Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

antivirus scans going crazy!


  • This topic is locked This topic is locked
9 replies to this topic

#1 mamawV

mamawV

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:46 PM

Posted 30 December 2008 - 06:50 PM

Hi..I need help removing these pests that keep popping up. I don't know how to remove them and they're multiplying..thanks
I don't see a way to include attachments on here.

DDS (Version 1.1.0) - NTFSx86
Run by us at 17:27:50.34 on Tue 12/30/2008
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.254.91 [GMT -5:00]

AV: Bitdefender Antivirus *On-access scanning disabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\us\Desktop\dds.scr
C:\WINDOWS\System32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://srch-us6.hpwis.com/
uInternet Settings,ProxyOverride = localhost;*.local
mSearchAssistant = hxxp://srch-us6.hpwis.com/
mCustomizeSearch = hxxp://srch-us6.hpwis.com/
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: NoExplorer - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_08\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows

live\WindowsLiveLogin.dll
TB: hp toolkit: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\hp\explorebar\HPTOOLKT.DLL
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
EB: hp toolkit: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [nwiz] nwiz.exe /install
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {B863453A-26C3-4e1f-A54D-A2CD196348E9} - c:\program files\icqlite\ICQLite.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_08\bin\ssv.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Notify: b0a0e6ac511 - c:\windows\system32\comcat32.dll
Notify: igfxcui - igfxsrvc.dll
Notify: __c00619C5 - c:\windows\system32\__c00619C5.dat
AppInit_DLLs: sockspy.dll,c:\windows\system32\comcat32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

============= SERVICES / DRIVERS ===============

R2 WinDefend;Windows Defender;"c:\program files\windows defender\MsMpEng.exe" [2006-11-3 13592]
S3 mamotou;mamotou;c:\windows\system32\drivers\mamotou.sys [2007-8-13 49399]

