Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Warning! Spyware Threat Has Been Detected Background


  • This topic is locked This topic is locked
11 replies to this topic

#1 lilyungn

lilyungn

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 29 October 2007 - 08:33 PM

http://www.bleepingcomputer.com/forums/top...tml#entry649476 i posted there originally here is my hijackthis log...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:31:28 PM, on 10/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\vvgeowbv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\spyware\RRT.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\PopupDummy!\PopupDummy! 3.27.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\Home\LOCALS~1\Temp\Rar$EX00.234\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\vvgeowbv.exe,C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (file missing)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {A6E432B4-D4C2-43B3-BF55-C364F8F7362A} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll (file missing)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RRT-Auto] C:\spyware\RRT.exe auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [main] C:\WINDOWS\system32\drivers\system.exe
O4 - HKCU\..\Run: [default] C:\Documents and Settings\Home\winmain.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [sysinit] C:\WINDOWS\system32\drivers\system.exe
O4 - HKCU\..\RunOnce: [winmz] C:\Documents and Settings\Home\winmain.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (file missing)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PopupDummy! - {3C75C1F5-6D83-11d6-9855-00065B6980E9} - C:\Program Files\PopupDummy!\PopupDummy! 3.27.EXE (HKCU)
O9 - Extra 'Tools' menuitem: PopupDummy! - {3C75C1F5-6D83-11d6-9855-00065B6980E9} - C:\Program Files\PopupDummy!\PopupDummy! 3.27.EXE (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - https://www.webiqonline.com/WebIQ/bin/WebIQ.cab
O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} (Installer.InstallControl) - http://www.file2you.net/applet.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} (Enlite 2.x Simulation Engine Installer) - http://myitlab.pearsoned.com/Pegasus/Modul...ces/ax/stub.cab
O16 - DPF: {CF1C4A31-BD38-4DCB-BFDB-9E1854B6AAF1} (DVR Web Viewer) - http://www.dvrhost.com/control/viewer.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O16 - DPF: {FD163A9A-A3D8-4F7D-8224-32F81AC29EDA} (VPlayer Control) - http://video.vividas.com/CDN1/5029_paramou.../vivid_ocx.jpeg
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 13384 bytes

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 30 October 2007 - 04:52 AM

System.exe [W32.Spybot.OBB] is a Backdoor Trojan and is present on your pc
A Backdoor is a software program that gives an attacker unauthorized access to a machine and the means for remotely controlling the machine without the user's knowledge. A Backdoor compromises system integrity by making changes to the system that allow it to be used by the attacker for malicious purposes unknown to the user.

They are typically installed without user interaction through security exploits, and may allow an attacker to remotely control the infected machine. Such risks may allow the attacker to install additional malware and use the compromised machine to participate in denial of service attacks, spamming, and bot nets, or to transmit sensitive data to a remote server. The malware may be cloaked and not visible to the user. These risks severely compromise the system by lowering security settings, installing 'backdoors,' infecting system files, or spreading to other networked machines.

If your computer was used for online banking or has credit card information on it, all passwords should be changed immediately to include those used for email, eBay and forums.
You should consider them to be compromised.
They should be changed by using a different computer and not the infected one,if not an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breech.

Since your computer was compromised read:
How to report ID theft, fraud, drive-by installs, hijacking and malware:
http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall:
http://www.dslreports.com/faq/10063

If you want us to go ahead and clean up your system then fair enough,but there’s no way I can guarantee your pc will be 100% safe once we’ve finished.
Let me know how you wish to proceed.
Posted Image
Posted Image

#3 lilyungn

lilyungn
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 30 October 2007 - 02:50 PM

yes i wish to proceed to clean it up

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 30 October 2007 - 04:41 PM

Ok then,here we go:

First it appears you've no virus protection installed.
Download\install one of the following freeware options from the choice below.
Once installed update its definitions and then run a full system virus scan.

AVG7 Free Edition Antivirus:
http://free.grisoft.com/softw/70free/setup...ree_446a965.exe

Avast! 4 Home Edition:
http://files.avast.com/iavs4pro/setupeng.exe

Avira AntiVir Personal Edition Classic
http://www.free-av.com/


With you having Service Pack 2 installed i'm presuming you're using the Windows Firewall.
You may be behind a hardware firewall(router),but it would'nt hurt to install a third party software firewall to henhance protection.
A word of warning regarding the Windows Firewall in Service Pack 2,it only filters INCOMING traffic.
That means if malware happens to compromise your PC,it will be able to SEND OUT out your credit card data,and any other personal information.
I suggest you install a more robust third party firewall that filters both INCOMING and OUTGOING traffic.

Download\install one of the following freeware firewalls from below:

Sygate Personal Firewall Free Edition:
http://www.filehippo.com/download_sygate_personal_firewall/

Zone Alarm Free:
http://download.zonelabs.com/bin/free/1001..._737_000_en.exe

Comodo Personal Firewall:
http://www.personalfirewall.comodo.com/

Outpost Firewall Free:
http://www.agnitum.com/products/outpostfree/index.php

You should take the time to read the following:
Understanding and Using Firewalls
http://www.bleepingcomputer.com/tutorials/understanding-and-using-firewalls/


Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".
This changed in 2006,read this article:
http://www.clickz.com/news/article.php/3561546

You are well advised to remove the program now.
Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present,then restart your pc:
Viewpoint
Viewpoint Manager
Viewpoint Media Player



Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6 update 3'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java version.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version.


If you have previously downloaded ComboFix,please delete that version now.
Now download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.
*NOTE*
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#5 lilyungn

lilyungn
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 30 October 2007 - 09:48 PM

here is the combofix log:

ComboFix 07-10-30.5 - Home 2007-10-30 22:03:21.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.547 [GMT -4:00]
Running from: C:\Documents and Settings\Home\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\3721
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\Accoona
C:\Program Files\Accoona\ASearchAssist.dll
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\internet explorer\iekey.dll
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\aconti.exe
C:\WINDOWS\adbar.dll
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\settn.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\drivers\blank.gif
C:\WINDOWS\system32\drivers\box_1.gif
C:\WINDOWS\system32\drivers\box_2.gif
C:\WINDOWS\system32\drivers\box_3.gif
C:\WINDOWS\system32\drivers\button_buynow.gif
C:\WINDOWS\system32\drivers\button_freescan.gif
C:\WINDOWS\system32\drivers\cell_bg.gif
C:\WINDOWS\system32\drivers\cell_footer.gif
C:\WINDOWS\system32\drivers\cell_header_block.gif
C:\WINDOWS\system32\drivers\cell_header_remove.gif
C:\WINDOWS\system32\drivers\cell_header_scan.gif
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_box.gif
C:\WINDOWS\system32\drivers\download_btn.jpg
C:\WINDOWS\system32\drivers\download_now_btn.gif
C:\WINDOWS\system32\drivers\footer_back.jpg
C:\WINDOWS\system32\drivers\header_1.gif
C:\WINDOWS\system32\drivers\header_2.gif
C:\WINDOWS\system32\drivers\header_3.gif
C:\WINDOWS\system32\drivers\header_4.gif
C:\WINDOWS\system32\drivers\header_red_bg.gif
C:\WINDOWS\system32\drivers\header_red_free_scan.gif
C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
C:\WINDOWS\system32\drivers\infected.gif
C:\WINDOWS\system32\drivers\main_back.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
C:\WINDOWS\system32\drivers\product_1_header.gif
C:\WINDOWS\system32\drivers\product_1_name_small.gif
C:\WINDOWS\system32\drivers\product_2_header.gif
C:\WINDOWS\system32\drivers\product_2_name_small.gif
C:\WINDOWS\system32\drivers\product_3_header.gif
C:\WINDOWS\system32\drivers\product_3_name_small.gif
C:\WINDOWS\system32\drivers\product_features.gif
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\rating.gif
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\screenshot.jpg
C:\WINDOWS\system32\drivers\sep_hor.gif
C:\WINDOWS\system32\drivers\sep_vert.gif
C:\WINDOWS\system32\drivers\shadow.jpg
C:\WINDOWS\system32\drivers\shadow_bg.gif
C:\WINDOWS\system32\drivers\spacer.gif
C:\WINDOWS\system32\drivers\spy_away_box.jpg
C:\WINDOWS\system32\drivers\star.gif
C:\WINDOWS\system32\drivers\star_gray.gif
C:\WINDOWS\system32\drivers\star_gray_small.gif
C:\WINDOWS\system32\drivers\star_small.gif
C:\WINDOWS\system32\drivers\style.css
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\warning_icon.gif
C:\WINDOWS\system32\drivers\win_logo.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe

.
((((((((((((((((((((((((( Files Created from 2007-09-28 to 2007-10-31 )))))))))))))))))))))))))))))))
.

2007-10-30 22:02 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-30 21:54 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-10-30 21:53 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-10-30 21:50 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-10-30 18:39 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7
2007-10-30 18:39 <DIR> d-------- C:\Documents and Settings\Home\Application Data\AVG7
2007-10-30 18:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-10-29 20:05 11,520 --a------ C:\WINDOWS\system32\ace16win.dll
2007-10-29 18:15 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-10-29 18:15 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-29 18:15 <DIR> d-------- C:\Documents and Settings\Home\Application Data\SUPERAntiSpyware.com
2007-10-29 18:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-29 17:27 194 --a------ C:\WINDOWS\system32\RBDELDRV.BAT
2007-10-29 17:04 <DIR> d-------- C:\WINDOWS\ERUNT
2007-10-29 16:57 <DIR> d-------- C:\VundoFix Backups
2007-10-29 16:57 <DIR> d-------- C:\Program Files\RogueRemover FREE
2007-10-29 16:47 <DIR> d-------- C:\spyware
2007-10-29 00:16 <DIR> d-------- C:\Documents and Settings\Home\DoctorWeb
2007-10-28 23:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-28 23:21 <DIR> d-------- C:\WINDOWS\system32\acespy
2007-10-28 23:20 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-10-28 22:20 12 --a------ C:\WINDOWS\system32\dpqaqlqx.bin
2007-10-28 21:03 <DIR> d-------- C:\Documents and Settings\house.AHMAD.000\Application Data\Talkback
2007-10-24 23:05 <DIR> d-------- C:\Documents and Settings\Home\Application Data\acccore
2007-10-24 23:04 <DIR> d-------- C:\Program Files\Common Files\AOL
2007-10-24 23:04 <DIR> d-------- C:\Program Files\AIM6
2007-10-24 23:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-10-24 23:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2007-10-17 23:09 <DIR> d-------- C:\Documents and Settings\house.AHMAD.000\Application Data\Aim
2007-10-15 11:29 <DIR> d-------- C:\Documents and Settings\house.AHMAD.000\Application Data\Intel
2007-10-07 00:08 <DIR> d-------- C:\Program Files\dbon-demand
2007-10-07 00:08 345,604 --a------ C:\WINDOWS\system32\msinfhlp.exe
2007-10-07 00:08 132,224 --a------ C:\WINDOWS\system32\vjreg.exe
2007-10-01 15:41 <DIR> d-------- C:\Program Files\myibay
2007-09-30 14:43 <DIR> d-------- C:\WINDOWS\{hopper}
2007-09-30 14:43 <DIR> d-------- C:\Program Files\WiFi Hopper
2007-09-30 14:43 21,376 --a------ C:\WINDOWS\system32\drivers\hopperp.sys
2007-09-05 16:41 <DIR> d-------- C:\Documents and Settings\Home\Application Data\TAIT3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-31 02:01 --------- d-----w C:\Program Files\Java
2007-10-30 22:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-10-30 01:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-30 00:19 --------- d-----w C:\Program Files\PopupDummy!
2007-10-29 21:27 --------- d-----w C:\Program Files\SimulationExams
2007-10-26 02:25 --------- d-----w C:\Documents and Settings\Home\Application Data\U3
2007-10-18 04:19 --------- d-----w C:\Program Files\Google
2007-10-15 03:27 --------- d-----w C:\Program Files\mIRC
2007-10-10 16:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 23:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 23:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-30 23:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-09 13:16 582,656 ----a-w C:\WINDOWS\system32\rpcrt4.dll
2006-05-30 15:36 21,376 ----a-w C:\WINDOWS\inf\hopperp.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-20 14:07]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 14:13]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-10 07:00 C:\WINDOWS\system32\bthprops.cpl]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-01-20 03:09]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53]
"RRT-Auto"="C:\spyware\RRT.exe" [2007-10-29 18:14]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-30 18:39]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-23 23:38]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-11 21:12]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 13:39]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-09-29 16:22]
"main"="C:\WINDOWS\system32\drivers\system.exe" []
"default"="C:\Documents and Settings\Home\winmain.exe" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"sysinit"=C:\WINDOWS\system32\drivers\system.exe
"winmz"=C:\Documents and Settings\Home\winmain.exe

C:\Documents and Settings\ghar\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 21:24:54]

C:\Documents and Settings\Home\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 21:24:54]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
dlbcserv.lnk - C:\Program Files\Dell Photo Printer 720\dlbcserv.exe [2006-06-18 13:00:38]
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [2005-10-20 19:55:40]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"Ghp`amfUbrhLds"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Mn@iboddPubswLfov"=0 (0x0)
"Mn@mlrf"=0 (0x0)
"MnOndNeg"=0 (0x0)
"MnQtm"=0 (0x0)
"NoLogOff"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2005-07-23 01:46 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

R2 HopperP;WiFi Hopper;C:\WINDOWS\system32\DRIVERS\hopperp.sys
R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe
S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe -k QWAVE
S3 QWAVEDRV;QWAVE driver;C:\WINDOWS\system32\DRIVERS\qwavedrv.sys
S3 UKS11LDR;M-Audio USB Keystation Loader;C:\WINDOWS\system32\drivers\uks11ldr.sys
S3 USBKT1X1;M-Audio USB Keystation;C:\WINDOWS\system32\drivers\usbkt1x1.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE QWAVE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef712d39-ef3a-11db-a390-0013cee718e6}]
AutoRun\command - I:\ie.exe
explore\Command - I:\ie.exe
open\Command - I:\ie.exe

*Newly Created Service* - SRESCAN
.
Contents of the 'Scheduled Tasks' folder
"2007-10-26 10:00:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-30 22:12:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
sysinit = C:\WINDOWS\system32\drivers\system.exe???e???e???=???=?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
winmz = C:\Documents and Settings\Home\winmain.exe???e???e???=?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-30 22:14:57 - machine was rebooted
.
--- E O F ---



and the hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:46:19 PM, on 10/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\Home\LOCALS~1\Temp\Rar$EX00.312\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll (file missing)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RRT-Auto] C:\spyware\RRT.exe auto
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [main] C:\WINDOWS\system32\drivers\system.exe
O4 - HKCU\..\Run: [default] C:\Documents and Settings\Home\winmain.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [sysinit] C:\WINDOWS\system32\drivers\system.exe
O4 - HKCU\..\RunOnce: [winmz] C:\Documents and Settings\Home\winmain.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PopupDummy! - {3C75C1F5-6D83-11d6-9855-00065B6980E9} - C:\Program Files\PopupDummy!\PopupDummy! 3.27.EXE (HKCU)
O9 - Extra 'Tools' menuitem: PopupDummy! - {3C75C1F5-6D83-11d6-9855-00065B6980E9} - C:\Program Files\PopupDummy!\PopupDummy! 3.27.EXE (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - https://www.webiqonline.com/WebIQ/bin/WebIQ.cab
O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} (Installer.InstallControl) - http://www.file2you.net/applet.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} (Enlite 2.x Simulation Engine Installer) - http://myitlab.pearsoned.com/Pegasus/Modul...ces/ax/stub.cab
O16 - DPF: {CF1C4A31-BD38-4DCB-BFDB-9E1854B6AAF1} (DVR Web Viewer) - http://www.dvrhost.com/control/viewer.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O16 - DPF: {FD163A9A-A3D8-4F7D-8224-32F81AC29EDA} (VPlayer Control) - http://video.vividas.com/CDN1/5029_paramou.../vivid_ocx.jpeg
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 13236 bytes

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 31 October 2007 - 06:57 AM

Download SmitfraudFix (by S!Ri),to your desktop.
Reboot your computer into SAFE MODE using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Double click on Smitfraudfix.cmd
Select #2 and hit Enter to delete the infected files.
You will be prompted: 'Do you want to clean the registry?' answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): 'Replace infected file ?' answer Y (yes) and hit Enter to restore a clean file.
A reboot may be needed to finish the cleaning process.
The report can be found at the root of the system drive, usually at C:\rapport.txt
Post the Smitfraudfix report into your next reply.


Download SDFix.exe and save it to your desktop:
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

* Double click on SDFix on your desktop,and install the fix to C:\

Please then reboot your computer into Safe Mode by doing the following:

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Choose your usual account.

* In Safe Mode,go to and open the C:\SDFix folder,then double click on RunThis.bat to start the script.
* Type Y to begin the script.
* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* Your system will take longer that normal to restart as the fixtool will be running and removing files.
* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
* Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt into your next reply.


Please run the F-Secure online virus/spyware scan using Internet Explorer:
http://support.f-secure.com/enu/home/ols.shtml
Follow the directions in the F-Secure page for proper Installation.
Accept the License Agreement.
Once the ActiveX installs,Click ‘Custom Scan’ and be sure the following are checked:
1.Scan whole System
2.Scan all files
3.Scan whole system for rootkits
4.Scan whole system for spyware
5.Scan inside archives
6.Use advanced heuristics
Once the download completes,the scan will begin automatically.
The scan will take some time to finish,so please be patient.
When the scan completes, click the ‘I want to decide item by item’ button.
For each item found,Select ‘Disinfect’ and click ‘Next’.
Click the ‘Show Report’ button,then copy and paste the entire report into your next reply.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#7 lilyungn

lilyungn
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 31 October 2007 - 09:25 PM

here is the smitfraud log:

SmitFraudFix v2.166

Scan done at 13:36:46.26, Wed 10/31/2007
Run from C:\Documents and Settings\Home\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\ace16win.dll Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{AD9B2492-E9C9-43C6-8FF3-3511548C1E7F}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{AD9B2492-E9C9-43C6-8FF3-3511548C1E7F}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{AD9B2492-E9C9-43C6-8FF3-3511548C1E7F}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End



here is the sdfix log:


SDFix: Version 1.113

Run by Home on Wed 10/31/2007 at 01:40 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1253 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-31 13:51:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:3d,1c,c2,54,f1,bd,84,73,0c,1f,ca,9a,0c,42,83,e1,64,f6,2c,cb,3e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,f5,64,68,7a,52,c7,c6,94,ad,95,3c,a0,d3,d8,39,57,8b,..
"khjeh"=hex:7e,77,63,df,68,af,43,76,c3,52,5b,87,c6,be,dd,c9,1b,8b,62,ca,66,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e3,9a,20,34,55,57,b3,59,12,3a,d7,eb,d7,c1,ed,18,1e,ca,24,27,2e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:42,e0,53,1a,cd,62,b8,af,55,5d,26,1e,b5,0e,f0,ab,33,14,f2,7b,d2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:3d,1c,c2,54,f1,bd,84,73,0c,1f,ca,9a,0c,42,83,e1,64,f6,2c,cb,3e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,f5,64,68,7a,52,c7,c6,94,ad,95,3c,a0,d3,d8,39,57,8b,..
"khjeh"=hex:7e,77,63,df,68,af,43,76,c3,52,5b,87,c6,be,dd,c9,1b,8b,62,ca,66,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e3,9a,20,34,55,57,b3,59,12,3a,d7,eb,d7,c1,ed,18,1e,ca,24,27,2e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:42,e0,53,1a,cd,62,b8,af,55,5d,26,1e,b5,0e,f0,ab,33,14,f2,7b,d2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:3d,1c,c2,54,f1,bd,84,73,0c,1f,ca,9a,0c,42,83,e1,64,f6,2c,cb,3e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,f5,64,68,7a,52,c7,c6,94,ad,95,3c,a0,d3,d8,39,57,8b,..
"khjeh"=hex:7e,77,63,df,68,af,43,76,c3,52,5b,87,c6,be,dd,c9,1b,8b,62,ca,66,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e3,9a,20,34,55,57,b3,59,12,3a,d7,eb,d7,c1,ed,18,1e,ca,24,27,2e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:42,e0,53,1a,cd,62,b8,af,55,5d,26,1e,b5,0e,f0,ab,33,14,f2,7b,d2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:3d,1c,c2,54,f1,bd,84,73,0c,1f,ca,9a,0c,42,83,e1,64,f6,2c,cb,3e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,f5,64,68,7a,52,c7,c6,94,ad,95,3c,a0,d3,d8,39,57,8b,..
"khjeh"=hex:7e,77,63,df,68,af,43,76,c3,52,5b,87,c6,be,dd,c9,1b,8b,62,ca,66,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e3,9a,20,34,55,57,b3,59,12,3a,d7,eb,d7,c1,ed,18,1e,ca,24,27,2e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:42,e0,53,1a,cd,62,b8,af,55,5d,26,1e,b5,0e,f0,ab,33,14,f2,7b,d2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\000272b00026]
"001237cb2241"=hex:d2,36,2d,8a,64,34,3b,c1,f0,1e,2a,39,96,3d,bf,38
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:3d,1c,c2,54,f1,bd,84,73,0c,1f,ca,9a,0c,42,83,e1,64,f6,2c,cb,3e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,f5,64,68,7a,52,c7,c6,94,ad,95,3c,a0,d3,d8,39,57,8b,..
"khjeh"=hex:7e,77,63,df,68,af,43,76,c3,52,5b,87,c6,be,dd,c9,1b,8b,62,ca,66,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e3,9a,20,34,55,57,b3,59,12,3a,d7,eb,d7,c1,ed,18,1e,ca,24,27,2e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:42,e0,53,1a,cd,62,b8,af,55,5d,26,1e,b5,0e,f0,ab,33,14,f2,7b,d2,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272b00026]
"001237cb2241"=hex:d2,36,2d,8a,64,34,3b,c1,f0,1e,2a,39,96,3d,bf,38
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile"=str(2):"c:\windows\system32\ESENT.dll"
"CategoryMessageFile"=str(2):"c:\windows\system32\ESENT.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:d9c9de82
"s1"=dword:cb03927f
"s2"=dword:50b80eff
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:3d,1c,c2,54,f1,bd,84,73,0c,1f,ca,9a,0c,42,83,e1,64,f6,2c,cb,3e,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,f5,64,68,7a,52,c7,c6,94,ad,95,3c,a0,d3,d8,39,57,8b,..
"khjeh"=hex:7e,77,63,df,68,af,43,76,c3,52,5b,87,c6,be,dd,c9,1b,8b,62,ca,66,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e3,9a,20,34,55,57,b3,59,12,3a,d7,eb,d7,c1,ed,18,1e,ca,24,27,2e,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:42,e0,53,1a,cd,62,b8,af,55,5d,26,1e,b5,0e,f0,ab,33,14,f2,7b,d2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\000272b00026]
"001237cb2241"=hex:d2,36,2d,8a,64,34,3b,c1,f0,1e,2a,39,96,3d,bf,38
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:3d,1c,c2,54,f1,bd,84,73,0c,1f,ca,9a,0c,42,83,e1,64,f6,2c,cb,3e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,f5,64,68,7a,52,c7,c6,94,ad,95,3c,a0,d3,d8,39,57,8b,..
"khjeh"=hex:7e,77,63,df,68,af,43,76,c3,52,5b,87,c6,be,dd,c9,1b,8b,62,ca,66,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e3,9a,20,34,55,57,b3,59,12,3a,d7,eb,d7,c1,ed,18,1e,ca,24,27,2e,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:42,e0,53,1a,cd,62,b8,af,55,5d,26,1e,b5,0e,f0,ab,33,14,f2,7b,d2,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\xd8\x2022\x20ac|\xff\xff\xff\xff\22\x2022\x20ac|\xf9\x2022\xd4w\2]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\Software\Adobe\FeatureSubscriptions\DVAAdobeDocMeta\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\Registered"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------


Files with Hidden Attributes:

Mon 4 Dec 2006 4 A..H. --- "C:\WINDOWS\uccspecb.sys"
Fri 17 Nov 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 4 Oct 2006 3,072,000 A..H. --- "C:\Documents and Settings\Home\Application Data\U3\temp\Launchpad Removal.exe"

Finished!


and here is the hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:23:45 PM, on 10/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\spyware\RRT.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\program files\Internet explorer\iexplore.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\DOCUME~1\Home\LOCALS~1\Temp\Rar$EX00.266\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll (file missing)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RRT-Auto] C:\spyware\RRT.exe auto
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [main] C:\WINDOWS\system32\drivers\system.exe
O4 - HKCU\..\Run: [default] C:\Documents and Settings\Home\winmain.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [sysinit] C:\WINDOWS\system32\drivers\system.exe
O4 - HKCU\..\RunOnce: [winmz] C:\Documents and Settings\Home\winmain.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PopupDummy! - {3C75C1F5-6D83-11d6-9855-00065B6980E9} - C:\Program Files\PopupDummy!\PopupDummy! 3.27.EXE (HKCU)
O9 - Extra 'Tools' menuitem: PopupDummy! - {3C75C1F5-6D83-11d6-9855-00065B6980E9} - C:\Program Files\PopupDummy!\PopupDummy! 3.27.EXE (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - https://www.webiqonline.com/WebIQ/bin/WebIQ.cab
O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} (Installer.InstallControl) - http://www.file2you.net/applet.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} (Enlite 2.x Simulation Engine Installer) - http://myitlab.pearsoned.com/Pegasus/Modul...ces/ax/stub.cab
O16 - DPF: {CF1C4A31-BD38-4DCB-BFDB-9E1854B6AAF1} (DVR Web Viewer) - http://www.dvrhost.com/control/viewer.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O16 - DPF: {FD163A9A-A3D8-4F7D-8224-32F81AC29EDA} (VPlayer Control) - http://video.vividas.com/CDN1/5029_paramou.../vivid_ocx.jpeg
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 13031 bytes



i ran the f secure online scanner and it found some spyware, i also disinfected those files...i couldn't give you the report for it because I had to leave while it was disinfecting and my computer had shut down so I dont want to rescan, it takes about 1 hr or so to finish just to show a log...if its real important I will do it again though, the computer seems to be looking clean after all these tests im not sure if its 100% clean though.

