Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This Log Help


  • Please log in to reply
15 replies to this topic

#1 rider52

rider52

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 22 September 2009 - 11:22 AM

Hey all, My Computer is running on a high load most of the time and isnt near as fast as previous. Firefox and IE both have horrible popups and redirects no matter what I do.

I havent used hijack this in quite a while and dont remember too much about it, But was hoping to post my (HUGE)log here and get some feedback deciphering it. Thanks!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:59:41 AM, on 9/22/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ares\Ares.exe
C:\Documents and Settings\Computer\Desktop\CoreTemp\CoreTemp\CoreTemp32\Core Temp.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0700CDE9-A586-4263-B443-69B3AC43B4AC} - (no file)
O2 - BHO: (no name) - {0b3eca71-efa0-45fe-b8f4-3d1dbe164ccb} - (no file)
O2 - BHO: (no name) - {0BEC46FD-4ED4-4ED3-A653-199CAD7D5A09} - (no file)
O2 - BHO: (no name) - {1CB3B216-4384-4CBD-AB31-78434277B816} - (no file)
O2 - BHO: (no name) - {207547A8-B707-476B-BBFF-9A26E20C6CE8} - (no file)
O2 - BHO: (no name) - {21339A4F-D22C-446F-9CF1-C016045965AD} - (no file)
O2 - BHO: (no name) - {271C8689-6C24-499B-8414-2A9455A5F8A9} - (no file)
O2 - BHO: (no name) - {2D353F68-4220-415B-A206-66482D7884CC} - (no file)
O2 - BHO: (no name) - {2FEBA787-194D-489F-8310-5D482CB8E8EC} - (no file)
O2 - BHO: (no name) - {3723ADA8-8629-41B7-A54C-E9F26A825F7B} - (no file)
O2 - BHO: (no name) - {3A62F591-4D9D-45D3-864C-67773D4A9047} - (no file)
O2 - BHO: (no name) - {498E16FC-0230-48C6-A9F2-56EE7AB6C173} - (no file)
O2 - BHO: (no name) - {4A6E7C8C-CF10-47E7-B065-F59C12695F0A} - (no file)
O2 - BHO: (no name) - {50BBF51B-A5DE-416C-8381-6D60FE6B78E9} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {55f58f90-721c-40c7-9513-ba5d92375aa6} - C:\WINDOWS\system32\moriwami.dll
O2 - BHO: (no name) - {5658D7D5-FE52-420D-B821-5B76E334C769} - (no file)
O2 - BHO: (no name) - {57D35751-E2FB-46CA-9991-7BD9C04C8B76} - (no file)
O2 - BHO: (no name) - {5AD5D9C5-9D6A-4AF4-819C-FAFCADAE9F79} - (no file)
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: (no name) - {603CCA7A-AF92-44B3-9F41-94F32C2FAE79} - (no file)
O2 - BHO: (no name) - {65E76D35-991A-4260-82B3-DEBE91953DD4} - (no file)
O2 - BHO: (no name) - {673EDAEA-6F58-4BE4-919B-84CEC12149AD} - (no file)
O2 - BHO: (no name) - {67E96B29-29CC-4582-B09A-E37D3E24FC9E} - (no file)
O2 - BHO: (no name) - {6C14D851-4A61-4EE2-B259-49BD4CC72CEA} - (no file)
O2 - BHO: (no name) - {6DBF59D9-05BF-4817-8EA7-B39407DC1BCA} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7A85738D-B41C-4E86-9388-18B3F917086D} - (no file)
O2 - BHO: (no name) - {80E606B5-4BD1-4B1C-98E8-70823080143E} - (no file)
O2 - BHO: (no name) - {80EC44DA-366A-4C08-B34F-4A4F59CE4EA0} - (no file)
O2 - BHO: (no name) - {86CC92D5-CBE3-4637-81B7-45A18CD6AD25} - (no file)
O2 - BHO: (no name) - {873CAC1F-8F38-4AA7-AC87-CAABF3A03DFD} - (no file)
O2 - BHO: {91b81131-cd20-d89b-e654-348bf749c488} - {884c947f-b843-456e-b98d-02dc13118b19} - C:\WINDOWS\system32\enteyz.dll
O2 - BHO: (no name) - {90B6B6B9-D166-49C4-B211-D01B801A39A5} - (no file)
O2 - BHO: (no name) - {91E4E58E-30B4-4FA4-88E0-B2FC878EC2EC} - C:\WINDOWS\system32\xxyyAtRI.dll
O2 - BHO: (no name) - {922898FE-4657-48EF-BB2C-431BDF8536DC} - (no file)
O2 - BHO: (no name) - {9268A236-A699-4AF6-B4D7-FE3B49F4B192} - (no file)
O2 - BHO: (no name) - {9AC41CB7-8AC3-4B07-892D-C1B07BB8CEB7} - (no file)
O2 - BHO: (no name) - {9F2D6227-E5A0-4B87-9477-21AB4B677522} - (no file)
O2 - BHO: (no name) - {A9121CB5-2F22-4F51-B97E-C6C3ADEBDFE2} - (no file)
O2 - BHO: (no name) - {AD293A67-DA3D-4799-B859-9A622C2FB2D9} - (no file)
O2 - BHO: (no name) - {AD5D37ED-493D-4FA7-8CD4-76F30EE1316E} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: (no name) - {AFDEE1BB-FBBC-4A6C-95FB-84450926D149} - (no file)
O2 - BHO: (no name) - {B29E543A-87BC-4B66-83B2-E489026D73E0} - (no file)
O2 - BHO: (no name) - {B5CC4FDD-E189-47BB-8748-B5A36500B241} - (no file)
O2 - BHO: (no name) - {BE023D90-100E-4320-B4EF-0B15BDC6845B} - (no file)
O2 - BHO: (no name) - {BFB33EDA-4802-477F-9763-0E049470E117} - (no file)
O2 - BHO: (no name) - {C063AC8C-9CD5-4677-8800-E196D65F0B28} - (no file)
O2 - BHO: (no name) - {CC28CA9A-CF5F-4BF9-8EB9-8B0EEE271EB9} - (no file)
O2 - BHO: (no name) - {CDDE3645-8C78-4BC0-8577-785268A37483} - (no file)
O2 - BHO: (no name) - {D172BBC9-7BBC-42AC-AC8F-C7EFF1DF5C2C} - (no file)
O2 - BHO: (no name) - {D3DE2B23-8BE9-4334-91D8-6BBEBC1FFCD1} - (no file)
O2 - BHO: (no name) - {D8A54A05-07CF-4166-AC29-F82D48595CB0} - (no file)
O2 - BHO: (no name) - {D8C477B3-5FD9-44A0-9E07-4D2AFCF20C00} - (no file)
O2 - BHO: (no name) - {E2185D8B-2D69-47C5-947E-9042D64C8E2D} - (no file)
O2 - BHO: (no name) - {ED2259DF-5DA5-4A1E-A6F0-41E06A2E40BD} - (no file)
O2 - BHO: (no name) - {ED4B2C30-E4FE-435A-BAAB-CF8A94A339A8} - (no file)
O2 - BHO: (no name) - {FA6563D0-3FBD-46E9-A8CB-7D4CA562D167} - (no file)
O2 - BHO: (no name) - {FACDF2E4-48B9-46BD-AF40-A894DE525160} - (no file)
O2 - BHO: (no name) - {FBA3F8DF-AC7F-4258-A976-586A0060BC6E} - (no file)
O2 - BHO: (no name) - {FE41EBCF-D205-48AC-A33A-4E8A44ADE410} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [resizusudu] Rundll32.exe "C:\WINDOWS\system32\vidarute.dll",s
O4 - HKLM\..\Run: [Sbeweseduzuvifuk] rundll32.exe "C:\WINDOWS\oputejefifinohaz.dll",e
O4 - HKLM\..\Run: [Klobocijezoweq] rundll32.exe "C:\WINDOWS\Prodezaxi.dll",e
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [calc] rundll32.exe C:\WINDOWS\system32\calc.dll,_IWMPEvents@0
O4 - HKLM\..\Run: [wiberesug] Rundll32.exe "c:\windows\system32\mejajike.dll",a
O4 - HKLM\..\Run: [d85a31c9] rundll32.exe "C:\WINDOWS\system32\legufizi.dll",b
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [calc] rundll32.exe C:\DOCUME~1\Computer\protect.dll,_IWMPEvents@0
O4 - Startup: scandisk.dll
O4 - Startup: scandisk.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1168824782125
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...ows-i586-jc.cab
O20 - AppInit_DLLs: c:\windows\system32\jokajige.dll c:\windows\system32\sakamide.dll C:\WINDOWS\system32\fulemege.dll c:\windows\system32\ c:\windows\system32\ c:\windows\system32\pogobiwu.dll c:\windows\system32\jehiyiba.dll c:\windows\system32\muyiseta.dll c:\windows\system32\mejajike.dll
O21 - SSODL: genuladus - {a6a6f7f3-e652-42eb-baf3-d9bb6367aa21} - c:\windows\system32\dedosuwi.dll (file missing)
O21 - SSODL: jasonitiz - {ca4cce12-466d-4a2e-baff-02d127270c5e} - c:\windows\system32\nuzedabi.dll (file missing)
O21 - SSODL: tavurupaj - {e9ac3bc1-3935-48b5-8fec-d5f6f168ed43} - c:\windows\system32\dedosuwi.dll (file missing)
O21 - SSODL: mudewowuh - {d648df16-7ad6-4114-88d1-edb1768f56e2} - c:\windows\system32\siteseke.dll (file missing)
O21 - SSODL: ponuzuwap - {2e9decd5-4947-40e1-8464-6956e15694c7} - c:\windows\system32\zofedofo.dll (file missing)
O21 - SSODL: tufusahuv - {09cfa259-f23b-4b57-9569-08c2caa48350} - c:\windows\system32\dedosuwi.dll (file missing)
O21 - SSODL: ripugasas - {82fd069f-1489-4885-8646-ea7db7bdfd88} - c:\windows\system32\rowifaga.dll (file missing)
O21 - SSODL: zuyanusob - {46187c45-afa9-4dee-9f64-9d3bffea53bd} - c:\windows\system32\pefijewi.dll (file missing)
O21 - SSODL: posesugej - {f04deef1-60ed-4ca3-b40d-de5315742728} - c:\windows\system32\suyamadu.dll (file missing)
O21 - SSODL: yuyafifap - {de2a6d67-0c38-4960-a980-83bc8fd29145} - c:\windows\system32\jokajige.dll (file missing)
O21 - SSODL: vijupufew - {2a30cacf-3650-4b93-b441-72c78b7fdd81} - c:\windows\system32\zofedofo.dll (file missing)
O21 - SSODL: yupanuris - {ba054499-de73-4b83-9524-c4d793a2c914} - c:\windows\system32\yagehusi.dll (file missing)
O21 - SSODL: kedadoray - {03f6ac3e-e948-4afc-a0e1-f29f0b7e0b05} - c:\windows\system32\yagehusi.dll (file missing)
O21 - SSODL: jikuruyir - {f97c0868-4291-4d15-b506-b43c4113da29} - c:\windows\system32\suyamadu.dll (file missing)
O21 - SSODL: judelitep - {414b9bb5-9d8d-479f-9c9e-97f3d0e0031d} - c:\windows\system32\jokajige.dll (file missing)
O21 - SSODL: fahodawih - {52224265-1146-43ba-ae36-34dd84a6bead} - c:\windows\system32\jokajige.dll (file missing)
O21 - SSODL: lohohotub - {c9a82a92-35a7-412d-bf9a-42585451457a} - c:\windows\system32\suyamadu.dll (file missing)
O21 - SSODL: ziyesisov - {11e080e1-fc0e-4ce8-bd96-e4c56fe4eadd} - c:\windows\system32\zebanate.dll (file missing)
O21 - SSODL: puniziway - {c392cb6a-25ff-4d26-bf9f-ffc696cf412e} - c:\windows\system32\perenego.dll (file missing)
O21 - SSODL: penanujoj - {c4bbcb8f-02f9-45b6-92ad-24dbbeb227de} - c:\windows\system32\sakamide.dll (file missing)
O21 - SSODL: huhiwesiw - {c5a45e84-3348-46bb-b4f6-b3d52736f407} - c:\windows\system32\suyamadu.dll (file missing)
O21 - SSODL: piyesezoj - {11f58b2a-f2c7-4376-882f-646896e365ad} - c:\windows\system32\jokajige.dll (file missing)
O21 - SSODL: bapebalop - {21cb6cf2-3d9e-4a83-8184-6979a7897019} - c:\windows\system32\filoloye.dll (file missing)
O21 - SSODL: hufijowig - {de686568-203b-4bce-8ec7-9ef8d9bf2077} - c:\windows\system32\dodegomi.dll (file missing)
O21 - SSODL: peyawapot - {c41cdc7c-a792-4c7f-b3a5-cb542a8b4186} - c:\windows\system32\pogobiwu.dll (file missing)
O21 - SSODL: yusojosus - {b7b56432-78a0-4dce-8705-81636de3c64f} - c:\windows\system32\jehiyiba.dll (file missing)
O21 - SSODL: vopuwehuv - {12375a93-33cd-43f5-bc53-6754cc6fba93} - c:\windows\system32\jehiyiba.dll (file missing)
O21 - SSODL: kotefojum - {0a027942-d1b7-44a4-95a2-d04e9314d61e} - c:\windows\system32\mejajike.dll
O22 - SharedTaskScheduler: mujuzedij - {a6a6f7f3-e652-42eb-baf3-d9bb6367aa21} - c:\windows\system32\dedosuwi.dll (file missing)
O22 - SharedTaskScheduler: tokatiluy - {ca4cce12-466d-4a2e-baff-02d127270c5e} - c:\windows\system32\nuzedabi.dll (file missing)
O22 - SharedTaskScheduler: tokatiluy - {e9ac3bc1-3935-48b5-8fec-d5f6f168ed43} - c:\windows\system32\dedosuwi.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {d648df16-7ad6-4114-88d1-edb1768f56e2} - c:\windows\system32\siteseke.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {2e9decd5-4947-40e1-8464-6956e15694c7} - c:\windows\system32\zofedofo.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {09cfa259-f23b-4b57-9569-08c2caa48350} - c:\windows\system32\dedosuwi.dll (file missing)
O22 - SharedTaskScheduler: gahurihor - {82fd069f-1489-4885-8646-ea7db7bdfd88} - c:\windows\system32\rowifaga.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {46187c45-afa9-4dee-9f64-9d3bffea53bd} - c:\windows\system32\pefijewi.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {f04deef1-60ed-4ca3-b40d-de5315742728} - c:\windows\system32\suyamadu.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {de2a6d67-0c38-4960-a980-83bc8fd29145} - c:\windows\system32\jokajige.dll (file missing)
O22 - SharedTaskScheduler: gahurihor - {2a30cacf-3650-4b93-b441-72c78b7fdd81} - c:\windows\system32\zofedofo.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {ba054499-de73-4b83-9524-c4d793a2c914} - c:\windows\system32\yagehusi.dll (file missing)
O22 - SharedTaskScheduler: mujuzedij - {03f6ac3e-e948-4afc-a0e1-f29f0b7e0b05} - c:\windows\system32\yagehusi.dll (file missing)
O22 - SharedTaskScheduler: gahurihor - {f97c0868-4291-4d15-b506-b43c4113da29} - c:\windows\system32\suyamadu.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {414b9bb5-9d8d-479f-9c9e-97f3d0e0031d} - c:\windows\system32\jokajige.dll (file missing)
O22 - SharedTaskScheduler: tokatiluy - {52224265-1146-43ba-ae36-34dd84a6bead} - c:\windows\system32\jokajige.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {c9a82a92-35a7-412d-bf9a-42585451457a} - c:\windows\system32\suyamadu.dll (file missing)
O22 - SharedTaskScheduler: gahurihor - {11e080e1-fc0e-4ce8-bd96-e4c56fe4eadd} - c:\windows\system32\zebanate.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {c392cb6a-25ff-4d26-bf9f-ffc696cf412e} - c:\windows\system32\perenego.dll (file missing)
O22 - SharedTaskScheduler: mujuzedij - {c4bbcb8f-02f9-45b6-92ad-24dbbeb227de} - c:\windows\system32\sakamide.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {c5a45e84-3348-46bb-b4f6-b3d52736f407} - c:\windows\system32\suyamadu.dll (file missing)
O22 - SharedTaskScheduler: gahurihor - {11f58b2a-f2c7-4376-882f-646896e365ad} - c:\windows\system32\jokajige.dll (file missing)
O22 - SharedTaskScheduler: tokatiluy - {21cb6cf2-3d9e-4a83-8184-6979a7897019} - c:\windows\system32\filoloye.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {de686568-203b-4bce-8ec7-9ef8d9bf2077} - c:\windows\system32\dodegomi.dll (file missing)
O22 - SharedTaskScheduler: mujuzedij - {c41cdc7c-a792-4c7f-b3a5-cb542a8b4186} - c:\windows\system32\pogobiwu.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {b7b56432-78a0-4dce-8705-81636de3c64f} - c:\windows\system32\jehiyiba.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {12375a93-33cd-43f5-bc53-6754cc6fba93} - c:\windows\system32\jehiyiba.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {0a027942-d1b7-44a4-95a2-d04e9314d61e} - c:\windows\system32\mejajike.dll