=============== Created Last 30 ================

2008-12-27 12:49 54,156 a---h--- c:\windows\QTFont.qfn
2008-12-27 12:49 1,409 a------- c:\windows\QTFont.for
2008-12-19 15:00 <DIR> --dsh--- c:\windows\system32\GroupPolicyManifest
2008-12-19 13:58 50 a------- C:\xcrashdump.dat
2008-12-17 18:11 138,384 a------- c:\windows\system32\drivers\tmcomm.sys
2008-12-17 18:03 <DIR> --d----- c:\docume~1\us\applic~1\HouseCall 6.6
2008-12-15 22:45 <DIR> --d----- c:\docume~1\us\applic~1\Skinux
2008-12-15 22:28 <DIR> --d----- c:\program files\common files\Kodak
2008-12-15 22:25 <DIR> --d----- c:\program files\Kodak
2008-12-15 22:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kodak
2008-12-11 02:52 135,168 a------- c:\windows\system32\dbghelp323232.dll
2008-12-11 02:49 135,168 a------- c:\windows\system32\d3dim700323232323232.dll
2008-12-11 02:48 135,168 a------- c:\windows\system32\cscui323232323232323232.dll
2008-12-11 02:47 135,168 a------- c:\windows\system32\cryptext323232.dll
2008-12-11 02:46 135,168 a------- c:\windows\system32\crypt323232.dll
2008-12-11 02:45 135,168 a------- c:\windows\system32\d3drm3232.dll
2008-12-11 02:45 135,168 a------- c:\windows\system32\comuid323232.dll
2008-12-11 02:44 135,168 a------- c:\windows\system32\cscdll3232323232323232.dll
2008-12-11 02:43 135,168 a------- c:\windows\system32\d3drm32.dll
2008-12-11 02:43 135,168 a------- c:\windows\system32\credui323232.dll
2008-12-11 02:42 135,168 a------- c:\windows\system32\d3dramp3232323232.dll
2008-12-11 02:42 135,168 a------- c:\windows\system32\comsnap32323232.dll
2008-12-11 02:41 135,168 a------- c:\windows\system32\d3d8323232323232.dll
2008-12-11 02:41 135,168 a------- c:\windows\system32\compobj323232.dll
2008-12-11 02:40 135,168 a------- c:\windows\system32\crtdll3232.dll
2008-12-11 02:39 135,168 a------- c:\windows\system32\d3d83232323232.dll
2008-12-11 02:39 135,168 a------- c:\windows\system32\commdlg3232.dll
2008-12-11 02:38 135,168 a------- c:\windows\system32\comcat3232323232.dll
2008-12-11 02:37 135,168 a------- c:\windows\system32\cscdll32323232323232.dll
2008-12-11 02:37 135,168 a------- c:\windows\system32\cnetcfg32.dll
2008-12-11 02:36 135,168 a------- c:\windows\system32\credui3232.dll
2008-12-11 02:35 135,168 a------- c:\windows\system32\d3dim3232323232.dll
2008-12-11 02:35 135,168 a------- c:\windows\system32\compstui323232.dll
2008-12-11 02:34 135,168 a------- c:\windows\system32\d3d832323232.dll
2008-12-11 02:34 135,168 a------- c:\windows\system32\compatui3232323232.dll
2008-12-11 02:33 135,168 a------- c:\windows\system32\cscui3232323232323232.dll
2008-12-11 02:33 135,168 a------- c:\windows\system32\cmutil323232.dll
2008-12-11 02:32 135,168 a------- c:\windows\system32\crypt3232.dll
2008-12-11 02:31 135,168 a------- c:\windows\system32\d3dim32323232.dll
2008-12-11 02:31 135,168 a------- c:\windows\system32\comcat32323232.dll
2008-12-11 02:30 135,168 a------- c:\windows\system32\cscui32323232323232.dll
2008-12-11 02:30 135,168 a------- c:\windows\system32\colbact32.dll
2008-12-11 02:29 135,168 a------- c:\windows\system32\cscdll323232323232.dll
2008-12-11 02:29 135,168 a------- c:\windows\system32\CmdLineExt0332323232.dll
2008-12-11 02:28 135,168 a------- c:\windows\system32\credui32.dll
2008-12-11 02:28 135,168 a------- c:\windows\system32\cic3232.dll
2008-12-11 02:26 135,168 a------- c:\windows\system32\d3d8thk3232323232.dll
2008-12-11 02:26 135,168 a------- c:\windows\system32\cewmdm3232.dll
2008-12-11 02:25 135,168 a------- c:\windows\system32\comsnap323232.dll
2008-12-11 02:25 135,168 a------- c:\windows\system32\certmgr3232.dll
2008-12-11 02:23 135,168 a------- c:\windows\system32\d3d9323232323232.dll
2008-12-11 02:22 135,168 a------- c:\windows\system32\d3d8thk32323232.dll
2008-12-11 02:21 135,168 a------- c:\windows\system32\cscui323232323232.dll
2008-12-11 02:21 135,168 a------- c:\windows\system32\cfgbkend32.dll
2008-12-11 02:20 135,168 a------- c:\windows\system32\comsvcs3232.dll
2008-12-11 02:20 135,168 a------- c:\windows\system32\cc3250mt323232.dll
2008-12-11 02:19 135,168 a------- c:\windows\system32\compatui32323232.dll
2008-12-11 02:19 135,168 a------- c:\windows\system32\cc32503232.dll
2008-12-11 02:18 135,168 a------- c:\windows\system32\cnvfat3232.dll
2008-12-11 02:17 135,168 a------- c:\windows\system32\cscui3232323232.dll
2008-12-11 02:17 135,168 a------- c:\windows\system32\cmprops32323232.dll
2008-12-11 02:16 135,168 a------- c:\windows\system32\cryptui3232323232.dll
2008-12-11 02:16 135,168 a------- c:\windows\system32\certmgr32.dll
2008-12-11 02:15 135,168 a------- c:\windows\system32\comsvcs32.dll
2008-12-11 02:15 135,168 a------- c:\windows\system32\camocx32323232.dll
2008-12-11 02:14 135,168 a------- c:\windows\system32\cnbjmon323232.dll
2008-12-11 02:13 135,168 a------- c:\windows\system32\csrsrv323232.dll
2008-12-11 02:13 135,168 a------- c:\windows\system32\cmprops323232.dll
2008-12-11 02:12 135,168 a------- c:\windows\system32\cscdll3232323232.dll
2008-12-11 02:12 135,168 a------- c:\windows\system32\CmdLineExt03323232.dll
2008-12-11 02:11 135,168 a------- c:\windows\system32\comres323232.dll
2008-12-11 02:11 135,168 a------- c:\windows\system32\bthci32.dll
2008-12-11 02:10 135,168 a------- c:\windows\system32\cmutil3232.dll
2008-12-11 02:09 135,168 a------- c:\windows\system32\cscui32323232.dll
2008-12-11 02:09 135,168 a------- c:\windows\system32\cc325032.dll
2008-12-11 02:08 135,168 a------- c:\windows\system32\compobj3232.dll
2008-12-11 02:08 135,168 a------- c:\windows\system32\borlndmm3232.dll
2008-12-11 02:07 135,168 a------- c:\windows\system32\cmutil32.dll
2008-12-11 02:07 135,168 a------- c:\windows\system32\blackbox32.dll
2008-12-11 02:06 135,168 a------- c:\windows\system32\cmprops3232.dll
2008-12-11 02:06 135,168 a------- c:\windows\system32\bitsprx232.dll
2008-12-11 02:05 135,168 a------- c:\windows\system32\cmpbk3232.dll
2008-12-11 02:05 135,168 a------- c:\windows\system32\bfc4232.dll
2008-12-11 02:04 135,168 a------- c:\windows\system32\CmdLineExt033232.dll
2008-12-11 02:03 135,168 a------- c:\windows\system32\cryptui32323232.dll
2008-12-11 02:03 135,168 a------- c:\windows\system32\catsrvut3232.dll
2008-12-11 02:02 135,168 a------- c:\windows\system32\comrepl3232.dll
2008-12-11 02:02 135,168 a------- c:\windows\system32\camocx323232.dll
2008-12-11 02:01 135,168 a------- c:\windows\system32\compatui323232.dll
2008-12-11 02:01 135,168 a------- c:\windows\system32\avwav32.dll
2008-12-11 02:00 135,168 a------- c:\windows\system32\cmdial323232.dll
2008-12-11 02:00 135,168 a------- c:\windows\system32\audiosrv32.dll
2008-12-11 01:58 135,168 a------- c:\windows\system32\dimap3232.dll
2008-12-11 01:56 135,168 a------- c:\windows\system32\diactfrm32.dll
2008-12-11 01:53 135,168 a------- c:\windows\system32\dgrpsetu3232.dll
2008-12-11 01:52 135,168 a------- c:\windows\system32\dgnet3232.dll
2008-12-11 01:50 135,168 a------- c:\windows\system32\deskmon3232323232.dll
2008-12-11 01:49 135,168 a------- c:\windows\system32\ddraw323232.dll
2008-12-11 01:48 135,168 a------- c:\windows\system32\ddeml32323232.dll
2008-12-11 01:47 135,168 a------- c:\windows\system32\dbmsvinn3232.dll
2008-12-11 01:46 135,168 a------- c:\windows\system32\dbghelp3232.dll
2008-12-11 01:45 135,168 a------- c:\windows\system32\danim3232323232.dll
2008-12-11 01:44 135,168 a------- c:\windows\system32\d3dramp32323232.dll
2008-12-11 01:43 135,168 a------- c:\windows\system32\deskperf323232323232.dll
2008-12-11 01:43 135,168 a------- c:\windows\system32\ctl3d323232.dll
2008-12-11 01:42 135,168 a------- c:\windows\system32\d3dpmesh323232.dll
2008-12-11 01:41 135,168 a------- c:\windows\system32\deskperf3232323232.dll
2008-12-11 01:41 135,168 a------- c:\windows\system32\d3dim323232.dll
