Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

1000 Pos Tmp Files And Red Cross On C, Runs Slow


  • This topic is locked This topic is locked
24 replies to this topic

#1 tadej1

tadej1

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 11 April 2008 - 01:10 PM

Hello!

I think my computer is infected with maleware. I have a lot pos .tmp files on my C-drive, the internet is running slow (explorer and firefox) and it takes me almost 10 minutes to start my computer.
Lately I can barely use My computer. I also have "Windows update "and "Help and support center" on my desktop, and I can not delete it.

I have Trend micro security 14 instaled, I scanned my computer with AdAware and Spybot (i could not delete files, wich Spybot found, a blue screen appeared). I did not scanned my computer with Kaspersky, because I could not connect.

-----------------------------------------------
I run DSS, and this are the logs:
-----------------------------------------------
-----------------------------------------------

Deckard's System Scanner v20071014.68
Run by kocevari on 2008-04-11 19:42:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Unable to create WMI object; The operation completed successfully.


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-11 19:46:30
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Trend Micro\Internet Security 14\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Trend Micro\Internet Security 14\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security 14\tmproxy.exe
C:\Program Files\Trend Micro\Internet Security 14\TmPfw.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Muiltmedia keyboard Utility\2.0\KBDAP32A.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Sony\SonicStage\SSAAD.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Moji dokumenti\Ares\Ares.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\kocevari\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rtvslo.si/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {33AAA186-2FC9-45D7-9F20-ED9C04B1A719} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {941508F8-CCD9-44E0-AC29-4F1E141373F7} - (no file)
O2 - BHO: (no name) - {98C74F26-5743-4018-ACA6-3075175C21C0} - (no file)
O2 - BHO: (no name) - {A2792D6E-94CF-4533-A15E-8FF43CE672D1} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\ooormejx.dll
O2 - BHO: (no name) - {D42BC151-DE3A-47B4-A108-1943206479AB} - C:\WINDOWS\system32\awtqr.dll
O2 - BHO: (no name) - {EA4EE31C-B121-40A8-A23C-D023FCEF0872} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard Utility\2.0\KbdAp32A.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [MSN Services] C:\RECYCLER\msnservice.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [740de5d0] rundll32.exe "C:\WINDOWS\system32\vhmqwwgn.dll",b
O4 - HKLM\..\Run: [BM773ed64c] Rundll32.exe "C:\WINDOWS\system32\ljjaqups.dll",s
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [ares] "C:\Moji dokumenti\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = C:\Program Files\Bluetooth Software\BTTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O20 - Winlogon Notify: ooormejx - C:\WINDOWS\system32\ooormejx.dll
O20 - Winlogon Notify: urqonom - C:\WINDOWS\system32\urqonom.dll (file missing)
O20 - Winlogon Notify: winzoa32 - C:\WINDOWS\system32\winzoa32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Moji dokumenti\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security 14\PcCtlCom.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security 14\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 14\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security 14\tmproxy.exe


--
End of file - 9972 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

2 atksgt - c:\windows\system32\drivers\atksgt.sys
2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys
2 BTSLBCSP (Bluetooth Port Client Driver) - c:\windows\system32\drivers\btslbcsp.sys <Not Verified; WIDCOMM, Inc.; Bluetooth Software 1.4.2 Build 10>
3 dtscsi - c:\windows\system32\drivers\dtscsi.sys (file missing)
3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
2 lirsgt - c:\windows\system32\drivers\lirsgt.sys
3 PPX001 - c:\igre\kal\new folder\ppx32.sys (file missing)
1 prodrv06 (StarForce Protection Environment Driver v6) - c:\windows\system32\drivers\prodrv06.sys <Not Verified; Protection Technology; StarForce Protection System>
0 prohlp02 (StarForce Protection Helper Driver v2) - c:\windows\system32\drivers\prohlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
0 prosync1 (StarForce Protection Synchronization Driver v1) - c:\windows\system32\drivers\prosync1.sys <Not Verified; Protection Technology; StarForce Protection System>
0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
0 sfhlp01 (StarForce Protection Helper Driver) - c:\windows\system32\drivers\sfhlp01.sys <Not Verified; Protection Technology; StarForce Protection System>
0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>
0 sfsync03 (StarForce Protection Synchronization Driver (version 3.x)) - c:\windows\system32\drivers\sfsync03.sys <Not Verified; Protection Technology; StarForce Protection System>
3 TMBUS (Thrustmapper Device Enumerator) - system32\drivers\tmbus.sys (file missing)
3 TMHidF (Thrustmaster FireStorm™ Wireless Gamepad HID Driver) - system32\drivers\tmhidf.sys (file missing)
3 TMKEmu (Thrustmapper virtual Keyboard device driver) - system32\drivers\tmkemu.sys (file missing)
3 TMMEmu (Thrustmapper virtual Mouse device driver) - system32\drivers\tmmemu.sys (file missing)
1 tmtdi (Trend Micro TDI Driver) - c:\windows\system32\drivers\tmtdi.sys <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 2.0>
2 tm_cfw (Common Firewall Driver) - c:\windows\system32\drivers\tm_cfw.sys <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 2.0>
3 XTrapD12 - c:\windows\system32\xtrapd12.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

2 aawservice (Ad-Aware 2007 Service) - c:\program files\lavasoft\ad-aware 2007\aawservice.exe
3 AresChatServer (Ares Chatroom server) - c:\moji dokumenti\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>
2 BthServ (Bluetooth Support Service) - c:\windows\system32\svchost.exe
2 PcCtlCom (Trend Micro Central Control Component) - c:\program files\trend micro\internet security 14\pcctlcom.exe <Not Verified; Trend Micro Incorporated.; Trend Micro Internet Security>
2 Tmntsrv (Trend Micro Real-time Service) - c:\program files\trend micro\internet security 14\tmntsrv.exe <Not Verified; Trend Micro Incorporated.; Trend Micro Internet Security>
2 TmPfw (Trend Micro Personal Firewall) - c:\program files\trend micro\internet security 14\tmpfw.exe <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 2.0>
2 tmproxy (Trend Micro Proxy Service) - c:\program files\trend micro\internet security 14\tmproxy.exe <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 2.0>


-- Device Manager: Disabled ----------------------------------------------------

Unable to create WMI object.

-- Files created between 2008-03-11 and 2008-04-11 -----------------------------

2008-04-11 18:52:03 86080 --a------ C:\WINDOWS\system32\vhmqwwgn.dll
2008-04-11 18:49:39 3648 --a------ C:\WINDOWS\system32\jtpmxuuq.dll
2008-04-11 18:46:32 94784 --a------ C:\WINDOWS\system32\ljjaqups.dll
2008-04-11 18:21:11 7168 --a------ C:\WINDOWS\system32\windows
2008-04-11 14:53:12 83008 --a------ C:\WINDOWS\system32\kobtvuau.dll
2008-04-11 14:49:40 0 d-------- C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2008-04-11 14:47:11 3648 --a------ C:\WINDOWS\system32\scforxdf.dll
2008-04-11 14:44:22 88640 --a------ C:\WINDOWS\system32\filphisr.dll
2008-04-11 14:43:51 85568 --a------ C:\WINDOWS\system32\fqxnplgq.dll
2008-04-10 22:16:41 3648 --a------ C:\WINDOWS\system32\ulmdpwmo.dll
2008-04-10 22:16:06 88128 --a------ C:\WINDOWS\system32\sdtpmatx.dll
2008-04-10 18:15:59 85056 --a------ C:\WINDOWS\system32\dpgodcrh.dll
2008-04-10 18:13:25 3648 --a------ C:\WINDOWS\system32\vjsciwra.dll
2008-04-10 18:12:26 88128 --a------ C:\WINDOWS\system32\hnwfwcfd.dll
2008-04-10 14:25:47 86080 --a------ C:\WINDOWS\system32\tgtbsxfu.dll
2008-04-10 14:19:47 3648 --a------ C:\WINDOWS\system32\ouwuptpp.dll
2008-04-10 14:17:42 88640 --a------ C:\WINDOWS\system32\tpmkpktb.dll
2008-04-10 14:00:55 3648 --a------ C:\WINDOWS\system32\amrcfomn.dll
2008-04-10 13:58:43 88640 --a------ C:\WINDOWS\system32\pdyfesqb.dll
2008-04-09 21:30:57 84544 --a------ C:\WINDOWS\system32\mgjckhbi.dll
2008-04-09 21:27:58 3648 --a------ C:\WINDOWS\system32\pylxvobv.dll
2008-04-09 21:25:37 89664 --a------ C:\WINDOWS\system32\tmedtqnr.dll
2008-04-09 15:17:05 83520 --a------ C:\WINDOWS\system32\wvjtpltd.dll
2008-04-09 15:15:58 3648 --a------ C:\WINDOWS\system32\ijaxrjcg.dll
2008-04-09 15:14:55 87616 --a------ C:\WINDOWS\system32\umfwjwrw.dll
2008-04-08 20:13:08 83520 --a------ C:\WINDOWS\system32\slvcctpf.dll
2008-04-08 20:10:39 3648 --a------ C:\WINDOWS\system32\uvnhtxtn.dll
2008-04-08 20:10:02 88640 --a------ C:\WINDOWS\system32\qsswvvdu.dll
2008-04-07 15:08:13 85056 --a------ C:\WINDOWS\system32\coljmwuf.dll
2008-04-07 15:05:51 88128 --a------ C:\WINDOWS\system32\blearjyp.dll
2008-04-07 13:45:29 88128 --a------ C:\WINDOWS\system32\hwlegipq.dll
2008-04-06 15:39:56 85056 --a------ C:\WINDOWS\system32\nqkhvhgj.dll
2008-04-05 12:37:22 85056 --a------ C:\WINDOWS\system32\ycumnpep.dll
2008-04-05 12:35:31 87104 --a------ C:\WINDOWS\system32\doexxoqn.dll
2008-04-04 19:43:14 83520 --a------ C:\WINDOWS\system32\tgplfquv.dll
2008-04-04 19:41:37 87104 --a------ C:\WINDOWS\system32\rqyywygv.dll
2008-04-03 17:41:33 89152 --a------ C:\WINDOWS\system32\gchqvulj.dll
2008-04-03 17:38:43 86592 --a------ C:\WINDOWS\system32\uytmkgpk.dll
2008-04-03 17:34:23 88640 --a------ C:\WINDOWS\system32\rpabkolk.dll
2008-04-02 15:07:41 83520 --a------ C:\WINDOWS\system32\mwcglifd.dll
2008-04-02 15:04:19 91712 --a------ C:\WINDOWS\system32\ngdlkaer.dll
2008-04-02 15:02:15 88128 --a------ C:\WINDOWS\system32\ojfwvuts.dll
2008-04-01 17:59:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-04-01 13:51:45 90688 --a------ C:\WINDOWS\system32\ubsadpqt.dll
2008-03-31 20:32:30 85568 --a------ C:\WINDOWS\system32\skbwoica.dll
2008-03-31 20:29:47 91712 --a------ C:\WINDOWS\system32\pqkbxqmn.dll
2008-03-31 19:06:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-31 16:39:52 0 d-------- C:\Program Files\Lavasoft
2008-03-31 16:39:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-31 15:18:15 82496 --a------ C:\WINDOWS\system32\skvfqhvq.dll
2008-03-31 15:15:30 90688 --a------ C:\WINDOWS\system32\leiqypnj.dll
2008-03-31 15:12:08 86592 --a------ C:\WINDOWS\system32\mbocvwqo.dll
2008-03-31 14:39:06 90688 --a------ C:\WINDOWS\system32\wyuarvct.dll
2008-03-31 14:35:15 86592 --a------ C:\WINDOWS\system32\phnmunnp.dll
2008-03-31 14:10:24 0 d-------- C:\Documents and Settings\kocevari\.housecall6.6
2008-03-31 13:17:48 82496 --a------ C:\WINDOWS\system32\twgxfcgq.dll
2008-03-31 13:14:28 90688 --a------ C:\WINDOWS\system32\yypodiny.dll
2008-03-31 13:11:22 86592 --a------ C:\WINDOWS\system32\gatlhnhq.dll
2008-03-31 10:26:45 90176 --a------ C:\WINDOWS\system32\vrsigqfs.dll
2008-03-31 10:23:11 88128 --a------ C:\WINDOWS\system32\pefswvvn.dll
2008-03-30 18:45:49 90176 --a------ C:\WINDOWS\system32\idbihrso.dll
2008-03-30 18:43:58 88128 --a------ C:\WINDOWS\system32\wwpcggbk.dll
2008-03-30 18:34:38 0 d-------- C:\WINDOWS\Prefetch
2008-03-30 18:03:37 88128 --a------ C:\WINDOWS\system32\vbkxrlnv.dll
2008-03-30 16:49:37 90176 --a------ C:\WINDOWS\system32\dvdxwmqw.dll
2008-03-30 16:46:50 87104 --a------ C:\WINDOWS\system32\bsvtckqe.dll
2008-03-30 16:45:36 88128 --a------ C:\WINDOWS\system32\xqpwsgsd.dll
2008-03-30 16:28:25 90176 --a------ C:\WINDOWS\system32\nsvmkoip.dll
2008-03-30 16:27:21 88128 --a------ C:\WINDOWS\system32\pacraloc.dll
2008-03-30 15:11:31 90176 --a------ C:\WINDOWS\system32\vwoussgh.dll
2008-03-30 15:08:40 87104 --a------ C:\WINDOWS\system32\yxqpjily.dll
2008-03-30 15:06:50 88128 --a------ C:\WINDOWS\system32\pamcegkb.dll
2008-03-30 14:56:09 90176 --a------ C:\WINDOWS\system32\ocbveubt.dll
2008-03-30 14:50:33 88128 --a------ C:\WINDOWS\system32\uikfffly.dll
2008-03-30 14:38:36 90176 --a------ C:\WINDOWS\system32\daoekfvm.dll
2008-03-30 14:34:01 88128 --a------ C:\WINDOWS\system32\ivxskmux.dll
2008-03-30 13:40:03 90176 --a------ C:\WINDOWS\system32\cqxfngyn.dll
2008-03-30 13:36:32 88128 --a------ C:\WINDOWS\system32\pvuxwdle.dll
2008-03-30 13:18:12 87104 --a------ C:\WINDOWS\system32\fvptvocm.dll
2008-03-30 12:21:38 90176 --a------ C:\WINDOWS\system32\cqmodpyk.dll
2008-03-30 12:00:08 90176 --a------ C:\WINDOWS\system32\vtvfqskf.dll
2008-03-30 11:57:17 91712 --a------ C:\WINDOWS\system32\ptalskre.dll
2008-03-29 16:11:21 90176 --a------ C:\WINDOWS\system32\ficwprpc.dll
2008-03-29 16:06:43 86592 --a------ C:\WINDOWS\system32\ntpkypul.dll
2008-03-29 15:59:24 90176 --a------ C:\WINDOWS\system32\nttrrmds.dll
2008-03-29 15:58:02 86592 --a------ C:\WINDOWS\system32\qwgoytqx.dll
2008-03-29 15:42:56 90176 --a------ C:\WINDOWS\system32\gkkmbehj.dll
2008-03-29 15:40:45 86592 --a------ C:\WINDOWS\system32\uxqmcwlt.dll
2008-03-29 15:38:26 90176 --a------ C:\WINDOWS\system32\fofldelv.dll
2008-03-29 15:36:09 86592 --a------ C:\WINDOWS\system32\qwjnhkbw.dll
2008-03-29 11:43:23 90176 --a------ C:\WINDOWS\system32\yeqhfxmu.dll
2008-03-29 11:40:28 85568 --a------ C:\WINDOWS\system32\ldkaxrrf.dll
2008-03-29 11:37:41 86592 --a------ C:\WINDOWS\system32\djjcmhhd.dll
2008-03-28 21:43:17 90688 --a------ C:\WINDOWS\system32\welwemfx.dll
2008-03-28 21:41:26 87616 --a------ C:\WINDOWS\system32\dhrefvui.dll
2008-03-28 21:25:33 90688 --a------ C:\WINDOWS\system32\puckahsn.dll
2008-03-28 21:24:27 87616 --a------ C:\WINDOWS\system32\lcqsywba.dll
2008-03-28 15:51:02 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-03-28 15:36:47 93760 --a------ C:\WINDOWS\system32\sfhrlgql.dll
2008-03-28 15:31:09 92736 --a------ C:\WINDOWS\system32\stogndil.dll
2008-03-27 19:25:37 92224 --a------ C:\WINDOWS\system32\oyimcywf.dll
2008-03-27 19:19:44 93248 --a------ C:\WINDOWS\system32\nsjemawo.dll
2008-03-26 20:42:16 92736 --a------ C:\WINDOWS\system32\sxfnkror.dll
2008-03-26 20:41:34 90688 --a------ C:\WINDOWS\system32\vgsuytmi.dll
2008-03-25 19:56:53 89152 --a------ C:\WINDOWS\system32\qcwhimmx.dll
2008-03-25 19:53:33 94272 --a------ C:\WINDOWS\system32\jkvbnhsx.dll
2008-03-24 16:59:17 93248 --a------ C:\WINDOWS\system32\tlgasxla.dll
2008-03-24 16:58:54 91200 --a------ C:\WINDOWS\system32\hrsgcpcm.dll
2008-03-23 18:48:59 0 d-------- C:\Downloads
2008-03-23 15:30:08 92736 --a------ C:\WINDOWS\system32\vdpoosyj.dll
2008-03-23 15:27:08 90176 --a------ C:\WINDOWS\system32\hocosijf.dll
2008-03-23 13:19:19 92736 --a------ C:\WINDOWS\system32\grluwrya.dll
2008-03-23 13:17:36 90176 --a------ C:\WINDOWS\system32\ihmohhvl.dll
2008-03-23 12:23:32 92736 --a------ C:\WINDOWS\system32\igpbomut.dll
2008-03-23 12:20:40 90176 --a------ C:\WINDOWS\system32\ccrqdsky.dll
2008-03-23 12:20:21 90176 --a------ C:\WINDOWS\system32\wrkyqwuc.dll
2008-03-22 12:30:40 93248 --a------ C:\WINDOWS\system32\kheibdad.dll
2008-03-22 12:26:48 92224 --a------ C:\WINDOWS\system32\pkitfjls.dll
2008-03-21 18:04:08 94784 --a------ C:\WINDOWS\system32\qxyxqokr.dll
2008-03-21 18:01:03 88640 --a------ C:\WINDOWS\system32\vsmhwskn.dll
2008-03-21 17:58:35 91712 --a------ C:\WINDOWS\system32\ktndjewo.dll
2008-03-20 15:25:02 91712 --a------ C:\WINDOWS\system32\yiwmwsja.dll
2008-03-19 16:18:25 93248 --a------ C:\WINDOWS\system32\pbiqieqy.dll
2008-03-19 16:16:28 90688 --a------ C:\WINDOWS\system32\ncnntjfc.dll
2008-03-18 21:47:43 92736 --a------ C:\WINDOWS\system32\gmgawpfj.dll
2008-03-18 21:44:51 87616 --a------ C:\WINDOWS\system32\jvjbtmmx.dll
2008-03-18 21:42:51 91200 --a------ C:\WINDOWS\system32\siqiteit.dll
2008-03-18 19:55:45 92736 --a------ C:\WINDOWS\system32\dphuamfc.dll
2008-03-18 19:53:34 91200 --a------ C:\WINDOWS\system32\rvgxinhh.dll
2008-03-17 18:13:40 99392 --a------ C:\WINDOWS\system32\bomxaxjh.dll
2008-03-17 18:11:53 93760 --a------ C:\WINDOWS\system32\ttkawfod.dll
2008-03-14 22:32:19 98368 --a------ C:\WINDOWS\system32\eqqcljcx.dll
2008-03-14 20:12:19 98368 --a------ C:\WINDOWS\system32\whvisgys.dll
2008-03-13 11:45:42 93760 --a------ C:\WINDOWS\system32\wiyvnwag.dll
2008-03-13 11:42:49 86080 --a------ C:\WINDOWS\system32\isdoeqgd.dll
2008-03-13 11:42:24 90176 --a------ C:\WINDOWS\system32\svylwwst.dll
2008-03-12 17:29:30 93760 --a------ C:\WINDOWS\system32\pbisutwb.dll
2008-03-11 21:07:16 93248 --a------ C:\WINDOWS\system32\cbkknqcs.dll
2008-03-11 21:06:59 90688 --a------ C:\WINDOWS\system32\krewwqou.dll
2008-03-11 17:58:29 93248 --a------ C:\WINDOWS\system32\becwcuux.dll
2008-03-11 17:57:35 90688 --a------ C:\WINDOWS\system32\kcgbwsgv.dll


