Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with ATRAPS.Gen2


  • This topic is locked This topic is locked
30 replies to this topic

#1 aroranuj

aroranuj

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 28 July 2009 - 03:40 PM

Hello,

I am new to bleepingcomputer forums & have read the rules, that being said if I don't do something correctly, please let me know....My Laptop was fine till last night but when I was using it today I suddenly got a beeping (how appropriate) noise from it while I was away for a couple of minutes even thought the laptop was on mute. I found that Avira AntiVir (which I installed last week) had detected Tr/ATRAPS.Gen2 It said the link was at C:\Windows\system32\msyunkernm.dll

I ran a full scan with Antivir & it detected the trojan & removed it. I also ran Malwarebytes after that & it did not find anything. I have also now installed Comodo Firewall. After performing all these tasks everytime I restart my Laptop Antivir still detects thh trojan. How can I get rid of it?

Thanks,

Attached Files



BC AdBot (Login to Remove)

 


#2 aroranuj

aroranuj
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 04 August 2009 - 08:30 AM

Hello All,

Couple of updates....since then whenever I restart my Laptop & at the log in screen login it never really loads the desktop till the time I hit ctrl+alt+del. Now my Google Chrome has stopped opening....Can someone please HELP!!!! I have been waiting for a week & no replies!

Edited by Orange Blossom, 17 August 2009 - 12:38 AM.
Remove unnecessary quote. ~ OB


#3 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 07 August 2009 - 03:34 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

#4 aroranuj

aroranuj
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  

Posted 07 August 2009 - 10:49 AM

Hello,

Please find the DDT details & the attached Attach file. My Laptop seems to be infected with the Atraps.Gen2 virus. Every time I start the Laptop it gets to the login screen & I put in my password to login it stays on the welcome screen until the time I press ctrl+alt+del & then it gets me to the desktop & Comodo detects the Trojan & asks me about 5 times to block it. Sometimes when I open Windows explorer or am online it shows up again...Not sure how to get rid of it. Have run virus scans, malwarebytes & comodo. No one can destroy it...

P.S I have winrar on my laptop & it wont let me attach a winrar file hence I have attached the text document. THANK YOU so much for your help!


DDS (Ver_09-07-30.01) - NTFSx86
Run by Anuj at 11:33:12.79 on Fri 08/07/2009
Internet Explorer: 8.0.6001.18813
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2038.859 [GMT -4:00]

SP: COMODO Defense+ *enabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
c:\windows\system32\OCVUVN~1.EXE
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\lxbccoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
c:\program files\yrqrjxqpqi\ocvuvnbutum.exe
c:\program files\yrqrjxqpqi\ocvuvnbutum.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\sttray.exe
C:\Program Files\My Lockbox\flockbox.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Users\Anuj\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Anuj\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = https://outlook.extendedstay.com/exchweb/bi...eplaceCurrent=1
uWindow Title = Internet Explorer provided by Dell
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5070614
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Yahoo! IE Suggest: {5a263cf7-56a6-4d68-a8cf-345be45bc911} - c:\program files\yahoo!\search\YSearchSuggest.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Google Update] "c:\users\anuj\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [VolPanel] "c:\program files\creative\sbaudigy\volume panel\VolPanlu.exe" /r
mRun: [<NO NAME>]
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [flockbox] c:\program files\my lockbox\flockbox.exe /a
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRunOnce: [Uninstall Adobe Download Manager] "c:\program files\nos\bin\getPlus_HelperSvc.exe" /UninstallGet1noarp
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553518000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\goec62~1.dll c:\windows\system32\guard32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R0 MPRIFL;MPRIFL;c:\windows\system32\drivers\mprifl.sys [2009-5-24 17264]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-7-28 128888]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-7-28 29520]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-7-14 108289]
R2 ctwhrchybzhmlq;ctwhrchybzhmlq;c:\windows\system32\OCVUVN~1.EXE [2008-1-12 77901]
R2 lxbc_device;lxbc_device;c:\windows\system32\lxbccoms.exe -service --> c:\windows\system32\lxbccoms.exe -service [?]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-8-6 66056]
S3 SPC610NC;SPC 610NC Laptop Camera;c:\windows\system32\drivers\SPC610NC.SYS [2007-10-3 409728]

=============== Created Last 30 ================

2009-08-06 22:37 <DIR> --d----- c:\programdata\NOS
2009-08-06 22:23 <DIR> --d----- c:\programdata\Yahoo! Companion
2009-08-06 11:19 <DIR> --d----- C:\6bc85684d99efb141e28481e
2009-08-04 11:41 <DIR> --d----- c:\program files\Trend Micro
2009-07-28 14:00 <DIR> --d----- c:\programdata\Comodo
2009-07-28 14:00 <DIR> --d----- c:\progra~2\Comodo
2009-07-28 14:00 179,792 a------- c:\windows\system32\guard32.dll
2009-07-28 14:00 128,888 a------- c:\windows\system32\drivers\cmdguard.sys
2009-07-28 14:00 29,520 a------- c:\windows\system32\drivers\cmdhlp.sys
2009-07-28 14:00 <DIR> --d----- c:\program files\COMODO
2009-07-14 22:56 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-14 22:56 156,672 a------- c:\windows\system32\t2embed.dll
2009-07-14 22:56 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-14 22:56 10,240 a------- c:\windows\system32\dciman32.dll
2009-07-14 00:48 55,656 a------- c:\windows\system32\drivers\avgntflt.sys
2009-07-14 00:48 <DIR> --d----- c:\programdata\Avira
2009-07-14 00:48 <DIR> --d----- c:\program files\Avira
2009-07-14 00:48 <DIR> --d----- c:\progra~2\Avira
2009-07-13 23:42 <DIR> --d----- c:\users\anuj\appdata\roaming\Malwarebytes
2009-07-13 23:42 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 23:42 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-13 23:42 <DIR> --d----- c:\programdata\Malwarebytes
2009-07-13 23:42 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-13 23:42 <DIR> --d----- c:\progra~2\Malwarebytes
2009-07-13 22:59 <DIR> --d----- c:\programdata\10255564
2009-07-13 22:59 <DIR> --d----- c:\progra~2\10255564

==================== Find3M ====================

2009-07-28 14:03 143,360 a------- c:\windows\inf\infstrng.dat
2009-07-28 14:03 51,200 a------- c:\windows\inf\infpub.dat
2009-07-28 14:03 86,016 a------- c:\windows\inf\infstor.dat
2009-07-21 17:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 17:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 17:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 16:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-05-10 14:43 139,726 a------- c:\windows\hpoins15.dat
2008-12-11 17:27 60,744 a------- c:\users\anuj\g2mdlhlpx.exe
2008-09-16 09:50 174 a--sh--- c:\program files\desktop.ini
2008-09-15 23:26 665,600 a------- c:\windows\inf\drvindex.dat
2008-03-29 11:42 32 a------- c:\programdata\ezsid.dat
2008-03-29 11:42 32 a------- c:\progra~2\ezsid.dat
2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2003-04-18 10:50 47,418 a------- c:\windows\inf\rshack\rshack\win2k\SER2PL.SYS
2002-06-27 05:13 126,976 a------- c:\windows\inf\rshack\rshack\DRemover.exe
2002-06-20 10:20 27,340 a------- c:\windows\inf\rshack\rshack\win98_me\SER9PL.SYS
2007-06-14 05:24 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 11:36:21.64 ===============

Attached Files



#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:20 AM

Posted 09 August 2009 - 07:44 PM

Hi aroranuj,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

------------------------------------------

C:\Windows\system32\msyunkernm.dll


This is a stubborn infection and we need to run something that can remove this. This may take more than one run.