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 01 November 2007 - 06:06 AM

Please download OTMoveIt by OldTimer:
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe

Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths inside the quote box below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'):

C:\WINDOWS\system32\drivers\system.exe
C:\Documents and Settings\Home\winmain.exe

Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button Posted Image

Copy everything on the 'Results' window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'), and paste it into your next reply.
Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes.


Please download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

You should copy/print the following because you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (file missing)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll (file missing)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O4 - HKCU\..\Run: [main] C:\WINDOWS\system32\drivers\system.exe
O4 - HKCU\..\Run: [default] C:\Documents and Settings\Home\winmain.exe
O4 - HKCU\..\RunOnce: [sysinit] C:\WINDOWS\system32\drivers\system.exe
O4 - HKCU\..\RunOnce: [winmz] C:\Documents and Settings\Home\winmain.exe
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - https://www.webiqonline.com/WebIQ/bin/WebIQ.cab

Exit Hijackthis.

Scan with DrWeb-CureIt as follows:
* Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
* Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
* Once the short scan has finished, Click Options > Change settings
* Choose the "Scan tab" and UNcheck "Heuristic analysis"
* Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
* Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
* When done, a message will be displayed at the bottom advising if any viruses were found.
* Click "Yes to all" if it asks if you want to cure/move the file.
* When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
* Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
* Save the DrWeb.csv report to your desktop.
* Exit Dr.Web Cureit when done.
* Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
* After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

Also post a new Hijackthis log,let me know how your pc is running now.
Posted Image
Posted Image

#9 lilyungn

lilyungn
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 02 November 2007 - 01:55 PM

here is the drweb log:

=============================================================================
Dr.Web® Scanner for Windows v4.44.0 (4.44.0.09140)
Copyright © Igor Daniloff, 1992-2007
Log generated on: 2007-10-29, 00:16:18 [AHMAD][Home]
Command-line: "C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX0\setup.exe" /lng /ini:setup_XP.ini
Operating system:Windows XP Professional x86 (Build 2600), Service Pack 2
=============================================================================
DwShield started
Engine version: 4.44 (4.44.0.09170)
Engine API version: 2.02
[Virus database] C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX0\crwtoday.cdb - skipped
[Virus database] C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX0\crw44411.cdb - 1582 virus records
[Virus database] C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX0\crw44410.cdb - 1131 virus records
[Virus database] C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX0\crw44409.cdb - 2303 virus records
[Virus database] C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX0\crw44408.cdb - 3904 virus records
[Virus database] C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX0\crw44407.cdb - 2456 virus records
[Virus database] C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX0\crw44406.cdb - 4411 virus records
[Virus database] C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX0\crw44405.cdb - 1311 virus records
[Virus database] C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX0\crw44404.cdb - 2486 virus records
[Virus database] C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX0\crw44403.cdb - 4462 virus records
[Virus database] C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX0\crw44402.cdb - 94 virus records
[Virus database] C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX0\crw44401.cdb - 557 virus records
[Virus database] C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX0\crw44400.cdb - 945 virus records
[Virus database] C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX0\crwebase.cdb - 209466 virus records
[Virus database] C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX0\cwrtoday.cdb - 146 virus records
[Virus database] C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX0\cwntoday.cdb - skipped
[Virus database] C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX0\cwn44401.cdb - 698 virus records
[Virus database] C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX0\crwrisky.cdb - 2747 virus records
[Virus database] C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX0\crwnasty.cdb - 13534 virus records
Total virus records: 252233
Key file: C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX0\setup.key
License key number: 0010092936
Registered to: Dr.Web CureIt Project
License key activates on: 2007-02-05
License key expires on: 2010-02-11

[Scan path] c:\documents and settings\all users\start menu\programs\startup\desktop.ini
[Scan path] c:\documents and settings\home\desktop\drweb-cureit.exe
[Scan path] c:\documents and settings\home\local settings\temp\rarsfx0\_start.exe
[Scan path] c:\documents and settings\home\local settings\temp\rarsfx0\dwebllio.dll
[Scan path] c:\documents and settings\home\local settings\temp\rarsfx0\setup.exe
[Scan path] c:\documents and settings\home\start menu\programs\startup\desktop.ini
[Scan path] c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll
[Scan path] c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll
[Scan path] c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
[Scan path] c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe
[Scan path] c:\program files\aim6\aim6.exe
[Scan path] c:\program files\aim\aim.exe
[Scan path] c:\program files\alias\maya8.0\bin\base.dll
[Scan path] c:\program files\apoint\apoint.exe
[Scan path] c:\program files\belarc\advisor\system\bavoilax.dll
[Scan path] c:\program files\common files\adobe systems shared\service\adobelmsvc.exe
[Scan path] c:\program files\common files\adobe\calibration\adobe gamma loader.exe
[Scan path] c:\program files\common files\ahead\lib\mfc71.dll
[Scan path] c:\program files\common files\ahead\lib\msvcp71.dll
[Scan path] c:\program files\common files\ahead\lib\msvcr71.dll
[Scan path] c:\program files\common files\ahead\lib\nerocheck.exe
[Scan path] c:\program files\common files\ahead\lib\nerodigitalext.dll
[Scan path] c:\program files\common files\ahead\lib\nmindexingservice.exe
[Scan path] c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe
[Scan path] c:\program files\common files\microsoft shared\help\hxds.dll
[Scan path] c:\program files\common files\microsoft shared\office12\msoshext.dll
[Scan path] c:\program files\common files\microsoft shared\office12\msoxmlmf.dll
[Scan path] c:\program files\common files\microsoft shared\office12\odserv.exe
[Scan path] c:\program files\common files\microsoft shared\source engine\ose.exe
[Scan path] c:\program files\common files\microsoft shared\web folders\msonsext.dll
[Scan path] c:\program files\common files\real\update_ob\realsched.exe
[Scan path] c:\program files\common files\system\ole db\oledb32.dll
[Scan path] c:\program files\cyberlink\shared files\richvideo.exe
[Scan path] c:\program files\dell photo printer 720\dlbcserv.exe
[Scan path] c:\program files\dell\nicconfigsvc\nicconfigsvc.exe
[Scan path] c:\program files\digidesign\pro tools\digisptiservice.exe
[Scan path] c:\program files\google\common\google updater\googleupdaterservice.exe
[Scan path] c:\program files\google\googletoolbar3.dll
[Scan path] c:\program files\google\googletoolbarnotifier\2.0.301.7164\swg.dll
[Scan path] c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe
[Scan path] c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe
[Scan path] c:\program files\grisoft\avg anti-spyware 7.5\engine.dll
[Scan path] c:\program files\grisoft\avg anti-spyware 7.5\guard.exe
[Scan path] c:\program files\grisoft\avg anti-spyware 7.5\guard.sys
[Scan path] c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll
[Scan path] c:\program files\intel\wireless\bin\c1xstngs.dll
[Scan path] c:\program files\intel\wireless\bin\evteng.exe
[Scan path] c:\program files\intel\wireless\bin\lgnotify.dll
[Scan path] c:\program files\intel\wireless\bin\libeay32.dll
[Scan path] c:\program files\intel\wireless\bin\lsawrapi.dll
[Scan path] c:\program files\intel\wireless\bin\murocapi.dll
[Scan path] c:\program files\intel\wireless\bin\pfmgrapi.dll
[Scan path] c:\program files\intel\wireless\bin\psregapi.dll
[Scan path] c:\program files\intel\wireless\bin\regsrvc.exe
[Scan path] c:\program files\intel\wireless\bin\s24evmon.exe
[Scan path] c:\program files\intel\wireless\bin\s24mudll.dll
[Scan path] c:\program files\intel\wireless\bin\traceapi.dll
[Scan path] c:\program files\intel\wireless\bin\wlkeeper.exe
[Scan path] c:\program files\intel\wireless\bin\zcfgsvc.exe
[Scan path] c:\program files\ipod\bin\ipodservice.exe
[Scan path] c:\program files\itunes\ituneshelper.exe
[Scan path] c:\program files\itunes\itunesminiplayer.dll
[Scan path] c:\program files\java\jre1.5.0_10\bin\jusched.exe
[Scan path] c:\program files\messenger\msmsgs.exe
[Scan path] c:\program files\microsoft activesync\wcescomm.exe
[Scan path] c:\program files\microsoft activesync\wcesview.dll
[Scan path] c:\program files\microsoft office\office12\grooveauditservice.exe
[Scan path] c:\program files\microsoft office\office12\groovemonitor.exe
[Scan path] c:\program files\microsoft office\office12\groovesystemservices.dll
[Scan path] c:\program files\microsoft office\office12\mlshext.dll
[Scan path] c:\program files\microsoft office\office12\msohevi.dll
[Scan path] c:\program files\microsoft office\office12\olkfstub.dll
[Scan path] c:\program files\microsoft office\office12\onenotem.exe
[Scan path] c:\program files\microsoft office\office12\onfilter.dll
[Scan path] c:\program files\microsoft sql server\80\tools\binn\sqladhlp.exe
[Scan path] c:\program files\nero\nero 7\nero backitup\nbservice.exe
[Scan path] c:\program files\nero\nero 7\nero coverdesigner\coveredextension.dll
[Scan path] c:\program files\outlook express\setup50.exe
[Scan path] c:\program files\outlook express\wabfind.dll
[Scan path] c:\program files\poweriso\pwrisosh.dll
[Scan path] c:\program files\poweriso\pwrisovm.exe
[Scan path] c:\program files\quicktime\qttask.exe
[Scan path] c:\program files\real\realplayer\rpshell.dll
[Scan path] c:\program files\sonic\sonic solutions product cd\recordnow!\shlext.dll
[Scan path] c:\program files\sony\shared plug-ins\media manager\mssql$sony_mediamgr\binn\sqlagent.exe
[Scan path] c:\program files\sony\shared plug-ins\media manager\mssql$sony_mediamgr\binn\sqlservr.exe
[Scan path] c:\program files\viewpoint\common\viewpointservice.exe
[Scan path] c:\program files\windows media player\wmpnetwk.exe
[Scan path] c:\program files\windows media player\wmpnscfg.exe
[Scan path] c:\program files\winrar\rarext.dll
[Scan path] c:\windows\apppatch\acadproc.dll
[Scan path] c:\windows\apppatch\acgenral.dll
[Scan path] c:\windows\ehome\ehrecvr.exe
[Scan path] c:\windows\ehome\ehsched.exe
[Scan path] c:\windows\ehome\mcrdsvc.exe
[Scan path] c:\windows\ehome\rmsvc.exe
[Scan path] c:\windows\ehome\rmsystry.exe
[Scan path] c:\windows\explorer.exe
[Scan path] c:\windows\iexplore.exe
[Scan path] c:\windows\inf\easycdblock.inf
[Scan path] c:\windows\inf\mcdftreg.inf
[Scan path] c:\windows\inf\msmsgs.inf
[Scan path] c:\windows\inf\msnetmtg.inf
[Scan path] c:\windows\inf\unregmp2.exe
[Scan path] c:\windows\inf\wmp11.inf
[Scan path] c:\windows\inf\wpie4x86.inf
[Scan path] c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe
[Scan path] c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
[Scan path] c:\windows\msagent\agentpsh.dll
[Scan path] c:\windows\pchealth\helpctr\binaries\pchsvc.dll
[Scan path] c:\windows\system32\advapi32.dll
[Scan path] c:\windows\system32\advpack.dll
[Scan path] c:\windows\system32\aivskurq.dll
[Scan path] c:\windows\system32\alg.exe
[Scan path] c:\windows\system32\alrsvc.dll
[Scan path] c:\windows\system32\apphelp.dll
[Scan path] c:\windows\system32\appmgmts.dll
[Scan path] c:\windows\system32\appwiz.cpl
[Scan path] c:\windows\system32\ati2evxx.dll
[Scan path] c:\windows\system32\ati2evxx.exe
[Scan path] c:\windows\system32\atl.dll
[Scan path] c:\windows\system32\audiodev.dll
[Scan path] c:\windows\system32\audiosrv.dll
[Scan path] c:\windows\system32\authz.dll
[Scan path] c:\windows\system32\autochk.exe
[Scan path] c:\windows\system32\basesrv.dll
[Scan path] c:\windows\system32\browselc.dll
[Scan path] c:\windows\system32\browser.dll
[Scan path] c:\windows\system32\browseui.dll
[Scan path] c:\windows\system32\bthprops.cpl
[Scan path] c:\windows\system32\bthserv.dll
[Scan path] c:\windows\system32\cabview.dll
[Scan path] c:\windows\system32\certcli.dll
[Scan path] c:\windows\system32\cisvc.exe
[Scan path] c:\windows\system32\clbcatq.dll
[Scan path] c:\windows\system32\clipsrv.exe
[Scan path] c:\windows\system32\cnbjmon.dll
[Scan path] c:\windows\system32\cnbjmon2.dll
[Scan path] c:\windows\system32\comctl32.dll
[Scan path] c:\windows\system32\comdlg32.dll
[Scan path] c:\windows\system32\comres.dll
[Scan path] c:\windows\system32\crypt32.dll
[Scan path] c:\windows\system32\cryptdll.dll
[Scan path] c:\windows\system32\cryptext.dll
[Scan path] c:\windows\system32\cryptnet.dll
[Scan path] c:\windows\system32\cryptsvc.dll
[Scan path] c:\windows\system32\cryptui.dll
[Scan path] c:\windows\system32\cscdll.dll
[Scan path] c:\windows\system32\cscui.dll
[Scan path] c:\windows\system32\csrsrv.dll
[Scan path] c:\windows\system32\csrss.exe
[Scan path] c:\windows\system32\ctfmon.exe
[Scan path] c:\windows\system32\davclnt.dll
[Scan path] c:\windows\system32\deskadp.dll
[Scan path] c:\windows\system32\deskmon.dll
[Scan path] c:\windows\system32\deskperf.dll
[Scan path] c:\windows\system32\dfshim.dll
[Scan path] c:\windows\system32\dfsshlex.dll
[Scan path] c:\windows\system32\dhcpcsvc.dll
[Scan path] c:\windows\system32\diskcopy.dll
[Scan path] c:\windows\system32\dla\tfsnboio.sys
[Scan path] c:\windows\system32\dla\tfsncofs.sys
[Scan path] c:\windows\system32\dla\tfsndrct.sys
[Scan path] c:\windows\system32\dla\tfsndres.sys
[Scan path] c:\windows\system32\dla\tfsnifs.sys
[Scan path] c:\windows\system32\dla\tfsnopio.sys
[Scan path] c:\windows\system32\dla\tfsnpool.sys
[Scan path] c:\windows\system32\dla\tfsnudf.sys
[Scan path] c:\windows\system32\dla\tfsnudfa.sys
[Scan path] c:\windows\system32\dla\tfswshx.dll
[Scan path] c:\windows\system32\dllhost.exe
[Scan path] c:\windows\system32\dmadmin.exe
[Scan path] c:\windows\system32\dmserver.dll
[Scan path] c:\windows\system32\dnsapi.dll
[Scan path] c:\windows\system32\dnsrslvr.dll
[Scan path] c:\windows\system32\docprop.dll
[Scan path] c:\windows\system32\docprop2.dll
[Scan path] c:\windows\system32\drivers\acpi.sys
[Scan path] c:\windows\system32\drivers\aec.sys
[Scan path] c:\windows\system32\drivers\aegisp.sys
[Scan path] c:\windows\system32\drivers\afd.sys
[Scan path] c:\windows\system32\drivers\apfiltr.sys
[Scan path] c:\windows\system32\drivers\appdrv.sys
[Scan path] c:\windows\system32\drivers\arp1394.sys
[Scan path] c:\windows\system32\drivers\asyncmac.sys
[Scan path] c:\windows\system32\drivers\atapi.sys
[Scan path] c:\windows\system32\drivers\ati2mtag.sys
[Scan path] c:\windows\system32\drivers\atmarpc.sys
[Scan path] c:\windows\system32\drivers\audstub.sys
[Scan path] c:\windows\system32\drivers\avgascln.sys
[Scan path] c:\windows\system32\drivers\bantext.sys
[Scan path] c:\windows\system32\drivers\bcm4sbxp.sys
[Scan path] c:\windows\system32\drivers\bthenum.sys
[Scan path] c:\windows\system32\drivers\bthmodem.sys
[Scan path] c:\windows\system32\drivers\bthpan.sys
[Scan path] c:\windows\system32\drivers\bthport.sys
[Scan path] c:\windows\system32\drivers\bthusb.sys
[Scan path] c:\windows\system32\drivers\cdrom.sys
[Scan path] c:\windows\system32\drivers\cmbatt.sys
[Scan path] c:\windows\system32\drivers\compbatt.sys
[Scan path] c:\windows\system32\drivers\disk.sys
[Scan path] c:\windows\system32\drivers\dmboot.sys
[Scan path] c:\windows\system32\drivers\dmio.sys
[Scan path] c:\windows\system32\drivers\dmload.sys
[Scan path] c:\windows\system32\drivers\dmusic.sys
[Scan path] c:\windows\system32\drivers\drmkaud.sys
[Scan path] c:\windows\system32\drivers\drvmcdb.sys
[Scan path] c:\windows\system32\drivers\drvnddm.sys
[Scan path] c:\windows\system32\drivers\dtscsi.sys
[Scan path] c:\windows\system32\drivers\fltmgr.sys
[Scan path] c:\windows\system32\drivers\ftdisk.sys
[Scan path] c:\windows\system32\drivers\gearaspiwdm.sys
[Scan path] c:\windows\system32\drivers\hardlock.sys
[Scan path] c:\windows\system32\drivers\haspnt.sys
[Scan path] c:\windows\system32\drivers\hidusb.sys
[Scan path] c:\windows\system32\drivers\hopperp.sys
[Scan path] c:\windows\system32\drivers\hsf_cnxt.sys
[Scan path] c:\windows\system32\drivers\hsf_dp.sys
[Scan path] c:\windows\system32\drivers\hsfhwich.sys
[Scan path] c:\windows\system32\drivers\http.sys
[Scan path] c:\windows\system32\drivers\i8042prt.sys
[Scan path] c:\windows\system32\drivers\imapi.sys
[Scan path] c:\windows\system32\drivers\intelide.sys
[Scan path] c:\windows\system32\drivers\intelppm.sys
[Scan path] c:\windows\system32\drivers\ip6fw.sys
c:\windows\system32\drivers\ip6fw.sys infected with BackDoor.Bulknet - deleted