2008-12-11 01:40 135,168 a------- c:\windows\system32\deskmon32323232.dll
2008-12-11 01:40 135,168 a------- c:\windows\system32\csrsrv3232.dll
2008-12-11 01:39 135,168 a------- c:\windows\system32\dbnmpntw323232323232.dll
2008-12-11 01:39 135,168 a------- c:\windows\system32\cscdll32323232.dll
2008-12-11 01:38 135,168 a------- c:\windows\system32\dataclen323232323232.dll
2008-12-11 01:37 135,168 a------- c:\windows\system32\ddrawex3232.dll
2008-12-11 01:37 135,168 a------- c:\windows\system32\cryptext3232.dll
2008-12-11 01:36 135,168 a------- c:\windows\system32\dbmsrpcn323232.dll
2008-12-11 01:36 135,168 a------- c:\windows\system32\cpuinf323232323232.dll
2008-12-11 01:35 135,168 a------- c:\windows\system32\davclnt3232323232.dll
2008-12-11 01:35 135,168 a------- c:\windows\system32\comres3232.dll
2008-12-11 01:34 135,168 a------- c:\windows\system32\d3dpmesh3232.dll
2008-12-11 01:34 135,168 a------- c:\windows\system32\commdlg32.dll
2008-12-11 01:33 135,168 a------- c:\windows\system32\d3d8323232.dll
2008-12-11 01:33 135,168 a------- c:\windows\system32\cmsetacl3232.dll
2008-12-11 01:32 135,168 a------- c:\windows\system32\cscdll323232.dll
2008-12-11 01:31 135,168 a------- c:\windows\system32\dbnmpntw3232323232.dll
2008-12-11 01:31 135,168 a------- c:\windows\system32\console3232.dll
2008-12-11 01:30 135,168 a------- c:\windows\system32\danim32323232.dll
2008-12-11 01:30 135,168 a------- c:\windows\system32\compobj32.dll
2008-12-11 01:29 135,168 a------- c:\windows\system32\d3dramp323232.dll
2008-12-11 01:29 135,168 a------- c:\windows\system32\comdlg32323232.dll
2008-12-11 01:28 135,168 a------- c:\windows\system32\d3dim7003232323232.dll
2008-12-11 01:28 135,168 a------- c:\windows\system32\cmprops32.dll
2008-12-11 01:27 135,168 a------- c:\windows\system32\ctl3dv23232.dll
2008-12-11 01:27 135,168 a------- c:\windows\system32\clusapi32323232.dll
2008-12-11 01:26 135,168 a------- c:\windows\system32\csseqchk3232.dll
2008-12-11 01:26 135,168 a------- c:\windows\system32\clb3232.dll
2008-12-11 01:25 135,168 a------- c:\windows\system32\cryptui323232.dll
2008-12-11 01:24 135,168 a------- c:\windows\system32\dbnmpntw32323232.dll
2008-12-11 01:24 135,168 a------- c:\windows\system32\cryptdlg3232.dll
2008-12-11 01:23 135,168 a------- c:\windows\system32\davclnt32323232.dll
2008-12-11 01:23 135,168 a------- c:\windows\system32\comrepl32.dll
2008-12-11 01:22 135,168 a------- c:\windows\system32\dataclen3232323232.dll
2008-12-11 01:22 135,168 a------- c:\windows\system32\compatui3232.dll
2008-12-11 01:21 135,168 a------- c:\windows\system32\d3dim70032323232.dll
2008-12-11 01:21 135,168 a------- c:\windows\system32\cnbjmon3232.dll
2008-12-11 01:20 135,168 a------- c:\windows\system32\d3dim3232.dll
2008-12-11 01:20 135,168 a------- c:\windows\system32\clbcatex323232.dll
2008-12-11 01:19 135,168 a------- c:\windows\system32\csrsrv32.dll
2008-12-11 01:19 135,168 a------- c:\windows\system32\certcli3232.dll
2008-12-11 01:18 135,168 a------- c:\windows\system32\confmsp3232.dll
2008-12-11 01:17 135,168 a------- c:\windows\system32\dbghelp32.dll
2008-12-11 01:17 135,168 a------- c:\windows\system32\comsnap3232.dll
2008-12-11 01:16 135,168 a------- c:\windows\system32\datime323232323232.dll
2008-12-11 01:16 135,168 a------- c:\windows\system32\compstui3232.dll
2008-12-11 01:15 135,168 a------- c:\windows\system32\danim323232.dll
2008-12-11 01:15 135,168 a------- c:\windows\system32\comcat323232.dll
2008-12-11 01:14 135,168 a------- c:\windows\system32\d3d93232323232.dll
2008-12-11 01:14 135,168 a------- c:\windows\system32\clbcatq32.dll
2008-12-11 01:13 135,168 a------- c:\windows\system32\ctl3d3232.dll
2008-12-11 01:13 135,168 a------- c:\windows\system32\cfgmgr323232.dll
2008-12-11 01:12 135,168 a------- c:\windows\system32\cscdll3232.dll
2008-12-11 01:12 135,168 a------- c:\windows\system32\cdosys32.dll
2008-12-11 01:11 135,168 a------- c:\windows\system32\cryptdll3232.dll
2008-12-11 01:11 135,168 a------- c:\windows\system32\cc3250mt3232.dll
2008-12-11 01:10 135,168 a------- c:\windows\system32\cpuinf3232323232.dll
2008-12-11 01:10 135,168 a------- c:\windows\system32\capicom32.dll
2008-12-11 01:09 135,168 a------- c:\windows\system32\corpol323232.dll
2008-12-11 01:09 135,168 a------- c:\windows\system32\camocx3232.dll
2008-12-11 01:08 135,168 a------- c:\windows\system32\confmsp32.dll
2008-12-11 01:08 135,168 a------- c:\windows\system32\btpanui32.dll
2008-12-11 01:07 135,168 a------- c:\windows\system32\comuid3232.dll
2008-12-11 01:07 135,168 a------- c:\windows\system32\browsewm32.dll
2008-12-11 01:06 135,168 a------- c:\windows\system32\comres32.dll
2008-12-11 01:06 135,168 a------- c:\windows\system32\Bocof32.dll
2008-12-11 01:05 135,168 a------- c:\windows\system32\comctl323232.dll
2008-12-11 01:04 135,168 a------- c:\windows\system32\datime3232323232.dll
2008-12-11 01:04 135,168 a------- c:\windows\system32\comcat3232.dll
2008-12-11 01:03 135,168 a------- c:\windows\system32\dataclen32323232.dll
2008-12-11 01:03 135,168 a------- c:\windows\system32\CmdLineExt0332.dll
2008-12-11 01:02 135,168 a------- c:\windows\system32\d3dpmesh32.dll
2008-12-11 01:02 135,168 a------- c:\windows\system32\clusapi323232.dll
2008-12-11 01:01 135,168 a------- c:\windows\system32\d3dim700323232.dll
2008-12-11 01:01 135,168 a------- c:\windows\system32\clbcatex3232.dll
2008-12-11 01:00 135,168 a------- c:\windows\system32\d3d932323232.dll
2008-12-11 01:00 135,168 a------- c:\windows\system32\clb32.dll
2008-12-11 00:59 135,168 a------- c:\windows\system32\dplayx32323232.dll
2008-12-11 00:59 135,168 a------- c:\windows\system32\dfrgui323232.dll
2008-12-11 00:58 135,168 a------- c:\windows\system32\docprop2323232.dll
2008-12-11 00:58 135,168 a------- c:\windows\system32\devenum323232.dll
2008-12-11 00:57 135,168 a------- c:\windows\system32\dnsrslvr3232.dll
2008-12-11 00:57 135,168 a------- c:\windows\system32\deskperf32323232.dll
2008-12-11 00:56 135,168 a------- c:\windows\system32\dmutil323232.dll
2008-12-11 00:56 135,168 a------- c:\windows\system32\deskadp323232.dll
2008-12-11 00:55 135,168 a------- c:\windows\system32\dmsynth323232.dll
2008-12-11 00:55 135,168 a------- c:\windows\system32\delphimm3232.dll
2008-12-11 00:54 135,168 a------- c:\windows\system32\dmloader32.dll
2008-12-11 00:54 135,168 a------- c:\windows\system32\dbnetlib323232.dll
2008-12-11 00:53 135,168 a------- c:\windows\system32\dmband3232.dll
2008-12-11 00:53 135,168 a------- c:\windows\system32\datime32323232.dll
2008-12-11 00:52 135,168 a------- c:\windows\system32\dfshim3232.dll
2008-12-11 00:51 135,168 a------- c:\windows\system32\dpnaddr32.dll
2008-12-11 00:51 135,168 a------- c:\windows\system32\dfrgui3232.dll
2008-12-11 00:50 135,168 a------- c:\windows\system32\dplayx323232.dll
2008-12-11 00:50 135,168 a------- c:\windows\system32\dfrgres323232.dll
2008-12-11 00:49 135,168 a------- c:\windows\system32\docprop3232.dll
2008-12-11 00:49 135,168 a------- c:\windows\system32\deskmon323232.dll
2008-12-11 00:48 135,168 a------- c:\windows\system32\dnsapi32.dll
2008-12-11 00:48 135,168 a------- c:\windows\system32\ddeml323232.dll
2008-12-11 00:47 135,168 a------- c:\windows\system32\dmserver3232.dll
2008-12-11 00:47 135,168 a------- c:\windows\system32\davclnt323232.dll
2008-12-11 00:46 135,168 a------- c:\windows\system32\dmconfig32.dll
2008-12-11 00:46 135,168 a------- c:\windows\system32\d3dramp3232.dll
2008-12-11 00:45 135,168 a------- c:\windows\system32\devenum3232.dll
2008-12-11 00:44 135,168 a------- c:\windows\system32\dplay32.dll
2008-12-11 00:44 135,168 a------- c:\windows\system32\deskperf323232.dll
2008-12-11 00:43 135,168 a------- c:\windows\system32\dpcdll3232.dll
2008-12-11 00:43 135,168 a------- c:\windows\system32\deskmon3232.dll