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop but rename it Combo-Fix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combo-Fix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#6 aroranuj

aroranuj
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 10 August 2009 - 03:45 PM

Hello,

Please find the attached file.

Thanks,

Attached Files



#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:20 AM

Posted 10 August 2009 - 06:25 PM

Thanks for the log. :)

Open notepad and copy/paste the text in the quotebox below into it:

http://www.bleepingcomputer.com/forums/ind...22&t=245101

Collect::
C:\Windows\System32\OCVUVN~1.EXE

Driver::
ctwhrchybzhmlq


Save this as CFScript.txt


Posted Image


Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.


    Then

    Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
    • Make sure you are connected to the Internet.
    • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • When installation has finished, make sure you leave both of these checked:[list]
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#8 aroranuj

aroranuj
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 10 August 2009 - 10:31 PM

Completed all the steps. No infections were found....File you requested in the last post should have been uploaded to your server..

Thank for all your help!

Malwarebytes' Anti-Malware 1.40
Database version: 2595
Windows 6.0.6001 Service Pack 1

8/10/2009 11:22:07 PM
mbam-log-2009-08-10 (23-22-07).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 225424
Time elapsed: 1 hour(s), 38 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#9 aroranuj

aroranuj
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 11 August 2009 - 08:47 AM

Hello

After I ran the new Combo-Fix file & posted the last postAvira is detecting another Trojan. Not sure if it is the software that it is detecting as a Trojan or is an actual trojan. Here is what the pop-up says

TR/Drop.Softomat. AN(Trojan) detected in file C:\Windows\System32\ocvuvnbutumc.exe

Thanks for your help!

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:20 AM

Posted 11 August 2009 - 11:47 AM

There should be a new Combofix log to go with that.

Please go to Start >Run > and copy/paste the following, then press Enter

C:\QooBox\ComboFix-quarantined-files.txt

A log file should open. Please post that in your next reply.
Posted Image
m0le is a proud member of UNITE

#11 aroranuj

aroranuj
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 11 August 2009 - 08:37 PM

Here you go...

2009-08-11 01:09:26 . 2009-08-11 01:09:26 984 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ctwhrchybzhmlq.reg.dat
2009-08-11 00:59:25 . 2009-08-11 00:59:26 34,792 ----a-w- C:\Qoobox\Quarantine\[4]-Submit_2009-08-10_20.59.22.zip
2009-08-10 20:22:43 . 2009-08-11 01:08:53 5,078 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2009-08-10 19:58:04 . 2009-08-11 00:57:19 153 ----a-w- C:\Qoobox\Quarantine\catchme.log

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:20 AM

Posted 12 August 2009 - 06:05 AM

Please navigate to this file:

C:\Qoobox\Quarantine\[4]-Submit_2009-08-10_20.59.22.zip

Then open it and post the log.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#13 aroranuj

aroranuj
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 12 August 2009 - 09:34 AM

Here you go...

ComboFix 09-08-10.01 - Anuj 08/10/2009 20:59:46.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2038.1256 [GMT -4:00]
Running from: C:\Users\Anuj\Desktop\Combo-Fix.exe
Command switches used :: C:\Users\Anuj\Desktop\CFScript.txt
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
SP: COMODO Defense+ *enabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

file zipped: C:\Windows\System32\OCVUVN~1.EXE
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

?



.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ctwhrchybzhmlq


((((((((((((((((((((((((( Files Created from 2009-07-11 to 2009-08-11 )))))))))))))))))))))))))))))))
.

2009-08-11 01:13:45 . 2009-08-11 01:13:45 0 d-----w- C:\Users\Default\AppData\Local\temp
2009-08-10 15:33:05 . 2009-08-10 15:33:26 0 d-----w- C:\b68301083b23c84d4c5c264cfa120e
2009-08-07 02:37:39 . 2009-08-10 19:54:07 0 d-----w- C:\ProgramData\NOS
2009-08-07 02:37:39 . 2009-08-10 19:54:06 0 d-----w- C:\Program Files\NOS
2009-08-07 02:25:20 . 2009-08-07 02:25:20 0 d-----w- C:\Users\Anuj\AppData\Local\Yahoo
2009-08-07 02:23:53 . 2009-08-07 02:23:53 0 d-----w- C:\ProgramData\Yahoo! Companion
2009-08-07 02:19:59 . 2009-05-26 23:50:14 607472 ----a-w- C:\ProgramData\Yahoo!\YUpdater\yupdater.exe
2009-08-06 15:19:08 . 2009-08-06 15:19:32 0 d-----w- C:\6bc85684d99efb141e28481e
2009-08-04 15:41:17 . 2009-08-04 15:41:17 0 d-----w- C:\Program Files\Trend Micro
2009-07-28 18:00:38 . 2009-07-28 19:12:19 0 d-----w- C:\ProgramData\Comodo
2009-07-28 18:00:36 . 2009-07-28 20:43:59 74328 ----a-w- C:\Windows\system32\drivers\inspect.sys
2009-07-28 18:00:36 . 2009-07-28 20:36:29 179792 ----a-w- C:\Windows\system32\guard32.dll
2009-07-28 18:00:36 . 2009-07-28 20:36:23 29520 ----a-w- C:\Windows\system32\drivers\cmdhlp.sys
2009-07-28 18:00:36 . 2009-07-28 20:36:22 128888 ----a-w- C:\Windows\system32\drivers\cmdguard.sys
2009-07-28 18:00:33 . 2009-07-28 18:00:33 0 d-----w- C:\Program Files\COMODO
2009-07-15 02:56:52 . 2009-06-15 15:24:24 156672 ----a-w- C:\Windows\system32\t2embed.dll
2009-07-15 02:56:52 . 2009-06-15 15:20:27 72704 ----a-w- C:\Windows\system32\fontsub.dll
2009-07-15 02:56:52 . 2009-06-15 15:20:00 10240 ----a-w- C:\Windows\system32\dciman32.dll
2009-07-15 02:56:52 . 2009-06-15 12:52:13 289792 ----a-w- C:\Windows\system32\atmfd.dll
2009-07-14 04:48:48 . 2009-08-05 16:30:40 55656 ----a-w- C:\Windows\system32\drivers\avgntflt.sys
2009-07-14 04:48:48 . 2009-03-30 14:33:07 96104 ----a-w- C:\Windows\system32\drivers\avipbb.sys
2009-07-14 04:48:43 . 2009-07-14 04:48:43 0 d-----w- C:\ProgramData\Avira
2009-07-14 04:48:43 . 2009-07-14 04:48:43 0 d-----w- C:\Program Files\Avira
2009-07-14 03:42:59 . 2009-07-14 03:42:59 0 d-----w- C:\Users\Anuj\AppData\Roaming\Malwarebytes
2009-07-14 03:42:54 . 2009-07-13 17:36:34 38160 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys
2009-07-14 03:42:53 . 2009-07-14 03:42:58 0 d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-14 03:42:53 . 2009-07-14 03:42:53 0 d-----w- C:\ProgramData\Malwarebytes
2009-07-14 03:42:53 . 2009-07-13 17:36:12 19096 ----a-w- C:\Windows\system32\drivers\mbam.sys
2009-07-14 02:59:21 . 2009-07-28 17:01:27 0 d-----w- C:\ProgramData\10255564