[Scan path] c:\windows\system32\drivers\ipfltdrv.sys
[Scan path] c:\windows\system32\drivers\ipinip.sys
[Scan path] c:\windows\system32\drivers\ipnat.sys
[Scan path] c:\windows\system32\drivers\ipsec.sys
[Scan path] c:\windows\system32\drivers\irenum.sys
[Scan path] c:\windows\system32\drivers\isapnp.sys
[Scan path] c:\windows\system32\drivers\iwca.sys
[Scan path] c:\windows\system32\drivers\kbdclass.sys
[Scan path] c:\windows\system32\drivers\kmixer.sys
[Scan path] c:\windows\system32\drivers\mdmxsdk.sys
[Scan path] c:\windows\system32\drivers\mhndrv.sys
[Scan path] c:\windows\system32\drivers\mouclass.sys
[Scan path] c:\windows\system32\drivers\mouhid.sys
[Scan path] c:\windows\system32\drivers\mrxdav.sys
[Scan path] c:\windows\system32\drivers\mrxsmb.sys
[Scan path] c:\windows\system32\drivers\msgpc.sys
[Scan path] c:\windows\system32\drivers\mskssrv.sys
[Scan path] c:\windows\system32\drivers\mspclock.sys
[Scan path] c:\windows\system32\drivers\mspqm.sys
[Scan path] c:\windows\system32\drivers\mssmbios.sys
[Scan path] c:\windows\system32\drivers\ndistapi.sys
[Scan path] c:\windows\system32\drivers\ndisuio.sys
[Scan path] c:\windows\system32\drivers\ndiswan.sys
[Scan path] c:\windows\system32\drivers\netbios.sys
[Scan path] c:\windows\system32\drivers\netbt.sys
[Scan path] c:\windows\system32\drivers\nic1394.sys
[Scan path] c:\windows\system32\drivers\nwlnkflt.sys
[Scan path] c:\windows\system32\drivers\nwlnkfwd.sys
[Scan path] c:\windows\system32\drivers\ohci1394.sys
[Scan path] c:\windows\system32\drivers\omci.sys
[Scan path] c:\windows\system32\drivers\pci.sys
[Scan path] c:\windows\system32\drivers\pciide.sys
[Scan path] c:\windows\system32\drivers\pcmcia.sys
[Scan path] c:\windows\system32\drivers\pfc.sys
[Scan path] c:\windows\system32\drivers\psched.sys
[Scan path] c:\windows\system32\drivers\ptilink.sys
[Scan path] c:\windows\system32\drivers\pxhelp20.sys
[Scan path] c:\windows\system32\drivers\qwavedrv.sys
[Scan path] c:\windows\system32\drivers\rasacd.sys
[Scan path] c:\windows\system32\drivers\rasl2tp.sys
[Scan path] c:\windows\system32\drivers\raspppoe.sys
[Scan path] c:\windows\system32\drivers\raspptp.sys
[Scan path] c:\windows\system32\drivers\raspti.sys
[Scan path] c:\windows\system32\drivers\rdbss.sys
[Scan path] c:\windows\system32\drivers\rdpcdd.sys
[Scan path] c:\windows\system32\drivers\rdpdr.sys
[Scan path] c:\windows\system32\drivers\rdpwd.sys
[Scan path] c:\windows\system32\drivers\redbook.sys
[Scan path] c:\windows\system32\drivers\rfcomm.sys
[Scan path] c:\windows\system32\drivers\s24trans.sys
[Scan path] c:\windows\system32\drivers\sdbus.sys
[Scan path] c:\windows\system32\drivers\secdrv.sys
[Scan path] c:\windows\system32\drivers\sentinel.sys
[Scan path] c:\windows\system32\drivers\sffdisk.sys
[Scan path] c:\windows\system32\drivers\sffp_sd.sys
[Scan path] c:\windows\system32\drivers\sntnlusb.sys
[Scan path] c:\windows\system32\drivers\splitter.sys
[Scan path] c:\windows\system32\drivers\sptd.sys
[Scan path] c:\windows\system32\drivers\sr.sys
[Scan path] c:\windows\system32\drivers\srv.sys
[Scan path] c:\windows\system32\drivers\sscdbhk5.sys
[Scan path] c:\windows\system32\drivers\ssrtln.sys
[Scan path] c:\windows\system32\drivers\stac97.sys
[Scan path] c:\windows\system32\drivers\swenum.sys
[Scan path] c:\windows\system32\drivers\swmidi.sys
[Scan path] c:\windows\system32\drivers\sysaudio.sys
[Scan path] c:\windows\system32\drivers\system.exe
>c:\windows\system32\drivers\system.exe infected with Trojan.DownLoader.origin - incurable - moved

[Scan path] c:\windows\system32\drivers\tcpip.sys
[Scan path] c:\windows\system32\drivers\tdpipe.sys
[Scan path] c:\windows\system32\drivers\tdtcp.sys
[Scan path] c:\windows\system32\drivers\termdd.sys
[Scan path] c:\windows\system32\drivers\uks11ldr.sys
[Scan path] c:\windows\system32\drivers\update.sys
[Scan path] c:\windows\system32\drivers\usb8023x.sys
[Scan path] c:\windows\system32\drivers\usbaudio.sys
[Scan path] c:\windows\system32\drivers\usbccgp.sys
[Scan path] c:\windows\system32\drivers\usbehci.sys
[Scan path] c:\windows\system32\drivers\usbhub.sys
[Scan path] c:\windows\system32\drivers\usbkt1x1.sys
[Scan path] c:\windows\system32\drivers\usbprint.sys
[Scan path] c:\windows\system32\drivers\usbscan.sys
[Scan path] c:\windows\system32\drivers\usbstor.sys
[Scan path] c:\windows\system32\drivers\usbuhci.sys
[Scan path] c:\windows\system32\drivers\vga.sys
[Scan path] c:\windows\system32\drivers\w29n51.sys
[Scan path] c:\windows\system32\drivers\wanarp.sys
[Scan path] c:\windows\system32\drivers\wceusbsh.sys
[Scan path] c:\windows\system32\drivers\wdmaud.sys
[Scan path] c:\windows\system32\drivers\wudfpf.sys
[Scan path] c:\windows\system32\drivers\wudfrd.sys
[Scan path] c:\windows\system32\drprov.dll
[Scan path] c:\windows\system32\dskquoui.dll
[Scan path] c:\windows\system32\dsquery.dll
[Scan path] c:\windows\system32\dssec.dll
[Scan path] c:\windows\system32\dssenh.dll
[Scan path] c:\windows\system32\dsuiext.dll
[Scan path] c:\windows\system32\ersvc.dll
[Scan path] c:\windows\system32\es.dll
[Scan path] c:\windows\system32\esent.dll
[Scan path] c:\windows\system32\eventlog.dll
[Scan path] c:\windows\system32\extmgr.dll
[Scan path] c:\windows\system32\fontext.dll
[Scan path] c:\windows\system32\gdi32.dll
[Scan path] c:\windows\system32\hhctrl.ocx
[Scan path] c:\windows\system32\hnetcfg.dll
[Scan path] c:\windows\system32\hticons.dll
[Scan path] c:\windows\system32\icmui.dll
[Scan path] c:\windows\system32\ie4uinit.exe
[Scan path] c:\windows\system32\iedkcs32.dll
[Scan path] c:\windows\system32\ieframe.dll
[Scan path] c:\windows\system32\iertutil.dll
[Scan path] c:\windows\system32\ieudinit.exe
[Scan path] c:\windows\system32\imagehlp.dll
[Scan path] c:\windows\system32\imapi.exe
[Scan path] c:\windows\system32\imm32.dll
[Scan path] c:\windows\system32\inetcomm.dll
[Scan path] c:\windows\system32\iphlpapi.dll
[Scan path] c:\windows\system32\ipnathlp.dll
[Scan path] c:\windows\system32\itss.dll
[Scan path] c:\windows\system32\kerberos.dll
[Scan path] c:\windows\system32\kernel32.dll
[Scan path] c:\windows\system32\lexbces.exe
[Scan path] c:\windows\system32\lexlmpm.dll
[Scan path] c:\windows\system32\linkinfo.dll
[Scan path] c:\windows\system32\lmhsvc.dll
[Scan path] c:\windows\system32\localspl.dll
[Scan path] c:\windows\system32\locator.exe
[Scan path] c:\windows\system32\logonui.exe
[Scan path] c:\windows\system32\lsasrv.dll
[Scan path] c:\windows\system32\lsass.exe
[Scan path] c:\windows\system32\lz32.dll
[Scan path] c:\windows\system32\mfc71enu.dll
[Scan path] c:\windows\system32\mhn.dll
[Scan path] c:\windows\system32\mlang.dll
[Scan path] c:\windows\system32\mmcshext.dll
[Scan path] c:\windows\system32\mmsys.cpl
[Scan path] c:\windows\system32\mnmsrvc.exe
[Scan path] c:\windows\system32\mpr.dll
[Scan path] c:\windows\system32\mprdim.dll
[Scan path] c:\windows\system32\msacm32.dll
[Scan path] c:\windows\system32\msasn1.dll
[Scan path] c:\windows\system32\mscoree.dll
[Scan path] c:\windows\system32\mscories.dll
[Scan path] c:\windows\system32\msctfime.ime
[Scan path] c:\windows\system32\msdtc.exe
[Scan path] c:\windows\system32\msgina.dll
[Scan path] c:\windows\system32\msgsvc.dll
[Scan path] c:\windows\system32\mshtml.dll
[Scan path] c:\windows\system32\msi.dll
[Scan path] c:\windows\system32\msieftp.dll
[Scan path] c:\windows\system32\msiexec.exe
[Scan path] c:\windows\system32\msimg32.dll
[Scan path] c:\windows\system32\msonpmon.dll
[Scan path] c:\windows\system32\mspmsnsv.dll
[Scan path] c:\windows\system32\msprivs.dll
[Scan path] c:\windows\system32\mstask.dll
[Scan path] c:\windows\system32\msv1_0.dll
[Scan path] c:\windows\system32\msvbvm60.dll
[Scan path] c:\windows\system32\msvcp60.dll
[Scan path] c:\windows\system32\msvcrt.dll
[Scan path] c:\windows\system32\msvidctl.dll
[Scan path] c:\windows\system32\mswsock.dll
[Scan path] c:\windows\system32\mydocs.dll
[Scan path] c:\windows\system32\ncobjapi.dll
[Scan path] c:\windows\system32\nddeapi.dll
[Scan path] c:\windows\system32\netapi32.dll
[Scan path] c:\windows\system32\netdde.exe
[Scan path] c:\windows\system32\netlogon.dll
[Scan path] c:\windows\system32\netman.dll
[Scan path] c:\windows\system32\netplwiz.dll
[Scan path] c:\windows\system32\netrap.dll
[Scan path] c:\windows\system32\netshell.dll
[Scan path] c:\windows\system32\netui0.dll
[Scan path] c:\windows\system32\netui1.dll
[Scan path] c:\windows\system32\network.dll
[Scan path] c:\windows\system32\normaliz.dll
[Scan path] c:\windows\system32\ntdll.dll
[Scan path] c:\windows\system32\ntdsapi.dll
[Scan path] c:\windows\system32\ntlanman.dll
[Scan path] c:\windows\system32\ntlanui2.dll
[Scan path] c:\windows\system32\ntmarta.dll
[Scan path] c:\windows\system32\ntmssvc.dll
[Scan path] c:\windows\system32\ntsd.exe
[Scan path] c:\windows\system32\ntshrui.dll
[Scan path] c:\windows\system32\occache.dll
[Scan path] c:\windows\system32\odbc32.dll
[Scan path] c:\windows\system32\odbcint.dll
[Scan path] c:\windows\system32\ole32.dll
[Scan path] c:\windows\system32\oleaut32.dll
[Scan path] c:\windows\system32\olecli32.dll
[Scan path] c:\windows\system32\olecnv32.dll
[Scan path] c:\windows\system32\oledlg.dll
[Scan path] c:\windows\system32\olepro32.dll
[Scan path] c:\windows\system32\olesvr32.dll
[Scan path] c:\windows\system32\olethk32.dll
[Scan path] c:\windows\system32\photowiz.dll
[Scan path] c:\windows\system32\pjlmon.dll
[Scan path] c:\windows\system32\portabledeviceapi.dll
[Scan path] c:\windows\system32\powrprof.dll
[Scan path] c:\windows\system32\printui.dll
[Scan path] c:\windows\system32\profmap.dll
[Scan path] c:\windows\system32\psapi.dll
[Scan path] c:\windows\system32\qmgr.dll
[Scan path] c:\windows\system32\qwave.dll
[Scan path] c:\windows\system32\rasadhlp.dll
[Scan path] c:\windows\system32\rasauto.dll
[Scan path] c:\windows\system32\rasmans.dll
[Scan path] c:\windows\system32\regapi.dll
[Scan path] c:\windows\system32\regsvc.dll
[Scan path] c:\windows\system32\regsvr32.exe
[Scan path] c:\windows\system32\remotepg.dll
[Scan path] c:\windows\system32\riched20.dll
[Scan path] c:\windows\system32\riched32.dll
[Scan path] c:\windows\system32\rpcrt4.dll
[Scan path] c:\windows\system32\rpcss.dll
[Scan path] c:\windows\system32\rsaenh.dll
[Scan path] c:\windows\system32\rshx32.dll
[Scan path] c:\windows\system32\rsvp.exe
[Scan path] c:\windows\system32\rsvpsp.dll
[Scan path] c:\windows\system32\rundll32.exe
[Scan path] c:\windows\system32\samlib.dll
[Scan path] c:\windows\system32\samsrv.dll
[Scan path] c:\windows\system32\scardsvr.exe
[Scan path] c:\windows\system32\scecli.dll
[Scan path] c:\windows\system32\scesrv.dll
[Scan path] c:\windows\system32\schannel.dll
[Scan path] c:\windows\system32\schedsvc.dll
[Scan path] c:\windows\system32\sclgntfy.dll
[Scan path] c:\windows\system32\seclogon.dll
[Scan path] c:\windows\system32\secur32.dll
[Scan path] c:\windows\system32\sendmail.dll
[Scan path] c:\windows\system32\sens.dll
[Scan path] c:\windows\system32\sensapi.dll
[Scan path] c:\windows\system32\services.exe
[Scan path] c:\windows\system32\sessmgr.exe
[Scan path] c:\windows\system32\setupapi.dll
[Scan path] c:\windows\system32\sfc.dll
[Scan path] c:\windows\system32\sfc_os.dll
[Scan path] c:\windows\system32\shdoclc.dll
[Scan path] c:\windows\system32\shdocvw.dll
[Scan path] c:\windows\system32\shell32.dll
[Scan path] c:\windows\system32\shfolder.dll
[Scan path] c:\windows\system32\shimeng.dll
[Scan path] c:\windows\system32\shimgvw.dll
[Scan path] c:\windows\system32\shlwapi.dll
[Scan path] c:\windows\system32\shmedia.dll
[Scan path] c:\windows\system32\shmgrate.exe
[Scan path] c:\windows\system32\shscrap.dll
[Scan path] c:\windows\system32\shsvcs.dll
[Scan path] c:\windows\system32\slayerxp.dll
[Scan path] c:\windows\system32\smlogsvc.exe
[Scan path] c:\windows\system32\smss.exe
[Scan path] c:\windows\system32\spoolsv.exe
[Scan path] c:\windows\system32\srsvc.dll
[Scan path] c:\windows\system32\srvsvc.dll
[Scan path] c:\windows\system32\ssdpsrv.dll
[Scan path] c:\windows\system32\stobject.dll
[Scan path] c:\windows\system32\svchost.exe
[Scan path] c:\windows\system32\sxs.dll
[Scan path] c:\windows\system32\syncui.dll
[Scan path] c:\windows\system32\tapisrv.dll
[Scan path] c:\windows\system32\tcpmon.dll
[Scan path] c:\windows\system32\termsrv.dll
[Scan path] c:\windows\system32\themeui.dll
[Scan path] c:\windows\system32\tlntsvr.exe
[Scan path] c:\windows\system32\trkwks.dll
[Scan path] c:\windows\system32\twext.dll
[Scan path] c:\windows\system32\umpnpmgr.dll
[Scan path] c:\windows\system32\upnphost.dll
[Scan path] c:\windows\system32\upnpui.dll
[Scan path] c:\windows\system32\ups.exe
[Scan path] c:\windows\system32\url.dll
[Scan path] c:\windows\system32\urlmon.dll
[Scan path] c:\windows\system32\usbmon.dll
[Scan path] c:\windows\system32\user32.dll
[Scan path] c:\windows\system32\userenv.dll
[Scan path] c:\windows\system32\userinit.exe
[Scan path] c:\windows\system32\uxtheme.dll
[Scan path] c:\windows\system32\version.dll
[Scan path] c:\windows\system32\vssapi.dll
[Scan path] c:\windows\system32\vssvc.exe
[Scan path] c:\windows\system32\vvgeowbv.exe
[Scan path] c:\windows\system32\w32time.dll
[Scan path] c:\windows\system32\w3ssl.dll
[Scan path] c:\windows\system32\wbem\esscli.dll
[Scan path] c:\windows\system32\wbem\fastprox.dll
[Scan path] c:\windows\system32\wbem\ncprov.dll
[Scan path] c:\windows\system32\wbem\repdrvfs.dll
[Scan path] c:\windows\system32\wbem\wbemcomn.dll
[Scan path] c:\windows\system32\wbem\wbemcore.dll
[Scan path] c:\windows\system32\wbem\wbemess.dll
[Scan path] c:\windows\system32\wbem\wbemsvc.dll
[Scan path] c:\windows\system32\wbem\winmgmt.exe
[Scan path] c:\windows\system32\wbem\wmiapsrv.exe
[Scan path] c:\windows\system32\wbem\wmiprvsd.dll
[Scan path] c:\windows\system32\wbem\wmisvc.dll
[Scan path] c:\windows\system32\wbem\wmiutils.dll
[Scan path] c:\windows\system32\wdigest.dll
[Scan path] c:\windows\system32\webcheck.dll
[Scan path] c:\windows\system32\webclnt.dll
[Scan path] c:\windows\system32\wgalogon.dll
[Scan path] c:\windows\system32\wiascr.dll
[Scan path] c:\windows\system32\wiaservc.dll
[Scan path] c:\windows\system32\wiashext.dll
[Scan path] c:\windows\system32\winhttp.dll
[Scan path] c:\windows\system32\wininet.dll
[Scan path] c:\windows\system32\winlogon.exe
[Scan path] c:\windows\system32\winlogon.scr
>c:\windows\system32\winlogon.scr infected with Trojan.DownLoader.origin - incurable - moved

[Scan path] c:\windows\system32\winmm.dll
[Scan path] c:\windows\system32\winrnr.dll
[Scan path] c:\windows\system32\winscard.dll
[Scan path] c:\windows\system32\winspool.drv
[Scan path] c:\windows\system32\winsrv.dll
[Scan path] c:\windows\system32\winsta.dll
[Scan path] c:\windows\system32\wintrust.dll
[Scan path] c:\windows\system32\wkssvc.dll
[Scan path] c:\windows\system32\wldap32.dll
[Scan path] c:\windows\system32\wlnotify.dll
[Scan path] c:\windows\system32\wmpshell.dll
[Scan path] c:\windows\system32\wpdshext.dll
[Scan path] c:\windows\system32\wpdshserviceobj.dll
[Scan path] c:\windows\system32\ws2_32.dll
[Scan path] c:\windows\system32\ws2help.dll
[Scan path] c:\windows\system32\wscsvc.dll
[Scan path] c:\windows\system32\wshbth.dll
[Scan path] c:\windows\system32\wshext.dll
[Scan path] c:\windows\system32\wshtcpip.dll
[Scan path] c:\windows\system32\wsock32.dll
[Scan path] c:\windows\system32\wtsapi32.dll
[Scan path] c:\windows\system32\wuaucpl.cpl
[Scan path] c:\windows\system32\wuauserv.dll
[Scan path] c:\windows\system32\wudfsvc.dll
[Scan path] c:\windows\system32\wzcsvc.dll
[Scan path] c:\windows\system32\xmlprov.dll
[Scan path] c:\windows\system32\xpsp2res.dll
[Scan path] c:\windows\system32\zipfldr.dll
[Scan path] c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[Scan path] c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 570
Infected objects found: 3
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Cured: 0
Deleted: 1
Renamed: 0
Moved: 2
Ignored: 0
Scan speed: 655 Kb/s
Scan time: 00:04:06
-----------------------------------------------------------------------------

=============================================================================
Total session statistics
=============================================================================
Objects scanned: 570
Infected objects found: 3
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Cured: 0
Deleted: 1
Renamed: 0
Moved: 2
Ignored: 0
Scan speed: 655 Kb/s
Scan time: 00:04:06
=============================================================================

=============================================================================
Dr.Web® Scanner for Windows v4.44.0 (4.44.0.09140)
Copyright © Igor Daniloff, 1992-2007
Log generated on: 2007-10-29, 20:07:47 [AHMAD][Home]
Command-line: "C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX1\setup.exe" /lng /ini:setup_XP.ini
Operating system:Windows XP Professional x86 (Build 2600), Service Pack 2
=============================================================================
DwShield started
Engine version: 4.44 (4.44.0.09170)
Engine API version: 2.02
[Virus database] C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX1\crwtoday.cdb - skipped
[Virus database] C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX1\crw44411.cdb - 1582 virus records
[Virus database] C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX1\crw44410.cdb - 1131 virus records
[Virus database] C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX1\crw44409.cdb - 2303 virus records
[Virus database] C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX1\crw44408.cdb - 3904 virus records
[Virus database] C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX1\crw44407.cdb - 2456 virus records
[Virus database] C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX1\crw44406.cdb - 4411 virus records
[Virus database] C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX1\crw44405.cdb - 1311 virus records
[Virus database] C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX1\crw44404.cdb - 2486 virus records
[Virus database] C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX1\crw44403.cdb - 4462 virus records
[Virus database] C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX1\crw44402.cdb - 94 virus records
[Virus database] C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX1\crw44401.cdb - 557 virus records
[Virus database] C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX1\crw44400.cdb - 945 virus records
[Virus database] C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX1\crwebase.cdb - 209466 virus records
[Virus database] C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX1\cwrtoday.cdb - 146 virus records
[Virus database] C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX1\cwntoday.cdb - skipped
[Virus database] C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX1\cwn44401.cdb - 698 virus records
[Virus database] C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX1\crwrisky.cdb - 2747 virus records
[Virus database] C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX1\crwnasty.cdb - 13534 virus records
Total virus records: 252233
Key file: C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX1\setup.key
License key number: 0010092936
Registered to: Dr.Web CureIt Project
License key activates on: 2007-02-05
License key expires on: 2010-02-11