--
End of file - 17083 bytes

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:28 PM

Posted 22 September 2009 - 02:06 PM

Hello rider52,

Posted Image

At a glance, you have a horrendous case of Vundo. :( What else there might be remains to be seen.

I need for you to go offline completely and disable ALL your protective programs after you download ComboFix, but before you run it. Sometimes those programs interfere with it, and we don't want that! :( This is especially true for Spybot, so be really sure that one is disabled.

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

If ComboFix will not run the first time, then rename ComboFix.exe to rider52.exe and try it again. :)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 rider52

rider52
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 22 September 2009 - 03:30 PM

Hey, Thanks for informing me of this. I have looked around on other threads but they seem to be personalized to the individual computer. I have installed combofix and ran it prematurely (still on the internet/tea timer may have been on)
If anyone could give me a little more personalized insight or steps to take I would greatly appreciate it!!

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:28 PM

Posted 22 September 2009 - 03:38 PM

Hello,

I am you helper here. Nobody else will be responding....if you would please follow my directions we'll be on the way to clearing this up. :(

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 rider52

rider52
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 22 September 2009 - 04:02 PM

Thanks

I ran combofix and am posting the log, followed by the new hijackthis log.



ComboFix 09-09-21.04 - Computer 09/22/2009 16:47.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.296 [GMT -4:00]
Running from: c:\documents and settings\Computer\Desktop\help\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Computer\protect.dll

.
((((((((((((((((((((((((( Files Created from 2009-08-22 to 2009-09-22 )))))))))))))))))))))))))))))))
.