2008-12-11 00:42 135,168 a------- c:\windows\system32\dmutil3232.dll
2008-12-11 00:42 135,168 a------- c:\windows\system32\ddeml3232.dll
2008-12-11 00:41 135,168 a------- c:\windows\system32\dmsynth3232.dll
2008-12-11 00:41 135,168 a------- c:\windows\system32\dbnmpntw323232.dll
2008-12-11 00:40 135,168 a------- c:\windows\system32\dmstyle32.dll
2008-12-11 00:40 135,168 a------- c:\windows\system32\dbnetlib3232.dll
2008-12-11 00:39 135,168 a------- c:\windows\system32\dmserver32.dll
2008-12-11 00:39 135,168 a------- c:\windows\system32\dbmsvinn32.dll
2008-12-11 00:38 135,168 a------- c:\windows\system32\dmime3232.dll
2008-12-11 00:38 135,168 a------- c:\windows\system32\dataclen323232.dll
2008-12-11 00:37 135,168 a------- c:\windows\system32\dispex3232.dll
2008-12-11 00:37 135,168 a------- c:\windows\system32\d3dim7003232.dll
2008-12-11 00:36 135,168 a------- c:\windows\system32\dinput832.dll
2008-12-11 00:36 135,168 a------- c:\windows\system32\d3dim32.dll
2008-12-11 00:35 135,168 a------- c:\windows\system32\dinput3232.dll
2008-12-11 00:35 135,168 a------- c:\windows\system32\d3d8thk323232.dll
2008-12-11 00:34 135,168 a------- c:\windows\system32\ddrawex32.dll
2008-12-11 00:33 135,168 a------- c:\windows\system32\dmintf3232.dll
2008-12-11 00:33 135,168 a------- c:\windows\system32\davclnt3232.dll
2008-12-11 00:32 135,168 a------- c:\windows\system32\dmime32.dll
2008-12-11 00:32 135,168 a------- c:\windows\system32\datime323232.dll
2008-12-11 00:31 135,168 a------- c:\windows\system32\dmdlgs3232.dll
2008-12-11 00:31 135,168 a------- c:\windows\system32\d3dxof3232.dll
2008-12-11 00:30 135,168 a------- c:\windows\system32\dispex32.dll
2008-12-11 00:30 135,168 a------- c:\windows\system32\d3d9323232.dll
2008-12-11 00:29 135,168 a------- c:\windows\system32\diskcopy3232.dll
2008-12-11 00:29 135,168 a------- c:\windows\system32\d3d83232.dll
2008-12-11 00:28 135,168 a------- c:\windows\system32\dimap32.dll
2008-12-11 00:28 135,168 a------- c:\windows\system32\cscui323232.dll
2008-12-11 00:27 135,168 a------- c:\windows\system32\dfrgsnap3232.dll
2008-12-11 00:27 135,168 a------- c:\windows\system32\cpuinf32323232.dll
2008-12-11 00:26 135,168 a------- c:\windows\system32\devmgr32.dll
2008-12-11 00:26 135,168 a------- c:\windows\system32\corpol3232.dll
2008-12-11 00:25 135,168 a------- c:\windows\system32\ddraw3232.dll
2008-12-11 00:25 135,168 a------- c:\windows\system32\comdlg323232.dll
2008-12-11 00:24 135,168 a------- c:\windows\system32\dciman323232.dll
2008-12-11 00:24 135,168 a------- c:\windows\system32\comctl3232.dll
2008-12-11 00:23 135,168 a------- c:\windows\system32\dbmsadsn3232.dll
2008-12-11 00:23 135,168 a------- c:\windows\system32\cmcfg323232.dll
2008-12-11 00:22 135,168 a------- c:\windows\system32\datime3232.dll
2008-12-11 00:22 135,168 a------- c:\windows\system32\clusapi3232.dll
2008-12-11 00:21 135,168 a------- c:\windows\system32\dataclen3232.dll
2008-12-11 00:21 135,168 a------- c:\windows\system32\ciadmin32.dll
2008-12-11 00:20 135,168 a------- c:\windows\system32\d3d93232.dll
2008-12-11 00:19 135,168 a------- c:\windows\system32\dmcompos3232.dll
2008-12-11 00:19 135,168 a------- c:\windows\system32\d3d832.dll
2008-12-11 00:18 135,168 a------- c:\windows\system32\dmband32.dll
2008-12-11 00:18 135,168 a------- c:\windows\system32\cryptui3232.dll
2008-12-11 00:17 135,168 a------- c:\windows\system32\dhcpmon32.dll
2008-12-11 00:17 135,168 a------- c:\windows\system32\cryptext32.dll
2008-12-11 00:16 135,168 a------- c:\windows\system32\dhcpcsvc3232.dll
2008-12-11 00:16 135,168 a------- c:\windows\system32\crtdll32.dll
2008-12-11 00:15 135,168 a------- c:\windows\system32\dgnet32.dll
2008-12-11 00:15 135,168 a------- c:\windows\system32\cpuinf323232.dll
2008-12-11 00:14 135,168 a------- c:\windows\system32\dfsshlex3232.dll
2008-12-11 00:14 135,168 a------- c:\windows\system32\comaddin32.dll
2008-12-11 00:13 135,168 a------- c:\windows\system32\ddeml32.dll
2008-12-11 00:13 135,168 a------- c:\windows\system32\cmcfg3232.dll
2008-12-11 00:12 135,168 a------- c:\windows\system32\dbgeng3232.dll
2008-12-11 00:12 135,168 a------- c:\windows\system32\ciodm32.dll
2008-12-11 00:11 135,168 a------- c:\windows\system32\datime32.dll
2008-12-11 00:11 135,168 a------- c:\windows\system32\cdm32.dll
2008-12-11 00:10 135,168 a------- c:\windows\system32\d3d932.dll
2008-12-11 00:10 135,168 a------- c:\windows\system32\cards32.dll
2008-12-11 00:09 135,168 a------- c:\windows\system32\cscui3232.dll
2008-12-11 00:09 135,168 a------- c:\windows\system32\cabinet3232.dll
2008-12-11 00:08 135,168 a------- c:\windows\system32\cryptui32.dll
2008-12-11 00:08 135,168 a------- c:\windows\system32\browser32.dll
2008-12-11 00:07 135,168 a------- c:\windows\system32\cryptdlg32.dll
2008-12-11 00:07 135,168 a------- c:\windows\system32\borlndmm32.dll
2008-12-11 00:06 135,168 a------- c:\windows\system32\console32.dll
2008-12-11 00:05 135,168 a------- c:\windows\system32\dfrgsnap32.dll
2008-12-11 00:05 135,168 a------- c:\windows\system32\compatui32.dll
2008-12-11 00:04 135,168 a------- c:\windows\system32\dfrgres3232.dll
2008-12-11 00:04 135,168 a------- c:\windows\system32\comdlg3232.dll
2008-12-11 00:03 135,168 a------- c:\windows\system32\deskperf3232.dll
2008-12-11 00:03 135,168 a------- c:\windows\system32\cnvfat32.dll
2008-12-11 00:02 135,168 a------- c:\windows\system32\deskadp3232.dll
2008-12-11 00:02 135,168 a------- c:\windows\system32\cmsetacl32.dll
2008-12-11 00:01 135,168 a------- c:\windows\system32\delphimm32.dll
2008-12-11 00:01 135,168 a------- c:\windows\system32\cliconfg32.dll
2008-12-11 00:00 135,168 a------- c:\windows\system32\dbnmpntw3232.dll
2008-12-11 00:00 135,168 a------- c:\windows\system32\clbcatex32.dll
2008-12-10 23:59 135,168 a------- c:\windows\system32\faultrep32.dll
2008-12-10 23:59 135,168 a------- c:\windows\system32\dplayx3232.dll
2008-12-10 23:58 135,168 a------- c:\windows\system32\expsrv32.dll
2008-12-10 23:58 135,168 a------- c:\windows\system32\docprop23232.dll
2008-12-10 23:57 135,168 a------- c:\windows\system32\eventlog32.dll
2008-12-10 23:57 135,168 a------- c:\windows\system32\dmusic32.dll
2008-12-10 23:56 135,168 a------- c:\windows\system32\EqnClass3232.dll
2008-12-10 23:56 135,168 a------- c:\windows\system32\dmscript32.dll
2008-12-10 23:55 135,168 a------- c:\windows\system32\dxtrans3232.dll
2008-12-10 23:55 135,168 a------- c:\windows\system32\dmdskmgr3232.dll
2008-12-10 23:54 135,168 a------- c:\windows\system32\dxmasf32.dll
2008-12-10 23:54 135,168 a------- c:\windows\system32\dmdlgs32.dll
2008-12-10 23:53 135,168 a------- c:\windows\system32\dx7vb3232.dll
2008-12-10 23:53 135,168 a------- c:\windows\system32\diskcopy32.dll
2008-12-10 23:52 135,168 a------- c:\windows\system32\drmclien3232.dll
2008-12-10 23:51 135,168 a------- c:\windows\system32\FXAB3232.dll
2008-12-10 23:51 135,168 a------- c:\windows\system32\dpnhupnp3232.dll
2008-12-10 23:50 135,168 a------- c:\windows\system32\fontsub3232.dll
2008-12-10 23:50 135,168 a------- c:\windows\system32\dpmodemx3232.dll
2008-12-10 23:49 135,168 a------- c:\windows\system32\fltlib32.dll
2008-12-10 23:49 135,168 a------- c:\windows\system32\dpcdll32.dll
2008-12-10 23:48 135,168 a------- c:\windows\system32\filemgmt3232.dll
2008-12-10 23:48 135,168 a------- c:\windows\system32\docprop232.dll
2008-12-10 23:47 135,168 a------- c:\windows\system32\exts3232.dll
2008-12-10 23:47 135,168 a------- c:\windows\system32\dmutil32.dll
2008-12-10 23:46 135,168 a------- c:\windows\system32\eventcls32.dll
2008-12-10 23:46 135,168 a------- c:\windows\system32\dmintf32.dll
2008-12-10 23:45 135,168 a------- c:\windows\system32\esent32.dll
2008-12-10 23:45 135,168 a------- c:\windows\system32\dmdskres3232.dll
2008-12-10 23:44 135,168 a------- c:\windows\system32\es32.dll