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-11 00:59:25 . 2008-01-12 04:38:41 77901 ----a-w- C:\Windows\system32\ocvuvnbutumc.exe
2009-08-08 16:06:38 . 2008-11-07 23:24:50 0 d-----w- C:\Users\Anuj\AppData\Roaming\uTorrent
2009-08-07 02:24:03 . 2007-06-21 00:46:09 0 d-----w- C:\ProgramData\Yahoo!
2009-08-07 02:24:03 . 2007-06-21 00:44:15 0 d-----w- C:\Program Files\Yahoo!
2009-08-04 18:41:09 . 2007-06-14 02:03:53 0 d-----w- C:\Program Files\Google
2009-08-04 14:30:57 . 2008-06-28 04:38:18 0 d--h--w- C:\Program Files\Yrqrjxqpqi
2009-07-21 21:52:28 . 2009-07-29 12:17:53 915456 ----a-w- C:\Windows\system32\wininet.dll
2009-07-21 21:47:28 . 2009-07-29 12:17:51 109056 ----a-w- C:\Windows\system32\iesysprep.dll
2009-07-21 21:47:27 . 2009-07-29 12:17:51 71680 ----a-w- C:\Windows\system32\iesetup.dll
2009-07-21 20:13:58 . 2009-07-29 12:17:52 133632 ----a-w- C:\Windows\system32\ieUnatt.exe
2009-07-15 13:11:01 . 2006-11-02 11:18:33 0 d-----w- C:\Program Files\Windows Mail
2009-07-15 13:10:06 . 2007-06-22 00:17:42 0 d-----w- C:\ProgramData\Microsoft Help
2009-07-14 04:42:19 . 2007-08-11 03:06:10 0 d-----w- C:\Program Files\Spybot - Search & Destroy
2009-07-14 04:42:19 . 2007-06-21 01:24:57 0 d-----w- C:\Program Files\PC Tools AntiVirus
2009-07-14 04:40:50 . 2007-08-11 03:06:21 0 d-----w- C:\ProgramData\Spybot - Search & Destroy
2009-07-05 17:47:46 . 2009-05-10 18:44:45 0 d-----w- C:\Users\Anuj\AppData\Roaming\HP
2009-06-22 19:23:26 . 2009-06-22 19:23:26 239088 ----a-w- C:\Users\Anuj\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2009-05-16 14:04:59 . 2009-05-16 14:04:59 390664 ----a-w- C:\Users\Anuj\AppData\Roaming\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-14 19:53:20 . 2007-06-20 22:17:09 117696 ----a-w- C:\Users\Anuj\AppData\Local\GDIPFONTCACHEV1.DAT
2007-06-14 09:24:54 . 2007-06-14 09:24:18 8192 --sha-w- C:\Windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-08-10_20.27.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-06-14 02:18:36 . 2009-08-11 00:43:18 50156 C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:02:52 . 2009-08-11 01:18:10 69234 C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-06-20 22:18:07 . 2009-08-11 01:18:10 12362 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1130332333-2945391353-3048473963-1000_UserData.bin
+ 2008-01-05 01:14:37 . 2008-01-05 01:14:37 9846 C:\Windows\System32\mswmncorem.dll
- 2009-04-11 19:58:12 . 2009-04-11 19:58:12 9846 C:\Windows\System32\mswmncorem.dll
+ 2009-08-11 01:15:53 . 2009-08-11 01:15:53 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-08-10 19:59:46 . 2009-08-10 19:59:46 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-08-10 19:59:46 . 2009-08-10 19:59:46 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-08-11 01:15:53 . 2009-08-11 01:15:53 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2007-06-21 13:01:12 . 2009-08-10 21:50:30 274648 C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-08-11 01:14:11 . 2009-08-11 01:14:11 151552 C:\Windows\ERDNT\subs\Users\00000002\ntuser.dat
+ 2009-08-11 01:14:11 . 2009-08-11 01:14:11 155648 C:\Windows\ERDNT\subs\Users\00000001\ntuser.dat
+ 2009-08-11 01:14:12 . 2009-08-11 01:14:12 4075520 C:\Windows\ERDNT\subs\Users\00000004\UsrClass.dat
+ 2009-08-11 01:14:12 . 2009-08-11 01:14:12 8548352 C:\Windows\ERDNT\subs\Users\00000003\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 22:51:28 3885408]
"Google Update"="C:\Users\Anuj\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-11-21 14:40:01 133104]
"Messenger (Yahoo!)"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 01:06:32 4351216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 23:27:32 815104]
"VolPanel"="C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 14:14:52 180224]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-12-12 14:02:38 98304]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-12-12 14:03:58 106496]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2006-12-12 14:02:28 81920]
"flockbox"="C:\Program Files\My Lockbox\flockbox.exe" [2007-12-14 20:59:20 1071472]
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 17:08:47 209153]
"COMODO Internet Security"="C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" [2009-07-28 20:33:42 1793808]
"SigmatelSysTrayApp"="sttray.exe" - C:\Windows\sttray.exe [2007-02-08 05:11:04 303104]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 01:23:34 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll C:\Windows\System32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=C:\Windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
backup=C:\Windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPro610.lnk]
backup=C:\Windows\pss\VPro610.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{33D4A199-B709-49AB-9A88-AAE42060B033}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{800FBB35-2DEA-4501-9588-4B19BF899773}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{E70E0E81-0ADC-4400-8CA6-FAD94C7AF7B8}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{92D7F2A7-C51A-41FB-AED7-13183548A05D}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{E31E714B-BF92-4902-AB9B-334711BC9048}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{8C457483-F717-4F42-8354-D01DDE990387}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{71C06064-002C-457F-8C9C-D5DFCFA8D5EF}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{A440437C-CDBB-4AD9-9C81-3CF843F5D88F}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"TCP Query User{CB9E5BB5-618D-433F-88AF-723ABE5B4208}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{011B71D9-0628-44C9-A8D1-3A4A52365254}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"{4ACC88EB-A9BC-43C3-9686-27BA622FB60F}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{6C01852E-4805-4DB0-AF04-0BF123BD3AEC}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{9EF544F2-B204-4033-92BC-724929A154D2}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{EE930DEC-66C1-407C-9AE8-008EE5137727}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{04F13496-5918-4A79-AEC0-21AECBA92B21}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{3F5DA910-0E65-45F2-812D-173D06510FBA}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{1D123586-D817-440C-9417-A17C80CB25E9}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{BC11171A-C909-4818-91B0-41CE93F44340}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{8E405FC5-D70D-492C-BA6B-AD6D053229C3}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{6D0BFFEF-938E-4355-8608-BFFDD37A5A66}"= UDP:C:\Windows\System32\lxbccoms.exe:Lexmark Communications System
"{351E7DDD-4FEF-4E4C-AF9C-8B860B372BDE}"= TCP:C:\Windows\System32\lxbccoms.exe:Lexmark Communications System
"{805EE71E-DF7B-4F09-986B-8BA1B47B3442}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxbcpswx.exe:Printer Status Window
"{6CF5B74F-E672-45F8-8A02-0226F333D530}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxbcpswx.exe:Printer Status Window
"TCP Query User{AAEFA882-DC7A-4550-9283-D8B0642B4811}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{8B569859-E0DB-4368-92DD-6E70CA024F1C}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{7B29BB5C-911B-40B5-9A47-7820E281159B}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{1C1FDA13-7BF4-4D60-8462-C5280FF53976}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{F6CAF8FB-05B2-4B62-A0A3-24B87D3584CD}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{A3EDCDCF-1580-4D31-8E7D-FA3D39EAEA91}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{CF1C8876-DD58-4E68-A8BC-397EE4F9BDAE}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{58C377EA-0379-4B23-AA46-E1AF7B861490}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:µTorrent