-- Find3M Report ---------------------------------------------------------------

2008-04-11 19:47:08 178345 ---hs---- C:\WINDOWS\system32\rqtwa.ini2
2008-04-11 18:40:45 172587 ---hs---- C:\WINDOWS\system32\rqtwa.bak2
2008-04-05 21:23:29 0 d-------- C:\Documents and Settings\kocevari\Application Data\Azureus
2008-04-01 18:02:31 0 d-------- C:\Documents and Settings\kocevari\Application Data\Adobe
2008-04-01 18:00:09 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-31 16:37:43 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-30 16:10:01 23348 --a----c- C:\WINDOWS\system32\emptyregdb.dat
2008-03-29 14:00:36 0 d-------- C:\Documents and Settings\kocevari\Application Data\U3
2008-03-15 19:49:13 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-14 21:18:37 0 d-------- C:\Program Files\ScummVM
2008-03-10 17:43:39 93760 --a------ C:\WINDOWS\system32\cepvbgwq.dll
2008-03-10 17:39:22 89152 --a------ C:\WINDOWS\system32\rsolsxew.dll
2008-03-09 13:13:54 91200 --a------ C:\WINDOWS\system32\dxckyutt.dll
2008-03-09 13:11:21 89664 --a------ C:\WINDOWS\system32\brutldrt.dll
2008-03-08 11:45:33 92224 --a------ C:\WINDOWS\system32\pepwovgn.dll
2008-03-07 17:58:13 90688 --a------ C:\WINDOWS\system32\vwhstpmv.dll
2008-03-07 17:57:37 88640 --a------ C:\WINDOWS\system32\txfdugjp.dll
2008-03-07 15:34:51 89152 --a------ C:\WINDOWS\system32\ksnhyaal.dll
2008-03-07 15:31:49 96832 --a------ C:\WINDOWS\system32\xtdiebsp.dll
2008-03-07 15:30:32 94272 --a------ C:\WINDOWS\system32\eqjofrxm.dll
2008-03-06 21:57:35 96320 --a------ C:\WINDOWS\system32\ybuydbgy.dll
2008-03-06 21:51:34 92736 --a------ C:\WINDOWS\system32\wsgvejsl.dll
2008-03-06 20:54:35 96320 --a------ C:\WINDOWS\system32\mikruofs.dll
2008-03-06 12:12:15 96320 --a------ C:\WINDOWS\system32\wlfmntxa.dll
2008-03-06 12:11:47 92736 --a------ C:\WINDOWS\system32\rvofhdcf.dll
2008-03-06 11:22:41 96320 --a------ C:\WINDOWS\system32\bhhnavsd.dll
2008-03-06 11:20:55 91200 --a------ C:\WINDOWS\system32\uorolcll.dll
2008-03-06 11:19:11 92736 --a------ C:\WINDOWS\system32\eumaxjsa.dll
2008-03-05 19:01:15 96832 --a------ C:\WINDOWS\system32\olrxsbpu.dll
2008-03-04 18:28:51 97344 --a------ C:\WINDOWS\system32\rfvskdgj.dll
2008-03-03 18:58:54 90176 --a------ C:\WINDOWS\system32\wdofyhxp.dll
2008-03-02 16:17:58 89664 --a------ C:\WINDOWS\system32\tefgtojx.dll
2008-03-02 12:11:51 89664 --a------ C:\WINDOWS\system32\iafwcebx.dll
2008-03-01 22:16:01 89664 --a------ C:\WINDOWS\system32\womgymik.dll
2008-03-01 22:13:11 85568 --a------ C:\WINDOWS\system32\jxujsxvq.dll
2008-03-01 21:43:35 0 d-------- C:\Documents and Settings\kocevari\Application Data\teamspeak2
2008-03-01 11:21:10 89664 --a------ C:\WINDOWS\system32\rrpxixfu.dll
2008-02-26 19:30:31 89152 --a------ C:\WINDOWS\system32\etpylvbk.dll
2008-02-24 14:12:44 90176 --a------ C:\WINDOWS\system32\hkgkfsqf.dll
2008-02-23 13:28:57 85056 --a------ C:\WINDOWS\system32\lfmsofll.dll
2008-02-22 17:52:02 168158 ---hs---- C:\WINDOWS\system32\rqtwa.bak1
2008-02-22 13:32:07 91712 --a------ C:\WINDOWS\system32\hgeewagc.dll
2008-02-20 20:08:46 0 d-------- C:\Program Files\Three Rings Design
2008-02-18 00:12:45 97344 --a------ C:\WINDOWS\system32\hdejxchl.dll
2008-02-18 00:07:27 163904 --a------ C:\WINDOWS\system32\ooormejx.dll
2008-02-17 22:33:09 97344 --a------ C:\WINDOWS\system32\xbpvvtpr.dll
2008-02-17 13:37:00 97344 --a------ C:\WINDOWS\system32\lmojvtmo.dll
2008-02-16 14:40:21 92736 --a------ C:\WINDOWS\system32\hdwqgjve.dll
2008-02-15 22:33:45 91712 --a------ C:\WINDOWS\system32\hvaqapuc.dll
2008-02-15 22:18:46 91712 --a------ C:\WINDOWS\system32\niyqgtmy.dll
2008-02-12 20:34:06 0 d-------- C:\Program Files\X Plugin Manager
2008-01-11 17:46:04 796672 --a------ C:\WINDOWS\GPInstall.exe <Not Verified; Qsc; GP-Install>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{33AAA186-2FC9-45D7-9F20-ED9C04B1A719}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{941508F8-CCD9-44E0-AC29-4F1E141373F7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98C74F26-5743-4018-ACA6-3075175C21C0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A2792D6E-94CF-4533-A15E-8FF43CE672D1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
18.02.2008 00:07 163904 --a------ C:\WINDOWS\system32\ooormejx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D42BC151-DE3A-47B4-A108-1943206479AB}]
28.10.2007 16:14 301664 --------- C:\WINDOWS\system32\awtqr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EA4EE31C-B121-40A8-A23C-D023FCEF0872}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09.07.2001 10:50]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [07.01.2005 17:07 C:\WINDOWS\system32\HdAShCut.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [14.03.2007 03:43]
"FLMK08KB"="C:\Program Files\Muiltmedia keyboard Utility\2.0\KbdAp32A.exe" [25.12.2006 12:42]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04.08.2004 14:00 C:\WINDOWS\system32\bthprops.cpl]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [25.09.2006 10:12]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [24.01.2005 20:58]
"MSN Services"="C:\RECYCLER\msnservice.exe" []
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" [16.11.2005 23:23]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [17.10.2007 17:50]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [03.04.2007 18:00]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [03.04.2007 18:50]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [25.10.2006 10:03]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [04.02.2007 13:02]
"RTHDCPL"="RTHDCPL.EXE" [18.08.2005 01:20 C:\WINDOWS\RTHDCPL.EXE]
"Alcmtr"="ALCMTR.EXE" [03.05.2005 12:43 C:\WINDOWS\ALCMTR.EXE]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11.01.2008 22:16]
"740de5d0"="C:\WINDOWS\system32\vhmqwwgn.dll" [11.04.2008 18:52]
"BM773ed64c"="C:\WINDOWS\system32\ljjaqups.dll" [11.04.2008 18:46]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RealPlayer"="C:\Program Files\Real\RealPlayer\realplay.exe" [25.08.2006 11:13]
"ares"="C:\Moji dokumenti\Ares\Ares.exe" [16.07.2007 23:54]
"Steam"="" []
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19.01.2007 13:55]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28.01.2008 11:43]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Spybot - Search & Destroy"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\Bluetooth Software\BTTray.exe [29.7.2003 17:14:16]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [17.2.1999 21:05:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ooormejx]
ooormejx.dll 18.02.2008 00:07 163904 C:\WINDOWS\system32\ooormejx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqonom]
urqonom.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzoa32]
winzoa32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\awtqr

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43a0d214-acb9-11dc-b5bf-00508d81152b}]
AutoRun\command- I:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2008-04-11 19:48:12 ------------
---------------------------------------------------------------------------------------------

---------------------------------------
And the second:
---------------------------------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Unable to create WMI object.

Architecture: X86; Language: English

Percentage of Memory in Use: 60%
Physical Memory (total/avail): 1023.48 MiB / 401.65 MiB
Pagefile Memory (total/avail): 2459.29 MiB / 1932.66 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1946.32 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 149.04 GiB total, 29.89 GiB free.
D: is CDROM (CDFS)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

Unable to create WMI object.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\kocevari\Application Data
CLASSPATH=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=KOCEVAR3
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\kocevari
LOGONSERVER=\\KOCEVAR3
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Ulead Systems\DVD;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0602
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\kocevari\LOCALS~1\Temp
TMP=C:\DOCUME~1\kocevari\LOCALS~1\Temp
USERDOMAIN=KOCEVAR3
USERNAME=kocevari
USERPROFILE=C:\Documents and Settings\kocevari
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

kocevari (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MTP_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_ONLINESTORE_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x0009
--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> Dummy
--> MsiExec /X{7032E73F-68A0-48F9-8100-E70E79169BAE}
--> MsiExec.exe /X{69495273-FCDC-4A86-BCB7-49B504D3FB0E}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88E5FCB8-5F25-11D5-B16F-0800460222F0}\setup.exe" -l0x9 UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D76298C2-E532-4A11-BCFF-76F3F19DA84D}\setup.exe" UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C9F6AF4-E9D9-47FE-BE4B-E637C2FCB410}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C9F6AF4-E9D9-47FE-BE4B-E637C2FCB410}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AGEIA PhysX v6.12.02 --> MsiExec.exe /X{7032E73F-68A0-48F9-8100-E70E79169BAE}
AP Guitar Tuner 1.02 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\AP Guitar Tuner 1.02\DeIsL1.isu" -c"C:\Program Files\AP Guitar Tuner 1.02\_ISREG32.DLL"
ArchiCAD 11 INT --> C:\Program Files\Graphisoft\ArchiCAD 11\Uninstall.AC\uninstaller.exe
Ares 2.0.9 --> "C:\Moji dokumenti\Ares\uninstall.exe"
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> MsiExec.exe /I{B7777E08-1344-42E8-975B-6F541F9ADBD8}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
AudibleManager --> C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
Avanquest update --> C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
Canon MP Navigator EX 1.0 --> "C:\Program Files\Canon\MP Navigator EX 1.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 1.0\uninst.ini
Canon MP210 series --> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series /L0x0009
Canon MP210 series User Registration --> C:\Program Files\Canon\IJEREG\MP210 series\UNINST.EXE
Canon My Printer --> C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint EX --> C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
Canon Utilities Solution Menu --> C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
Creative MediaSource 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x9 /remove
Creative Removable Disk Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative ZEN V Series (R2) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9862E0CB-4727-4FFC-963A-E22A9E9EC10C}\SETUP.EXE" -l0x9 /remove
Dark and Light --> "C:\WINDOWS\Dark and Light\uninstall.exe" "/U:C:\igre\DarkandLight\Uninstall\uninstall.xml"
Deus Ex --> C:\igre\DeusEx\System\Setup.exe uninstall "Deus Ex"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EA SPORTS online 2007 --> C:\igre\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe
FEAR --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B653229-9854-4989-B780-D978F5F13EAB}\setup.exe" -l0x9 -removeonly
FIFA 08 --> MsiExec.exe /X{0A2A5039-B37F-489D-B1DC-A5258DF9E697}
Freelancer --> "C:\igre\Microsoft Games\Freelancer\UNINSTAL.EXE" /runtemp /addremove
Ghost Recon Advanced Warfighter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFC97089-04D6-42CE-A707-A343B4A7D2CD}\setup.exe" -l0x9
Google Earth Connections AC11 INT --> C:\Program Files\Graphisoft\ArchiCAD 11\Uninstall.GE\uninstaller.exe
Guild Wars --> "C:\igre\Guild Wars\Gw.exe" -uninstall
Guitar Pro 5.0 --> "C:\Program Files\Guitar Pro 5\unins000.exe"
GWFreaks 3.1.0.0 --> "C:\igre\guild wars\GWFreaks\unins000.exe"
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 8 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Legacy of Kain: Defiance 1.0 --> C:\igre\Legacy of Kain - Defiance\uninstlokd.exe
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LucasArts' Curse of Monkey Island --> C:\WINDOWS\uninst.exe -fC:\igre\LucasArts\Curse\DeIsL1.isu
LucasArts' Monkey 4 --> C:\WINDOWS\uninst.exe -f"C:\igre\LucasArts\Monkey 4\Install\DeIsL1.isu" -c"C:\igre\LucasArts\Monkey 4\Install\LecSetup.dll"
Microsoft Office 2000 Professional --> MsiExec.exe /I{00010424-78E1-11D2-B60F-006097C998E7}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Morrowind --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\igre\Bethesda Softworks\Morrowind\MWUninstall\Setup.exe" -l0x9
Motorola Driver Installation --> MsiExec.exe /I{52F6065D-27D0-4680-B2BC-C49C9A252459}
Motorola Phone Tools --> C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe -runfromtemp -l0x0009 -removeonly
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Muiltmedia keyboard Utility 2.0 --> C:\Program Files\Muiltmedia keyboard Utility\2.0\uninst00.exe
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\Setup.exe /uninstall ExtraUninstallID=""
Oblivion --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
Oblivion - Knights of the Nine --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14C87AA7-08E6-419F-A165-998EBE5023D7}\setup.exe" -l0x9 -removeonly
OpenMG Limited Patch 4.1-05-13-31-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.1-05-13-31-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.1.00 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{2F151B50-B434-4838-B51D-70442EBA093E} UNINSTALL
PlayLinc --> MsiExec.exe /I{2158685C-E2B3-4026-B0A1-0FFE31837AFD}
Pontifex --> C:\igre\Pontifex\uninstall.exe
Pontifex II --> C:\igre\Pontifex II\uninstall.exe
Puzzle Pirates --> C:\Program Files\Three Rings Design\Puzzle Pirates\Uninstall-yohoho.exe
Quake III Arena --> C:\WINDOWS\IsUninst.exe -f"C:\igre\Quake III Arena\QIII.isu"
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1033
Race Driver 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0297C87B-CC40-446F-865A-031B4FC0CF22}\Setup.exe" -l0x9 -removeonly
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x24 -removeonly
S.T.A.L.K.E.R. - Shadow of Chernobyl --> "C:\igre\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\unins000.exe"
Sacrifice --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6231FDA0-7E6F-11D4-A671-006008D09831}\Setup.exe"
ScanSoft OmniPage SE 4 --> MsiExec.exe /I{DEE88727-779B-47A9-ACEF-F87CA5F92A65}
Serious Sam: The First Encounter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{815050E5-F545-11D4-9569-004095812ACC}\Setup.exe" -l0x9
SonicStage 3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x9 UNINSTALL -removeonly
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam™ --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Stronghold Crusader --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8C3727F2-8E37-49E4-820C-03B1677F53B6}\setup.exe"
Symantec KB-DocID:2003093015493306 --> MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
TES Construction Set --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\igre\Bethesda Softworks\Morrowind\CSUninstall\Setup.exe" -l0x9
Test Drive Unlimited --> MsiExec.exe /X{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}
Thrustmaster Calibration Tool --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44B660BB-EAC5-4D4F-9890-C607DD5F7630}\setup.exe" -l0x9 -removeonly
Total Commander (Remove or Repair) --> C:\Program Files\totalcmd\tcuninst.exe
Trend Micro PC-cillin Internet Security 14 --> MsiExec.exe /X{EA8C73AA-3D75-44C9-87A2-8E945FC5FEE6}
Ulead Photo Explorer 8.0 SE Basic --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D271DAE0-8D68-4C97-8356-A126D48A1D8C}\setup.exe" -l0x9
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
WIDCOMM Bluetooth Software --> MsiExec.exe /X{FE90E9E7-A158-4687-8853-DF677A939A61}
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Live Messenger --> MsiExec.exe /I{C8DA0188-480B-498D-BA6E-1C415B0458A3}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Worms World Party --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A200E68-D5F4-4E70-910F-2871753A0E2B}\setup.exe"
X Plugin Manager 2.12 --> 'C:\Program Files\X Plugin Manager\Uninstall.exe'
X2 - The Threat --> MsiExec.exe /I{7DCB3E4A-E5EA-4324-ADB2-75BBFEFB44FB}
X3 Reunion --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9838EAFF-B13B-4A03-AEAE-6D508136545D}\setup.exe" -l0x9 -removeonly
ZENcast Organizer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x9 /remove


-- Application Event Log -------------------------------------------------------

Event Record #/Type43507 / Error
Event Submitted/Written: 04/11/2008 06:44:00 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application SpybotSD.exe, version 1.5.2.20, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type43506 / Error
Event Submitted/Written: 04/11/2008 06:44:00 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application SpybotSD.exe, version 1.5.2.20, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type43478 / Error
Event Submitted/Written: 04/10/2008 10:35:54 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application ArchiCAD.exe, version 11.0.0.1200, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type43472 / Success
Event Submitted/Written: 04/10/2008 10:34:09 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type43461 / Error
Event Submitted/Written: 04/10/2008 10:10:03 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application taskmgr.exe, version 5.1.2600.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type50090 / Warning
Event Submitted/Written: 04/11/2008 06:49:27 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type50089 / Error
Event Submitted/Written: 04/11/2008 06:37:43 PM / 04/11/2008 06:37:49 PM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display type

Event Record #/Type50087 / Error
Event Submitted/Written: 04/11/2008 06:37:18 PM / 04/11/2008 06:37:49 PM
Event ID/Source: 4 / sptd
Event Description:
Driver detected an internal error in its data structures for .

Event Record #/Type50083 / Error
Event Submitted/Written: 04/11/2008 06:00:52 PM / 04/11/2008 06:01:25 PM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display type

Event Record #/Type50081 / Error
Event Submitted/Written: 04/11/2008 06:00:25 PM / 04/11/2008 06:01:25 PM
Event ID/Source: 4 / sptd
Event Description:
Driver detected an internal error in its data structures for .



-- End of Deckard's System Scanner: finished at 2008-04-11 19:48:12 ------------





Please Help

BC AdBot (Login to Remove)

 


m

#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:03 PM

Posted 13 April 2008 - 01:10 PM

Hello tadej1,

Are you running two antivirus programs? Trend Micro antivirus and Symantec/Norton Antivirus?
If so, then uninstall one of them.

I (as well as MicroSoft, McAfee and Symantec) recommend that you DO NOT have more than one anti virus product installed and running on your computer at a time.

The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms".

It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection.

In general terms, the two programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.



Please download the
OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\pos*.tmp /D
    %userprofile%\My Documents\pos*.tmp /D
    %appdata%\My Documents\pos*.tmp /D

  • Return to OTMoveIt2, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  • Note : If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
    C:\_OTMoveIt2\MovedFiles\********_******.log
    (where "********_******" is the "date_time")
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Caution: Be careful of what you copy and paste with this tool. OTMoveIt2 is a powerful program, designed to move highly persistent files and folders. Not following the directions as instructed or using incorrectly could lead to disastrous problems with your operating system.




We will run ComboFix.

You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an expert, not for private use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.


You need to disable your Trend Micro Antivirus, and Spybot Teatimer before running ComboFix, as they will prevent it from running.

I notice that you have Spybot's TeaTimer running.
While this is normally a wonderful tool to protect against hijackers, it can also interfere with the fixes. So please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts

You can reenable TeaTimer once your system is clean.

To disable Trend Micro AntiVirus from the system tray menu
1. Close the Trend Micro AntiVirus main console if it is open.
2. Right-click the Trend Micro AntiVirus icon on the lower right corner of your screen.
3. Click Exit from the menu.
4. Click Yes when the confirmation message appears.
The Trend Micro AntiVirus icon will disappear. Windows may display a popup message saying "Your computer might be at risk. Trend Micro AntiVirus - Virus Protection is turned off".
5. To turn on Trend Micro AntiVirus again, do either of the following:
Click Start > Programs or All Programs > Trend Micro Anti Virus 2007 > Trend Micro Anti Virus 2007.
Double-click the Trend Micro AntiVirus icon on your Desktop.



Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

To work properly, you must install ComboFix on the Desktop.

 When following the instructions please install the Windows XP Recovery Console if you are using XP. <== IMPORTANT

You DO NOT need to have the Windows CD to install Recovery Console!

When Recovery Console installs correctly, ComboFix will give you a log like this:

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons



We need Recovery Console because malware damages a lot and causes an instable system - and because of that, it may happen that your computer won't be able to boot anymore. With the Recovery Console installed, there are extra options present to repair whatever malware damaged.
Also, even though you're not infected, the presence of the Recovery Console is a useful feature in case a computer won't boot anymore because of several other reasons. Read  here   what you can do with the Recovery Console.