2008-12-10 23:44 135,168 a------- c:\windows\system32\dmdskmgr32.dll
2008-12-10 23:43 135,168 a------- c:\windows\system32\EqnClass32.dll
2008-12-10 23:43 135,168 a------- c:\windows\system32\dmcompos32.dll
2008-12-10 23:42 135,168 a------- c:\windows\system32\dxtrans32.dll
2008-12-10 23:42 135,168 a------- c:\windows\system32\dinput32.dll
2008-12-10 23:41 135,168 a------- c:\windows\system32\dxtmsft32.dll
2008-12-10 23:41 135,168 a------- c:\windows\system32\digest3232.dll
2008-12-10 23:40 135,168 a------- c:\windows\system32\dxdiagn32.dll
2008-12-10 23:40 135,168 a------- c:\windows\system32\dhcpsapi32.dll
2008-12-10 23:39 135,168 a------- c:\windows\system32\dx8vb32.dll
2008-12-10 23:39 135,168 a------- c:\windows\system32\dhcpcsvc32.dll
2008-12-10 23:38 135,168 a------- c:\windows\system32\dx7vb32.dll
2008-12-10 23:38 135,168 a------- c:\windows\system32\dgrpsetu32.dll
2008-12-10 23:37 135,168 a------- c:\windows\system32\dssenh32.dll
2008-12-10 23:37 135,168 a------- c:\windows\system32\dfrgui32.dll
2008-12-10 23:36 135,168 a------- c:\windows\system32\dssec32.dll
2008-12-10 23:36 135,168 a------- c:\windows\system32\dfrgres32.dll
2008-12-10 23:35 135,168 a------- c:\windows\system32\dsdmoprp3232.dll
2008-12-10 23:35 135,168 a------- c:\windows\system32\ddraw32.dll
2008-12-10 23:34 135,168 a------- c:\windows\system32\drmstor32.dll
2008-12-10 23:34 135,168 a------- c:\windows\system32\dbmsrpcn3232.dll
2008-12-10 23:33 135,168 a------- c:\windows\system32\drmclien32.dll
2008-12-10 23:33 135,168 a------- c:\windows\system32\dbmsadsn32.dll
2008-12-10 23:32 135,168 a------- c:\windows\system32\dpwsockx3232.dll
2008-12-10 23:32 135,168 a------- c:\windows\system32\dbgeng32.dll
2008-12-10 23:31 135,168 a------- c:\windows\system32\dpvoice32.dll
2008-12-10 23:31 135,168 a------- c:\windows\system32\danim3232.dll
2008-12-10 23:30 135,168 a------- c:\windows\system32\dpvacm32.dll
2008-12-10 23:30 135,168 a------- c:\windows\system32\d3dxof32.dll
2008-12-10 23:29 135,168 a------- c:\windows\system32\dpserial32.dll
2008-12-10 23:29 135,168 a------- c:\windows\system32\d3dramp32.dll
2008-12-10 23:28 135,168 a------- c:\windows\system32\dpnmodem32.dll
2008-12-10 23:28 135,168 a------- c:\windows\system32\d3d8thk3232.dll
2008-12-10 23:27 135,168 a------- c:\windows\system32\dpmodemx32.dll
2008-12-10 23:27 135,168 a------- c:\windows\system32\csseqchk32.dll
2008-12-10 23:26 135,168 a------- c:\windows\system32\dplayx32.dll
2008-12-10 23:26 135,168 a------- c:\windows\system32\cscui32.dll
2008-12-10 23:25 135,168 a------- c:\windows\system32\docprop32.dll
2008-12-10 23:25 135,168 a------- c:\windows\system32\cryptnet3232.dll
2008-12-10 23:24 135,168 a------- c:\windows\system32\dnsrslvr32.dll
2008-12-10 23:24 135,168 a------- c:\windows\system32\cryptdll32.dll
2008-12-10 23:23 135,168 a------- c:\windows\system32\dmsynth32.dll
2008-12-10 23:23 135,168 a------- c:\windows\system32\cpuinf3232.dll
2008-12-10 23:22 135,168 a------- c:\windows\system32\dmdskres32.dll
2008-12-10 23:22 135,168 a------- c:\windows\system32\compstui32.dll
2008-12-10 23:21 135,168 a------- c:\windows\system32\digest32.dll
2008-12-10 23:21 135,168 a------- c:\windows\system32\cnbjmon32.dll
2008-12-10 23:20 135,168 a------- c:\windows\system32\dfsshlex32.dll
2008-12-10 23:20 135,168 a------- c:\windows\system32\cmdial3232.dll
2008-12-10 23:19 135,168 a------- c:\windows\system32\dfshim32.dll
2008-12-10 23:19 135,168 a------- c:\windows\system32\clusapi32.dll
2008-12-10 23:18 135,168 a------- c:\windows\system32\devenum32.dll
2008-12-10 23:18 135,168 a------- c:\windows\system32\cic32.dll
2008-12-10 23:17 135,168 a------- c:\windows\system32\deskperf32.dll
2008-12-10 23:17 135,168 a------- c:\windows\system32\cfgmgr3232.dll
2008-12-10 23:16 135,168 a------- c:\windows\system32\deskmon32.dll
2008-12-10 23:16 135,168 a------- c:\windows\system32\cewmdm32.dll
2008-12-10 23:15 135,168 a------- c:\windows\system32\deskadp32.dll
2008-12-10 23:15 135,168 a------- c:\windows\system32\certcli32.dll
2008-12-10 23:14 135,168 a------- c:\windows\system32\dciman3232.dll
2008-12-10 23:14 135,168 a------- c:\windows\system32\cddbcontrol32.dll
2008-12-10 23:13 135,168 a------- c:\windows\system32\dbnmpntw32.dll
2008-12-10 23:13 135,168 a------- c:\windows\system32\cc3250mt32.dll
2008-12-10 23:12 135,168 a------- c:\windows\system32\dbnetlib32.dll
2008-12-10 23:12 135,168 a------- c:\windows\system32\catsrvut32.dll
2008-12-10 23:11 135,168 a------- c:\windows\system32\dbmsrpcn32.dll
2008-12-10 23:11 135,168 a------- c:\windows\system32\camocx32.dll
2008-12-10 23:10 135,168 a------- c:\windows\system32\davclnt32.dll
2008-12-10 23:10 135,168 a------- c:\windows\system32\cabinet32.dll
2008-12-10 23:09 135,168 a------- c:\windows\system32\dataclen32.dll
2008-12-10 23:09 135,168 a------- c:\windows\system32\bthserv32.dll
2008-12-10 23:08 135,168 a------- c:\windows\system32\danim32.dll
2008-12-10 23:07 135,168 a------- c:\windows\system32\dsdmoprp32.dll
2008-12-10 23:07 135,168 a------- c:\windows\system32\d3dim70032.dll
2008-12-10 23:06 135,168 a------- c:\windows\system32\dsauth32.dll
2008-12-10 23:06 135,168 a------- c:\windows\system32\d3d8thk32.dll
2008-12-10 23:05 135,168 a------- c:\windows\system32\ds32gt32.dll
2008-12-10 23:05 135,168 a------- c:\windows\system32\ctl3dv232.dll
2008-12-10 23:04 135,168 a------- c:\windows\system32\ds16gt32.dll
2008-12-10 23:04 135,168 a------- c:\windows\system32\cscdll32.dll
2008-12-10 23:03 135,168 a------- c:\windows\system32\dpwsockx32.dll
2008-12-10 23:03 135,168 a------- c:\windows\system32\cryptnet32.dll
2008-12-10 23:02 135,168 a------- c:\windows\system32\dpwsock32.dll
2008-12-10 23:02 135,168 a------- c:\windows\system32\corpol32.dll
2008-12-10 23:01 135,168 a------- c:\windows\system32\dpnhupnp32.dll
2008-12-10 23:01 135,168 a------- c:\windows\system32\comuid32.dll
2008-12-10 23:00 135,168 a------- c:\windows\system32\dpnhpast32.dll
2008-12-10 23:00 135,168 a------- c:\windows\system32\comsnap32.dll
2008-12-10 22:59 135,168 a------- c:\windows\system32\igfxpph32.dll
2008-12-10 22:59 135,168 a------- c:\windows\system32\fxswzrd32.dll
2008-12-10 22:58 135,168 a------- c:\windows\system32\igfxhk32.dll
2008-12-10 22:58 135,168 a------- c:\windows\system32\fxstiff32.dll
2008-12-10 22:57 135,168 a------- c:\windows\system32\igfxeud32.dll
2008-12-10 22:57 135,168 a------- c:\windows\system32\fxsperf32.dll
2008-12-10 22:56 135,168 a------- c:\windows\system32\ifmon32.dll
2008-12-10 22:56 135,168 a------- c:\windows\system32\fxsevent32.dll
2008-12-10 22:55 135,168 a------- c:\windows\system32\ieui32.dll
2008-12-10 22:55 135,168 a------- c:\windows\system32\fxscfgwz32.dll
2008-12-10 22:54 135,168 a------- c:\windows\system32\iepeers32.dll
2008-12-10 22:54 135,168 a------- c:\windows\system32\fxdb32.dll
2008-12-10 22:53 135,168 a------- c:\windows\system32\ieakui32.dll
2008-12-10 22:53 135,168 a------- c:\windows\system32\fontsub32.dll
2008-12-10 22:52 135,168 a------- c:\windows\system32\icwphbk32.dll
2008-12-10 22:52 135,168 a------- c:\windows\system32\filemgmt32.dll
2008-12-10 22:51 135,168 a------- c:\windows\system32\icwdial32.dll
2008-12-10 22:51 135,168 a------- c:\windows\system32\exts32.dll
2008-12-10 22:50 135,168 a------- c:\windows\system32\icfgnt532.dll
2008-12-10 22:50 135,168 a------- c:\windows\system32\esentprf32.dll
2008-12-10 21:19 9,677 a------- c:\windows\GnuHashes.ini
2008-12-10 21:12 1,531 a--sh--- c:\windows\system32\GroupPolicy000.dat
2008-12-10 21:11 373,760 a--sh--- c:\windows\system32\18.tmp
2008-12-10 21:11 135,168 a------- c:\windows\system32\comcat32.dll
2008-12-10 20:06 <DIR> --d----- c:\program files\CardRecovery
2008-12-01 18:26 <DIR> --d----- c:\windows\system32\Adobe