[Scan path] c:\documents and settings\all users\start menu\programs\startup\desktop.ini
[Scan path] c:\documents and settings\home\local settings\temp\rarsfx1\_start.exe
[Scan path] c:\documents and settings\home\local settings\temp\rarsfx1\dwebllio.dll
[Scan path] c:\documents and settings\home\local settings\temp\rarsfx1\setup.exe
[Scan path] c:\documents and settings\home\start menu\programs\startup\desktop.ini
[Scan path] c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll
[Scan path] c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll
[Scan path] c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
[Scan path] c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe
[Scan path] c:\program files\aim6\aim6.exe
[Scan path] c:\program files\aim\aim.exe
[Scan path] c:\program files\alias\maya8.0\bin\base.dll
[Scan path] c:\program files\apoint\apoint.exe
[Scan path] c:\program files\belarc\advisor\system\bavoilax.dll
[Scan path] c:\program files\common files\adobe systems shared\service\adobelmsvc.exe
[Scan path] c:\program files\common files\adobe\calibration\adobe gamma loader.exe
[Scan path] c:\program files\common files\ahead\lib\mfc71.dll
[Scan path] c:\program files\common files\ahead\lib\msvcp71.dll
[Scan path] c:\program files\common files\ahead\lib\msvcr71.dll
[Scan path] c:\program files\common files\ahead\lib\nerocheck.exe
[Scan path] c:\program files\common files\ahead\lib\nerodigitalext.dll
[Scan path] c:\program files\common files\ahead\lib\nmindexingservice.exe
[Scan path] c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe
[Scan path] c:\program files\common files\microsoft shared\dw\dwdcw20.dll
[Scan path] c:\program files\common files\microsoft shared\help\hxds.dll
[Scan path] c:\program files\common files\microsoft shared\office12\1033\msointl.dll
[Scan path] c:\program files\common files\microsoft shared\office12\msoshext.dll
[Scan path] c:\program files\common files\microsoft shared\office12\msoxmlmf.dll
[Scan path] c:\program files\common files\microsoft shared\office12\odserv.exe
[Scan path] c:\program files\common files\microsoft shared\source engine\ose.exe
[Scan path] c:\program files\common files\microsoft shared\web folders\msonsext.dll
[Scan path] c:\program files\common files\real\update_ob\realsched.exe
[Scan path] c:\program files\common files\system\ole db\oledb32.dll
[Scan path] c:\program files\cyberlink\shared files\richvideo.exe
[Scan path] c:\program files\dell photo printer 720\dlbcserv.exe
[Scan path] c:\program files\dell\nicconfigsvc\nicconfigsvc.exe
[Scan path] c:\program files\digidesign\pro tools\digisptiservice.exe
[Scan path] c:\program files\google\common\google updater\googleupdaterservice.exe
[Scan path] c:\program files\google\googletoolbar3.dll
[Scan path] c:\program files\google\googletoolbarnotifier\2.0.301.7164\swg.dll
[Scan path] c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe
[Scan path] c:\program files\grisoft\avg anti-spyware 7.5\guard.exe
[Scan path] c:\program files\grisoft\avg anti-spyware 7.5\guard.sys
[Scan path] c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll
[Scan path] c:\program files\intel\wireless\bin\c1xstngs.dll
[Scan path] c:\program files\intel\wireless\bin\evteng.exe
[Scan path] c:\program files\intel\wireless\bin\lgnotify.dll
[Scan path] c:\program files\intel\wireless\bin\libeay32.dll
[Scan path] c:\program files\intel\wireless\bin\lsawrapi.dll
[Scan path] c:\program files\intel\wireless\bin\murocapi.dll
[Scan path] c:\program files\intel\wireless\bin\pfmgrapi.dll
[Scan path] c:\program files\intel\wireless\bin\psregapi.dll
[Scan path] c:\program files\intel\wireless\bin\regsrvc.exe
[Scan path] c:\program files\intel\wireless\bin\s24evmon.exe
[Scan path] c:\program files\intel\wireless\bin\s24mudll.dll
[Scan path] c:\program files\intel\wireless\bin\traceapi.dll
[Scan path] c:\program files\intel\wireless\bin\wlkeeper.exe
[Scan path] c:\program files\intel\wireless\bin\zcfgsvc.exe
[Scan path] c:\program files\internet explorer\ieproxy.dll
[Scan path] c:\program files\internet explorer\iexplore.exe
[Scan path] c:\program files\ipod\bin\ipodservice.exe
[Scan path] c:\program files\itunes\ituneshelper.exe
[Scan path] c:\program files\itunes\itunesminiplayer.dll
[Scan path] c:\program files\java\jre1.5.0_10\bin\jusched.exe
[Scan path] c:\program files\messenger\msmsgs.exe
[Scan path] c:\program files\microsoft activesync\wcescomm.exe
[Scan path] c:\program files\microsoft activesync\wcesview.dll
[Scan path] c:\program files\microsoft office\office12\grooveauditservice.exe
[Scan path] c:\program files\microsoft office\office12\groovemonitor.exe
[Scan path] c:\program files\microsoft office\office12\groovesystemservices.dll
[Scan path] c:\program files\microsoft office\office12\mlshext.dll
[Scan path] c:\program files\microsoft office\office12\msodcw.dll
[Scan path] c:\program files\microsoft office\office12\msohevi.dll
[Scan path] c:\program files\microsoft office\office12\olkfstub.dll
[Scan path] c:\program files\microsoft office\office12\onenotem.exe
[Scan path] c:\program files\microsoft office\office12\onfilter.dll
[Scan path] c:\program files\microsoft sql server\80\tools\binn\sqladhlp.exe
[Scan path] c:\program files\nero\nero 7\nero backitup\nbservice.exe
[Scan path] c:\program files\nero\nero 7\nero coverdesigner\coveredextension.dll
[Scan path] c:\program files\outlook express\setup50.exe
[Scan path] c:\program files\outlook express\wabfind.dll
[Scan path] c:\program files\poweriso\pwrisosh.dll
[Scan path] c:\program files\poweriso\pwrisovm.exe
[Scan path] c:\program files\quicktime\qttask.exe
[Scan path] c:\program files\real\realplayer\rpshell.dll
[Scan path] c:\program files\sonic\sonic solutions product cd\recordnow!\shlext.dll
[Scan path] c:\program files\sony\shared plug-ins\media manager\mssql$sony_mediamgr\binn\sqlagent.exe
[Scan path] c:\program files\sony\shared plug-ins\media manager\mssql$sony_mediamgr\binn\sqlservr.exe
[Scan path] c:\program files\superantispyware\sasdifsv.sys
[Scan path] c:\program files\superantispyware\sasenum.sys
[Scan path] c:\program files\superantispyware\saskutil.sys
[Scan path] c:\program files\superantispyware\sasseh.dll
[Scan path] c:\program files\superantispyware\saswinlo.dll
[Scan path] c:\program files\superantispyware\superantispyware.exe
[Scan path] c:\program files\viewpoint\common\viewpointservice.exe
[Scan path] c:\program files\windows media player\wmpnetwk.exe
[Scan path] c:\program files\windows media player\wmpnscfg.exe
[Scan path] c:\program files\winrar\rarext.dll
[Scan path] c:\spyware\drweb-cureit.exe
[Scan path] c:\spyware\rrt.exe
[Scan path] c:\windows\apppatch\acadproc.dll
[Scan path] c:\windows\apppatch\acgenral.dll
[Scan path] c:\windows\ehome\ehrecvr.exe
[Scan path] c:\windows\ehome\ehsched.exe
[Scan path] c:\windows\ehome\mcrdsvc.exe
[Scan path] c:\windows\ehome\rmsvc.exe
[Scan path] c:\windows\ehome\rmsystry.exe
[Scan path] c:\windows\explorer.exe
[Scan path] c:\windows\inf\easycdblock.inf
[Scan path] c:\windows\inf\mcdftreg.inf
[Scan path] c:\windows\inf\msmsgs.inf
[Scan path] c:\windows\inf\msnetmtg.inf
[Scan path] c:\windows\inf\unregmp2.exe
[Scan path] c:\windows\inf\wmp11.inf
[Scan path] c:\windows\inf\wpie4x86.inf
[Scan path] c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe
[Scan path] c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
[Scan path] c:\windows\msagent\agentpsh.dll
[Scan path] c:\windows\pchealth\helpctr\binaries\pchsvc.dll
[Scan path] c:\windows\system32\actxprxy.dll
[Scan path] c:\windows\system32\advapi32.dll
[Scan path] c:\windows\system32\advpack.dll
[Scan path] c:\windows\system32\alg.exe
[Scan path] c:\windows\system32\alrsvc.dll
[Scan path] c:\windows\system32\apphelp.dll
[Scan path] c:\windows\system32\appmgmts.dll
[Scan path] c:\windows\system32\appwiz.cpl
[Scan path] c:\windows\system32\asycfilt.dll
[Scan path] c:\windows\system32\ati2evxx.dll
[Scan path] c:\windows\system32\ati2evxx.exe
[Scan path] c:\windows\system32\atl.dll
[Scan path] c:\windows\system32\audiodev.dll
[Scan path] c:\windows\system32\audiosrv.dll
[Scan path] c:\windows\system32\authz.dll
[Scan path] c:\windows\system32\autochk.exe
[Scan path] c:\windows\system32\basesrv.dll
[Scan path] c:\windows\system32\browselc.dll
[Scan path] c:\windows\system32\browser.dll
[Scan path] c:\windows\system32\browseui.dll
[Scan path] c:\windows\system32\bthprops.cpl
[Scan path] c:\windows\system32\bthserv.dll
[Scan path] c:\windows\system32\cabinet.dll
[Scan path] c:\windows\system32\cabview.dll
[Scan path] c:\windows\system32\certcli.dll
[Scan path] c:\windows\system32\cisvc.exe
[Scan path] c:\windows\system32\clbcatq.dll
[Scan path] c:\windows\system32\cleanmgr.exe
[Scan path] c:\windows\system32\clipsrv.exe
[Scan path] c:\windows\system32\cnbjmon.dll
[Scan path] c:\windows\system32\cnbjmon2.dll
[Scan path] c:\windows\system32\comctl32.dll
[Scan path] c:\windows\system32\comdlg32.dll
[Scan path] c:\windows\system32\comres.dll
[Scan path] c:\windows\system32\credui.dll
[Scan path] c:\windows\system32\crypt32.dll
[Scan path] c:\windows\system32\cryptdll.dll
[Scan path] c:\windows\system32\cryptext.dll
[Scan path] c:\windows\system32\cryptnet.dll
[Scan path] c:\windows\system32\cryptsvc.dll
[Scan path] c:\windows\system32\cryptui.dll
[Scan path] c:\windows\system32\cscdll.dll
[Scan path] c:\windows\system32\cscui.dll
[Scan path] c:\windows\system32\csrsrv.dll
[Scan path] c:\windows\system32\csrss.exe
[Scan path] c:\windows\system32\ctfmon.exe
[Scan path] c:\windows\system32\dataclen.dll
[Scan path] c:\windows\system32\davclnt.dll
[Scan path] c:\windows\system32\dbghelp.dll
[Scan path] c:\windows\system32\deskadp.dll
[Scan path] c:\windows\system32\deskmon.dll
[Scan path] c:\windows\system32\deskperf.dll
[Scan path] c:\windows\system32\dfshim.dll
[Scan path] c:\windows\system32\dfsshlex.dll
[Scan path] c:\windows\system32\dhcpcsvc.dll
[Scan path] c:\windows\system32\diskcopy.dll
[Scan path] c:\windows\system32\dla\tfsnboio.sys
[Scan path] c:\windows\system32\dla\tfsncofs.sys
[Scan path] c:\windows\system32\dla\tfsndrct.sys
[Scan path] c:\windows\system32\dla\tfsndres.sys
[Scan path] c:\windows\system32\dla\tfsnifs.sys
[Scan path] c:\windows\system32\dla\tfsnopio.sys
[Scan path] c:\windows\system32\dla\tfsnpool.sys
[Scan path] c:\windows\system32\dla\tfsnudf.sys
[Scan path] c:\windows\system32\dla\tfsnudfa.sys
[Scan path] c:\windows\system32\dla\tfswshx.dll
[Scan path] c:\windows\system32\dllhost.exe
[Scan path] c:\windows\system32\dmadmin.exe
[Scan path] c:\windows\system32\dmserver.dll
[Scan path] c:\windows\system32\dnsapi.dll
[Scan path] c:\windows\system32\dnsrslvr.dll
[Scan path] c:\windows\system32\docprop.dll
[Scan path] c:\windows\system32\docprop2.dll
[Scan path] c:\windows\system32\drivers\acpi.sys
[Scan path] c:\windows\system32\drivers\aec.sys
[Scan path] c:\windows\system32\drivers\aegisp.sys
[Scan path] c:\windows\system32\drivers\afd.sys
[Scan path] c:\windows\system32\drivers\apfiltr.sys
[Scan path] c:\windows\system32\drivers\appdrv.sys
[Scan path] c:\windows\system32\drivers\arp1394.sys
[Scan path] c:\windows\system32\drivers\asyncmac.sys
[Scan path] c:\windows\system32\drivers\atapi.sys
[Scan path] c:\windows\system32\drivers\ati2mtag.sys
[Scan path] c:\windows\system32\drivers\atmarpc.sys
[Scan path] c:\windows\system32\drivers\audstub.sys
[Scan path] c:\windows\system32\drivers\avgascln.sys
[Scan path] c:\windows\system32\drivers\bantext.sys
[Scan path] c:\windows\system32\drivers\bcm4sbxp.sys
[Scan path] c:\windows\system32\drivers\bthenum.sys
[Scan path] c:\windows\system32\drivers\bthmodem.sys
[Scan path] c:\windows\system32\drivers\bthpan.sys
[Scan path] c:\windows\system32\drivers\bthport.sys
[Scan path] c:\windows\system32\drivers\bthusb.sys
[Scan path] c:\windows\system32\drivers\cdrom.sys
[Scan path] c:\windows\system32\drivers\cmbatt.sys
[Scan path] c:\windows\system32\drivers\compbatt.sys
[Scan path] c:\windows\system32\drivers\disk.sys
[Scan path] c:\windows\system32\drivers\dmboot.sys
[Scan path] c:\windows\system32\drivers\dmio.sys
[Scan path] c:\windows\system32\drivers\dmload.sys
[Scan path] c:\windows\system32\drivers\dmusic.sys
[Scan path] c:\windows\system32\drivers\drmkaud.sys
[Scan path] c:\windows\system32\drivers\drvmcdb.sys
[Scan path] c:\windows\system32\drivers\drvnddm.sys
[Scan path] c:\windows\system32\drivers\dtscsi.sys
[Scan path] c:\windows\system32\drivers\fltmgr.sys
[Scan path] c:\windows\system32\drivers\ftdisk.sys
[Scan path] c:\windows\system32\drivers\gearaspiwdm.sys
[Scan path] c:\windows\system32\drivers\hardlock.sys
[Scan path] c:\windows\system32\drivers\haspnt.sys
[Scan path] c:\windows\system32\drivers\hidusb.sys
[Scan path] c:\windows\system32\drivers\hopperp.sys
[Scan path] c:\windows\system32\drivers\hsf_cnxt.sys
[Scan path] c:\windows\system32\drivers\hsf_dp.sys
[Scan path] c:\windows\system32\drivers\hsfhwich.sys
[Scan path] c:\windows\system32\drivers\http.sys
[Scan path] c:\windows\system32\drivers\i8042prt.sys
[Scan path] c:\windows\system32\drivers\imapi.sys
[Scan path] c:\windows\system32\drivers\intelide.sys
[Scan path] c:\windows\system32\drivers\intelppm.sys
[Scan path] c:\windows\system32\drivers\ipfltdrv.sys
[Scan path] c:\windows\system32\drivers\ipinip.sys
[Scan path] c:\windows\system32\drivers\ipnat.sys
[Scan path] c:\windows\system32\drivers\ipsec.sys
[Scan path] c:\windows\system32\drivers\irenum.sys
[Scan path] c:\windows\system32\drivers\isapnp.sys
[Scan path] c:\windows\system32\drivers\iwca.sys
[Scan path] c:\windows\system32\drivers\kbdclass.sys
[Scan path] c:\windows\system32\drivers\kmixer.sys
[Scan path] c:\windows\system32\drivers\mdmxsdk.sys
[Scan path] c:\windows\system32\drivers\mhndrv.sys
[Scan path] c:\windows\system32\drivers\mouclass.sys
[Scan path] c:\windows\system32\drivers\mouhid.sys
[Scan path] c:\windows\system32\drivers\mrxdav.sys
[Scan path] c:\windows\system32\drivers\mrxsmb.sys
[Scan path] c:\windows\system32\drivers\msgpc.sys
[Scan path] c:\windows\system32\drivers\mskssrv.sys
[Scan path] c:\windows\system32\drivers\mspclock.sys
[Scan path] c:\windows\system32\drivers\mspqm.sys
[Scan path] c:\windows\system32\drivers\mssmbios.sys
[Scan path] c:\windows\system32\drivers\ndistapi.sys
[Scan path] c:\windows\system32\drivers\ndisuio.sys
[Scan path] c:\windows\system32\drivers\ndiswan.sys
[Scan path] c:\windows\system32\drivers\netbios.sys
[Scan path] c:\windows\system32\drivers\netbt.sys
[Scan path] c:\windows\system32\drivers\nic1394.sys
[Scan path] c:\windows\system32\drivers\nwlnkflt.sys
[Scan path] c:\windows\system32\drivers\nwlnkfwd.sys
[Scan path] c:\windows\system32\drivers\ohci1394.sys
[Scan path] c:\windows\system32\drivers\omci.sys
[Scan path] c:\windows\system32\drivers\pci.sys
[Scan path] c:\windows\system32\drivers\pciide.sys
[Scan path] c:\windows\system32\drivers\pcmcia.sys
[Scan path] c:\windows\system32\drivers\pfc.sys
[Scan path] c:\windows\system32\drivers\psched.sys
[Scan path] c:\windows\system32\drivers\ptilink.sys
[Scan path] c:\windows\system32\drivers\pxhelp20.sys
[Scan path] c:\windows\system32\drivers\qwavedrv.sys
[Scan path] c:\windows\system32\drivers\rasacd.sys
[Scan path] c:\windows\system32\drivers\rasl2tp.sys
[Scan path] c:\windows\system32\drivers\raspppoe.sys
[Scan path] c:\windows\system32\drivers\raspptp.sys
[Scan path] c:\windows\system32\drivers\raspti.sys
[Scan path] c:\windows\system32\drivers\rdbss.sys
[Scan path] c:\windows\system32\drivers\rdpcdd.sys
[Scan path] c:\windows\system32\drivers\rdpdr.sys
[Scan path] c:\windows\system32\drivers\rdpwd.sys
[Scan path] c:\windows\system32\drivers\redbook.sys
[Scan path] c:\windows\system32\drivers\rfcomm.sys
[Scan path] c:\windows\system32\drivers\s24trans.sys
[Scan path] c:\windows\system32\drivers\sdbus.sys
[Scan path] c:\windows\system32\drivers\secdrv.sys
[Scan path] c:\windows\system32\drivers\sffdisk.sys
[Scan path] c:\windows\system32\drivers\sffp_sd.sys
[Scan path] c:\windows\system32\drivers\splitter.sys
[Scan path] c:\windows\system32\drivers\sptd.sys
[Scan path] c:\windows\system32\drivers\sr.sys
[Scan path] c:\windows\system32\drivers\srv.sys
[Scan path] c:\windows\system32\drivers\sscdbhk5.sys
[Scan path] c:\windows\system32\drivers\ssrtln.sys
[Scan path] c:\windows\system32\drivers\stac97.sys
[Scan path] c:\windows\system32\drivers\swenum.sys
[Scan path] c:\windows\system32\drivers\swmidi.sys
[Scan path] c:\windows\system32\drivers\sysaudio.sys
[Scan path] c:\windows\system32\drivers\tcpip.sys
[Scan path] c:\windows\system32\drivers\tdpipe.sys
[Scan path] c:\windows\system32\drivers\tdtcp.sys
[Scan path] c:\windows\system32\drivers\termdd.sys
[Scan path] c:\windows\system32\drivers\uks11ldr.sys
[Scan path] c:\windows\system32\drivers\update.sys
[Scan path] c:\windows\system32\drivers\usb8023x.sys
[Scan path] c:\windows\system32\drivers\usbaudio.sys
[Scan path] c:\windows\system32\drivers\usbccgp.sys
[Scan path] c:\windows\system32\drivers\usbehci.sys
[Scan path] c:\windows\system32\drivers\usbhub.sys
[Scan path] c:\windows\system32\drivers\usbkt1x1.sys
[Scan path] c:\windows\system32\drivers\usbprint.sys
[Scan path] c:\windows\system32\drivers\usbscan.sys
[Scan path] c:\windows\system32\drivers\usbstor.sys
[Scan path] c:\windows\system32\drivers\usbuhci.sys
[Scan path] c:\windows\system32\drivers\vga.sys
[Scan path] c:\windows\system32\drivers\w29n51.sys
[Scan path] c:\windows\system32\drivers\wanarp.sys
[Scan path] c:\windows\system32\drivers\wceusbsh.sys
[Scan path] c:\windows\system32\drivers\wdmaud.sys
[Scan path] c:\windows\system32\drivers\wudfpf.sys
[Scan path] c:\windows\system32\drivers\wudfrd.sys
[Scan path] c:\windows\system32\drprov.dll
[Scan path] c:\windows\system32\dskquoui.dll
[Scan path] c:\windows\system32\dsquery.dll
[Scan path] c:\windows\system32\dssec.dll
[Scan path] c:\windows\system32\dsuiext.dll
[Scan path] c:\windows\system32\ersvc.dll
[Scan path] c:\windows\system32\es.dll
[Scan path] c:\windows\system32\esent.dll
[Scan path] c:\windows\system32\eventlog.dll
[Scan path] c:\windows\system32\extmgr.dll
[Scan path] c:\windows\system32\fontext.dll
[Scan path] c:\windows\system32\gdi32.dll
[Scan path] c:\windows\system32\hhctrl.ocx
[Scan path] c:\windows\system32\hnetcfg.dll
[Scan path] c:\windows\system32\hticons.dll
[Scan path] c:\windows\system32\icmui.dll
[Scan path] c:\windows\system32\ie4uinit.exe
[Scan path] c:\windows\system32\ieapfltr.dll
[Scan path] c:\windows\system32\iedkcs32.dll
[Scan path] c:\windows\system32\ieframe.dll
[Scan path] c:\windows\system32\iertutil.dll
[Scan path] c:\windows\system32\ieudinit.exe
[Scan path] c:\windows\system32\ieui.dll
[Scan path] c:\windows\system32\imagehlp.dll
[Scan path] c:\windows\system32\imapi.exe
[Scan path] c:\windows\system32\imgutil.dll
[Scan path] c:\windows\system32\imm32.dll
[Scan path] c:\windows\system32\inetcomm.dll
[Scan path] c:\windows\system32\iphlpapi.dll
[Scan path] c:\windows\system32\ipnathlp.dll
[Scan path] c:\windows\system32\itss.dll
[Scan path] c:\windows\system32\jscript.dll
[Scan path] c:\windows\system32\kerberos.dll
[Scan path] c:\windows\system32\kernel32.dll
[Scan path] c:\windows\system32\lexbces.exe
[Scan path] c:\windows\system32\lexlmpm.dll
[Scan path] c:\windows\system32\linkinfo.dll
[Scan path] c:\windows\system32\lmhsvc.dll
[Scan path] c:\windows\system32\localspl.dll
[Scan path] c:\windows\system32\locator.exe
[Scan path] c:\windows\system32\logonui.exe
[Scan path] c:\windows\system32\lsasrv.dll
[Scan path] c:\windows\system32\lsass.exe
[Scan path] c:\windows\system32\lz32.dll
[Scan path] c:\windows\system32\mfc71enu.dll
[Scan path] c:\windows\system32\mhn.dll
[Scan path] c:\windows\system32\mlang.dll
[Scan path] c:\windows\system32\mmcshext.dll
[Scan path] c:\windows\system32\mmsys.cpl
[Scan path] c:\windows\system32\mnmsrvc.exe
[Scan path] c:\windows\system32\mpr.dll
[Scan path] c:\windows\system32\mprdim.dll
[Scan path] c:\windows\system32\msacm32.dll
[Scan path] c:\windows\system32\msasn1.dll
[Scan path] c:\windows\system32\mscoree.dll
[Scan path] c:\windows\system32\mscories.dll
[Scan path] c:\windows\system32\msctf.dll
[Scan path] c:\windows\system32\msctfime.ime
[Scan path] c:\windows\system32\msdtc.exe
[Scan path] c:\windows\system32\msgina.dll
[Scan path] c:\windows\system32\msgsvc.dll
[Scan path] c:\windows\system32\mshtml.dll
[Scan path] c:\windows\system32\mshtmled.dll
[Scan path] c:\windows\system32\msi.dll
[Scan path] c:\windows\system32\msieftp.dll
[Scan path] c:\windows\system32\msiexec.exe
[Scan path] c:\windows\system32\msimg32.dll
[Scan path] c:\windows\system32\msimtf.dll
[Scan path] c:\windows\system32\msls31.dll
[Scan path] c:\windows\system32\msonpmon.dll
[Scan path] c:\windows\system32\mspmsnsv.dll
[Scan path] c:\windows\system32\msprivs.dll
[Scan path] c:\windows\system32\mstask.dll
[Scan path] c:\windows\system32\msutb.dll
[Scan path] c:\windows\system32\msv1_0.dll
[Scan path] c:\windows\system32\msvbvm60.dll
[Scan path] c:\windows\system32\msvcp60.dll
[Scan path] c:\windows\system32\msvcrt.dll
[Scan path] c:\windows\system32\msvfw32.dll
[Scan path] c:\windows\system32\msvidctl.dll
[Scan path] c:\windows\system32\mswsock.dll
[Scan path] c:\windows\system32\mydocs.dll
[Scan path] c:\windows\system32\ncobjapi.dll
[Scan path] c:\windows\system32\nddeapi.dll
[Scan path] c:\windows\system32\netapi32.dll
[Scan path] c:\windows\system32\netdde.exe
[Scan path] c:\windows\system32\netlogon.dll
[Scan path] c:\windows\system32\netman.dll
[Scan path] c:\windows\system32\netplwiz.dll
[Scan path] c:\windows\system32\netrap.dll
[Scan path] c:\windows\system32\netshell.dll
[Scan path] c:\windows\system32\netui0.dll
[Scan path] c:\windows\system32\netui1.dll
[Scan path] c:\windows\system32\network.dll
[Scan path] c:\windows\system32\normaliz.dll
[Scan path] c:\windows\system32\ntdll.dll
[Scan path] c:\windows\system32\ntdsapi.dll
[Scan path] c:\windows\system32\ntlanman.dll
[Scan path] c:\windows\system32\ntlanui2.dll
[Scan path] c:\windows\system32\ntmarta.dll
[Scan path] c:\windows\system32\ntmssvc.dll
[Scan path] c:\windows\system32\ntsd.exe
[Scan path] c:\windows\system32\ntshrui.dll
[Scan path] c:\windows\system32\occache.dll
[Scan path] c:\windows\system32\odbc32.dll
[Scan path] c:\windows\system32\odbcint.dll
[Scan path] c:\windows\system32\ole32.dll
[Scan path] c:\windows\system32\oleaut32.dll
[Scan path] c:\windows\system32\olecli32.dll
[Scan path] c:\windows\system32\olecnv32.dll
[Scan path] c:\windows\system32\oledlg.dll
[Scan path] c:\windows\system32\olepro32.dll
[Scan path] c:\windows\system32\olesvr32.dll
[Scan path] c:\windows\system32\olethk32.dll
[Scan path] c:\windows\system32\osuninst.dll
[Scan path] c:\windows\system32\photowiz.dll
[Scan path] c:\windows\system32\pjlmon.dll
[Scan path] c:\windows\system32\pngfilt.dll
[Scan path] c:\windows\system32\portabledeviceapi.dll
[Scan path] c:\windows\system32\powrprof.dll
[Scan path] c:\windows\system32\printui.dll
[Scan path] c:\windows\system32\profmap.dll
[Scan path] c:\windows\system32\psapi.dll
[Scan path] c:\windows\system32\qmgr.dll
[Scan path] c:\windows\system32\qwave.dll
[Scan path] c:\windows\system32\rasadhlp.dll
[Scan path] c:\windows\system32\rasapi32.dll
[Scan path] c:\windows\system32\rasauto.dll
[Scan path] c:\windows\system32\rasman.dll
[Scan path] c:\windows\system32\rasmans.dll
[Scan path] c:\windows\system32\regapi.dll
[Scan path] c:\windows\system32\regsvc.dll
[Scan path] c:\windows\system32\regsvr32.exe
[Scan path] c:\windows\system32\remotepg.dll
[Scan path] c:\windows\system32\riched20.dll
[Scan path] c:\windows\system32\riched32.dll
[Scan path] c:\windows\system32\rpcrt4.dll
[Scan path] c:\windows\system32\rpcss.dll
[Scan path] c:\windows\system32\rsaenh.dll
[Scan path] c:\windows\system32\rshx32.dll
[Scan path] c:\windows\system32\rsvp.exe
[Scan path] c:\windows\system32\rsvpsp.dll
[Scan path] c:\windows\system32\rtutils.dll
[Scan path] c:\windows\system32\rundll32.exe
[Scan path] c:\windows\system32\samlib.dll
[Scan path] c:\windows\system32\samsrv.dll
[Scan path] c:\windows\system32\scardsvr.exe
[Scan path] c:\windows\system32\scecli.dll
[Scan path] c:\windows\system32\scesrv.dll
[Scan path] c:\windows\system32\schannel.dll
[Scan path] c:\windows\system32\schedsvc.dll
[Scan path] c:\windows\system32\sclgntfy.dll
[Scan path] c:\windows\system32\seclogon.dll
[Scan path] c:\windows\system32\secur32.dll
[Scan path] c:\windows\system32\sendmail.dll
[Scan path] c:\windows\system32\sens.dll
[Scan path] c:\windows\system32\sensapi.dll
[Scan path] c:\windows\system32\services.exe
[Scan path] c:\windows\system32\sessmgr.exe
[Scan path] c:\windows\system32\setupapi.dll
[Scan path] c:\windows\system32\sfc.dll
[Scan path] c:\windows\system32\sfc_os.dll
[Scan path] c:\windows\system32\shdoclc.dll
[Scan path] c:\windows\system32\shdocvw.dll
[Scan path] c:\windows\system32\shell32.dll
[Scan path] c:\windows\system32\shimeng.dll
[Scan path] c:\windows\system32\shimgvw.dll
[Scan path] c:\windows\system32\shlwapi.dll
[Scan path] c:\windows\system32\shmedia.dll
[Scan path] c:\windows\system32\shmgrate.exe
[Scan path] c:\windows\system32\shscrap.dll
[Scan path] c:\windows\system32\shsvcs.dll
[Scan path] c:\windows\system32\slayerxp.dll
[Scan path] c:\windows\system32\smlogsvc.exe
[Scan path] c:\windows\system32\smss.exe
[Scan path] c:\windows\system32\spoolsv.exe
[Scan path] c:\windows\system32\srclient.dll
[Scan path] c:\windows\system32\srsvc.dll
[Scan path] c:\windows\system32\srvsvc.dll
[Scan path] c:\windows\system32\ssdpsrv.dll
[Scan path] c:\windows\system32\stobject.dll
[Scan path] c:\windows\system32\svchost.exe
[Scan path] c:\windows\system32\sxs.dll
[Scan path] c:\windows\system32\syncui.dll
[Scan path] c:\windows\system32\tapi32.dll
[Scan path] c:\windows\system32\tapisrv.dll
[Scan path] c:\windows\system32\tcpmon.dll
[Scan path] c:\windows\system32\termsrv.dll
[Scan path] c:\windows\system32\themeui.dll
[Scan path] c:\windows\system32\tlntsvr.exe
[Scan path] c:\windows\system32\trkwks.dll
[Scan path] c:\windows\system32\twext.dll
[Scan path] c:\windows\system32\umpnpmgr.dll
[Scan path] c:\windows\system32\upnphost.dll
[Scan path] c:\windows\system32\upnpui.dll
[Scan path] c:\windows\system32\ups.exe
[Scan path] c:\windows\system32\url.dll
[Scan path] c:\windows\system32\urlmon.dll
[Scan path] c:\windows\system32\usbmon.dll
[Scan path] c:\windows\system32\user32.dll
[Scan path] c:\windows\system32\userenv.dll
[Scan path] c:\windows\system32\userinit.exe
[Scan path] c:\windows\system32\uxtheme.dll
[Scan path] c:\windows\system32\version.dll
[Scan path] c:\windows\system32\vssapi.dll
[Scan path] c:\windows\system32\vssvc.exe
[Scan path] c:\windows\system32\vvgeowbv.exe
[Scan path] c:\windows\system32\w32time.dll
[Scan path] c:\windows\system32\w3ssl.dll
[Scan path] c:\windows\system32\wbem\esscli.dll
[Scan path] c:\windows\system32\wbem\fastprox.dll
[Scan path] c:\windows\system32\wbem\framedyn.dll
[Scan path] c:\windows\system32\wbem\ncprov.dll
[Scan path] c:\windows\system32\wbem\repdrvfs.dll
[Scan path] c:\windows\system32\wbem\wbemcomn.dll
[Scan path] c:\windows\system32\wbem\wbemcore.dll
[Scan path] c:\windows\system32\wbem\wbemess.dll
[Scan path] c:\windows\system32\wbem\wbemsvc.dll
[Scan path] c:\windows\system32\wbem\winmgmt.exe
[Scan path] c:\windows\system32\wbem\wmiapsrv.exe
[Scan path] c:\windows\system32\wbem\wmiprvsd.dll
[Scan path] c:\windows\system32\wbem\wmisvc.dll
[Scan path] c:\windows\system32\wbem\wmiutils.dll
[Scan path] c:\windows\system32\wdigest.dll
[Scan path] c:\windows\system32\webcheck.dll
[Scan path] c:\windows\system32\webclnt.dll
[Scan path] c:\windows\system32\wgalogon.dll
[Scan path] c:\windows\system32\wiascr.dll
[Scan path] c:\windows\system32\wiaservc.dll
[Scan path] c:\windows\system32\wiashext.dll
[Scan path] c:\windows\system32\winhttp.dll
[Scan path] c:\windows\system32\wininet.dll
[Scan path] c:\windows\system32\winlogon.exe
[Scan path] c:\windows\system32\winmm.dll
[Scan path] c:\windows\system32\winrnr.dll
[Scan path] c:\windows\system32\winscard.dll
[Scan path] c:\windows\system32\winspool.drv
[Scan path] c:\windows\system32\winsrv.dll
[Scan path] c:\windows\system32\winsta.dll
[Scan path] c:\windows\system32\wintrust.dll
[Scan path] c:\windows\system32\wkssvc.dll
[Scan path] c:\windows\system32\wldap32.dll
[Scan path] c:\windows\system32\wlnotify.dll
[Scan path] c:\windows\system32\wmp.dll
[Scan path] c:\windows\system32\wmploc.dll
[Scan path] c:\windows\system32\wmpshell.dll
[Scan path] c:\windows\system32\wpdshext.dll
[Scan path] c:\windows\system32\wpdshserviceobj.dll
[Scan path] c:\windows\system32\ws2_32.dll
[Scan path] c:\windows\system32\ws2help.dll
[Scan path] c:\windows\system32\wscsvc.dll
[Scan path] c:\windows\system32\wshbth.dll
[Scan path] c:\windows\system32\wshext.dll
[Scan path] c:\windows\system32\wshtcpip.dll
[Scan path] c:\windows\system32\wsock32.dll
[Scan path] c:\windows\system32\wtsapi32.dll
[Scan path] c:\windows\system32\wuaucpl.cpl
[Scan path] c:\windows\system32\wuauserv.dll
[Scan path] c:\windows\system32\wudfsvc.dll
[Scan path] c:\windows\system32\wzcsvc.dll
[Scan path] c:\windows\system32\xmllite.dll
[Scan path] c:\windows\system32\xmlprov.dll
[Scan path] c:\windows\system32\xpsp2res.dll
[Scan path] c:\windows\system32\zipfldr.dll
[Scan path] c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
[Scan path] c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[Scan path] c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
[Scan path] e:\reason30osb.ico
[Scan path] f:\reason30fsb.ico
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 603
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Cured: 0
Deleted: 0
Renamed: 0
Moved: 0
Ignored: 0
Scan speed: 1269 Kb/s
Scan time: 00:02:31
-----------------------------------------------------------------------------

