Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Svchost hijacks csrss - Conficker.B, TR/Trash.Gen, TR/Dropper.Gen, TR/Drop.Softomat.AN


  • This topic is locked This topic is locked
33 replies to this topic

#1 espelled

espelled

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 06 December 2011 - 03:59 AM

Hello,
This fight has now been going on since November 17th (http://www.bleepingcomputer.com/forums/topic428258.html/page__p__2477716__fromsearch__1#entry2477716)
I am posting a new topic for the following reasons:
1. The nature of the threat has changed.
2. My previous topic seems to have petered out.
3. I have new information that is not related to the previous discussion.

The problems at the moment:
1. It seems that the Trojan is hiding under csrss.exe, which is run as a Svchost process (In task manager - "go to process" over the Svchost error message - leads to csrss. I'm attaching a detailed profile of the processes within csrss, as gathered by ProcessExplorer.
Also, it seems that ProcessExplorer - has found something there in realtime - which I was unable to save or record (Camstudio threw an error) - I've uploaded a somewhat unfocused clip of it:
so you can get an impression of this. In any case - the processes lighting up are shown below under
Process: csrss.exe Pid: 1096
Question:How do I tell which processes are malicious, how do I remove them from registry?

2.
While runs of msert.exe and WindowsXP-KB958644-x86-ENU.exe indicated that only Conficker.B was left on the system - to be removed by a reboot - (which could not be done. Question: Has the Trojan hijacked the reboot function?! - How to handle this?)- a subsequent scan with AVIRA - indicated other Trojans are at work, see AVIRA SCAN below - but they were all found in quaranteen.
Question:Can Avira be finding infections that are no longer active since they've been quaranteened? Should something be done about this?

3. I've prepared a report of all my Svchost processes, and I'm pasting them here.
At the top is an image of all processes (marked in pink), followed by images of the various dll's and other files running inside the Svchost "packages" (according to their PID Number).
Question: Is there some way to clear away the processes that are obviously OK and just focus on the potentially nasty ones?
Question: Is Conficker.B so 'smart' that it can hide in legitimate processes and there's no way to know.
Question:I would really appreciate it if you can provide me with additional tools to really look into the system and find that trojan!

4. Some questions about circumvention:
Question:If I change my operating system to Linux - would the virus then be annulled and I'll be able use my files?
Question: What about windows running in a Virtual-box environment - accessing my general file system through sharing? - Would that be a way to circumvent the Trojan?
Thank you for your patience and assistance
All the best,
Shakhar


AVIRA SCAN
06/12/2011 09:48 [Scanner] Malware found
The file 'C:\System Volume
Information\_restore{4C04D221-A201-4BDD-801C-8D80F28CA7D9}\RP441\A0154235.EXE'
contained a virus or unwanted program 'TR/Trash.Gen' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '60885700.qua'.

6/12/2011 09:48 [Scanner] Malware found
The file 'C:\System Volume
Information\_restore{4C04D221-A201-4BDD-801C-8D80F28CA7D9}\RP441\A0154234.exe'
contained a virus or unwanted program 'TR/Trash.Gen' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '250c7a3e.qua'.

6/12/2011 09:48 [Scanner] Malware found
The file 'C:\System Volume
Information\_restore{4C04D221-A201-4BDD-801C-8D80F28CA7D9}\RP441\A0154236.exe'
contained a virus or unwanted program 'TR/Trash.Gen' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '06bf18c2.qua'.

6/12/2011 09:48 [Scanner] Malware found
The file 'C:\WINDOWS\system32\x'
contained a virus or unwanted program 'TR/Dropper.Gen' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '4c766d8b.qua'.

6/12/2011 09:48 [Scanner] Malware found
The file 'C:\System Volume
Information\_restore{4C04D221-A201-4BDD-801C-8D80F28CA7D9}\RP441\A0154237.exe'
contained a virus or unwanted program 'TR/Trash.Gen' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '54e0422a.qua'.

6/12/2011 09:48 [Scanner] Malware found
The file 'C:\Documents and Settings\NetworkService\Local Settings\Temporary
Internet Files\Content.IE5\M2EL7TT1\rliat[1].png'
contained a virus or unwanted program 'TR/Dropper.Gen' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '47a50b44.qua'.

6/12/2011 09:48 [Scanner] Scan
Scan completed [The scan has been done completely.].
Number of files: 2392372
Number of directories: 44850
Number of malware: 9
Number of warnings: 0

6/12/2011 09:48 [Scanner] Malware found
The file 'C:\System Volume
Information\_restore{4C04D221-A201-4BDD-801C-8D80F28CA7D9}\RP441\A0154231.exe'
contained a virus or unwanted program 'TR/Trash.Gen' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '6ab72445.qua'.

6/12/2011 09:48 [Scanner] Malware found
The file 'C:\System Volume
Information\_restore{4C04D221-A201-4BDD-801C-8D80F28CA7D9}\RP441\A0154233.exe'
contained a virus or unwanted program 'TR/Drop.Softomat.AN' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '5a17485f.qua'.

6/12/2011 09:48 [Scanner] Malware found
The file 'C:\System Volume
Information\_restore{4C04D221-A201-4BDD-801C-8D80F28CA7D9}\RP441\A0154232.exe'
contained a virus or unwanted program 'TR/Trash.Gen' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '16af6415.qua'.

Process: csrss.exe Pid: 1096

Name Description Company Name Version Path

advapi32.dll Advanced Windows 32 Base API Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\advapi32.dll
apphelp.dll Application Compatibility Client Library Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\apphelp.dll
basesrv.dll Windows NT BASE API Server DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\basesrv.dll
csrsrv.dll Client Server Runtime Process Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\csrsrv.dll
csrss.exe Client Server Runtime Process Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\csrss.exe
ctype.nls C:\WINDOWS\system32\ctype.nls
gdi32.dll GDI Client DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\gdi32.dll
kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\kernel32.dll
locale.nls C:\WINDOWS\system32\locale.nls
lpk.dll Language Pack Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\lpk.dll
marlett.ttf C:\WINDOWS\Fonts\marlett.ttf
micross.ttf C:\WINDOWS\Fonts\micross.ttf
ntdll.dll NT Layer DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\ntdll.dll
rpcrt4.dll Remote Procedure Call Runtime Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\rpcrt4.dll
secur32.dll Security Support Provider Interface Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\secur32.dll
sortkey.nls C:\WINDOWS\system32\sortkey.nls
sorttbls.nls C:\WINDOWS\system32\sorttbls.nls
ssee1255.fon VGA (640x480) MS Sans Serif Font Microsoft Corporation 0.0.1.1 C:\WINDOWS\Fonts\ssee1255.fon
sxs.dll Fusion 2.5 Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\sxs.dll
tahoma.ttf C:\WINDOWS\Fonts\tahoma.ttf
tahomabd.ttf C:\WINDOWS\Fonts\tahomabd.ttf
times.ttf C:\WINDOWS\Fonts\times.ttf
unicode.nls C:\WINDOWS\system32\unicode.nls
user32.dll Windows XP USER API Client DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\user32.dll
usp10.dll Uniscribe Unicode script processor Microsoft Corporation 1.420.2600.5512 C:\WINDOWS\system32\usp10.dll
version.dll Version Checking and File Installation Libraries Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\version.dll
vgas1255.fon VGA (640x480) System Font Microsoft Corporation 0.0.1.1 C:\WINDOWS\Fonts\vgas1255.fon
winsrv.dll Windows Server DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\winsrv.dll


