Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Need Help Fixing Trojan Virtumonde


  • This topic is locked This topic is locked
42 replies to this topic

#1 Paulhan93

Paulhan93

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 08 September 2008 - 08:48 PM

Ok this virus keeps giving me ads about some antivirus which i know is a trojan and i have detected it with ad-aware and Spyware Pc Doctor (the one in google)

And they both say it is the file in WINDOWS/system32 called __c00 something with letters and numbers after it. It seems to change from time to time everytime i try stuff like vundobegone or vundofix or i think i fixed it.

here is the HiJackThis log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:44:07 PM, on 9/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
I:\Program Files\Bonjour\mDNSResponder.exe
I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
I:\WINDOWS\system32\lxddcoms.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\Explorer.EXE
I:\WINDOWS\ALCXMNTR.EXE
I:\Program Files\iTunes\iTunesHelper.exe
I:\Program Files\Lexmark 2500 Series\lxddmon.exe
I:\Program Files\Lexmark 2500 Series\lxddamon.exe
I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.0.1.20080130-2132\soffice.exe
I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
I:\Program Files\iPod\bin\iPodService.exe
I:\WINDOWS\system32\wscntfy.exe
I:\WINDOWS\system32\wuauclt.exe
I:\Documents and Settings\Paul Han\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
I:\Program Files\Mozilla Firefox\firefox.exe
I:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - I:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - I:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - I:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "I:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lxddmon.exe] "I:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "I:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [StartCCC] "I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "I:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] I:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] I:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] I:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] I:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "I:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Veoh] "I:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [DAEMON Tools Lite] "I:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [A00F4B7C777.exe] I:\DOCUME~1\PAULHA~1\LOCALS~1\Temp\_A00F4B7C777.exe
O4 - HKCU\..\Run: [SODCPreLoad] I:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.0.1.20080130-2132\preload.exe I:\PROGRA~1\IBM\Lotus\Symphony\data\.sodc\
O4 - HKCU\..\Run: [Google Update] "I:\Documents and Settings\Paul Han\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
O4 - Global Startup: Google Updater.lnk = I:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - I:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - I:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - I:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: i:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} (CyImage Class) - http://cyimg8.cyworld.com/ImageUpload/CyPi...U1.cab?20080604
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neff...ffyLauncher.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: ddcYqRlm - ddcYqRlm.dll (file missing)
O20 - Winlogon Notify: __c0024620 - I:\WINDOWS\system32\__c0024620.dat (file missing)
O20 - Winlogon Notify: __c002ADCA - I:\WINDOWS\
O20 - Winlogon Notify: __c00497BA - I:\WINDOWS\system32\__c00497BA.dat (file missing)
O20 - Winlogon Notify: __c0078E1 - I:\WINDOWS\system32\__c0078E1.dat
O20 - Winlogon Notify: __c00E6892 - I:\WINDOWS\system32\__c00E6892.dat (file missing)
O20 - Winlogon Notify: __c00E75EA - I:\WINDOWS\system32\__c00E75EA.dat (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - I:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - I:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - I:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - I:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - I:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - I:\WINDOWS\system32\lxddcoms.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - I:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - I:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O24 - Desktop Component 0: Privacy Protection - (no file)

--
End of file - 10196 bytes

i think it is the O20 winlogon thing that is the problem.

Edited by Paulhan93, 08 September 2008 - 08:50 PM.


BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:25 AM

Posted 18 September 2008 - 11:02 PM

Hello Paulhan93,

Please disable Spyware Doctor before running Malwarebytes' Anti-Malware

To disable Spyware Doctor from running on your system startup:
1. First, disable the OnGuard Tools. This way, when you exit Spyware Doctor, these tools won't stay resident in the background.
2. Click the "Settings" button on the left side.
3. Click the "Startup Settings" link.
4. Uncheck "Run at Windows Startup".
5. Click the "Apply" button.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy and Paste the entire Malwarebytes' Anti-Malware report in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.

If you encounter this message:"c:\program files\malwarebytes' Anti-Malware\mbamext.dll Unable to register the dll/ocx: RegSvr32 failed with exit code 0x5" Click on ignore mbamext.dll

Edited by SifuMike, 18 September 2008 - 11:05 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Paulhan93

Paulhan93
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 19 September 2008 - 09:00 PM

ok i will try this method and tell you if it works

#4 Paulhan93

Paulhan93
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 19 September 2008 - 09:38 PM

Here are the results

Malwarebytes' Anti-Malware 1.28
Database version: 1179
Windows 5.1.2600 Service Pack 3

9/19/2008 7:32:00 PM
mbam-log-2008-09-19 (19-32-00).txt

Scan type: Quick Scan
Objects scanned: 48054
Time elapsed: 4 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 27
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 40

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
I:\WINDOWS\system32\__c0078E1.dat (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0024620 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c002adca (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00497ba (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0078e1 (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00e6892 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00e75ea (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\aldd (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f4b7c777.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
I:\WINDOWS\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Files Infected:
I:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
I:\Documents and Settings\Paul Han\Local Settings\Temp\_A00F4B7C777.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\ (Trojan.Vundo) -> Delete on reboot.
I:\WINDOWS\system32\__c0078E1.dat (Trojan.Vundo) -> Delete on reboot.
I:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
I:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\__c002ADCA.dat (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

This is HijackThis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:37:36 PM, on 9/19/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\Explorer.EXE
I:\WINDOWS\system32\ctfmon.exe
I:\WINDOWS\ALCXMNTR.EXE
I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
I:\Program Files\iTunes\iTunesHelper.exe
I:\Program Files\Lexmark 2500 Series\lxddamon.exe
I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
I:\Documents and Settings\Paul Han\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
I:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.0.1.20080130-2132\soffice.exe
I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
I:\Program Files\Bonjour\mDNSResponder.exe
I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
I:\WINDOWS\system32\lxddcoms.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\wuauclt.exe
I:\WINDOWS\system32\wuauclt.exe
I:\Program Files\iPod\bin\iPodService.exe
I:\WINDOWS\system32\wscntfy.exe
I:\Program Files\Mozilla Firefox\firefox.exe
I:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - I:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - I:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - I:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "I:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lxddmon.exe] "I:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "I:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [StartCCC] "I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "I:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] I:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] I:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] I:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] I:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "I:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Veoh] "I:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [DAEMON Tools Lite] "I:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "I:\Documents and Settings\Paul Han\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SODCPreLoad] I:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.0.1.20080130-2132\preload.exe I:\PROGRA~1\IBM\Lotus\Symphony\data\.sodc\
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
O4 - Global Startup: Google Updater.lnk = I:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - I:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - I:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - I:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: i:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} (CyImage Class) - http://cyimg8.cyworld.com/ImageUpload/CyPi...U1.cab?20080604
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neff...ffyLauncher.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: ddcYqRlm - ddcYqRlm.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - I:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - I:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - I:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - I:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - I:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - I:\WINDOWS\system32\lxddcoms.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - I:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - I:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - I:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O24 - Desktop Component 0: Privacy Protection - (no file)

--
End of file - 9812 bytes

#5 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:25 AM

Posted 19 September 2008 - 09:55 PM

Hello Paulhan93,

Looks better, but I need to see if there is malware remaining.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized). info.txt can also be found at c:\RSIT\info.txt

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 Paulhan93

Paulhan93
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 20 September 2008 - 01:10 AM

Ok thank you, here is the (really long) log.txt and info.txt.

Logfile of random's system information tool 1.02 (written by random/random)
Run by Paul Han at 2008-09-19 23:07:42
Microsoft Windows XP Professional Service Pack 3
System drive I: has 174 GB (73%) free of 238 GB
Total RAM: 894 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:07:49 PM, on 9/19/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\system32\ctfmon.exe
I:\WINDOWS\ALCXMNTR.EXE
I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
I:\Documents and Settings\Paul Han\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
I:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.0.1.20080130-2132\soffice.exe
I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
I:\Program Files\Bonjour\mDNSResponder.exe
I:\WINDOWS\system32\lxddcoms.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\wuauclt.exe
I:\WINDOWS\system32\wscntfy.exe
I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
I:\WINDOWS\explorer.exe
I:\Program Files\Mozilla Firefox\firefox.exe
I:\Documents and Settings\Paul Han\Desktop\RSIT.exe
I:\Program Files\Trend Micro\HijackThis\Paul Han.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - I:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - I:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - I:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "I:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lxddmon.exe] "I:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "I:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [StartCCC] "I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "I:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] I:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] I:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] I:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] I:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "I:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Veoh] "I:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [DAEMON Tools Lite] "I:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "I:\Documents and Settings\Paul Han\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SODCPreLoad] I:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.0.1.20080130-2132\preload.exe I:\PROGRA~1\IBM\Lotus\Symphony\data\.sodc\
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
O4 - Global Startup: Google Updater.lnk = I:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - I:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - I:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - I:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: i:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} (CyImage Class) - http://cyimg8.cyworld.com/ImageUpload/CyPi...U1.cab?20080604
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neff...ffyLauncher.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: ddcYqRlm - ddcYqRlm.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - I:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - I:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - I:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - I:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - I:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - I:\WINDOWS\system32\lxddcoms.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - I:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - I:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - I:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O24 - Desktop Component 0: Privacy Protection - (no file)

--
End of file - 9639 bytes

======Scheduled tasks folder======

I:\WINDOWS\tasks\AppleSoftwareUpdate.job
I:\WINDOWS\tasks\GoogleUpdateTaskUser.job
I:\WINDOWS\tasks\Norton Security Scan.job
I:\WINDOWS\tasks\RegCure Program Check.job
I:\WINDOWS\tasks\RegCure.job
I:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - I:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - I:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-12 222448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - i:\program files\google\googletoolbar1.dll [2008-02-22 2554944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - I:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-11 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - i:\program files\google\googletoolbar1.dll [2008-02-22 2554944]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! 工具列 - I:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936]
{D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - I:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-04-01 352256]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"=I:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]
"Adobe Reader Speed Launcher"=I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"QuickTime Task"=I:\Program Files\QuickTime\qttask.exe [2008-01-31 385024]
"iTunesHelper"=I:\Program Files\iTunes\iTunesHelper.exe [2008-02-19 267048]
"lxddmon.exe"=I:\Program Files\Lexmark 2500 Series\lxddmon.exe [2007-06-11 291760]
"lxddamon"=I:\Program Files\Lexmark 2500 Series\lxddamon.exe [2007-04-30 20480]
"StartCCC"=I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"IMJPMIG8.1"=I:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952]
"IMEKRMIG6.1"=I:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2002-08-29 44032]
"MSPY2002"=I:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2002-08-29 59392]
"PHIME2002ASync"=I:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2002-08-29 455168]
"PHIME2002A"=I:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2002-08-29 455168]
"SunJavaUpdateSched"=I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=I:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"swg"=I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-02-22 68856]
"Yahoo! Pager"=I:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-30 4670704]
"Veoh"=I:\Program Files\Veoh Networks\Veoh\VeohClient.exe [2008-08-13 3660848]
""=I:\WINDOWS\system32\
"DAEMON Tools Lite"=I:\Program Files\DAEMON Tools Lite\daemon.exe [2008-04-01 486856]
"ctfmon.exe"=I:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Google Update"=I:\Documents and Settings\Paul Han\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-08 133104]
"SODCPreLoad"=I:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.0.1.20080130-2132\preload.exe [2008-02-28 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\I:^Documents and Settings^Paul Han^Start Menu^Programs^Startup^MagicDisc.lnk]
I:\PROGRA~1\MAGICD~1\MAGICD~1.EXE [2008-02-18 546816]

I:\Documents and Settings\All Users\Start Menu\Programs\Startup
Google Updater.lnk - I:\Program Files\Google\Google Updater\GoogleUpdater.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
I:\WINDOWS\system32\Ati2evxx.dll [2008-03-28 126976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddcYqRlm]
ddcYqRlm.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
I:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - I:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
I:\WINDOWS\system32\urqNDWOh
nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"I:\Program Files\Xfire\xfire.exe"="I:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"I:\Program Files\IBM\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.jcl.desktop.win32.x86_6.2.0.200801251400\jre\bin\expeditorw.exe"="I:\Program Files\IBM\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.jcl.desktop.win32.x86_6.2.0.200801251400\jre\bin\expeditorw.exe:*:Enabled:Lotus Expeditor"
"I:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="I:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"I:\Program Files\Bonjour\mDNSResponder.exe"="I:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"I:\Program Files\iTunes\iTunes.exe"="I:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"I:\Program Files\DNA\btdna.exe"="I:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"I:\Program Files\BitTorrent\bittorrent.exe"="I:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"I:\Program Files\MPlay\Crazy Arcade\NMCOSrv.exe"="I:\Program Files\MPlay\Crazy Arcade\NMCOSrv.exe:*:Enabled:NexonMessenger Core"
"I:\Program Files\MPlay\Crazy Arcade\CA.exe"="I:\Program Files\MPlay\Crazy Arcade\CA.exe:*:Enabled:Crazy Arcade Client"
"I:\Program Files\Valve\Steam\SteamApps\hankyutae\counter-strike\hl.exe"="I:\Program Files\Valve\Steam\SteamApps\hankyutae\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"I:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="I:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"I:\Program Files\Yahoo!\Messenger\YServer.exe"="I:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"I:\Program Files\Valve\Steam\SteamApps\hankyutae\condition zero\hl.exe"="I:\Program Files\Valve\Steam\SteamApps\hankyutae\condition zero\hl.exe:*:Enabled:Half-Life Launcher"
"I:\Documents and Settings\Paul Han\Desktop\OdinMS\OdinMS.exe"="I:\Documents and Settings\Paul Han\Desktop\OdinMS\OdinMS.exe:*:Enabled:MapleStory"
"I:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="I:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"I:\WINDOWS\system32\lxddcoms.exe"="I:\WINDOWS\system32\lxddcoms.exe:*:Enabled:Lexmark Communications System"
"I:\Program Files\Lexmark 2500 Series\lxddamon.exe"="I:\Program Files\Lexmark 2500 Series\lxddamon.exe:*:Enabled:Lexmark Device Monitor"
"I:\Program Files\Lexmark 2500 Series\App4R.exe"="I:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio"
"I:\Program Files\Gameforge4D\AirRivals\Launcher.atm"="I:\Program Files\Gameforge4D\AirRivals\Launcher.atm:Enabled:GameExe2"
"I:\Program Files\Gameforge4D\AirRivals\Res-Voip\SCVoIP.exe"="I:\Program Files\Gameforge4D\AirRivals\Res-Voip\SCVoIP.exe:Enabled:GameVoIP"
"I:\Program Files\Starcraft\StarCraft.exe"="I:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft"
"I:\Program Files\NCsoft\Exteel\System\Exteel.exe"="I:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel"
"I:\Program Files\MPlay\Crazy Arcade\NewPatcher.exe"="I:\Program Files\MPlay\Crazy Arcade\NewPatcher.exe:*:Enabled:Nexon Game Launcher"
"I:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe"="I:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"I:\Nexon\Combat Arms\CombatArms.exe"="I:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"I:\Nexon\Combat Arms\Engine.exe"="I:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"I:\Nexon\Combat Arms\NMService.exe"="I:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core"
"I:\Program Files\EA GAMES\The Battle for Middle-earth ™\game.dat"="I:\Program Files\EA GAMES\The Battle for Middle-earth ™\game.dat:*:Enabled:The Battle for Middle-earth ™"
"I:\Program Files\Electronic Arts\The Battle for Middle-earth ™ II\game.dat"="I:\Program Files\Electronic Arts\The Battle for Middle-earth ™ II\game.dat:*:Enabled:The Battle for Middle-earth™ II"
"I:\Program Files\Lexmark 2500 Series\lxddmon.exe"="I:\Program Files\Lexmark 2500 Series\lxddmon.exe:*:Enabled: "
"I:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe"="I:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe:*:Enabled: "
"I:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe"="I:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe:*:Enabled: "
"I:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe"="I:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe:*:Enabled: "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"I:\Program Files\Lexmark 2500 Series\app4r.exe"="I:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:Printing Application"
"I:\Program Files\NCsoft\Exteel\System\Exteel.exe"="I:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel"
"I:\Nexon\Combat Arms\CombatArms.exe"="I:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"I:\Nexon\Combat Arms\Engine.exe"="I:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
shell\AutoRun\command - J:\SETUP.EXE