Extra note: After you have installed the Recovery Console - if you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well.
Don't select to run the Recovery Console as we don't need it.
By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows.

A caution -
Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
Disconnect from the Internet.
Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Post the ComboFix log.

Edited by SifuMike, 14 April 2008 - 03:48 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 tadej1

tadej1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 14 April 2008 - 02:57 PM

Ok, i will not use 2 antivirus programes at once anymore.

I have done as you told me. I run OTMoveIt and I removed most of the pos-files. Some of them came back when i rebooted the computer, but they were not so many as before

----------------------------------
This is only a pert of MoveIt log, I did not post all of it, because the log is the same as below, only the noumbers are diferent:
----------------------------------
File delete failed. C:\pos1.tmp scheduled to be deleted on reboot.
File delete failed. C:\pos10.tmp scheduled to be deleted on reboot.
File delete failed. C:\pos100.tmp scheduled to be deleted on reboot.
File delete failed. C:\pos1000.tmp scheduled to be deleted on reboot.
C:\pos1046.tmp moved successfully.
C:\pos1047.tmp moved successfully.
C:\pos1048.tmp moved successfully.
C:\pos1049.tmp moved successfully.





I run Combo fix and here is the log:


ComboFix 08-04-13.3 - kocevari 2008-04-14 19:28:17.1 - NTFSx86

Running from: C:\Documents and Settings\kocevari\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\Documents and Settings\kocevari\Application Data\macromedia\Flash Player\#SharedObjects\LPQLCXF2\www.broadcaster.com
C:\Documents and Settings\kocevari\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\kocevari\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aciowbks.ini
C:\WINDOWS\system32\aqwookfc.ini
C:\WINDOWS\system32\bbkquyyb.ini
C:\WINDOWS\system32\bfgpclom.dll
C:\WINDOWS\system32\blearjyp.dll
C:\WINDOWS\system32\bqhuclbe.dll
C:\WINDOWS\system32\brutldrt.dll
C:\WINDOWS\system32\brywlswt.ini
C:\WINDOWS\system32\bsvtckqe.dll
C:\WINDOWS\system32\byyuqkbb.dll
C:\WINDOWS\system32\ccrqdsky.dll
C:\WINDOWS\system32\cfkoowqa.dll
C:\WINDOWS\system32\clcakrvb.ini
C:\WINDOWS\system32\coljmwuf.dll
C:\WINDOWS\system32\cqmodpyk.dll
C:\WINDOWS\system32\cqxfngyn.dll
C:\WINDOWS\system32\cvpiuakm.ini
C:\WINDOWS\system32\daoekfvm.dll
C:\WINDOWS\system32\dfilgcwm.ini
C:\WINDOWS\system32\dgqeodsi.ini
C:\WINDOWS\system32\dhiooacu.ini
C:\WINDOWS\system32\dhrefvui.dll
C:\WINDOWS\system32\djjcmhhd.dll
C:\WINDOWS\system32\doexxoqn.dll
C:\WINDOWS\system32\dpbqomrs.dll
C:\WINDOWS\system32\dpgodcrh.dll
C:\WINDOWS\system32\dphuamfc.dll
C:\WINDOWS\system32\dswmmyrj.dll
C:\WINDOWS\system32\dtlptjvw.ini
C:\WINDOWS\system32\dvdxwmqw.dll
C:\WINDOWS\system32\epanuxqd.ini
C:\WINDOWS\system32\eqkctvsb.ini
C:\WINDOWS\system32\erkslatp.ini
C:\WINDOWS\system32\etpylvbk.dll
C:\WINDOWS\system32\eumaxjsa.dll
C:\WINDOWS\system32\ewqyxgnm.dll
C:\WINDOWS\system32\exgcdakq.dll
C:\WINDOWS\system32\eyawgjoo.ini
C:\WINDOWS\system32\ficwprpc.dll
C:\WINDOWS\system32\filphisr.dll
C:\WINDOWS\system32\fjmuwdlr.ini
C:\WINDOWS\system32\fofldelv.dll
C:\WINDOWS\system32\fptccvls.ini
C:\WINDOWS\system32\fqxnplgq.dll
C:\WINDOWS\system32\frrxakdl.ini
C:\WINDOWS\system32\fuwmjloc.ini
C:\WINDOWS\system32\fvptvocm.dll
C:\WINDOWS\system32\gatlhnhq.dll
C:\WINDOWS\system32\gchqvulj.dll
C:\WINDOWS\system32\gftybbxm.ini
C:\WINDOWS\system32\ghgfmxpu.dll
C:\WINDOWS\system32\gkkmbehj.dll
C:\WINDOWS\system32\gmgawpfj.dll
C:\WINDOWS\system32\grluwrya.dll
C:\WINDOWS\system32\gspwusxg.ini
C:\WINDOWS\system32\gtucseal.dll
C:\WINDOWS\system32\hdwqgjve.dll
C:\WINDOWS\system32\hjhblwyj.ini
C:\WINDOWS\system32\hkgkfsqf.dll
C:\WINDOWS\system32\hnwfwcfd.dll
C:\WINDOWS\system32\hocosijf.dll
C:\WINDOWS\system32\hrcdogpd.ini
C:\WINDOWS\system32\hwlegipq.dll
C:\WINDOWS\system32\hxtcudbp.ini
C:\WINDOWS\system32\iafwcebx.dll
C:\WINDOWS\system32\ibhkcjgm.ini
C:\WINDOWS\system32\ibnhweup.dll
C:\WINDOWS\system32\idbihrso.dll
C:\WINDOWS\system32\idhjlfbi.dll
C:\WINDOWS\system32\ifudtsfp.dll
C:\WINDOWS\system32\igblkjcm.ini
C:\WINDOWS\system32\igpbomut.dll
C:\WINDOWS\system32\ihmohhvl.dll
C:\WINDOWS\system32\isdoeqgd.dll
C:\WINDOWS\system32\ivxskmux.dll
C:\WINDOWS\system32\jghvhkqn.ini
C:\WINDOWS\system32\jmloyflm.ini
C:\WINDOWS\system32\jpkkknto.ini
C:\WINDOWS\system32\jrymmwsd.ini
C:\WINDOWS\system32\jvjbtmmx.dll
C:\WINDOWS\system32\jxujsxvq.dll
C:\WINDOWS\system32\kbljqqja.dll
C:\WINDOWS\system32\kfsmmtvn.dll
C:\WINDOWS\system32\kobtvuau.dll
C:\WINDOWS\system32\kpgkmtyu.ini
C:\WINDOWS\system32\ksnhyaal.dll
C:\WINDOWS\system32\laayhnsk.ini
C:\WINDOWS\system32\laescutg.ini
C:\WINDOWS\system32\lbfbwmrc.ini
C:\WINDOWS\system32\lcqsywba.dll
C:\WINDOWS\system32\ldkaxrrf.dll
C:\WINDOWS\system32\ldrpyqiw.dll
C:\WINDOWS\system32\leiqypnj.dll
C:\WINDOWS\system32\lfmsofll.dll
C:\WINDOWS\system32\livmqtcc.ini
C:\WINDOWS\system32\ljjaqups.dll
C:\WINDOWS\system32\llclorou.ini
C:\WINDOWS\system32\llfosmfl.ini
C:\WINDOWS\system32\lludgyvr.ini
C:\WINDOWS\system32\lmhlllfg.ini
C:\WINDOWS\system32\lrvtmikc.ini
C:\WINDOWS\system32\lysvsend.dll
C:\WINDOWS\system32\mbocvwqo.dll
C:\WINDOWS\system32\mcjklbgi.dll
C:\WINDOWS\system32\mcovtpvf.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mgjckhbi.dll
C:\WINDOWS\system32\mngxyqwe.ini
C:\WINDOWS\system32\moghlctv.dll
C:\WINDOWS\system32\molcpgfb.ini
C:\WINDOWS\system32\mvjvooom.ini
C:\WINDOWS\system32\mwcglifd.dll
C:\WINDOWS\system32\ncspffft.ini
C:\WINDOWS\system32\ngdlkaer.dll
C:\WINDOWS\system32\ngwwqmhv.ini
C:\WINDOWS\system32\nkswhmsv.ini
C:\WINDOWS\system32\nqkhvhgj.dll
C:\WINDOWS\system32\nsvmkoip.dll
C:\WINDOWS\system32\ntpkypul.dll
C:\WINDOWS\system32\nttrrmds.dll
C:\WINDOWS\system32\nxywoxsf.ini
C:\WINDOWS\system32\nyrhifka.ini
C:\WINDOWS\system32\ocbveubt.dll
C:\WINDOWS\system32\oiamukxu.ini
C:\WINDOWS\system32\ojfwvuts.dll
C:\WINDOWS\system32\omxtqcsl.ini
C:\WINDOWS\system32\ooormejx.dll
C:\WINDOWS\system32\opibqmtj.ini
C:\WINDOWS\system32\pacraloc.dll
C:\WINDOWS\system32\pamcegkb.dll
C:\WINDOWS\system32\pbypxpoy.ini
C:\WINDOWS\system32\pdyfesqb.dll
C:\WINDOWS\system32\pefswvvn.dll
C:\WINDOWS\system32\pepnmucy.ini
C:\WINDOWS\system32\pfstdufi.ini
C:\WINDOWS\system32\phnmunnp.dll
C:\WINDOWS\system32\pqisjepx.dll
C:\WINDOWS\system32\pqkbxqmn.dll
C:\WINDOWS\system32\ptalskre.dll
C:\WINDOWS\system32\pvuxwdle.dll
C:\WINDOWS\system32\pwfsmwop.dll
C:\WINDOWS\system32\qcwhimmx.dll
C:\WINDOWS\system32\qfagxhhg.ini
C:\WINDOWS\system32\qgcfxgwt.ini
C:\WINDOWS\system32\qpsjtlvv.ini
C:\WINDOWS\system32\qsswvvdu.dll
C:\WINDOWS\system32\qtyjawvq.dll
C:\WINDOWS\system32\qvhqfvks.ini
C:\WINDOWS\system32\qvwajytq.ini
C:\WINDOWS\system32\qvxsjuxj.ini
C:\WINDOWS\system32\qwgoytqx.dll
C:\WINDOWS\system32\qwjnhkbw.dll
C:\WINDOWS\system32\qxyxqokr.dll
C:\WINDOWS\system32\rbsdrcjs.dll
C:\WINDOWS\system32\rnoptogt.ini
C:\WINDOWS\system32\rpabkolk.dll
C:\WINDOWS\system32\rqtwa.bak1
C:\WINDOWS\system32\rqtwa.bak2
C:\WINDOWS\system32\rqtwa.ini
C:\WINDOWS\system32\rqtwa.ini2
C:\WINDOWS\system32\rqtwa.tmp
C:\WINDOWS\system32\rqyywygv.dll
C:\WINDOWS\system32\rrpxixfu.dll
C:\WINDOWS\system32\rsolsxew.dll
C:\WINDOWS\system32\rvofhdcf.dll
C:\WINDOWS\system32\saoiiqys.dll
C:\WINDOWS\system32\sdtpmatx.dll
C:\WINDOWS\system32\skbwoica.dll
C:\WINDOWS\system32\skvfqhvq.dll
C:\WINDOWS\system32\slvcctpf.dll
C:\WINDOWS\system32\stogndil.dll
C:\WINDOWS\system32\svylwwst.dll
C:\WINDOWS\system32\sxfnkror.dll
C:\WINDOWS\system32\syqiioas.ini
C:\WINDOWS\system32\tefgtojx.dll
C:\WINDOWS\system32\tfffpscn.dll
C:\WINDOWS\system32\tgplfquv.dll
C:\WINDOWS\system32\tgtbsxfu.dll
C:\WINDOWS\system32\tmedtqnr.dll
C:\WINDOWS\system32\tnqjlxhi.ini
C:\WINDOWS\system32\tpmkpktb.dll
C:\WINDOWS\system32\tvtjvsvq.ini
C:\WINDOWS\system32\twboaixn.ini
C:\WINDOWS\system32\twgxfcgq.dll
C:\WINDOWS\system32\twslwyrb.dll
C:\WINDOWS\system32\txfdugjp.dll
C:\WINDOWS\system32\uauvtbok.ini
C:\WINDOWS\system32\ubsadpqt.dll
C:\WINDOWS\system32\ucaooihd.dll
C:\WINDOWS\system32\ufxsbtgt.ini
C:\WINDOWS\system32\ugvpvktt.ini
C:\WINDOWS\system32\uikfffly.dll
C:\WINDOWS\system32\ulqifbiw.ini
C:\WINDOWS\system32\umfwjwrw.dll
C:\WINDOWS\system32\upxmfghg.ini
C:\WINDOWS\system32\uxqmcwlt.dll
C:\WINDOWS\system32\uytmkgpk.dll
C:\WINDOWS\system32\vbkxrlnv.dll
C:\WINDOWS\system32\vdpoosyj.dll
C:\WINDOWS\system32\vfpecsdw.dll
C:\WINDOWS\system32\vhjlbqnm.ini
C:\WINDOWS\system32\vosnplem.ini
C:\WINDOWS\system32\vrsigqfs.dll
C:\WINDOWS\system32\vsmhwskn.dll
C:\WINDOWS\system32\vtclhgom.ini
C:\WINDOWS\system32\vtvfqskf.dll
C:\WINDOWS\system32\vuqflpgt.ini
C:\WINDOWS\system32\vwoussgh.dll
C:\WINDOWS\system32\wdofyhxp.dll
C:\WINDOWS\system32\wfejvbux.dll
C:\WINDOWS\system32\wiqyprdl.ini
C:\WINDOWS\system32\wmbctooq.dll
C:\WINDOWS\system32\womgymik.dll
C:\WINDOWS\system32\wrkyqwuc.dll
C:\WINDOWS\system32\wsgvejsl.dll
C:\WINDOWS\system32\wsrmmusx.ini
C:\WINDOWS\system32\wvjtpltd.dll
C:\WINDOWS\system32\wwpcggbk.dll
C:\WINDOWS\system32\wyanbgxd.ini
C:\WINDOWS\system32\wyuarvct.dll
C:\WINDOWS\system32\xmmihwcq.ini
C:\WINDOWS\system32\xmmtbjvj.ini
C:\WINDOWS\system32\xqpwsgsd.dll
C:\WINDOWS\system32\xsummrsw.dll
C:\WINDOWS\system32\xubvjefw.ini
C:\WINDOWS\system32\ycumnpep.dll
C:\WINDOWS\system32\yeqhfxmu.dll
C:\WINDOWS\system32\yksdqrcc.ini
C:\WINDOWS\system32\ylijpqxy.ini
C:\WINDOWS\system32\ymkfgfyd.dll
C:\WINDOWS\system32\yvtyhasy.ini
C:\WINDOWS\system32\yxqpjily.dll
C:\WINDOWS\system32\yypodiny.dll

.
((((((((((((((((((((((((( Files Created from 2008-03-14 to 2008-04-14 )))))))))))))))))))))))))))))))
.