Process PID CPU Private Bytes Working Set Description Company Name User Name Path
System Idle Process 0 49.23 0 K 28 K NT AUTHORITY\SYSTEM
System 4 0.38 0 K 240 K NT AUTHORITY\SYSTEM
Interrupts n/a < 0.01 0 K 0 K Hardware Interrupts and DPCs
smss.exe 1024 168 K 400 K Windows NT Session Manager Microsoft Corporation NT AUTHORITY\SYSTEM C:\WINDOWS\system32\smss.exe
csrss.exe 1096 2,036 K 10,728 K Client Server Runtime Process Microsoft Corporation NT AUTHORITY\SYSTEM C:\WINDOWS\system32\csrss.exe
winlogon.exe 1120 7,736 K 1,628 K Windows NT Logon Application Microsoft Corporation NT AUTHORITY\SYSTEM C:\WINDOWS\system32\winlogon.exe
services.exe 1164 3,312 K 6,112 K ‎‎יישום שירותים ובקר Microsoft Corporation NT AUTHORITY\SYSTEM C:\WINDOWS\system32\services.exe
nvsvc32.exe 1368 4,188 K 6,020 K NVIDIA Driver Helper Service, Version 260.99 NVIDIA Corporation NT AUTHORITY\SYSTEM C:\WINDOWS\system32\nvsvc32.exe
svchost.exe 1412 3,292 K 5,296 K Generic Host Process for Win32 Services Microsoft Corporation NT AUTHORITY\SYSTEM C:\WINDOWS\system32\svchost.exe
svchost.exe 1480 2,012 K 4,792 K Generic Host Process for Win32 Services Microsoft Corporation NT AUTHORITY\NETWORK SERVICE C:\WINDOWS\system32\svchost.exe
svchost.exe 336 2,416 K 3,476 K Generic Host Process for Win32 Services Microsoft Corporation NT AUTHORITY\SYSTEM C:\WINDOWS\system32\svchost.exe
svchost.exe 572 2,536 K 4,852 K Generic Host Process for Win32 Services Microsoft Corporation NT AUTHORITY\NETWORK SERVICE C:\WINDOWS\system32\svchost.exe
svchost.exe 868 3,836 K 8,504 K Generic Host Process for Win32 Services Microsoft Corporation NT AUTHORITY\LOCAL SERVICE C:\WINDOWS\system32\svchost.exe
spoolsv.exe 1076 3,660 K 5,972 K Spooler SubSystem App Microsoft Corporation NT AUTHORITY\SYSTEM C:\WINDOWS\system32\spoolsv.exe
sched.exe 1252 3,984 K 1,120 K Antivirus Scheduler Avira GmbH NT AUTHORITY\SYSTEM C:\Program Files\Avira\AntiVir Desktop\sched.exe
NetworkLicenseServer.exe 2040 6,756 K 9,644 K ABBYY network license server ABBYY NT AUTHORITY\SYSTEM C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
ACService.exe 184 836 K 2,460 K ArcSoft Connect Service ArcSoft Inc. NT AUTHORITY\SYSTEM C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
avguard.exe 196 113,756 K 30,336 K Antivirus On-Access Service Avira GmbH NT AUTHORITY\SYSTEM C:\Program Files\Avira\AntiVir Desktop\avguard.exe
avshadow.exe 1388 732 K 2,884 K AntiVir shadow copy service Avira GmbH NT AUTHORITY\SYSTEM C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
dgnsvc.exe 220 952 K 4,044 K Dragon NaturallySpeaking Service Nuance Communications, Inc. NT AUTHORITY\SYSTEM C:\Program Files\Common Files\Nuance\dgnsvc.exe
jqs.exe 316 2,696 K 1,808 K Java™ Quick Starter Service Sun Microsystems, Inc. NT AUTHORITY\SYSTEM C:\Program Files\Java\jre6\bin\jqs.exe
AUClient.exe 524 860 K 2,672 K NT AUTHORITY\SYSTEM C:\Program Files\Kilgray\memoQ40\AUClient.exe
mbamservice.exe 1044 94,956 K 94,924 K Malwarebytes' Anti-Malware Malwarebytes Corporation NT AUTHORITY\SYSTEM C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
MDM.EXE 880 1,200 K 3,624 K Machine Debug Manager Microsoft Corporation NT AUTHORITY\SYSTEM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
NBService.exe 772 2,372 K 5,964 K Nero BackItUp Nero AG NT AUTHORITY\SYSTEM C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
SupServ.exe 1848 1,736 K 2,836 K NT AUTHORITY\SYSTEM C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
IoctlSvc.exe 1956 552 K 1,780 K PLFlash DeviceIoControl Service Prolific Technology Inc. NT AUTHORITY\SYSTEM C:\WINDOWS\system32\IoctlSvc.exe
svchost.exe 1644 15,892 K 13,996 K Generic Host Process for Win32 Services Microsoft Corporation NT AUTHORITY\SYSTEM C:\WINDOWS\system32\svchost.exe
alg.exe 3512 1,216 K 3,716 K Application Layer Gateway Service Microsoft Corporation NT AUTHORITY\LOCAL SERVICE C:\WINDOWS\system32\alg.exe
svchost.exe 208 12,980 K 19,028 K Generic Host Process for Win32 Services Microsoft Corporation NT AUTHORITY\SYSTEM C:\WINDOWS\system32\svchost.exe
lsass.exe 1176 3,884 K 1,264 K LSA Shell (Export Version) Microsoft Corporation NT AUTHORITY\SYSTEM C:\WINDOWS\system32\lsass.exe
taskmgr.exe 2108 2,284 K 2,684 K ‎‎Windows TaskManager Microsoft Corporation WINXPSP3\Administrator C:\WINDOWS\system32\taskmgr.exe
explorer.exe 1676 60,768 K 75,892 K Windows Explorer Microsoft Corporation WINXPSP3\Administrator C:\WINDOWS\explorer.exe
TSVNCache.exe 1780 2,984 K 6,324 K TortoiseSVN status cache http://tortoisesvn.net WINXPSP3\Administrator C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
mbamgui.exe 1864 3,296 K 6,804 K Malwarebytes' Anti-Malware Malwarebytes Corporation WINXPSP3\Administrator C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
ctfmon.exe 1920 956 K 3,916 K CTF Loader Microsoft Corporation WINXPSP3\Administrator C:\WINDOWS\system32\ctfmon.exe
WINWORD.EXE 1840 72,412 K 95,964 K Microsoft Office Word Microsoft Corporation WINXPSP3\Administrator C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
FOXITR~1.EXE 1616 14,124 K 22,312 K Foxit Reader, Best Reader for Everyday Use! Foxit Software Company WINXPSP3\Administrator C:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exe
Greenshot.exe 920 48,528 K 48,216 K Greenshot WINXPSP3\Administrator C:\Program Files\Greenshot\Greenshot.exe
firefox.exe 3868 522,500 K 532,932 K Firefox Mozilla Corporation WINXPSP3\Administrator C:\Program Files\Mozilla Firefox\firefox.exe
plugin-container.exe 3252 41,976 K 46,600 K Plugin Container for Firefox Mozilla Corporation WINXPSP3\Administrator C:\Program Files\Mozilla Firefox\plugin-container.exe
plugin-container.exe 2180 10,216 K 19,032 K Plugin Container for Firefox Mozilla Corporation WINXPSP3\Administrator C:\Program Files\Mozilla Firefox\plugin-container.exe
AdobeARM.exe 3676 5,408 K 10,704 K Adobe Reader and Acrobat Manager Adobe Systems Incorporated WINXPSP3\Administrator C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
EXCEL.EXE 2920 24,524 K 52,644 K Microsoft Office Excel Microsoft Corporation WINXPSP3\Administrator C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
windows-kb890830-v4.2.exe 3600 3,396 K 6,636 K Microsoft Windows Malicious Software Removal Tool (KB890830) - Setup Self-Extracting Cabinet Microsoft Corporation WINXPSP3\Administrator C:\Documents and Settings\Administrator\שולחן העבודה\windows-kb890830-v4.2.exe
mrtstub.exe 1628 444 K 1,564 K Malicious Software Removal Tool Update Stub Microsoft Corporation WINXPSP3\Administrator c:\6b37d051270c3af59df89ec8\mrtstub.exe
MRT.exe 2776 50.00 103,044 K 75,716 K כלי של Microsoft Windows להסרת תוכנה זדונית Microsoft Corporation WINXPSP3\Administrator C:\WINDOWS\system32\MRT.exe
wmplayer.exe 1040 28,804 K 17,648 K Windows Media Player Microsoft Corporation WINXPSP3\Administrator C:\Program Files\Windows Media Player\wmplayer.exe
procexp.exe 3848 0.38 32,568 K 43,128 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com WINXPSP3\Administrator C:\Downloads\ProcessExplorer\procexp.exe
dwwin.exe 3632 1,520 K 5,556 K Microsoft Application Error Reporting Microsoft Corporation WINXPSP3\Administrator C:\WINDOWS\system32\dwwin.exe
dwwin.exe 3036 1,520 K 5,568 K Microsoft Application Error Reporting Microsoft Corporation WINXPSP3\Administrator C:\WINDOWS\system32\dwwin.exe
dwwin.exe 3956 1,520 K 5,544 K Microsoft Application Error Reporting Microsoft Corporation WINXPSP3\Administrator C:\WINDOWS\system32\dwwin.exe
realsched.exe 912 1,216 K 160 K RealNetworks Scheduler RealNetworks, Inc. WINXPSP3\Administrator C:\Program Files\Common Files\Real\Update_OB\realsched.exe