======List of files/folders created in the last 1 months======

2008-09-19 23:07:42 ----D---- I:\rsit
2008-09-19 20:07:00 ----HT---- I:\WINDOWS\system32\2780e3b.dll
2008-09-19 20:07:00 ----HT---- I:\WINDOWS\system32\2061879.dll
2008-09-19 20:07:00 ----HT---- I:\WINDOWS\system32\173c45c6.dll
2008-09-19 20:07:00 ----HT---- I:\WINDOWS\system32\11817386.dll
2008-09-19 19:42:10 ----HT---- I:\WINDOWS\system32\5d9dfe2.dll
2008-09-19 19:42:10 ----HT---- I:\WINDOWS\system32\2f2f05f0.dll
2008-09-19 19:42:09 ----HT---- I:\WINDOWS\system32\184e151a.dll
2008-09-19 19:42:09 ----HT---- I:\WINDOWS\system32\14986785.dll
2008-09-19 18:59:36 ----D---- I:\Documents and Settings\Paul Han\Application Data\Malwarebytes
2008-09-19 18:59:31 ----D---- I:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-19 18:59:30 ----D---- I:\Program Files\Malwarebytes' Anti-Malware
2008-09-15 19:51:21 ----D---- I:\Program Files\WinPcap
2008-09-15 19:51:12 ----D---- I:\Program Files\WC3Banlist
2008-09-09 22:29:29 ----HDC---- I:\WINDOWS\$NtUninstallKB938464$
2008-09-09 22:29:02 ----HDC---- I:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-08 18:50:58 ----D---- I:\Program Files\HJT
2008-09-08 18:43:59 ----D---- I:\Program Files\Trend Micro
2008-09-06 12:30:17 ----D---- I:\WINDOWS\Sun
2008-09-04 21:35:45 ----A---- I:\WINDOWS\system32\msvcr71.dll
2008-09-04 21:35:45 ----A---- I:\WINDOWS\system32\msvcp71.dll
2008-09-04 21:35:44 ----A---- I:\WINDOWS\system32\mfc71u.dll
2008-09-04 21:35:43 ----D---- I:\Program Files\WMA-MP3.com
2008-09-04 21:31:27 ----D---- I:\Program Files\ToneThis 3.5
2008-09-04 21:26:21 ----D---- I:\Program Files\iPodAid iPod to Computer Transfer
2008-08-31 19:26:32 ----D---- I:\Documents and Settings\Paul Han\Application Data\PC Tools
2008-08-31 16:31:44 ----D---- I:\WINDOWS\BDOSCAN8
2008-08-29 22:10:12 ----D---- I:\VundoFix Backups
2008-08-29 22:10:12 ----A---- I:\VundoFix.txt
2008-08-27 20:09:53 ----D---- I:\Program Files\jEdit
2008-08-27 20:09:36 ----D---- I:\Documents and Settings\Paul Han\Application Data\Sun
2008-08-27 20:09:17 ----A---- I:\WINDOWS\system32\javaws.exe
2008-08-27 20:09:17 ----A---- I:\WINDOWS\system32\javaw.exe
2008-08-27 20:09:17 ----A---- I:\WINDOWS\system32\java.exe
2008-08-27 20:08:48 ----D---- I:\Program Files\Java
2008-08-27 20:08:25 ----D---- I:\Program Files\Common Files\Java

======List of files/folders modified in the last 1 months======

2008-09-19 23:07:47 ----D---- I:\WINDOWS\Prefetch
2008-09-19 23:05:22 ----D---- I:\Program Files\Mozilla Firefox
2008-09-19 22:04:20 ----D---- I:\WINDOWS
2008-09-19 22:02:34 ----D---- I:\WINDOWS\system32\CatRoot2
2008-09-19 22:02:17 ----D---- I:\WINDOWS\Temp
2008-09-19 20:07:01 ----D---- I:\WINDOWS\system32\drivers
2008-09-19 20:07:00 ----D---- I:\WINDOWS\system32
2008-09-19 19:32:37 ----A---- I:\WINDOWS\SchedLgU.Txt
2008-09-19 19:04:02 ----AD---- I:\Documents and Settings\All Users\Application Data\TEMP
2008-09-19 18:59:30 ----RD---- I:\Program Files
2008-09-19 18:43:35 ----D---- I:\Documents and Settings\All Users\Application Data\Google Updater
2008-09-18 15:36:19 ----HD---- I:\WINDOWS\inf
2008-09-18 15:34:41 ----RSHDC---- I:\WINDOWS\system32\dllcache
2008-09-17 15:28:29 ----D---- I:\WINDOWS\Help
2008-09-16 20:03:46 ----D---- I:\Documents and Settings\Paul Han\Application Data\Move Networks
2008-09-11 20:36:31 ----D---- I:\Program Files\Lx_cats
2008-09-09 22:30:31 ----SHD---- I:\WINDOWS\Installer
2008-09-09 22:30:30 ----D---- I:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-09 22:29:29 ----D---- I:\WINDOWS\WinSxS
2008-09-09 22:29:06 ----A---- I:\WINDOWS\imsins.BAK
2008-09-08 15:26:38 ----SD---- I:\WINDOWS\Tasks
2008-09-04 17:42:14 ----D---- I:\Documents and Settings\Paul Han\Application Data\Mozilla
2008-09-01 19:53:52 ----SHD---- I:\System Volume Information
2008-09-01 19:53:52 ----D---- I:\WINDOWS\system32\Restore
2008-09-01 13:35:48 ----D---- I:\Program Files\Spyware Doctor
2008-08-31 19:27:55 ----A---- I:\WINDOWS\system32\PerfStringBackup.INI
2008-08-31 19:22:04 ----D---- I:\Program Files\Common Files
2008-08-31 18:44:04 ----A---- I:\WINDOWS\ntbtlog.txt
2008-08-31 16:40:06 ----SD---- I:\WINDOWS\Downloaded Program Files
2008-08-31 16:27:44 ----D---- I:\Documents and Settings\Paul Han\Application Data\DNA
2008-08-31 16:22:55 ----D---- I:\Program Files\DNA
2008-08-31 16:20:27 ----D---- I:\WINDOWS\system32\config
2008-08-31 16:20:16 ----D---- I:\WINDOWS\system32\wbem
2008-08-31 16:20:16 ----D---- I:\WINDOWS\Registration
2008-08-27 15:32:50 ----D---- I:\Program Files\Microsoft Silverlight
2008-08-26 20:03:51 ----D---- I:\Program Files\Adobe
2008-08-26 19:32:44 ----D---- I:\Program Files\Norton Security Scan
2008-08-22 15:01:10 ----D---- I:\Program Files\Common Files\Symantec Shared
2008-08-22 10:17:28 ----D---- I:\WINDOWS\Downloaded Installations

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdPPM;AMD HwPState Processor Driver; I:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; I:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R2 npkcrypt;npkcrypt; \??\I:\Documents and Settings\Paul Han\Desktop\OdinMS\npkcrypt.sys []
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; I:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; I:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-08-18 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; I:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-08-18 55936]
R3 AgereSoftModem;Agere Systems Soft Modem; I:\WINDOWS\system32\DRIVERS\AGRSM.sys [2007-10-30 1201632]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); I:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 AR5211;NETGEAR WG311T V1H3 Wireless Adapter Service; I:\WINDOWS\system32\DRIVERS\WG311T13.sys [2006-07-04 472000]
R3 Arp1394;1394 ARP Client Protocol; I:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; I:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-03-28 2873856]
R3 EagleNT;EagleNT; \??\I:\WINDOWS\system32\drivers\EagleNT.sys []
R3 GEARAspiWDM;GEARAspiWDM; I:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 hamachi;Hamachi Network Interface; I:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-05-27 25280]
R3 HidUsb;Microsoft HID Class Driver; I:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; I:\WINDOWS\system32\DRIVERS\mcdbus.sys [2008-02-18 96256]
R3 NIC1394;1394 Net Driver; I:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nm;Network Monitor Driver; I:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
R3 NPF;NetGroup Packet Filter Driver; I:\WINDOWS\system32\drivers\npf.sys [2005-08-02 32512]
R3 NWRDR;NetWare Rdr; I:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-13 163584]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; I:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-02-25 105088]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; I:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbccgp;Microsoft USB Generic Parent Driver; I:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; I:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; I:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; I:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; I:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; I:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbstor;USB Mass Storage Driver; I:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 ahmdpxgj;ahmdpxgj; I:\WINDOWS\system32\drivers\ahmdpxgj.sys []
S3 IKFileSec;File Security Driver; I:\WINDOWS\system32\drivers\ikfilesec.sys [2008-02-01 42376]
S3 IKSysFlt;System Filter Driver; I:\WINDOWS\system32\drivers\iksysflt.sys [2007-12-10 66952]
S3 IKSysSec;System Security Driver; I:\WINDOWS\system32\drivers\iksyssec.sys [2007-12-10 81288]
S3 mouhid;Mouse HID Driver; I:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; I:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SoRa1;SoRa1; \??\I:\Documents and Settings\Paul Han\Desktop\SoRa Engine 2.3\SoRa23.sys []
S3 sqQlGebSG;sqQlGebSG; \??\I:\Documents and Settings\Paul Han\Desktop\Everything u need\mhs\ENTISM []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; I:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; I:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XDva037;XDva037; \??\I:\WINDOWS\system32\XDva037.sys []
S3 XDva119;XDva119; \??\I:\WINDOWS\system32\XDva119.sys []
S3 XDva121;XDva121; \??\I:\WINDOWS\system32\XDva121.sys []
S3 XDva134;XDva134; \??\I:\WINDOWS\system32\XDva134.sys []
S3 XDva158;XDva158; \??\I:\WINDOWS\system32\XDva158.sys []
S3 XDva164;XDva164; \??\I:\WINDOWS\system32\XDva164.sys []
S3 XDva165;XDva165; \??\I:\WINDOWS\system32\XDva165.sys []
S3 XDva167;XDva167; \??\I:\WINDOWS\system32\XDva167.sys []
S3 XDva186;XDva186; \??\I:\WINDOWS\system32\XDva186.sys []
S3 yYmCKpbt;yYmCKpbt; \??\I:\Documents and Settings\Paul Han\Desktop\Everything u need\mhs\ORPPLUI []
S4 IntelIde;IntelIde; I:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; I:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 aawservice;Ad-Aware 2007 Service; I:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2008-05-24 607576]
R2 Apple Mobile Device;Apple Mobile Device; I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 Ati HotKey Poller;Ati HotKey Poller; I:\WINDOWS\system32\Ati2evxx.exe [2008-03-28 536576]
R2 Bonjour Service;Bonjour Service; I:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 gusvc;Google Updater Service; I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-22 138680]
R2 lxdd_device;lxdd_device; I:\WINDOWS\system32\lxddcoms.exe [2007-05-25 537520]
R2 NWCWorkstation;Client Service for NetWare; I:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 NwSapAgent;SAP Agent; I:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 ATI Smart;ATI Smart; I:\WINDOWS\system32\ati2sgag.exe [2008-03-28 593920]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService; I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe [2007-05-25 99248]
S2 SymWSC;SymWMI Service; I:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [2004-11-02 316544]
S3 aspnet_state;ASP.NET State Service; I:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-23 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; I:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-23 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; i:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; I:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 iPod Service;iPod Service; I:\Program Files\iPod\bin\iPodService.exe [2008-02-19 504104]
S3 odserv;Microsoft Office Diagnostics Service; I:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; I:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); I:\Program Files\WinPcap\rpcapd.exe [2005-08-02 86016]
S3 sdAuxService;PC Tools Auxiliary Service; I:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-02-01 747912]
S3 sdCoreService;PC Tools Security Service; I:\Program Files\Spyware Doctor\pctsSvc.exe [2008-02-01 948616]
S3 usprserv;User Privilege Service; I:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; I:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; I:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; I:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------