2008-04-14 19:34 . 2008-04-14 19:34 163,904 --a------ C:\WINDOWS\system32\ooormejx.dll
2008-04-14 18:05 . 2008-04-14 18:05 <DIR> d-------- C:\_OTMoveIt
2008-04-13 22:29 . 2004-08-04 00:56 152,576 --a------ C:\WINDOWS\system32\irftp.exe
2008-04-13 22:29 . 2004-08-04 00:56 152,576 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe
2008-04-13 22:29 . 2004-08-04 00:56 27,136 --a------ C:\WINDOWS\system32\irmon.dll
2008-04-13 22:29 . 2004-08-04 00:56 27,136 --a--c--- C:\WINDOWS\system32\dllcache\irmon.dll
2008-04-13 22:29 . 2004-08-04 00:56 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2008-04-13 22:29 . 2004-08-04 00:56 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2008-04-13 19:50 . 2008-04-13 19:50 3,648 --a------ C:\WINDOWS\system32\medfkyqx.dll
2008-04-13 11:14 . 2008-04-13 11:14 3,648 --a------ C:\WINDOWS\system32\rixfsfkm.dll
2008-04-12 16:07 . 2008-04-12 16:07 3,648 --a------ C:\WINDOWS\system32\hpndvoln.dll
2008-04-12 10:13 . 2008-04-12 10:13 3,648 --a------ C:\WINDOWS\system32\yauoaeui.dll
2008-04-11 19:42 . 2008-04-11 19:42 <DIR> d-------- C:\Deckard
2008-04-11 18:49 . 2008-04-11 18:49 3,648 --a------ C:\WINDOWS\system32\jtpmxuuq.dll
2008-04-11 14:49 . 2008-04-11 14:49 <DIR> d-------- C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2008-04-11 14:47 . 2008-04-11 14:47 3,648 --a------ C:\WINDOWS\system32\scforxdf.dll
2008-04-11 14:11 . 2008-04-11 14:11 1,674,584 --a------ C:\podloge.dwg
2008-04-10 22:16 . 2008-04-10 22:16 3,648 --a------ C:\WINDOWS\system32\ulmdpwmo.dll
2008-04-10 18:13 . 2008-04-10 18:13 3,648 --a------ C:\WINDOWS\system32\vjsciwra.dll
2008-04-10 14:19 . 2008-04-10 14:19 3,648 --a------ C:\WINDOWS\system32\ouwuptpp.dll
2008-04-10 14:00 . 2008-04-10 14:00 3,648 --a------ C:\WINDOWS\system32\amrcfomn.dll
2008-04-09 21:27 . 2008-04-09 21:27 3,648 --a------ C:\WINDOWS\system32\pylxvobv.dll
2008-04-09 15:15 . 2008-04-09 15:15 3,648 --a------ C:\WINDOWS\system32\ijaxrjcg.dll
2008-04-08 20:10 . 2008-04-08 20:10 3,648 --a------ C:\WINDOWS\system32\uvnhtxtn.dll
2008-04-07 22:19 . 2008-04-07 22:15 1,339,008 --a------ C:\stavbarstvo-tloris.bpn
2008-04-07 22:19 . 2008-04-07 22:19 54 --a------ C:\stavbarstvo-tloris.bpn.lck
2008-04-01 13:49 . 2008-04-02 15:07 1,598,945 ---hs---- C:\WINDOWS\system32\fghdsgwo.ini
2008-03-31 19:06 . 2008-03-31 19:06 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-31 19:06 . 2008-04-12 10:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-31 16:39 . 2008-03-31 16:39 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-31 16:39 . 2008-03-31 16:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-31 14:41 . 2008-03-31 15:18 1,583,859 ---hs---- C:\WINDOWS\system32\aufhlouu.ini
2008-03-31 14:15 . 2008-03-31 14:25 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-03-31 14:10 . 2008-03-31 14:52 <DIR> d-------- C:\Documents and Settings\kocevari\.housecall6.6
2008-03-31 10:29 . 2008-03-31 13:18 1,583,608 ---hs---- C:\WINDOWS\system32\wjioyrcy.ini
2008-03-30 18:48 . 2008-03-31 10:25 1,583,817 ---hs---- C:\WINDOWS\system32\yycgeyll.ini
2008-03-30 18:31 . 2004-08-04 14:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-03-30 18:30 . 2004-08-04 14:00 10,096,640 --a--c--- C:\WINDOWS\system32\dllcache\hwxcht.dll
2008-03-30 18:27 . 2008-03-30 18:27 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-03-30 18:27 . 2008-03-30 18:27 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-03-30 18:27 . 2008-03-30 18:27 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-03-30 18:27 . 2008-03-30 18:27 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-03-30 18:27 . 2008-03-30 18:27 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-03-30 18:27 . 2008-03-30 18:27 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-03-30 18:26 . 2004-08-04 14:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2008-03-30 18:24 . 2004-08-04 14:00 7,680 --a--c--- C:\WINDOWS\system32\dllcache\migregdb.exe
2008-03-30 18:05 . 2008-03-30 18:47 1,583,697 ---hs---- C:\WINDOWS\system32\rgnkrtyq.ini
2008-03-30 17:34 . 2008-04-11 18:37 1,073,299,456 --a------ C:\WINDOWS\MEMORY.DMP
2008-03-30 16:31 . 2008-03-30 16:47 1,583,697 ---hs---- C:\WINDOWS\system32\thfwqquw.ini
2008-03-30 16:12 . 2004-08-04 14:00 32,768 --a--c--- C:\WINDOWS\system32\dllcache\icwdl.dll
2008-03-30 16:12 . 2004-08-04 14:00 20,480 --a--c--- C:\WINDOWS\system32\dllcache\inetwiz.exe
2008-03-30 16:11 . 2004-08-04 14:00 214,528 --a--c--- C:\WINDOWS\system32\dllcache\icwconn1.exe
2008-03-30 16:11 . 2004-08-04 14:00 86,016 --a--c--- C:\WINDOWS\system32\dllcache\icwconn2.exe
2008-03-30 15:43 . 2004-08-04 14:00 1,086,058 -ra------ C:\WINDOWS\SETDA.tmp
2008-03-30 15:43 . 2004-08-04 14:00 1,042,903 -ra------ C:\WINDOWS\SETD7.tmp
2008-03-30 15:43 . 2004-08-04 14:00 13,753 -ra------ C:\WINDOWS\SETE6.tmp
2008-03-30 15:42 . 2008-03-30 17:43 293,472 --a------ C:\WINDOWS\setupapi.old
2008-03-30 14:53 . 2008-03-30 15:09 1,583,937 ---hs---- C:\WINDOWS\system32\uqttuslv.ini
2008-03-30 14:35 . 2008-03-30 14:50 1,583,817 ---hs---- C:\WINDOWS\system32\jgnspqjd.ini
2008-03-30 13:37 . 2008-03-30 14:31 1,583,697 ---hs---- C:\WINDOWS\system32\dklnpgef.ini
2008-03-30 12:18 . 2008-03-30 13:18 1,583,697 ---hs---- C:\WINDOWS\system32\wddavbcd.ini
2008-03-29 16:08 . 2008-03-30 11:57 1,584,117 ---hs---- C:\WINDOWS\system32\dkmbiwje.ini
2008-03-29 15:59 . 2008-03-29 16:03 1,583,997 ---hs---- C:\WINDOWS\system32\fcshnkry.ini
2008-03-29 15:43 . 2008-03-29 15:56 1,583,877 ---hs---- C:\WINDOWS\system32\qxvqnohs.ini
2008-03-29 15:38 . 2008-03-29 15:39 1,583,757 ---hs---- C:\WINDOWS\system32\tbuwfadt.ini
2008-03-28 21:46 . 2008-03-29 11:35 1,573,166 ---hs---- C:\WINDOWS\system32\tglvdnim.ini
2008-03-28 21:43 . 2008-03-28 21:43 90,688 --a------ C:\WINDOWS\system32\welwemfx.dll
2008-03-28 21:28 . 2008-03-28 21:46 1,573,046 ---hs---- C:\WINDOWS\system32\nuoerena.ini
2008-03-28 21:25 . 2008-03-28 21:25 90,688 --a------ C:\WINDOWS\system32\puckahsn.dll
2008-03-28 15:51 . 2008-03-28 15:51 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-03-28 15:36 . 2008-03-28 15:36 93,760 --a------ C:\WINDOWS\system32\sfhrlgql.dll
2008-03-28 15:33 . 2008-03-28 21:21 1,584,624 ---hs---- C:\WINDOWS\system32\rvmkismr.ini
2008-03-27 19:25 . 2008-03-27 19:25 92,224 --a------ C:\WINDOWS\system32\oyimcywf.dll
2008-03-27 19:22 . 2008-03-28 15:28 1,583,641 ---hs---- C:\WINDOWS\system32\nsjjlnvf.ini
2008-03-27 19:19 . 2008-03-27 19:19 93,248 --a------ C:\WINDOWS\system32\nsjemawo.dll
2008-03-26 20:45 . 2008-03-27 19:19 1,586,334 ---hs---- C:\WINDOWS\system32\lvmtuxxd.ini
2008-03-26 20:41 . 2008-03-26 20:41 90,688 --a------ C:\WINDOWS\system32\vgsuytmi.dll
2008-03-25 19:53 . 2008-03-25 19:53 94,272 --a------ C:\WINDOWS\system32\jkvbnhsx.dll
2008-03-24 17:02 . 2008-03-25 19:58 1,489,438 ---hs---- C:\WINDOWS\system32\pmmgrtph.ini
2008-03-24 16:59 . 2008-03-24 16:59 93,248 --a------ C:\WINDOWS\system32\tlgasxla.dll
2008-03-24 16:58 . 2008-03-24 16:58 91,200 --a------ C:\WINDOWS\system32\hrsgcpcm.dll
2008-03-23 18:48 . 2008-03-23 18:49 <DIR> d-------- C:\Downloads
2008-03-23 15:27 . 2008-03-24 16:57 1,550,060 ---hs---- C:\WINDOWS\system32\okymlhfa.ini
2008-03-23 13:21 . 2008-03-23 15:27 1,543,219 ---hs---- C:\WINDOWS\system32\gbuhxgbi.ini
2008-03-22 12:30 . 2008-03-22 12:30 93,248 --a------ C:\WINDOWS\system32\kheibdad.dll
2008-03-22 12:28 . 2008-03-23 12:21 1,543,219 ---hs---- C:\WINDOWS\system32\rlierrdb.ini
2008-03-22 12:26 . 2008-03-22 12:26 92,224 --a------ C:\WINDOWS\system32\pkitfjls.dll
2008-03-21 17:58 . 2008-03-21 17:58 91,712 --a------ C:\WINDOWS\system32\ktndjewo.dll
2008-03-20 15:25 . 2008-03-21 18:01 1,538,988 ---hs---- C:\WINDOWS\system32\bpxuiorl.ini
2008-03-20 15:25 . 2008-03-20 15:25 91,712 --a------ C:\WINDOWS\system32\yiwmwsja.dll
2008-03-19 16:18 . 2008-03-19 16:18 93,248 --a------ C:\WINDOWS\system32\pbiqieqy.dll
2008-03-19 16:16 . 2008-03-20 15:20 1,531,255 ---hs---- C:\WINDOWS\system32\fioyodby.ini
2008-03-19 16:16 . 2008-03-19 16:16 90,688 --a------ C:\WINDOWS\system32\ncnntjfc.dll
2008-03-18 21:42 . 2008-03-18 21:42 91,200 --a------ C:\WINDOWS\system32\siqiteit.dll
2008-03-18 19:57 . 2008-03-18 21:41 1,308,743 ---hs---- C:\WINDOWS\system32\qyhnmpcm.ini
2008-03-18 19:53 . 2008-03-18 19:53 91,200 --a------ C:\WINDOWS\system32\rvgxinhh.dll
2008-03-17 18:15 . 2008-03-18 19:54 2,096,588 ---hs---- C:\WINDOWS\system32\kpgvjdqc.ini
2008-03-17 18:13 . 2008-03-17 18:13 99,392 --a------ C:\WINDOWS\system32\bomxaxjh.dll
2008-03-17 18:11 . 2008-03-17 18:11 93,760 --a------ C:\WINDOWS\system32\ttkawfod.dll
2008-03-14 22:35 . 2008-03-17 18:11 1,367,043 ---hs---- C:\WINDOWS\system32\mbtdllad.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-14 14:07 --------- d-----w C:\Documents and Settings\kocevari\Application Data\Canon
2008-04-13 12:10 --------- d-----w C:\Documents and Settings\kocevari\Application Data\Azureus
2008-04-12 14:02 --------- d-----w C:\Documents and Settings\kocevari\Application Data\GetRightToGo
2008-04-01 16:00 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-31 14:37 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-29 12:00 --------- d-----w C:\Documents and Settings\kocevari\Application Data\U3
2008-03-15 17:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-14 19:18 --------- d-----w C:\Program Files\ScummVM
2008-03-13 09:45 93,760 ----a-w C:\WINDOWS\system32\wiyvnwag.dll
2008-03-12 15:29 93,760 ----a-w C:\WINDOWS\system32\pbisutwb.dll
2008-03-11 19:07 93,248 ----a-w C:\WINDOWS\system32\cbkknqcs.dll
2008-03-11 19:06 90,688 ----a-w C:\WINDOWS\system32\krewwqou.dll
2008-03-11 15:58 93,248 ----a-w C:\WINDOWS\system32\becwcuux.dll
2008-03-11 15:57 90,688 ----a-w C:\WINDOWS\system32\kcgbwsgv.dll
2008-03-10 15:43 93,760 ----a-w C:\WINDOWS\system32\cepvbgwq.dll
2008-03-09 11:13 91,200 ----a-w C:\WINDOWS\system32\dxckyutt.dll
2008-03-08 09:45 92,224 ----a-w C:\WINDOWS\system32\pepwovgn.dll
2008-03-07 15:58 90,688 ----a-w C:\WINDOWS\system32\vwhstpmv.dll
2008-03-07 13:31 96,832 ----a-w C:\WINDOWS\system32\xtdiebsp.dll
2008-03-07 13:30 94,272 ----a-w C:\WINDOWS\system32\eqjofrxm.dll
2008-03-06 19:57 96,320 ----a-w C:\WINDOWS\system32\ybuydbgy.dll
2008-03-06 18:54 96,320 ----a-w C:\WINDOWS\system32\mikruofs.dll
2008-03-06 10:12 96,320 ----a-w C:\WINDOWS\system32\wlfmntxa.dll
2008-03-06 09:22 96,320 ----a-w C:\WINDOWS\system32\bhhnavsd.dll
2008-03-06 09:20 91,200 ----a-w C:\WINDOWS\system32\uorolcll.dll
2008-03-05 17:01 96,832 ----a-w C:\WINDOWS\system32\olrxsbpu.dll
2008-03-04 16:28 97,344 ----a-w C:\WINDOWS\system32\rfvskdgj.dll
2008-03-01 19:43 --------- d-----w C:\Documents and Settings\kocevari\Application Data\teamspeak2
2008-02-24 12:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Test Drive Unlimited
2008-02-22 11:32 91,712 ----a-w C:\WINDOWS\system32\hgeewagc.dll
2008-02-20 18:08 --------- d-----w C:\Program Files\Three Rings Design
2008-02-17 22:12 97,344 ----a-w C:\WINDOWS\system32\hdejxchl.dll
2008-02-17 20:33 97,344 ----a-w C:\WINDOWS\system32\xbpvvtpr.dll
2008-02-17 11:37 97,344 ----a-w C:\WINDOWS\system32\lmojvtmo.dll
2008-02-15 20:33 91,712 ----a-w C:\WINDOWS\system32\hvaqapuc.dll
2008-02-15 20:18 91,712 ----a-w C:\WINDOWS\system32\niyqgtmy.dll
2007-09-22 19:24 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2007-07-15 20:02 1,022,453 -csha-w C:\WINDOWS\system32\bdeeg.bak1
2007-07-18 10:11 888,213 -csha-w C:\WINDOWS\system32\bdeeg.bak2
2007-07-18 20:31 893,993 -csha-w C:\WINDOWS\system32\bdeeg.ini2
2007-07-13 20:51 6,409 -csha-w C:\WINDOWS\system32\jjjlm.bak1
2007-07-14 09:03 1,022,437 -csha-w C:\WINDOWS\system32\jjjlm.bak2
2007-07-14 22:05 1,046,078 -csha-w C:\WINDOWS\system32\jjjlm.ini2
2007-10-28 14:04 322 -csh--w C:\WINDOWS\system32\prqss.ini2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2008-04-14 19:34 163904 --a------ C:\WINDOWS\system32\ooormejx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E188E6CF-A9B6-4487-B7AB-7BBBA1AC9A9E}]
2007-10-28 16:14 301664 --------- C:\WINDOWS\system32\awtqr.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RealPlayer"="C:\Program Files\Real\RealPlayer\realplay.exe" [2006-08-25 11:13 1003520]
"ares"="C:\Moji dokumenti\Ares\Ares.exe" [2007-07-16 23:54 961536]
"Steam"="" []
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:55 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]
"FLMK08KB"="C:\Program Files\Muiltmedia keyboard Utility\2.0\KbdAp32A.exe" [2006-12-25 12:42 383488]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 10:12 90112]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 20:58 81920]
"MSN Services"="C:\RECYCLER\msnservice.exe" [ ]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" [2005-11-16 23:23 897089]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-17 17:50 155648]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-03 18:00 644696]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 18:50 1603152]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 10:03 210472]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 13:02 79400]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-18 01:20 14820864 C:\WINDOWS\RTHDCPL.EXE]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\Bluetooth Software\BTTray.exe [2003-07-29 17:14:16 499773]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ooormejx]
ooormejx.dll 2008-04-14 19:34 163904 C:\WINDOWS\system32\ooormejx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqonom]
urqonom.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzoa32]
winzoa32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\igre\\Quake III Arena\\quake3.exe"=
"C:\\Program Files\\MTA\\MTAServer.exe"=
"C:\\igre\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\igre\\Microsoft Games\\Freelancer\\EXE\\Freelancer.exe"=
"C:\\igre\\Microsoft Games\\Freelancer\\EXE\\flserver.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\igre\\Ubisoft\\Ghost Recon Advanced Warfighter\\GRAW.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\igre\\Valve\\Steam\\SteamApps\\anticrist666\\counter-strike source\\hl2.exe"=
"C:\\igre\\Valve\\Steam\\SteamApps\\anticrist666\\half-life 2 deathmatch\\hl2.exe"=
"C:\\igre\\Valve\\Steam\\SteamApps\\anticrist666\\dark messiah might and magic dedicated server\\srcds.exe"=
"C:\\igre\\Croteam\\Serious Sam - The First Encounter\\Bin\\SeriousSam.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\igre\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"C:\\igre\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"C:\\igre\\Sierra\\FEAR\\FEAR.exe"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43a0d214-acb9-11dc-b5bf-00508d81152b}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-14 19:38:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

C:\WINDOWS\explorer.exe [1100] 0x863465C8

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MSControlService]
"ImagePath"="C:\WINDOWS\system32\windows"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\ooormejx.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\ooormejx.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\WgaTray.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\pccguide.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\SoftwareDistribution\Download\304c19f1612f37ffa8967147d3cb7464\update\update.exe
.
**************************************************************************
.
Completion time: 2008-04-14 19:47:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-14 17:46:43

Pre-Run: 30,820,687,872 bytes free
Post-Run: 30,635,130,880 bytes free
.
2008-04-14 17:42:28 --- E O F ---



Thank you for the help so far!

#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:03 PM

Posted 14 April 2008 - 04:21 PM

Hello tadej1,

What a mess! You win the prize for the most heavily infected computers I have seen. :thumbsup:

Is this your computer or a clients?

How long has it been like this?

Edited by SifuMike, 14 April 2008 - 04:38 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 tadej1

tadej1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 15 April 2008 - 07:57 AM

Yes I know.
The problems appeared 2 mounths ago. I know i should clean it before, but i never got time, and there was more and more mess on the hard drive. I also had no idea how to clean this tmp files. When i finally decided to do something, it was too late, because I had many Pos/tmp files and I could not work so good anymore. I didn't know that this red cross on C drive was such a big problem, because everything worked ok...until a week ago.
The computer is not only mine (also brothers). A reason why i didn't repair it so fast was, that I had a lot of work to do for school on the computer.

I reinstalled the windows, but this didn't fix anything (in fact, the computer takes longer to reboot now).

I wanted to format the hard drive, but i wasn't sure if this would help. Will formating help?

#6 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:03 PM

Posted 15 April 2008 - 09:16 AM

Hello tadej1,

The computer is not only mine (also brothers). A reason why i didn't repair it so fast was, that I had a lot of work to do for school on the computer.
I reinstalled the windows, but this didn't fix anything (in fact, the computer takes longer to reboot now).
I wanted to format the hard drive, but i wasn't sure if this would help. Will formating help?


We normally use reformatting as a last resort. It definitely will solve the malware problem, but is a drastic measure. You should have come here when you were first infected, as this infection creates more malware files every time you log on, and you let it go for months. Not good. :thumbsup:

We should be able to remove all the malware with ComboFix.

Click Start, then Run and type Notepad and click OK.
Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the code box below into notepad:

KILLALL:: 

File:: 
C:\WINDOWS\system32\ooormejx.dll
C:\WINDOWS\system32\medfkyqx.dll
C:\WINDOWS\system32\rixfsfkm.dll
C:\WINDOWS\system32\hpndvoln.dll
C:\WINDOWS\system32\yauoaeui.dll
C:\WINDOWS\system32\jtpmxuuq.dll
C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
C:\WINDOWS\system32\scforxdf.dll
C:\WINDOWS\system32\ulmdpwmo.dll
C:\WINDOWS\system32\vjsciwra.dll
C:\WINDOWS\system32\ouwuptpp.dll
C:\WINDOWS\system32\amrcfomn.dll
C:\WINDOWS\system32\pylxvobv.dll
C:\WINDOWS\system32\ijaxrjcg.dll
C:\WINDOWS\system32\uvnhtxtn.dll
C:\WINDOWS\system32\fghdsgwo.ini
C:\WINDOWS\system32\aufhlouu.ini
C:\WINDOWS\system32\wjioyrcy.ini
C:\WINDOWS\system32\yycgeyll.ini
C:\WINDOWS\system32\rgnkrtyq.ini
C:\WINDOWS\system32\thfwqquw.ini
C:\WINDOWS\SETDA.tmp
C:\WINDOWS\SETD7.tmp
C:\WINDOWS\SETE6.tmp
C:\WINDOWS\system32\uqttuslv.ini
C:\WINDOWS\system32\jgnspqjd.ini
C:\WINDOWS\system32\dklnpgef.ini
C:\WINDOWS\system32\wddavbcd.ini
C:\WINDOWS\system32\dkmbiwje.ini
C:\WINDOWS\system32\fcshnkry.ini
C:\WINDOWS\system32\qxvqnohs.ini
C:\WINDOWS\system32\tbuwfadt.ini
C:\WINDOWS\system32\tglvdnim.ini
C:\WINDOWS\system32\welwemfx.dll
C:\WINDOWS\system32\nuoerena.ini
C:\WINDOWS\system32\puckahsn.dll
C:\WINDOWS\system32\sfhrlgql.dll
C:\WINDOWS\system32\rvmkismr.ini
C:\WINDOWS\system32\oyimcywf.dll
C:\WINDOWS\system32\nsjjlnvf.ini
C:\WINDOWS\system32\nsjemawo.dll
C:\WINDOWS\system32\lvmtuxxd.ini
C:\WINDOWS\system32\vgsuytmi.dll
C:\WINDOWS\system32\jkvbnhsx.dll
C:\WINDOWS\system32\pmmgrtph.ini
C:\WINDOWS\system32\tlgasxla.dll
C:\WINDOWS\system32\okymlhfa.ini
C:\WINDOWS\system32\gbuhxgbi.ini
C:\WINDOWS\system32\kheibdad.dll
C:\WINDOWS\system32\rlierrdb.ini
C:\WINDOWS\system32\pkitfjls.dll
C:\WINDOWS\system32\ktndjewo.dll
C:\WINDOWS\system32\bpxuiorl.ini
C:\WINDOWS\system32\yiwmwsja.dll
C:\WINDOWS\system32\pbiqieqy.dll
C:\WINDOWS\system32\fioyodby.ini
C:\WINDOWS\system32\ncnntjfc.dll
C:\WINDOWS\system32\siqiteit.dll
C:\WINDOWS\system32\qyhnmpcm.ini
C:\WINDOWS\system32\rvgxinhh.dll
C:\WINDOWS\system32\kpgvjdqc.ini
C:\WINDOWS\system32\bomxaxjh.dll
C:\WINDOWS\system32\ttkawfod.dll
C:\WINDOWS\system32\mbtdllad.ini
C:\WINDOWS\system32\wiyvnwag.dll
C:\WINDOWS\system32\pbisutwb.dll
C:\WINDOWS\system32\cbkknqcs.dll
C:\WINDOWS\system32\krewwqou.dll
C:\WINDOWS\system32\becwcuux.dll
C:\WINDOWS\system32\kcgbwsgv.dll
C:\WINDOWS\system32\cepvbgwq.dll
C:\WINDOWS\system32\dxckyutt.dll
C:\WINDOWS\system32\pepwovgn.dll
C:\WINDOWS\system32\vwhstpmv.dll
C:\WINDOWS\system32\xtdiebsp.dll
C:\WINDOWS\system32\eqjofrxm.dll
C:\WINDOWS\system32\ybuydbgy.dll
C:\WINDOWS\system32\mikruofs.dll
C:\WINDOWS\system32\wlfmntxa.dll
C:\WINDOWS\system32\bhhnavsd.dll
C:\WINDOWS\system32\uorolcll.dll
C:\WINDOWS\system32\olrxsbpu.dll
C:\WINDOWS\system32\rfvskdgj.dll
C:\WINDOWS\system32\hgeewagc.dll
C:\WINDOWS\system32\hdejxchl.dll
C:\WINDOWS\system32\xbpvvtpr.dll
C:\WINDOWS\system32\lmojvtmo.dll
C:\WINDOWS\system32\hvaqapuc.dll
C:\WINDOWS\system32\niyqgtmy.dll
C:\WINDOWS\system32\bdeeg.bak1
C:\WINDOWS\system32\bdeeg.bak2
C:\WINDOWS\system32\bdeeg.ini2
C:\WINDOWS\system32\jjjlm.bak1
C:\WINDOWS\system32\jjjlm.bak2
C:\WINDOWS\system32\jjjlm.ini2
C:\WINDOWS\system32\prqss.ini2
C:\WINDOWS\system32\ooormejx.dll

Registry:: 
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E188E6CF-A9B6-4487-B7AB-7BBBA1AC9A9E}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ooormejx]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqonom]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzoa32]


Name the Notepad file CFScript.txt and Save it to your desktop.