Process: svchost.exe Pid: 208

Name Description Company Name Version Path
AcGenral.dll Windows Compatibility DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\AppPatch\AcGenral.dll
activeds.dll ADs Router Layer DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\activeds.dll
adsldpc.dll ADs LDAP Provider C DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\adsldpc.dll
advapi32.dll Advanced Windows 32 Base API Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\advapi32.dll
apphelp.dll Application Compatibility Client Library Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\apphelp.dll
atl.dll ATL Module for Windows XP (Unicode) Microsoft Corporation 3.5.2284.1 C:\WINDOWS\system32\atl.dll
c_1252.nls C:\WINDOWS\system32\c_1252.nls
certcli.dll Microsoft® Certificate Services Client Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\certcli.dll
clbcatq.dll Microsoft Corporation 2001.12.4414.700 C:\WINDOWS\system32\clbcatq.dll
clusapi.dll Cluster API Library Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\clusapi.dll
colbact.dll Microsoft Corporation 2001.12.4414.700 C:\WINDOWS\system32\colbact.dll
comctl32.dll Common Controls Library Microsoft Corporation 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
comctl32.dll User Experience Controls Library Microsoft Corporation 6.0.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
comres.dll Microsoft Corporation 2001.12.4414.700 C:\WINDOWS\system32\comres.dll
comsvcs.dll Microsoft Corporation 2001.12.4414.702 C:\WINDOWS\system32\comsvcs.dll
credui.dll Credential Manager User Interface Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\credui.dll
crypt32.dll Crypto API32 Microsoft Corporation 5.131.2600.5512 C:\WINDOWS\system32\crypt32.dll
cryptdll.dll Cryptography Manager Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\cryptdll.dll
cryptsvc.dll Cryptographic Services Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\cryptsvc.dll
cryptui.dll Microsoft Trust UI Provider Microsoft Corporation 5.131.2600.5512 C:\WINDOWS\system32\cryptui.dll
ctype.nls C:\WINDOWS\system32\ctype.nls
dbghelp.dll Windows Image Helper Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\dbghelp.dll
dhcpcsvc.dll DHCP Client Service Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\dhcpcsvc.dll
dnsapi.dll DNS Client API DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\dnsapi.dll
dot3api.dll 802.3 Autoconfiguration API Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\dot3api.dll
dot3dlg.dll עוזר ממשק משתמש של 802.3 Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\dot3dlg.dll
eapolqec.dll לקוח אכיפת EAPOL NAP של Microsoft Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\eapolqec.dll
eappcfg.dll תצורת עמית Eap Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\eappcfg.dll
eappprxy.dll Microsoft EAPHost Peer Client DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\eappprxy.dll
es.dll Microsoft Corporation 2001.12.4414.701 C:\WINDOWS\system32\es.dll
esent.dll Server Database Storage Engine Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\esent.dll
esscli.dll WMI Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\wbem\esscli.dll
fastprox.dll WMI Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\wbem\fastprox.dll
gdi32.dll GDI Client DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\gdi32.dll
h323.tsp Microsoft H.323 Telephony Service Provider Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\h323.tsp
hid.dll Hid User Library Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\hid.dll
hidphone.tsp Microsoft HID Phone TSP Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\hidphone.tsp
hnetcfg.dll מנהל תצורת הרשת הביתית Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\hnetcfg.dll
iertutil.dll Run time utility for Internet Explorer Microsoft Corporation 7.0.5730.13 C:\WINDOWS\system32\iertutil.dll
imagehlp.dll Windows NT Image Helper Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\imagehlp.dll
imm32.dll Windows XP IMM32 API Client DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\imm32.dll
ipconf.tsp Microsoft Multicast Conference TAPI Service Provider Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\ipconf.tsp
iphlpapi.dll IP Helper API Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\iphlpapi.dll
kerberos.dll Kerberos Security Package Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\kerberos.dll
kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\kernel32.dll
kmddsp.tsp TAPI Kernel-Mode Service Provider Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\kmddsp.tsp
locale.nls C:\WINDOWS\system32\locale.nls
lpk.dll Language Pack Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\lpk.dll
mpr.dll Multiple Provider Router DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\mpr.dll
mprapi.dll Windows NT MP Router Administration DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\mprapi.dll
msacm32.dll Microsoft ACM Audio Filter Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\msacm32.dll
msasn1.dll ASN.1 Runtime APIs Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\msasn1.dll
msidle.dll User Idle Monitor Microsoft Corporation 6.0.2900.5512 C:\WINDOWS\system32\msidle.dll
msv1_0.dll Microsoft Authentication Package v1.0 Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\msv1_0.dll
msvcp60.dll Microsoft ® C++ Runtime Library Microsoft Corporation 6.2.3104.0 C:\WINDOWS\system32\msvcp60.dll
msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.0.2600.5512 C:\WINDOWS\system32\msvcrt.dll
mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\mswsock.dll
mtxclu.dll MS DTC amd MTS clustering support DLL Microsoft Corporation 2001.12.4414.700 C:\WINDOWS\system32\mtxclu.dll
mtxoci.dll Microsoft database support DLL for Oracle Microsoft Corporation 2001.12.4414.700 C:\WINDOWS\system32\mtxoci.dll
ncobjapi.dll Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\ncobjapi.dll
ncprov.dll Non-COM WMI Event Provision APIs Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\wbem\ncprov.dll
ndptsp.tsp NDIS Proxy TAPI Service Provider Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\ndptsp.tsp
netapi32.dll Net Win32 API DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\netapi32.dll
netcfgx.dll Network Configuration Objects Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\netcfgx.dll
netman.dll Network Connections Manager Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\netman.dll
netshell.dll Network Connections Shell Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\netshell.dll
normaliz.dll Unicode Normalization DLL Microsoft Corporation 6.0.5441.0 C:\WINDOWS\system32\normaliz.dll
ntdll.dll NT Layer DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\ntdll.dll
ntdsapi.dll NT5DS Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\ntdsapi.dll
ntlsapi.dll Microsoft® License Server Interface DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\ntlsapi.dll
ntmarta.dll Windows NT MARTA provider Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\ntmarta.dll
ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\ole32.dll
oleaut32.dll Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\oleaut32.dll
onex.dll ספריית supplicant של IEEE 802.1X Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\onex.dll
pchsvc.dll Microsoft PCHealth Service Holder Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
psapi.dll Process Status Helper Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\psapi.dll
qmgr.dll Background Intelligent Transfer Service Microsoft Corporation 6.7.2600.5512 C:\WINDOWS\system32\qmgr.dll
qutil.dll כלי שירות של הסגר Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\qutil.dll
rasapi32.dll API של גישה מרחוק Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\rasapi32.dll
raschap.dll Remote Access PPP CHAP Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\raschap.dll
rasman.dll Remote Access Connection Manager Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\rasman.dll
rasmans.dll Remote Access Connection Manager Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\rasmans.dll
rasppp.dll Remote Access PPP Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\rasppp.dll
rasqec.dll RAS Quarantine Enforcement Client Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\rasqec.dll
rastapi.dll Remote Access TAPI Compliance Layer Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\rastapi.dll
rastls.dll Remote Access PPP EAP-TLS Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\rastls.dll
repdrvfs.dll WMI Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\wbem\repdrvfs.dll
resutils.dll Microsoft Cluster Resource Utility DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\resutils.dll
rpcrt4.dll Remote Procedure Call Runtime Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\rpcrt4.dll
rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 5.1.2600.5507 C:\WINDOWS\system32\rsaenh.dll
rtutils.dll Routing Utilities Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\rtutils.dll
samlib.dll SAM Library DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\samlib.dll
schannel.dll TLS / SSL Security Provider Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\schannel.dll
schedsvc.dll מנוע מתזמן המשימות Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\schedsvc.dll
secur32.dll Security Support Provider Interface Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\secur32.dll
sens.dll System Event Notification Service (SENS) Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\sens.dll
setupapi.dll Windows Setup API Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\setupapi.dll
shell32.dll Windows Shell Common Dll Microsoft Corporation 6.0.2900.5512 C:\WINDOWS\system32\shell32.dll
shfolder.dll Shell Folder Service Microsoft Corporation 6.0.2900.5512 C:\WINDOWS\system32\shfolder.dll
shimeng.dll Shim Engine DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\shimeng.dll
shlwapi.dll Shell Light-weight Utility Library Microsoft Corporation 6.0.2900.5512 C:\WINDOWS\system32\shlwapi.dll
shsvcs.dll Dll של שירותי המעטפת של Windows Microsoft Corporation 6.0.2900.5512 C:\WINDOWS\system32\shsvcs.dll
sortkey.nls C:\WINDOWS\system32\sortkey.nls
sorttbls.nls C:\WINDOWS\system32\sorttbls.nls
svchost.exe Generic Host Process for Win32 Services Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\svchost.exe
sxs.dll Fusion 2.5 Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\sxs.dll
tapi32.dll Microsoft® Windows™ Telephony API Client DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\tapi32.dll
tapisrv.dll Microsoft® Windows™ Telephony Server Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\tapisrv.dll
unicode.nls C:\WINDOWS\system32\unicode.nls
unimdm.tsp Unimodem 5 Service Provider Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\unimdm.tsp
uniplat.dll Unimodem AT Mini Driver Platform Driver for Windows NT Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\uniplat.dll
user32.dll Windows XP USER API Client DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\user32.dll
userenv.dll Userenv Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\userenv.dll
usp10.dll Uniscribe Unicode script processor Microsoft Corporation 1.420.2600.5512 C:\WINDOWS\system32\usp10.dll
uxtheme.dll ספריית UxTheme של Microsoft Microsoft Corporation 6.0.2900.5512 C:\WINDOWS\system32\uxtheme.dll
uxtuneup.dll TuneUp Theme Extension TuneUp Software GmbH 2.0.0.7 C:\WINDOWS\system32\uxtuneup.dll
version.dll Version Checking and File Installation Libraries Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\version.dll
vssapi.dll Microsoft® Volume Shadow Copy Requestor/Writer Services API DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\vssapi.dll
wbemcomn.dll WMI Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\wbem\wbemcomn.dll
wbemcore.dll WMI Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\wbem\wbemcore.dll
wbemess.dll WMI Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\wbem\wbemess.dll
wbemsvc.dll WMI Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\wbem\wbemsvc.dll
winhttp.dll Windows HTTP Services Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\winhttp.dll
wininet.dll Internet Extensions for Win32 Microsoft Corporation 7.0.5730.13 C:\WINDOWS\system32\wininet.dll
winipsec.dll Windows IPSec SPD Client DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\winipsec.dll
winmm.dll MCI API DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\winmm.dll
winscard.dll Microsoft Smart Card API Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\winscard.dll
winsta.dll Winstation Library Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\winsta.dll
wintrust.dll Microsoft Trust Verification APIs Microsoft Corporation 5.131.2600.5512 C:\WINDOWS\system32\wintrust.dll
wldap32.dll Win32 LDAP API DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\wldap32.dll
wmi.dll WMI DC and DP functionality Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\wmi.dll
wmiprvsd.dll WMI Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\wbem\wmiprvsd.dll
wmisvc.dll WMI Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\wbem\wmisvc.dll
wmiutils.dll WMI Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\wbem\wmiutils.dll
ws2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\ws2_32.dll
ws2help.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\ws2help.dll
wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\wshtcpip.dll
wsock32.dll Windows Socket 32-Bit DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\wsock32.dll
wtsapi32.dll Windows Terminal Server SDK APIs Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\wtsapi32.dll
wzcsapi.dll Wireless Zero Configuration service API Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\wzcsapi.dll
wzcsvc.dll שירות אלחוטי ללא קביעת תצורה Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\wzcsvc.dll
xpsp2res.dll Service Pack 2 Messages Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\xpsp2res.dll