2009-09-22 18:41 . 2009-09-22 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-22 18:41 . 2009-09-22 18:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-22 18:41 . 2009-09-22 18:41 -------- d-----w- c:\documents and settings\Computer\Application Data\SUPERAntiSpyware.com
2009-09-22 18:40 . 2009-09-22 18:40 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-22 17:53 . 2009-09-22 17:42 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-09-22 17:43 . 2009-09-22 17:43 -------- dc----w- c:\windows\system32\DRVSTORE
2009-09-22 17:43 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-22 17:40 . 2009-09-22 17:40 -------- d-----w- c:\program files\Lavasoft
2009-09-22 17:30 . 2009-09-22 17:30 -------- d-----w- c:\windows\system32\KB905474
2009-09-22 17:30 . 2009-03-11 02:26 1403264 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-09-22 17:30 . 2009-03-11 02:18 453512 ----a-w- c:\windows\system32\KB905474\wgasetup.exe
2009-09-22 17:00 . 2009-09-22 17:00 -------- d-----w- c:\documents and settings\Computer\Application Data\Malwarebytes
2009-09-22 17:00 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-22 17:00 . 2009-09-22 17:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-22 17:00 . 2009-09-22 17:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-22 17:00 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-22 16:51 . 2009-03-06 14:44 283648 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-09-22 16:51 . 2009-02-09 10:20 399360 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-09-22 16:51 . 2009-02-09 10:20 473088 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-09-22 16:51 . 2009-02-09 10:20 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-09-22 16:51 . 2009-02-06 17:14 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-09-22 16:51 . 2009-02-06 16:39 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-09-22 16:51 . 2005-07-26 04:39 60416 -c----w- c:\windows\system32\dllcache\colbact.dll
2009-09-22 16:51 . 2009-02-09 10:20 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-09-22 16:51 . 2009-02-09 10:20 616960 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-09-22 16:51 . 2009-06-21 22:04 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-22 16:50 . 2009-06-05 07:42 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll
2009-09-22 16:49 . 2008-04-21 10:02 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-09-22 06:58 . 2009-09-22 17:41 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-21 23:14 . 2009-09-22 05:55 22528 --sha-w- c:\windows\system32\calc.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-22 20:46 . 2008-11-10 00:58 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-09-22 20:46 . 2008-11-10 00:59 -------- d-----w- c:\program files\Symantec
2009-09-22 20:46 . 2008-11-10 00:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-09-22 17:40 . 2009-01-17 04:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-08-25 05:35 . 2009-01-14 21:34 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-05 09:11 . 2001-08-23 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:53 . 2001-08-23 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:53 . 2001-08-23 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-17 18:55 . 2001-08-23 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2007-01-14 22:30 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-29 16:12 . 2001-08-23 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2007-01-14 22:30 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2001-08-23 12:00 17408 ------w- c:\windows\system32\corpol.dll
2009-06-25 18:36 . 2001-08-23 12:00 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:36 . 2001-08-23 12:00 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:36 . 2001-08-23 12:00 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:36 . 2001-08-23 12:00 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:36 . 2001-08-23 12:00 471552 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:36 . 2001-08-23 12:00 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:36 . 2001-08-23 12:00 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:36 . 2001-08-23 12:00 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:36 . 2001-08-23 12:00 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:36 . 2001-08-23 12:00 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:36 . 2001-08-23 12:00 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-25 18:36 . 2001-08-23 12:00 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-02-07 11:40 . 2009-02-07 11:40 47616 --sha-w- c:\windows\system32\genetoda.dll.tmp
2009-02-07 11:40 . 2009-02-07 11:40 47616 --sha-w- c:\windows\system32\peyehebe.dll.tmp
2009-02-07 11:40 . 2009-02-07 11:40 47616 --sha-w- c:\windows\system32\ritohuga.dll.tmp
.