=============================================================================
Total session statistics
=============================================================================
Objects scanned: 603
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Cured: 0
Deleted: 0
Renamed: 0
Moved: 0
Ignored: 0
Scan speed: 1269 Kb/s
Scan time: 00:02:31
=============================================================================

=============================================================================
Dr.Web® Scanner for Windows v4.44.0 (4.44.0.09140)
Copyright © Igor Daniloff, 1992-2007
Log generated on: 2007-11-02, 01:06:55 [AHMAD][Home]
Command-line: "C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX0\setup.exe" /lng /ini:setup_XP.ini
Operating system:Windows XP Professional x86 (Build 2600), Service Pack 2
=============================================================================
DwShield started
Engine version: 4.44 (4.44.0.09170)
Engine API version: 2.02
[Virus database] C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX0\crwtoday.cdb - skipped
[Virus database] C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX0\crw44411.cdb - 1582 virus records
[Virus database] C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX0\crw44410.cdb - 1131 virus records
[Virus database] C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX0\crw44409.cdb - 2303 virus records
[Virus database] C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX0\crw44408.cdb - 3904 virus records
[Virus database] C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX0\crw44407.cdb - 2456 virus records
[Virus database] C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX0\crw44406.cdb - 4411 virus records
[Virus database] C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX0\crw44405.cdb - 1311 virus records
[Virus database] C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX0\crw44404.cdb - 2486 virus records
[Virus database] C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX0\crw44403.cdb - 4462 virus records
[Virus database] C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX0\crw44402.cdb - 94 virus records
[Virus database] C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX0\crw44401.cdb - 557 virus records
[Virus database] C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX0\crw44400.cdb - 945 virus records
[Virus database] C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX0\crwebase.cdb - 209466 virus records
[Virus database] C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX0\cwrtoday.cdb - 146 virus records
[Virus database] C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX0\cwntoday.cdb - skipped
[Virus database] C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX0\cwn44401.cdb - 698 virus records
[Virus database] C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX0\crwrisky.cdb - 2747 virus records
[Virus database] C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX0\crwnasty.cdb - 13534 virus records
Total virus records: 252233
Key file: C:\DOCUME~1\Home\LOCALS~1\Temp\RarSFX0\setup.key
License key number: 0010092936
Registered to: Dr.Web CureIt Project
License key activates on: 2007-02-05
License key expires on: 2010-02-11