Process: svchost.exe Pid: 336


AcGenral.dll Windows Compatibility DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\AppPatch\AcGenral.dll
advapi32.dll Advanced Windows 32 Base API Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\advapi32.dll
comctl32.dll Common Controls Library Microsoft Corporation 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
comctl32.dll User Experience Controls Library Microsoft Corporation 6.0.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
crypt32.dll Crypto API32 Microsoft Corporation 5.131.2600.5512 C:\WINDOWS\system32\crypt32.dll
ctype.nls C:\WINDOWS\system32\ctype.nls
gdi32.dll GDI Client DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\gdi32.dll
imagehlp.dll Windows NT Image Helper Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\imagehlp.dll
imm32.dll Windows XP IMM32 API Client DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\imm32.dll
kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\kernel32.dll
locale.nls C:\WINDOWS\system32\locale.nls
lpk.dll Language Pack Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\lpk.dll
msacm32.dll Microsoft ACM Audio Filter Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\msacm32.dll
msasn1.dll ASN.1 Runtime APIs Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\msasn1.dll
msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.0.2600.5512 C:\WINDOWS\system32\msvcrt.dll
ntdll.dll NT Layer DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\ntdll.dll
ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\ole32.dll
oleaut32.dll Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\oleaut32.dll
rpcrt4.dll Remote Procedure Call Runtime Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\rpcrt4.dll
secur32.dll Security Support Provider Interface Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\secur32.dll
setupapi.dll Windows Setup API Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\setupapi.dll
shell32.dll Windows Shell Common Dll Microsoft Corporation 6.0.2900.5512 C:\WINDOWS\system32\shell32.dll
shimeng.dll Shim Engine DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\shimeng.dll
shlwapi.dll Shell Light-weight Utility Library Microsoft Corporation 6.0.2900.5512 C:\WINDOWS\system32\shlwapi.dll
sortkey.nls C:\WINDOWS\system32\sortkey.nls
sorttbls.nls C:\WINDOWS\system32\sorttbls.nls
svchost.exe Generic Host Process for Win32 Services Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\svchost.exe
unicode.nls C:\WINDOWS\system32\unicode.nls
user32.dll Windows XP USER API Client DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\user32.dll
userenv.dll Userenv Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\userenv.dll
usp10.dll Uniscribe Unicode script processor Microsoft Corporation 1.420.2600.5512 C:\WINDOWS\system32\usp10.dll
uxtheme.dll ספריית UxTheme של Microsoft Microsoft Corporation 6.0.2900.5512 C:\WINDOWS\system32\uxtheme.dll
version.dll Version Checking and File Installation Libraries Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\version.dll
winmm.dll MCI API DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\winmm.dll
wintrust.dll Microsoft Trust Verification APIs Microsoft Corporation 5.131.2600.5512 C:\WINDOWS\system32\wintrust.dll
WudfPlatform.dll Windows Driver Foundation - User-mode Platform Library Microsoft Corporation 6.0.6001.18000 C:\WINDOWS\system32\WudfPlatform.dll
WudfSvc.dll Windows Driver Foundation - User-mode Driver Framework Service Microsoft Corporation 6.0.6001.18000 C:\WINDOWS\system32\WudfSvc.dll

Process: svchost.exe Pid: 572

Name Description Company Name Version Path

AcGenral.dll Windows Compatibility DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\AppPatch\AcGenral.dll
advapi32.dll Advanced Windows 32 Base API Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\advapi32.dll
c_1252.nls C:\WINDOWS\system32\c_1252.nls
comctl32.dll Common Controls Library Microsoft Corporation 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
comctl32.dll User Experience Controls Library Microsoft Corporation 6.0.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
ctype.nls C:\WINDOWS\system32\ctype.nls
dnsapi.dll DNS Client API DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\dnsapi.dll
dnsrslvr.dll DNS Caching Resolver Service Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\dnsrslvr.dll
gdi32.dll GDI Client DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\gdi32.dll
hnetcfg.dll מנהל תצורת הרשת הביתית Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\hnetcfg.dll
imm32.dll Windows XP IMM32 API Client DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\imm32.dll
iphlpapi.dll IP Helper API Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\iphlpapi.dll
kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\kernel32.dll
locale.nls C:\WINDOWS\system32\locale.nls
lpk.dll Language Pack Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\lpk.dll
msacm32.dll Microsoft ACM Audio Filter Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\msacm32.dll
msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.0.2600.5512 C:\WINDOWS\system32\msvcrt.dll
mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\mswsock.dll
ntdll.dll NT Layer DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\ntdll.dll
ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\ole32.dll
oleaut32.dll Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\oleaut32.dll
rpcrt4.dll Remote Procedure Call Runtime Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\rpcrt4.dll
rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 5.1.2600.5507 C:\WINDOWS\system32\rsaenh.dll
secur32.dll Security Support Provider Interface Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\secur32.dll
shell32.dll Windows Shell Common Dll Microsoft Corporation 6.0.2900.5512 C:\WINDOWS\system32\shell32.dll
shimeng.dll Shim Engine DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\shimeng.dll
shlwapi.dll Shell Light-weight Utility Library Microsoft Corporation 6.0.2900.5512 C:\WINDOWS\system32\shlwapi.dll
sortkey.nls C:\WINDOWS\system32\sortkey.nls
sorttbls.nls C:\WINDOWS\system32\sorttbls.nls
svchost.exe Generic Host Process for Win32 Services Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\svchost.exe
unicode.nls C:\WINDOWS\system32\unicode.nls
user32.dll Windows XP USER API Client DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\user32.dll
userenv.dll Userenv Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\userenv.dll
usp10.dll Uniscribe Unicode script processor Microsoft Corporation 1.420.2600.5512 C:\WINDOWS\system32\usp10.dll
uxtheme.dll ספריית UxTheme של Microsoft Microsoft Corporation 6.0.2900.5512 C:\WINDOWS\system32\uxtheme.dll
version.dll Version Checking and File Installation Libraries Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\version.dll
winmm.dll MCI API DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\winmm.dll
ws2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\ws2_32.dll
ws2help.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\ws2help.dll
wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\wshtcpip.dll