((((((((((((((((((((((((((((( SnapShot@2009-09-22_16.44.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-29 12:05 . 2008-07-29 12:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 10:07 . 2008-07-29 10:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 10:07 . 2008-07-29 10:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2008-07-29 10:07 . 2008-07-29 10:07 80896 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90ud.dll
+ 2008-07-29 10:07 . 2008-07-29 10:07 80896 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90d.dll
+ 2007-01-29 08:58 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
+ 2001-08-23 12:00 . 2009-06-12 11:50 80896 c:\windows\system32\tlntsess.exe
+ 2001-08-23 12:00 . 2009-06-12 11:50 76288 c:\windows\system32\telnet.exe
+ 2007-01-14 22:27 . 2008-07-09 07:38 26488 c:\windows\system32\spupdsvc.exe
+ 2008-11-18 01:17 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
- 2001-08-23 12:00 . 2004-08-04 05:56 55808 c:\windows\system32\secur32.dll
+ 2001-08-23 12:00 . 2009-02-03 20:08 55808 c:\windows\system32\secur32.dll
+ 2001-08-23 12:00 . 2009-02-06 16:54 35328 c:\windows\system32\sc.exe
+ 2001-08-23 12:00 . 2009-06-29 16:12 44544 c:\windows\system32\pngfilt.dll
- 2001-08-23 12:00 . 2008-10-16 20:38 44544 c:\windows\system32\pngfilt.dll
+ 2001-08-23 12:00 . 2009-09-22 17:37 39992 c:\windows\system32\perfc009.dat
- 2001-08-23 12:00 . 2009-03-15 07:55 39992 c:\windows\system32\perfc009.dat
+ 2007-01-14 22:01 . 2008-06-12 14:16 91648 c:\windows\system32\mtxoci.dll
- 2001-08-23 12:00 . 2006-03-01 19:42 66560 c:\windows\system32\mtxclu.dll
+ 2001-08-23 12:00 . 2008-06-12 14:16 66560 c:\windows\system32\mtxclu.dll
- 2006-11-08 02:03 . 2008-10-16 20:38 52224 c:\windows\system32\msfeedsbs.dll
+ 2006-11-08 02:03 . 2009-06-29 16:12 52224 c:\windows\system32\msfeedsbs.dll
+ 2007-01-14 22:01 . 2008-06-12 14:16 58880 c:\windows\system32\msdtclog.dll
- 2007-01-14 22:01 . 2004-08-04 05:56 58880 c:\windows\system32\msdtclog.dll
- 2001-08-23 12:00 . 2004-08-04 05:56 19968 c:\windows\system32\mqbkup.exe
+ 2001-08-23 12:00 . 2009-06-22 11:49 19968 c:\windows\system32\mqbkup.exe
+ 2001-08-23 12:00 . 2009-06-29 16:12 27648 c:\windows\system32\jsproxy.dll
- 2001-08-23 12:00 . 2008-10-16 20:38 27648 c:\windows\system32\jsproxy.dll
- 2006-11-07 08:26 . 2008-10-16 13:11 13824 c:\windows\system32\ieudinit.exe
+ 2006-11-07 08:26 . 2009-06-29 11:07 13824 c:\windows\system32\ieudinit.exe
+ 2001-08-23 12:00 . 2009-06-29 16:12 44544 c:\windows\system32\iernonce.dll
- 2001-08-23 12:00 . 2008-10-16 20:38 44544 c:\windows\system32\iernonce.dll
- 2001-08-23 12:00 . 2008-10-16 13:11 70656 c:\windows\system32\ie4uinit.exe
+ 2001-08-23 12:00 . 2009-06-29 11:07 70656 c:\windows\system32\ie4uinit.exe
- 2006-10-17 16:58 . 2008-10-16 20:38 63488 c:\windows\system32\icardie.dll
+ 2006-10-17 16:58 . 2009-06-29 16:12 63488 c:\windows\system32\icardie.dll
+ 2009-09-22 17:43 . 2009-07-03 14:49 64160 c:\windows\system32\DRVSTORE\lbd_4C6E0193F967021F4DECA024CA3950BECD8BF864\Lbd.sys
+ 2001-08-23 12:00 . 2009-06-22 11:48 91776 c:\windows\system32\drivers\mqac.sys
+ 2009-06-12 11:50 . 2009-06-12 11:50 80896 c:\windows\system32\dllcache\tlntsess.exe
+ 2009-06-12 11:50 . 2009-06-12 11:50 76288 c:\windows\system32\dllcache\telnet.exe
+ 2009-02-03 20:08 . 2009-02-03 20:08 55808 c:\windows\system32\dllcache\secur32.dll
+ 2001-08-23 12:00 . 2009-02-06 16:54 35328 c:\windows\system32\dllcache\sc.exe
- 2006-10-23 15:17 . 2008-10-16 20:38 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2006-10-23 15:17 . 2009-06-29 16:12 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2007-05-14 03:46 . 2009-06-29 16:12 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2007-05-14 03:46 . 2008-10-16 20:38 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 58880 c:\windows\system32\dllcache\msdtclog.dll
- 2007-07-06 12:46 . 2007-07-06 12:46 48640 c:\windows\system32\dllcache\mqupgrd.dll
+ 2007-07-06 12:46 . 2009-06-25 18:36 48640 c:\windows\system32\dllcache\mqupgrd.dll
+ 2007-07-06 12:46 . 2009-06-25 18:36 95744 c:\windows\system32\dllcache\mqsec.dll
- 2007-07-06 12:46 . 2007-07-06 12:46 95744 c:\windows\system32\dllcache\mqsec.dll
- 2007-07-06 12:46 . 2007-07-06 12:46 16896 c:\windows\system32\dllcache\mqise.dll
+ 2007-07-06 12:46 . 2009-06-25 18:36 16896 c:\windows\system32\dllcache\mqise.dll
+ 2007-07-06 12:46 . 2009-06-25 18:36 47104 c:\windows\system32\dllcache\mqdscli.dll
- 2007-07-06 12:46 . 2007-07-06 12:46 47104 c:\windows\system32\dllcache\mqdscli.dll
+ 2009-06-22 11:49 . 2009-06-22 11:49 19968 c:\windows\system32\dllcache\mqbkup.exe
+ 2007-07-06 10:05 . 2009-06-22 11:48 91776 c:\windows\system32\dllcache\mqac.sys
- 2006-10-23 15:17 . 2008-10-16 20:38 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2006-10-23 15:17 . 2009-06-29 16:12 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2007-05-14 03:46 . 2009-06-29 11:07 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2007-05-14 03:46 . 2008-10-16 13:11 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2006-11-07 08:26 . 2008-10-16 20:38 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2006-11-07 08:26 . 2009-06-29 16:12 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2006-10-17 17:06 . 2009-06-29 16:12 78336 c:\windows\system32\dllcache\ieencode.dll
- 2006-10-17 17:06 . 2006-10-17 17:06 78336 c:\windows\system32\dllcache\ieencode.dll
- 2006-11-07 08:26 . 2008-10-16 13:11 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2006-11-07 08:26 . 2009-06-29 11:07 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2007-08-20 10:04 . 2009-06-29 16:12 63488 c:\windows\system32\dllcache\icardie.dll
- 2007-08-20 10:04 . 2008-10-16 20:38 63488 c:\windows\system32\dllcache\icardie.dll
+ 2001-08-23 12:00 . 2009-07-29 04:53 82432 c:\windows\system32\dllcache\fontsub.dll
+ 2006-10-17 17:03 . 2009-06-29 16:12 17408 c:\windows\system32\dllcache\corpol.dll
- 2006-10-17 17:03 . 2007-01-09 00:01 17408 c:\windows\system32\dllcache\corpol.dll
+ 2009-06-10 14:21 . 2009-06-10 14:21 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2009-07-17 18:55 . 2009-07-17 18:55 58880 c:\windows\system32\dllcache\atl.dll
+ 2001-08-23 12:00 . 2009-06-10 14:21 84992 c:\windows\system32\avifil32.dll
- 2001-08-23 12:00 . 2004-08-04 05:56 84992 c:\windows\system32\avifil32.dll
+ 2009-09-22 18:41 . 2009-09-22 18:41 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2009-09-22 18:41 . 2009-09-22 18:41 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2009-09-22 17:28 . 2008-10-16 20:38 44544 c:\windows\ie7updates\KB972260-IE7\pngfilt.dll
+ 2009-09-22 17:28 . 2008-10-16 20:38 52224 c:\windows\ie7updates\KB972260-IE7\msfeedsbs.dll
+ 2009-09-22 17:28 . 2008-10-16 20:38 27648 c:\windows\ie7updates\KB972260-IE7\jsproxy.dll
+ 2009-09-22 17:28 . 2008-10-16 13:11 13824 c:\windows\ie7updates\KB972260-IE7\ieudinit.exe
+ 2009-09-22 17:28 . 2008-10-16 20:38 44544 c:\windows\ie7updates\KB972260-IE7\iernonce.dll
+ 2009-09-22 17:28 . 2006-10-17 17:06 78336 c:\windows\ie7updates\KB972260-IE7\ieencode.dll
+ 2009-09-22 17:28 . 2008-10-16 13:11 70656 c:\windows\ie7updates\KB972260-IE7\ie4uinit.exe
+ 2009-09-22 17:28 . 2008-10-16 20:38 63488 c:\windows\ie7updates\KB972260-IE7\icardie.dll
+ 2009-09-22 17:28 . 2004-08-04 05:56 35328 c:\windows\ie7updates\KB972260-IE7\corpol.dll
+ 2001-08-23 12:00 . 2009-06-22 11:49 4608 c:\windows\system32\mqsvc.exe
- 2001-08-23 12:00 . 2004-08-04 05:56 4608 c:\windows\system32\mqsvc.exe
+ 2009-06-22 11:49 . 2009-06-22 11:49 4608 c:\windows\system32\dllcache\mqsvc.exe
+ 2009-09-22 18:41 . 2009-09-22 18:41 5120 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
+ 2008-07-29 12:05 . 2008-07-29 12:05 875520 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcp90d.dll
+ 2008-07-29 07:54 . 2008-07-29 07:54 312832 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcm90d.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 07:54 . 2008-07-29 07:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2006-10-16 10:21 . 2009-04-15 09:24 351744 c:\windows\system32\xpsp3res.dll
- 2001-08-23 12:00 . 2006-08-17 12:28 132096 c:\windows\system32\wkssvc.dll
+ 2001-08-23 12:00 . 2009-06-10 06:32 132096 c:\windows\system32\wkssvc.dll
+ 2007-01-14 22:30 . 2008-12-16 12:47 351232 c:\windows\system32\winhttp.dll
- 2007-01-14 22:30 . 2004-08-04 05:56 351232 c:\windows\system32\winhttp.dll
- 2001-08-23 12:00 . 2008-10-16 20:38 233472 c:\windows\system32\webcheck.dll
+ 2001-08-23 12:00 . 2009-06-29 16:12 233472 c:\windows\system32\webcheck.dll
+ 2007-01-14 22:01 . 2009-02-06 16:39 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2007-01-14 22:01 . 2009-02-09 10:20 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2007-01-14 22:01 . 2009-02-09 10:20 473088 c:\windows\system32\wbem\fastprox.dll
- 2001-08-23 12:00 . 2008-10-16 20:38 105984 c:\windows\system32\url.dll
+ 2001-08-23 12:00 . 2009-06-29 16:12 105984 c:\windows\system32\url.dll
+ 2001-08-23 12:00 . 2009-06-25 18:36 169472 c:\windows\system32\Setup\msmqocm.dll
+ 2001-08-23 12:00 . 2009-02-06 17:14 110592 c:\windows\system32\services.exe
- 2001-08-23 12:00 . 2007-04-25 14:21 144896 c:\windows\system32\schannel.dll
+ 2001-08-23 12:00 . 2008-12-05 07:12 144896 c:\windows\system32\schannel.dll
+ 2001-08-23 12:00 . 2009-02-09 10:20 399360 c:\windows\system32\rpcss.dll
+ 2001-08-23 12:00 . 2009-04-15 15:26 583168 c:\windows\system32\rpcrt4.dll
- 2001-08-23 12:00 . 2009-03-15 07:55 311604 c:\windows\system32\perfh009.dat
+ 2001-08-23 12:00 . 2009-09-22 17:37 311604 c:\windows\system32\perfh009.dat
+ 2001-08-23 12:00 . 2009-03-06 14:44 283648 c:\windows\system32\pdh.dll
- 2001-08-23 12:00 . 2004-08-04 05:56 283648 c:\windows\system32\pdh.dll
+ 2001-08-23 12:00 . 2009-06-29 16:12 102912 c:\windows\system32\occache.dll
- 2001-08-23 12:00 . 2008-10-16 20:38 102912 c:\windows\system32\occache.dll
+ 2001-08-23 12:00 . 2009-02-09 10:20 714752 c:\windows\system32\ntdll.dll
+ 2007-01-14 22:01 . 2009-06-05 07:42 655872 c:\windows\system32\mstscax.dll
+ 2001-08-23 12:00 . 2009-06-29 16:12 671232 c:\windows\system32\mstime.dll
- 2001-08-23 12:00 . 2008-10-16 20:38 671232 c:\windows\system32\mstime.dll
+ 2001-08-23 12:00 . 2009-06-29 16:12 193024 c:\windows\system32\msrating.dll
- 2001-08-23 12:00 . 2008-10-16 20:38 193024 c:\windows\system32\msrating.dll
+ 2001-08-23 12:00 . 2009-06-29 16:12 477696 c:\windows\system32\mshtmled.dll
- 2001-08-23 12:00 . 2008-10-16 20:38 477696 c:\windows\system32\mshtmled.dll
- 2006-11-08 02:03 . 2008-10-16 20:38 459264 c:\windows\system32\msfeeds.dll
+ 2006-11-08 02:03 . 2009-06-29 16:12 459264 c:\windows\system32\msfeeds.dll
+ 2007-01-14 22:01 . 2008-06-12 14:16 161792 c:\windows\system32\msdtcuiu.dll
+ 2007-01-14 22:01 . 2008-06-12 14:16 956928 c:\windows\system32\msdtctm.dll
+ 2007-01-14 22:01 . 2008-06-12 14:16 428032 c:\windows\system32\msdtcprx.dll
+ 2001-08-23 12:00 . 2009-06-22 11:49 117248 c:\windows\system32\mqtgsvc.exe
- 2001-08-23 12:00 . 2004-08-04 05:56 117248 c:\windows\system32\mqtgsvc.exe
+ 2001-08-23 12:00 . 2009-02-09 10:20 723456 c:\windows\system32\lsasrv.dll
+ 2001-08-23 12:00 . 2009-05-07 15:44 344064 c:\windows\system32\localspl.dll
+ 2001-08-23 12:00 . 2009-03-21 14:18 986112 c:\windows\system32\kernel32.dll
+ 2001-08-23 12:00 . 2009-08-13 15:16 512000 c:\windows\system32\jscript.dll
+ 2006-10-17 16:57 . 2009-06-29 16:12 268288 c:\windows\system32\iertutil.dll
+ 2001-08-23 12:00 . 2009-06-29 16:12 385024 c:\windows\system32\iedkcs32.dll
+ 2006-10-17 16:27 . 2009-06-29 16:12 380928 c:\windows\system32\ieapfltr.dll
- 2001-08-23 12:00 . 2008-10-15 07:04 161792 c:\windows\system32\ieakui.dll
+ 2001-08-23 12:00 . 2009-06-29 08:33 161792 c:\windows\system32\ieakui.dll
- 2001-08-23 12:00 . 2008-10-16 20:38 230400 c:\windows\system32\ieaksie.dll
+ 2001-08-23 12:00 . 2009-06-29 16:12 230400 c:\windows\system32\ieaksie.dll
- 2001-08-23 12:00 . 2008-10-16 20:38 153088 c:\windows\system32\ieakeng.dll
+ 2001-08-23 12:00 . 2009-06-29 16:12 153088 c:\windows\system32\ieakeng.dll
+ 2007-01-14 16:55 . 2009-09-22 17:32 189000 c:\windows\system32\FNTCACHE.DAT
- 2007-01-14 16:55 . 2008-10-16 15:45 189000 c:\windows\system32\FNTCACHE.DAT
+ 2007-01-14 22:30 . 2009-06-29 16:12 133120 c:\windows\system32\extmgr.dll
- 2007-01-14 22:30 . 2008-10-16 20:38 133120 c:\windows\system32\extmgr.dll
+ 2001-08-23 12:00 . 2009-06-29 16:12 214528 c:\windows\system32\dxtrans.dll