R0 MPRIFL;MPRIFL;C:\Windows\System32\drivers\mprifl.sys [5/24/2009 12:32:07 PM 17264]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [7/28/2009 2:00:36 PM 128888]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [7/28/2009 2:00:36 PM 29520]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files\Avira\AntiVir Desktop\sched.exe [7/14/2009 12:48:48 AM 108289]
R2 lxbc_device;lxbc_device;C:\Windows\system32\lxbccoms.exe -service --> C:\Windows\system32\lxbccoms.exe -service [?]
S3 SPC610NC;SPC 610NC Laptop Camera;C:\Windows\System32\drivers\SPC610NC.SYS [10/3/2007 12:12:23 PM 409728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-10 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1130332333-2945391353-3048473963-1000Core.job
- C:\Users\Anuj\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-21 14:40:01 . 2008-11-21 14:40:01]

2009-08-11 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1130332333-2945391353-3048473963-1000UA.job
- C:\Users\Anuj\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-21 14:40:01 . 2008-11-21 14:40:01]

2009-08-10 C:\Windows\Tasks\User_Feed_Synchronization-{2E777BB9-A678-40E7-ABA1-5A0233F2E80B}.job
- C:\Windows\system32\msfeedssync.exe [2009-07-29 12:17:51 . 2009-07-21 20:13:15]
.
.
------- Supplementary Scan -------
.
uStart Page = https://outlook.extendedstay.com/exchweb/bi...eplaceCurrent=1
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-10 21:17:00
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\BCMWLTRY.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Windows\System32\CTSVCCDA.EXE
C:\Windows\System32\lxbccoms.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\sdclt.exe
.
**************************************************************************
.
Completion time: 2009-08-11 21:33:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-11 01:33:17

Pre-Run: 19,229,581,312 bytes free
Post-Run: 18,911,068,160 bytes free

247 --- E O F --- 2009-08-10 15:33:46

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:20 AM

Posted 12 August 2009 - 02:34 PM

There's still some lurkers in the log.


There's also P2P files there...

The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case Azureus). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."


Back to the fix

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\Windows\system32\ocvuvnbutumc.exe
Folder::
C:\Program Files\Yrqrjxqpqi


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#15 aroranuj

aroranuj
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 12 August 2009 - 09:04 PM

Hello,

Thank you for your advise....Once i resolve this issue I will address other issues.... Here are the log details...


ComboFix 09-08-10.01 - Anuj 08/12/2009 21:37.3.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2038.1241 [GMT -4:00]
Running from: c:\users\Anuj\Desktop\Combo-Fix.exe
Command switches used :: c:\users\Anuj\Desktop\CFScript.txt
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
SP: COMODO Defense+ *enabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\ocvuvnbutumc.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

?
c:\program files\Yrqrjxqpqi


.
((((((((((((((((((((((((( Files Created from 2009-07-13 to 2009-08-13 )))))))))))))))))))))))))))))))
.

2009-08-13 01:51 . 2009-08-13 01:52 -------- d-----w- c:\users\Anuj\AppData\Local\temp
2009-08-13 01:51 . 2009-08-13 01:51 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-08-13 01:51 . 2009-08-13 01:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-12 09:38 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-12 09:38 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-12 09:38 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-12 09:38 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-12 09:38 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-12 09:38 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-12 09:38 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-12 09:38 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-11 01:39 . 2009-08-11 01:39 3942048 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-10 15:33 . 2009-08-10 15:33 -------- d-----w- C:\b68301083b23c84d4c5c264cfa120e
2009-08-07 02:37 . 2009-08-10 19:54 -------- d-----w- c:\programdata\NOS
2009-08-07 02:37 . 2009-08-10 19:54 -------- d-----w- c:\program files\NOS
2009-08-07 02:25 . 2009-08-07 02:25 -------- d-----w- c:\users\Anuj\AppData\Local\Yahoo
2009-08-07 02:23 . 2009-08-07 02:23 -------- d-----w- c:\programdata\Yahoo! Companion
2009-08-07 02:19 . 2009-05-26 23:50 607472 ----a-w- c:\programdata\Yahoo!\YUpdater\yupdater.exe
2009-08-06 15:19 . 2009-08-06 15:19 -------- d-----w- C:\6bc85684d99efb141e28481e
2009-08-04 15:41 . 2009-08-04 15:41 -------- d-----w- c:\program files\Trend Micro
2009-07-28 18:00 . 2009-07-28 19:12 -------- d-----w- c:\programdata\Comodo
2009-07-28 18:00 . 2009-07-28 20:43 74328 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-07-28 18:00 . 2009-07-28 20:36 179792 ----a-w- c:\windows\system32\guard32.dll
2009-07-28 18:00 . 2009-07-28 20:36 29520 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-07-28 18:00 . 2009-07-28 20:36 128888 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-07-28 18:00 . 2009-07-28 18:00 -------- d-----w- c:\program files\COMODO
2009-07-15 02:56 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 02:56 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 02:56 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 02:56 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-14 04:48 . 2009-08-05 16:30 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-14 04:48 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-07-14 04:48 . 2009-07-14 04:48 -------- d-----w- c:\programdata\Avira
2009-07-14 04:48 . 2009-07-14 04:48 -------- d-----w- c:\program files\Avira
2009-07-14 03:42 . 2009-07-14 03:42 -------- d-----w- c:\users\Anuj\AppData\Roaming\Malwarebytes
2009-07-14 03:42 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-14 03:42 . 2009-08-11 01:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-14 03:42 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-14 03:42 . 2009-07-14 03:42 -------- d-----w- c:\programdata\Malwarebytes
2009-07-14 02:59 . 2009-07-28 17:01 -------- d-----w- c:\programdata\10255564