Process: svchost.exe Pid: 868

Name Description Company Name Version Path
AcGenral.dll Windows Compatibility DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\AppPatch\AcGenral.dll
advapi32.dll Advanced Windows 32 Base API Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\advapi32.dll
alrsvc.dll Alerter Service DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\alrsvc.dll
c_1252.nls C:\WINDOWS\system32\c_1252.nls
clbcatq.dll Microsoft Corporation 2001.12.4414.700 C:\WINDOWS\system32\clbcatq.dll
comctl32.dll Common Controls Library Microsoft Corporation 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
comctl32.dll User Experience Controls Library Microsoft Corporation 6.0.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
comres.dll Microsoft Corporation 2001.12.4414.700 C:\WINDOWS\system32\comres.dll
ctype.nls C:\WINDOWS\system32\ctype.nls
dnsapi.dll DNS Client API DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\dnsapi.dll
gdi32.dll GDI Client DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\gdi32.dll
hnetcfg.dll מנהל תצורת הרשת הביתית Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\hnetcfg.dll
iertutil.dll Run time utility for Internet Explorer Microsoft Corporation 7.0.5730.13 C:\WINDOWS\system32\iertutil.dll
imm32.dll Windows XP IMM32 API Client DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\imm32.dll
index.dat C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat
index.dat C:\Documents and Settings\LocalService\Cookies\index.dat
index.dat C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat
iphlpapi.dll IP Helper API Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\iphlpapi.dll
kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\kernel32.dll
lmhsvc.dll TCPIP NetBios Transport Services DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\lmhsvc.dll
locale.nls C:\WINDOWS\system32\locale.nls
lpk.dll Language Pack Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\lpk.dll
mdnsNSP.dll Bonjour Namespace Provider Apple Computer, Inc. 1.0.3.1 C:\Program Files\Bonjour\mdnsNSP.dll
msacm32.dll Microsoft ACM Audio Filter Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\msacm32.dll
msv1_0.dll Microsoft Authentication Package v1.0 Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\msv1_0.dll
msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.0.2600.5512 C:\WINDOWS\system32\msvcrt.dll
mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\mswsock.dll
msxml3.dll MSXML 3.0 SP9 Microsoft Corporation 8.90.1101.0 C:\WINDOWS\system32\msxml3.dll
msxml3r.dll XML Resources Microsoft Corporation 8.20.8730.1 C:\WINDOWS\system32\msxml3r.dll
netapi32.dll Net Win32 API DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\netapi32.dll
netmsg.dll Net Messages DLL Microsoft Corporation 5.1.2600.0 C:\WINDOWS\system32\netmsg.dll
normaliz.dll Unicode Normalization DLL Microsoft Corporation 6.0.5441.0 C:\WINDOWS\system32\normaliz.dll
ntdll.dll NT Layer DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\ntdll.dll
ntmarta.dll Windows NT MARTA provider Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\ntmarta.dll
ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\ole32.dll
oleaut32.dll Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\oleaut32.dll
rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\rasadhlp.dll
rasapi32.dll API של גישה מרחוק Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\rasapi32.dll
rasman.dll Remote Access Connection Manager Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\rasman.dll
regsvc.dll Remote Registry Service Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\regsvc.dll
rpcrt4.dll Remote Procedure Call Runtime Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\rpcrt4.dll
rtutils.dll Routing Utilities Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\rtutils.dll
samlib.dll SAM Library DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\samlib.dll
secur32.dll Security Support Provider Interface Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\secur32.dll
sensapi.dll SENS Connectivity API DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\sensapi.dll
shell32.dll Windows Shell Common Dll Microsoft Corporation 6.0.2900.5512 C:\WINDOWS\system32\shell32.dll
shimeng.dll Shim Engine DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\shimeng.dll
shlwapi.dll Shell Light-weight Utility Library Microsoft Corporation 6.0.2900.5512 C:\WINDOWS\system32\shlwapi.dll
sortkey.nls C:\WINDOWS\system32\sortkey.nls
sorttbls.nls C:\WINDOWS\system32\sorttbls.nls
ssdpapi.dll SSDP Client API DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\ssdpapi.dll
ssdpsrv.dll SSDP Service DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\ssdpsrv.dll
svchost.exe Generic Host Process for Win32 Services Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\svchost.exe
tapi32.dll Microsoft® Windows™ Telephony API Client DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\tapi32.dll
unicode.nls C:\WINDOWS\system32\unicode.nls
upnphost.dll UPnP Device Host Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\upnphost.dll
urlmon.dll OLE32 Extensions for Win32 Microsoft Corporation 7.0.5730.13 C:\WINDOWS\system32\urlmon.dll
user32.dll Windows XP USER API Client DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\user32.dll
userenv.dll Userenv Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\userenv.dll
usp10.dll Uniscribe Unicode script processor Microsoft Corporation 1.420.2600.5512 C:\WINDOWS\system32\usp10.dll
uxtheme.dll ספריית UxTheme של Microsoft Microsoft Corporation 6.0.2900.5512 C:\WINDOWS\system32\uxtheme.dll
version.dll Version Checking and File Installation Libraries Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\version.dll
webclnt.dll Web DAV Service DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\webclnt.dll
winhttp.dll Windows HTTP Services Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\winhttp.dll
wininet.dll Internet Extensions for Win32 Microsoft Corporation 7.0.5730.13 C:\WINDOWS\system32\wininet.dll
winmm.dll MCI API DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\winmm.dll
winrnr.dll LDAP RnR Provider DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\winrnr.dll
wldap32.dll Win32 LDAP API DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\wldap32.dll
ws2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\ws2_32.dll
ws2help.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\ws2help.dll
wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\wshtcpip.dll
xpsp2res.dll Service Pack 2 Messages Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\xpsp2res.dll

Process: svchost.exe Pid: 1412

Name Description Company Name Version Path
AcGenral.dll Windows Compatibility DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\AppPatch\AcGenral.dll
activeds.dll ADs Router Layer DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\activeds.dll
adsldpc.dll ADs LDAP Provider C DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\adsldpc.dll
advapi32.dll Advanced Windows 32 Base API Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\advapi32.dll
apphelp.dll Application Compatibility Client Library Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\apphelp.dll
atl.dll ATL Module for Windows XP (Unicode) Microsoft Corporation 3.5.2284.1 C:\WINDOWS\system32\atl.dll
authz.dll Authorization Framework Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\authz.dll
clbcatq.dll Microsoft Corporation 2001.12.4414.700 C:\WINDOWS\system32\clbcatq.dll
comctl32.dll Common Controls Library Microsoft Corporation 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
comctl32.dll User Experience Controls Library Microsoft Corporation 6.0.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
comres.dll Microsoft Corporation 2001.12.4414.700 C:\WINDOWS\system32\comres.dll
crypt32.dll Crypto API32 Microsoft Corporation 5.131.2600.5512 C:\WINDOWS\system32\crypt32.dll
ctype.nls C:\WINDOWS\system32\ctype.nls
gdi32.dll GDI Client DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\gdi32.dll
icaapi.dll DLL Interface to TermDD Device Driver Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\icaapi.dll
imagehlp.dll Windows NT Image Helper Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\imagehlp.dll
imm32.dll Windows XP IMM32 API Client DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\imm32.dll
iphlpapi.dll IP Helper API Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\iphlpapi.dll
kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\kernel32.dll
locale.nls C:\WINDOWS\system32\locale.nls
lpk.dll Language Pack Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\lpk.dll
msacm32.dll Microsoft ACM Audio Filter Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\msacm32.dll
msasn1.dll ASN.1 Runtime APIs Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\msasn1.dll
mstlsapi.dll Microsoft® Terminal Server Licensing Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\mstlsapi.dll
msv1_0.dll Microsoft Authentication Package v1.0 Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\msv1_0.dll
msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.0.2600.5512 C:\WINDOWS\system32\msvcrt.dll
netapi32.dll Net Win32 API DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\netapi32.dll
ntdll.dll NT Layer DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\ntdll.dll
ntmarta.dll Windows NT MARTA provider Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\ntmarta.dll
ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\ole32.dll
oleaut32.dll Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\oleaut32.dll
regapi.dll Registry Configuration APIs Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\regapi.dll
rpcrt4.dll Remote Procedure Call Runtime Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\rpcrt4.dll
rpcss.dll Distributed COM Services Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\rpcss.dll
rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 5.1.2600.5507 C:\WINDOWS\system32\rsaenh.dll
samlib.dll SAM Library DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\samlib.dll
secur32.dll Security Support Provider Interface Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\secur32.dll
setupapi.dll Windows Setup API Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\setupapi.dll
shell32.dll Windows Shell Common Dll Microsoft Corporation 6.0.2900.5512 C:\WINDOWS\system32\shell32.dll
shimeng.dll Shim Engine DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\shimeng.dll
shlwapi.dll Shell Light-weight Utility Library Microsoft Corporation 6.0.2900.5512 C:\WINDOWS\system32\shlwapi.dll
sortkey.nls C:\WINDOWS\system32\sortkey.nls
sorttbls.nls C:\WINDOWS\system32\sorttbls.nls
svchost.exe Generic Host Process for Win32 Services Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\svchost.exe
termsrv.dll Terminal Server Service Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\termsrv.dll
unicode.nls C:\WINDOWS\system32\unicode.nls
user32.dll Windows XP USER API Client DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\user32.dll
userenv.dll Userenv Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\userenv.dll
usp10.dll Uniscribe Unicode script processor Microsoft Corporation 1.420.2600.5512 C:\WINDOWS\system32\usp10.dll
uxtheme.dll ספריית UxTheme של Microsoft Microsoft Corporation 6.0.2900.5512 C:\WINDOWS\system32\uxtheme.dll
version.dll Version Checking and File Installation Libraries Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\version.dll
winmm.dll MCI API DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\winmm.dll
winsta.dll Winstation Library Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\winsta.dll
wintrust.dll Microsoft Trust Verification APIs Microsoft Corporation 5.131.2600.5512 C:\WINDOWS\system32\wintrust.dll
wldap32.dll Win32 LDAP API DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\wldap32.dll
ws2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\ws2_32.dll
ws2help.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\ws2help.dll
wtsapi32.dll Windows Terminal Server SDK APIs Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\wtsapi32.dll
xpsp2res.dll Service Pack 2 Messages Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\xpsp2res.dll