==================== Find3M ====================

2008-12-28 14:44 81,984 a------- c:\windows\system32\bdod.bin
2008-10-23 08:01 283,648 a------- c:\windows\system32\gdi32.dll
2008-10-16 15:38 826,368 a------- c:\windows\system32\wininet.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-09 18:17 5,632 ac-sh--- c:\program files\Thumbs.db
2008-10-03 05:15 247,326 a------- c:\windows\system32\strmdll.dll
2006-06-21 22:24 4,225,744 ac------ c:\program files\Limewire Lime Wire Pro 4.12.3.exe

============= FINISH: 17:30:49.96 ===============

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 05 January 2009 - 06:26 AM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 mamawV

mamawV
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:46 PM

Posted 11 January 2009 - 06:58 PM

Hi fenzodahl512...I finally had to do a system restore just to get anything to work. Thank you much for any help you get give me..here's the MBAM report you requested and I will follow up w/the others.

Malwarebytes' Anti-Malware 1.32
Database version: 1643
Windows 5.1.2600 Service Pack 2

1/11/2009 6:46:54 PM
mbam-log-2009-01-11 (18-46-54).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 169933
Time elapsed: 2 hour(s), 44 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 28
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 8
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\cpbrkpie.coupon6ctrl.1 (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a85a5e6a-de2c-4f4e-99dc-f469df5a0eec} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e780f0b-bcd6-40cb-b2db-7af47ab4d4a4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a138be8b-f051-4802-9a3f-a750a6d862d4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\CouponPrinter.ocx (Adware.Coupons) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MSN Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP424\A0088608.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP424\A0088610.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\cpnprt2.cid (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cpnprt2.cid (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\us\Desktop\Free Software Downloads and Software Reviews - Download.com.url (Rogue.Link) -> Quarantined and deleted successfully.

#4 mamawV

mamawV
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:46 PM

Posted 11 January 2009 - 07:07 PM

Logfile of random's system information tool 1.05 (written by random/random)
Run by us at 2009-01-11 19:04:57
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 26 GB (49%) free of 53 GB
Total RAM: 254 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:05:44 PM, on 1/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\us\Desktop\RSIT.exe
C:\Program Files\trend micro\us.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60233
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://srch-us6.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://srch-us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155935578889
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155935563217
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqcpc/downloads/msxml4.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 8905 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Quick Scan.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2007-11-20 878352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-08-14 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll [2006-07-26 434279]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 324416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - hp toolkit - C:\HP\EXPLOREBAR\HPTOOLKT.DLL [2002-06-05 86016]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2007-11-20 878352]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
"NvCplDaemon"=NvQTwk []
"KBD"=C:\HP\KBD\KBD.EXE [2001-07-06 61440]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2001-12-19 212992]
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe [2002-05-15 155648]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2002-05-15 114688]
"PS2"=C:\WINDOWS\system32\ps2.exe [2002-06-14 81920]
"nwiz"=nwiz.exe /install []
"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-17 155648]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2008-11-20 178688]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-01-04 399504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-30 4670704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
C:\Program Files\Softwin\BitDefender10\bdagent.exe [2007-03-26 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe [2002-06-18 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDCActiveMenu]
C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe [2002-06-08 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDCM]
C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe [2002-06-08 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe [2002-05-22 188416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
C:\Program Files\ICQLite\ICQLite.exe -minimize []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-05-17 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch]
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe [2007-10-22 75584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-08-18 1832272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe [2002-05-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe [2006-07-26 49263]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-30 4670704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp center.lnk]
C:\PROGRA~1\HPCENT~1\137903\Program\BACKWE~1.EXE -startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2008-10-30 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
C:\PROGRA~1\Kodak\KODAKS~1\7288971\Program\KODAKS~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^us^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
C:\PROGRA~1\LimeWire\LimeWire.exe [2006-06-21 159744]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="sockspy.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2002-05-15 307200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\MAIET\Gunz\GunzLauncher.exe"="C:\Program Files\MAIET\Gunz\GunzLauncher.exe:*:Disabled:GunzLauncher"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Disabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe:*:Disabled:backWeb-7288971"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\RJ\Desktop\TibiCam\TibiCam\TibiCAM.exe"="C:\Documents and Settings\RJ\Desktop\TibiCam\TibiCam\TibiCAM.exe:*:Disabled:TibiCAM"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Disabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Disabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 3 months======