info.txt logfile of random's system information tool 1.02 2008-09-19 23:07:53

======Uninstall list======

-->I:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 I:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
AC3Filter (remove only)-->I:\Program Files\AC3Filter\uninstall.exe
Ad-Aware 2007-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX-->I:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player-->I:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE I:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Agere Systems PCI Soft Modem-->agrsmdel
AirRivals 1.0.0.13-->"I:\Program Files\Gameforge4D\AirRivals\unins000.exe"
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI - Software Uninstall Utility-->I:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 I:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "I:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x3735
ATI Display Driver-->rundll32 I:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AutoIt v3.2.10.0-->I:\Program Files\AutoIt3\Uninstall.exe
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CABAL Online-->"I:\Program Files\OGPlanet\CABAL Online\unins000.exe"
Cheat Engine 5.4-->"I:\Program Files\Cheat Engine\unins000.exe"
Color Detector 2.0-->"I:\Program Files\ColorDetector200\unins000.exe"
Combat Arms-->"I:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" -mode:uninstall -dll:ngm.nexon.net/ngm/NGM/Bin/NGMDll.dll -game:33563143 -locale:US
Condition Zero-->"I:\Program Files\Valve\Steam\steam.exe" steam://uninstall/80
Counter-Strike-->"I:\Program Files\Valve\Steam\steam.exe" steam://uninstall/10
Crazy Arcade-->I:\Program Files\MPlay\Crazy Arcade\Uninstall.exe
DivX Web Player-->I:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Driver Detective-->I:\Program Files\InstallShield Installation Information\{621C02EA-AAFF-4026-A903-165D59529A16}\setup.exe -runfromtemp -l0x0409
Eusing Free Registry Cleaner-->I:\PROGRA~1\EUSING~1\UNWISE.EXE I:\PROGRA~1\EUSING~1\INSTALL.LOG
GOM Player-->"I:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Gears-->MsiExec.exe /I{552171BC-30F8-3B29-9C4F-E3FE590B7CAC}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "i:\program files\google\googletoolbar1.dll"
Google Updater-->"I:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Grand Chase-->I:\Ntreev\Grand Chase\uninst.exe
Hamachi 1.0.2.5-->I:\Program Files\Hamachi\uninstall.exe
HijackThis 2.0.2-->"I:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->I:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Hotfix for Windows Internet Explorer 7 (KB947864)-->"I:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"I:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"I:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"I:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
IBM Lotus Symphony-->MsiExec.exe /X{45946a91-fa3f-4f28-8470-6fb8d0cd083a}
ijji Auto Installer-->"I:\Program Files\InstallShield Installation Information\{1DCC7418-2089-4BDD-B321-3771956160FC}\setup.exe" -runfromtemp -l0x0009 -removeonly
ImgBurn-->"I:\Program Files\ImgBurn\uninstall.exe"
iPodAid iPod to Computer Transfer 6-->"I:\Program Files\iPodAid iPod to Computer Transfer\unins000.exe"
iTunes-->MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Lexmark 2500 Series-->I:\Program Files\Lexmark 2500 Series\Install\x86\Uninst.exe
LiveReg (Symantec Corporation)-->I:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.80 (Symantec Corporation)-->I:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
MagicDisc 2.6.93-->I:\PROGRA~1\MAGICD~1\UNWISE.EXE I:\PROGRA~1\MAGICD~1\INSTALL.LOG
Malwarebytes' Anti-Malware-->"I:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MapleStory-->MsiExec.exe /I{C2BF196F-6A27-416E-BF77-DF32B9AD9D7B}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"I:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "I:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"I:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"I:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"I:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"I:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional 2007 Trial-->"I:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL
Microsoft Office Professional 2007-->MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"I:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mono for Windows 1.9.1-->"I:\Program Files\Mono-1.9.1\unins000.exe"
Mozilla Firefox (3.0.1)-->I:\Program Files\Mozilla Firefox\uninstall\helper.exe
MPEG2 Codec(libmpeg2/mad)-->"I:\Program Files\GNU\MPEG2\Uninstall.exe"
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Neffy 1,2,0,12-->I:\Program Files\Neffy\uninst.exe
Norton Security Scan-->MsiExec.exe /I{3A4FFB84-D070-4DA5-AB7B-D41D87FD8D19}
Norton WMI Update-->MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
PlayNC Launcher-->"I:\Program Files\InstallShield Installation Information\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}\setup.exe" -runfromtemp -l0x0009 -removeonly
Protected Music Converter 1.0.0.10-->"I:\Program Files\WMA-MP3.com\Protected Music Converter\unins000.exe"
QuickTime-->MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RegCure 1.5.0.1-->I:\Program Files\RegCure\uninst.exe
Rohan_USA-->I:\Rohan\GoUninstUSA.exe
RollerCoaster Tycoon 3 Platinum-->RunDll32 I:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "I:\Program Files\InstallShield Installation Information\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\SETUP.EXE" -l0x9 -removeonly
Safari-->MsiExec.exe /I{0AFC9710-5DD6-4C6A-BA52-91AE992B2C9D}
Scholastic's I SPY School Days-->I:\PROGRA~1\SCHOLA~1\ISPYSC~1\UNWISE.EXE I:\PROGRA~1\SCHOLA~1\ISPYSC~1\INSTALL.LOG
SciTE4AutoIt3 16-3-2008-->I:\Program Files\AutoIt3\SciTE\uninst.exe
Security Update for 2007 Microsoft Office System (KB951596)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {1AFF2298-CC00-4A3B-866A-C62B8373794E}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for Microsoft Office Excel 2007 (KB951546)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {7399DD71-8E24-4E60-B6A8-6CED89C0AC26}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Windows Internet Explorer 7 (KB938127)-->"I:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"I:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"I:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"I:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"I:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"I:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"I:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->I:\WINDOWS\system32\MacroMed\Flash\genuinst.exe I:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"I:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"I:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"I:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"I:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"I:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"I:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"I:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"I:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"I:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"I:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"I:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"I:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"I:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Spyware Doctor 5.5-->I:\Program Files\Spyware Doctor\unins000.exe /LOG
Starcraft-->I:\WINDOWS\SCunin.exe I:\WINDOWS\SCunin.dat
Steam™-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
The Battle for Middle-earth ™ II-->I:\Program Files\Electronic Arts\The Battle for Middle-earth ™ II\EAUninstall.exe
The Battle for Middle-earth ™-->I:\Program Files\EA GAMES\The Battle for Middle-earth ™\EAUninstall.exe
ToneThis 3.5-->I:\Program Files\ToneThis 3.5\Uninstall.exe
Uniblue RegistryBooster 2-->"I:\Program Files\Uniblue\RegistryBooster 2\unins000.exe"
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb956080)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {96CC215F-3F22-4E1E-A101-F0041934A456}
Update for Windows XP (KB951072-v2)-->"I:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"I:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
VeohTV BETA-->I:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
WC3Banlist-->"I:\Program Files\WC3Banlist\unins000.exe"
Windows Imaging Component-->"I:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"I:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"I:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"I:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"I:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"I:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3-->"I:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinPcap 3.1-->I:\Program Files\WinPcap\uninstall.exe
WinRAR archiver-->I:\Program Files\WinRAR\uninstall.exe
Xfire (remove only)-->"I:\Program Files\Xfire\uninst.exe"
Yahoo! 工具列-->I:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Yahoo! Browser Services-->I:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager-->I:\WINDOWS\system32\regsvr32 /u I:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->I:\WINDOWS\system32\regsvr32 /u /s I:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger-->I:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U I:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;I:\Program Files\QuickTime\QTSystem\;I:\Program Files\ATI Technologies\ATI.ACE\Core-Static
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=2f00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;I:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=I:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

#7 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:25 AM

Posted 20 September 2008 - 01:49 PM

Hello Paulhan93,

The following is referring to RegCure, Eusing Free Registry Cleaner and Uniblue RegistryBooster.
Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:
  • Registry tools can cause irreparable damage to your Operating System
  • Registry tools can, as a result of the above, render your pc to be inoperable.
This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.

If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.



You have some suspicious files we need to check.

You will need to see hidden files, so follow these directions:
Go to My Computer and double-click C.
Go to the Tools menu and select 'Folder Options'.
On the 'View' tab select 'show hidden files and folders',
deselect (uncheck) 'hide protected operating system files (recommended)', and
deselect (uncheck) "Hide extensions for known file types.'


Go to next site: http://www.virustotal.com/en/indexf.html
On top you'll find 'Browse'
Click the browse button and browse to next file:

I:\WINDOWS\system32\2780e3b.dll

Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Save the results in notepad.

Perform the same for next files:

I:\WINDOWS\system32\2061879.dll
I:\WINDOWS\system32\173c45c6.dll
I:\WINDOWS\system32\11817386.dll
I:\WINDOWS\system32\5d9dfe2.dll
I:\WINDOWS\system32\2f2f05f0.dll
I:\WINDOWS\system32\184e151a.dll
I:\WINDOWS\system32\14986785.dll


Once scanned, copy and paste the results also in your next reply.

NOTE: I usually enter my email address at virus total so they can send me the scan results. They usually only take a couple minutes to reply.
You can copy/paste the results of scan results here.

Edited by SifuMike, 20 September 2008 - 01:52 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 Paulhan93

Paulhan93
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 20 September 2008 - 03:58 PM

ok

File 2780e3b.dll received on 09.20.2008 22:46:58 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/36 (0%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 39 and 56 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2008.9.19.2 2008.09.19 -
AntiVir 7.8.1.34 2008.09.19 -
Authentium 5.1.0.4 2008.09.20 -
Avast 4.8.1195.0 2008.09.20 -
AVG 8.0.0.161 2008.09.20 -
BitDefender 7.2 2008.09.20 -
CAT-QuickHeal 9.50 2008.09.20 -
ClamAV 0.93.1 2008.09.20 -
DrWeb 4.44.0.09170 2008.09.20 -
eSafe 7.0.17.0 2008.09.18 -
eTrust-Vet 31.6.6095 2008.09.19 -
Ewido 4.0 2008.09.20 -
F-Prot 4.4.4.56 2008.09.20 -
F-Secure 8.0.14332.0 2008.09.20 -
Fortinet 3.113.0.0 2008.09.20 -
GData 19 2008.09.20 -
Ikarus T3.1.1.34.0 2008.09.20 -
K7AntiVirus 7.10.466 2008.09.20 -
Kaspersky 7.0.0.125 2008.09.20 -
McAfee 5388 2008.09.19 -
Microsoft 1.3903 2008.09.20 -
NOD32v2 3457 2008.09.19 -
Norman 5.80.02 2008.09.19 -
Panda 9.0.0.4 2008.09.20 -
PCTools 4.4.2.0 2008.09.20 -
Prevx1 V2 2008.09.20 -
Rising 20.62.52.00 2008.09.20 -
Sophos 4.33.0 2008.09.20 -
Sunbelt 3.1.1653.1 2008.09.20 -
Symantec 10 2008.09.20 -
TheHacker 6.3.0.9.090 2008.09.20 -
TrendMicro 8.700.0.1004 2008.09.20 -
VBA32 3.12.8.5 2008.09.20 -
ViRobot 2008.9.20.1385 2008.09.20 -
VirusBuster 4.5.11.0 2008.09.20 -
Webwasher-Gateway 6.6.2 2008.07.21 -
Additional information
File size: 82432 bytes
MD5...: 2ccc474eb85ceaa3e1fa1726580a3e5a
SHA1..: 7cf3366c68e402eb3678046fe97651a586044560
SHA256: 6e99d2fb4997e54e8b1b7d769cf2c0fae296a6441dc39984850ea26bfeb7e500
SHA512: 158cdba8cda0da68829f30fa8f5b7a0caca90d9a6ca7480a3de7a3a6c0f2f84d
68533d62c5f72c7f332e90a7a916f4b28c49c0841b3bfb0df5a8b63e4ba5426c
PEiD..: -
TrID..: File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x71ab1273
timedatestamp.....: 0x4802a163 (Mon Apr 14 00:12:19 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x12153 0x12200 6.48 cb2c4ac799159013b18999c21e2df4f0
.data 0x14000 0x914 0xa00 4.88 704b5717fb2cf3f297691957debc5e92
.rsrc 0x15000 0x3f8 0x400 3.43 5ff68b649c14d167754073f671ef1ef1
.reloc 0x16000 0xdc8 0xe00 6.65 c085926e9053221b19c5e6bcc1c08384

( 5 imports )
> ADVAPI32.dll: RegNotifyChangeKeyValue, RegDeleteKeyA, RegSetValueExA, RegQueryValueExA, RegOpenKeyExA, RegCreateKeyExA, RegCloseKey, RegEnumKeyExA
> KERNEL32.dll: GetTickCount, QueryPerformanceCounter, lstrcmpA, HeapReAlloc, HeapFree, HeapAlloc, InterlockedCompareExchange, IsBadWritePtr, GetEnvironmentVariableA, GetComputerNameA, GetVersionExA, GetSystemDirectoryA, GetWindowsDirectoryA, WaitForMultipleObjectsEx, ResetEvent, IsBadReadPtr, TlsSetValue, GetHandleInformation, ExpandEnvironmentStringsA, InterlockedExchange, GetCurrentThreadId, TlsAlloc, GetSystemInfo, HeapCreate, GetProcessHeap, HeapDestroy, TlsFree, lstrlenA, lstrcpyA, IsBadCodePtr, GetProcAddress, CreateEventA, GetModuleFileNameA, LoadLibraryA, CreateThread, FreeLibrary, WaitForSingleObject, CloseHandle, FreeLibraryAndExitThread, EnterCriticalSection, SetEvent, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, SwitchToThread, SetLastError, DelayLoadFailureHook, TlsGetValue, InterlockedDecrement, GetLastError, WideCharToMultiByte, MultiByteToWideChar, InitializeCriticalSection, DeleteCriticalSection, InterlockedIncrement, LeaveCriticalSection
> msvcrt.dll: __isascii, isspace, _except_handler3, sprintf, _adjust_fdiv, malloc, _initterm, free, _stricmp, fclose, fgets, atoi, strchr, fopen, wcscpy, strtoul, wcscmp, wcslen, wcschr
> ntdll.dll: RtlIpv4StringToAddressW, RtlIpv6StringToAddressExW, RtlIpv4StringToAddressA
> WS2HELP.dll: WahCompleteRequest, WahQueueUserApc, WahEnableNonIFSHandleSupport, WahDisableNonIFSHandleSupport, WahCreateSocketHandle, WahNotifyAllProcesses, WahCreateNotificationHandle, WahWaitForNotification, WahOpenCurrentThread, WahCloseThread, WahInsertHandleContext, WahRemoveHandleContext, WahDestroyHandleContextTable, WahCreateHandleContextTable, WahEnumerateHandleContexts, WahCloseApcHelper, WahCloseHandleHelper, WahCloseNotificationHandleHelper, WahOpenNotificationHandleHelper, WahOpenHandleHelper, WahOpenApcHelper, WahCloseSocketHandle, WahReferenceContextByHandle

( 117 exports )
FreeAddrInfoW, GetAddrInfoW, GetNameInfoW, WEP, WPUCompleteOverlappedRequest, WSAAccept, WSAAddressToStringA, WSAAddressToStringW, WSAAsyncGetHostByAddr, WSAAsyncGetHostByName, WSAAsyncGetProtoByName, WSAAsyncGetProtoByNumber, WSAAsyncGetServByName, WSAAsyncGetServByPort, WSAAsyncSelect, WSACancelAsyncRequest, WSACancelBlockingCall, WSACleanup, WSACloseEvent, WSAConnect, WSACreateEvent, WSADuplicateSocketA, WSADuplicateSocketW, WSAEnumNameSpaceProvidersA, WSAEnumNameSpaceProvidersW, WSAEnumNetworkEvents, WSAEnumProtocolsA, WSAEnumProtocolsW, WSAEventSelect, WSAGetLastError, WSAGetOverlappedResult, WSAGetQOSByName, WSAGetServiceClassInfoA, WSAGetServiceClassInfoW, WSAGetServiceClassNameByClassIdA, WSAGetServiceClassNameByClassIdW, WSAHtonl, WSAHtons, WSAInstallServiceClassA, WSAInstallServiceClassW, WSAIoctl, WSAIsBlocking, WSAJoinLeaf, WSALookupServiceBeginA, WSALookupServiceBeginW, WSALookupServiceEnd, WSALookupServiceNextA, WSALookupServiceNextW, WSANSPIoctl, WSANtohl, WSANtohs, WSAProviderConfigChange, WSARecv, WSARecvDisconnect, WSARecvFrom, WSARemoveServiceClass, WSAResetEvent, WSASend, WSASendDisconnect, WSASendTo, WSASetBlockingHook, WSASetEvent, WSASetLastError, WSASetServiceA, WSASetServiceW, WSASocketA, WSASocketW, WSAStartup, WSAStringToAddressA, WSAStringToAddressW, WSAUnhookBlockingHook, WSAWaitForMultipleEvents, WSApSetPostRoutine, WSCDeinstallProvider, WSCEnableNSProvider, WSCEnumProtocols, WSCGetProviderPath, WSCInstallNameSpace, WSCInstallProvider, WSCUnInstallNameSpace, WSCUpdateProvider, WSCWriteNameSpaceOrder, WSCWriteProviderOrder, __WSAFDIsSet, accept, bind, closesocket, connect, freeaddrinfo, getaddrinfo, gethostbyaddr, gethostbyname, gethostname, getnameinfo, getpeername, getprotobyname, getprotobynumber, getservbyname, getservbyport, getsockname, getsockopt, htonl, htons, inet_addr, inet_ntoa, ioctlsocket, listen, ntohl, ntohs, recv, recvfrom, select, send, sendto, setsockopt, shutdown, socket