- 2001-08-23 12:00 . 2008-10-16 20:38 214528 c:\windows\system32\dxtrans.dll
+ 2001-08-23 12:00 . 2009-06-29 16:12 347136 c:\windows\system32\dxtmsft.dll
- 2001-08-23 12:00 . 2008-10-16 20:38 347136 c:\windows\system32\dxtmsft.dll
+ 2001-08-23 12:00 . 2008-12-11 11:57 333184 c:\windows\system32\drivers\srv.sys
+ 2009-07-14 03:43 . 2009-07-14 03:43 286208 c:\windows\system32\dllcache\wmpdxm.dll
- 2006-08-17 12:28 . 2006-08-17 12:28 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2006-08-17 12:28 . 2009-06-10 06:32 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2006-10-23 15:17 . 2009-06-29 16:12 827392 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:47 . 2008-12-16 12:47 351232 c:\windows\system32\dllcache\winhttp.dll
- 2006-11-08 02:03 . 2008-10-16 20:38 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2006-11-08 02:03 . 2009-06-29 16:12 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2006-10-17 17:05 . 2009-06-29 16:12 105984 c:\windows\system32\dllcache\url.dll
- 2006-10-17 17:05 . 2008-10-16 20:38 105984 c:\windows\system32\dllcache\url.dll
+ 2009-07-29 04:53 . 2009-07-29 04:53 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2006-08-14 10:34 . 2008-12-11 11:57 333184 c:\windows\system32\dllcache\srv.sys
- 2007-04-25 14:21 . 2007-04-25 14:21 144896 c:\windows\system32\dllcache\schannel.dll
+ 2007-04-25 14:21 . 2008-12-05 07:12 144896 c:\windows\system32\dllcache\schannel.dll
+ 2007-10-09 19:42 . 2009-04-15 15:26 583168 c:\windows\system32\dllcache\rpcrt4.dll
- 2006-10-17 17:04 . 2008-10-16 20:38 102912 c:\windows\system32\dllcache\occache.dll
+ 2006-10-17 17:04 . 2009-06-29 16:12 102912 c:\windows\system32\dllcache\occache.dll
+ 2009-08-05 09:11 . 2009-08-05 09:11 204800 c:\windows\system32\dllcache\mswebdvd.dll
- 2006-10-23 15:17 . 2008-10-16 20:38 671232 c:\windows\system32\dllcache\mstime.dll
+ 2006-10-23 15:17 . 2009-06-29 16:12 671232 c:\windows\system32\dllcache\mstime.dll
+ 2006-10-23 15:17 . 2009-06-29 16:12 193024 c:\windows\system32\dllcache\msrating.dll
- 2006-10-23 15:17 . 2008-10-16 20:38 193024 c:\windows\system32\dllcache\msrating.dll
+ 2009-06-25 18:36 . 2009-06-25 18:36 169472 c:\windows\system32\dllcache\msmqocm.dll
+ 2006-10-23 15:17 . 2009-06-29 16:12 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2006-10-23 15:17 . 2008-10-16 20:38 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2007-05-14 03:46 . 2008-10-16 20:38 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2007-05-14 03:46 . 2009-06-29 16:12 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2007-07-06 12:46 . 2009-06-25 18:36 471552 c:\windows\system32\dllcache\mqutil.dll
- 2007-07-06 12:46 . 2007-07-06 12:46 471552 c:\windows\system32\dllcache\mqutil.dll
+ 2009-06-25 18:36 . 2009-06-25 18:36 186880 c:\windows\system32\dllcache\mqtrig.dll
+ 2009-06-22 11:49 . 2009-06-22 11:49 117248 c:\windows\system32\dllcache\mqtgsvc.exe
+ 2009-06-25 18:36 . 2009-06-25 18:36 517120 c:\windows\system32\dllcache\mqsnap.dll
+ 2009-06-25 18:36 . 2009-06-25 18:36 123392 c:\windows\system32\dllcache\mqrtdep.dll
- 2007-07-06 12:46 . 2007-07-06 12:46 177152 c:\windows\system32\dllcache\mqrt.dll
+ 2007-07-06 12:46 . 2009-06-25 18:36 177152 c:\windows\system32\dllcache\mqrt.dll
+ 2007-07-06 12:46 . 2009-06-25 18:36 661504 c:\windows\system32\dllcache\mqqm.dll
+ 2009-06-25 18:36 . 2009-06-25 18:36 225280 c:\windows\system32\dllcache\mqoa.dll
- 2007-07-06 12:46 . 2007-07-06 12:46 138240 c:\windows\system32\dllcache\mqad.dll
+ 2007-07-06 12:46 . 2009-06-25 18:36 138240 c:\windows\system32\dllcache\mqad.dll
+ 2006-08-17 12:28 . 2009-02-09 10:20 723456 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-05-07 15:44 . 2009-05-07 15:44 344064 c:\windows\system32\dllcache\localspl.dll
+ 2006-07-05 10:55 . 2009-03-21 14:18 986112 c:\windows\system32\dllcache\kernel32.dll
+ 2006-05-18 05:24 . 2009-08-13 15:16 512000 c:\windows\system32\dllcache\jscript.dll
+ 2006-10-17 17:04 . 2009-06-29 08:35 634632 c:\windows\system32\dllcache\iexplore.exe
+ 2007-05-14 03:46 . 2009-06-29 16:12 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2006-11-07 08:27 . 2009-06-29 16:12 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-05-14 03:46 . 2009-06-29 16:12 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2001-08-23 12:00 . 2009-06-29 08:33 161792 c:\windows\system32\dllcache\ieakui.dll
- 2001-08-23 12:00 . 2008-10-15 07:04 161792 c:\windows\system32\dllcache\ieakui.dll
- 2006-11-07 08:27 . 2008-10-16 20:38 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2006-11-07 08:27 . 2009-06-29 16:12 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2006-11-07 08:26 . 2009-06-29 16:12 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2006-11-07 08:26 . 2008-10-16 20:38 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2006-10-23 15:17 . 2009-06-29 16:12 133120 c:\windows\system32\dllcache\extmgr.dll
- 2006-10-23 15:17 . 2008-10-16 20:38 133120 c:\windows\system32\dllcache\extmgr.dll
- 2006-10-23 15:17 . 2008-10-16 20:38 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2006-10-23 15:17 . 2009-06-29 16:12 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2006-10-23 15:17 . 2008-10-16 20:38 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2006-10-23 15:17 . 2009-06-29 16:12 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2006-11-07 08:26 . 2009-06-29 16:12 124928 c:\windows\system32\dllcache\advpack.dll
- 2006-11-07 08:26 . 2008-10-16 20:38 124928 c:\windows\system32\dllcache\advpack.dll
- 2001-08-23 12:00 . 2008-10-16 20:38 124928 c:\windows\system32\advpack.dll
+ 2001-08-23 12:00 . 2009-06-29 16:12 124928 c:\windows\system32\advpack.dll
+ 2001-08-23 12:00 . 2009-02-09 10:20 616960 c:\windows\system32\advapi32.dll
- 2001-08-23 12:00 . 2004-08-04 05:56 616960 c:\windows\system32\advapi32.dll
+ 2009-09-22 17:40 . 2009-09-22 17:40 236032 c:\windows\Installer\77a81.msi
+ 2009-09-22 17:28 . 2008-10-16 20:38 826368 c:\windows\ie7updates\KB972260-IE7\wininet.dll
+ 2009-09-22 17:28 . 2008-10-16 20:38 233472 c:\windows\ie7updates\KB972260-IE7\webcheck.dll
+ 2009-09-22 17:28 . 2008-10-16 20:38 105984 c:\windows\ie7updates\KB972260-IE7\url.dll
+ 2009-09-22 17:28 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB972260-IE7\spuninst\updspapi.dll
+ 2009-09-22 17:28 . 2008-07-08 13:02 231288 c:\windows\ie7updates\KB972260-IE7\spuninst\spuninst.exe
+ 2009-09-22 17:28 . 2008-10-16 20:38 102912 c:\windows\ie7updates\KB972260-IE7\occache.dll
+ 2009-09-22 17:28 . 2008-10-16 20:38 671232 c:\windows\ie7updates\KB972260-IE7\mstime.dll
+ 2009-09-22 17:28 . 2008-10-16 20:38 193024 c:\windows\ie7updates\KB972260-IE7\msrating.dll
+ 2009-09-22 17:28 . 2008-10-16 20:38 477696 c:\windows\ie7updates\KB972260-IE7\mshtmled.dll
+ 2009-09-22 17:28 . 2008-10-16 20:38 459264 c:\windows\ie7updates\KB972260-IE7\msfeeds.dll
+ 2009-09-22 17:28 . 2008-10-15 07:06 633632 c:\windows\ie7updates\KB972260-IE7\iexplore.exe
+ 2009-09-22 17:28 . 2008-10-16 20:38 267776 c:\windows\ie7updates\KB972260-IE7\iertutil.dll
+ 2009-09-22 17:28 . 2008-10-16 20:38 384512 c:\windows\ie7updates\KB972260-IE7\iedkcs32.dll
+ 2009-09-22 17:28 . 2008-10-16 20:38 383488 c:\windows\ie7updates\KB972260-IE7\ieapfltr.dll
+ 2009-09-22 17:28 . 2008-10-15 07:04 161792 c:\windows\ie7updates\KB972260-IE7\ieakui.dll
+ 2009-09-22 17:28 . 2008-10-16 20:38 230400 c:\windows\ie7updates\KB972260-IE7\ieaksie.dll
+ 2009-09-22 17:28 . 2008-10-16 20:38 153088 c:\windows\ie7updates\KB972260-IE7\ieakeng.dll
+ 2009-09-22 17:28 . 2008-10-16 20:38 133120 c:\windows\ie7updates\KB972260-IE7\extmgr.dll
+ 2009-09-22 17:28 . 2008-10-16 20:38 214528 c:\windows\ie7updates\KB972260-IE7\dxtrans.dll
+ 2009-09-22 17:28 . 2008-10-16 20:38 347136 c:\windows\ie7updates\KB972260-IE7\dxtmsft.dll
+ 2009-09-22 17:28 . 2008-10-16 20:38 124928 c:\windows\ie7updates\KB972260-IE7\advpack.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 5982720 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90ud.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 5937144 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90d.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 1180672 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcr90d.dll
+ 2001-08-23 12:00 . 2009-05-20 08:56 2458112 c:\windows\system32\WMVCore.dll
- 2001-08-23 12:00 . 2008-06-18 10:03 2458112 c:\windows\system32\WMVCore.dll
+ 2001-08-23 12:00 . 2009-04-17 09:58 1846656 c:\windows\system32\win32k.sys
+ 2001-08-23 12:00 . 2009-06-29 16:12 1159680 c:\windows\system32\urlmon.dll
+ 2001-08-23 12:00 . 2008-07-03 13:03 8460800 c:\windows\system32\shell32.dll
+ 2001-08-23 12:00 . 2009-06-03 19:27 1290752 c:\windows\system32\quartz.dll
+ 2001-08-23 12:00 . 2009-02-06 17:24 2180480 c:\windows\system32\ntoskrnl.exe
- 2001-08-17 13:48 . 2008-08-14 09:22 2057728 c:\windows\system32\ntkrnlpa.exe
+ 2001-08-17 13:48 . 2009-02-06 16:49 2057728 c:\windows\system32\ntkrnlpa.exe
+ 2001-08-23 12:00 . 2009-07-19 13:33 3597824 c:\windows\system32\mshtml.dll
+ 2006-11-08 02:03 . 2009-07-19 13:32 6067200 c:\windows\system32\ieframe.dll
+ 2006-09-06 04:01 . 2009-06-29 08:33 2452872 c:\windows\system32\ieapfltr.dat
+ 2001-08-23 12:00 . 2009-05-20 08:56 2458112 c:\windows\system32\dllcache\WMVCore.dll
- 2001-08-23 12:00 . 2008-06-18 10:03 2458112 c:\windows\system32\dllcache\WMVCore.dll
+ 2007-03-08 13:47 . 2009-04-17 09:58 1846656 c:\windows\system32\dllcache\win32k.sys
+ 2006-10-23 15:17 . 2009-06-29 16:12 1159680 c:\windows\system32\dllcache\urlmon.dll
+ 2006-07-13 13:33 . 2008-07-03 13:03 8460800 c:\windows\system32\dllcache\shell32.dll
+ 2007-10-29 22:43 . 2009-06-03 19:27 1290752 c:\windows\system32\dllcache\quartz.dll
+ 2006-12-19 14:17 . 2009-02-06 17:24 2180480 c:\windows\system32\dllcache\ntoskrnl.exe
- 2006-12-19 12:55 . 2008-08-14 09:22 2015744 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2006-12-19 12:55 . 2009-02-06 16:49 2015744 c:\windows\system32\dllcache\ntkrpamp.exe
- 2006-12-19 12:55 . 2008-08-14 09:22 2057728 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2006-12-19 12:55 . 2009-02-06 16:49 2057728 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2006-12-19 14:15 . 2009-02-06 17:22 2136064 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2006-12-19 14:15 . 2008-08-14 09:58 2136064 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2006-11-08 05:06 . 2009-07-10 13:42 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2006-10-23 15:17 . 2009-07-19 13:33 3597824 c:\windows\system32\dllcache\mshtml.dll
+ 2007-05-14 03:46 . 2009-07-19 13:32 6067200 c:\windows\system32\dllcache\ieframe.dll
+ 2007-05-14 03:46 . 2009-06-29 08:33 2452872 c:\windows\system32\dllcache\ieapfltr.dat
+ 2009-09-22 17:41 . 2009-09-22 17:41 1859072 c:\windows\Installer\77a88.msi
+ 2009-09-22 18:41 . 2009-09-22 18:41 1583616 c:\windows\Installer\2fba36.msi
+ 2009-09-22 17:28 . 2008-10-16 20:38 1160192 c:\windows\ie7updates\KB972260-IE7\urlmon.dll
+ 2009-09-22 17:28 . 2008-10-17 07:08 3593216 c:\windows\ie7updates\KB972260-IE7\mshtml.dll
+ 2009-09-22 17:28 . 2008-10-16 20:38 6066176 c:\windows\ie7updates\KB972260-IE7\ieframe.dll
+ 2009-09-22 17:28 . 2007-04-17 09:28 2455488 c:\windows\ie7updates\KB972260-IE7\ieapfltr.dat
+ 2005-03-02 00:59 . 2009-02-06 17:24 2180480 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2005-03-02 00:34 . 2009-02-06 16:49 2015744 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2005-03-02 00:34 . 2008-08-14 09:22 2015744 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2005-03-02 00:34 . 2008-08-14 09:22 2057728 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2005-03-02 00:34 . 2009-02-06 16:49 2057728 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2005-03-02 00:57 . 2009-02-06 17:22 2136064 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2005-03-02 00:57 . 2008-08-14 09:58 2136064 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2007-01-14 22:30 . 2009-07-14 03:43 10841088 c:\windows\system32\wmp.dll
+ 2009-09-22 17:29 . 2009-08-28 18:38 24689600 c:\windows\system32\MRT.exe
+ 2009-07-14 03:43 . 2009-07-14 03:43 10841088 c:\windows\system32\dllcache\wmp.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ares"="c:\program files\Ares\Ares.exe" [2007-02-07 968704]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"calc"="c:\windows\system32\calc.dll" [2009-09-22 22528]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"d85a31c9"="c:\windows\system32\legufizi.dll" [BU]