IMPORTANT: The above script was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format!

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.



Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Edited by SifuMike, 15 April 2008 - 09:16 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 tadej1

tadej1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 17 April 2008 - 02:03 AM

I would have ask you before, but i didn't know this forum exists.

I have dona as you told me and here is the log:
(the pos files are gone, there is still the red cross on C, and the internet runns fast again...thank you for that)

-------------------------------------------------
-------------------------------------------------
ComboFix 08-04-13.3 - kocevari 2008-04-16 21:02:35.2 - NTFSx86

Running from: C:\Documents and Settings\kocevari\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\kocevari\Desktop\CFScript.txt

FILE ::
C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
C:\WINDOWS\SETD7.tmp
C:\WINDOWS\SETDA.tmp
C:\WINDOWS\SETE6.tmp
C:\WINDOWS\system32\amrcfomn.dll
C:\WINDOWS\system32\aufhlouu.ini
C:\WINDOWS\system32\bdeeg.bak1
C:\WINDOWS\system32\bdeeg.bak2
C:\WINDOWS\system32\bdeeg.ini2
C:\WINDOWS\system32\becwcuux.dll
C:\WINDOWS\system32\bhhnavsd.dll
C:\WINDOWS\system32\bomxaxjh.dll
C:\WINDOWS\system32\bpxuiorl.ini
C:\WINDOWS\system32\cbkknqcs.dll
C:\WINDOWS\system32\cepvbgwq.dll
C:\WINDOWS\system32\dklnpgef.ini
C:\WINDOWS\system32\dkmbiwje.ini
C:\WINDOWS\system32\dxckyutt.dll
C:\WINDOWS\system32\eqjofrxm.dll
C:\WINDOWS\system32\fcshnkry.ini
C:\WINDOWS\system32\fghdsgwo.ini
C:\WINDOWS\system32\fioyodby.ini
C:\WINDOWS\system32\gbuhxgbi.ini
C:\WINDOWS\system32\hdejxchl.dll
C:\WINDOWS\system32\hgeewagc.dll
C:\WINDOWS\system32\hpndvoln.dll
C:\WINDOWS\system32\hvaqapuc.dll
C:\WINDOWS\system32\ijaxrjcg.dll
C:\WINDOWS\system32\jgnspqjd.ini
C:\WINDOWS\system32\jjjlm.bak1
C:\WINDOWS\system32\jjjlm.bak2
C:\WINDOWS\system32\jjjlm.ini2
C:\WINDOWS\system32\jkvbnhsx.dll
C:\WINDOWS\system32\jtpmxuuq.dll
C:\WINDOWS\system32\kcgbwsgv.dll
C:\WINDOWS\system32\kheibdad.dll
C:\WINDOWS\system32\kpgvjdqc.ini
C:\WINDOWS\system32\krewwqou.dll
C:\WINDOWS\system32\ktndjewo.dll
C:\WINDOWS\system32\lmojvtmo.dll
C:\WINDOWS\system32\lvmtuxxd.ini
C:\WINDOWS\system32\mbtdllad.ini
C:\WINDOWS\system32\medfkyqx.dll
C:\WINDOWS\system32\mikruofs.dll
C:\WINDOWS\system32\ncnntjfc.dll
C:\WINDOWS\system32\niyqgtmy.dll
C:\WINDOWS\system32\nsjemawo.dll
C:\WINDOWS\system32\nsjjlnvf.ini
C:\WINDOWS\system32\nuoerena.ini
C:\WINDOWS\system32\okymlhfa.ini
C:\WINDOWS\system32\olrxsbpu.dll
C:\WINDOWS\system32\ooormejx.dll
C:\WINDOWS\system32\ouwuptpp.dll
C:\WINDOWS\system32\oyimcywf.dll
C:\WINDOWS\system32\pbiqieqy.dll
C:\WINDOWS\system32\pbisutwb.dll
C:\WINDOWS\system32\pepwovgn.dll
C:\WINDOWS\system32\pkitfjls.dll
C:\WINDOWS\system32\pmmgrtph.ini
C:\WINDOWS\system32\prqss.ini2
C:\WINDOWS\system32\puckahsn.dll
C:\WINDOWS\system32\pylxvobv.dll
C:\WINDOWS\system32\qxvqnohs.ini
C:\WINDOWS\system32\qyhnmpcm.ini
C:\WINDOWS\system32\rfvskdgj.dll
C:\WINDOWS\system32\rgnkrtyq.ini
C:\WINDOWS\system32\rixfsfkm.dll
C:\WINDOWS\system32\rlierrdb.ini
C:\WINDOWS\system32\rvgxinhh.dll
C:\WINDOWS\system32\rvmkismr.ini
C:\WINDOWS\system32\scforxdf.dll
C:\WINDOWS\system32\sfhrlgql.dll
C:\WINDOWS\system32\siqiteit.dll
C:\WINDOWS\system32\tbuwfadt.ini
C:\WINDOWS\system32\tglvdnim.ini
C:\WINDOWS\system32\thfwqquw.ini
C:\WINDOWS\system32\tlgasxla.dll
C:\WINDOWS\system32\ttkawfod.dll
C:\WINDOWS\system32\ulmdpwmo.dll
C:\WINDOWS\system32\uorolcll.dll
C:\WINDOWS\system32\uqttuslv.ini
C:\WINDOWS\system32\uvnhtxtn.dll
C:\WINDOWS\system32\vgsuytmi.dll
C:\WINDOWS\system32\vjsciwra.dll
C:\WINDOWS\system32\vwhstpmv.dll
C:\WINDOWS\system32\wddavbcd.ini
C:\WINDOWS\system32\welwemfx.dll
C:\WINDOWS\system32\wiyvnwag.dll
C:\WINDOWS\system32\wjioyrcy.ini
C:\WINDOWS\system32\wlfmntxa.dll
C:\WINDOWS\system32\xbpvvtpr.dll
C:\WINDOWS\system32\xtdiebsp.dll
C:\WINDOWS\system32\yauoaeui.dll
C:\WINDOWS\system32\ybuydbgy.dll
C:\WINDOWS\system32\yiwmwsja.dll
C:\WINDOWS\system32\yycgeyll.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\WINDOWS\SETD7.tmp
C:\WINDOWS\SETDA.tmp
C:\WINDOWS\SETE6.tmp
C:\WINDOWS\system32\amrcfomn.dll
C:\WINDOWS\system32\aufhlouu.ini
C:\WINDOWS\system32\bdeeg.bak1
C:\WINDOWS\system32\bdeeg.bak2
C:\WINDOWS\system32\bdeeg.ini2
C:\WINDOWS\system32\becwcuux.dll
C:\WINDOWS\system32\bhhnavsd.dll
C:\WINDOWS\system32\bomxaxjh.dll
C:\WINDOWS\system32\bpxuiorl.ini
C:\WINDOWS\system32\cbkknqcs.dll
C:\WINDOWS\system32\cepvbgwq.dll
C:\WINDOWS\system32\dklnpgef.ini
C:\WINDOWS\system32\dkmbiwje.ini
C:\WINDOWS\system32\dxckyutt.dll
C:\WINDOWS\system32\eqjofrxm.dll
C:\WINDOWS\system32\fcshnkry.ini
C:\WINDOWS\system32\fghdsgwo.ini
C:\WINDOWS\system32\fioyodby.ini
C:\WINDOWS\system32\gbuhxgbi.ini
C:\WINDOWS\system32\hdejxchl.dll
C:\WINDOWS\system32\hgeewagc.dll
C:\WINDOWS\system32\hpndvoln.dll
C:\WINDOWS\system32\hrsgcpcm.dll
C:\WINDOWS\system32\hvaqapuc.dll
C:\WINDOWS\system32\ijaxrjcg.dll
C:\WINDOWS\system32\jgnspqjd.ini
C:\WINDOWS\system32\jjjlm.bak1
C:\WINDOWS\system32\jjjlm.bak2
C:\WINDOWS\system32\jjjlm.ini2
C:\WINDOWS\system32\jkvbnhsx.dll
C:\WINDOWS\system32\jtpmxuuq.dll
C:\WINDOWS\system32\kcgbwsgv.dll
C:\WINDOWS\system32\kheibdad.dll
C:\WINDOWS\system32\kpgvjdqc.ini
C:\WINDOWS\system32\krewwqou.dll
C:\WINDOWS\system32\ktndjewo.dll
C:\WINDOWS\system32\lmojvtmo.dll
C:\WINDOWS\system32\lvmtuxxd.ini
C:\WINDOWS\system32\mbtdllad.ini
C:\WINDOWS\system32\medfkyqx.dll
C:\WINDOWS\system32\mikruofs.dll
C:\WINDOWS\system32\ncnntjfc.dll
C:\WINDOWS\system32\niyqgtmy.dll
C:\WINDOWS\system32\nsjemawo.dll
C:\WINDOWS\system32\nsjjlnvf.ini
C:\WINDOWS\system32\nuoerena.ini
C:\WINDOWS\system32\okymlhfa.ini
C:\WINDOWS\system32\olrxsbpu.dll
C:\WINDOWS\system32\ouwuptpp.dll
C:\WINDOWS\system32\oyimcywf.dll
C:\WINDOWS\system32\pbiqieqy.dll
C:\WINDOWS\system32\pbisutwb.dll
C:\WINDOWS\system32\pepwovgn.dll
C:\WINDOWS\system32\pkitfjls.dll
C:\WINDOWS\system32\pmmgrtph.ini
C:\WINDOWS\system32\prqss.ini2
C:\WINDOWS\system32\puckahsn.dll
C:\WINDOWS\system32\pylxvobv.dll
C:\WINDOWS\system32\qxvqnohs.ini
C:\WINDOWS\system32\qyhnmpcm.ini
C:\WINDOWS\system32\rfvskdgj.dll
C:\WINDOWS\system32\rgnkrtyq.ini
C:\WINDOWS\system32\rixfsfkm.dll
C:\WINDOWS\system32\rlierrdb.ini
C:\WINDOWS\system32\rvgxinhh.dll
C:\WINDOWS\system32\rvmkismr.ini
C:\WINDOWS\system32\scforxdf.dll
C:\WINDOWS\system32\sfhrlgql.dll
C:\WINDOWS\system32\siqiteit.dll
C:\WINDOWS\system32\tbuwfadt.ini
C:\WINDOWS\system32\tglvdnim.ini
C:\WINDOWS\system32\thfwqquw.ini
C:\WINDOWS\system32\tlgasxla.dll
C:\WINDOWS\system32\ttkawfod.dll
C:\WINDOWS\system32\ulmdpwmo.dll
C:\WINDOWS\system32\uorolcll.dll
C:\WINDOWS\system32\uqttuslv.ini
C:\WINDOWS\system32\uvnhtxtn.dll
C:\WINDOWS\system32\vgsuytmi.dll
C:\WINDOWS\system32\vjsciwra.dll
C:\WINDOWS\system32\vwhstpmv.dll
C:\WINDOWS\system32\wddavbcd.ini
C:\WINDOWS\system32\welwemfx.dll
C:\WINDOWS\system32\windows
C:\WINDOWS\system32\wiyvnwag.dll
C:\WINDOWS\system32\wjioyrcy.ini
C:\WINDOWS\system32\wlfmntxa.dll
C:\WINDOWS\system32\xbpvvtpr.dll
C:\WINDOWS\system32\xtdiebsp.dll
C:\WINDOWS\system32\yauoaeui.dll
C:\WINDOWS\system32\ybuydbgy.dll
C:\WINDOWS\system32\yiwmwsja.dll
C:\WINDOWS\system32\yycgeyll.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSControlService
-------\MSControlService


((((((((((((((((((((((((( Files Created from 2008-03-16 to 2008-04-16 )))))))))))))))))))))))))))))))
.

2008-04-16 21:09 . 2008-04-16 21:09 <DIR> d-------- C:\WINDOWS\LastGood
2008-04-16 20:46 . 2008-04-16 20:46 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-16 20:46 . 2008-04-16 20:46 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-14 20:17 . 2008-04-16 21:02 3,547 ---hs---- C:\WINDOWS\system32\rqtwa.ini
2008-04-14 18:05 . 2008-04-14 18:05 <DIR> d-------- C:\_OTMoveIt
2008-04-13 22:29 . 2004-08-04 00:56 152,576 --a------ C:\WINDOWS\system32\irftp.exe
2008-04-13 22:29 . 2004-08-04 00:56 152,576 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe
2008-04-13 22:29 . 2004-08-04 00:56 27,136 --a------ C:\WINDOWS\system32\irmon.dll
2008-04-13 22:29 . 2004-08-04 00:56 27,136 --a--c--- C:\WINDOWS\system32\dllcache\irmon.dll
2008-04-13 22:29 . 2004-08-04 00:56 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2008-04-13 22:29 . 2004-08-04 00:56 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2008-04-11 19:42 . 2008-04-11 19:42 <DIR> d-------- C:\Deckard
2008-04-11 14:49 . 2008-04-11 14:49 <DIR> d-------- C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2008-04-07 22:19 . 2008-04-07 22:15 1,339,008 --a------ C:\stavbarstvo-tloris.bpn
2008-04-07 22:19 . 2008-04-07 22:19 54 --a------ C:\stavbarstvo-tloris.bpn.lck
2008-03-31 19:06 . 2008-03-31 19:06 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-31 19:06 . 2008-04-12 10:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-31 16:39 . 2008-03-31 16:39 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-31 16:39 . 2008-03-31 16:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-31 14:15 . 2008-03-31 14:25 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-03-31 14:10 . 2008-03-31 14:52 <DIR> d-------- C:\Documents and Settings\kocevari\.housecall6.6
2008-03-30 18:31 . 2004-08-04 14:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-03-30 18:30 . 2004-08-04 14:00 10,096,640 --a--c--- C:\WINDOWS\system32\dllcache\hwxcht.dll
2008-03-30 18:27 . 2008-03-30 18:27 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-03-30 18:27 . 2008-03-30 18:27 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-03-30 18:27 . 2008-03-30 18:27 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-03-30 18:27 . 2008-03-30 18:27 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-03-30 18:27 . 2008-03-30 18:27 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-03-30 18:27 . 2008-03-30 18:27 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-03-30 18:26 . 2004-08-04 14:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2008-03-30 18:24 . 2004-08-04 14:00 7,680 --a--c--- C:\WINDOWS\system32\dllcache\migregdb.exe
2008-03-30 17:34 . 2008-04-11 18:37 1,073,299,456 --a------ C:\WINDOWS\MEMORY.DMP
2008-03-30 16:12 . 2004-08-04 14:00 32,768 --a--c--- C:\WINDOWS\system32\dllcache\icwdl.dll
2008-03-30 16:12 . 2004-08-04 14:00 20,480 --a--c--- C:\WINDOWS\system32\dllcache\inetwiz.exe
2008-03-30 16:11 . 2004-08-04 14:00 214,528 --a--c--- C:\WINDOWS\system32\dllcache\icwconn1.exe
2008-03-30 16:11 . 2004-08-04 14:00 86,016 --a--c--- C:\WINDOWS\system32\dllcache\icwconn2.exe
2008-03-30 15:42 . 2008-03-30 17:43 293,472 --a------ C:\WINDOWS\setupapi.old
2008-03-28 15:51 . 2008-03-28 15:51 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-03-23 18:48 . 2008-03-23 18:49 <DIR> d-------- C:\Downloads

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-15 15:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-14 14:07 --------- d-----w C:\Documents and Settings\kocevari\Application Data\Canon
2008-04-13 12:10 --------- d-----w C:\Documents and Settings\kocevari\Application Data\Azureus
2008-04-12 14:02 --------- d-----w C:\Documents and Settings\kocevari\Application Data\GetRightToGo
2008-04-01 16:00 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-31 14:37 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-29 12:00 --------- d-----w C:\Documents and Settings\kocevari\Application Data\U3
2008-03-14 19:18 --------- d-----w C:\Program Files\ScummVM
2008-03-01 19:43 --------- d-----w C:\Documents and Settings\kocevari\Application Data\teamspeak2
2008-02-24 12:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Test Drive Unlimited
2008-02-20 18:08 --------- d-----w C:\Program Files\Three Rings Design
2007-09-22 19:24 32 ----a-r C:\Documents and Settings\All Users\hash.dat
.

((((((((((((((((((((((((((((( snapshot@2008-04-14_19.45.53.68 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-14 17:35:52 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-16 19:08:49 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-16 18:37:48 2,758 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{5B68EA5D-F921-49B7-8E4C-AC3188C0283A}.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C637A41C-61C9-4B2B-9C9C-60645DA97724}]
2007-10-28 16:14 301664 --------- C:\WINDOWS\system32\awtqr.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RealPlayer"="C:\Program Files\Real\RealPlayer\realplay.exe" [2006-08-25 11:13 1003520]
"ares"="C:\Moji dokumenti\Ares\Ares.exe" [2007-07-16 23:54 961536]
"Steam"="" []
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:55 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"FLMK08KB"="C:\Program Files\Muiltmedia keyboard Utility\2.0\KbdAp32A.exe" [2006-12-25 12:42 383488]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 10:12 90112]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 20:58 81920]
"MSN Services"="C:\RECYCLER\msnservice.exe" [ ]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" [2005-11-16 23:23 897089]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-17 17:50 155648]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-03 18:00 644696]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 18:50 1603152]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 10:03 210472]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 13:02 79400]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-18 01:20 14820864 C:\WINDOWS\RTHDCPL.EXE]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\Bluetooth Software\BTTray.exe [2003-07-29 17:14:16 499773]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\igre\\Quake III Arena\\quake3.exe"=
"C:\\Program Files\\MTA\\MTAServer.exe"=
"C:\\igre\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\igre\\Microsoft Games\\Freelancer\\EXE\\Freelancer.exe"=
"C:\\igre\\Microsoft Games\\Freelancer\\EXE\\flserver.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\igre\\Ubisoft\\Ghost Recon Advanced Warfighter\\GRAW.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\igre\\Valve\\Steam\\SteamApps\\anticrist666\\counter-strike source\\hl2.exe"=
"C:\\igre\\Valve\\Steam\\SteamApps\\anticrist666\\half-life 2 deathmatch\\hl2.exe"=
"C:\\igre\\Valve\\Steam\\SteamApps\\anticrist666\\dark messiah might and magic dedicated server\\srcds.exe"=
"C:\\igre\\Croteam\\Serious Sam - The First Encounter\\Bin\\SeriousSam.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\igre\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"C:\\igre\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"C:\\igre\\Sierra\\FEAR\\FEAR.exe"=


.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-16 21:21:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\pccguide.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
.
**************************************************************************
.
Completion time: 2008-04-16 21:26:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-16 19:26:49
ComboFix2.txt 2008-04-14 17:47:12

Pre-Run: 31,206,764,544 bytes free
Post-Run: 31,173,148,672 bytes free
.
2008-04-16 18:34:30 --- E O F ---

#8 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:03 PM

Posted 17 April 2008 - 09:54 AM

Hello tadej1,

Click Start, then Run and type Notepad and click OK.
Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the code box below into notepad:

File:: 
C:\WINDOWS\system32\rqtwa.ini

Registry:: 
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C637A41C-61C9-4B2B-9C9C-60645DA97724}]


Name the Notepad file CFScript.txt and Save it to your desktop.

IMPORTANT: The above script was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format!

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.



Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Edited by SifuMike, 17 April 2008 - 09:55 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 tadej1

tadej1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 17 April 2008 - 03:41 PM

Here is my ComboFix log:

I will scan my computer with Hijackthis tomorow, I don't have any time now
Thank you so far

ComboFix 08-04-13.3 - kocevari 2008-04-17 22:26:14.3 - NTFSx86

Running from: C:\Documents and Settings\kocevari\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\kocevari\Desktop\CFScript.txt

FILE ::
C:\WINDOWS\system32\rqtwa.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\rqtwa.bak2
C:\WINDOWS\system32\rqtwa.ini

.
((((((((((((((((((((((((( Files Created from 2008-03-17 to 2008-04-17 )))))))))))))))))))))))))))))))
.