2009-01-11 19:05:02 ----D---- C:\Program Files\trend micro
2009-01-11 19:04:57 ----D---- C:\rsit
2009-01-11 15:34:57 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-10 14:21:41 ----D---- C:\Documents and Settings\us\Application Data\KodakCredentialStore
2009-01-10 14:18:37 ----D---- C:\Documents and Settings\us\Application Data\Skinux
2009-01-10 13:42:06 ----D---- C:\Program Files\Common Files\Kodak
2009-01-10 13:37:50 ----D---- C:\Program Files\Kodak
2009-01-10 12:59:21 ----D---- C:\Documents and Settings\All Users\Application Data\Kodak
2009-01-09 19:57:39 ----D---- C:\Documents and Settings\All Users\Application Data\ArcSoft
2009-01-09 19:44:25 ----HDC---- C:\WINDOWS\$NtUninstallKB945060-v3$
2009-01-09 19:42:13 ----HDC---- C:\WINDOWS\$NtUninstallKB932716-v2$
2009-01-09 19:40:51 ----N---- C:\WINDOWS\system32\imapi2fs.dll
2009-01-09 19:40:51 ----N---- C:\WINDOWS\system32\imapi2.dll
2009-01-09 18:13:13 ----A---- C:\install_easyshare.exe
2009-01-09 17:01:58 ----D---- C:\Program Files\MSXML 4.0
2009-01-03 17:49:50 ----A---- C:\WINDOWS\imsins.BAK
2009-01-03 14:41:48 ----D---- C:\80d6c5f383f0ef2ed6
2009-01-01 09:18:05 ----D---- C:\Program Files\CA Yahoo! Anti-Spy
2008-12-31 11:48:48 ----D---- C:\Documents and Settings\us\Application Data\Malwarebytes
2008-12-31 11:48:18 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-19 15:00:22 ----SHD---- C:\WINDOWS\system32\GroupPolicyManifest(2)
2008-12-17 18:03:02 ----D---- C:\Documents and Settings\us\Application Data\HouseCall 6.6
2008-12-15 22:25:50 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2008-12-15 20:27:35 ----A---- C:\ClearLog.txt
2008-12-11 02:57:36 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 02:57:26 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 02:55:53 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 02:55:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-10 21:11:49 ----ASH---- C:\WINDOWS\system32\18.tmp
2008-12-10 21:11:12 ----A---- C:\WINDOWS\system32\comcat32.dll
2008-12-10 20:06:00 ----D---- C:\Program Files\CardRecovery
2008-12-01 18:26:35 ----D---- C:\WINDOWS\system32\Adobe
2008-11-27 07:58:16 ----D---- C:\Documents and Settings\us\Application Data\Tibia
2008-11-13 22:30:40 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-13 22:30:18 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-10-27 15:51:09 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-25 19:01:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-25 19:01:38 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-25 19:01:25 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-25 19:00:00 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-25 18:59:20 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$

======List of files/folders modified in the last 3 months======

2009-01-11 19:05:02 ----RD---- C:\Program Files
2009-01-11 19:04:27 ----D---- C:\WINDOWS\Prefetch
2009-01-11 18:46:52 ----D---- C:\WINDOWS\system32
2009-01-11 18:46:51 ----D---- C:\WINDOWS
2009-01-11 18:46:51 ----D---- C:\Program Files\Internet Explorer
2009-01-11 15:37:42 ----D---- C:\WINDOWS\Temp
2009-01-11 15:35:12 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-11 15:35:02 ----D---- C:\WINDOWS\system32\drivers
2009-01-11 11:20:13 ----SD---- C:\WINDOWS\Tasks
2009-01-11 11:17:57 ----A---- C:\WINDOWS\ModemLog_Lucent Win Modem.txt
2009-01-11 11:16:43 ----D---- C:\Program Files\Hewlett-Packard
2009-01-11 11:15:24 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-11 08:03:38 ----D---- C:\Documents and Settings\us\Application Data\ArcSoft
2009-01-10 18:09:48 ----SHD---- C:\WINDOWS\Installer
2009-01-10 18:08:18 ----HD---- C:\Config.Msi
2009-01-10 13:50:09 ----D---- C:\WINDOWS\inf
2009-01-10 13:50:07 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-01-10 13:49:57 ----D---- C:\WINDOWS\Help
2009-01-10 13:44:06 ----RSD---- C:\WINDOWS\assembly
2009-01-10 13:42:32 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-10 13:42:06 ----D---- C:\Program Files\Common Files
2009-01-10 13:40:11 ----D---- C:\WINDOWS\WinSxS
2009-01-10 11:41:45 ----D---- C:\WINDOWS\system32\color
2009-01-09 20:02:04 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-09 19:56:40 ----D---- C:\Program Files\Common Files\ArcSoft
2009-01-09 19:56:38 ----D---- C:\Program Files\Arcsoft
2009-01-09 19:42:27 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-01-09 19:41:08 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-01 19:09:34 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-01 19:00:55 ----D---- C:\WINDOWS\system32\config
2009-01-01 19:00:22 ----D---- C:\WINDOWS\system32\wbem
2009-01-01 19:00:22 ----D---- C:\WINDOWS\Registration
2009-01-01 18:59:12 ----D---- C:\Program Files\Tibia
2009-01-01 18:57:49 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-01-01 18:55:40 ----D---- C:\Program Files\QuickTime
2009-01-01 18:55:15 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-01-01 18:52:15 ----D---- C:\Program Files\Windows NT
2009-01-01 18:52:03 ----D---- C:\Program Files\CCleaner
2009-01-01 18:51:48 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-01 18:51:47 ----D---- C:\Program Files\RegScrubXP
2009-01-01 16:56:04 ----D---- C:\WINDOWS\Debug
2008-12-18 16:44:54 ----D---- C:\WINDOWS\ie7updates
2008-12-18 15:44:08 ----D---- C:\Program Files\HijackThis
2008-12-17 22:32:32 ----D---- C:\WINDOWS\network diagnostic
2008-12-15 22:20:06 ----D---- C:\WINDOWS\pss
2008-12-15 22:19:22 ----D---- C:\I386
2008-12-15 20:43:48 ----D---- C:\Program Files\Common Files\Services
2008-12-13 01:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-11 21:41:15 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-09 15:24:38 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-05 21:22:38 ----D---- C:\Program Files\Coupons
2008-12-01 18:48:52 ----D---- C:\Documents and Settings\us\Application Data\Adobe
2008-12-01 18:48:48 ----D---- C:\WINDOWS\system32\Macromed
2008-11-30 12:17:47 ----D---- C:\WINDOWS\system32\FxsTmp
2008-11-13 19:01:54 ----D---- C:\Documents and Settings
2008-11-13 18:16:05 ----D---- C:\Program Files\Incomplete
2008-11-13 18:15:03 ----D---- C:\Program Files\LimeWire
2008-10-23 08:01:36 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-22 04:47:07 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-10-16 15:38:40 ----A---- C:\WINDOWS\system32\wininet.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\url.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\occache.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\mstime.dll
2008-10-16 15:38:38 ----A---- C:\WINDOWS\system32\msrating.dll
2008-10-16 15:38:38 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\iernonce.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-10-16 15:38:35 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2008-10-16 15:38:35 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-10-16 15:38:35 ----A---- C:\WINDOWS\system32\ieaksie.dll
2008-10-16 15:38:35 ----A---- C:\WINDOWS\system32\ieakeng.dll
2008-10-16 15:38:35 ----A---- C:\WINDOWS\system32\icardie.dll
2008-10-16 15:38:35 ----A---- C:\WINDOWS\system32\extmgr.dll
2008-10-16 15:38:34 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-10-16 15:38:34 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-10-16 15:38:34 ----A---- C:\WINDOWS\system32\advpack.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\muweb.dll
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-10-16 08:11:09 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-10-16 08:11:09 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2008-10-15 11:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-15 02:04:53 ----A---- C:\WINDOWS\system32\ieakui.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2002-05-22 90336]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 bdpredir;bdpredir; \??\C:\Program Files\Softwin\BitDefender10\bdpredir.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2002-06-19 5589]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2002-06-19 22995]
R2 BDRSDRV;BDRSDRV; \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys []
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2002-06-06 40368]
R2 MaVctrl;MaVctrl; C:\WINDOWS\system32\DRIVERS\MaVc2K.sys [2005-08-17 11473]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2002-07-16 23701]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2002-07-16 34805]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2002-07-16 4117]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2002-07-16 2201]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2002-07-16 54900]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2002-07-16 14421]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2002-07-16 6325]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2002-07-16 91156]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2002-07-16 95125]
R2 usbhub;DSC Composite USB Device; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2002-05-22 69504]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 bdfdll;bdfdll; \??\C:\Program Files\Softwin\BitDefender10\bdfdll.sys []
R3 BDFSDRV;BDFSDRV; \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys []
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2002-05-22 78045]
R3 ltmodem5;LT Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2003-03-31 625537]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2002-07-24 28164]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-03-08 13780]
R3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2001-06-04 14112]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-04 37376]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-04 42496]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2001-08-08 158140]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2001-08-08 12479]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2001-08-08 12031]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2001-08-08 11679]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2001-08-08 11999]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2001-08-08 19359]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2001-08-08 29215]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2001-08-08 19199]
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2001-08-08 33503]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2001-08-08 23519]
S3 mamotou;mamotou; C:\WINDOWS\system32\DRIVERS\mamotou.sys [2005-11-07 49399]
S3 MaRdPnp;MaRdPnp; C:\WINDOWS\system32\DRIVERS\MaRdP2K.sys [2005-08-17 49867]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2002-05-03 931882]
S3 nv4;nv4; C:\WINDOWS\System32\DRIVERS\nv4.sys [2001-08-17 731648]
S3 S3Psddr;S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2002-07-13 155008]
S3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2002-04-09 188032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-04 17024]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XTrapD12;XTrapD12; \??\C:\WINDOWS\system32\XTrapD12.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2008-11-19 109056]
R2 bdss;BitDefender Scan Server; C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe [2007-01-19 81920]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2005-11-28 229376]
R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe [2007-08-20 237568]
R2 VSSERV;BitDefender Virus Shield; C:\Program Files\Softwin\BitDefender10\vsserv.exe [2007-08-20 462848]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 XCOMM;BitDefender Communicator; C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe [2006-11-09 86016]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S2 MyWebSearchService;My Web Search Service; C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe []
S2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2002-05-03 61440]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 KodakCCS;Kodak Camera Connection Software; C:\WINDOWS\system32\drivers\KodakCCS.exe []
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