[Scan path] c:\documents and settings\all users\start menu\programs\startup\desktop.ini
[Scan path] c:\documents and settings\home\desktop\drweb-cureit.exe
[Scan path] c:\documents and settings\home\local settings\temp\onlinescanner\anti-virus\fsgk.sys
[Scan path] c:\documents and settings\home\local settings\temp\rarsfx0\_start.exe
[Scan path] c:\documents and settings\home\local settings\temp\rarsfx0\dwebllio.dll
[Scan path] c:\documents and settings\home\local settings\temp\rarsfx0\setup.exe
[Scan path] c:\documents and settings\home\start menu\programs\startup\desktop.ini
[Scan path] c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll
[Scan path] c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll
[Scan path] c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
[Scan path] c:\program files\aim6\aim6.exe
[Scan path] c:\program files\aim\aim.exe
[Scan path] c:\program files\alias\maya8.0\bin\base.dll
[Scan path] c:\program files\apoint\apoint.exe
[Scan path] c:\program files\belarc\advisor\system\bavoilax.dll
[Scan path] c:\program files\common files\adobe systems shared\service\adobelmsvc.exe
[Scan path] c:\program files\common files\adobe\calibration\adobe gamma loader.exe
[Scan path] c:\program files\common files\ahead\lib\mfc71.dll
[Scan path] c:\program files\common files\ahead\lib\msvcp71.dll
[Scan path] c:\program files\common files\ahead\lib\msvcr71.dll
[Scan path] c:\program files\common files\ahead\lib\nerocheck.exe
[Scan path] c:\program files\common files\ahead\lib\nerodigitalext.dll
[Scan path] c:\program files\common files\ahead\lib\nmindexingservice.exe
[Scan path] c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe
[Scan path] c:\program files\common files\microsoft shared\help\hxds.dll
[Scan path] c:\program files\common files\microsoft shared\office12\msoshext.dll
[Scan path] c:\program files\common files\microsoft shared\office12\msoxmlmf.dll
[Scan path] c:\program files\common files\microsoft shared\office12\odserv.exe
[Scan path] c:\program files\common files\microsoft shared\source engine\ose.exe
[Scan path] c:\program files\common files\microsoft shared\web folders\msonsext.dll
[Scan path] c:\program files\common files\real\update_ob\realsched.exe
[Scan path] c:\program files\common files\system\ole db\oledb32.dll
[Scan path] c:\program files\cyberlink\shared files\richvideo.exe
[Scan path] c:\program files\dell photo printer 720\dlbcserv.exe
[Scan path] c:\program files\dell\nicconfigsvc\nicconfigsvc.exe
[Scan path] c:\program files\digidesign\pro tools\digisptiservice.exe
[Scan path] c:\program files\google\common\google updater\googleupdaterservice.exe
[Scan path] c:\program files\google\googletoolbar3.dll
[Scan path] c:\program files\google\googletoolbarnotifier\2.0.301.7164\swg.dll
[Scan path] c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe
[Scan path] c:\program files\grisoft\avg anti-spyware 7.5\engine.dll
[Scan path] c:\program files\grisoft\avg anti-spyware 7.5\guard.exe
[Scan path] c:\program files\grisoft\avg anti-spyware 7.5\guard.sys
[Scan path] c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll
[Scan path] c:\program files\grisoft\avg7\avgamsvr.exe
[Scan path] c:\program files\grisoft\avg7\avgcc.exe
[Scan path] c:\program files\grisoft\avg7\avgse.dll
[Scan path] c:\program files\grisoft\avg7\avgupsvc.exe
[Scan path] c:\program files\grisoft\avg7\avgw.exe
[Scan path] c:\program files\intel\wireless\bin\c1xstngs.dll
[Scan path] c:\program files\intel\wireless\bin\evteng.exe
[Scan path] c:\program files\intel\wireless\bin\lgnotify.dll
[Scan path] c:\program files\intel\wireless\bin\libeay32.dll
[Scan path] c:\program files\intel\wireless\bin\lsawrapi.dll
[Scan path] c:\program files\intel\wireless\bin\murocapi.dll
[Scan path] c:\program files\intel\wireless\bin\pfmgrapi.dll
[Scan path] c:\program files\intel\wireless\bin\psregapi.dll
[Scan path] c:\program files\intel\wireless\bin\regsrvc.exe
[Scan path] c:\program files\intel\wireless\bin\s24evmon.exe
[Scan path] c:\program files\intel\wireless\bin\s24mudll.dll
[Scan path] c:\program files\intel\wireless\bin\traceapi.dll
[Scan path] c:\program files\intel\wireless\bin\wlkeeper.exe
[Scan path] c:\program files\intel\wireless\bin\zcfgsvc.exe
[Scan path] c:\program files\ipod\bin\ipodservice.exe
[Scan path] c:\program files\itunes\ituneshelper.exe
[Scan path] c:\program files\itunes\itunesminiplayer.dll
[Scan path] c:\program files\java\jre1.6.0_03\bin\jusched.exe
[Scan path] c:\program files\messenger\msmsgs.exe
[Scan path] c:\program files\microsoft activesync\wcescomm.exe
[Scan path] c:\program files\microsoft activesync\wcesview.dll
[Scan path] c:\program files\microsoft office\office12\grooveauditservice.exe
[Scan path] c:\program files\microsoft office\office12\groovemonitor.exe
[Scan path] c:\program files\microsoft office\office12\groovesystemservices.dll
[Scan path] c:\program files\microsoft office\office12\mlshext.dll
[Scan path] c:\program files\microsoft office\office12\msohevi.dll
[Scan path] c:\program files\microsoft office\office12\olkfstub.dll
[Scan path] c:\program files\microsoft office\office12\onenotem.exe
[Scan path] c:\program files\microsoft office\office12\onfilter.dll
[Scan path] c:\program files\microsoft sql server\80\tools\binn\sqladhlp.exe
[Scan path] c:\program files\nero\nero 7\nero backitup\nbservice.exe
[Scan path] c:\program files\nero\nero 7\nero coverdesigner\coveredextension.dll
[Scan path] c:\program files\outlook express\setup50.exe
[Scan path] c:\program files\outlook express\wabfind.dll
[Scan path] c:\program files\poweriso\pwrisosh.dll
[Scan path] c:\program files\poweriso\pwrisovm.exe
[Scan path] c:\program files\quicktime\qttask.exe
[Scan path] c:\program files\real\realplayer\rpshell.dll
[Scan path] c:\program files\sonic\sonic solutions product cd\recordnow!\shlext.dll
[Scan path] c:\program files\sony\shared plug-ins\media manager\mssql$sony_mediamgr\binn\sqlagent.exe
[Scan path] c:\program files\sony\shared plug-ins\media manager\mssql$sony_mediamgr\binn\sqlservr.exe
[Scan path] c:\program files\superantispyware\sasdifsv.sys
[Scan path] c:\program files\superantispyware\sasenum.sys
[Scan path] c:\program files\superantispyware\saskutil.sys
[Scan path] c:\program files\superantispyware\sasseh.dll
[Scan path] c:\program files\superantispyware\saswinlo.dll
[Scan path] c:\program files\superantispyware\superantispyware.exe
[Scan path] c:\program files\windows media player\wmpnetwk.exe
[Scan path] c:\program files\windows media player\wmpnscfg.exe
[Scan path] c:\program files\winrar\rarext.dll
[Scan path] c:\program files\zone labs\zonealarm\zlclient.exe
[Scan path] c:\spyware\rrt.exe
[Scan path] c:\windows\apppatch\acadproc.dll
[Scan path] c:\windows\apppatch\acgenral.dll
[Scan path] c:\windows\ehome\ehrecvr.exe
[Scan path] c:\windows\ehome\ehsched.exe
[Scan path] c:\windows\ehome\mcrdsvc.exe
[Scan path] c:\windows\ehome\rmsvc.exe
[Scan path] c:\windows\ehome\rmsystry.exe
[Scan path] c:\windows\explorer.exe
[Scan path] c:\windows\inf\easycdblock.inf
[Scan path] c:\windows\inf\mcdftreg.inf
[Scan path] c:\windows\inf\msmsgs.inf
[Scan path] c:\windows\inf\msnetmtg.inf
[Scan path] c:\windows\inf\unregmp2.exe
[Scan path] c:\windows\inf\wmp11.inf
[Scan path] c:\windows\inf\wpie4x86.inf
[Scan path] c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe
[Scan path] c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
[Scan path] c:\windows\msagent\agentpsh.dll
[Scan path] c:\windows\pchealth\helpctr\binaries\pchsvc.dll
[Scan path] c:\windows\system32\advapi32.dll
[Scan path] c:\windows\system32\advpack.dll
[Scan path] c:\windows\system32\alg.exe
[Scan path] c:\windows\system32\alrsvc.dll
[Scan path] c:\windows\system32\apphelp.dll
[Scan path] c:\windows\system32\appmgmts.dll
[Scan path] c:\windows\system32\appwiz.cpl
[Scan path] c:\windows\system32\ati2evxx.dll
[Scan path] c:\windows\system32\ati2evxx.exe
[Scan path] c:\windows\system32\atl.dll
[Scan path] c:\windows\system32\audiodev.dll
[Scan path] c:\windows\system32\audiosrv.dll
[Scan path] c:\windows\system32\authz.dll
[Scan path] c:\windows\system32\autochk.exe
[Scan path] c:\windows\system32\basesrv.dll
[Scan path] c:\windows\system32\browselc.dll
[Scan path] c:\windows\system32\browser.dll
[Scan path] c:\windows\system32\browseui.dll
[Scan path] c:\windows\system32\bthprops.cpl
[Scan path] c:\windows\system32\bthserv.dll
[Scan path] c:\windows\system32\cabview.dll
[Scan path] c:\windows\system32\certcli.dll
[Scan path] c:\windows\system32\cisvc.exe
[Scan path] c:\windows\system32\clbcatq.dll
[Scan path] c:\windows\system32\clipsrv.exe
[Scan path] c:\windows\system32\cnbjmon.dll
[Scan path] c:\windows\system32\cnbjmon2.dll
[Scan path] c:\windows\system32\comctl32.dll
[Scan path] c:\windows\system32\comdlg32.dll
[Scan path] c:\windows\system32\comres.dll
[Scan path] c:\windows\system32\credui.dll
[Scan path] c:\windows\system32\crypt32.dll
[Scan path] c:\windows\system32\cryptdll.dll
[Scan path] c:\windows\system32\cryptext.dll
[Scan path] c:\windows\system32\cryptnet.dll
[Scan path] c:\windows\system32\cryptsvc.dll
[Scan path] c:\windows\system32\cryptui.dll
[Scan path] c:\windows\system32\cscdll.dll
[Scan path] c:\windows\system32\cscui.dll
[Scan path] c:\windows\system32\csrsrv.dll
[Scan path] c:\windows\system32\csrss.exe
[Scan path] c:\windows\system32\ctfmon.exe
[Scan path] c:\windows\system32\davclnt.dll
[Scan path] c:\windows\system32\deskadp.dll
[Scan path] c:\windows\system32\deskmon.dll
[Scan path] c:\windows\system32\deskperf.dll
[Scan path] c:\windows\system32\dfshim.dll
[Scan path] c:\windows\system32\dfsshlex.dll
[Scan path] c:\windows\system32\dhcpcsvc.dll
[Scan path] c:\windows\system32\diskcopy.dll
[Scan path] c:\windows\system32\dla\tfsnboio.sys
[Scan path] c:\windows\system32\dla\tfsncofs.sys
[Scan path] c:\windows\system32\dla\tfsndrct.sys
[Scan path] c:\windows\system32\dla\tfsndres.sys
[Scan path] c:\windows\system32\dla\tfsnifs.sys
[Scan path] c:\windows\system32\dla\tfsnopio.sys
[Scan path] c:\windows\system32\dla\tfsnpool.sys
[Scan path] c:\windows\system32\dla\tfsnudf.sys
[Scan path] c:\windows\system32\dla\tfsnudfa.sys
[Scan path] c:\windows\system32\dla\tfswshx.dll
[Scan path] c:\windows\system32\dllhost.exe
[Scan path] c:\windows\system32\dmadmin.exe
[Scan path] c:\windows\system32\dmserver.dll
[Scan path] c:\windows\system32\dnsapi.dll
[Scan path] c:\windows\system32\dnsrslvr.dll
[Scan path] c:\windows\system32\docprop.dll
[Scan path] c:\windows\system32\docprop2.dll
[Scan path] c:\windows\system32\drivers\acpi.sys
[Scan path] c:\windows\system32\drivers\aec.sys
[Scan path] c:\windows\system32\drivers\aegisp.sys
[Scan path] c:\windows\system32\drivers\afd.sys
[Scan path] c:\windows\system32\drivers\apfiltr.sys
[Scan path] c:\windows\system32\drivers\appdrv.sys
[Scan path] c:\windows\system32\drivers\arp1394.sys
[Scan path] c:\windows\system32\drivers\asyncmac.sys
[Scan path] c:\windows\system32\drivers\atapi.sys
[Scan path] c:\windows\system32\drivers\ati2mtag.sys
[Scan path] c:\windows\system32\drivers\atmarpc.sys
[Scan path] c:\windows\system32\drivers\audstub.sys
[Scan path] c:\windows\system32\drivers\avg7core.sys
[Scan path] c:\windows\system32\drivers\avg7rsw.sys
[Scan path] c:\windows\system32\drivers\avg7rsxp.sys
[Scan path] c:\windows\system32\drivers\avgascln.sys
[Scan path] c:\windows\system32\drivers\avgclean.sys
[Scan path] c:\windows\system32\drivers\bantext.sys
[Scan path] c:\windows\system32\drivers\bcm4sbxp.sys
[Scan path] c:\windows\system32\drivers\bthenum.sys
[Scan path] c:\windows\system32\drivers\bthmodem.sys
[Scan path] c:\windows\system32\drivers\bthpan.sys
[Scan path] c:\windows\system32\drivers\bthport.sys
[Scan path] c:\windows\system32\drivers\bthusb.sys
[Scan path] c:\windows\system32\drivers\cdrom.sys
[Scan path] c:\windows\system32\drivers\cmbatt.sys
[Scan path] c:\windows\system32\drivers\compbatt.sys
[Scan path] c:\windows\system32\drivers\disk.sys
[Scan path] c:\windows\system32\drivers\dmboot.sys
[Scan path] c:\windows\system32\drivers\dmio.sys
[Scan path] c:\windows\system32\drivers\dmload.sys
[Scan path] c:\windows\system32\drivers\dmusic.sys
[Scan path] c:\windows\system32\drivers\drmkaud.sys
[Scan path] c:\windows\system32\drivers\drvmcdb.sys
[Scan path] c:\windows\system32\drivers\drvnddm.sys
[Scan path] c:\windows\system32\drivers\dtscsi.sys
[Scan path] c:\windows\system32\drivers\fltmgr.sys
[Scan path] c:\windows\system32\drivers\ftdisk.sys
[Scan path] c:\windows\system32\drivers\gearaspiwdm.sys
[Scan path] c:\windows\system32\drivers\hardlock.sys
[Scan path] c:\windows\system32\drivers\haspnt.sys
[Scan path] c:\windows\system32\drivers\hidusb.sys
[Scan path] c:\windows\system32\drivers\hopperp.sys
[Scan path] c:\windows\system32\drivers\hsf_cnxt.sys
[Scan path] c:\windows\system32\drivers\hsf_dp.sys
[Scan path] c:\windows\system32\drivers\hsfhwich.sys
[Scan path] c:\windows\system32\drivers\http.sys
[Scan path] c:\windows\system32\drivers\i8042prt.sys
[Scan path] c:\windows\system32\drivers\imapi.sys
[Scan path] c:\windows\system32\drivers\intelide.sys
[Scan path] c:\windows\system32\drivers\intelppm.sys
[Scan path] c:\windows\system32\drivers\ipfltdrv.sys
[Scan path] c:\windows\system32\drivers\ipinip.sys
[Scan path] c:\windows\system32\drivers\ipnat.sys
[Scan path] c:\windows\system32\drivers\ipsec.sys
[Scan path] c:\windows\system32\drivers\irenum.sys
[Scan path] c:\windows\system32\drivers\isapnp.sys
[Scan path] c:\windows\system32\drivers\iwca.sys
[Scan path] c:\windows\system32\drivers\kbdclass.sys
[Scan path] c:\windows\system32\drivers\kmixer.sys
[Scan path] c:\windows\system32\drivers\mdmxsdk.sys
[Scan path] c:\windows\system32\drivers\mhndrv.sys
[Scan path] c:\windows\system32\drivers\mouclass.sys
[Scan path] c:\windows\system32\drivers\mouhid.sys
[Scan path] c:\windows\system32\drivers\mrxdav.sys
[Scan path] c:\windows\system32\drivers\mrxsmb.sys
[Scan path] c:\windows\system32\drivers\msgpc.sys
[Scan path] c:\windows\system32\drivers\mskssrv.sys
[Scan path] c:\windows\system32\drivers\mspclock.sys
[Scan path] c:\windows\system32\drivers\mspqm.sys
[Scan path] c:\windows\system32\drivers\mssmbios.sys
[Scan path] c:\windows\system32\drivers\ndistapi.sys
[Scan path] c:\windows\system32\drivers\ndisuio.sys
[Scan path] c:\windows\system32\drivers\ndiswan.sys
[Scan path] c:\windows\system32\drivers\netbios.sys
[Scan path] c:\windows\system32\drivers\netbt.sys
[Scan path] c:\windows\system32\drivers\nic1394.sys
[Scan path] c:\windows\system32\drivers\nwlnkflt.sys
[Scan path] c:\windows\system32\drivers\nwlnkfwd.sys
[Scan path] c:\windows\system32\drivers\ohci1394.sys
[Scan path] c:\windows\system32\drivers\omci.sys
[Scan path] c:\windows\system32\drivers\pci.sys
[Scan path] c:\windows\system32\drivers\pciide.sys
[Scan path] c:\windows\system32\drivers\pcmcia.sys
[Scan path] c:\windows\system32\drivers\pfc.sys
[Scan path] c:\windows\system32\drivers\psched.sys
[Scan path] c:\windows\system32\drivers\ptilink.sys
[Scan path] c:\windows\system32\drivers\pxhelp20.sys
[Scan path] c:\windows\system32\drivers\qwavedrv.sys
[Scan path] c:\windows\system32\drivers\rasacd.sys
[Scan path] c:\windows\system32\drivers\rasl2tp.sys
[Scan path] c:\windows\system32\drivers\raspppoe.sys
[Scan path] c:\windows\system32\drivers\raspptp.sys
[Scan path] c:\windows\system32\drivers\raspti.sys
[Scan path] c:\windows\system32\drivers\rdbss.sys
[Scan path] c:\windows\system32\drivers\rdpcdd.sys
[Scan path] c:\windows\system32\drivers\rdpdr.sys
[Scan path] c:\windows\system32\drivers\rdpwd.sys
[Scan path] c:\windows\system32\drivers\redbook.sys
[Scan path] c:\windows\system32\drivers\rfcomm.sys
[Scan path] c:\windows\system32\drivers\s24trans.sys
[Scan path] c:\windows\system32\drivers\sdbus.sys
[Scan path] c:\windows\system32\drivers\secdrv.sys
[Scan path] c:\windows\system32\drivers\sffdisk.sys
[Scan path] c:\windows\system32\drivers\sffp_sd.sys
[Scan path] c:\windows\system32\drivers\splitter.sys
[Scan path] c:\windows\system32\drivers\sptd.sys
[Scan path] c:\windows\system32\drivers\sr.sys
[Scan path] c:\windows\system32\drivers\srv.sys
[Scan path] c:\windows\system32\drivers\sscdbhk5.sys
[Scan path] c:\windows\system32\drivers\ssrtln.sys
[Scan path] c:\windows\system32\drivers\stac97.sys
[Scan path] c:\windows\system32\drivers\swenum.sys
[Scan path] c:\windows\system32\drivers\swmidi.sys
[Scan path] c:\windows\system32\drivers\sysaudio.sys
[Scan path] c:\windows\system32\drivers\tcpip.sys
[Scan path] c:\windows\system32\drivers\tdpipe.sys
[Scan path] c:\windows\system32\drivers\tdtcp.sys
[Scan path] c:\windows\system32\drivers\termdd.sys
[Scan path] c:\windows\system32\drivers\uks11ldr.sys
[Scan path] c:\windows\system32\drivers\update.sys
[Scan path] c:\windows\system32\drivers\usb8023x.sys
[Scan path] c:\windows\system32\drivers\usbaudio.sys
[Scan path] c:\windows\system32\drivers\usbccgp.sys
[Scan path] c:\windows\system32\drivers\usbehci.sys
[Scan path] c:\windows\system32\drivers\usbhub.sys
[Scan path] c:\windows\system32\drivers\usbkt1x1.sys
[Scan path] c:\windows\system32\drivers\usbprint.sys
[Scan path] c:\windows\system32\drivers\usbscan.sys
[Scan path] c:\windows\system32\drivers\usbstor.sys
[Scan path] c:\windows\system32\drivers\usbuhci.sys
[Scan path] c:\windows\system32\drivers\vga.sys
[Scan path] c:\windows\system32\drivers\w29n51.sys
[Scan path] c:\windows\system32\drivers\wanarp.sys
[Scan path] c:\windows\system32\drivers\wceusbsh.sys
[Scan path] c:\windows\system32\drivers\wdmaud.sys
[Scan path] c:\windows\system32\drivers\wudfpf.sys
[Scan path] c:\windows\system32\drivers\wudfrd.sys
[Scan path] c:\windows\system32\drprov.dll
[Scan path] c:\windows\system32\dskquoui.dll
[Scan path] c:\windows\system32\dsquery.dll
[Scan path] c:\windows\system32\dssec.dll
[Scan path] c:\windows\system32\dssenh.dll
[Scan path] c:\windows\system32\dsuiext.dll
[Scan path] c:\windows\system32\ersvc.dll
[Scan path] c:\windows\system32\es.dll
[Scan path] c:\windows\system32\esent.dll
[Scan path] c:\windows\system32\eventlog.dll
[Scan path] c:\windows\system32\extmgr.dll
[Scan path] c:\windows\system32\fontext.dll
[Scan path] c:\windows\system32\gdi32.dll
[Scan path] c:\windows\system32\hhctrl.ocx
[Scan path] c:\windows\system32\hnetcfg.dll
[Scan path] c:\windows\system32\hticons.dll
[Scan path] c:\windows\system32\icmui.dll
[Scan path] c:\windows\system32\ie4uinit.exe
[Scan path] c:\windows\system32\iedkcs32.dll
[Scan path] c:\windows\system32\ieframe.dll
[Scan path] c:\windows\system32\iertutil.dll
[Scan path] c:\windows\system32\ieudinit.exe
[Scan path] c:\windows\system32\imagehlp.dll
[Scan path] c:\windows\system32\imapi.exe
[Scan path] c:\windows\system32\imm32.dll
[Scan path] c:\windows\system32\inetcomm.dll
[Scan path] c:\windows\system32\iphlpapi.dll
[Scan path] c:\windows\system32\ipnathlp.dll
[Scan path] c:\windows\system32\itss.dll
[Scan path] c:\windows\system32\kerberos.dll
[Scan path] c:\windows\system32\kernel32.dll
[Scan path] c:\windows\system32\lexbces.exe
[Scan path] c:\windows\system32\lexlmpm.dll
[Scan path] c:\windows\system32\linkinfo.dll
[Scan path] c:\windows\system32\lmhsvc.dll
[Scan path] c:\windows\system32\localspl.dll
[Scan path] c:\windows\system32\locator.exe
[Scan path] c:\windows\system32\logonui.exe
[Scan path] c:\windows\system32\lsasrv.dll
[Scan path] c:\windows\system32\lsass.exe
[Scan path] c:\windows\system32\lz32.dll
[Scan path] c:\windows\system32\mfc71enu.dll
[Scan path] c:\windows\system32\mhn.dll
[Scan path] c:\windows\system32\mlang.dll
[Scan path] c:\windows\system32\mmcshext.dll
[Scan path] c:\windows\system32\mmsys.cpl
[Scan path] c:\windows\system32\mnmsrvc.exe
[Scan path] c:\windows\system32\mpr.dll
[Scan path] c:\windows\system32\mprdim.dll
[Scan path] c:\windows\system32\msacm32.dll
[Scan path] c:\windows\system32\msasn1.dll
[Scan path] c:\windows\system32\mscoree.dll
[Scan path] c:\windows\system32\mscories.dll
[Scan path] c:\windows\system32\msctf.dll
[Scan path] c:\windows\system32\msctfime.ime
[Scan path] c:\windows\system32\msdtc.exe
[Scan path] c:\windows\system32\msgina.dll
[Scan path] c:\windows\system32\msgsvc.dll
[Scan path] c:\windows\system32\mshtml.dll
[Scan path] c:\windows\system32\msi.dll
[Scan path] c:\windows\system32\msieftp.dll
[Scan path] c:\windows\system32\msiexec.exe
[Scan path] c:\windows\system32\msimg32.dll
[Scan path] c:\windows\system32\msonpmon.dll
[Scan path] c:\windows\system32\mspmsnsv.dll
[Scan path] c:\windows\system32\msprivs.dll
[Scan path] c:\windows\system32\mstask.dll
[Scan path] c:\windows\system32\msutb.dll
[Scan path] c:\windows\system32\msv1_0.dll
[Scan path] c:\windows\system32\msvcp60.dll
[Scan path] c:\windows\system32\msvcrt.dll
[Scan path] c:\windows\system32\msvidctl.dll
[Scan path] c:\windows\system32\mswsock.dll
[Scan path] c:\windows\system32\mydocs.dll
[Scan path] c:\windows\system32\ncobjapi.dll
[Scan path] c:\windows\system32\nddeapi.dll
[Scan path] c:\windows\system32\netapi32.dll
[Scan path] c:\windows\system32\netdde.exe
[Scan path] c:\windows\system32\netlogon.dll
[Scan path] c:\windows\system32\netman.dll
[Scan path] c:\windows\system32\netplwiz.dll
[Scan path] c:\windows\system32\netrap.dll
[Scan path] c:\windows\system32\netshell.dll
[Scan path] c:\windows\system32\netui0.dll
[Scan path] c:\windows\system32\netui1.dll
[Scan path] c:\windows\system32\network.dll
[Scan path] c:\windows\system32\normaliz.dll
[Scan path] c:\windows\system32\notepad.exe
[Scan path] c:\windows\system32\ntdll.dll
[Scan path] c:\windows\system32\ntdsapi.dll
[Scan path] c:\windows\system32\ntlanman.dll
[Scan path] c:\windows\system32\ntlanui2.dll
[Scan path] c:\windows\system32\ntmarta.dll
[Scan path] c:\windows\system32\ntmssvc.dll
[Scan path] c:\windows\system32\ntsd.exe
[Scan path] c:\windows\system32\ntshrui.dll
[Scan path] c:\windows\system32\occache.dll
[Scan path] c:\windows\system32\odbc32.dll
[Scan path] c:\windows\system32\odbcint.dll
[Scan path] c:\windows\system32\ole32.dll
[Scan path] c:\windows\system32\oleaut32.dll
[Scan path] c:\windows\system32\olecli32.dll
[Scan path] c:\windows\system32\olecnv32.dll
[Scan path] c:\windows\system32\oledlg.dll
[Scan path] c:\windows\system32\olepro32.dll
[Scan path] c:\windows\system32\olesvr32.dll
[Scan path] c:\windows\system32\olethk32.dll
[Scan path] c:\windows\system32\photowiz.dll
[Scan path] c:\windows\system32\pjlmon.dll
[Scan path] c:\windows\system32\portabledeviceapi.dll
[Scan path] c:\windows\system32\powrprof.dll
[Scan path] c:\windows\system32\printui.dll
[Scan path] c:\windows\system32\profmap.dll
[Scan path] c:\windows\system32\psapi.dll
[Scan path] c:\windows\system32\qmgr.dll
[Scan path] c:\windows\system32\qwave.dll
[Scan path] c:\windows\system32\rasadhlp.dll
[Scan path] c:\windows\system32\rasauto.dll
[Scan path] c:\windows\system32\rasmans.dll
[Scan path] c:\windows\system32\regapi.dll
[Scan path] c:\windows\system32\regsvc.dll
[Scan path] c:\windows\system32\regsvr32.exe
[Scan path] c:\windows\system32\remotepg.dll
[Scan path] c:\windows\system32\riched20.dll
[Scan path] c:\windows\system32\riched32.dll
[Scan path] c:\windows\system32\rpcrt4.dll
[Scan path] c:\windows\system32\rpcss.dll
[Scan path] c:\windows\system32\rsaenh.dll
[Scan path] c:\windows\system32\rshx32.dll
[Scan path] c:\windows\system32\rsvp.exe
[Scan path] c:\windows\system32\rsvpsp.dll
[Scan path] c:\windows\system32\rtutils.dll
[Scan path] c:\windows\system32\rundll32.exe
[Scan path] c:\windows\system32\samlib.dll
[Scan path] c:\windows\system32\samsrv.dll
[Scan path] c:\windows\system32\scardsvr.exe
[Scan path] c:\windows\system32\scecli.dll
[Scan path] c:\windows\system32\scesrv.dll
[Scan path] c:\windows\system32\schannel.dll
[Scan path] c:\windows\system32\schedsvc.dll
[Scan path] c:\windows\system32\sclgntfy.dll
[Scan path] c:\windows\system32\seclogon.dll
[Scan path] c:\windows\system32\secur32.dll
[Scan path] c:\windows\system32\sendmail.dll
[Scan path] c:\windows\system32\sens.dll
[Scan path] c:\windows\system32\sensapi.dll
[Scan path] c:\windows\system32\services.exe
[Scan path] c:\windows\system32\sessmgr.exe
[Scan path] c:\windows\system32\setupapi.dll
[Scan path] c:\windows\system32\sfc.dll
[Scan path] c:\windows\system32\sfc_os.dll
[Scan path] c:\windows\system32\shdocvw.dll
[Scan path] c:\windows\system32\shell32.dll
[Scan path] c:\windows\system32\shfolder.dll
[Scan path] c:\windows\system32\shimeng.dll
[Scan path] c:\windows\system32\shimgvw.dll
[Scan path] c:\windows\system32\shlwapi.dll
[Scan path] c:\windows\system32\shmedia.dll
[Scan path] c:\windows\system32\shmgrate.exe
[Scan path] c:\windows\system32\shscrap.dll
[Scan path] c:\windows\system32\shsvcs.dll
[Scan path] c:\windows\system32\slayerxp.dll
[Scan path] c:\windows\system32\smlogsvc.exe
[Scan path] c:\windows\system32\smss.exe
[Scan path] c:\windows\system32\spoolsv.exe
[Scan path] c:\windows\system32\srsvc.dll
[Scan path] c:\windows\system32\srvsvc.dll
[Scan path] c:\windows\system32\ssdpsrv.dll
[Scan path] c:\windows\system32\stobject.dll
[Scan path] c:\windows\system32\svchost.exe
[Scan path] c:\windows\system32\sxs.dll
[Scan path] c:\windows\system32\syncui.dll
[Scan path] c:\windows\system32\tapisrv.dll
[Scan path] c:\windows\system32\tcpmon.dll
[Scan path] c:\windows\system32\termsrv.dll
[Scan path] c:\windows\system32\themeui.dll
[Scan path] c:\windows\system32\tlntsvr.exe
[Scan path] c:\windows\system32\trkwks.dll
[Scan path] c:\windows\system32\twext.dll
[Scan path] c:\windows\system32\umpnpmgr.dll
[Scan path] c:\windows\system32\upnphost.dll
[Scan path] c:\windows\system32\upnpui.dll
[Scan path] c:\windows\system32\ups.exe
[Scan path] c:\windows\system32\url.dll
[Scan path] c:\windows\system32\urlmon.dll
[Scan path] c:\windows\system32\usbmon.dll
[Scan path] c:\windows\system32\user32.dll
[Scan path] c:\windows\system32\userenv.dll
[Scan path] c:\windows\system32\userinit.exe
[Scan path] c:\windows\system32\uxtheme.dll
[Scan path] c:\windows\system32\version.dll
[Scan path] c:\windows\system32\vsdatant.sys
[Scan path] c:\windows\system32\vssapi.dll
[Scan path] c:\windows\system32\vssvc.exe
[Scan path] c:\windows\system32\w32time.dll
[Scan path] c:\windows\system32\w3ssl.dll
[Scan path] c:\windows\system32\wbem\esscli.dll
[Scan path] c:\windows\system32\wbem\fastprox.dll
[Scan path] c:\windows\system32\wbem\ncprov.dll
[Scan path] c:\windows\system32\wbem\repdrvfs.dll
[Scan path] c:\windows\system32\wbem\wbemcomn.dll
[Scan path] c:\windows\system32\wbem\wbemcore.dll
[Scan path] c:\windows\system32\wbem\wbemess.dll
[Scan path] c:\windows\system32\wbem\wbemsvc.dll
[Scan path] c:\windows\system32\wbem\winmgmt.exe
[Scan path] c:\windows\system32\wbem\wmiapsrv.exe
[Scan path] c:\windows\system32\wbem\wmiprvsd.dll
[Scan path] c:\windows\system32\wbem\wmisvc.dll
[Scan path] c:\windows\system32\wbem\wmiutils.dll
[Scan path] c:\windows\system32\wdigest.dll
[Scan path] c:\windows\system32\webcheck.dll
[Scan path] c:\windows\system32\webclnt.dll
[Scan path] c:\windows\system32\wgalogon.dll
[Scan path] c:\windows\system32\wiascr.dll
[Scan path] c:\windows\system32\wiaservc.dll
[Scan path] c:\windows\system32\wiashext.dll
[Scan path] c:\windows\system32\winhttp.dll
[Scan path] c:\windows\system32\wininet.dll
[Scan path] c:\windows\system32\winlogon.exe
[Scan path] c:\windows\system32\winmm.dll
[Scan path] c:\windows\system32\winrnr.dll
[Scan path] c:\windows\system32\winscard.dll
[Scan path] c:\windows\system32\winspool.drv
[Scan path] c:\windows\system32\winsrv.dll
[Scan path] c:\windows\system32\winsta.dll
[Scan path] c:\windows\system32\wintrust.dll
[Scan path] c:\windows\system32\wkssvc.dll
[Scan path] c:\windows\system32\wldap32.dll
[Scan path] c:\windows\system32\wlnotify.dll
[Scan path] c:\windows\system32\wmpshell.dll
[Scan path] c:\windows\system32\wpdshext.dll
[Scan path] c:\windows\system32\wpdshserviceobj.dll
[Scan path] c:\windows\system32\ws2_32.dll
[Scan path] c:\windows\system32\ws2help.dll
[Scan path] c:\windows\system32\wscsvc.dll
[Scan path] c:\windows\system32\wshbth.dll
[Scan path] c:\windows\system32\wshext.dll
[Scan path] c:\windows\system32\wshtcpip.dll
[Scan path] c:\windows\system32\wsock32.dll
[Scan path] c:\windows\system32\wtsapi32.dll
[Scan path] c:\windows\system32\wuaucpl.cpl
[Scan path] c:\windows\system32\wuauserv.dll
[Scan path] c:\windows\system32\wudfsvc.dll
[Scan path] c:\windows\system32\wzcsvc.dll
[Scan path] c:\windows\system32\xmlprov.dll
[Scan path] c:\windows\system32\xpsp2res.dll
[Scan path] c:\windows\system32\zipfldr.dll
[Scan path] c:\windows\system32\zonelabs\srescan.sys
[Scan path] c:\windows\system32\zonelabs\vsmon.exe
[Scan path] c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
[Scan path] c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[Scan path] e:\reason30osb.ico
[Scan path] f:\reason30fsb.ico
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 586
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Cured: 0
Deleted: 0
Renamed: 0
Moved: 0
Ignored: 0
Scan speed: 1902 Kb/s
Scan time: 00:01:23
-----------------------------------------------------------------------------