Process: svchost.exe Pid: 1480

Name Description Company Name Version Path
AcGenral.dll Windows Compatibility DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\AppPatch\AcGenral.dll
advapi32.dll Advanced Windows 32 Base API Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\advapi32.dll
clbcatq.dll Microsoft Corporation 2001.12.4414.700 C:\WINDOWS\system32\clbcatq.dll
comctl32.dll Common Controls Library Microsoft Corporation 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
comctl32.dll User Experience Controls Library Microsoft Corporation 6.0.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
comres.dll Microsoft Corporation 2001.12.4414.700 C:\WINDOWS\system32\comres.dll
ctype.nls C:\WINDOWS\system32\ctype.nls
dnsapi.dll DNS Client API DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\dnsapi.dll
gdi32.dll GDI Client DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\gdi32.dll
hnetcfg.dll מנהל תצורת הרשת הביתית Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\hnetcfg.dll
imm32.dll Windows XP IMM32 API Client DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\imm32.dll
iphlpapi.dll IP Helper API Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\iphlpapi.dll
kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\kernel32.dll
locale.nls C:\WINDOWS\system32\locale.nls
lpk.dll Language Pack Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\lpk.dll
mdnsNSP.dll Bonjour Namespace Provider Apple Computer, Inc. 1.0.3.1 C:\Program Files\Bonjour\mdnsNSP.dll
msacm32.dll Microsoft ACM Audio Filter Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\msacm32.dll
msi.dll Windows Installer Microsoft Corporation 4.5.6001.22159 C:\WINDOWS\system32\msi.dll
msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.0.2600.5512 C:\WINDOWS\system32\msvcrt.dll
mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\mswsock.dll
ntdll.dll NT Layer DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\ntdll.dll
ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\ole32.dll
oleaut32.dll Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\oleaut32.dll
rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\rasadhlp.dll
rpcrt4.dll Remote Procedure Call Runtime Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\rpcrt4.dll
rpcss.dll Distributed COM Services Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\rpcss.dll
rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 5.1.2600.5507 C:\WINDOWS\system32\rsaenh.dll
secur32.dll Security Support Provider Interface Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\secur32.dll
shell32.dll Windows Shell Common Dll Microsoft Corporation 6.0.2900.5512 C:\WINDOWS\system32\shell32.dll
shimeng.dll Shim Engine DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\shimeng.dll
shlwapi.dll Shell Light-weight Utility Library Microsoft Corporation 6.0.2900.5512 C:\WINDOWS\system32\shlwapi.dll
sortkey.nls C:\WINDOWS\system32\sortkey.nls
sorttbls.nls C:\WINDOWS\system32\sorttbls.nls
svchost.exe Generic Host Process for Win32 Services Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\svchost.exe
unicode.nls C:\WINDOWS\system32\unicode.nls
user32.dll Windows XP USER API Client DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\user32.dll
userenv.dll Userenv Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\userenv.dll
usp10.dll Uniscribe Unicode script processor Microsoft Corporation 1.420.2600.5512 C:\WINDOWS\system32\usp10.dll
uxtheme.dll ספריית UxTheme של Microsoft Microsoft Corporation 6.0.2900.5512 C:\WINDOWS\system32\uxtheme.dll
version.dll Version Checking and File Installation Libraries Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\version.dll
winmm.dll MCI API DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\winmm.dll
winrnr.dll LDAP RnR Provider DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\winrnr.dll
wldap32.dll Win32 LDAP API DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\wldap32.dll
ws2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\ws2_32.dll
ws2help.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\ws2help.dll
wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\wshtcpip.dll
xpsp2res.dll Service Pack 2 Messages Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\xpsp2res.dll