#5 mamawV

mamawV
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:46 PM

Posted 11 January 2009 - 07:18 PM

Hi again...I thought I posted RSIT-info.txt but I don't see it and don't know how to retrieve it..any thoughts? :thumbsup:

#6 mamawV

mamawV
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:46 PM

Posted 11 January 2009 - 08:04 PM

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-11 19:59:58
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys ZwClose [0xEFD1D9AC]
SSDT \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys ZwCreateKey [0xEFD1D95E]
SSDT \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys ZwDeleteKey [0xEFD1DA12]
SSDT \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys ZwDeleteValueKey [0xEFD1DA3C]
SSDT \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys ZwEnumerateKey [0xEFD1DE6A]
SSDT \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys ZwEnumerateValueKey [0xEFD1DEE0]
SSDT \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys ZwFlushKey [0xEFD1D9E8]
SSDT \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys ZwLoadKey [0xEFD1DF58]
SSDT \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys ZwOpenFile [0xEF89FF1F]
SSDT \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys ZwOpenKey [0xEFD1D91C]
SSDT \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys ZwQueryKey [0xEFD1DEA6]
SSDT \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys ZwQueryValueKey [0xEFD1DF1C]
SSDT \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys ZwSetValueKey [0xEFD1DAE9]
SSDT \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys ZwUnloadKey [0xEFD1DF86]

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[2520] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 42F0F301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 430A179F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 430A1720 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 430A1764 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 430A16AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 430A16E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 430A17DA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 42F316B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] ws2_32.dll!sendto 71AB2C69 5 Bytes JMP 10002D10 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] ws2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 10002CA0 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] ws2_32.dll!bind 71AB3E00 5 Bytes JMP 10003020 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] ws2_32.dll!connect 71AB406A 5 Bytes JMP 10002DA0 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] ws2_32.dll!send 71AB428A 5 Bytes JMP 10002AA0 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] ws2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 10002D70 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] ws2_32.dll!listen 71AB88D3 5 Bytes JMP 10002A60 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] ws2_32.dll!closesocket 71AB9639 5 Bytes JMP 10003060 C:\WINDOWS\system32\sockspy.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2520] ws2_32.dll!accept 71AC1028 5 Bytes JMP 10002F30 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\System32\alg.exe[3120] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\System32\sockspy.dll
.text C:\WINDOWS\System32\alg.exe[3120] WS2_32.dll!sendto 71AB2C69 5 Bytes JMP 10002D10 C:\WINDOWS\System32\sockspy.dll
.text C:\WINDOWS\System32\alg.exe[3120] WS2_32.dll!recvfrom 71AB2D0F 5 Bytes JMP 10002CA0 C:\WINDOWS\System32\sockspy.dll
.text C:\WINDOWS\System32\alg.exe[3120] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 10003020 C:\WINDOWS\System32\sockspy.dll
.text C:\WINDOWS\System32\alg.exe[3120] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10002DA0 C:\WINDOWS\System32\sockspy.dll
.text C:\WINDOWS\System32\alg.exe[3120] WS2_32.dll!send 71AB428A 5 Bytes JMP 10002AA0 C:\WINDOWS\System32\sockspy.dll
.text C:\WINDOWS\System32\alg.exe[3120] WS2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 10002D70 C:\WINDOWS\System32\sockspy.dll
.text C:\WINDOWS\System32\alg.exe[3120] WS2_32.dll!listen 71AB88D3 5 Bytes JMP 10002A60 C:\WINDOWS\System32\sockspy.dll
.text C:\WINDOWS\System32\alg.exe[3120] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 10003060 C:\WINDOWS\System32\sockspy.dll
.text C:\WINDOWS\System32\alg.exe[3120] WS2_32.dll!accept 71AC1028 5 Bytes JMP 10002F30 C:\WINDOWS\System32\sockspy.dll

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2100] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2100] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2100] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2100] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2100] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2100] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2100] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2100] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2100] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2100] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2100] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2100] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2100] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2100] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [63601740] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2100] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2100] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2100] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2100] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2100] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2100] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2100] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2100] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2100] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2100] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2100] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2100] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2100] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2100] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[2100] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs bdfsdrv.sys

Device \FileSystem\Fastfat \FatCdrom tfsnifs.sys (Direct Access Component/VERITAS Software, Inc.)

---- Disk sectors - GMER 1.0.14 ----

Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR

---- EOF - GMER 1.0.14 ----

#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 12 January 2009 - 02:25 AM

Download this tool directly to C:\Windows folder:

http://www2.gmer.net/mbr/mbr.exe

Double click it & post the log it creates on the screen. (C:\Windows\mbr.log)

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#8 mamawV

mamawV
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:46 PM

Posted 19 January 2009 - 09:25 AM

Is this what you need?

Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 20 January 2009 - 07:13 AM

Yup.. That's it.. Lets do this now :thumbsup:


Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 26 January 2009 - 06:45 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users