File 2061879.dll received on 09.20.2008 22:49:48 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/36 (0%)
Loading server information...
Your file is queued in position: 2.
Estimated start time is between 43 and 62 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2008.9.19.2 2008.09.19 -
AntiVir 7.8.1.34 2008.09.19 -
Authentium 5.1.0.4 2008.09.20 -
Avast 4.8.1195.0 2008.09.20 -
AVG 8.0.0.161 2008.09.20 -
BitDefender 7.2 2008.09.20 -
CAT-QuickHeal 9.50 2008.09.20 -
ClamAV 0.93.1 2008.09.20 -
DrWeb 4.44.0.09170 2008.09.20 -
eSafe 7.0.17.0 2008.09.18 -
eTrust-Vet 31.6.6096 2008.09.20 -
Ewido 4.0 2008.09.20 -
F-Prot 4.4.4.56 2008.09.20 -
F-Secure 8.0.14332.0 2008.09.20 -
Fortinet 3.113.0.0 2008.09.20 -
GData 19 2008.09.20 -
Ikarus T3.1.1.34.0 2008.09.20 -
K7AntiVirus 7.10.466 2008.09.20 -
Kaspersky 7.0.0.125 2008.09.20 -
McAfee 5388 2008.09.19 -
Microsoft 1.3903 2008.09.20 -
NOD32v2 3457 2008.09.19 -
Norman 5.80.02 2008.09.19 -
Panda 9.0.0.4 2008.09.20 -
PCTools 4.4.2.0 2008.09.20 -
Prevx1 V2 2008.09.20 -
Rising 20.62.52.00 2008.09.20 -
Sophos 4.33.0 2008.09.20 -
Sunbelt 3.1.1653.1 2008.09.20 -
Symantec 10 2008.09.20 -
TheHacker 6.3.0.9.090 2008.09.20 -
TrendMicro 8.700.0.1004 2008.09.20 -
VBA32 3.12.8.5 2008.09.20 -
ViRobot 2008.9.20.1385 2008.09.20 -
VirusBuster 4.5.11.0 2008.09.20 -
Webwasher-Gateway 6.6.2 2008.07.21 -
Additional information
File size: 1689088 bytes
MD5...: 0607cbc6fa20114cb491efe4b2f9efad
SHA1..: e8d9606f19c855df00ba878e151f985e9d2b9117
SHA256: f1abf07cc45f9c013b9f53e64820ecb12ac9b1e681b9a1703e30a0637e7d9bb6
SHA512: ce5a93181d098310206f1ad84d40886bebc08f1e94c2b1fde5a1b42cde1970cc
6ce227b4bd274c59677c7542ccee3e4bde97c9f46f6cb525105d1b3a31901d60
PEiD..: -
TrID..: File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4fe4f782
timedatestamp.....: 0x4802a0a9 (Mon Apr 14 00:09:13 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x18a549 0x18a600 6.68 0e2e4aacfdf27e6e610667c242309edc
.data 0x18c000 0xa0c4 0x4600 4.93 5ef1ca044e66aa19030f7577500796d2
.rsrc 0x197000 0x3e0 0x400 3.33 06b49722b2ed109914247832ea0bad39
.reloc 0x198000 0xd1a2 0xd200 6.00 7c472e01cffc4bd7a257c9ea26c9a3c7

( 8 imports )
> d3d8thk.dll: OsThunkDdSetGammaRamp, OsThunkDdCreateSurfaceEx, OsThunkDdCreateSurface, OsThunkDdCreateD3DBuffer, OsThunkDdAttachSurface, OsThunkDdCreateSurfaceObject, OsThunkDdCanCreateSurface, OsThunkDdCanCreateD3DBuffer, OsThunkD3dContextCreate, OsThunkD3dContextDestroy, OsThunkD3dContextDestroyAll, OsThunkDdGetDriverState, OsThunkD3dValidateTextureStageState, OsThunkD3dDrawPrimitives2, OsThunkDdGetScanLine, OsThunkDdQueryDirectDrawObject, OsThunkDdBlt, OsThunkDdReenableDirectDrawObject, OsThunkDdFlip, OsThunkDdGetDC, OsThunkDdDeleteDirectDrawObject, OsThunkDdGetDriverInfo, OsThunkDdQueryMoCompStatus, OsThunkDdRenderMoComp, OsThunkDdEndMoCompFrame, OsThunkDdBeginMoCompFrame, OsThunkDdDestroyMoComp, OsThunkDdCreateMoComp, OsThunkDdGetMoCompBuffInfo, OsThunkDdGetInternalMoCompInfo, OsThunkDdGetMoCompFormats, OsThunkDdGetMoCompGuids, OsThunkDdGetAvailDriverMemory, OsThunkDdFlipToGDISurface, OsThunkDdSetExclusiveMode, OsThunkDdWaitForVerticalBlank, OsThunkDdGetFlipStatus, OsThunkDdGetBltStatus, OsThunkDdUnlock, OsThunkDdUnlockD3D, OsThunkDdLock, OsThunkDdLockD3D, OsThunkDdResetVisrgn, OsThunkDdReleaseDC, OsThunkDdDeleteSurfaceObject, OsThunkDdDestroySurface, OsThunkDdDestroyD3DBuffer
> msvcrt.dll: _onexit, __dllonexit, _except_handler3, _terminate@@YAXXZ, __1type_info@@UAE@XZ, _adjust_fdiv, _initterm, memmove, realloc, free, malloc, strstr, isalnum, sscanf, _purecall, _strlwr, wcsrchr, atoi, ceil, _stricmp, _vsnprintf, floor, _CIpow, __CxxFrameHandler, _ftol, _snprintf, qsort, _what@exception@@UBEPBDXZ, __0exception@@QAE@ABQBD@Z, __1exception@@UAE@XZ, fflush, fwrite, __0exception@@QAE@ABV0@@Z, fopen, sprintf, strchr, __0exception@@QAE@XZ, fclose, calloc, _CxxThrowException
> USER32.dll: PtInRect, GetCursorPos, SetCursorPos, GetCursor, SetCursor, DestroyIcon, GetDesktopWindow, GetWindowDC, CreateIconIndirect, mouse_event, SetForegroundWindow, SetRect, GetClientRect, ClientToScreen, EnumDisplaySettingsA, OffsetRect, IntersectRect, GetSystemMetrics, LoadStringA, GetMonitorInfoA, GetDC, ReleaseDC, SystemParametersInfoA, GetUserObjectInformationA, CloseDesktop, GetThreadDesktop, IsWindow, GetWindowThreadProcessId, KillTimer, SetWindowLongA, CallWindowProcA, SendMessageA, IsIconic, PostMessageA, GetWindowLongA, GetKeyState, DefWindowProcA, SetWindowPos, GetForegroundWindow, IsWindowVisible, ShowWindow, IsZoomed, SetTimer, ChangeDisplaySettingsA, wsprintfA, OpenInputDesktop
> ADVAPI32.dll: RegDeleteValueA, RegCreateKeyExA, RegSetValueExA, RegQueryInfoKeyA, RegEnumValueA, RegOpenKeyA, GetSidLengthRequired, InitializeSid, GetSidSubAuthority, GetLengthSid, InitializeAcl, AddAccessAllowedAce, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, RegOpenKeyExA, RegQueryValueExA, RegCloseKey
> VERSION.dll: GetFileVersionInfoA, GetFileVersionInfoSizeA, VerQueryValueA
> WINMM.dll: timeEndPeriod, timeBeginPeriod
> GDI32.dll: DeleteDC, GetNearestColor, CreateDCA, GdiEntry13, GetRegionData, DeleteObject, GetRandomRgn, CreateRectRgn, GetDIBits, CreateCompatibleBitmap, GetDeviceGammaRamp, SelectObject, CreateDIBSection, CreateCompatibleDC, StretchBlt, SetStretchBltMode, BitBlt, GdiEntry1, GetSystemPaletteEntries, CreateDIBitmap, GetDeviceCaps
> KERNEL32.dll: Sleep, QueryPerformanceFrequency, QueryPerformanceCounter, GetTickCount, LocalFree, LocalAlloc, VerSetConditionMask, VerifyVersionInfoA, LeaveCriticalSection, GetCurrentThread, SetThreadPriority, ResumeThread, SetThreadAffinityMask, GetProcessAffinityMask, GetTempPathA, TlsGetValue, TlsSetValue, GetEnvironmentVariableA, TlsAlloc, CreateEventA, CreateThread, ExitThread, SetEvent, WaitForMultipleObjects, VirtualProtect, VirtualAlloc, VirtualFree, IsProcessorFeaturePresent, DebugBreak, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, EnterCriticalSection, CreateSemaphoreA, WaitForSingleObject, ReleaseSemaphore, CloseHandle, WideCharToMultiByte, GetVersionExA, CreateFileA, MultiByteToWideChar, SetFilePointer, ReadFile, MoveFileA, DeleteFileA, WriteFile, GetFileSize, GetModuleFileNameA, GetPrivateProfileStringA, ConnectNamedPipe, SetNamedPipeHandleState, DisconnectNamedPipe, FlushFileBuffers, ReleaseMutex, PeekNamedPipe, TransactNamedPipe, WaitNamedPipeA, CreateNamedPipeA, GetSystemInfo, GetCurrentThreadId, lstrcmpA, GetLastError, InterlockedIncrement, DeleteCriticalSection, InitializeCriticalSection, FreeLibrary, GetProcAddress, LoadLibraryA, InterlockedExchange, SetErrorMode, InterlockedDecrement, GetSystemDirectoryA, GetModuleHandleA, lstrcpynA, OutputDebugStringA, OpenMutexA, CreateMutexA, DisableThreadLibraryCalls, GetCurrentProcessId, InterlockedCompareExchange

( 14 exports )
CheckFullscreen, D3DPERF_BeginEvent, D3DPERF_EndEvent, D3DPERF_GetStatus, D3DPERF_QueryRepeatFrame, D3DPERF_SetMarker, D3DPERF_SetOptions, D3DPERF_SetRegion, DebugSetLevel, DebugSetMute, Direct3DCreate9, Direct3DShaderValidatorCreate9, PSGPError, PSGPSampleTexture

ATENTION ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware




File 11817386.dll received on 09.20.2008 22:51:09 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/36 (0%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 39 and 56 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2008.9.19.2 2008.09.19 -
AntiVir 7.8.1.34 2008.09.19 -
Authentium 5.1.0.4 2008.09.20 -
Avast 4.8.1195.0 2008.09.20 -
AVG 8.0.0.161 2008.09.20 -
BitDefender 7.2 2008.09.20 -
CAT-QuickHeal 9.50 2008.09.20 -
ClamAV 0.93.1 2008.09.20 -
DrWeb 4.44.0.09170 2008.09.20 -
eSafe 7.0.17.0 2008.09.18 -
eTrust-Vet 31.6.6095 2008.09.19 -
Ewido 4.0 2008.09.20 -
F-Prot 4.4.4.56 2008.09.20 -
F-Secure 8.0.14332.0 2008.09.20 -
Fortinet 3.113.0.0 2008.09.20 -
GData 19 2008.09.20 -
Ikarus T3.1.1.34.0 2008.09.20 -
K7AntiVirus 7.10.466 2008.09.20 -
Kaspersky 7.0.0.125 2008.09.20 -
McAfee 5388 2008.09.19 -
Microsoft 1.3903 2008.09.20 -
NOD32v2 3457 2008.09.19 -
Norman 5.80.02 2008.09.19 -
Panda 9.0.0.4 2008.09.20 -
PCTools 4.4.2.0 2008.09.20 -
Prevx1 V2 2008.09.20 -
Rising 20.62.52.00 2008.09.20 -
Sophos 4.33.0 2008.09.20 -
Sunbelt 3.1.1653.1 2008.09.20 -
Symantec 10 2008.09.20 -
TheHacker 6.3.0.9.090 2008.09.20 -
TrendMicro 8.700.0.1004 2008.09.20 -
VBA32 3.12.8.5 2008.09.20 -
ViRobot 2008.9.20.1385 2008.09.20 -
VirusBuster 4.5.11.0 2008.09.20 -
Webwasher-Gateway 6.6.2 2008.07.21 -
Additional information
File size: 1689088 bytes
MD5...: 0607cbc6fa20114cb491efe4b2f9efad
SHA1..: e8d9606f19c855df00ba878e151f985e9d2b9117
SHA256: f1abf07cc45f9c013b9f53e64820ecb12ac9b1e681b9a1703e30a0637e7d9bb6
SHA512: ce5a93181d098310206f1ad84d40886bebc08f1e94c2b1fde5a1b42cde1970cc
6ce227b4bd274c59677c7542ccee3e4bde97c9f46f6cb525105d1b3a31901d60
PEiD..: -
TrID..: File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4fe4f782
timedatestamp.....: 0x4802a0a9 (Mon Apr 14 00:09:13 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x18a549 0x18a600 6.68 0e2e4aacfdf27e6e610667c242309edc
.data 0x18c000 0xa0c4 0x4600 4.93 5ef1ca044e66aa19030f7577500796d2
.rsrc 0x197000 0x3e0 0x400 3.33 06b49722b2ed109914247832ea0bad39
.reloc 0x198000 0xd1a2 0xd200 6.00 7c472e01cffc4bd7a257c9ea26c9a3c7