2008-04-17 17:35 . <DIR> C:\WINDOWS\LastGood.Tmp
2008-04-13 22:29 . 2004-08-04 00:56 152,576 --a------ C:\WINDOWS\system32\irftp.exe
2008-04-13 22:29 . 2004-08-04 00:56 152,576 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe
2008-04-13 22:29 . 2004-08-04 00:56 27,136 --a------ C:\WINDOWS\system32\irmon.dll
2008-04-13 22:29 . 2004-08-04 00:56 27,136 --a--c--- C:\WINDOWS\system32\dllcache\irmon.dll
2008-04-13 22:29 . 2004-08-04 00:56 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2008-04-13 22:29 . 2004-08-04 00:56 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2008-04-11 19:42 . 2008-04-11 19:42 <DIR> d-------- C:\Deckard
2008-04-11 14:49 . 2008-04-11 14:49 <DIR> d-------- C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2008-03-31 19:06 . 2008-03-31 19:06 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-31 19:06 . 2008-04-12 10:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-31 16:39 . 2008-03-31 16:39 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-31 16:39 . 2008-03-31 16:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-31 14:15 . 2008-03-31 14:25 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-03-31 14:10 . 2008-03-31 14:52 <DIR> d-------- C:\Documents and Settings\kocevari\.housecall6.6
2008-03-30 18:31 . 2004-08-04 14:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-03-30 18:30 . 2004-08-04 14:00 10,096,640 --a--c--- C:\WINDOWS\system32\dllcache\hwxcht.dll
2008-03-30 18:27 . 2008-03-30 18:27 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-03-30 18:27 . 2008-03-30 18:27 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-03-30 18:27 . 2008-03-30 18:27 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-03-30 18:27 . 2008-03-30 18:27 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-03-30 18:27 . 2008-03-30 18:27 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-03-30 18:27 . 2008-03-30 18:27 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-03-30 18:26 . 2004-08-04 14:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2008-03-30 18:24 . 2004-08-04 14:00 7,680 --a--c--- C:\WINDOWS\system32\dllcache\migregdb.exe
2008-03-30 17:34 . 2008-04-11 18:37 1,073,299,456 --a------ C:\WINDOWS\MEMORY.DMP
2008-03-30 16:12 . 2004-08-04 14:00 32,768 --a--c--- C:\WINDOWS\system32\dllcache\icwdl.dll
2008-03-30 16:12 . 2004-08-04 14:00 20,480 --a--c--- C:\WINDOWS\system32\dllcache\inetwiz.exe
2008-03-30 16:11 . 2004-08-04 14:00 214,528 --a--c--- C:\WINDOWS\system32\dllcache\icwconn1.exe
2008-03-30 16:11 . 2004-08-04 14:00 86,016 --a--c--- C:\WINDOWS\system32\dllcache\icwconn2.exe
2008-03-30 15:42 . 2008-03-30 17:43 293,472 --a------ C:\WINDOWS\setupapi.old
2008-03-28 15:51 . 2008-03-28 15:51 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-17 20:24 --------- d-----w C:\Documents and Settings\kocevari\Application Data\Azureus
2008-04-15 15:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-14 14:07 --------- d-----w C:\Documents and Settings\kocevari\Application Data\Canon
2008-04-12 14:02 --------- d-----w C:\Documents and Settings\kocevari\Application Data\GetRightToGo
2008-04-01 16:00 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-31 14:37 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-29 12:00 --------- d-----w C:\Documents and Settings\kocevari\Application Data\U3
2008-03-14 20:32 98,368 ----a-w C:\WINDOWS\system32\eqqcljcx.dll
2008-03-14 19:18 --------- d-----w C:\Program Files\ScummVM
2008-03-14 18:12 98,368 ----a-w C:\WINDOWS\system32\whvisgys.dll
2008-03-01 19:43 --------- d-----w C:\Documents and Settings\kocevari\Application Data\teamspeak2
2008-02-24 12:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Test Drive Unlimited
2008-02-20 18:08 --------- d-----w C:\Program Files\Three Rings Design
2007-09-22 19:24 32 ----a-r C:\Documents and Settings\All Users\hash.dat
.

((((((((((((((((((((((((((((( snapshot@2008-04-14_19.45.53.68 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-14 17:35:52 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-17 20:32:18 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8FC54AB8-6AFE-4F12-8607-F1008A633A0A}]
2007-10-28 16:14 301664 --------- C:\WINDOWS\system32\awtqr.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RealPlayer"="C:\Program Files\Real\RealPlayer\realplay.exe" [2006-08-25 11:13 1003520]
"ares"="C:\Moji dokumenti\Ares\Ares.exe" [2007-07-16 23:54 961536]
"Steam"="" []
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:55 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"FLMK08KB"="C:\Program Files\Muiltmedia keyboard Utility\2.0\KbdAp32A.exe" [2006-12-25 12:42 383488]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 10:12 90112]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 20:58 81920]
"MSN Services"="C:\RECYCLER\msnservice.exe" [ ]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" [2005-11-16 23:23 897089]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-17 17:50 155648]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-03 18:00 644696]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 18:50 1603152]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 10:03 210472]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 13:02 79400]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-18 01:20 14820864 C:\WINDOWS\RTHDCPL.EXE]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\Bluetooth Software\BTTray.exe [2003-07-29 17:14:16 499773]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\igre\\Quake III Arena\\quake3.exe"=
"C:\\Program Files\\MTA\\MTAServer.exe"=
"C:\\igre\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\igre\\Microsoft Games\\Freelancer\\EXE\\Freelancer.exe"=
"C:\\igre\\Microsoft Games\\Freelancer\\EXE\\flserver.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\igre\\Ubisoft\\Ghost Recon Advanced Warfighter\\GRAW.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\igre\\Valve\\Steam\\SteamApps\\anticrist666\\counter-strike source\\hl2.exe"=
"C:\\igre\\Valve\\Steam\\SteamApps\\anticrist666\\half-life 2 deathmatch\\hl2.exe"=
"C:\\igre\\Valve\\Steam\\SteamApps\\anticrist666\\dark messiah might and magic dedicated server\\srcds.exe"=
"C:\\igre\\Croteam\\Serious Sam - The First Encounter\\Bin\\SeriousSam.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\igre\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"C:\\igre\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"C:\\igre\\Sierra\\FEAR\\FEAR.exe"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43a0d214-acb9-11dc-b5bf-00508d81152b}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-17 22:32:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\pccguide.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\system32\WgaTray.exe
.
**************************************************************************
.
Completion time: 2008-04-17 22:38:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-17 20:38:46
ComboFix2.txt 2008-04-16 19:26:54
ComboFix3.txt 2008-04-14 17:47:12

Pre-Run: 38,086,500,352 bytes free
Post-Run: 38,117,576,704 bytes free
.
2008-04-16 20:49:25 --- E O F ---


-----------------------------------------------
-----------------------------------------------

#10 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:03 PM

Posted 17 April 2008 - 04:02 PM

Hello tadej1,

Click Start, then Run and type Notepad and click OK.
Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the code box below into notepad:

File:: 
C:\WINDOWS\system32\eqqcljcx.dll
C:\WINDOWS\system32\whvisgys.dll
C:\WINDOWS\system32\awtqr.dll

Registry:: 
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8FC54AB8-6AFE-4F12-8607-F1008A633A0A}]



Name the Notepad file CFScript.txt and Save it to your desktop.

IMPORTANT: The above script was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format!

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.



Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Edited by SifuMike, 17 April 2008 - 04:03 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 tadej1

tadej1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 20 April 2008 - 07:50 AM

red cross is still here and when i scan my computer with Spybot - search and destroy, it crashes

------------------------------------------------------------------------
-------------------------------------------------------------------
Combo log:
ComboFix 08-04-13.3 - kocevari 2008-04-18 18:30:31.4 - NTFSx86

Running from: C:\Documents and Settings\kocevari\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\kocevari\Desktop\CFScript.txt

FILE ::
C:\WINDOWS\system32\awtqr.dll
C:\WINDOWS\system32\eqqcljcx.dll
C:\WINDOWS\system32\whvisgys.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\WINDOWS\system32\awtqr.dll
C:\WINDOWS\system32\eqqcljcx.dll
C:\WINDOWS\system32\rqtwa.bak1
C:\WINDOWS\system32\rqtwa.ini
C:\WINDOWS\system32\whvisgys.dll

.
((((((((((((((((((((((((( Files Created from 2008-03-18 to 2008-04-18 )))))))))))))))))))))))))))))))
.

2008-04-13 22:29 . 2004-08-04 00:56 152,576 --a------ C:\WINDOWS\system32\irftp.exe
2008-04-13 22:29 . 2004-08-04 00:56 152,576 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe
2008-04-13 22:29 . 2004-08-04 00:56 27,136 --a------ C:\WINDOWS\system32\irmon.dll
2008-04-13 22:29 . 2004-08-04 00:56 27,136 --a--c--- C:\WINDOWS\system32\dllcache\irmon.dll
2008-04-13 22:29 . 2004-08-04 00:56 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2008-04-13 22:29 . 2004-08-04 00:56 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2008-04-11 19:42 . 2008-04-11 19:42 <DIR> d-------- C:\Deckard
2008-04-11 14:49 . 2008-04-11 14:49 <DIR> d-------- C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2008-03-31 19:06 . 2008-03-31 19:06 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-31 19:06 . 2008-04-12 10:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-31 16:39 . 2008-03-31 16:39 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-31 16:39 . 2008-03-31 16:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-31 14:15 . 2008-03-31 14:25 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-03-31 14:10 . 2008-03-31 14:52 <DIR> d-------- C:\Documents and Settings\kocevari\.housecall6.6
2008-03-30 18:31 . 2004-08-04 14:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-03-30 18:30 . 2004-08-04 14:00 10,096,640 --a--c--- C:\WINDOWS\system32\dllcache\hwxcht.dll
2008-03-30 18:27 . 2008-03-30 18:27 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-03-30 18:27 . 2008-03-30 18:27 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-03-30 18:27 . 2008-03-30 18:27 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-03-30 18:27 . 2008-03-30 18:27 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-03-30 18:27 . 2008-03-30 18:27 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-03-30 18:27 . 2008-03-30 18:27 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-03-30 18:26 . 2004-08-04 14:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2008-03-30 18:24 . 2004-08-04 14:00 7,680 --a--c--- C:\WINDOWS\system32\dllcache\migregdb.exe
2008-03-30 17:34 . 2008-04-18 17:50 1,073,299,456 --a------ C:\WINDOWS\MEMORY.DMP
2008-03-30 16:12 . 2004-08-04 14:00 32,768 --a--c--- C:\WINDOWS\system32\dllcache\icwdl.dll
2008-03-30 16:12 . 2004-08-04 14:00 20,480 --a--c--- C:\WINDOWS\system32\dllcache\inetwiz.exe
2008-03-30 16:11 . 2004-08-04 14:00 214,528 --a--c--- C:\WINDOWS\system32\dllcache\icwconn1.exe
2008-03-30 16:11 . 2004-08-04 14:00 86,016 --a--c--- C:\WINDOWS\system32\dllcache\icwconn2.exe
2008-03-30 15:42 . 2008-03-30 17:43 293,472 --a------ C:\WINDOWS\setupapi.old
2008-03-28 15:51 . 2008-03-28 15:51 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-18 16:28 --------- d-----w C:\Documents and Settings\kocevari\Application Data\Azureus
2008-04-18 16:22 --------- d-----w C:\Documents and Settings\kocevari\Application Data\Canon
2008-04-15 15:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-12 14:02 --------- d-----w C:\Documents and Settings\kocevari\Application Data\GetRightToGo
2008-04-01 16:00 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-31 14:37 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-29 12:00 --------- d-----w C:\Documents and Settings\kocevari\Application Data\U3
2008-03-14 19:18 --------- d-----w C:\Program Files\ScummVM
2008-03-01 19:43 --------- d-----w C:\Documents and Settings\kocevari\Application Data\teamspeak2
2008-02-24 12:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Test Drive Unlimited
2008-02-20 18:08 --------- d-----w C:\Program Files\Three Rings Design
2007-09-22 19:24 32 ----a-r C:\Documents and Settings\All Users\hash.dat
.

((((((((((((((((((((((((((((( snapshot@2008-04-14_19.45.53.68 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-14 17:35:52 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-18 16:36:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RealPlayer"="C:\Program Files\Real\RealPlayer\realplay.exe" [2006-08-25 11:13 1003520]
"ares"="C:\Moji dokumenti\Ares\Ares.exe" [2007-07-16 23:54 961536]
"Steam"="" []
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:55 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"FLMK08KB"="C:\Program Files\Muiltmedia keyboard Utility\2.0\KbdAp32A.exe" [2006-12-25 12:42 383488]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 10:12 90112]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 20:58 81920]
"MSN Services"="C:\RECYCLER\msnservice.exe" [ ]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" [2005-11-16 23:23 897089]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-17 17:50 155648]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-03 18:00 644696]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 18:50 1603152]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 10:03 210472]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 13:02 79400]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-18 01:20 14820864 C:\WINDOWS\RTHDCPL.EXE]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\Bluetooth Software\BTTray.exe [2003-07-29 17:14:16 499773]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\igre\\Quake III Arena\\quake3.exe"=
"C:\\Program Files\\MTA\\MTAServer.exe"=
"C:\\igre\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\igre\\Microsoft Games\\Freelancer\\EXE\\Freelancer.exe"=
"C:\\igre\\Microsoft Games\\Freelancer\\EXE\\flserver.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\igre\\Ubisoft\\Ghost Recon Advanced Warfighter\\GRAW.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\igre\\Valve\\Steam\\SteamApps\\anticrist666\\counter-strike source\\hl2.exe"=
"C:\\igre\\Valve\\Steam\\SteamApps\\anticrist666\\half-life 2 deathmatch\\hl2.exe"=
"C:\\igre\\Valve\\Steam\\SteamApps\\anticrist666\\dark messiah might and magic dedicated server\\srcds.exe"=
"C:\\igre\\Croteam\\Serious Sam - The First Encounter\\Bin\\SeriousSam.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\igre\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"C:\\igre\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"C:\\igre\\Sierra\\FEAR\\FEAR.exe"=


.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-18 18:36:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\pccguide.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\system32\WgaTray.exe
.
**************************************************************************
.
Completion time: 2008-04-18 18:41:59 - machine was rebooted [kocevari]
ComboFix-quarantined-files.txt 2008-04-18 16:41:55
ComboFix2.txt 2008-04-17 20:38:50
ComboFix3.txt 2008-04-16 19:26:54
ComboFix4.txt 2008-04-14 17:47:12

Pre-Run: 37,704,970,240 bytes free
Post-Run: 37,709,934,592 bytes free
.
2008-04-18 01:00:20 --- E O F ---
















And adaware log:
Ad-Aware 2007 Build
Log File Created on: 2008-04-19 15:12:33
Using Definitions File: C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\core.aawdef
Computer name: KOCEVAR3
Name of user performing scan: SYSTEM

System information
===========================
Number of processors: 2
Processor type: Intel® Pentium® 4 CPU 3.00GHz
Memory Available: 30%
Total Physical Memory: 1073192960 Bytes
Available Physical Memory: 318353408 Bytes
Total Page File Size: 2578747392 Bytes
Available On Page File: 1965056000 Bytes
Total Virtual Memory: 2147352576 Bytes
Available Virtual Memory: 1999040512 Bytes
OS: Microsoft Windows XP Service Pack 2 (Build 2600)

Ad-Aware 2007 Settings
===========================
Skipping files larger than 1048576 kB
Ignoring infections with lower TAI than: 3


Extended Ad-Aware 2007 Settings
===========================
Unloading known modules during scan
Ignoring spanned files when scanning cab archives
Reanalyzing results after scanning before displaying results
Trying to unload modules prior to removal
Let Windows remove files currently in use at next reboot
Removing quarantined objects after restore
Deactivating Ad-Watch during scans
Writeprotecting system files after repairs
Include info about ignored objects in log file
Including basic settings in log file
Including advanced settings in log file
Including user and computer name in log file
Create and save WebUpdate log file

Databaseinfo
===========================
Version number: 45
Build Number: 0
Build Date and Time: 2008/01/21 09:30:02

Scan Statistics
===========================
Method: Smart
Scan tracking cookies.............................: On
Scan ADS filestreams..............................: Off

Item Scanned: 149894
Infections Detected: 97
Infections Ignored: 0

Scan detailed statistics
===========================
Type Critical Total
Process Scan....: 0 0
Registry Scan...: 0 0
Registry PE Scan: 0 0
Hosts File Scan.: 0 0
File Scan.......: 0 0
Folder Scan.....: 0 0
LSP Scan........: 0 0
ADS Scan........: 0 0
Cookie Scan.....: 97 97
File Hash Scan..: 0 0

Infections Found
===========================
Family Id: 725 Name: Tracking Cookie Category: DataMiner TAI:3
Item Id: 600000144 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\kocevari\Cookies\index.dat doubleclick.net id /
Item Id: 600000460 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\kocevari\Cookies\index.dat ad.yieldmanager.com uid /
Item Id: 600000460 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\kocevari\Cookies\index.dat ad.yieldmanager.com liday1 /
Item Id: 600000460 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\kocevari\Cookies\index.dat ad.yieldmanager.com vuday1 /
Item Id: 600000460 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\kocevari\Cookies\index.dat ad.yieldmanager.com ih /
Item Id: 600000460 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\kocevari\Cookies\index.dat ad.yieldmanager.com pv1 /
Item Id: 600000460 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\kocevari\Cookies\index.dat ad.yieldmanager.com fl_inst /
Item Id: 600000513 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\kocevari\Cookies\index.dat adbrite.com Apache /
Item Id: 600000513 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\kocevari\Cookies\index.dat adbrite.com b /
Item Id: 600000144 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt doubleclick.net id /
Item Id: 600000460 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt ad.yieldmanager.com pv1 /
Item Id: 600000460 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt ad.yieldmanager.com vuday1 /
Item Id: 600000460 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt ad.yieldmanager.com liday1 /
Item Id: 600000460 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt ad.yieldmanager.com uid /
Item Id: 600000460 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt ad.yieldmanager.com bh /
Item Id: 600000460 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt ad.yieldmanager.com ih /
Item Id: 600000460 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt ad.yieldmanager.com fl_inst /
Item Id: 600000667 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt hit.gemius.pl Gtestss /
Item Id: 600000667 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt hit.gemius.pl Gtestb /
Item Id: 600000263 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt mediaplex.com svid /
Item Id: 600000201 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt adrevolver.com adrev_adpath2 /
Item Id: 600000201 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt adrevolver.com adrev_adpath /
Item Id: 600000201 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt media.adrevolver.com BIGipServerar-slave /
Item Id: 600000513 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt adbrite.com Apache /
Item Id: 600000513 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt adbrite.com b /
Item Id: 600000050 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt tribalfusion.com ANON_ID /
Item Id: 600000434 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt casalemedia.com CMX3 /
Item Id: 600000434 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt casalemedia.com CMPP /
Item Id: 600000434 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt casalemedia.com CMX2 /
Item Id: 600000434 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt casalemedia.com CMID /
Item Id: 600000434 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt casalemedia.com CMX4 /
Item Id: 600000434 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt casalemedia.com CMPS /
Item Id: 600000179 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt atdmt.com AA002 /
Item Id: 600000101 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt overture.com CMUserData /
Item Id: 600000304 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt prospect.adbureau.net GUID /
Item Id: 600000212 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt 2o7.net s_vi_qnfvrnx7D /
Item Id: 600000187 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt advertising.com F1 /
Item Id: 600000187 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt advertising.com BASE /
Item Id: 600000187 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt advertising.com ROLL /
Item Id: 600000187 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt advertising.com ACID /
Item Id: 600000138 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt fastclick.net vt /
Item Id: 600000138 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt fastclick.net pluto /
Item Id: 600000138 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt fastclick.net pjw /
Item Id: 600000138 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt fastclick.net adv_ic /
Item Id: 600000001 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt adserver1.w00tmedia.net OAID /
Item Id: 600000663 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt digitalpoint.com an /
Item Id: 600000073 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt specificclick.net smk /
Item Id: 600000447 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt apmebf.com S /
Item Id: 600000073 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt specificclick.net dmc /
Item Id: 600000073 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt specificclick.net dmk /
Item Id: 600000073 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt specificclick.net smc /
Item Id: 600000000 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt zedo.com ZEDOIDX /
Item Id: 600000000 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt zedo.com ZEDOIDA /
Item Id: 600000000 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt zedo.com geo /
Item Id: 600000173 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt bluestreak.com id /
Item Id: 600000408 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt serving-sys.com A2 /
Item Id: 600000408 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt serving-sys.com E2 /
Item Id: 600000408 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt serving-sys.com U /
Item Id: 600000171 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt bs.serving-sys.com eyeblaster /
Item Id: 600000408 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt serving-sys.com D3 /
Item Id: 600000408 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt serving-sys.com C3 /
Item Id: 600000408 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt serving-sys.com B2 /
Item Id: 600000415 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt revsci.net rsi_segs_1000000 /
Item Id: 600000415 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt revsci.net rsi_cls_1000000 /
Item Id: 600000415 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt revsci.net NETID01 /
Item Id: 600000212 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt premiumtv.122.2o7.net s_vi /
Item Id: 600000295 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt adtech.de JEB2 /
Item Id: 600000542 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt ivwbox.de i00 /
Item Id: 600000068 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt statse.webtrendslive.com ACOOKIE /
Item Id: 600000234 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt tradedoubler.com TD_PIC /
Item Id: 600000234 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt tradedoubler.com TD_UNIQUE_IMP /
Item Id: 600000476 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt statcounter.com session_2727024 /
Item Id: 600000476 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt statcounter.com session_3477688 /
Item Id: 600000476 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt statcounter.com session_2404168 /
Item Id: 600000212 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt msnportal.112.2o7.net s_vi /
Item Id: 600000052 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt trafficmp.com dmg2 /
Item Id: 600000052 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt trafficmp.com dly2 /
Item Id: 600000052 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt trafficmp.com rth /
Item Id: 600000052 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt trafficmp.com uid2 /
Item Id: 600000052 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt trafficmp.com hst2 /
Item Id: 600000083 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt realmedia.com RMFL /
Item Id: 600000083 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt realmedia.com RMID /
Item Id: 600000083 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt realmedia.com NXCLICK2 /
Item Id: 600000073 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt adopt.specificclick.net UI /
Item Id: 600000073 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt adopt.specificclick.net LO /
Item Id: 600000068 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt statse.webtrendslive.com wtl152628 /S152628
Item Id: 600000126 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt hitbox.com WSS_GW /
Item Id: 600000126 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt ehg-twi.hitbox.com DM560906G1WAV6 /
Item Id: 600000126 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt hitbox.com CTG /
Item Id: 600000449 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt adultfriendfinder.com ffadult_tr /
Item Id: 600000449 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt adultfriendfinder.com HISTORY /
Item Id: 600000304 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt eb.adbureau.net GUID /
Item Id: 600000304 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt eb.adbureau.net LE0 /
Item Id: 600000304 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt eb.adbureau.net LE4 /
Item Id: 600000457 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt adopt.euroclick.com UI /
Item Id: 600000457 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt adopt.euroclick.com DMEXP /
Item Id: 600000488 Value: Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt indextools.com itvisitorid10001014079686 /