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-12 13:10 . 2007-06-22 00:17 -------- d-----w- c:\programdata\Microsoft Help
2009-08-12 13:09 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-12 12:29 . 2008-11-07 23:24 -------- d-----w- c:\users\Anuj\AppData\Roaming\uTorrent
2009-08-11 00:59 . 2008-01-12 04:38 77901 ----a-w- c:\windows\system32\ocvuvnbutumc.exe
2009-08-07 02:24 . 2007-06-21 00:46 -------- d-----w- c:\programdata\Yahoo!
2009-08-07 02:24 . 2007-06-21 00:44 -------- d-----w- c:\program files\Yahoo!
2009-08-04 18:41 . 2007-06-14 02:03 -------- d-----w- c:\program files\Google
2009-07-21 21:52 . 2009-07-29 12:17 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 12:17 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 12:17 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 12:17 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-14 04:42 . 2007-08-11 03:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-14 04:42 . 2007-06-21 01:24 -------- d-----w- c:\program files\PC Tools AntiVirus
2009-07-14 04:40 . 2007-08-11 03:06 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-07-05 17:47 . 2009-05-10 18:44 -------- d-----w- c:\users\Anuj\AppData\Roaming\HP
2009-06-22 19:23 . 2009-06-22 19:23 239088 ----a-w- c:\users\Anuj\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2009-05-16 14:04 . 2009-05-16 14:04 390664 ----a-w- c:\users\Anuj\AppData\Roaming\Real\RealPlayer\Update\RealPlayer11.exe
2007-06-14 09:24 . 2007-06-14 09:24 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-08-10_20.27.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-12 09:38 . 2009-06-10 11:44 31232 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.22150_none_946bf5749f2e8c01\msvidc32.dll
+ 2009-08-12 09:38 . 2009-06-10 11:44 12800 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.22150_none_946bf5749f2e8c01\msrle32.dll
+ 2009-08-12 09:38 . 2009-06-10 11:44 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.22150_none_946bf5749f2e8c01\mciavi32.dll
+ 2009-08-12 09:38 . 2009-06-10 11:42 91136 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.22150_none_946bf5749f2e8c01\avifil32.dll
+ 2009-08-12 09:38 . 2009-06-10 11:42 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.22150_none_946bf5749f2e8c01\avicap32.dll
+ 2008-09-15 23:46 . 2008-01-19 07:35 31232 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\msvidc32.dll
+ 2006-11-02 09:03 . 2006-11-02 09:46 12800 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\msrle32.dll
+ 2006-11-02 09:03 . 2006-11-02 09:46 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\mciavi32.dll
+ 2009-08-12 09:38 . 2009-06-10 11:38 91136 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\avifil32.dll
+ 2006-11-02 09:03 . 2006-11-02 09:46 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\avicap32.dll
+ 2009-08-12 09:38 . 2009-06-10 11:58 31232 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.22447_none_9297557ea1f9cc4d\msvidc32.dll
+ 2009-08-12 09:38 . 2009-06-10 11:57 12800 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.22447_none_9297557ea1f9cc4d\msrle32.dll
+ 2009-08-12 09:38 . 2009-06-10 11:56 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.22447_none_9297557ea1f9cc4d\mciavi32.dll
+ 2009-08-12 09:38 . 2009-06-10 11:52 91136 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.22447_none_9297557ea1f9cc4d\avifil32.dll
+ 2009-08-12 09:38 . 2009-06-10 11:52 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.22447_none_9297557ea1f9cc4d\avicap32.dll
+ 2008-09-15 23:46 . 2008-01-19 07:35 31232 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\msvidc32.dll
+ 2006-11-02 09:03 . 2006-11-02 09:46 12800 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\msrle32.dll
+ 2006-11-02 09:03 . 2006-11-02 09:46 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\mciavi32.dll
+ 2009-08-12 09:38 . 2009-06-10 12:07 91136 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\avifil32.dll
+ 2006-11-02 09:03 . 2006-11-02 09:46 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\avicap32.dll
+ 2009-08-12 09:38 . 2009-06-10 12:03 31232 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.21065_none_90994ca8a4e576ab\msvidc32.dll
+ 2009-08-12 09:38 . 2009-06-10 12:03 12800 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.21065_none_90994ca8a4e576ab\msrle32.dll
+ 2009-08-12 09:38 . 2009-06-10 12:00 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.21065_none_90994ca8a4e576ab\mciavi32.dll
+ 2009-08-12 09:38 . 2009-06-10 11:57 88576 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.21065_none_90994ca8a4e576ab\avifil32.dll
+ 2009-08-12 09:38 . 2009-06-10 11:57 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.21065_none_90994ca8a4e576ab\avicap32.dll
+ 2009-08-12 09:38 . 2009-06-10 12:10 31232 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16868_none_9012d8998bc4efa4\msvidc32.dll
+ 2009-08-12 09:38 . 2009-06-10 12:09 12800 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16868_none_9012d8998bc4efa4\msrle32.dll
+ 2009-08-12 09:38 . 2009-06-10 12:07 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16868_none_9012d8998bc4efa4\mciavi32.dll
+ 2009-08-12 09:38 . 2009-06-10 12:04 88576 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16868_none_9012d8998bc4efa4\avifil32.dll
+ 2009-08-12 09:38 . 2009-06-10 12:04 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16868_none_9012d8998bc4efa4\avicap32.dll
+ 2009-08-12 09:38 . 2009-06-04 10:52 53248 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6002.22146_none_3238de2ddc072aae\tsgqec.dll
+ 2009-08-12 09:38 . 2009-04-11 06:28 53248 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6002.18045_none_31ae4118c2ea718d\tsgqec.dll
+ 2009-08-12 09:38 . 2009-06-04 12:35 53248 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6001.22443_none_304f6b67dee38985\tsgqec.dll
+ 2008-09-15 23:48 . 2008-01-19 07:36 53248 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6001.18266_none_2fb32dbcc5d3707b\tsgqec.dll
+ 2009-08-12 09:38 . 2009-06-04 12:34 36352 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6000.21061_none_2e516291e1cf33e3\tsgqec.dll
+ 2009-08-12 09:38 . 2009-06-04 12:47 36352 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6000.16865_none_2dcbeeccc8adc633\tsgqec.dll
+ 2009-08-12 09:38 . 2009-07-17 14:15 71680 c:\windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6002.22179_none_ad4da751702700f0\atl.dll
+ 2009-08-12 09:38 . 2009-07-17 13:54 71680 c:\windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6002.18070_none_acbb07ec57117d17\atl.dll
+ 2009-08-12 09:38 . 2009-07-17 14:24 71680 c:\windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6001.22474_none_ab6233f773052d19\atl.dll
+ 2009-08-12 09:38 . 2009-07-17 14:35 71680 c:\windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6001.18293_none_aac1f52459f8aeb3\atl.dll
+ 2009-08-12 09:38 . 2009-07-17 14:39 71680 c:\windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6000.21088_none_a974fcc975e35390\atl.dll
+ 2009-08-12 09:38 . 2009-07-17 14:52 71680 c:\windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6000.16889_none_a8ec88265cc499db\atl.dll
+ 2007-06-14 02:18 . 2009-08-12 13:45 50324 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:02 . 2009-08-12 13:45 69274 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-06-20 22:18 . 2009-08-12 13:45 12370 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1130332333-2945391353-3048473963-1000_UserData.bin
+ 2006-11-10 22:08 . 2009-08-12 20:04 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-08-11 01:25 . 2009-08-11 01:25 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009081020090811\index.dat
+ 2007-06-14 02:19 . 2009-08-12 20:04 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-06-12 18:26 . 2009-07-15 13:09 16384 c:\windows\System32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2009-06-12 18:26 . 2009-08-12 13:10 16384 c:\windows\System32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
- 2007-06-22 00:25 . 2009-07-15 13:10 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2007-06-22 00:25 . 2009-08-12 13:10 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2007-06-22 00:25 . 2009-07-15 13:10 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2007-06-22 00:25 . 2009-08-12 13:10 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2007-06-22 00:25 . 2009-07-15 13:10 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2007-06-22 00:25 . 2009-08-12 13:10 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-08-12 09:38 . 2009-07-15 12:46 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\spwmp.dll