( 8 imports )
> d3d8thk.dll: OsThunkDdSetGammaRamp, OsThunkDdCreateSurfaceEx, OsThunkDdCreateSurface, OsThunkDdCreateD3DBuffer, OsThunkDdAttachSurface, OsThunkDdCreateSurfaceObject, OsThunkDdCanCreateSurface, OsThunkDdCanCreateD3DBuffer, OsThunkD3dContextCreate, OsThunkD3dContextDestroy, OsThunkD3dContextDestroyAll, OsThunkDdGetDriverState, OsThunkD3dValidateTextureStageState, OsThunkD3dDrawPrimitives2, OsThunkDdGetScanLine, OsThunkDdQueryDirectDrawObject, OsThunkDdBlt, OsThunkDdReenableDirectDrawObject, OsThunkDdFlip, OsThunkDdGetDC, OsThunkDdDeleteDirectDrawObject, OsThunkDdGetDriverInfo, OsThunkDdQueryMoCompStatus, OsThunkDdRenderMoComp, OsThunkDdEndMoCompFrame, OsThunkDdBeginMoCompFrame, OsThunkDdDestroyMoComp, OsThunkDdCreateMoComp, OsThunkDdGetMoCompBuffInfo, OsThunkDdGetInternalMoCompInfo, OsThunkDdGetMoCompFormats, OsThunkDdGetMoCompGuids, OsThunkDdGetAvailDriverMemory, OsThunkDdFlipToGDISurface, OsThunkDdSetExclusiveMode, OsThunkDdWaitForVerticalBlank, OsThunkDdGetFlipStatus, OsThunkDdGetBltStatus, OsThunkDdUnlock, OsThunkDdUnlockD3D, OsThunkDdLock, OsThunkDdLockD3D, OsThunkDdResetVisrgn, OsThunkDdReleaseDC, OsThunkDdDeleteSurfaceObject, OsThunkDdDestroySurface, OsThunkDdDestroyD3DBuffer
> msvcrt.dll: _onexit, __dllonexit, _except_handler3, _terminate@@YAXXZ, __1type_info@@UAE@XZ, _adjust_fdiv, _initterm, memmove, realloc, free, malloc, strstr, isalnum, sscanf, _purecall, _strlwr, wcsrchr, atoi, ceil, _stricmp, _vsnprintf, floor, _CIpow, __CxxFrameHandler, _ftol, _snprintf, qsort, _what@exception@@UBEPBDXZ, __0exception@@QAE@ABQBD@Z, __1exception@@UAE@XZ, fflush, fwrite, __0exception@@QAE@ABV0@@Z, fopen, sprintf, strchr, __0exception@@QAE@XZ, fclose, calloc, _CxxThrowException
> USER32.dll: PtInRect, GetCursorPos, SetCursorPos, GetCursor, SetCursor, DestroyIcon, GetDesktopWindow, GetWindowDC, CreateIconIndirect, mouse_event, SetForegroundWindow, SetRect, GetClientRect, ClientToScreen, EnumDisplaySettingsA, OffsetRect, IntersectRect, GetSystemMetrics, LoadStringA, GetMonitorInfoA, GetDC, ReleaseDC, SystemParametersInfoA, GetUserObjectInformationA, CloseDesktop, GetThreadDesktop, IsWindow, GetWindowThreadProcessId, KillTimer, SetWindowLongA, CallWindowProcA, SendMessageA, IsIconic, PostMessageA, GetWindowLongA, GetKeyState, DefWindowProcA, SetWindowPos, GetForegroundWindow, IsWindowVisible, ShowWindow, IsZoomed, SetTimer, ChangeDisplaySettingsA, wsprintfA, OpenInputDesktop
> ADVAPI32.dll: RegDeleteValueA, RegCreateKeyExA, RegSetValueExA, RegQueryInfoKeyA, RegEnumValueA, RegOpenKeyA, GetSidLengthRequired, InitializeSid, GetSidSubAuthority, GetLengthSid, InitializeAcl, AddAccessAllowedAce, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, RegOpenKeyExA, RegQueryValueExA, RegCloseKey
> VERSION.dll: GetFileVersionInfoA, GetFileVersionInfoSizeA, VerQueryValueA
> WINMM.dll: timeEndPeriod, timeBeginPeriod
> GDI32.dll: DeleteDC, GetNearestColor, CreateDCA, GdiEntry13, GetRegionData, DeleteObject, GetRandomRgn, CreateRectRgn, GetDIBits, CreateCompatibleBitmap, GetDeviceGammaRamp, SelectObject, CreateDIBSection, CreateCompatibleDC, StretchBlt, SetStretchBltMode, BitBlt, GdiEntry1, GetSystemPaletteEntries, CreateDIBitmap, GetDeviceCaps
> KERNEL32.dll: Sleep, QueryPerformanceFrequency, QueryPerformanceCounter, GetTickCount, LocalFree, LocalAlloc, VerSetConditionMask, VerifyVersionInfoA, LeaveCriticalSection, GetCurrentThread, SetThreadPriority, ResumeThread, SetThreadAffinityMask, GetProcessAffinityMask, GetTempPathA, TlsGetValue, TlsSetValue, GetEnvironmentVariableA, TlsAlloc, CreateEventA, CreateThread, ExitThread, SetEvent, WaitForMultipleObjects, VirtualProtect, VirtualAlloc, VirtualFree, IsProcessorFeaturePresent, DebugBreak, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, EnterCriticalSection, CreateSemaphoreA, WaitForSingleObject, ReleaseSemaphore, CloseHandle, WideCharToMultiByte, GetVersionExA, CreateFileA, MultiByteToWideChar, SetFilePointer, ReadFile, MoveFileA, DeleteFileA, WriteFile, GetFileSize, GetModuleFileNameA, GetPrivateProfileStringA, ConnectNamedPipe, SetNamedPipeHandleState, DisconnectNamedPipe, FlushFileBuffers, ReleaseMutex, PeekNamedPipe, TransactNamedPipe, WaitNamedPipeA, CreateNamedPipeA, GetSystemInfo, GetCurrentThreadId, lstrcmpA, GetLastError, InterlockedIncrement, DeleteCriticalSection, InitializeCriticalSection, FreeLibrary, GetProcAddress, LoadLibraryA, InterlockedExchange, SetErrorMode, InterlockedDecrement, GetSystemDirectoryA, GetModuleHandleA, lstrcpynA, OutputDebugStringA, OpenMutexA, CreateMutexA, DisableThreadLibraryCalls, GetCurrentProcessId, InterlockedCompareExchange

( 14 exports )
CheckFullscreen, D3DPERF_BeginEvent, D3DPERF_EndEvent, D3DPERF_GetStatus, D3DPERF_QueryRepeatFrame, D3DPERF_SetMarker, D3DPERF_SetOptions, D3DPERF_SetRegion, DebugSetLevel, DebugSetMute, Direct3DCreate9, Direct3DShaderValidatorCreate9, PSGPError, PSGPSampleTexture




File 173c45c6.dll received on 09.20.2008 22:51:32 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/36 (0%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 39 and 56 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2008.9.19.2 2008.09.19 -
AntiVir 7.8.1.34 2008.09.19 -
Authentium 5.1.0.4 2008.09.20 -
Avast 4.8.1195.0 2008.09.20 -
AVG 8.0.0.161 2008.09.20 -
BitDefender 7.2 2008.09.20 -
CAT-QuickHeal 9.50 2008.09.20 -
ClamAV 0.93.1 2008.09.20 -
DrWeb 4.44.0.09170 2008.09.20 -
eSafe 7.0.17.0 2008.09.18 -
eTrust-Vet 31.6.6095 2008.09.19 -
Ewido 4.0 2008.09.20 -
F-Prot 4.4.4.56 2008.09.20 -
F-Secure 8.0.14332.0 2008.09.20 -
Fortinet 3.113.0.0 2008.09.20 -
GData 19 2008.09.20 -
Ikarus T3.1.1.34.0 2008.09.20 -
K7AntiVirus 7.10.466 2008.09.20 -
Kaspersky 7.0.0.125 2008.09.20 -
McAfee 5388 2008.09.19 -
Microsoft 1.3903 2008.09.20 -
NOD32v2 3457 2008.09.19 -
Norman 5.80.02 2008.09.19 -
Panda 9.0.0.4 2008.09.20 -
PCTools 4.4.2.0 2008.09.20 -
Prevx1 V2 2008.09.20 -
Rising 20.62.52.00 2008.09.20 -
Sophos 4.33.0 2008.09.20 -
Sunbelt 3.1.1653.1 2008.09.20 -
Symantec 10 2008.09.20 -
TheHacker 6.3.0.9.090 2008.09.20 -
TrendMicro 8.700.0.1004 2008.09.20 -
VBA32 3.12.8.5 2008.09.20 -
ViRobot 2008.9.20.1385 2008.09.20 -
VirusBuster 4.5.11.0 2008.09.20 -
Webwasher-Gateway 6.6.2 2008.07.21 -
Additional information
File size: 82432 bytes
MD5...: 2ccc474eb85ceaa3e1fa1726580a3e5a
SHA1..: 7cf3366c68e402eb3678046fe97651a586044560
SHA256: 6e99d2fb4997e54e8b1b7d769cf2c0fae296a6441dc39984850ea26bfeb7e500
SHA512: 158cdba8cda0da68829f30fa8f5b7a0caca90d9a6ca7480a3de7a3a6c0f2f84d
68533d62c5f72c7f332e90a7a916f4b28c49c0841b3bfb0df5a8b63e4ba5426c
PEiD..: -
TrID..: File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x71ab1273
timedatestamp.....: 0x4802a163 (Mon Apr 14 00:12:19 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x12153 0x12200 6.48 cb2c4ac799159013b18999c21e2df4f0
.data 0x14000 0x914 0xa00 4.88 704b5717fb2cf3f297691957debc5e92
.rsrc 0x15000 0x3f8 0x400 3.43 5ff68b649c14d167754073f671ef1ef1
.reloc 0x16000 0xdc8 0xe00 6.65 c085926e9053221b19c5e6bcc1c08384

( 5 imports )
> ADVAPI32.dll: RegNotifyChangeKeyValue, RegDeleteKeyA, RegSetValueExA, RegQueryValueExA, RegOpenKeyExA, RegCreateKeyExA, RegCloseKey, RegEnumKeyExA
> KERNEL32.dll: GetTickCount, QueryPerformanceCounter, lstrcmpA, HeapReAlloc, HeapFree, HeapAlloc, InterlockedCompareExchange, IsBadWritePtr, GetEnvironmentVariableA, GetComputerNameA, GetVersionExA, GetSystemDirectoryA, GetWindowsDirectoryA, WaitForMultipleObjectsEx, ResetEvent, IsBadReadPtr, TlsSetValue, GetHandleInformation, ExpandEnvironmentStringsA, InterlockedExchange, GetCurrentThreadId, TlsAlloc, GetSystemInfo, HeapCreate, GetProcessHeap, HeapDestroy, TlsFree, lstrlenA, lstrcpyA, IsBadCodePtr, GetProcAddress, CreateEventA, GetModuleFileNameA, LoadLibraryA, CreateThread, FreeLibrary, WaitForSingleObject, CloseHandle, FreeLibraryAndExitThread, EnterCriticalSection, SetEvent, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, SwitchToThread, SetLastError, DelayLoadFailureHook, TlsGetValue, InterlockedDecrement, GetLastError, WideCharToMultiByte, MultiByteToWideChar, InitializeCriticalSection, DeleteCriticalSection, InterlockedIncrement, LeaveCriticalSection
> msvcrt.dll: __isascii, isspace, _except_handler3, sprintf, _adjust_fdiv, malloc, _initterm, free, _stricmp, fclose, fgets, atoi, strchr, fopen, wcscpy, strtoul, wcscmp, wcslen, wcschr
> ntdll.dll: RtlIpv4StringToAddressW, RtlIpv6StringToAddressExW, RtlIpv4StringToAddressA
> WS2HELP.dll: WahCompleteRequest, WahQueueUserApc, WahEnableNonIFSHandleSupport, WahDisableNonIFSHandleSupport, WahCreateSocketHandle, WahNotifyAllProcesses, WahCreateNotificationHandle, WahWaitForNotification, WahOpenCurrentThread, WahCloseThread, WahInsertHandleContext, WahRemoveHandleContext, WahDestroyHandleContextTable, WahCreateHandleContextTable, WahEnumerateHandleContexts, WahCloseApcHelper, WahCloseHandleHelper, WahCloseNotificationHandleHelper, WahOpenNotificationHandleHelper, WahOpenHandleHelper, WahOpenApcHelper, WahCloseSocketHandle, WahReferenceContextByHandle

( 117 exports )
FreeAddrInfoW, GetAddrInfoW, GetNameInfoW, WEP, WPUCompleteOverlappedRequest, WSAAccept, WSAAddressToStringA, WSAAddressToStringW, WSAAsyncGetHostByAddr, WSAAsyncGetHostByName, WSAAsyncGetProtoByName, WSAAsyncGetProtoByNumber, WSAAsyncGetServByName, WSAAsyncGetServByPort, WSAAsyncSelect, WSACancelAsyncRequest, WSACancelBlockingCall, WSACleanup, WSACloseEvent, WSAConnect, WSACreateEvent, WSADuplicateSocketA, WSADuplicateSocketW, WSAEnumNameSpaceProvidersA, WSAEnumNameSpaceProvidersW, WSAEnumNetworkEvents, WSAEnumProtocolsA, WSAEnumProtocolsW, WSAEventSelect, WSAGetLastError, WSAGetOverlappedResult, WSAGetQOSByName, WSAGetServiceClassInfoA, WSAGetServiceClassInfoW, WSAGetServiceClassNameByClassIdA, WSAGetServiceClassNameByClassIdW, WSAHtonl, WSAHtons, WSAInstallServiceClassA, WSAInstallServiceClassW, WSAIoctl, WSAIsBlocking, WSAJoinLeaf, WSALookupServiceBeginA, WSALookupServiceBeginW, WSALookupServiceEnd, WSALookupServiceNextA, WSALookupServiceNextW, WSANSPIoctl, WSANtohl, WSANtohs, WSAProviderConfigChange, WSARecv, WSARecvDisconnect, WSARecvFrom, WSARemoveServiceClass, WSAResetEvent, WSASend, WSASendDisconnect, WSASendTo, WSASetBlockingHook, WSASetEvent, WSASetLastError, WSASetServiceA, WSASetServiceW, WSASocketA, WSASocketW, WSAStartup, WSAStringToAddressA, WSAStringToAddressW, WSAUnhookBlockingHook, WSAWaitForMultipleEvents, WSApSetPostRoutine, WSCDeinstallProvider, WSCEnableNSProvider, WSCEnumProtocols, WSCGetProviderPath, WSCInstallNameSpace, WSCInstallProvider, WSCUnInstallNameSpace, WSCUpdateProvider, WSCWriteNameSpaceOrder, WSCWriteProviderOrder, __WSAFDIsSet, accept, bind, closesocket, connect, freeaddrinfo, getaddrinfo, gethostbyaddr, gethostbyname, gethostname, getnameinfo, getpeername, getprotobyname, getprotobynumber, getservbyname, getservbyport, getsockname, getsockopt, htonl, htons, inet_addr, inet_ntoa, ioctlsocket, listen, ntohl, ntohs, recv, recvfrom, select, send, sendto, setsockopt, shutdown, socket




File 5d9dfe2.dll received on 09.20.2008 22:53:46 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/36 (0%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2008.9.19.2 2008.09.19 -
AntiVir 7.8.1.34 2008.09.19 -
Authentium 5.1.0.4 2008.09.20 -
Avast 4.8.1195.0 2008.09.20 -
AVG 8.0.0.161 2008.09.20 -
BitDefender 7.2 2008.09.20 -
CAT-QuickHeal 9.50 2008.09.20 -
ClamAV 0.93.1 2008.09.20 -
DrWeb 4.44.0.09170 2008.09.20 -
eSafe 7.0.17.0 2008.09.18 -
eTrust-Vet 31.6.6096 2008.09.20 -
Ewido 4.0 2008.09.20 -
F-Prot 4.4.4.56 2008.09.20 -
F-Secure 8.0.14332.0 2008.09.20 -
Fortinet 3.113.0.0 2008.09.20 -
GData 19 2008.09.20 -
Ikarus T3.1.1.34.0 2008.09.20 -
K7AntiVirus 7.10.466 2008.09.20 -
Kaspersky 7.0.0.125 2008.09.20 -
McAfee 5388 2008.09.19 -
Microsoft 1.3903 2008.09.20 -
NOD32v2 3457 2008.09.19 -
Norman 5.80.02 2008.09.19 -
Panda 9.0.0.4 2008.09.20 -
PCTools 4.4.2.0 2008.09.20 -
Prevx1 V2 2008.09.20 -
Rising 20.62.52.00 2008.09.20 -
Sophos 4.33.0 2008.09.20 -
Sunbelt 3.1.1653.1 2008.09.20 -
Symantec 10 2008.09.20 -
TheHacker 6.3.0.9.090 2008.09.20 -
TrendMicro 8.700.0.1004 2008.09.20 -
VBA32 3.12.8.5 2008.09.20 -
ViRobot 2008.9.20.1385 2008.09.20 -
VirusBuster 4.5.11.0 2008.09.20 -
Webwasher-Gateway 6.6.2 2008.07.21 -
Additional information
File size: 82432 bytes
MD5...: 2ccc474eb85ceaa3e1fa1726580a3e5a
SHA1..: 7cf3366c68e402eb3678046fe97651a586044560
SHA256: 6e99d2fb4997e54e8b1b7d769cf2c0fae296a6441dc39984850ea26bfeb7e500
SHA512: 158cdba8cda0da68829f30fa8f5b7a0caca90d9a6ca7480a3de7a3a6c0f2f84d
68533d62c5f72c7f332e90a7a916f4b28c49c0841b3bfb0df5a8b63e4ba5426c
PEiD..: -
TrID..: File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x71ab1273
timedatestamp.....: 0x4802a163 (Mon Apr 14 00:12:19 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x12153 0x12200 6.48 cb2c4ac799159013b18999c21e2df4f0
.data 0x14000 0x914 0xa00 4.88 704b5717fb2cf3f297691957debc5e92
.rsrc 0x15000 0x3f8 0x400 3.43 5ff68b649c14d167754073f671ef1ef1
.reloc 0x16000 0xdc8 0xe00 6.65 c085926e9053221b19c5e6bcc1c08384

