System Restore. Click Apply, and then click OK. 2. Reboot. 3. Turn ON System Restore. On the Desktop, right-click My Computer. Click Properties. Click the System Restore tab. UN-Check *Turn off System Restore*. Click Apply, and then click OK. NOTE: only do this ONCE,NOT on a regular basis Now lets uninstall ComboFix:
Please download OTC and save it to desktop.
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so. UPDATING WINDOWS AND INTERNET EXPLORER IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates. If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update. Make your Internet Explorer more secure This can be done by following these simple instructions: From within Internet Explorer click on the Tools menu and then click on Options. Click once on the Security tab Click once on the Internet icon so it becomes highlighted. Click once on the Custom Level button. Change the Download signed ActiveX controls to Prompt Change the Download unsigned ActiveX controls to Disable Change the Initialize and script ActiveX controls not marked as safe to Disable Change the Installation of desktop items to Prompt Change the Launching programs and files in an IFRAME to Prompt Change the Navigate sub-frames across different domains to Prompt When all these settings have been made, click on the OK button. If it prompts you as to whether or not you want to save the settings, press the Yes button. Next press the Apply button and then the OK to exit the Internet Properties page. The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.
Antivir Avast! Good commercial ones are from: Kaspersky and ESET If you don't have a 3rd party firewall or a router behind NAT then I recommend getting one. I recommend either Online Armor Free or Comodo Firewall Pro (If you choose Comodo: Uncheck during installation Install Comodo HopSurf.., Make Comodo my default search provider and Make Comodo Search my homepage and install firewall ONLY!). Both providers have support forums that help with configuration related questions. Just a final reminder for you. I am trying to stress these two points. UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks. Make sure all of your security programs are up to date. Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates. Once again, please post and tell me how things are going with your system... problems etc. Have a great day, Blade 
-------------------- Microsoft MVP Consumer Security 2008 2009 2010
ASAP & UNITE member since 2006 Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please. |
|
|
|
|
Oct 25 2009, 06:01 PM
Post
#14
|
|
|
New Member Group: Members Posts: 11 Joined: 9-October 09 From: USA, Midwest Member No.: 388,183 |
Great! Doing the steps now. Thanks again for your help...... Ill let you know if i have any questions.\
How big of a difference is it actually between the free software or the ones you actually have to pay for? This post has been edited by Genesys: Oct 25 2009, 06:04 PM |
|
|
|
|
Oct 26 2009, 05:43 PM
Post
#15
|
|
|
New Member Group: Members Posts: 11 Joined: 9-October 09 From: USA, Midwest Member No.: 388,183 |
well i just got home today, my computer seemed to be a lil slow, so i rebooted. upon opening into my windows desktop i got a error message
Windoes connot exess path or file. You may not have appropiate permession... and this was for my Run.dll file... any clues? |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 9th September 2010 - 05:59 AM |
© 2003-2010 All Rights Reserved Bleeping Computer LLC.