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 0
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Cured: 0
Deleted: 0
Renamed: 0
Moved: 0
Ignored: 0
Scan speed: 0 Kb/s
Scan time: 00:00:00
-----------------------------------------------------------------------------

Scanning interrupted by user! - no viruses found
[Scan path] C:\WINDOWS\system32
[Scan path] C:\DOCUME~1\Home\LOCALS~1\Temp
[Scan path] C:\Documents and Settings\Home\My Documents
[Scan path] C:\WINDOWS\temp
[Scan path] C:\adv1.err
[Scan path] C:\ASLog.txt
[Scan path] C:\AUTOEXEC.BAT
[Scan path] C:\boot.ini
[Scan path] C:\ComboFix.txt
[Scan path] C:\CONFIG.SYS
[Scan path] C:\INSTALL.LOG
[Scan path] C:\IO.SYS
[Scan path] C:\IPH.PH
[Scan path] C:\MSDOS.SYS
[Scan path] C:\NTDETECT.COM
[Scan path] C:\ntldr
[Scan path] C:\rapport.txt
[Scan path] C:\StubInstaller.exe
[Scan path] C:\VundoFix.txt
[Scan path] C:\xinstall.log
[Scan path] c:\documents and settings\all users\start menu\programs\startup\desktop.ini
[Scan path] c:\documents and settings\home\desktop\drweb-cureit.exe
[Scan path] c:\documents and settings\home\local settings\temp\onlinescanner\anti-virus\fsgk.sys
[Scan path] c:\documents and settings\home\local settings\temp\rarsfx0\_start.exe
[Scan path] c:\documents and settings\home\local settings\temp\rarsfx0\dwebllio.dll
[Scan path] c:\documents and settings\home\local settings\temp\rarsfx0\setup.exe
[Scan path] c:\documents and settings\home\start menu\programs\startup\desktop.ini
[Scan path] c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll
[Scan path] c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll
[Scan path] c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
[Scan path] c:\program files\aim6\aim6.exe
[Scan path] c:\program files\aim\aim.exe
[Scan path] c:\program files\alias\maya8.0\bin\base.dll
[Scan path] c:\program files\apoint\apoint.exe
[Scan path] c:\program files\belarc\advisor\system\bavoilax.dll
[Scan path] c:\program files\common files\adobe systems shared\service\adobelmsvc.exe
[Scan path] c:\program files\common files\adobe\calibration\adobe gamma loader.exe
[Scan path] c:\program files\common files\ahead\lib\mfc71.dll
[Scan path] c:\program files\common files\ahead\lib\msvcp71.dll
[Scan path] c:\program files\common files\ahead\lib\msvcr71.dll
[Scan path] c:\program files\common files\ahead\lib\nerocheck.exe
[Scan path] c:\program files\common files\ahead\lib\nerodigitalext.dll
[Scan path] c:\program files\common files\ahead\lib\nmindexingservice.exe
[Scan path] c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe
[Scan path] c:\program files\common files\microsoft shared\help\hxds.dll
[Scan path] c:\program files\common files\microsoft shared\office12\msoshext.dll
[Scan path] c:\program files\common files\microsoft shared\office12\msoxmlmf.dll
[Scan path] c:\program files\common files\microsoft shared\office12\odserv.exe
[Scan path] c:\program files\common files\microsoft shared\source engine\ose.exe
[Scan path] c:\program files\common files\microsoft shared\web folders\msonsext.dll
[Scan path] c:\program files\common files\real\update_ob\realsched.exe
[Scan path] c:\program files\common files\system\ole db\oledb32.dll
[Scan path] c:\program files\cyberlink\shared files\richvideo.exe
[Scan path] c:\program files\dell photo printer 720\dlbcserv.exe
[Scan path] c:\program files\dell\nicconfigsvc\nicconfigsvc.exe
[Scan path] c:\program files\digidesign\pro tools\digisptiservice.exe
[Scan path] c:\program files\google\common\google updater\googleupdaterservice.exe
[Scan path] c:\program files\google\googletoolbar3.dll
[Scan path] c:\program files\google\googletoolbarnotifier\2.0.301.7164\swg.dll
[Scan path] c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe
[Scan path] c:\program files\grisoft\avg anti-spyware 7.5\engine.dll
[Scan path] c:\program files\grisoft\avg anti-spyware 7.5\guard.exe
[Scan path] c:\program files\grisoft\avg anti-spyware 7.5\guard.sys
[Scan path] c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll
[Scan path] c:\program files\grisoft\avg7\avgamsvr.exe
[Scan path] c:\program files\grisoft\avg7\avgcc.exe
[Scan path] c:\program files\grisoft\avg7\avgse.dll
[Scan path] c:\program files\grisoft\avg7\avgupsvc.exe
[Scan path] c:\program files\grisoft\avg7\avgw.exe
[Scan path] c:\program files\intel\wireless\bin\c1xstngs.dll
[Scan path] c:\program files\intel\wireless\bin\evteng.exe
[Scan path] c:\program files\intel\wireless\bin\lgnotify.dll
[Scan path] c:\program files\intel\wireless\bin\libeay32.dll
[Scan path] c:\program files\intel\wireless\bin\lsawrapi.dll
[Scan path] c:\program files\intel\wireless\bin\murocapi.dll
[Scan path] c:\program files\intel\wireless\bin\pfmgrapi.dll
[Scan path] c:\program files\intel\wireless\bin\psregapi.dll
[Scan path] c:\program files\intel\wireless\bin\regsrvc.exe
[Scan path] c:\program files\intel\wireless\bin\s24evmon.exe
[Scan path] c:\program files\intel\wireless\bin\s24mudll.dll
[Scan path] c:\program files\intel\wireless\bin\traceapi.dll
[Scan path] c:\program files\intel\wireless\bin\wlkeeper.exe
[Scan path] c:\program files\intel\wireless\bin\zcfgsvc.exe
[Scan path] c:\program files\ipod\bin\ipodservice.exe
[Scan path] c:\program files\itunes\ituneshelper.exe
[Scan path] c:\program files\itunes\itunesminiplayer.dll
[Scan path] c:\program files\java\jre1.6.0_03\bin\jusched.exe
[Scan path] c:\program files\messenger\msmsgs.exe
[Scan path] c:\program files\microsoft activesync\wcescomm.exe
[Scan path] c:\program files\microsoft activesync\wcesview.dll
[Scan path] c:\program files\microsoft office\office12\grooveauditservice.exe
[Scan path] c:\program files\microsoft office\office12\groovemonitor.exe
[Scan path] c:\program files\microsoft office\office12\groovesystemservices.dll
[Scan path] c:\program files\microsoft office\office12\mlshext.dll
[Scan path] c:\program files\microsoft office\office12\msohevi.dll
[Scan path] c:\program files\microsoft office\office12\olkfstub.dll
[Scan path] c:\program files\microsoft office\office12\onenotem.exe
[Scan path] c:\program files\microsoft office\office12\onfilter.dll
[Scan path] c:\program files\microsoft sql server\80\tools\binn\sqladhlp.exe
[Scan path] c:\program files\nero\nero 7\nero backitup\nbservice.exe
[Scan path] c:\program files\nero\nero 7\nero coverdesigner\coveredextension.dll
[Scan path] c:\program files\outlook express\setup50.exe
[Scan path] c:\program files\outlook express\wabfind.dll
[Scan path] c:\program files\poweriso\pwrisosh.dll
[Scan path] c:\program files\poweriso\pwrisovm.exe
[Scan path] c:\program files\quicktime\qttask.exe
[Scan path] c:\program files\real\realplayer\rpshell.dll
[Scan path] c:\program files\sonic\sonic solutions product cd\recordnow!\shlext.dll
[Scan path] c:\program files\sony\shared plug-ins\media manager\mssql$sony_mediamgr\binn\sqlagent.exe
[Scan path] c:\program files\sony\shared plug-ins\media manager\mssql$sony_mediamgr\binn\sqlservr.exe
[Scan path] c:\program files\superantispyware\sasdifsv.sys
[Scan path] c:\program files\superantispyware\sasenum.sys
[Scan path] c:\program files\superantispyware\saskutil.sys
[Scan path] c:\program files\superantispyware\sasseh.dll
[Scan path] c:\program files\superantispyware\saswinlo.dll
[Scan path] c:\program files\superantispyware\superantispyware.exe
[Scan path] c:\program files\windows media player\wmpnetwk.exe
[Scan path] c:\program files\windows media player\wmpnscfg.exe
[Scan path] c:\program files\winrar\rarext.dll
[Scan path] c:\program files\zone labs\zonealarm\zlclient.exe
[Scan path] c:\spyware\rrt.exe
[Scan path] c:\windows\apppatch\acadproc.dll
[Scan path] c:\windows\apppatch\acgenral.dll
[Scan path] c:\windows\ehome\ehrecvr.exe
[Scan path] c:\windows\ehome\ehsched.exe
[Scan path] c:\windows\ehome\mcrdsvc.exe
[Scan path] c:\windows\ehome\rmsvc.exe
[Scan path] c:\windows\ehome\rmsystry.exe
[Scan path] c:\windows\explorer.exe
[Scan path] c:\windows\inf\easycdblock.inf
[Scan path] c:\windows\inf\mcdftreg.inf
[Scan path] c:\windows\inf\msmsgs.inf
[Scan path] c:\windows\inf\msnetmtg.inf
[Scan path] c:\windows\inf\unregmp2.exe
[Scan path] c:\windows\inf\wmp11.inf
[Scan path] c:\windows\inf\wpie4x86.inf
[Scan path] c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe
[Scan path] c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
[Scan path] c:\windows\msagent\agentpsh.dll
[Scan path] c:\windows\pchealth\helpctr\binaries\pchsvc.dll
[Scan path] c:\windows\system32\advapi32.dll
[Scan path] c:\windows\system32\advpack.dll
[Scan path] c:\windows\system32\alg.exe
[Scan path] c:\windows\system32\alrsvc.dll
[Scan path] c:\windows\system32\apphelp.dll
[Scan path] c:\windows\system32\appmgmts.dll
[Scan path] c:\windows\system32\appwiz.cpl
[Scan path] c:\windows\system32\ati2evxx.dll
[Scan path] c:\windows\system32\ati2evxx.exe
[Scan path] c:\windows\system32\atl.dll
[Scan path] c:\windows\system32\audiodev.dll
[Scan path] c:\windows\system32\audiosrv.dll
[Scan path] c:\windows\system32\authz.dll
[Scan path] c:\windows\system32\autochk.exe
[Scan path] c:\windows\system32\basesrv.dll
[Scan path] c:\windows\system32\browselc.dll
[Scan path] c:\windows\system32\browser.dll
[Scan path] c:\windows\system32\browseui.dll
[Scan path] c:\windows\system32\bthprops.cpl
[Scan path] c:\windows\system32\bthserv.dll
[Scan path] c:\windows\system32\cabview.dll
[Scan path] c:\windows\system32\certcli.dll
[Scan path] c:\windows\system32\cisvc.exe
[Scan path] c:\windows\system32\clbcatq.dll
[Scan path] c:\windows\system32\clipsrv.exe
[Scan path] c:\windows\system32\cnbjmon.dll
[Scan path] c:\windows\system32\cnbjmon2.dll
[Scan path] c:\windows\system32\comctl32.dll
[Scan path] c:\windows\system32\comdlg32.dll
[Scan path] c:\windows\system32\comres.dll
[Scan path] c:\windows\system32\credui.dll
[Scan path] c:\windows\system32\crypt32.dll
[Scan path] c:\windows\system32\cryptdll.dll
[Scan path] c:\windows\system32\cryptext.dll
[Scan path] c:\windows\system32\cryptnet.dll
[Scan path] c:\windows\system32\cryptsvc.dll
[Scan path] c:\windows\system32\cryptui.dll
[Scan path] c:\windows\system32\cscdll.dll
[Scan path] c:\windows\system32\cscui.dll
[Scan path] c:\windows\system32\csrsrv.dll
[Scan path] c:\windows\system32\csrss.exe
[Scan path] c:\windows\system32\ctfmon.exe
[Scan path] c:\windows\system32\davclnt.dll
[Scan path] c:\windows\system32\deskadp.dll
[Scan path] c:\windows\system32\deskmon.dll
[Scan path] c:\windows\system32\deskperf.dll
[Scan path] c:\windows\system32\dfshim.dll
[Scan path] c:\windows\system32\dfsshlex.dll
[Scan path] c:\windows\system32\dhcpcsvc.dll
[Scan path] c:\windows\system32\diskcopy.dll
[Scan path] c:\windows\system32\dla\tfsnboio.sys
[Scan path] c:\windows\system32\dla\tfsncofs.sys
[Scan path] c:\windows\system32\dla\tfsndrct.sys
[Scan path] c:\windows\system32\dla\tfsndres.sys
[Scan path] c:\windows\system32\dla\tfsnifs.sys
[Scan path] c:\windows\system32\dla\tfsnopio.sys
[Scan path] c:\windows\system32\dla\tfsnpool.sys
[Scan path] c:\windows\system32\dla\tfsnudf.sys
[Scan path] c:\windows\system32\dla\tfsnudfa.sys
[Scan path] c:\windows\system32\dla\tfswshx.dll
[Scan path] c:\windows\system32\dllhost.exe
[Scan path] c:\windows\system32\dmadmin.exe
[Scan path] c:\windows\system32\dmserver.dll
[Scan path] c:\windows\system32\dnsapi.dll
[Scan path] c:\windows\system32\dnsrslvr.dll
[Scan path] c:\windows\system32\docprop.dll
[Scan path] c:\windows\system32\docprop2.dll
[Scan path] c:\windows\system32\drivers\acpi.sys
[Scan path] c:\windows\system32\drivers\aec.sys
[Scan path] c:\windows\system32\drivers\aegisp.sys
[Scan path] c:\windows\system32\drivers\afd.sys
[Scan path] c:\windows\system32\drivers\apfiltr.sys
[Scan path] c:\windows\system32\drivers\appdrv.sys
[Scan path] c:\windows\system32\drivers\arp1394.sys
[Scan path] c:\windows\system32\drivers\asyncmac.sys
[Scan path] c:\windows\system32\drivers\atapi.sys
[Scan path] c:\windows\system32\drivers\ati2mtag.sys
[Scan path] c:\windows\system32\drivers\atmarpc.sys
[Scan path] c:\windows\system32\drivers\audstub.sys
[Scan path] c:\windows\system32\drivers\avg7core.sys
[Scan path] c:\windows\system32\drivers\avg7rsw.sys
[Scan path] c:\windows\system32\drivers\avg7rsxp.sys
[Scan path] c:\windows\system32\drivers\avgascln.sys
[Scan path] c:\windows\system32\drivers\avgclean.sys
[Scan path] c:\windows\system32\drivers\bantext.sys
[Scan path] c:\windows\system32\drivers\bcm4sbxp.sys
[Scan path] c:\windows\system32\drivers\bthenum.sys
[Scan path] c:\windows\system32\drivers\bthmodem.sys
[Scan path] c:\windows\system32\drivers\bthpan.sys
[Scan path] c:\windows\system32\drivers\bthport.sys
[Scan path] c:\windows\system32\drivers\bthusb.sys
[Scan path] c:\windows\system32\drivers\cdrom.sys
[Scan path] c:\windows\system32\drivers\cmbatt.sys
[Scan path] c:\windows\system32\drivers\compbatt.sys
[Scan path] c:\windows\system32\drivers\disk.sys
[Scan path] c:\windows\system32\drivers\dmboot.sys
[Scan path] c:\windows\system32\drivers\dmio.sys
[Scan path] c:\windows\system32\drivers\dmload.sys
[Scan path] c:\windows\system32\drivers\dmusic.sys
[Scan path] c:\windows\system32\drivers\drmkaud.sys
[Scan path] c:\windows\system32\drivers\drvmcdb.sys
[Scan path] c:\windows\system32\drivers\drvnddm.sys
[Scan path] c:\windows\system32\drivers\dtscsi.sys
[Scan path] c:\windows\system32\drivers\fltmgr.sys
[Scan path] c:\windows\system32\drivers\ftdisk.sys
[Scan path] c:\windows\system32\drivers\gearaspiwdm.sys
[Scan path] c:\windows\system32\drivers\hardlock.sys
[Scan path] c:\windows\system32\drivers\haspnt.sys
[Scan path] c:\windows\system32\drivers\hidusb.sys
[Scan path] c:\windows\system32\drivers\hopperp.sys
[Scan path] c:\windows\system32\drivers\hsf_cnxt.sys
[Scan path] c:\windows\system32\drivers\hsf_dp.sys
[Scan path] c:\windows\system32\drivers\hsfhwich.sys
[Scan path] c:\windows\system32\drivers\http.sys
[Scan path] c:\windows\system32\drivers\i8042prt.sys
[Scan path] c:\windows\system32\drivers\imapi.sys
[Scan path] c:\windows\system32\drivers\intelide.sys
[Scan path] c:\windows\system32\drivers\intelppm.sys
[Scan path] c:\windows\system32\drivers\ipfltdrv.sys
[Scan path] c:\windows\system32\drivers\ipinip.sys
[Scan path] c:\windows\system32\drivers\ipnat.sys
[Scan path] c:\windows\system32\drivers\ipsec.sys
[Scan path] c:\windows\system32\drivers\irenum.sys
[Scan path] c:\windows\system32\drivers\isapnp.sys
[Scan path] c:\windows\system32\drivers\iwca.sys
[Scan path] c:\windows\system32\drivers\kbdclass.sys
[Scan path] c:\windows\system32\drivers\kmixer.sys
[Scan path] c:\windows\system32\drivers\mdmxsdk.sys
[Scan path] c:\windows\system32\drivers\mhndrv.sys
[Scan path] c:\windows\system32\drivers\mouclass.sys
[Scan path] c:\windows\system32\drivers\mouhid.sys
[Scan path] c:\windows\system32\drivers\mrxdav.sys
[Scan path] c:\windows\system32\drivers\mrxsmb.sys
[Scan path] c:\windows\system32\drivers\msgpc.sys
[Scan path] c:\windows\system32\drivers\mskssrv.sys
[Scan path] c:\windows\system32\drivers\mspclock.sys
[Scan path] c:\windows\system32\drivers\mspqm.sys
[Scan path] c:\windows\system32\drivers\mssmbios.sys
[Scan path] c:\windows\system32\drivers\ndistapi.sys
[Scan path] c:\windows\system32\drivers\ndisuio.sys
[Scan path] c:\windows\system32\drivers\ndiswan.sys
[Scan path] c:\windows\system32\drivers\netbios.sys
[Scan path] c:\windows\system32\drivers\netbt.sys
[Scan path] c:\windows\system32\drivers\nic1394.sys
[Scan path] c:\windows\system32\drivers\nwlnkflt.sys
[Scan path] c:\windows\system32\drivers\nwlnkfwd.sys
[Scan path] c:\windows\system32\drivers\ohci1394.sys
[Scan path] c:\windows\system32\drivers\omci.sys
[Scan path] c:\windows\system32\drivers\pci.sys
[Scan path] c:\windows\system32\drivers\pciide.sys
[Scan path] c:\windows\system32\drivers\pcmcia.sys
[Scan path] c:\windows\system32\drivers\pfc.sys
[Scan path] c:\windows\system32\drivers\psched.sys
[Scan path] c:\windows\system32\drivers\ptilink.sys
[Scan path] c:\windows\system32\drivers\pxhelp20.sys
[Scan path] c:\windows\system32\drivers\qwavedrv.sys
[Scan path] c:\windows\system32\drivers\rasacd.sys
[Scan path] c:\windows\system32\drivers\rasl2tp.sys
[Scan path] c:\windows\system32\drivers\raspppoe.sys
[Scan path] c:\windows\system32\drivers\raspptp.sys
[Scan path] c:\windows\system32\drivers\raspti.sys
[Scan path] c:\windows\system32\drivers\rdbss.sys
[Scan path] c:\windows\system32\drivers\rdpcdd.sys
[Scan path] c:\windows\system32\drivers\rdpdr.sys
[Scan path] c:\windows\system32\drivers\rdpwd.sys
[Scan path] c:\windows\system32\drivers\redbook.sys
[Scan path] c:\windows\system32\drivers\rfcomm.sys
[Scan path] c:\windows\system32\drivers\s24trans.sys
[Scan path] c:\windows\system32\drivers\sdbus.sys
[Scan path] c:\windows\system32\drivers\secdrv.sys
[Scan path] c:\windows\system32\drivers\sffdisk.sys
[Scan path] c:\windows\system32\drivers\sffp_sd.sys