( 5 imports )
> ADVAPI32.dll: RegNotifyChangeKeyValue, RegDeleteKeyA, RegSetValueExA, RegQueryValueExA, RegOpenKeyExA, RegCreateKeyExA, RegCloseKey, RegEnumKeyExA
> KERNEL32.dll: GetTickCount, QueryPerformanceCounter, lstrcmpA, HeapReAlloc, HeapFree, HeapAlloc, InterlockedCompareExchange, IsBadWritePtr, GetEnvironmentVariableA, GetComputerNameA, GetVersionExA, GetSystemDirectoryA, GetWindowsDirectoryA, WaitForMultipleObjectsEx, ResetEvent, IsBadReadPtr, TlsSetValue, GetHandleInformation, ExpandEnvironmentStringsA, InterlockedExchange, GetCurrentThreadId, TlsAlloc, GetSystemInfo, HeapCreate, GetProcessHeap, HeapDestroy, TlsFree, lstrlenA, lstrcpyA, IsBadCodePtr, GetProcAddress, CreateEventA, GetModuleFileNameA, LoadLibraryA, CreateThread, FreeLibrary, WaitForSingleObject, CloseHandle, FreeLibraryAndExitThread, EnterCriticalSection, SetEvent, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, SwitchToThread, SetLastError, DelayLoadFailureHook, TlsGetValue, InterlockedDecrement, GetLastError, WideCharToMultiByte, MultiByteToWideChar, InitializeCriticalSection, DeleteCriticalSection, InterlockedIncrement, LeaveCriticalSection
> msvcrt.dll: __isascii, isspace, _except_handler3, sprintf, _adjust_fdiv, malloc, _initterm, free, _stricmp, fclose, fgets, atoi, strchr, fopen, wcscpy, strtoul, wcscmp, wcslen, wcschr
> ntdll.dll: RtlIpv4StringToAddressW, RtlIpv6StringToAddressExW, RtlIpv4StringToAddressA
> WS2HELP.dll: WahCompleteRequest, WahQueueUserApc, WahEnableNonIFSHandleSupport, WahDisableNonIFSHandleSupport, WahCreateSocketHandle, WahNotifyAllProcesses, WahCreateNotificationHandle, WahWaitForNotification, WahOpenCurrentThread, WahCloseThread, WahInsertHandleContext, WahRemoveHandleContext, WahDestroyHandleContextTable, WahCreateHandleContextTable, WahEnumerateHandleContexts, WahCloseApcHelper, WahCloseHandleHelper, WahCloseNotificationHandleHelper, WahOpenNotificationHandleHelper, WahOpenHandleHelper, WahOpenApcHelper, WahCloseSocketHandle, WahReferenceContextByHandle

( 117 exports )
FreeAddrInfoW, GetAddrInfoW, GetNameInfoW, WEP, WPUCompleteOverlappedRequest, WSAAccept, WSAAddressToStringA, WSAAddressToStringW, WSAAsyncGetHostByAddr, WSAAsyncGetHostByName, WSAAsyncGetProtoByName, WSAAsyncGetProtoByNumber, WSAAsyncGetServByName, WSAAsyncGetServByPort, WSAAsyncSelect, WSACancelAsyncRequest, WSACancelBlockingCall, WSACleanup, WSACloseEvent, WSAConnect, WSACreateEvent, WSADuplicateSocketA, WSADuplicateSocketW, WSAEnumNameSpaceProvidersA, WSAEnumNameSpaceProvidersW, WSAEnumNetworkEvents, WSAEnumProtocolsA, WSAEnumProtocolsW, WSAEventSelect, WSAGetLastError, WSAGetOverlappedResult, WSAGetQOSByName, WSAGetServiceClassInfoA, WSAGetServiceClassInfoW, WSAGetServiceClassNameByClassIdA, WSAGetServiceClassNameByClassIdW, WSAHtonl, WSAHtons, WSAInstallServiceClassA, WSAInstallServiceClassW, WSAIoctl, WSAIsBlocking, WSAJoinLeaf, WSALookupServiceBeginA, WSALookupServiceBeginW, WSALookupServiceEnd, WSALookupServiceNextA, WSALookupServiceNextW, WSANSPIoctl, WSANtohl, WSANtohs, WSAProviderConfigChange, WSARecv, WSARecvDisconnect, WSARecvFrom, WSARemoveServiceClass, WSAResetEvent, WSASend, WSASendDisconnect, WSASendTo, WSASetBlockingHook, WSASetEvent, WSASetLastError, WSASetServiceA, WSASetServiceW, WSASocketA, WSASocketW, WSAStartup, WSAStringToAddressA, WSAStringToAddressW, WSAUnhookBlockingHook, WSAWaitForMultipleEvents, WSApSetPostRoutine, WSCDeinstallProvider, WSCEnableNSProvider, WSCEnumProtocols, WSCGetProviderPath, WSCInstallNameSpace, WSCInstallProvider, WSCUnInstallNameSpace, WSCUpdateProvider, WSCWriteNameSpaceOrder, WSCWriteProviderOrder, __WSAFDIsSet, accept, bind, closesocket, connect, freeaddrinfo, getaddrinfo, gethostbyaddr, gethostbyname, gethostname, getnameinfo, getpeername, getprotobyname, getprotobynumber, getservbyname, getservbyport, getsockname, getsockopt, htonl, htons, inet_addr, inet_ntoa, ioctlsocket, listen, ntohl, ntohs, recv, recvfrom, select, send, sendto, setsockopt, shutdown, socket





File 2f2f05f0.dll received on 09.20.2008 22:54:14 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/36 (0%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 39 and 56 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2008.9.19.2 2008.09.19 -
AntiVir 7.8.1.34 2008.09.19 -
Authentium 5.1.0.4 2008.09.20 -
Avast 4.8.1195.0 2008.09.20 -
AVG 8.0.0.161 2008.09.20 -
BitDefender 7.2 2008.09.20 -
CAT-QuickHeal 9.50 2008.09.20 -
ClamAV 0.93.1 2008.09.20 -
DrWeb 4.44.0.09170 2008.09.20 -
eSafe 7.0.17.0 2008.09.18 -
eTrust-Vet 31.6.6095 2008.09.19 -
Ewido 4.0 2008.09.20 -
F-Prot 4.4.4.56 2008.09.20 -
F-Secure 8.0.14332.0 2008.09.20 -
Fortinet 3.113.0.0 2008.09.20 -
GData 19 2008.09.20 -
Ikarus T3.1.1.34.0 2008.09.20 -
K7AntiVirus 7.10.466 2008.09.20 -
Kaspersky 7.0.0.125 2008.09.20 -
McAfee 5388 2008.09.19 -
Microsoft 1.3903 2008.09.20 -
NOD32v2 3457 2008.09.19 -
Norman 5.80.02 2008.09.19 -
Panda 9.0.0.4 2008.09.20 -
PCTools 4.4.2.0 2008.09.20 -
Prevx1 V2 2008.09.20 -
Rising 20.62.52.00 2008.09.20 -
Sophos 4.33.0 2008.09.20 -
Sunbelt 3.1.1647.1 2008.09.18 -
Symantec 10 2008.09.20 -
TheHacker 6.3.0.9.090 2008.09.20 -
TrendMicro 8.700.0.1004 2008.09.20 -
VBA32 3.12.8.5 2008.09.20 -
ViRobot 2008.9.20.1385 2008.09.20 -
VirusBuster 4.5.11.0 2008.09.20 -
Webwasher-Gateway 6.6.2 2008.07.21 -
Additional information
File size: 82432 bytes
MD5...: 2ccc474eb85ceaa3e1fa1726580a3e5a
SHA1..: 7cf3366c68e402eb3678046fe97651a586044560
SHA256: 6e99d2fb4997e54e8b1b7d769cf2c0fae296a6441dc39984850ea26bfeb7e500
SHA512: 158cdba8cda0da68829f30fa8f5b7a0caca90d9a6ca7480a3de7a3a6c0f2f84d
68533d62c5f72c7f332e90a7a916f4b28c49c0841b3bfb0df5a8b63e4ba5426c
PEiD..: -
TrID..: File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x71ab1273
timedatestamp.....: 0x4802a163 (Mon Apr 14 00:12:19 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x12153 0x12200 6.48 cb2c4ac799159013b18999c21e2df4f0
.data 0x14000 0x914 0xa00 4.88 704b5717fb2cf3f297691957debc5e92
.rsrc 0x15000 0x3f8 0x400 3.43 5ff68b649c14d167754073f671ef1ef1
.reloc 0x16000 0xdc8 0xe00 6.65 c085926e9053221b19c5e6bcc1c08384

( 5 imports )
> ADVAPI32.dll: RegNotifyChangeKeyValue, RegDeleteKeyA, RegSetValueExA, RegQueryValueExA, RegOpenKeyExA, RegCreateKeyExA, RegCloseKey, RegEnumKeyExA
> KERNEL32.dll: GetTickCount, QueryPerformanceCounter, lstrcmpA, HeapReAlloc, HeapFree, HeapAlloc, InterlockedCompareExchange, IsBadWritePtr, GetEnvironmentVariableA, GetComputerNameA, GetVersionExA, GetSystemDirectoryA, GetWindowsDirectoryA, WaitForMultipleObjectsEx, ResetEvent, IsBadReadPtr, TlsSetValue, GetHandleInformation, ExpandEnvironmentStringsA, InterlockedExchange, GetCurrentThreadId, TlsAlloc, GetSystemInfo, HeapCreate, GetProcessHeap, HeapDestroy, TlsFree, lstrlenA, lstrcpyA, IsBadCodePtr, GetProcAddress, CreateEventA, GetModuleFileNameA, LoadLibraryA, CreateThread, FreeLibrary, WaitForSingleObject, CloseHandle, FreeLibraryAndExitThread, EnterCriticalSection, SetEvent, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, SwitchToThread, SetLastError, DelayLoadFailureHook, TlsGetValue, InterlockedDecrement, GetLastError, WideCharToMultiByte, MultiByteToWideChar, InitializeCriticalSection, DeleteCriticalSection, InterlockedIncrement, LeaveCriticalSection
> msvcrt.dll: __isascii, isspace, _except_handler3, sprintf, _adjust_fdiv, malloc, _initterm, free, _stricmp, fclose, fgets, atoi, strchr, fopen, wcscpy, strtoul, wcscmp, wcslen, wcschr
> ntdll.dll: RtlIpv4StringToAddressW, RtlIpv6StringToAddressExW, RtlIpv4StringToAddressA
> WS2HELP.dll: WahCompleteRequest, WahQueueUserApc, WahEnableNonIFSHandleSupport, WahDisableNonIFSHandleSupport, WahCreateSocketHandle, WahNotifyAllProcesses, WahCreateNotificationHandle, WahWaitForNotification, WahOpenCurrentThread, WahCloseThread, WahInsertHandleContext, WahRemoveHandleContext, WahDestroyHandleContextTable, WahCreateHandleContextTable, WahEnumerateHandleContexts, WahCloseApcHelper, WahCloseHandleHelper, WahCloseNotificationHandleHelper, WahOpenNotificationHandleHelper, WahOpenHandleHelper, WahOpenApcHelper, WahCloseSocketHandle, WahReferenceContextByHandle

( 117 exports )
FreeAddrInfoW, GetAddrInfoW, GetNameInfoW, WEP, WPUCompleteOverlappedRequest, WSAAccept, WSAAddressToStringA, WSAAddressToStringW, WSAAsyncGetHostByAddr, WSAAsyncGetHostByName, WSAAsyncGetProtoByName, WSAAsyncGetProtoByNumber, WSAAsyncGetServByName, WSAAsyncGetServByPort, WSAAsyncSelect, WSACancelAsyncRequest, WSACancelBlockingCall, WSACleanup, WSACloseEvent, WSAConnect, WSACreateEvent, WSADuplicateSocketA, WSADuplicateSocketW, WSAEnumNameSpaceProvidersA, WSAEnumNameSpaceProvidersW, WSAEnumNetworkEvents, WSAEnumProtocolsA, WSAEnumProtocolsW, WSAEventSelect, WSAGetLastError, WSAGetOverlappedResult, WSAGetQOSByName, WSAGetServiceClassInfoA, WSAGetServiceClassInfoW, WSAGetServiceClassNameByClassIdA, WSAGetServiceClassNameByClassIdW, WSAHtonl, WSAHtons, WSAInstallServiceClassA, WSAInstallServiceClassW, WSAIoctl, WSAIsBlocking, WSAJoinLeaf, WSALookupServiceBeginA, WSALookupServiceBeginW, WSALookupServiceEnd, WSALookupServiceNextA, WSALookupServiceNextW, WSANSPIoctl, WSANtohl, WSANtohs, WSAProviderConfigChange, WSARecv, WSARecvDisconnect, WSARecvFrom, WSARemoveServiceClass, WSAResetEvent, WSASend, WSASendDisconnect, WSASendTo, WSASetBlockingHook, WSASetEvent, WSASetLastError, WSASetServiceA, WSASetServiceW, WSASocketA, WSASocketW, WSAStartup, WSAStringToAddressA, WSAStringToAddressW, WSAUnhookBlockingHook, WSAWaitForMultipleEvents, WSApSetPostRoutine, WSCDeinstallProvider, WSCEnableNSProvider, WSCEnumProtocols, WSCGetProviderPath, WSCInstallNameSpace, WSCInstallProvider, WSCUnInstallNameSpace, WSCUpdateProvider, WSCWriteNameSpaceOrder, WSCWriteProviderOrder, __WSAFDIsSet, accept, bind, closesocket, connect, freeaddrinfo, getaddrinfo, gethostbyaddr, gethostbyname, gethostname, getnameinfo, getpeername, getprotobyname, getprotobynumber, getservbyname, getservbyport, getsockname, getsockopt, htonl, htons, inet_addr, inet_ntoa, ioctlsocket, listen, ntohl, ntohs, recv, recvfrom, select, send, sendto, setsockopt, shutdown, socket