+ 2009-08-12 09:38 . 2009-07-15 12:46 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\dxmasf.dll
+ 2009-08-12 09:38 . 2009-07-15 12:39 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\spwmp.dll
+ 2009-08-12 09:38 . 2009-07-15 12:39 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\dxmasf.dll
+ 2009-08-12 09:38 . 2009-07-15 14:51 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\spwmp.dll
+ 2009-08-12 09:38 . 2009-07-15 14:51 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\dxmasf.dll
+ 2009-08-12 09:38 . 2009-07-14 12:58 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\spwmp.dll
+ 2009-08-12 09:38 . 2009-07-14 12:59 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\dxmasf.dll
+ 2009-08-12 09:38 . 2009-07-15 14:42 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\spwmp.dll
+ 2009-08-12 09:38 . 2009-07-15 14:43 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\dxmasf.dll
+ 2009-08-12 09:38 . 2009-07-14 13:00 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\spwmp.dll
+ 2009-08-12 09:38 . 2009-07-14 13:01 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\dxmasf.dll
- 2009-04-11 19:58 . 2009-04-11 19:58 9846 c:\windows\System32\mswmncorem.dll
+ 2008-01-05 01:14 . 2008-01-05 01:14 9846 c:\windows\System32\mswmncorem.dll
+ 2009-08-12 13:42 . 2009-08-12 13:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-08-10 19:59 . 2009-08-10 19:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-08-12 13:42 . 2009-08-12 13:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-08-10 19:59 . 2009-08-10 19:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-08-12 09:38 . 2009-06-10 11:46 160256 c:\windows\winsxs\x86_microsoft-windows-workstationservice_31bf3856ad364e35_6.0.6002.22150_none_ce741cb6ed3e398c\wkssvc.dll
+ 2009-08-12 09:38 . 2009-06-10 11:42 160256 c:\windows\winsxs\x86_microsoft-windows-workstationservice_31bf3856ad364e35_6.0.6002.18049_none_cdfe5271d41061e0\wkssvc.dll
+ 2009-08-12 09:38 . 2009-06-10 12:00 160256 c:\windows\winsxs\x86_microsoft-windows-workstationservice_31bf3856ad364e35_6.0.6001.22447_none_cc9f7cc0f00979d8\wkssvc.dll
+ 2009-08-12 09:38 . 2009-06-10 12:12 160256 c:\windows\winsxs\x86_microsoft-windows-workstationservice_31bf3856ad364e35_6.0.6001.18270_none_cbee6c45d70a7f59\wkssvc.dll
+ 2009-08-12 09:38 . 2009-06-10 12:06 158208 c:\windows\winsxs\x86_microsoft-windows-workstationservice_31bf3856ad364e35_6.0.6000.21065_none_caa173eaf2f52436\wkssvc.dll
+ 2009-08-12 09:38 . 2009-06-10 12:16 156160 c:\windows\winsxs\x86_microsoft-windows-workstationservice_31bf3856ad364e35_6.0.6000.16868_none_ca1affdbd9d49d2f\wkssvc.dll
+ 2009-08-12 09:38 . 2009-06-10 11:44 123904 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.22150_none_946bf5749f2e8c01\msvfw32.dll
+ 2008-09-15 23:46 . 2008-01-19 07:35 123904 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\msvfw32.dll
+ 2009-08-12 09:38 . 2009-06-10 11:58 123904 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.22447_none_9297557ea1f9cc4d\msvfw32.dll
+ 2008-09-15 23:46 . 2008-01-19 07:35 123904 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\msvfw32.dll
+ 2009-08-12 09:38 . 2009-06-10 12:03 123904 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.21065_none_90994ca8a4e576ab\msvfw32.dll
+ 2009-08-12 09:38 . 2009-06-10 12:10 123904 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16868_none_9012d8998bc4efa4\msvfw32.dll
+ 2009-08-12 09:38 . 2009-06-04 12:54 136192 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6002.22146_none_3238de2ddc072aae\aaclient.dll
+ 2009-08-12 09:38 . 2009-04-11 06:28 136192 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6002.18045_none_31ae4118c2ea718d\aaclient.dll
+ 2009-08-12 09:38 . 2009-06-04 12:29 136192 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6001.22443_none_304f6b67dee38985\aaclient.dll
+ 2008-09-15 23:48 . 2008-01-19 07:33 136192 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6001.18266_none_2fb32dbcc5d3707b\aaclient.dll
+ 2009-08-12 09:38 . 2009-06-04 12:25 116736 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6000.21061_none_2e516291e1cf33e3\aaclient.dll
+ 2009-08-12 09:38 . 2009-06-04 12:36 116736 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6000.16865_none_2dcbeeccc8adc633\aaclient.dll
+ 2009-08-12 09:38 . 2009-07-15 12:46 313344 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6002.22172_none_a65e88df3e466bbf\wmpdxm.dll
+ 2009-08-12 09:38 . 2009-07-15 12:39 313344 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6002.18065_none_a5e2bcde251dfc09\wmpdxm.dll
+ 2009-08-12 09:38 . 2009-07-15 14:52 313344 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6001.22470_none_a47616634121e3ed\wmpdxm.dll
+ 2009-08-12 09:38 . 2009-07-14 13:00 313344 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6001.18289_none_a3eaaa60280446fc\wmpdxm.dll
+ 2009-08-12 09:38 . 2009-07-15 14:44 313344 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6000.21083_none_a287deeb4400f10d\wmpdxm.dll
+ 2009-08-12 09:38 . 2009-07-14 13:02 313344 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6000.16885_none_a2006a922ae150af\wmpdxm.dll
+ 2009-08-12 09:38 . 2009-07-15 12:45 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmpshare.exe
+ 2009-08-12 09:38 . 2009-07-15 12:46 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmplayer.exe
+ 2009-08-12 09:38 . 2009-07-15 12:46 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmpconfig.exe
+ 2009-08-12 09:38 . 2009-07-15 12:39 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmpshare.exe
+ 2009-08-12 09:38 . 2009-07-15 12:39 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmplayer.exe
+ 2009-08-12 09:38 . 2009-07-15 12:39 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmpconfig.exe
+ 2009-08-12 09:38 . 2009-07-15 13:05 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmpshare.exe
+ 2009-08-12 09:38 . 2009-07-15 13:06 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmplayer.exe
+ 2009-08-12 09:38 . 2009-07-15 13:06 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmpconfig.exe
+ 2009-08-12 09:38 . 2009-07-14 10:58 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmpshare.exe
+ 2009-08-12 09:38 . 2009-07-14 10:59 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmplayer.exe
+ 2009-08-12 09:38 . 2009-07-14 10:59 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmpconfig.exe
+ 2009-08-12 09:38 . 2009-07-15 12:53 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmpshare.exe
+ 2009-08-12 09:38 . 2009-07-15 12:53 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmplayer.exe
+ 2009-08-12 09:38 . 2009-07-15 12:53 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmpconfig.exe
+ 2009-08-12 09:38 . 2009-07-14 11:10 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmpshare.exe
+ 2009-08-12 09:38 . 2009-07-14 11:10 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmplayer.exe
+ 2009-08-12 09:38 . 2009-07-14 11:11 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmpconfig.exe
+ 2007-06-21 13:01 . 2009-08-13 00:16 275214 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-05-14 14:14 . 2009-08-08 13:06 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-05-14 14:14 . 2009-08-11 19:11 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2007-06-14 02:18 . 2009-08-12 20:04 425984 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-06-14 02:18 . 2009-08-10 19:57 425984 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-06-22 00:25 . 2009-07-15 13:10 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2007-06-22 00:25 . 2009-08-12 13:10 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2007-06-22 00:25 . 2009-07-15 13:10 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2007-06-22 00:25 . 2009-08-12 13:10 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2007-06-22 00:25 . 2009-08-12 13:10 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2007-06-22 00:25 . 2009-07-15 13:10 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2007-06-22 00:25 . 2009-08-12 13:10 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2007-06-22 00:25 . 2009-07-15 13:10 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2007-06-22 00:25 . 2009-07-15 13:10 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2007-06-22 00:25 . 2009-08-12 13:10 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2007-06-22 00:25 . 2009-07-15 13:10 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2007-06-22 00:25 . 2009-08-12 13:10 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2007-06-22 00:25 . 2009-08-12 13:10 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2007-06-22 00:25 . 2009-07-15 13:10 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-08-11 01:14 . 2009-08-11 01:14 151552 c:\windows\ERDNT\subs\Users\00000002\ntuser.dat