[Scan path] c:\windows\system32\drivers\splitter.sys
[Scan path] c:\windows\system32\drivers\sptd.sys
[Scan path] c:\windows\system32\drivers\sr.sys
[Scan path] c:\windows\system32\drivers\srv.sys
[Scan path] c:\windows\system32\drivers\sscdbhk5.sys
[Scan path] c:\windows\system32\drivers\ssrtln.sys
[Scan path] c:\windows\system32\drivers\stac97.sys
[Scan path] c:\windows\system32\drivers\swenum.sys
[Scan path] c:\windows\system32\drivers\swmidi.sys
[Scan path] c:\windows\system32\drivers\sysaudio.sys
[Scan path] c:\windows\system32\drivers\tcpip.sys
[Scan path] c:\windows\system32\drivers\tdpipe.sys
[Scan path] c:\windows\system32\drivers\tdtcp.sys
[Scan path] c:\windows\system32\drivers\termdd.sys
[Scan path] c:\windows\system32\drivers\uks11ldr.sys
[Scan path] c:\windows\system32\drivers\update.sys
[Scan path] c:\windows\system32\drivers\usb8023x.sys
[Scan path] c:\windows\system32\drivers\usbaudio.sys
[Scan path] c:\windows\system32\drivers\usbccgp.sys
[Scan path] c:\windows\system32\drivers\usbehci.sys
[Scan path] c:\windows\system32\drivers\usbhub.sys
[Scan path] c:\windows\system32\drivers\usbkt1x1.sys
[Scan path] c:\windows\system32\drivers\usbprint.sys
[Scan path] c:\windows\system32\drivers\usbscan.sys
[Scan path] c:\windows\system32\drivers\usbstor.sys
[Scan path] c:\windows\system32\drivers\usbuhci.sys
[Scan path] c:\windows\system32\drivers\vga.sys
[Scan path] c:\windows\system32\drivers\w29n51.sys
[Scan path] c:\windows\system32\drivers\wanarp.sys
[Scan path] c:\windows\system32\drivers\wceusbsh.sys
[Scan path] c:\windows\system32\drivers\wdmaud.sys
[Scan path] c:\windows\system32\drivers\wudfpf.sys
[Scan path] c:\windows\system32\drivers\wudfrd.sys
[Scan path] c:\windows\system32\drprov.dll
[Scan path] c:\windows\system32\dskquoui.dll
[Scan path] c:\windows\system32\dsquery.dll
[Scan path] c:\windows\system32\dssec.dll
[Scan path] c:\windows\system32\dssenh.dll
[Scan path] c:\windows\system32\dsuiext.dll
[Scan path] c:\windows\system32\ersvc.dll
[Scan path] c:\windows\system32\es.dll
[Scan path] c:\windows\system32\esent.dll
[Scan path] c:\windows\system32\eventlog.dll
[Scan path] c:\windows\system32\extmgr.dll
[Scan path] c:\windows\system32\fontext.dll
[Scan path] c:\windows\system32\gdi32.dll
[Scan path] c:\windows\system32\hhctrl.ocx
[Scan path] c:\windows\system32\hnetcfg.dll
[Scan path] c:\windows\system32\hticons.dll
[Scan path] c:\windows\system32\icmui.dll
[Scan path] c:\windows\system32\ie4uinit.exe
[Scan path] c:\windows\system32\iedkcs32.dll
[Scan path] c:\windows\system32\ieframe.dll
[Scan path] c:\windows\system32\iertutil.dll
[Scan path] c:\windows\system32\ieudinit.exe
[Scan path] c:\windows\system32\imagehlp.dll
[Scan path] c:\windows\system32\imapi.exe
[Scan path] c:\windows\system32\imm32.dll
[Scan path] c:\windows\system32\inetcomm.dll
[Scan path] c:\windows\system32\iphlpapi.dll
[Scan path] c:\windows\system32\ipnathlp.dll
[Scan path] c:\windows\system32\itss.dll
[Scan path] c:\windows\system32\kerberos.dll
[Scan path] c:\windows\system32\kernel32.dll
[Scan path] c:\windows\system32\lexbces.exe
[Scan path] c:\windows\system32\lexlmpm.dll
[Scan path] c:\windows\system32\linkinfo.dll
[Scan path] c:\windows\system32\lmhsvc.dll
[Scan path] c:\windows\system32\localspl.dll
[Scan path] c:\windows\system32\locator.exe
[Scan path] c:\windows\system32\logonui.exe
[Scan path] c:\windows\system32\lsasrv.dll
[Scan path] c:\windows\system32\lsass.exe
[Scan path] c:\windows\system32\lz32.dll
[Scan path] c:\windows\system32\mfc71enu.dll
[Scan path] c:\windows\system32\mhn.dll
[Scan path] c:\windows\system32\mlang.dll
[Scan path] c:\windows\system32\mmcshext.dll
[Scan path] c:\windows\system32\mmsys.cpl
[Scan path] c:\windows\system32\mnmsrvc.exe
[Scan path] c:\windows\system32\mpr.dll
[Scan path] c:\windows\system32\mprdim.dll
[Scan path] c:\windows\system32\msacm32.dll
[Scan path] c:\windows\system32\msasn1.dll
[Scan path] c:\windows\system32\mscoree.dll
[Scan path] c:\windows\system32\mscories.dll
[Scan path] c:\windows\system32\msctf.dll
[Scan path] c:\windows\system32\msctfime.ime
[Scan path] c:\windows\system32\msdtc.exe
[Scan path] c:\windows\system32\msgina.dll
[Scan path] c:\windows\system32\msgsvc.dll
[Scan path] c:\windows\system32\mshtml.dll
[Scan path] c:\windows\system32\msi.dll
[Scan path] c:\windows\system32\msieftp.dll
[Scan path] c:\windows\system32\msiexec.exe
[Scan path] c:\windows\system32\msimg32.dll
[Scan path] c:\windows\system32\msonpmon.dll
[Scan path] c:\windows\system32\mspmsnsv.dll
[Scan path] c:\windows\system32\msprivs.dll
[Scan path] c:\windows\system32\mstask.dll
[Scan path] c:\windows\system32\msutb.dll
[Scan path] c:\windows\system32\msv1_0.dll
[Scan path] c:\windows\system32\msvcp60.dll
[Scan path] c:\windows\system32\msvcrt.dll
[Scan path] c:\windows\system32\msvidctl.dll
[Scan path] c:\windows\system32\mswsock.dll
[Scan path] c:\windows\system32\mydocs.dll
[Scan path] c:\windows\system32\ncobjapi.dll
[Scan path] c:\windows\system32\nddeapi.dll
[Scan path] c:\windows\system32\netapi32.dll
[Scan path] c:\windows\system32\netdde.exe
[Scan path] c:\windows\system32\netlogon.dll
[Scan path] c:\windows\system32\netman.dll
[Scan path] c:\windows\system32\netplwiz.dll
[Scan path] c:\windows\system32\netrap.dll
[Scan path] c:\windows\system32\netshell.dll
[Scan path] c:\windows\system32\netui0.dll
[Scan path] c:\windows\system32\netui1.dll
[Scan path] c:\windows\system32\network.dll
[Scan path] c:\windows\system32\normaliz.dll
[Scan path] c:\windows\system32\notepad.exe
[Scan path] c:\windows\system32\ntdll.dll
[Scan path] c:\windows\system32\ntdsapi.dll
[Scan path] c:\windows\system32\ntlanman.dll
[Scan path] c:\windows\system32\ntlanui2.dll
[Scan path] c:\windows\system32\ntmarta.dll
[Scan path] c:\windows\system32\ntmssvc.dll
[Scan path] c:\windows\system32\ntsd.exe
[Scan path] c:\windows\system32\ntshrui.dll
[Scan path] c:\windows\system32\occache.dll
[Scan path] c:\windows\system32\odbc32.dll
[Scan path] c:\windows\system32\odbcint.dll
[Scan path] c:\windows\system32\ole32.dll
[Scan path] c:\windows\system32\oleaut32.dll
[Scan path] c:\windows\system32\olecli32.dll
[Scan path] c:\windows\system32\olecnv32.dll
[Scan path] c:\windows\system32\oledlg.dll
[Scan path] c:\windows\system32\olepro32.dll
[Scan path] c:\windows\system32\olesvr32.dll
[Scan path] c:\windows\system32\olethk32.dll
[Scan path] c:\windows\system32\photowiz.dll
[Scan path] c:\windows\system32\pjlmon.dll
[Scan path] c:\windows\system32\portabledeviceapi.dll
[Scan path] c:\windows\system32\powrprof.dll
[Scan path] c:\windows\system32\printui.dll
[Scan path] c:\windows\system32\profmap.dll
[Scan path] c:\windows\system32\psapi.dll
[Scan path] c:\windows\system32\qmgr.dll
[Scan path] c:\windows\system32\qwave.dll
[Scan path] c:\windows\system32\rasadhlp.dll
[Scan path] c:\windows\system32\rasauto.dll
[Scan path] c:\windows\system32\rasmans.dll
[Scan path] c:\windows\system32\regapi.dll
[Scan path] c:\windows\system32\regsvc.dll
[Scan path] c:\windows\system32\regsvr32.exe
[Scan path] c:\windows\system32\remotepg.dll
[Scan path] c:\windows\system32\riched20.dll
[Scan path] c:\windows\system32\riched32.dll
[Scan path] c:\windows\system32\rpcrt4.dll
[Scan path] c:\windows\system32\rpcss.dll
[Scan path] c:\windows\system32\rsaenh.dll
[Scan path] c:\windows\system32\rshx32.dll
[Scan path] c:\windows\system32\rsvp.exe
[Scan path] c:\windows\system32\rsvpsp.dll
[Scan path] c:\windows\system32\rtutils.dll
[Scan path] c:\windows\system32\rundll32.exe
[Scan path] c:\windows\system32\samlib.dll
[Scan path] c:\windows\system32\samsrv.dll
[Scan path] c:\windows\system32\scardsvr.exe
[Scan path] c:\windows\system32\scecli.dll
[Scan path] c:\windows\system32\scesrv.dll
[Scan path] c:\windows\system32\schannel.dll
[Scan path] c:\windows\system32\schedsvc.dll
[Scan path] c:\windows\system32\sclgntfy.dll
[Scan path] c:\windows\system32\seclogon.dll
[Scan path] c:\windows\system32\secur32.dll
[Scan path] c:\windows\system32\sendmail.dll
[Scan path] c:\windows\system32\sens.dll
[Scan path] c:\windows\system32\sensapi.dll
[Scan path] c:\windows\system32\services.exe
[Scan path] c:\windows\system32\sessmgr.exe
[Scan path] c:\windows\system32\setupapi.dll
[Scan path] c:\windows\system32\sfc.dll
[Scan path] c:\windows\system32\sfc_os.dll
[Scan path] c:\windows\system32\shdocvw.dll
[Scan path] c:\windows\system32\shell32.dll
[Scan path] c:\windows\system32\shfolder.dll
[Scan path] c:\windows\system32\shimeng.dll
[Scan path] c:\windows\system32\shimgvw.dll
[Scan path] c:\windows\system32\shlwapi.dll
[Scan path] c:\windows\system32\shmedia.dll
[Scan path] c:\windows\system32\shmgrate.exe
[Scan path] c:\windows\system32\shscrap.dll
[Scan path] c:\windows\system32\shsvcs.dll
[Scan path] c:\windows\system32\slayerxp.dll
[Scan path] c:\windows\system32\smlogsvc.exe
[Scan path] c:\windows\system32\smss.exe
[Scan path] c:\windows\system32\spoolsv.exe
[Scan path] c:\windows\system32\srsvc.dll
[Scan path] c:\windows\system32\srvsvc.dll
[Scan path] c:\windows\system32\ssdpsrv.dll
[Scan path] c:\windows\system32\stobject.dll
[Scan path] c:\windows\system32\svchost.exe
[Scan path] c:\windows\system32\sxs.dll
[Scan path] c:\windows\system32\syncui.dll
[Scan path] c:\windows\system32\tapisrv.dll
[Scan path] c:\windows\system32\tcpmon.dll
[Scan path] c:\windows\system32\termsrv.dll
[Scan path] c:\windows\system32\themeui.dll
[Scan path] c:\windows\system32\tlntsvr.exe
[Scan path] c:\windows\system32\trkwks.dll
[Scan path] c:\windows\system32\twext.dll
[Scan path] c:\windows\system32\umpnpmgr.dll
[Scan path] c:\windows\system32\upnphost.dll
[Scan path] c:\windows\system32\upnpui.dll
[Scan path] c:\windows\system32\ups.exe
[Scan path] c:\windows\system32\url.dll
[Scan path] c:\windows\system32\urlmon.dll
[Scan path] c:\windows\system32\usbmon.dll
[Scan path] c:\windows\system32\user32.dll
[Scan path] c:\windows\system32\userenv.dll
[Scan path] c:\windows\system32\userinit.exe
[Scan path] c:\windows\system32\uxtheme.dll
[Scan path] c:\windows\system32\version.dll
[Scan path] c:\windows\system32\vsdatant.sys
[Scan path] c:\windows\system32\vssapi.dll
[Scan path] c:\windows\system32\vssvc.exe
[Scan path] c:\windows\system32\w32time.dll
[Scan path] c:\windows\system32\w3ssl.dll
[Scan path] c:\windows\system32\wbem\esscli.dll
[Scan path] c:\windows\system32\wbem\fastprox.dll
[Scan path] c:\windows\system32\wbem\ncprov.dll
[Scan path] c:\windows\system32\wbem\repdrvfs.dll
[Scan path] c:\windows\system32\wbem\wbemcomn.dll
[Scan path] c:\windows\system32\wbem\wbemcore.dll
[Scan path] c:\windows\system32\wbem\wbemess.dll
[Scan path] c:\windows\system32\wbem\wbemsvc.dll
[Scan path] c:\windows\system32\wbem\winmgmt.exe
[Scan path] c:\windows\system32\wbem\wmiapsrv.exe
[Scan path] c:\windows\system32\wbem\wmiprvsd.dll
[Scan path] c:\windows\system32\wbem\wmisvc.dll
[Scan path] c:\windows\system32\wbem\wmiutils.dll
[Scan path] c:\windows\system32\wdigest.dll
[Scan path] c:\windows\system32\webcheck.dll
[Scan path] c:\windows\system32\webclnt.dll
[Scan path] c:\windows\system32\wgalogon.dll
[Scan path] c:\windows\system32\wiascr.dll
[Scan path] c:\windows\system32\wiaservc.dll
[Scan path] c:\windows\system32\wiashext.dll
[Scan path] c:\windows\system32\winhttp.dll
[Scan path] c:\windows\system32\wininet.dll
[Scan path] c:\windows\system32\winlogon.exe
[Scan path] c:\windows\system32\winmm.dll
[Scan path] c:\windows\system32\winrnr.dll
[Scan path] c:\windows\system32\winscard.dll
[Scan path] c:\windows\system32\winspool.drv
[Scan path] c:\windows\system32\winsrv.dll
[Scan path] c:\windows\system32\winsta.dll
[Scan path] c:\windows\system32\wintrust.dll
[Scan path] c:\windows\system32\wkssvc.dll
[Scan path] c:\windows\system32\wldap32.dll
[Scan path] c:\windows\system32\wlnotify.dll
[Scan path] c:\windows\system32\wmpshell.dll
[Scan path] c:\windows\system32\wpdshext.dll
[Scan path] c:\windows\system32\wpdshserviceobj.dll
[Scan path] c:\windows\system32\ws2_32.dll
[Scan path] c:\windows\system32\ws2help.dll
[Scan path] c:\windows\system32\wscsvc.dll
[Scan path] c:\windows\system32\wshbth.dll
[Scan path] c:\windows\system32\wshext.dll
[Scan path] c:\windows\system32\wshtcpip.dll
[Scan path] c:\windows\system32\wsock32.dll
[Scan path] c:\windows\system32\wtsapi32.dll
[Scan path] c:\windows\system32\wuaucpl.cpl
[Scan path] c:\windows\system32\wuauserv.dll
[Scan path] c:\windows\system32\wudfsvc.dll
[Scan path] c:\windows\system32\wzcsvc.dll
[Scan path] c:\windows\system32\xmlprov.dll
[Scan path] c:\windows\system32\xpsp2res.dll
[Scan path] c:\windows\system32\zipfldr.dll
[Scan path] c:\windows\system32\zonelabs\srescan.sys
[Scan path] c:\windows\system32\zonelabs\vsmon.exe
[Scan path] c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
[Scan path] c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[Scan path] e:\reason30osb.ico
[Scan path] f:\reason30fsb.ico
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 10783
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Cured: 0
Deleted: 0
Renamed: 0
Moved: 0
Ignored: 0
Scan speed: 154 Kb/s
Scan time: 00:17:38
-----------------------------------------------------------------------------


the new hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:54:59 PM, on 11/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\DOCUME~1\Home\LOCALS~1\Temp\Rar$EX00.891\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RRT-Auto] C:\spyware\RRT.exe auto
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PopupDummy! - {3C75C1F5-6D83-11d6-9855-00065B6980E9} - C:\Program Files\PopupDummy!\PopupDummy! 3.27.EXE (HKCU)
O9 - Extra 'Tools' menuitem: PopupDummy! - {3C75C1F5-6D83-11d6-9855-00065B6980E9} - C:\Program Files\PopupDummy!\PopupDummy! 3.27.EXE (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} (Installer.InstallControl) - http://www.file2you.net/applet.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} (Enlite 2.x Simulation Engine Installer) - http://myitlab.pearsoned.com/Pegasus/Modul...ces/ax/stub.cab
O16 - DPF: {CF1C4A31-BD38-4DCB-BFDB-9E1854B6AAF1} (DVR Web Viewer) - http://www.dvrhost.com/control/viewer.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O16 - DPF: {FD163A9A-A3D8-4F7D-8224-32F81AC29EDA} (VPlayer Control) - http://video.vividas.com/CDN1/5029_paramou.../vivid_ocx.jpeg
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11119 bytes


the computer looks like its running fine now i have no signs of the adware

#10 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 02 November 2007 - 04:01 PM

Your log is clean :thumbsup:
If all's ok,please do the following:

Click on Start/Run,copy and paste ComboFix /u into the 'Open:' space,then press Ok.

Posted Image

Please double-click OTMoveIt.exe to run it.
Click on the 'Cleanup' button Posted Image
When you do this a text file named cleanup.txt will be downloaded from the internet.
If you get a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet you should allow it to do so.
When the 'Confirm' box appears click 'Yes'.
Restart your pc when prompted.

Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'.
The date and time will be created automatically.

Next click on Start/All Programs/Accessories/System Tools/Disk Cleanup.
The 'Select Drive' box will appear,click on Ok.
The 'Disk Cleanup for [C:]' box will appear,click on the 'More Options' tab.
At the bottom in the 'System Restore' window,click on the 'Clean up...' button.
A box will pop up 'Are you sure you want to delete all but the most recent restore point?',click on 'Yes'.
Click on 'Yes' at 'Are you sure you want to perform these actions?'.
Now wait until 'Disk Cleanup' finishes and the box disappears.

You should take the time to read and follow the information found in the links below,to help you prevent any possible future infections and stay safe and secure while online:

Simple and easy ways to keep your computer safe and secure on the Internet:
http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

How to prevent Malware:
http://users.telenet.be/bluepatchy/miekiem...prevention.html

So how did I get infected in the first place:
http://forums.spybot.info/showthread.php?t=279

Malware Cleanup Programs and Preventative Procedures:
http://russelltexas.com/malware/allclear.htm
Posted Image
Posted Image

#11 lilyungn

lilyungn
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 04 November 2007 - 02:28 PM

Thanks alot man!! this really helped my computer is running great now.

#12 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 04 November 2007 - 02:48 PM

You're most welcome :thumbsup:

This thread will now be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
If you should have a new issue, please start a new topic.
This applies only to the original topic starter.
Everyone else please begin a New Topic.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users