File 184e151a.dll received on 09.20.2008 22:55:24 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/36 (0%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 39 and 56 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2008.9.19.2 2008.09.19 -
AntiVir 7.8.1.34 2008.09.19 -
Authentium 5.1.0.4 2008.09.20 -
Avast 4.8.1195.0 2008.09.20 -
AVG 8.0.0.161 2008.09.20 -
BitDefender 7.2 2008.09.20 -
CAT-QuickHeal 9.50 2008.09.20 -
ClamAV 0.93.1 2008.09.20 -
DrWeb 4.44.0.09170 2008.09.20 -
eSafe 7.0.17.0 2008.09.18 -
eTrust-Vet 31.6.6096 2008.09.20 -
Ewido 4.0 2008.09.20 -
F-Prot 4.4.4.56 2008.09.20 -
F-Secure 8.0.14332.0 2008.09.20 -
Fortinet 3.113.0.0 2008.09.20 -
GData 19 2008.09.20 -
Ikarus T3.1.1.34.0 2008.09.20 -
K7AntiVirus 7.10.466 2008.09.20 -
Kaspersky 7.0.0.125 2008.09.20 -
McAfee 5388 2008.09.19 -
Microsoft 1.3903 2008.09.20 -
NOD32v2 3457 2008.09.19 -
Norman 5.80.02 2008.09.19 -
Panda 9.0.0.4 2008.09.20 -
PCTools 4.4.2.0 2008.09.20 -
Prevx1 V2 2008.09.20 -
Rising 20.62.52.00 2008.09.20 -
Sophos 4.33.0 2008.09.20 -
Sunbelt 3.1.1653.1 2008.09.20 -
Symantec 10 2008.09.20 -
TheHacker 6.3.0.9.090 2008.09.20 -
TrendMicro 8.700.0.1004 2008.09.20 -
VBA32 3.12.8.5 2008.09.20 -
ViRobot 2008.9.20.1385 2008.09.20 -
VirusBuster 4.5.11.0 2008.09.20 -
Webwasher-Gateway 6.6.2 2008.07.21 -
Additional information
File size: 1689088 bytes
MD5...: 0607cbc6fa20114cb491efe4b2f9efad
SHA1..: e8d9606f19c855df00ba878e151f985e9d2b9117
SHA256: f1abf07cc45f9c013b9f53e64820ecb12ac9b1e681b9a1703e30a0637e7d9bb6
SHA512: ce5a93181d098310206f1ad84d40886bebc08f1e94c2b1fde5a1b42cde1970cc
6ce227b4bd274c59677c7542ccee3e4bde97c9f46f6cb525105d1b3a31901d60
PEiD..: -
TrID..: File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4fe4f782
timedatestamp.....: 0x4802a0a9 (Mon Apr 14 00:09:13 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x18a549 0x18a600 6.68 0e2e4aacfdf27e6e610667c242309edc
.data 0x18c000 0xa0c4 0x4600 4.93 5ef1ca044e66aa19030f7577500796d2
.rsrc 0x197000 0x3e0 0x400 3.33 06b49722b2ed109914247832ea0bad39
.reloc 0x198000 0xd1a2 0xd200 6.00 7c472e01cffc4bd7a257c9ea26c9a3c7

( 8 imports )
> d3d8thk.dll: OsThunkDdSetGammaRamp, OsThunkDdCreateSurfaceEx, OsThunkDdCreateSurface, OsThunkDdCreateD3DBuffer, OsThunkDdAttachSurface, OsThunkDdCreateSurfaceObject, OsThunkDdCanCreateSurface, OsThunkDdCanCreateD3DBuffer, OsThunkD3dContextCreate, OsThunkD3dContextDestroy, OsThunkD3dContextDestroyAll, OsThunkDdGetDriverState, OsThunkD3dValidateTextureStageState, OsThunkD3dDrawPrimitives2, OsThunkDdGetScanLine, OsThunkDdQueryDirectDrawObject, OsThunkDdBlt, OsThunkDdReenableDirectDrawObject, OsThunkDdFlip, OsThunkDdGetDC, OsThunkDdDeleteDirectDrawObject, OsThunkDdGetDriverInfo, OsThunkDdQueryMoCompStatus, OsThunkDdRenderMoComp, OsThunkDdEndMoCompFrame, OsThunkDdBeginMoCompFrame, OsThunkDdDestroyMoComp, OsThunkDdCreateMoComp, OsThunkDdGetMoCompBuffInfo, OsThunkDdGetInternalMoCompInfo, OsThunkDdGetMoCompFormats, OsThunkDdGetMoCompGuids, OsThunkDdGetAvailDriverMemory, OsThunkDdFlipToGDISurface, OsThunkDdSetExclusiveMode, OsThunkDdWaitForVerticalBlank, OsThunkDdGetFlipStatus, OsThunkDdGetBltStatus, OsThunkDdUnlock, OsThunkDdUnlockD3D, OsThunkDdLock, OsThunkDdLockD3D, OsThunkDdResetVisrgn, OsThunkDdReleaseDC, OsThunkDdDeleteSurfaceObject, OsThunkDdDestroySurface, OsThunkDdDestroyD3DBuffer
> msvcrt.dll: _onexit, __dllonexit, _except_handler3, _terminate@@YAXXZ, __1type_info@@UAE@XZ, _adjust_fdiv, _initterm, memmove, realloc, free, malloc, strstr, isalnum, sscanf, _purecall, _strlwr, wcsrchr, atoi, ceil, _stricmp, _vsnprintf, floor, _CIpow, __CxxFrameHandler, _ftol, _snprintf, qsort, _what@exception@@UBEPBDXZ, __0exception@@QAE@ABQBD@Z, __1exception@@UAE@XZ, fflush, fwrite, __0exception@@QAE@ABV0@@Z, fopen, sprintf, strchr, __0exception@@QAE@XZ, fclose, calloc, _CxxThrowException
> USER32.dll: PtInRect, GetCursorPos, SetCursorPos, GetCursor, SetCursor, DestroyIcon, GetDesktopWindow, GetWindowDC, CreateIconIndirect, mouse_event, SetForegroundWindow, SetRect, GetClientRect, ClientToScreen, EnumDisplaySettingsA, OffsetRect, IntersectRect, GetSystemMetrics, LoadStringA, GetMonitorInfoA, GetDC, ReleaseDC, SystemParametersInfoA, GetUserObjectInformationA, CloseDesktop, GetThreadDesktop, IsWindow, GetWindowThreadProcessId, KillTimer, SetWindowLongA, CallWindowProcA, SendMessageA, IsIconic, PostMessageA, GetWindowLongA, GetKeyState, DefWindowProcA, SetWindowPos, GetForegroundWindow, IsWindowVisible, ShowWindow, IsZoomed, SetTimer, ChangeDisplaySettingsA, wsprintfA, OpenInputDesktop
> ADVAPI32.dll: RegDeleteValueA, RegCreateKeyExA, RegSetValueExA, RegQueryInfoKeyA, RegEnumValueA, RegOpenKeyA, GetSidLengthRequired, InitializeSid, GetSidSubAuthority, GetLengthSid, InitializeAcl, AddAccessAllowedAce, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, RegOpenKeyExA, RegQueryValueExA, RegCloseKey
> VERSION.dll: GetFileVersionInfoA, GetFileVersionInfoSizeA, VerQueryValueA
> WINMM.dll: timeEndPeriod, timeBeginPeriod
> GDI32.dll: DeleteDC, GetNearestColor, CreateDCA, GdiEntry13, GetRegionData, DeleteObject, GetRandomRgn, CreateRectRgn, GetDIBits, CreateCompatibleBitmap, GetDeviceGammaRamp, SelectObject, CreateDIBSection, CreateCompatibleDC, StretchBlt, SetStretchBltMode, BitBlt, GdiEntry1, GetSystemPaletteEntries, CreateDIBitmap, GetDeviceCaps
> KERNEL32.dll: Sleep, QueryPerformanceFrequency, QueryPerformanceCounter, GetTickCount, LocalFree, LocalAlloc, VerSetConditionMask, VerifyVersionInfoA, LeaveCriticalSection, GetCurrentThread, SetThreadPriority, ResumeThread, SetThreadAffinityMask, GetProcessAffinityMask, GetTempPathA, TlsGetValue, TlsSetValue, GetEnvironmentVariableA, TlsAlloc, CreateEventA, CreateThread, ExitThread, SetEvent, WaitForMultipleObjects, VirtualProtect, VirtualAlloc, VirtualFree, IsProcessorFeaturePresent, DebugBreak, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, EnterCriticalSection, CreateSemaphoreA, WaitForSingleObject, ReleaseSemaphore, CloseHandle, WideCharToMultiByte, GetVersionExA, CreateFileA, MultiByteToWideChar, SetFilePointer, ReadFile, MoveFileA, DeleteFileA, WriteFile, GetFileSize, GetModuleFileNameA, GetPrivateProfileStringA, ConnectNamedPipe, SetNamedPipeHandleState, DisconnectNamedPipe, FlushFileBuffers, ReleaseMutex, PeekNamedPipe, TransactNamedPipe, WaitNamedPipeA, CreateNamedPipeA, GetSystemInfo, GetCurrentThreadId, lstrcmpA, GetLastError, InterlockedIncrement, DeleteCriticalSection, InitializeCriticalSection, FreeLibrary, GetProcAddress, LoadLibraryA, InterlockedExchange, SetErrorMode, InterlockedDecrement, GetSystemDirectoryA, GetModuleHandleA, lstrcpynA, OutputDebugStringA, OpenMutexA, CreateMutexA, DisableThreadLibraryCalls, GetCurrentProcessId, InterlockedCompareExchange

( 14 exports )
CheckFullscreen, D3DPERF_BeginEvent, D3DPERF_EndEvent, D3DPERF_GetStatus, D3DPERF_QueryRepeatFrame, D3DPERF_SetMarker, D3DPERF_SetOptions, D3DPERF_SetRegion, DebugSetLevel, DebugSetMute, Direct3DCreate9, Direct3DShaderValidatorCreate9, PSGPError, PSGPSampleTexture






File 14986785.dll received on 09.20.2008 22:57:01 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/36 (0%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 39 and 56 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2008.9.19.2 2008.09.19 -
AntiVir 7.8.1.34 2008.09.19 -
Authentium 5.1.0.4 2008.09.20 -
Avast 4.8.1195.0 2008.09.20 -
AVG 8.0.0.161 2008.09.20 -
BitDefender 7.2 2008.09.20 -
CAT-QuickHeal 9.50 2008.09.20 -
ClamAV 0.93.1 2008.09.20 -
DrWeb 4.44.0.09170 2008.09.20 -
eSafe 7.0.17.0 2008.09.18 -
eTrust-Vet 31.6.6096 2008.09.20 -
Ewido 4.0 2008.09.20 -
F-Prot 4.4.4.56 2008.09.20 -
F-Secure 8.0.14332.0 2008.09.20 -
Fortinet 3.113.0.0 2008.09.20 -
GData 19 2008.09.20 -
Ikarus T3.1.1.34.0 2008.09.20 -
K7AntiVirus 7.10.466 2008.09.20 -
Kaspersky 7.0.0.125 2008.09.20 -
McAfee 5388 2008.09.19 -
Microsoft 1.3903 2008.09.20 -
NOD32v2 3457 2008.09.19 -
Norman 5.80.02 2008.09.19 -
Panda 9.0.0.4 2008.09.20 -
PCTools 4.4.2.0 2008.09.20 -
Prevx1 V2 2008.09.20 -
Rising 20.62.52.00 2008.09.20 -
Sophos 4.33.0 2008.09.20 -
Sunbelt 3.1.1653.1 2008.09.20 -
Symantec 10 2008.09.20 -
TheHacker 6.3.0.9.090 2008.09.20 -
TrendMicro 8.700.0.1004 2008.09.20 -
VBA32 3.12.8.5 2008.09.20 -
ViRobot 2008.9.20.1385 2008.09.20 -
VirusBuster 4.5.11.0 2008.09.20 -
Webwasher-Gateway 6.6.2 2008.07.21 -
Additional information
File size: 1689088 bytes
MD5...: 0607cbc6fa20114cb491efe4b2f9efad
SHA1..: e8d9606f19c855df00ba878e151f985e9d2b9117
SHA256: f1abf07cc45f9c013b9f53e64820ecb12ac9b1e681b9a1703e30a0637e7d9bb6
SHA512: ce5a93181d098310206f1ad84d40886bebc08f1e94c2b1fde5a1b42cde1970cc
6ce227b4bd274c59677c7542ccee3e4bde97c9f46f6cb525105d1b3a31901d60
PEiD..: -
TrID..: File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4fe4f782
timedatestamp.....: 0x4802a0a9 (Mon Apr 14 00:09:13 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x18a549 0x18a600 6.68 0e2e4aacfdf27e6e610667c242309edc
.data 0x18c000 0xa0c4 0x4600 4.93 5ef1ca044e66aa19030f7577500796d2
.rsrc 0x197000 0x3e0 0x400 3.33 06b49722b2ed109914247832ea0bad39
.reloc 0x198000 0xd1a2 0xd200 6.00 7c472e01cffc4bd7a257c9ea26c9a3c7