c:\documents and settings\Computer\Start Menu\Programs\Startup\
scandisk.dll [2009-9-21 22528]
scandisk.lnk - c:\windows\system32\rundll32.exe [2001-8-23 33280]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless Configuration Utility HW.51.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Wireless Configuration Utility HW.51.lnk
backup=c:\windows\pss\Wireless Configuration Utility HW.51.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Computer^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
path=c:\documents and settings\Computer\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=c:\windows\pss\RollerCoaster Tycoon 3 Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avast! Web Scanner"=3 (0x3)
"DefWatch"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"BITS"=2 (0x2)
"AresChatServer"=3 (0x3)
"SavRoam"=3 (0x3)
"RSVP"=3 (0x3)
"LiveUpdate"=3 (0x3)
"iPod Service"=3 (0x3)
"getPlusŪ Helper"=3 (0x3)
"Viewpoint Manager Service"=2 (0x2)
"Symantec AntiVirus"=2 (0x2)
"SPBBCSvc"=2 (0x2)
"SNDSrvc"=3 (0x3)
"xmlprov"=3 (0x3)
"WZCSVC"=3 (0x3)
"WudfSvc"=3 (0x3)
"wscsvc"=2 (0x2)
"WebClient"=2 (0x2)
"VSS"=3 (0x3)
"upnphost"=3 (0x3)
"TlntSvr"=3 (0x3)
"Themes"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SwPrv"=3 (0x3)
"SSDPSRV"=3 (0x3)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"SamSs"=2 (0x2)
"RasMan"=3 (0x3)
"PolicyAgent"=2 (0x2)
"NtLmSsp"=3 (0x3)
"Nla"=3 (0x3)
"MSIServer"=3 (0x3)
"MSDTC"=3 (0x3)
"ImapiService"=3 (0x3)
"helpsvc"=3 (0x3)
"Eventlog"=2 (0x2)
"CryptSvc"=3 (0x3)
"COMSysApp"=3 (0x3)
"AppMgmt"=3 (0x3)
"ALG"=3 (0x3)
"aawservice"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\bshaw1\\condition zero\\hl.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Documents and Settings\\Computer\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Computer\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/22/2009 1:43 PM 64160]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/15/2009 11:42 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 11:42 AM 74480]
S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [1/14/2007 6:27 PM 26488]
S3 als4k;Avance Audio Miniport Driver (WDM);c:\windows\system32\drivers\als4000.sys --> c:\windows\system32\drivers\als4000.sys [?]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\Computer\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\Computer\LOCALS~1\Temp\ALSysIO.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 10:49 AM 1028432]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 11:42 AM 7408]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/9/2009 10:04 PM 24652]