Items Ignored During Scan
===========================


Listing of running processes
===========================
C:\WINDOWS\SYSTEM32\SMSS.EXE
c:\windows\system32\smss.exe

c:\windows\system32\ntdll.dll

C:\WINDOWS\SYSTEM32\CSRSS.EXE
c:\windows\system32\csrss.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\csrsrv.dll

c:\windows\system32\basesrv.dll

c:\windows\system32\winsrv.dll

c:\windows\system32\user32.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\sxs.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\version.dll

C:\WINDOWS\SYSTEM32\WINLOGON.EXE
c:\windows\system32\winlogon.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\authz.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\nddeapi.dll

c:\windows\system32\profmap.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\psapi.dll

c:\windows\system32\regapi.dll

c:\windows\system32\secur32.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\version.dll

c:\windows\system32\winsta.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\msgina.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\odbc32.dll

c:\windows\system32\comdlg32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\odbcint.dll

c:\windows\system32\shsvcs.dll

c:\windows\system32\sfc.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\ole32.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\winscard.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\sxs.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ati2evxx.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\cscdll.dll

c:\windows\system32\wlnotify.dll

c:\windows\system32\winspool.drv

c:\windows\system32\mpr.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\wgalogon.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\winhttp.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\cscui.dll

c:\windows\system32\wdmaud.drv

c:\windows\system32\xpsp2res.dll

c:\windows\system32\msacm32.drv

c:\windows\system32\msacm32.dll

c:\windows\system32\midimap.dll

C:\WINDOWS\SYSTEM32\SERVICES.EXE
c:\windows\system32\services.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\scesrv.dll

c:\windows\system32\authz.dll

c:\windows\system32\umpnpmgr.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\ncobjapi.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\uxtheme.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\secur32.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\eventlog.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\psapi.dll

c:\windows\system32\wtsapi32.dll

C:\WINDOWS\SYSTEM32\LSASS.EXE
c:\windows\system32\lsass.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\lsasrv.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\secur32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\samsrv.dll

c:\windows\system32\cryptdll.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\mpr.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\msprivs.dll

c:\windows\system32\kerberos.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\netlogon.dll

c:\windows\system32\w32time.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\schannel.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\wdigest.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\scecli.dll

c:\windows\system32\ipsecsvc.dll

c:\windows\system32\authz.dll

c:\windows\system32\oakley.dll

c:\windows\system32\winipsec.dll

c:\windows\system32\pstorsvc.dll

c:\windows\system32\psbase.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\dssenh.dll

c:\windows\system32\xpsp2res.dll

C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
c:\windows\system32\ati2evxx.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\psapi.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\powrprof.dll

c:\windows\system32\cfgmgr32.dll

c:\windows\system32\secur32.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\ati2edxx.dll

c:\windows\system32\atipdlxx.dll

c:\windows\system32\uxtheme.dll

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\rpcss.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\secur32.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\termsrv.dll

c:\windows\system32\icaapi.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\authz.dll

c:\windows\system32\mstlsapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\atl.dll

c:\windows\system32\regapi.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\rpcss.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\secur32.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\wshbth.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\shsvcs.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\dhcpcsvc.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\secur32.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\wzcsvc.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\wmi.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\esent.dll

c:\windows\system32\atl.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\rastls.dll

c:\windows\system32\cryptui.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\wininet.dll

c:\windows\system32\mprapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\schannel.dll

c:\windows\system32\winscard.dll

c:\windows\system32\raschap.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\schedsvc.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\msidle.dll

c:\windows\system32\audiosrv.dll

c:\windows\system32\wkssvc.dll

c:\windows\system32\qmgr.dll

c:\windows\system32\mpr.dll

c:\windows\system32\shfolder.dll

c:\windows\system32\winhttp.dll

c:\windows\system32\cryptsvc.dll

c:\windows\system32\certcli.dll

c:\windows\system32\dmserver.dll

c:\windows\system32\ersvc.dll

c:\windows\system32\es.dll

c:\windows\system32\comres.dll

c:\windows\pchealth\helpctr\binaries\pchsvc.dll

c:\windows\system32\hidserv.dll

c:\windows\system32\hid.dll

c:\windows\system32\srvsvc.dll

c:\windows\system32\netman.dll

c:\windows\system32\netshell.dll

c:\windows\system32\credui.dll

c:\windows\system32\wzcsapi.dll

c:\windows\system32\winspool.drv

c:\windows\system32\seclogon.dll

c:\windows\system32\sens.dll

c:\windows\system32\srsvc.dll

c:\windows\system32\powrprof.dll

c:\windows\system32\actxprxy.dll

c:\windows\system32\trkwks.dll

c:\windows\system32\w32time.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\wuauserv.dll

c:\windows\system32\wuaueng.dll

c:\windows\system32\cabinet.dll

c:\windows\system32\mspatcha.dll

c:\windows\system32\browser.dll

c:\windows\system32\sfc.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\tapisrv.dll

c:\windows\system32\psapi.dll

c:\windows\system32\rasmans.dll

c:\windows\system32\winipsec.dll

c:\windows\system32\netcfgx.dll

c:\windows\system32\clusapi.dll

c:\windows\system32\rastapi.dll

c:\windows\system32\unimdm.tsp

c:\windows\system32\uniplat.dll

c:\windows\system32\kmddsp.tsp

c:\windows\system32\ndptsp.tsp

c:\windows\system32\ipconf.tsp

c:\windows\system32\h323.tsp

c:\windows\system32\hidphone.tsp

c:\windows\system32\rasppp.dll

c:\windows\system32\ntlsapi.dll

c:\windows\system32\kerberos.dll

c:\windows\system32\cryptdll.dll

c:\windows\system32\sxs.dll

c:\windows\system32\upnp.dll

c:\windows\system32\ssdpapi.dll

c:\windows\system32\msi.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\rasdlg.dll

c:\windows\system32\msxml3.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\wups2.dll

c:\windows\system32\dssenh.dll

c:\windows\system32\comsvcs.dll

c:\windows\system32\mtxclu.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\colbact.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\resutils.dll

c:\windows\system32\advpack.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\wshbth.dll

c:\windows\system32\qmgrprxy.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\dnsrslvr.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\lmhsvc.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\webclnt.dll

c:\windows\system32\wininet.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\secur32.dll

c:\windows\system32\urlmon.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\regsvc.dll

c:\windows\system32\ssdpsrv.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\rasadhlp.dll

C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AAWSERVICE.EXE
c:\program files\lavasoft\ad-aware 2007\aawservice.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\program files\lavasoft\ad-aware 2007\ceapi.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\program files\lavasoft\ad-aware 2007\pkarchive85u.dll

c:\windows\system32\shell32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\psapi.dll

c:\windows\system32\version.dll

c:\windows\system32\wininet.dll

c:\windows\system32\oleaut32.dll

c:\program files\lavasoft\ad-aware 2007\update.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\userenv.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\rsaenh.dll

C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
c:\windows\system32\ati2evxx.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\psapi.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\powrprof.dll

c:\windows\system32\cfgmgr32.dll

c:\windows\system32\secur32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\ati2edxx.dll

c:\windows\system32\atipdlxx.dll

c:\windows\system32\ati2evxx.dll

c:\windows\system32\winspool.drv

C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
c:\windows\system32\spoolsv.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\spoolss.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\localspl.dll

c:\windows\system32\secur32.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\winspool.drv

c:\windows\system32\netapi32.dll

c:\windows\system32\cnbjmon.dll

c:\windows\system32\bthcrp.dll

c:\windows\system32\widcommsdk.dll

c:\windows\system32\wbtapi.dll

c:\windows\system32\cfgmgr32.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\msi.dll

c:\windows\system32\mfc42.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\cnmlm8s.dll

c:\windows\system32\psapi.dll

c:\windows\system32\pjlmon.dll

c:\windows\system32\tcpmon.dll

c:\windows\system32\usbmon.dll

c:\windows\system32\spool\prtprocs\w32x86\cnmpd8s.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\wshbth.dll

c:\windows\system32\win32spl.dll

c:\windows\system32\netrap.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\inetpp.dll

c:\windows\system32\xpsp2res.dll

C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUSCHEDULERSVC.EXE
c:\program files\symantec\liveupdate\aluschedulersvc.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\shlwapi.dll

c:\program files\symantec\liveupdate\msvcp71.dll

c:\program files\symantec\liveupdate\msvcr71.dll

c:\windows\system32\uxtheme.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\rasadhlp.dll

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\bthserv.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\secur32.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\iphlpapi.dll

C:\PROGRAM FILES\BLUETOOTH SOFTWARE\BIN\BTWDINS.EXE
c:\program files\bluetooth software\bin\btwdins.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\mswsock.dll

C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
c:\windows\system32\ctsvccda.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

C:\PROGRAM FILES\COMMON FILES\LIGHTSCRIBE\LSSRVC.EXE
c:\program files\common files\lightscribe\lssrvc.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shell32.dll

c:\program files\common files\lightscribe\msvcr71.dll

c:\program files\common files\lightscribe\msvcp71.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
c:\progra~1\trendm~1\intern~1\pcctlcom.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\progra~1\trendm~1\intern~1\tmdbg.dll

c:\progra~1\trendm~1\intern~1\tmpxcfg.dll

c:\progra~1\trendm~1\intern~1\tmproxy.dll

c:\windows\system32\version.dll

c:\progra~1\trendm~1\intern~1\tmoacfg.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\apphelp.dll

c:\progra~1\trendm~1\intern~1\tmpfwapi.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\secur32.dll

c:\progra~1\trendm~1\intern~1\tmdp.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\progra~1\trendm~1\intern~1\pcctlps.dll

c:\windows\system32\msi.dll

c:\windows\system32\userenv.dll

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\wiaservc.dll

c:\windows\system32\cfgmgr32.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\mscms.dll

c:\windows\system32\winspool.drv

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\actxprxy.dll

c:\windows\system32\sti.dll

C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\version.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\shlwapi.dll

c:\program files\common files\symantec shared\ccpd-lc\symlcnet.dll

c:\windows\system32\msvcr71.dll

c:\windows\system32\xpsp2res.dll

C:\PROGRA~1\TRENDM~1\INTERN~1\TMNTSRV.EXE
c:\progra~1\trendm~1\intern~1\tmntsrv.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\version.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shell32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\ole32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\oleaut32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\progra~1\trendm~1\intern~1\tmdbg.dll

c:\progra~1\trendm~1\intern~1\pccscan.dll

c:\progra~1\trendm~1\intern~1\pewnt2.dll

c:\windows\system32\xpsp2res.dll

C:\PROGRA~1\TRENDM~1\INTERN~1\TMPROXY.EXE
c:\progra~1\trendm~1\intern~1\tmproxy.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\ws2help.dll

c:\progra~1\trendm~1\intern~1\tmdbg.dll

c:\progra~1\trendm~1\intern~1\tmpxhelp.dll

c:\windows\system32\ole32.dll

c:\progra~1\trendm~1\intern~1\tmpxcfg.dll

c:\progra~1\trendm~1\intern~1\tmtdi.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\progra~1\trendm~1\intern~1\tmsmim.dll

c:\progra~1\trendm~1\intern~1\tmpepdp.dll

c:\progra~1\trendm~1\intern~1\tmcfscan.dll

c:\progra~1\trendm~1\intern~1\tmphaim.dll

c:\progra~1\trendm~1\intern~1\tmsmhttp.dll

c:\progra~1\trendm~1\intern~1\tmpevs.dll

c:\progra~1\trendm~1\intern~1\vsapi32.dll

c:\progra~1\trendm~1\intern~1\tmphhttp.dll

c:\progra~1\trendm~1\intern~1\tmphicq.dll

c:\progra~1\trendm~1\intern~1\tmphmsn.dll

c:\progra~1\trendm~1\intern~1\tmsmmail.dll

c:\progra~1\trendm~1\intern~1\tmmsg.dll

c:\progra~1\trendm~1\intern~1\icuin18.dll

c:\progra~1\trendm~1\intern~1\icuuc18.dll

c:\progra~1\trendm~1\intern~1\tmpeaspm.dll

c:\progra~1\trendm~1\intern~1\tmaseng.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\rasadhlp.dll

c:\progra~1\trendm~1\intern~1\tmphpop3.dll

c:\progra~1\trendm~1\intern~1\tmphsmtp.dll

C:\WINDOWS\SYSTEM32\WDFMGR.EXE
c:\windows\system32\wdfmgr.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\secur32.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
c:\progra~1\trendm~1\intern~1\tmpfw.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\comdlg32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\winspool.drv

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\version.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\uxtheme.dll

c:\progra~1\trendm~1\intern~1\tmdbg.dll

c:\progra~1\trendm~1\intern~1\tmpfwhlp.dll

c:\windows\system32\iphlpapi.dll

c:\progra~1\trendm~1\intern~1\tmcfwapi.dll

c:\progra~1\trendm~1\intern~1\tmhash.dll

c:\progra~1\trendm~1\intern~1\tmpfwrul.dll

c:\progra~1\trendm~1\intern~1\tmpfwlog.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\psapi.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\winmm.dll

c:\windows\system32\secur32.dll

c:\windows\system32\msv1_0.dll

C:\WINDOWS\SYSTEM32\WGATRAY.EXE
c:\windows\system32\wgatray.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\wininet.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\msxml3.dll

c:\windows\system32\winhttp.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\userenv.dll

c:\windows\system32\version.dll

c:\windows\system32\secur32.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\urlmon.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\sxs.dll

c:\windows\system32\cryptnet.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\sensapi.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\samlib.dll

C:\WINDOWS\EXPLORER.EXE
c:\windows\explorer.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\shell32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\browseui.dll

c:\windows\system32\shdocvw.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\cryptui.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\wininet.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\version.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\userenv.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\cscui.dll

c:\windows\system32\cscdll.dll

c:\windows\system32\themeui.dll

c:\windows\system32\secur32.dll

c:\windows\system32\msimg32.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\linkinfo.dll

c:\windows\system32\ntshrui.dll

c:\windows\system32\atl.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\netshell.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\credui.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\urlmon.dll

c:\windows\system32\msi.dll

c:\program files\scansoft\omnipagese4\ophookse4.dll

c:\windows\system32\winsta.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\stobject.dll

c:\windows\system32\batmeter.dll

c:\windows\system32\powrprof.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\wdmaud.drv

c:\windows\system32\msacm32.drv

c:\windows\system32\midimap.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\sxs.dll

c:\windows\system32\mpr.dll

c:\windows\system32\drprov.dll

c:\windows\system32\ntlanman.dll

c:\windows\system32\netui0.dll

c:\windows\system32\netui1.dll

c:\windows\system32\netrap.dll

c:\windows\system32\samlib.dll

c:\windows\system32\davclnt.dll

c:\windows\system32\browselc.dll

c:\progra~1\spybot~1\sdhelper.dll

c:\windows\system32\comdlg32.dll

c:\windows\system32\faultrep.dll

c:\windows\system32\olepro32.dll

c:\windows\system32\jsproxy.dll

c:\windows\system32\duser.dll

c:\windows\system32\msgina.dll

c:\windows\system32\odbc32.dll

c:\windows\system32\odbcint.dll

c:\windows\system32\mlang.dll

c:\windows\system32\wmvcore.dll

c:\windows\system32\wmasf.dll

c:\windows\system32\shdoclc.dll

c:\windows\system32\sti.dll

c:\windows\system32\cfgmgr32.dll

c:\windows\system32\shmedia.dll

c:\windows\system32\msvfw32.dll

c:\windows\system32\avifil32.dll

c:\windows\system32\l3codeca.acm

c:\program files\common files\adobe\acrobat\activex\pdfshell.dll

c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll

c:\program files\graphisoft\archicad 11\gsshellx.dll

c:\program files\graphisoft\archicad 11\msvcr71.dll

c:\windows\system32\asfsipc.dll

c:\windows\system32\msisip.dll

c:\windows\system32\wshext.dll

c:\windows\system32\mfc42.dll

C:\PROGRAM FILES\MUILTMEDIA KEYBOARD UTILITY\2.0\KBDAP32A.EXE
c:\program files\muiltmedia keyboard utility\2.0\kbdap32a.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\ole32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\program files\muiltmedia keyboard utility\2.0\kbddl32a.dll

c:\windows\system32\winmm.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\uxtheme.dll

c:\program files\muiltmedia keyboard utility\2.0\kbd32s.dll

c:\program files\muiltmedia keyboard utility\2.0\kbd32g.dll

C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\bthprops.cpl

c:\windows\system32\devmgr.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\wmi.dll

c:\windows\system32\mpr.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

C:\PROGRA~1\SONY\SONICS~1\SSAAD.EXE
c:\progra~1\sony\sonics~1\ssaad.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\progra~1\sony\sonics~1\mfc71.dll

c:\progra~1\sony\sonics~1\msvcr71.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shell32.dll

c:\windows\system32\ole32.dll

c:\progra~1\sony\sonics~1\msvcp71.dll

c:\windows\system32\mfc71enu.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\msi.dll

c:\windows\system32\userenv.dll

c:\program files\common files\sony shared\avlib\sptisrvps.dll

c:\program files\scansoft\omnipagese4\ophookse4.dll

c:\windows\system32\version.dll

c:\windows\system32\oleaut32.dll

C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CLI.EXE
c:\program files\ati technologies\ati.ace\cli.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\mscoree.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\microsoft.net\framework\v1.1.4322\mscorwks.dll

c:\windows\microsoft.net\framework\v1.1.4322\msvcr71.dll

c:\windows\microsoft.net\framework\v1.1.4322\fusion.dll

c:\windows\system32\ole32.dll

c:\windows\system32\shell32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\microsoft.net\framework\v1.1.4322\mscorlib.dll