+ 2009-08-11 01:14 . 2009-08-11 01:14 155648 c:\windows\ERDNT\subs\Users\00000001\ntuser.dat
+ 2009-08-12 09:38 . 2009-06-04 12:56 2067968 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6002.22146_none_3238de2ddc072aae\mstscax.dll
+ 2009-08-12 09:38 . 2009-06-04 12:07 2066432 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6002.18045_none_31ae4118c2ea718d\mstscax.dll
+ 2009-08-12 09:38 . 2009-06-04 12:33 2067968 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6001.22443_none_304f6b67dee38985\mstscax.dll
+ 2009-08-12 09:38 . 2009-06-04 12:34 2066432 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6001.18266_none_2fb32dbcc5d3707b\mstscax.dll
+ 2009-08-12 09:38 . 2009-06-04 12:31 1874432 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6000.21061_none_2e516291e1cf33e3\mstscax.dll
+ 2009-08-12 09:38 . 2009-06-04 12:43 1871872 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6000.16865_none_2dcbeeccc8adc633\mstscax.dll
+ 2009-08-12 09:38 . 2009-07-02 07:47 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22179_none_f4b581af81eee730\OESpamFilter.dat
+ 2009-08-12 09:38 . 2009-07-02 07:48 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18070_none_f422e24a68d96357\OESpamFilter.dat
+ 2009-08-12 09:38 . 2009-07-02 07:47 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22474_none_f2ca0e5584cd1359\OESpamFilter.dat
+ 2009-08-12 09:38 . 2009-07-02 07:47 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18293_none_f229cf826bc094f3\OESpamFilter.dat
+ 2009-08-12 09:38 . 2009-07-02 07:47 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21088_none_f0dcd72787ab39d0\OESpamFilter.dat
+ 2009-08-12 09:38 . 2009-07-02 07:48 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16889_none_f05462846e8c801b\OESpamFilter.dat
+ 2009-08-12 09:38 . 2009-07-15 12:47 8147456 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmploc.DLL
+ 2009-08-12 09:38 . 2009-07-15 12:40 8147456 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmploc.DLL
+ 2009-08-12 09:38 . 2009-07-15 13:07 8147456 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmploc.DLL
+ 2009-08-12 09:38 . 2009-07-14 10:59 8147456 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmploc.DLL
+ 2009-08-12 09:38 . 2009-07-15 12:53 8147968 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmploc.DLL
+ 2009-08-12 09:38 . 2009-07-14 11:11 8147968 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmploc.DLL
- 2006-11-02 10:22 . 2009-08-10 19:59 6291456 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2006-11-02 10:22 . 2009-08-12 13:53 6291456 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2006-11-02 12:45 . 2009-03-11 22:11 2552262 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
+ 2006-11-02 12:45 . 2009-08-12 13:43 2552262 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
+ 2009-07-27 08:32 . 2009-07-27 08:32 5028352 c:\windows\Installer\55e8cf4.msp
+ 2007-06-22 00:25 . 2009-08-12 13:10 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2007-06-22 00:25 . 2009-07-15 13:10 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2007-06-22 00:25 . 2009-08-12 13:10 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2007-06-22 00:25 . 2009-07-15 13:10 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-08-11 01:14 . 2009-08-11 01:14 4075520 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
+ 2009-08-11 01:14 . 2009-08-11 01:14 8548352 c:\windows\ERDNT\subs\Users\00000003\ntuser.dat
+ 2009-08-13 01:35 . 2009-08-13 01:35 6152192 c:\windows\ERDNT\Hiv-backup\schema.dat
+ 2009-08-12 09:38 . 2009-07-15 14:36 10628096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmp.dll
+ 2009-08-12 09:38 . 2009-07-15 14:30 10628096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmp.dll
+ 2009-08-12 09:38 . 2009-07-15 14:52 10627584 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmp.dll
+ 2009-08-12 09:38 . 2009-07-14 13:00 10626048 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmp.dll
+ 2009-08-12 09:38 . 2009-07-15 14:44 10622464 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmp.dll
+ 2009-08-12 09:38 . 2009-07-14 13:02 10621952 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmp.dll
+ 2009-05-05 12:29 . 2009-08-12 09:38 76395020 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
+ 2009-08-12 09:38 . 2009-07-14 13:00 10626048 c:\windows\System32\wmp.dll
+ 2006-11-02 10:24 . 2009-07-30 00:49 24281536 c:\windows\System32\mrt.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"Google Update"="c:\users\Anuj\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-11-21 133104]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-12-12 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-12-12 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-12-12 81920]
"flockbox"="c:\program files\My Lockbox\flockbox.exe" [2007-12-14 1071472]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-07-28 1793808]
"SigmatelSysTrayApp"="sttray.exe" - c:\windows\sttray.exe [2007-02-08 303104]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll c:\windows\System32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPro610.lnk]
backup=c:\windows\pss\VPro610.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{33D4A199-B709-49AB-9A88-AAE42060B033}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{800FBB35-2DEA-4501-9588-4B19BF899773}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{E70E0E81-0ADC-4400-8CA6-FAD94C7AF7B8}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{92D7F2A7-C51A-41FB-AED7-13183548A05D}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{E31E714B-BF92-4902-AB9B-334711BC9048}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{8C457483-F717-4F42-8354-D01DDE990387}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"TCP Query User{71C06064-002C-457F-8C9C-D5DFCFA8D5EF}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{A440437C-CDBB-4AD9-9C81-3CF843F5D88F}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"TCP Query User{CB9E5BB5-618D-433F-88AF-723ABE5B4208}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{011B71D9-0628-44C9-A8D1-3A4A52365254}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"{4ACC88EB-A9BC-43C3-9686-27BA622FB60F}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{6C01852E-4805-4DB0-AF04-0BF123BD3AEC}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{9EF544F2-B204-4033-92BC-724929A154D2}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{EE930DEC-66C1-407C-9AE8-008EE5137727}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{04F13496-5918-4A79-AEC0-21AECBA92B21}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{3F5DA910-0E65-45F2-812D-173D06510FBA}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{1D123586-D817-440C-9417-A17C80CB25E9}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{BC11171A-C909-4818-91B0-41CE93F44340}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{8E405FC5-D70D-492C-BA6B-AD6D053229C3}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{6D0BFFEF-938E-4355-8608-BFFDD37A5A66}"= UDP:c:\windows\System32\lxbccoms.exe:Lexmark Communications System
"{351E7DDD-4FEF-4E4C-AF9C-8B860B372BDE}"= TCP:c:\windows\System32\lxbccoms.exe:Lexmark Communications System
"{805EE71E-DF7B-4F09-986B-8BA1B47B3442}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxbcpswx.exe:Printer Status Window
"{6CF5B74F-E672-45F8-8A02-0226F333D530}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxbcpswx.exe:Printer Status Window
"TCP Query User{AAEFA882-DC7A-4550-9283-D8B0642B4811}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{8B569859-E0DB-4368-92DD-6E70CA024F1C}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{7B29BB5C-911B-40B5-9A47-7820E281159B}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{1C1FDA13-7BF4-4D60-8462-C5280FF53976}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{F6CAF8FB-05B2-4B62-A0A3-24B87D3584CD}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{A3EDCDCF-1580-4D31-8E7D-FA3D39EAEA91}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{CF1C8876-DD58-4E68-A8BC-397EE4F9BDAE}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{58C377EA-0379-4B23-AA46-E1AF7B861490}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent

R0 MPRIFL;MPRIFL;c:\windows\System32\drivers\mprifl.sys [5/24/2009 12:32 PM 17264]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\System32\drivers\cmdguard.sys [7/28/2009 2:00 PM 128888]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\System32\drivers\cmdhlp.sys [7/28/2009 2:00 PM 29520]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/14/2009 12:48 AM 108289]
R2 lxbc_device;lxbc_device;c:\windows\system32\lxbccoms.exe -service --> c:\windows\system32\lxbccoms.exe -service [?]
S3 SPC610NC;SPC 610NC Laptop Camera;c:\windows\System32\drivers\SPC610NC.SYS [10/3/2007 12:12 PM 409728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1130332333-2945391353-3048473963-1000Core.job
- c:\users\Anuj\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-21 14:40]

2009-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1130332333-2945391353-3048473963-1000UA.job
- c:\users\Anuj\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-21 14:40]

2009-08-12 c:\windows\Tasks\User_Feed_Synchronization-{2E777BB9-A678-40E7-ABA1-5A0233F2E80B}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
.
------- Supplementary Scan -------
.
uStart Page = https://outlook.extendedstay.com/exchweb/bi...eplaceCurrent=1
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-12 21:51
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\Anuj\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-08-13 21:59
ComboFix-quarantined-files.txt 2009-08-13 01:59
ComboFix2.txt 2009-08-11 01:34

Pre-Run: 20,202,946,560 bytes free
Post-Run: 20,074,991,616 bytes free

403 --- E O F --- 2009-08-12 13:11




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users