--- Other Services/Drivers In Memory ---

*Deregistered* - NAVENG
*Deregistered* - NAVEX15
*Deregistered* - SAVRT
*Deregistered* - SAVRTPEL
*Deregistered* - SymEvent
.
Contents of the 'Scheduled Tasks' folder

2009-09-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 17:42]

2009-01-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 22:13]

2009-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-838170752-839522115-1003.job
- c:\documents and settings\Computer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-06 02:11]

2009-09-22 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-09-22 02:18]

2009-01-16 c:\windows\Tasks\Windows Media Player.job
- c:\progra~1\WINDOW~3\wmplayer.exe [2007-01-14 02:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &Yahoo! Search
IE: Yahoo! &Dictionary
IE: Yahoo! &Maps
IE: Yahoo! &SMS
FF - ProfilePath - c:\documents and settings\Computer\Application Data\Mozilla\Firefox\Profiles\vxdt1azi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - plugin: c:\documents and settings\Computer\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Computer\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {5FF44247-CFA4-47A8-9F21-A05F294C767B} - c:\documents and settings\Computer\Local Settings\Application Data\{5FF44247-CFA4-47A8-9F21-A05F294C767B}
.
- - - - ORPHANS REMOVED - - - -

BHO-{0700CDE9-A586-4263-B443-69B3AC43B4AC} - (no file)
BHO-{0b3eca71-efa0-45fe-b8f4-3d1dbe164ccb} - (no file)
BHO-{0BEC46FD-4ED4-4ED3-A653-199CAD7D5A09} - (no file)
BHO-{1CB3B216-4384-4CBD-AB31-78434277B816} - (no file)
BHO-{207547A8-B707-476B-BBFF-9A26E20C6CE8} - (no file)
BHO-{21339A4F-D22C-446F-9CF1-C016045965AD} - (no file)
BHO-{271C8689-6C24-499B-8414-2A9455A5F8A9} - (no file)
BHO-{2D353F68-4220-415B-A206-66482D7884CC} - (no file)
BHO-{2FEBA787-194D-489F-8310-5D482CB8E8EC} - (no file)
BHO-{3723ADA8-8629-41B7-A54C-E9F26A825F7B} - (no file)
BHO-{3A62F591-4D9D-45D3-864C-67773D4A9047} - (no file)
BHO-{498E16FC-0230-48C6-A9F2-56EE7AB6C173} - (no file)
BHO-{4A6E7C8C-CF10-47E7-B065-F59C12695F0A} - (no file)
BHO-{50BBF51B-A5DE-416C-8381-6D60FE6B78E9} - (no file)
BHO-{55f58f90-721c-40c7-9513-ba5d92375aa6} - (no file)
BHO-{5658D7D5-FE52-420D-B821-5B76E334C769} - (no file)
BHO-{57D35751-E2FB-46CA-9991-7BD9C04C8B76} - (no file)
BHO-{5AD5D9C5-9D6A-4AF4-819C-FAFCADAE9F79} - (no file)
BHO-{603CCA7A-AF92-44B3-9F41-94F32C2FAE79} - (no file)
BHO-{65E76D35-991A-4260-82B3-DEBE91953DD4} - (no file)
BHO-{673EDAEA-6F58-4BE4-919B-84CEC12149AD} - (no file)
BHO-{67E96B29-29CC-4582-B09A-E37D3E24FC9E} - (no file)
BHO-{6C14D851-4A61-4EE2-B259-49BD4CC72CEA} - (no file)
BHO-{6DBF59D9-05BF-4817-8EA7-B39407DC1BCA} - (no file)
BHO-{7A85738D-B41C-4E86-9388-18B3F917086D} - (no file)
BHO-{80E606B5-4BD1-4B1C-98E8-70823080143E} - (no file)
BHO-{80EC44DA-366A-4C08-B34F-4A4F59CE4EA0} - (no file)
BHO-{86CC92D5-CBE3-4637-81B7-45A18CD6AD25} - (no file)
BHO-{873CAC1F-8F38-4AA7-AC87-CAABF3A03DFD} - (no file)
BHO-{884c947f-b843-456e-b98d-02dc13118b19} - (no file)
BHO-{90B6B6B9-D166-49C4-B211-D01B801A39A5} - (no file)
BHO-{922898FE-4657-48EF-BB2C-431BDF8536DC} - (no file)
BHO-{9268A236-A699-4AF6-B4D7-FE3B49F4B192} - (no file)
BHO-{9AC41CB7-8AC3-4B07-892D-C1B07BB8CEB7} - (no file)
BHO-{9F2D6227-E5A0-4B87-9477-21AB4B677522} - (no file)
BHO-{A9121CB5-2F22-4F51-B97E-C6C3ADEBDFE2} - (no file)
BHO-{AD293A67-DA3D-4799-B859-9A622C2FB2D9} - (no file)
BHO-{AD5D37ED-493D-4FA7-8CD4-76F30EE1316E} - (no file)
BHO-{AFDEE1BB-FBBC-4A6C-95FB-84450926D149} - (no file)
BHO-{B29E543A-87BC-4B66-83B2-E489026D73E0} - (no file)
BHO-{B5CC4FDD-E189-47BB-8748-B5A36500B241} - (no file)
BHO-{BE023D90-100E-4320-B4EF-0B15BDC6845B} - (no file)
BHO-{BFB33EDA-4802-477F-9763-0E049470E117} - (no file)
BHO-{C063AC8C-9CD5-4677-8800-E196D65F0B28} - (no file)
BHO-{CC28CA9A-CF5F-4BF9-8EB9-8B0EEE271EB9} - (no file)
BHO-{CDDE3645-8C78-4BC0-8577-785268A37483} - (no file)
BHO-{D172BBC9-7BBC-42AC-AC8F-C7EFF1DF5C2C} - (no file)
BHO-{D3DE2B23-8BE9-4334-91D8-6BBEBC1FFCD1} - (no file)
BHO-{D8A54A05-07CF-4166-AC29-F82D48595CB0} - (no file)
BHO-{D8C477B3-5FD9-44A0-9E07-4D2AFCF20C00} - (no file)
BHO-{E2185D8B-2D69-47C5-947E-9042D64C8E2D} - (no file)
BHO-{ED2259DF-5DA5-4A1E-A6F0-41E06A2E40BD} - (no file)
BHO-{ED4B2C30-E4FE-435A-BAAB-CF8A94A339A8} - (no file)
BHO-{FA6563D0-3FBD-46E9-A8CB-7D4CA562D167} - (no file)
BHO-{FACDF2E4-48B9-46BD-AF40-A894DE525160} - (no file)
BHO-{FBA3F8DF-AC7F-4258-A976-586A0060BC6E} - (no file)
BHO-{FE41EBCF-D205-48AC-A33A-4E8A44ADE410} - (no file)
HKCU-Run-calc - c:\docume~1\Computer\protect.dll
Notify-NavLogon - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-22 16:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(480)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2009-09-22 16:52
ComboFix-quarantined-files.txt 2009-09-22 20:52
ComboFix2.txt 2009-09-22 16:48

Pre-Run: 19,934,711,808 bytes free
Post-Run: 19,931,656,192 bytes free

Current=2 Default=2 Failed=4 LastKnownGood=5 Sets=1,2,4,5
609 --- E O F --- 2009-09-22 20:38







------------------------------------------------------------------------------------------------------

Hijack LOG







Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:02:27 PM, on 9/22/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O4 - HKLM\..\Run: [calc] rundll32.exe C:\WINDOWS\system32\calc.dll,_IWMPEvents@0
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [d85a31c9] rundll32.exe "C:\WINDOWS\system32\legufizi.dll",b
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: scandisk.dll
O4 - Startup: scandisk.lnk = ?
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1168824782125
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

--
End of file - 4493 bytes

Edited by rider52, 22 September 2009 - 04:03 PM.


#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:28 PM

Posted 22 September 2009 - 04:23 PM

Hello there,

Excellent. :( ComboFix removed a LOT and it looks much better already.

Please make sure Spybot is still disabled so it won't interfere with the HijackThis fix. :(

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O4 - HKLM\..\Run: [d85a31c9] rundll32.exe "C:\WINDOWS\system32\legufizi.dll",b


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Navigate to and delete the following file(s)(if they exist):

C:\WINDOWS\system32\legufizi.dll

Reboot your computer.

Please make sure MBAM is updated, then run a scan and post the results in your reply, if there are any to post. :)

I notice that you do not seem to be running Antivirus software. AVG, Avira OR Avast are good FREE antivirus.

When you've installed the one you chose, please have a full system scan with it and let it clean any/all it finds.

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 16.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

How is it running now, please? :)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 rider52

rider52
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 22 September 2009 - 06:37 PM

Seems to be somewhat faster but I am still getting popups in firefox. Not sure if its firefox or because of google. When i click a link on a webpage it will take me somewhere completely different (http://yellowpages.superpages)

Here is my Malware log:

Malwarebytes' Anti-Malware 1.41
Database version: 2843
Windows 5.1.2600 Service Pack 2

9/22/2009 1:03:47 PM
mbam-log-2009-09-22 (13-03-47).txt

Scan type: Quick Scan
Objects scanned: 95369
Time elapsed: 2 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 3
Registry Values Infected: 5
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 17

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\mejajike.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\Prodezaxi.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{0a027942-d1b7-44a4-95a2-d04e9314d61e} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\main.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Spyware Guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wiberesug (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0a027942-d1b7-44a4-95a2-d04e9314d61e} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\kotefojum (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\klobocijezoweq (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sbeweseduzuvifuk (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\mejajike.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\mejajike.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Webtools (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\system32\mejajike.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\Prodezaxi.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\eyrsvxhd.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MSINET.oca (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ruwiraje.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\korozupa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ybvcsvsj.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vazoguti.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\neduwozi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ggxbqwsx.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xworcfkm.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSlxwp.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yonugese.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Computer\Local Settings\temp\nsrbgxod.bak (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Computer\protect.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\oputejefifinohaz.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\TDSSdxgp.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:28 PM

Posted 22 September 2009 - 06:56 PM

Hello,

Something more might be going on then......you had Vundo and a rootkit, so why not a DNS changer too?

Please download GooredFix and save it to your Desktop. Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt). Note: Do not run Option #2 yet.

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 rider52

rider52
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 23 September 2009 - 11:56 AM

GooredFix by jpshortstuff (12.07.09)
Log created at 12:55 on 23/09/2009 (Computer)
Firefox version 3.0.14 (en-US)

========== GooredScan ==========

Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{5FF44247-CFA4-47A8-9F21-A05F294C767B} -> Success!
Deleting C:\Documents and Settings\Computer\Local Settings\Application Data\{5FF44247-CFA4-47A8-9F21-A05F294C767B} -> Success!

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [04:25 13/06/2008]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
(none)

-=E.O.F=-

#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:28 PM

Posted 23 September 2009 - 01:39 PM

Hello,

Are you still being redirected?
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#11 rider52

rider52
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 23 September 2009 - 10:31 PM

Hey,

Thanks again for all of the help!

I ran symantec antivirus with recent updates and found a lot of vundo and another trojan. something. Yes unfortunately I am still being redirected but it seems to mostly happen in firefox, and if i click the link and click back, and do this multiple times it will usually go to the correct link. If it happens to be redirected and i didnt not click back a lot of times it will not go to the previous webpage.

Not sure what the next step is...and again all help is appreciated!

#12 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:28 PM

Posted 24 September 2009 - 01:57 PM

Hello,

When you ran GooredFix, did you run option #2? With the deletions I saw I just assumed that you had. I'm also going to guess that a lot of what Norton found is going to be in System Restore or quarantine, even though it seems there is something still afoot here.

Please let me know what you did, and we'll go from there. :(

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#13 rider52

rider52
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 24 September 2009 - 10:51 PM

Hello,

When you ran GooredFix, did you run option #2? With the deletions I saw I just assumed that you had. I'm also going to guess that a lot of what Norton found is going to be in System Restore or quarantine, even though it seems there is something still afoot here.

Please let me know what you did, and we'll go from there.

tea


Yes, when I ran GooredFix it didnt give me any options. I simply double clicked and ran it. I ran Updated Symantec and it found and deleted/quaratined whatever, quite a few trojans and many were labeled vundo. I am still being redirected almost everytime I click a link, even if its within a page and not going to an external page.

#14 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:28 PM

Posted 25 September 2009 - 11:50 AM

Hello there,

I see now.......last time I ran the tool on my own machine there were two options, scan and clean. They've been put together now and I didn't realize it. Thanks. :(

* Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the quote box below into notepad:

File::
c:\windows\system32\genetoda.dll.tmp
c:\windows\system32\peyehebe.dll.tmp
c:\windows\system32\ritohuga.dll.tmp


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again.

After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#15 rider52

rider52
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:28 PM

Posted 25 September 2009 - 12:57 PM

CF deleted something but then it seemed to freeze on startup and failed to create the log. I closed and restarted CF and it created a new log which is shown below

CFLOG

ComboFix 09-09-24.01 - Computer 09/25/2009 13:45.4.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.64 [GMT -4:00]
Running from: c:\documents and settings\Computer\Desktop\help\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Computer\protect.dll
.
---- Previous Run -------
.
c:\documents and settings\Computer\protect.dll

.
((((((((((((((((((((((((( Files Created from 2009-08-25 to 2009-09-25 )))))))))))))))))))))))))))))))
.