( 8 imports )
> d3d8thk.dll: OsThunkDdSetGammaRamp, OsThunkDdCreateSurfaceEx, OsThunkDdCreateSurface, OsThunkDdCreateD3DBuffer, OsThunkDdAttachSurface, OsThunkDdCreateSurfaceObject, OsThunkDdCanCreateSurface, OsThunkDdCanCreateD3DBuffer, OsThunkD3dContextCreate, OsThunkD3dContextDestroy, OsThunkD3dContextDestroyAll, OsThunkDdGetDriverState, OsThunkD3dValidateTextureStageState, OsThunkD3dDrawPrimitives2, OsThunkDdGetScanLine, OsThunkDdQueryDirectDrawObject, OsThunkDdBlt, OsThunkDdReenableDirectDrawObject, OsThunkDdFlip, OsThunkDdGetDC, OsThunkDdDeleteDirectDrawObject, OsThunkDdGetDriverInfo, OsThunkDdQueryMoCompStatus, OsThunkDdRenderMoComp, OsThunkDdEndMoCompFrame, OsThunkDdBeginMoCompFrame, OsThunkDdDestroyMoComp, OsThunkDdCreateMoComp, OsThunkDdGetMoCompBuffInfo, OsThunkDdGetInternalMoCompInfo, OsThunkDdGetMoCompFormats, OsThunkDdGetMoCompGuids, OsThunkDdGetAvailDriverMemory, OsThunkDdFlipToGDISurface, OsThunkDdSetExclusiveMode, OsThunkDdWaitForVerticalBlank, OsThunkDdGetFlipStatus, OsThunkDdGetBltStatus, OsThunkDdUnlock, OsThunkDdUnlockD3D, OsThunkDdLock, OsThunkDdLockD3D, OsThunkDdResetVisrgn, OsThunkDdReleaseDC, OsThunkDdDeleteSurfaceObject, OsThunkDdDestroySurface, OsThunkDdDestroyD3DBuffer
> msvcrt.dll: _onexit, __dllonexit, _except_handler3, _terminate@@YAXXZ, __1type_info@@UAE@XZ, _adjust_fdiv, _initterm, memmove, realloc, free, malloc, strstr, isalnum, sscanf, _purecall, _strlwr, wcsrchr, atoi, ceil, _stricmp, _vsnprintf, floor, _CIpow, __CxxFrameHandler, _ftol, _snprintf, qsort, _what@exception@@UBEPBDXZ, __0exception@@QAE@ABQBD@Z, __1exception@@UAE@XZ, fflush, fwrite, __0exception@@QAE@ABV0@@Z, fopen, sprintf, strchr, __0exception@@QAE@XZ, fclose, calloc, _CxxThrowException
> USER32.dll: PtInRect, GetCursorPos, SetCursorPos, GetCursor, SetCursor, DestroyIcon, GetDesktopWindow, GetWindowDC, CreateIconIndirect, mouse_event, SetForegroundWindow, SetRect, GetClientRect, ClientToScreen, EnumDisplaySettingsA, OffsetRect, IntersectRect, GetSystemMetrics, LoadStringA, GetMonitorInfoA, GetDC, ReleaseDC, SystemParametersInfoA, GetUserObjectInformationA, CloseDesktop, GetThreadDesktop, IsWindow, GetWindowThreadProcessId, KillTimer, SetWindowLongA, CallWindowProcA, SendMessageA, IsIconic, PostMessageA, GetWindowLongA, GetKeyState, DefWindowProcA, SetWindowPos, GetForegroundWindow, IsWindowVisible, ShowWindow, IsZoomed, SetTimer, ChangeDisplaySettingsA, wsprintfA, OpenInputDesktop
> ADVAPI32.dll: RegDeleteValueA, RegCreateKeyExA, RegSetValueExA, RegQueryInfoKeyA, RegEnumValueA, RegOpenKeyA, GetSidLengthRequired, InitializeSid, GetSidSubAuthority, GetLengthSid, InitializeAcl, AddAccessAllowedAce, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, RegOpenKeyExA, RegQueryValueExA, RegCloseKey
> VERSION.dll: GetFileVersionInfoA, GetFileVersionInfoSizeA, VerQueryValueA
> WINMM.dll: timeEndPeriod, timeBeginPeriod
> GDI32.dll: DeleteDC, GetNearestColor, CreateDCA, GdiEntry13, GetRegionData, DeleteObject, GetRandomRgn, CreateRectRgn, GetDIBits, CreateCompatibleBitmap, GetDeviceGammaRamp, SelectObject, CreateDIBSection, CreateCompatibleDC, StretchBlt, SetStretchBltMode, BitBlt, GdiEntry1, GetSystemPaletteEntries, CreateDIBitmap, GetDeviceCaps
> KERNEL32.dll: Sleep, QueryPerformanceFrequency, QueryPerformanceCounter, GetTickCount, LocalFree, LocalAlloc, VerSetConditionMask, VerifyVersionInfoA, LeaveCriticalSection, GetCurrentThread, SetThreadPriority, ResumeThread, SetThreadAffinityMask, GetProcessAffinityMask, GetTempPathA, TlsGetValue, TlsSetValue, GetEnvironmentVariableA, TlsAlloc, CreateEventA, CreateThread, ExitThread, SetEvent, WaitForMultipleObjects, VirtualProtect, VirtualAlloc, VirtualFree, IsProcessorFeaturePresent, DebugBreak, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, EnterCriticalSection, CreateSemaphoreA, WaitForSingleObject, ReleaseSemaphore, CloseHandle, WideCharToMultiByte, GetVersionExA, CreateFileA, MultiByteToWideChar, SetFilePointer, ReadFile, MoveFileA, DeleteFileA, WriteFile, GetFileSize, GetModuleFileNameA, GetPrivateProfileStringA, ConnectNamedPipe, SetNamedPipeHandleState, DisconnectNamedPipe, FlushFileBuffers, ReleaseMutex, PeekNamedPipe, TransactNamedPipe, WaitNamedPipeA, CreateNamedPipeA, GetSystemInfo, GetCurrentThreadId, lstrcmpA, GetLastError, InterlockedIncrement, DeleteCriticalSection, InitializeCriticalSection, FreeLibrary, GetProcAddress, LoadLibraryA, InterlockedExchange, SetErrorMode, InterlockedDecrement, GetSystemDirectoryA, GetModuleHandleA, lstrcpynA, OutputDebugStringA, OpenMutexA, CreateMutexA, DisableThreadLibraryCalls, GetCurrentProcessId, InterlockedCompareExchange

( 14 exports )
CheckFullscreen, D3DPERF_BeginEvent, D3DPERF_EndEvent, D3DPERF_GetStatus, D3DPERF_QueryRepeatFrame, D3DPERF_SetMarker, D3DPERF_SetOptions, D3DPERF_SetRegion, DebugSetLevel, DebugSetMute, Direct3DCreate9, Direct3DShaderValidatorCreate9, PSGPError, PSGPSampleTexture



ok thats all

#9 Paulhan93

Paulhan93
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 20 September 2008 - 04:17 PM

wait how do u make it so scan results go to your e-mail.
I searched for a way but I cant find any.
Also when I copy and paste from the website it says it isnt complete but nothing else happens even if i just keep it on.
Still on the site it says Status: Complete.

Edited by Paulhan93, 20 September 2008 - 04:18 PM.


#10 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:25 AM

Posted 20 September 2008 - 05:23 PM

It tells you at the bottom of the page. http://www.virustotal.com/

If you wish you can also send files using your email client.



Did you read and follow this?
http://www.virustotal.com/metodos.html



Please post a fresh Hijackthis this log and tell me how the computer is running.

Edited by SifuMike, 20 September 2008 - 05:34 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 Paulhan93

Paulhan93
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 20 September 2008 - 08:06 PM

So are those scans i just posted done correctly? (should i do them again?) (also does this "-" in the VirusTotal antivirus programs check results mean negative?)

Also here is the HijackThis log



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:05:57 PM, on 9/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\system32\ctfmon.exe
I:\WINDOWS\ALCXMNTR.EXE
I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
I:\Documents and Settings\Paul Han\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
I:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.0.1.20080130-2132\soffice.exe
I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
I:\Program Files\Bonjour\mDNSResponder.exe
I:\WINDOWS\system32\lxddcoms.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\wuauclt.exe
I:\WINDOWS\system32\wscntfy.exe
I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\explorer.exe
I:\Program Files\Mozilla Firefox\firefox.exe
I:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
I:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - I:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - I:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - I:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "I:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lxddmon.exe] "I:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "I:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [StartCCC] "I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "I:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] I:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] I:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] I:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] I:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "I:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Veoh] "I:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [DAEMON Tools Lite] "I:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "I:\Documents and Settings\Paul Han\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SODCPreLoad] I:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.0.1.20080130-2132\preload.exe I:\PROGRA~1\IBM\Lotus\Symphony\data\.sodc\
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
O4 - Global Startup: Google Updater.lnk = I:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - I:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - I:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - I:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: i:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} (CyImage Class) - http://cyimg8.cyworld.com/ImageUpload/CyPi...U1.cab?20080604
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neff...ffyLauncher.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: ddcYqRlm - ddcYqRlm.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - I:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - I:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - I:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - I:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - I:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - I:\WINDOWS\system32\lxddcoms.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - I:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - I:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - I:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O24 - Desktop Component 0: Privacy Protection - (no file)

--
End of file - 9675 bytes

Edited by Paulhan93, 20 September 2008 - 08:11 PM.


#12 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:25 AM

Posted 20 September 2008 - 09:10 PM

Hi Paulhan93,

So are those scans i just posted done correctly? (should i do them again?) (also does this "-" in the VirusTotal antivirus programs check results mean negative?)


No need to run it again. According to VirusTotal all of the files you scanned are not viruses; however, they look suspicous.

We can check them another way.

Please double-click on My Computer and locate the file I:\WINDOWS\system32\2780e3b.dll.
Right-click on it and choose "Properties", then click on the "Version" tab at the top.
Click on "Comments", "Company", "File Version", and "Internal Name" and please post whatever the text in the box immediately to the right says for each.

Then do the same for these files:
I:\WINDOWS\system32\2061879.dll
I:\WINDOWS\system32\173c45c6.dll
I:\WINDOWS\system32\11817386.dll
I:\WINDOWS\system32\5d9dfe2.dll
I:\WINDOWS\system32\2f2f05f0.dll
I:\WINDOWS\system32\184e151a.dll
I:\WINDOWS\system32\14986785.dll


*******************************************

Download CCleaner and install it. (default location is best). Do not run it yet!

Beginners Guide to CCleaner

*******************************************

Disable Spyware Doctor before using Hijackthis.

To disable Spyware Doctor from running on your system startup:
1. First, disable the OnGuard Tools. This way, when you exit Spyware Doctor, these tools won't stay resident in the background.
2. Click the "Settings" button on the left side.
3. Click the "Startup Settings" link.
4. Uncheck "Run at Windows Startup".
5. Click the "Apply" button.



Please run HijackThis and click "Scan." Place checks next to the following entries, if present:

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O20 - Winlogon Notify: ddcYqRlm - ddcYqRlm.dll (file missing)
O24 - Desktop Component 0: Privacy Protection - (no file)


Close all browsers and other windows except for HijackThis, and click "Fix checked"


*******************************************

Please download the
OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
    (if you are running on Vista then right-click the program and choose Run as Administrator).
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    I:\WINDOWS\ALCXMNTR.EXE
    I:\VundoFix Backups


  • Return to OTMoveIt2, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  • Note : If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
    C:\_OTMoveIt2\MovedFiles\********_******.log
    (where "********_******" is the "date_time")
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Caution: Be careful of what you copy and paste with this tool. OTMoveIt2 is a powerful program, designed to move highly persistent files and folders. Not following the directions as instructed or using incorrectly could lead to disastrous problems with your operating system.


*******************************************

*NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders and does not make backups.

Let's empty the temp files:

Run CCleaner.

CAUTION: Please do NOT use the Issues or Registry button. This is a built-in registry cleaner. If you don't know how to use it, you may cause irreparable damage to your system.

1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation.
IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbarfree Basic version instead of the Standard Build.


2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

3. Then select the items you wish to clean up.

In the Windows Tab:
Clean all entries in the "Internet Explorer" section except Autocomplete Forum History.
Clean all the entries in the "Windows Explorer" section.
Clean all entries in the "System" section except for Start Menu Shortcuts and Desktop Shortcuts.
Clean any others that you choose.

In the Applications Tab:
Clean all including cookies in the Firefox/Mozilla section if you use it.
Clean all in the Opera section if you use it.
Clean Sun Java in the Internet Section.
Clean any others that you choose.

4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.

If it asks you to reboot at the end, click NO.

CCleaner should be run with the above settings for each User Account!

*******************************************

Reboot your computer, post a new Hijackthis log, OTMoveIt2 log, and tell me how your computer is running.

Edited by SifuMike, 20 September 2008 - 09:12 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 Paulhan93

Paulhan93
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 21 September 2008 - 12:22 AM

ok here are the results
O24 - Desktop Component 0: Privacy Protection - (no file) didnt go away though.
Also I wasn't sure if I was to OTMoveit2 again on those files after I already did it and after the ccleaner so the log, or results, of that is from before ccleaner.

oh yeah about those files in system32,
I forgot to do them before i did ccleaner and after i remembered to post their properties, they were gone from system32.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:19:30 PM, on 9/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
I:\Program Files\Bonjour\mDNSResponder.exe
I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
I:\WINDOWS\system32\lxddcoms.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\Explorer.EXE
I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
I:\Program Files\iTunes\iTunesHelper.exe
I:\Program Files\Lexmark 2500 Series\lxddamon.exe
I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
I:\WINDOWS\system32\ctfmon.exe
I:\Documents and Settings\Paul Han\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
I:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.0.1.20080130-2132\soffice.exe
I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
I:\WINDOWS\system32\wuauclt.exe
I:\WINDOWS\system32\wuauclt.exe
I:\Program Files\iPod\bin\iPodService.exe
I:\WINDOWS\system32\wscntfy.exe
I:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - I:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - I:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - I:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "I:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lxddmon.exe] "I:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "I:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [StartCCC] "I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "I:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] I:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] I:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] I:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] I:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "I:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Veoh] "I:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [DAEMON Tools Lite] "I:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "I:\Documents and Settings\Paul Han\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SODCPreLoad] I:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.0.1.20080130-2132\preload.exe I:\PROGRA~1\IBM\Lotus\Symphony\data\.sodc\
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
O4 - Global Startup: Google Updater.lnk = I:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - I:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - I:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - I:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: i:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} (CyImage Class) - http://cyimg8.cyworld.com/ImageUpload/CyPi...U1.cab?20080604
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neff...ffyLauncher.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - I:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - I:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - I:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - I:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - I:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - I:\WINDOWS\system32\lxddcoms.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - I:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - I:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - I:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O24 - Desktop Component 0: Privacy Protection - (no file)

--
End of file - 9633 bytes




I:\WINDOWS\ALCXMNTR.EXE moved successfully.
I:\VundoFix Backups moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09202008_220951

Edited by Paulhan93, 21 September 2008 - 02:14 AM.


#14 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:25 AM

Posted 21 September 2008 - 01:03 PM

To get rid of the O24 - Desktop Component 0: Privacy Protection - (no file)

Go to start -> control panel -> Display properties -> Desktop -> Customize Desktop... -> Web tab, then uncheck and delete everything you find in there (except for "My current home page"),

Also remove the checkmark from the the Lock Desktop Items box if it is checked.
Apply.
Apply and Exit Display properties.

Now run HijackThis and if the O24 entry is still there check it and fix it. Reboot and it should be gone. Please let me know.

Edited by SifuMike, 21 September 2008 - 02:13 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 Paulhan93

Paulhan93
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 21 September 2008 - 04:54 PM

Ok O24 thing is gone now. Thank you very much.


and here is a new Hijackthis log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:52:10 PM, on 9/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
I:\Program Files\Bonjour\mDNSResponder.exe
I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
I:\WINDOWS\system32\lxddcoms.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\Explorer.EXE
I:\Program Files\iTunes\iTunesHelper.exe
I:\Program Files\Lexmark 2500 Series\lxddamon.exe
I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
I:\WINDOWS\system32\ctfmon.exe
I:\Documents and Settings\Paul Han\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
I:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.0.1.20080130-2132\soffice.exe
I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
I:\WINDOWS\system32\wuauclt.exe
I:\Program Files\iPod\bin\iPodService.exe
I:\WINDOWS\system32\wscntfy.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Internet Explorer\IEXPLORE.EXE
I:\WINDOWS\system32\BRcNJ83r.exe
I:\Program Files\Mozilla Firefox\firefox.exe
I:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - I:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - I:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - I:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "I:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lxddmon.exe] "I:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "I:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [StartCCC] "I:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "I:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] I:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] I:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] I:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] I:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "I:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Veoh] "I:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [DAEMON Tools Lite] "I:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "I:\Documents and Settings\Paul Han\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SODCPreLoad] I:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.0.1.20080130-2132\preload.exe I:\PROGRA~1\IBM\Lotus\Symphony\data\.sodc\
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
O4 - Global Startup: Google Updater.lnk = I:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - I:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - I:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - I:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: i:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} (CyImage Class) - http://cyimg8.cyworld.com/ImageUpload/CyPi...U1.cab?20080604
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neff...ffyLauncher.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - I:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - I:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - I:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - I:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - I:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 - Service: lxdd_device - - I:\WINDOWS\system32\lxddcoms.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - I:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - I:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - I:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 9646 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users