c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_c221ed80\mscorlib.dll

c:\windows\microsoft.net\framework\v1.1.4322\mscorsn.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\uxtheme.dll

c:\program files\scansoft\omnipagese4\ophookse4.dll

c:\windows\system32\version.dll

c:\windows\system32\oleaut32.dll

c:\windows\microsoft.net\framework\v1.1.4322\mscorjit.dll

c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll

c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_4760e166\system.windows.forms.dll

c:\windows\system32\xpsp2res.dll

c:\program files\ati technologies\ati.ace\cli.implementation.dll

c:\program files\ati technologies\ati.ace\log.foundation.dll

c:\program files\ati technologies\ati.ace\cli.foundation.dll

c:\program files\ati technologies\ati.ace\log.foundation.service.dll

c:\program files\ati technologies\ati.ace\log.foundation.shared.dll

c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll

c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_08d7c13b\system.dll

c:\windows\system32\shfolder.dll

c:\program files\ati technologies\ati.ace\cli.foundation.xmanifestation.dll

c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll

c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_3f740f77\system.xml.dll

c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\program files\ati technologies\ati.ace\cli.component.runtime.dll

c:\program files\ati technologies\ati.ace\aticccom.dll

c:\program files\ati technologies\ati.ace\aem.foundation.dll

c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll

c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_d3675329\system.drawing.dll

c:\windows\microsoft.net\framework\v1.1.4322\perfcounter.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\microsoft.net\framework\v2.0.50727\aspnet_perf.dll

c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll

c:\windows\microsoft.net\framework\v1.1.4322\aspnet_isapi.dll

c:\windows\system32\userenv.dll

c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll

c:\program files\ati technologies\ati.ace\cli.caste.graphics.shared.dll

c:\program files\ati technologies\ati.ace\cli.caste.graphics.runtime.dll

c:\windows\system32\atl.dll

c:\windows\system32\netapi32.dll

c:\program files\ati technologies\ati.ace\cli.component.runtime.shared.dll

c:\program files\ati technologies\ati.ace\dem.foundation.dll

c:\program files\ati technologies\ati.ace\dem.graphics.i0601.dll

c:\program files\ati technologies\ati.ace\ace.graphics.displaysmanager.shared.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\wshbth.dll

c:\windows\system32\setupapi.dll

c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll

c:\windows\system32\atidemgr.dll

c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll

c:\windows\microsoft.net\framework\v1.1.4322\wminet_utils.dll

c:\windows\system32\wbem\wmiutils.dll

c:\windows\system32\perfproc.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\rasman.dll

c:\windows\system32\secur32.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\winmm.dll

c:\windows\system32\mprapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\program files\ati technologies\ati.ace\skinfactory.dll

c:\program files\ati technologies\ati.ace\axinterop.wbocxlib.dll

c:\windows\system32\msi.dll

c:\program files\ati technologies\ati.ace\skins\wbocx.ocx

c:\windows\system32\mfc42.dll

c:\windows\system32\sxs.dll

c:\program files\ati technologies\ati.ace\interop.wbocxlib.dll

c:\windows\system32\olepro32.dll

c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll

c:\windows\system32\msimg32.dll

c:\program files\ati technologies\ati.ace\skins\wbhelp2.dll

C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 14\PCCGUIDE.EXE
c:\program files\trend micro\internet security 14\pccguide.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\version.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\comdlg32.dll

c:\windows\system32\shlwapi.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\winspool.drv

c:\windows\system32\oledlg.dll

c:\windows\system32\ole32.dll

c:\windows\system32\olepro32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\uxtheme.dll

c:\program files\trend micro\internet security 14\tmdbg.dll

c:\windows\system32\secur32.dll

c:\program files\scansoft\omnipagese4\ophookse4.dll

c:\windows\system32\xpsp2res.dll

c:\progra~1\trendm~1\intern~1\pcctlps.dll

c:\program files\trend micro\internet security 14\tmproxy.dll

c:\progra~1\trendm~1\intern~1\pccaltui.dll

c:\windows\system32\msvfw32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\msi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\apphelp.dll

C:\PROGRAM FILES\COMMON FILES\SONY SHARED\AVLIB\SSSCSISV.EXE
c:\program files\common files\sony shared\avlib\ssscsisv.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\msi.dll

c:\windows\system32\userenv.dll

c:\program files\common files\sony shared\avlib\sptisrvps.dll

C:\PROGRAM FILES\CANON\MYPRINTER\BJMYPRT.EXE
c:\program files\canon\myprinter\bjmyprt.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winspool.drv

c:\windows\system32\msvcrt.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\comctl32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\uxtheme.dll

c:\program files\canon\myprinter\bjmyres.dll

c:\program files\scansoft\omnipagese4\ophookse4.dll

c:\windows\system32\version.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

C:\PROGRAM FILES\SCANSOFT\OMNIPAGESE4\OPWARESE4.EXE
c:\program files\scansoft\omnipagese4\opwarese4.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\msvcrt.dll

c:\program files\scansoft\omnipagese4\ophookse4.dll

c:\windows\system32\version.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

C:\WINDOWS\RTHDCPL.EXE
c:\windows\rthdcpl.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\hhctrl.ocx

c:\windows\system32\msvcrt.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\dsound.dll

c:\windows\system32\winmm.dll

c:\windows\system32\version.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\mpr.dll

c:\windows\system32\winspool.drv

c:\windows\system32\comdlg32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\uxtheme.dll

c:\program files\scansoft\omnipagese4\ophookse4.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\wdmaud.drv

c:\windows\system32\msacm32.drv

c:\windows\system32\msacm32.dll

c:\windows\system32\midimap.dll

c:\windows\system32\ksuser.dll

c:\windows\system32\dxdiagn.dll

C:\MOJI DOKUMENTI\ARES\ARES.EXE
c:\moji dokumenti\ares\ares.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\ole32.dll

c:\windows\system32\version.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\winspool.drv

c:\windows\system32\shell32.dll

c:\windows\system32\comdlg32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ddraw.dll

c:\windows\system32\dciman32.dll

c:\windows\system32\quartz.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\oledlg.dll

c:\windows\system32\uxtheme.dll

c:\program files\scansoft\omnipagese4\ophookse4.dll

c:\windows\system32\olepro32.dll

c:\windows\system32\riched20.dll

c:\windows\system32\secur32.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\cscui.dll

c:\windows\system32\cscdll.dll

c:\windows\system32\shdocvw.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\cryptui.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\wininet.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\urlmon.dll

c:\windows\system32\browseui.dll

c:\windows\system32\shfolder.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\msi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\sxs.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\wshbth.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\shdoclc.dll

c:\windows\system32\mshtml.dll

c:\windows\system32\msls31.dll

c:\windows\system32\mlang.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\sensapi.dll

c:\windows\system32\msimtf.dll

c:\windows\system32\msctf.dll

c:\windows\system32\imm32.dll

C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
c:\program files\msn messenger\msnmsgr.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msimg32.dll

c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll

c:\program files\msn messenger\msncore.dll

c:\windows\system32\wininet.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\version.dll

c:\windows\system32\winmm.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\msacm32.dll

c:\program files\msn messenger\msidcrl40.dll

c:\windows\system32\sensapi.dll

c:\windows\system32\psapi.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\program files\msn messenger\contactsux.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\cryptnet.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\winhttp.dll

c:\windows\system32\userenv.dll

c:\windows\system32\secur32.dll

c:\program files\scansoft\omnipagese4\ophookse4.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\inetcomm.dll

c:\windows\system32\msoert2.dll

c:\windows\system32\inetres.dll

c:\windows\system32\mlang.dll

c:\program files\msn messenger\msgslang.8.1.0178.00.dll

c:\program files\msn messenger\msgsres.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\program files\msn messenger\lcapi.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\dsound.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\msdmo.dll

c:\program files\msn messenger\lcres.dll

c:\program files\msn messenger\rtmpltfm.dll

c:\windows\system32\wdmaud.drv

c:\windows\system32\msacm32.drv

c:\windows\system32\midimap.dll

c:\windows\system32\quartz.dll

c:\windows\system32\ddraw.dll

c:\windows\system32\dciman32.dll

c:\windows\system32\d3dim700.dll

c:\windows\system32\dpnhupnp.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\schannel.dll

c:\windows\system32\msxml3.dll

c:\windows\system32\urlmon.dll

c:\windows\system32\sxs.dll

c:\program files\msn messenger\msgswcam.dll

c:\windows\system32\sirenacm.dll

c:\windows\system32\es.dll

c:\windows\system32\comres.dll

c:\windows\system32\riched20.dll

c:\windows\system32\msi.dll

c:\program files\msn messenger\lmcdata.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\wshbth.dll

c:\windows\system32\dssenh.dll

c:\windows\system32\shdocvw.dll

c:\windows\system32\cryptui.dll

c:\windows\system32\qmgrprxy.dll

c:\program files\msn messenger\dfsr.dll

c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll

c:\windows\system32\esent.dll

c:\program files\msn messenger\abssm.dll

c:\windows\system32\usp10.dll

c:\windows\system32\msls31.dll

c:\windows\system32\shdoclc.dll

c:\windows\system32\jscript.dll

c:\windows\system32\vbscript.dll

c:\windows\system32\mfc42.dll

c:\windows\system32\apphelp.dll

c:\program files\msn messenger\usnsvcps.dll

c:\program files\msn messenger\custsat.dll

c:\windows\system32\linkinfo.dll

c:\windows\system32\ntshrui.dll

c:\windows\system32\atl.dll

c:\windows\system32\wmvcore.dll

c:\windows\system32\wmasf.dll

c:\windows\system32\ksuser.dll

c:\windows\system32\wmadmod.dll

c:\windows\system32\netshell.dll

c:\windows\system32\credui.dll

c:\windows\system32\devenum.dll

C:\PROGRAM FILES\BLUETOOTH SOFTWARE\BTTRAY.EXE
c:\program files\bluetooth software\bttray.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\cfgmgr32.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\wbtapi.dll

c:\windows\system32\msi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\mfc42.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\version.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\winmm.dll

c:\windows\system32\btosif.dll

c:\program files\bluetooth software\btballoon.dll

c:\windows\system32\shell32.dll

c:\windows\system32\comdlg32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\btrez.dll

c:\windows\system32\csh.dll

c:\windows\system32\uxtheme.dll

c:\program files\scansoft\omnipagese4\ophookse4.dll

C:\WINDOWS\SYSTEM32\WUAUCLT.EXE
c:\windows\system32\wuauclt.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\ole32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\wucltui.dll

c:\windows\system32\msimg32.dll

c:\windows\system32\cabinet.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\program files\scansoft\omnipagese4\ophookse4.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\wups2.dll

C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\DOKUMENTI IZ RA?UNALNIKA ATHLON\BLA?\AZUREUS\AZUREUS.EXE
c:\documents and settings\all users\documents\dokumenti iz ra?unalnika athlon\bla?\azureus\azureus.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\shell32.dll

c:\program files\java\jre1.6.0_01\bin\client\jvm.dll

c:\windows\system32\winmm.dll

c:\documents and settings\all users\documents\dokumenti iz ra?unalnika athlon\bla?\azureus\msvcr71.dll

c:\program files\java\jre1.6.0_01\bin\hpi.dll

c:\windows\system32\psapi.dll

c:\program files\java\jre1.6.0_01\bin\verify.dll

c:\program files\java\jre1.6.0_01\bin\java.dll

c:\program files\java\jre1.6.0_01\bin\zip.dll

c:\program files\java\jre1.6.0_01\bin\net.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\documents and settings\all users\documents\dokumenti iz ra?unalnika athlon\bla?\azureus\aereg.dll

c:\windows\system32\uxtheme.dll

c:\program files\scansoft\omnipagese4\ophookse4.dll

c:\windows\system32\version.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\program files\java\jre1.6.0_01\bin\management.dll

c:\program files\java\jre1.6.0_01\bin\sunmscapi.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\program files\java\jre1.6.0_01\bin\nio.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\userenv.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\mprapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\atl.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\samlib.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\wshbth.dll

c:\windows\system32\rasadhlp.dll

c:\documents and settings\kocevari\local settings\temp\swt-win32-3430.dll

c:\windows\system32\comdlg32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\usp10.dll

c:\windows\system32\wininet.dll

c:\windows\system32\oleacc.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\msimg32.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\mlang.dll

c:\windows\system32\shdocvw.dll

c:\windows\system32\cryptui.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\secur32.dll

c:\windows\system32\urlmon.dll

c:\windows\system32\sxs.dll

c:\windows\system32\msi.dll

c:\windows\system32\browseui.dll

c:\windows\system32\mpr.dll

c:\windows\system32\drprov.dll

c:\windows\system32\ntlanman.dll

c:\windows\system32\netui0.dll

c:\windows\system32\netui1.dll

c:\windows\system32\netrap.dll

c:\windows\system32\davclnt.dll

c:\windows\system32\msgina.dll

c:\windows\system32\winsta.dll

c:\windows\system32\odbc32.dll

c:\windows\system32\odbcint.dll

c:\windows\system32\sti.dll

c:\windows\system32\cfgmgr32.dll

c:\windows\system32\linkinfo.dll

c:\windows\system32\ntshrui.dll

c:\documents and settings\kocevari\local settings\temp\swt-gdip-win32-3430.dll

c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll

C:\PROGRAM FILES\MSN MESSENGER\USNSVC.EXE
c:\program files\msn messenger\usnsvc.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\xpsp2res.dll

c:\program files\msn messenger\usnsvcps.dll

c:\windows\system32\rsaenh.dll

C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AD-AWARE2007.EXE
c:\program files\lavasoft\ad-aware 2007\ad-aware2007.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\ole32.dll

c:\windows\system32\version.dll

c:\windows\system32\mpr.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\comdlg32.dll

c:\program files\lavasoft\ad-aware 2007\lavalicense.dll

c:\windows\system32\winmm.dll

c:\windows\system32\shfolder.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\inetmib1.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\snmpapi.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\mprapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\atl.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\samlib.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\uxtheme.dll

c:\program files\scansoft\omnipagese4\ophookse4.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\olepro32.dll

c:\windows\system32\secur32.dll

c:\program files\lavasoft\ad-aware 2007\lavamessage.dll

c:\windows\system32\wininet.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

End of Scan Section
===========================

Cleaned Infections
===========================

End of Cleaned Infections
===========================

Cleaned Infections
===========================
Browser: Internet Explorer Cookie: C:\Documents and Settings\kocevari\Cookies\index.dat doubleclick.net id /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\kocevari\Cookies\index.dat ad.yieldmanager.com uid /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\kocevari\Cookies\index.dat ad.yieldmanager.com liday1 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\kocevari\Cookies\index.dat ad.yieldmanager.com vuday1 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\kocevari\Cookies\index.dat ad.yieldmanager.com ih /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\kocevari\Cookies\index.dat ad.yieldmanager.com pv1 /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\kocevari\Cookies\index.dat ad.yieldmanager.com fl_inst /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\kocevari\Cookies\index.dat adbrite.com Apache /, Belonging to Tracking Cookie
Browser: Internet Explorer Cookie: C:\Documents and Settings\kocevari\Cookies\index.dat adbrite.com b /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt doubleclick.net id /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt ad.yieldmanager.com pv1 /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt ad.yieldmanager.com vuday1 /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt ad.yieldmanager.com liday1 /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt ad.yieldmanager.com uid /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt ad.yieldmanager.com bh /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt ad.yieldmanager.com ih /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt ad.yieldmanager.com fl_inst /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt hit.gemius.pl Gtestss /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt hit.gemius.pl Gtestb /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt mediaplex.com svid /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt adrevolver.com adrev_adpath2 /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt adrevolver.com adrev_adpath /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt media.adrevolver.com BIGipServerar-slave /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt adbrite.com Apache /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt adbrite.com b /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt tribalfusion.com ANON_ID /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt casalemedia.com CMX3 /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt casalemedia.com CMPP /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt casalemedia.com CMX2 /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt casalemedia.com CMID /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt casalemedia.com CMX4 /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt casalemedia.com CMPS /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt atdmt.com AA002 /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt overture.com CMUserData /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt prospect.adbureau.net GUID /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt 2o7.net s_vi_qnfvrnx7D /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt advertising.com F1 /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt advertising.com BASE /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt advertising.com ROLL /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt advertising.com ACID /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt fastclick.net vt /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt fastclick.net pluto /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt fastclick.net pjw /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt fastclick.net adv_ic /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt adserver1.w00tmedia.net OAID /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt digitalpoint.com an /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt specificclick.net smk /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt apmebf.com S /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt specificclick.net dmc /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt specificclick.net dmk /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt specificclick.net smc /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt zedo.com ZEDOIDX /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt zedo.com ZEDOIDA /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt zedo.com geo /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt bluestreak.com id /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt serving-sys.com A2 /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt serving-sys.com E2 /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt serving-sys.com U /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt bs.serving-sys.com eyeblaster /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt serving-sys.com D3 /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt serving-sys.com C3 /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt serving-sys.com B2 /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt revsci.net rsi_segs_1000000 /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt revsci.net rsi_cls_1000000 /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt revsci.net NETID01 /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt premiumtv.122.2o7.net s_vi /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt adtech.de JEB2 /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt ivwbox.de i00 /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt statse.webtrendslive.com ACOOKIE /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt tradedoubler.com TD_PIC /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt tradedoubler.com TD_UNIQUE_IMP /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt statcounter.com session_2727024 /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt statcounter.com session_3477688 /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt statcounter.com session_2404168 /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt msnportal.112.2o7.net s_vi /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt trafficmp.com dmg2 /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt trafficmp.com dly2 /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt trafficmp.com rth /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt trafficmp.com uid2 /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt trafficmp.com hst2 /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt realmedia.com RMFL /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt realmedia.com RMID /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt realmedia.com NXCLICK2 /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt adopt.specificclick.net UI /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt adopt.specificclick.net LO /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt statse.webtrendslive.com wtl152628 /S152628, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt hitbox.com WSS_GW /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt ehg-twi.hitbox.com DM560906G1WAV6 /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt hitbox.com CTG /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt adultfriendfinder.com ffadult_tr /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt adultfriendfinder.com HISTORY /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt eb.adbureau.net GUID /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt eb.adbureau.net LE0 /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt eb.adbureau.net LE4 /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt adopt.euroclick.com UI /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt adopt.euroclick.com DMEXP /, Belonging to Tracking Cookie
Browser: Firefox Cookie: C:\Documents and Settings\kocevari\Application Data\Mozilla\Firefox\Profiles/zkus5mjt.default\cookies.txt indextools.com itvisitorid10001014079686 /, Belonging to Tracking Cookie

End of Cleaned Infections
===========================



thank you...

#12 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:03 PM

Posted 20 April 2008 - 12:26 PM

Hello tadej1,

Click Start > Run > copy and paste the following into the box and hit enter/ok
 
cmd /c Reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons

If it asks you are you sure....choose Y

 Let me know if the red X is gone.



Why are you posting the adaware log? :thumbsup:
I asked for a Hijackthis log, not the Adaware log.
Please only post the logs that I ask for.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 tadej1

tadej1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 21 April 2008 - 08:33 AM

Sorry, here is the hijackthis log

p.s. the red cross is gone, thank you



---------------------------------------------------
---------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:29:14, on 21.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\WgaTray.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Moji dokumenti\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 2957 bytes

#14 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:03 PM

Posted 21 April 2008 - 01:09 PM

Hello tadej1,

Please tell me why so many items are missing from your Hijackthis log? :thumbsup:
Have you been "fixing" items yourself? :blink:
HijackThis is an advanced tool, and therefore requires advanced knowledge about Windows and operating systems in general. If you delete items that it shows, without knowing what they are, it can lead to other problems such as your Internet no longer working or problems with running Windows itself.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 tadej1

tadej1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 22 April 2008 - 06:02 AM

Yes I did. I am sorry for that, I just couldn't wait to delete something (I couldn't delete anything in the past mouths), evet if I didn't know waht it was.
The computer is running normaly now, there is no red cross anymore.

Here is the Hijackthis log again, I didn't delete anything thistime
thankyou




---------------------------------------------
---------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:01:51, on 22.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\Explorer.EXE
C:\MOJI DOKUMENTI\ARES\ARES.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\Program Files\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPROXY.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ares] "C:\Moji dokumenti\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-21-602162358-842925246-725345543-1003\..\Run: [ares] "C:\Moji dokumenti\Ares\Ares.exe" -h (User '?')
O4 - HKUS\S-1-5-21-602162358-842925246-725345543-1003\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Moji dokumenti\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 3530 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users