2009-09-24 03:50 . 2009-09-24 03:50 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-24 03:50 . 2009-09-24 03:57 -------- d-----w- c:\program files\SpywareBlaster
2009-09-23 00:22 . 2006-09-18 21:55 48816 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-09-23 00:22 . 2006-09-18 21:55 109744 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-09-23 00:21 . 2009-09-25 17:44 -------- d-----w- c:\program files\Symantec AntiVirus
2009-09-22 18:41 . 2009-09-22 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-22 18:41 . 2009-09-22 18:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-22 18:41 . 2009-09-22 18:41 -------- d-----w- c:\documents and settings\Computer\Application Data\SUPERAntiSpyware.com
2009-09-22 18:40 . 2009-09-22 18:40 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-22 17:53 . 2009-09-22 17:42 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-09-22 17:43 . 2009-09-22 17:43 -------- dc----w- c:\windows\system32\DRVSTORE
2009-09-22 17:43 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-22 17:40 . 2009-09-22 17:40 -------- d-----w- c:\program files\Lavasoft
2009-09-22 17:30 . 2009-09-22 17:30 -------- d-----w- c:\windows\system32\KB905474
2009-09-22 17:30 . 2009-03-11 02:26 1403264 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-09-22 17:30 . 2009-03-11 02:18 453512 ----a-w- c:\windows\system32\KB905474\wgasetup.exe
2009-09-22 17:00 . 2009-09-22 17:00 -------- d-----w- c:\documents and settings\Computer\Application Data\Malwarebytes
2009-09-22 17:00 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-22 17:00 . 2009-09-22 17:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-22 17:00 . 2009-09-22 17:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-22 17:00 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-22 16:51 . 2009-03-06 14:44 283648 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-09-22 16:51 . 2009-02-09 10:20 399360 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-09-22 16:51 . 2009-02-09 10:20 473088 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-09-22 16:51 . 2009-02-09 10:20 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-09-22 16:51 . 2009-02-06 17:14 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-09-22 16:51 . 2009-02-06 16:39 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-09-22 16:51 . 2005-07-26 04:39 60416 -c----w- c:\windows\system32\dllcache\colbact.dll
2009-09-22 16:51 . 2009-02-09 10:20 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-09-22 16:51 . 2009-02-09 10:20 616960 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-09-22 16:51 . 2009-06-21 22:04 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-22 16:50 . 2009-06-05 07:42 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll
2009-09-22 16:49 . 2008-04-21 10:02 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-09-22 06:58 . 2009-09-22 17:41 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-21 23:14 . 2009-09-22 05:55 22528 --sha-w- c:\windows\system32\calc.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-23 00:24 . 2008-11-10 00:59 -------- d-----w- c:\program files\Symantec
2009-09-23 00:22 . 2008-11-10 00:58 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-09-23 00:21 . 2008-11-10 00:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-09-22 17:40 . 2009-01-17 04:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-08-25 05:35 . 2009-01-14 21:34 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-05 09:11 . 2001-08-23 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:53 . 2001-08-23 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:53 . 2001-08-23 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-17 18:55 . 2001-08-23 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2007-01-14 22:30 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-29 16:12 . 2001-08-23 12:00 827392 ------w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2007-01-14 22:30 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2001-08-23 12:00 17408 ------w- c:\windows\system32\corpol.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-09-22_20.50.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-09-28 00:35 . 2006-09-28 00:35 83752 c:\windows\system32\pds.dll
+ 2006-09-28 00:35 . 2006-09-28 00:35 83752 c:\windows\system32\nts.dll
+ 2006-10-25 00:33 . 2006-10-25 00:33 43712 c:\windows\system32\NavLogon.dll
+ 2006-09-28 00:35 . 2006-09-28 00:35 46896 c:\windows\system32\msgsys.dll
+ 2006-09-28 00:35 . 2006-09-28 00:35 83696 c:\windows\system32\loc32vc0.dll
+ 2006-08-07 20:02 . 2006-08-07 20:02 24768 c:\windows\system32\drivers\symredrv.sys
+ 2006-08-07 20:02 . 2006-08-07 20:02 28352 c:\windows\system32\drivers\symndis.sys
+ 2006-08-07 20:02 . 2006-08-07 20:02 31936 c:\windows\system32\drivers\symids.sys
+ 2006-08-07 20:01 . 2006-08-07 20:01 12992 c:\windows\system32\drivers\symdns.sys
+ 2007-01-14 22:05 . 2009-09-23 19:05 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-01-14 22:05 . 2009-01-14 21:34 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-09-23 19:03 . 2009-09-23 19:05 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2006-09-28 00:35 . 2006-09-28 00:35 34600 c:\windows\system32\cba.dll
+ 2003-03-19 00:05 . 2003-03-19 00:05 89088 c:\windows\system32\atl71.dll
+ 2009-09-23 00:22 . 2009-09-23 00:24 40960 c:\windows\Installer\{33CFCF98-F8D6-4549-B469-6F4295676D83}\NewShortcut1.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
- 2008-11-10 01:01 . 2008-11-10 01:01 40960 c:\windows\Installer\{33CFCF98-F8D6-4549-B469-6F4295676D83}\DTIcon.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
+ 2009-09-23 00:22 . 2009-09-23 00:24 40960 c:\windows\Installer\{33CFCF98-F8D6-4549-B469-6F4295676D83}\DTIcon.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
+ 2009-09-23 00:22 . 2009-09-23 00:24 25214 c:\windows\Installer\{33CFCF98-F8D6-4549-B469-6F4295676D83}\ARPPRODUCTICON.exe
+ 2006-08-07 20:02 . 2006-08-07 20:02 161472 c:\windows\system32\SymRedir.dll
+ 2006-08-07 20:02 . 2006-08-07 20:02 534208 c:\windows\system32\SymNeti.dll
+ 2006-08-07 20:02 . 2006-08-07 20:02 195776 c:\windows\system32\drivers\symtdi.sys
+ 2006-08-07 20:02 . 2006-08-07 20:02 110784 c:\windows\system32\drivers\symfw.sys
+ 2009-09-23 19:03 . 2009-09-25 03:18 262144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
+ 2003-03-19 02:12 . 2003-03-19 02:12 1047552 c:\windows\system32\mfc71u.dll
+ 2003-03-19 02:20 . 2003-03-19 02:20 1060864 c:\windows\system32\mfc71.dll
+ 2006-10-30 16:08 . 2006-10-30 16:08 2233344 c:\windows\Installer\2df69d.msp
+ 2009-09-23 00:22 . 2009-09-23 00:22 6438400 c:\windows\Installer\2df630.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ares"="c:\program files\Ares\Ares.exe" [2007-02-07 968704]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [BU]
"calc"="c:\docume~1\Computer\protect.dll" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"calc"="c:\windows\system32\calc.dll" [2009-09-22 22528]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-10-25 125120]

c:\documents and settings\Computer\Start Menu\Programs\Startup\
scandisk.dll [2009-9-21 22528]
scandisk.lnk - c:\windows\system32\rundll32.exe [2001-8-23 33280]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless Configuration Utility HW.51.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Wireless Configuration Utility HW.51.lnk
backup=c:\windows\pss\Wireless Configuration Utility HW.51.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Computer^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
path=c:\documents and settings\Computer\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=c:\windows\pss\RollerCoaster Tycoon 3 Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avast! Web Scanner"=3 (0x3)
"DefWatch"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"BITS"=2 (0x2)
"AresChatServer"=3 (0x3)
"SavRoam"=3 (0x3)
"RSVP"=3 (0x3)
"LiveUpdate"=3 (0x3)
"iPod Service"=3 (0x3)
"getPlus® Helper"=3 (0x3)
"Viewpoint Manager Service"=2 (0x2)
"Symantec AntiVirus"=2 (0x2)
"SPBBCSvc"=2 (0x2)
"SNDSrvc"=3 (0x3)
"xmlprov"=3 (0x3)
"WZCSVC"=3 (0x3)
"WudfSvc"=3 (0x3)
"wscsvc"=2 (0x2)
"WebClient"=2 (0x2)
"VSS"=3 (0x3)
"upnphost"=3 (0x3)
"TlntSvr"=3 (0x3)
"Themes"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SwPrv"=3 (0x3)
"SSDPSRV"=3 (0x3)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"SamSs"=2 (0x2)
"RasMan"=3 (0x3)
"PolicyAgent"=2 (0x2)
"NtLmSsp"=3 (0x3)
"Nla"=3 (0x3)
"MSIServer"=3 (0x3)
"MSDTC"=3 (0x3)
"ImapiService"=3 (0x3)
"helpsvc"=3 (0x3)
"Eventlog"=2 (0x2)
"CryptSvc"=3 (0x3)
"COMSysApp"=3 (0x3)
"AppMgmt"=3 (0x3)
"ALG"=3 (0x3)
"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\bshaw1\\condition zero\\hl.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Documents and Settings\\Computer\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Computer\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/22/2009 1:43 PM 64160]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/15/2009 11:42 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 11:42 AM 74480]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/22/2009 8:26 PM 102448]
S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [1/14/2007 6:27 PM 26488]
S3 als4k;Avance Audio Miniport Driver (WDM);c:\windows\system32\drivers\als4000.sys --> c:\windows\system32\drivers\als4000.sys [?]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\Computer\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\Computer\LOCALS~1\Temp\ALSysIO.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 10:49 AM 1028432]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 11:42 AM 7408]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [10/24/2006 8:32 PM 116416]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/9/2009 10:04 PM 24652]
.
Contents of the 'Scheduled Tasks' folder

2009-09-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 17:42]

2009-01-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 22:13]

2009-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-838170752-839522115-1003.job
- c:\documents and settings\Computer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-06 02:11]

2009-09-25 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-09-22 02:18]

2009-01-16 c:\windows\Tasks\Windows Media Player.job
- c:\progra~1\WINDOW~3\wmplayer.exe [2007-01-14 02:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &Yahoo! Search
IE: Yahoo! &Dictionary
IE: Yahoo! &Maps
IE: Yahoo! &SMS
FF - ProfilePath - c:\documents and settings\Computer\Application Data\Mozilla\Firefox\Profiles\vxdt1azi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - plugin: c:\documents and settings\Computer\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Computer\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-25 13:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(528)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2009-09-25 13:51
ComboFix-quarantined-files.txt 2009-09-25 17:51
ComboFix2.txt 2009-09-22 20:52
ComboFix3.txt 2009-09-22 16:48

Pre-Run: 19,252,359,168 bytes free
Post-Run: 19,233,624,064 bytes free

Current=2 Default=2 Failed=4 LastKnownGood=5 Sets=1,2,4,5
261 --- E O F --- 2009-09-25 07:00





NEW HJT LOG------------------------------------------------------------------------------------------------------------------




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:56:10 PM, on 9/25/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [calc] rundll32.exe C:\WINDOWS\system32\calc.dll,_IWMPEvents@0
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [calc] rundll32.exe C:\DOCUME~1\Computer\protect.dll,_IWMPEvents@0
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: scandisk.dll
O4 - Startup: scandisk.lnk = ?
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1168824782125
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 5610 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users