Process: svchost.exe Pid: 1480

Name Description Company Name Version Path
AcGenral.dll Windows Compatibility DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\AppPatch\AcGenral.dll
advapi32.dll Advanced Windows 32 Base API Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\advapi32.dll
clbcatq.dll Microsoft Corporation 2001.12.4414.700 C:\WINDOWS\system32\clbcatq.dll
comctl32.dll Common Controls Library Microsoft Corporation 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
comctl32.dll User Experience Controls Library Microsoft Corporation 6.0.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
comres.dll Microsoft Corporation 2001.12.4414.700 C:\WINDOWS\system32\comres.dll
ctype.nls C:\WINDOWS\system32\ctype.nls
dnsapi.dll DNS Client API DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\dnsapi.dll
gdi32.dll GDI Client DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\gdi32.dll
hnetcfg.dll מנהל תצורת הרשת הביתית Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\hnetcfg.dll
imm32.dll Windows XP IMM32 API Client DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\imm32.dll
iphlpapi.dll IP Helper API Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\iphlpapi.dll
kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\kernel32.dll
locale.nls C:\WINDOWS\system32\locale.nls
lpk.dll Language Pack Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\lpk.dll
mdnsNSP.dll Bonjour Namespace Provider Apple Computer, Inc. 1.0.3.1 C:\Program Files\Bonjour\mdnsNSP.dll
msacm32.dll Microsoft ACM Audio Filter Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\msacm32.dll
msi.dll Windows Installer Microsoft Corporation 4.5.6001.22159 C:\WINDOWS\system32\msi.dll
msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.0.2600.5512 C:\WINDOWS\system32\msvcrt.dll
mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\mswsock.dll
ntdll.dll NT Layer DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\ntdll.dll
ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\ole32.dll
oleaut32.dll Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\oleaut32.dll
rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\rasadhlp.dll
rpcrt4.dll Remote Procedure Call Runtime Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\rpcrt4.dll
rpcss.dll Distributed COM Services Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\rpcss.dll
rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 5.1.2600.5507 C:\WINDOWS\system32\rsaenh.dll
secur32.dll Security Support Provider Interface Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\secur32.dll
shell32.dll Windows Shell Common Dll Microsoft Corporation 6.0.2900.5512 C:\WINDOWS\system32\shell32.dll
shimeng.dll Shim Engine DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\shimeng.dll
shlwapi.dll Shell Light-weight Utility Library Microsoft Corporation 6.0.2900.5512 C:\WINDOWS\system32\shlwapi.dll
sortkey.nls C:\WINDOWS\system32\sortkey.nls
sorttbls.nls C:\WINDOWS\system32\sorttbls.nls
svchost.exe Generic Host Process for Win32 Services Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\svchost.exe
unicode.nls C:\WINDOWS\system32\unicode.nls
user32.dll Windows XP USER API Client DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\user32.dll
userenv.dll Userenv Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\userenv.dll
usp10.dll Uniscribe Unicode script processor Microsoft Corporation 1.420.2600.5512 C:\WINDOWS\system32\usp10.dll
uxtheme.dll ספריית UxTheme של Microsoft Microsoft Corporation 6.0.2900.5512 C:\WINDOWS\system32\uxtheme.dll
version.dll Version Checking and File Installation Libraries Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\version.dll
winmm.dll MCI API DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\winmm.dll
winrnr.dll LDAP RnR Provider DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\winrnr.dll
wldap32.dll Win32 LDAP API DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\wldap32.dll
ws2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\ws2_32.dll
ws2help.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\ws2help.dll
wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\wshtcpip.dll
xpsp2res.dll Service Pack 2 Messages Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\xpsp2res.dll


Process: svchost.exe Pid: 1644

Name Description Company Name Version Path

AcGenral.dll Windows Compatibility DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\AppPatch\AcGenral.dll
actxprxy.dll ActiveX Interface Marshaling Library Microsoft Corporation 6.0.2900.5512 C:\WINDOWS\system32\actxprxy.dll
advapi32.dll Advanced Windows 32 Base API Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\advapi32.dll
cfgmgr32.dll Configuration Manager Forwarder DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\cfgmgr32.dll
clbcatq.dll Microsoft Corporation 2001.12.4414.700 C:\WINDOWS\system32\clbcatq.dll
CNC190C.DLL WIA Scanner Driver CANON INC. 1.0.6.0 C:\WINDOWS\system32\CNC190C.DLL
CNC190L.DLL LLD CANON INC. 1.0.0.0 C:\WINDOWS\system32\CNC190L.DLL
comctl32.dll Common Controls Library Microsoft Corporation 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
comctl32.dll User Experience Controls Library Microsoft Corporation 6.0.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
comres.dll Microsoft Corporation 2001.12.4414.700 C:\WINDOWS\system32\comres.dll
crypt32.dll Crypto API32 Microsoft Corporation 5.131.2600.5512 C:\WINDOWS\system32\crypt32.dll
ctype.nls C:\WINDOWS\system32\ctype.nls
gdi32.dll GDI Client DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\gdi32.dll
GdiPlus.dll Microsoft GDI+ Microsoft Corporation 5.1.3102.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\GdiPlus.dll
imagehlp.dll Windows NT Image Helper Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\imagehlp.dll
imm32.dll Windows XP IMM32 API Client DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\imm32.dll
kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\kernel32.dll
locale.nls C:\WINDOWS\system32\locale.nls
lpk.dll Language Pack Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\lpk.dll
msacm32.dll Microsoft ACM Audio Filter Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\msacm32.dll
msasn1.dll ASN.1 Runtime APIs Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\msasn1.dll
mscms.dll Microsoft Color Matching System DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\mscms.dll
msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.0.2600.5512 C:\WINDOWS\system32\msvcrt.dll
netapi32.dll Net Win32 API DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\netapi32.dll
ntdll.dll NT Layer DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\ntdll.dll
ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\ole32.dll
oleaut32.dll Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\oleaut32.dll
rpcrt4.dll Remote Procedure Call Runtime Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\rpcrt4.dll
secur32.dll Security Support Provider Interface Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\secur32.dll
setupapi.dll Windows Setup API Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\setupapi.dll
shell32.dll Windows Shell Common Dll Microsoft Corporation 6.0.2900.5512 C:\WINDOWS\system32\shell32.dll
shfolder.dll Shell Folder Service Microsoft Corporation 6.0.2900.5512 C:\WINDOWS\system32\shfolder.dll
shimeng.dll Shim Engine DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\shimeng.dll
shlwapi.dll Shell Light-weight Utility Library Microsoft Corporation 6.0.2900.5512 C:\WINDOWS\system32\shlwapi.dll
sortkey.nls C:\WINDOWS\system32\sortkey.nls
sorttbls.nls C:\WINDOWS\system32\sorttbls.nls
sti.dll Still Image Devices client DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\sti.dll
svchost.exe Generic Host Process for Win32 Services Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\svchost.exe
unicode.nls C:\WINDOWS\system32\unicode.nls
user32.dll Windows XP USER API Client DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\user32.dll
userenv.dll Userenv Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\userenv.dll
usp10.dll Uniscribe Unicode script processor Microsoft Corporation 1.420.2600.5512 C:\WINDOWS\system32\usp10.dll
uxtheme.dll ספריית UxTheme של Microsoft Microsoft Corporation 6.0.2900.5512 C:\WINDOWS\system32\uxtheme.dll
version.dll Version Checking and File Installation Libraries Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\version.dll
wiaservc.dll Still Image Devices Service Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\wiaservc.dll
wiavusd.dll WIA Video Stream device USD Microsoft Corporation 5.1.2600.0 C:\WINDOWS\system32\wiavusd.dll
winmm.dll MCI API DLL Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\winmm.dll
winspool.drv Windows Spooler Driver Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\winspool.drv
winsta.dll Winstation Library Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\winsta.dll
wintrust.dll Microsoft Trust Verification APIs Microsoft Corporation 5.131.2600.5512 C:\WINDOWS\system32\wintrust.dll
xpsp2res.dll Service Pack 2 Messages Microsoft Corporation 5.1.2600.5512 C:\WINDOWS\system32\xpsp2res.dll

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:06 PM

Posted 11 December 2011 - 04:00 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/430998 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 espelled

espelled
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 12 December 2011 - 07:24 PM

Hello,
Unfortunately and quite frustratingly over the last 24 hours I was unable to create the GMER log. The system froze each time the scan ran for a few hours. The system is unable to do a soft reboot. Last time I got the blue screen of death in the middle of the GMER scan.
So I'm pasting in the DDS results (including Attach.txt that was to large to attach to the post).
Thanks in advance
Shakhar
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_25
Run by Administrator at 2:14:07 on 2011-12-13
Microsoft Windows XP Professional 5.1.2600.3.1255.1.1037.18.3070.1602 [GMT 2:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Nuance\dgnsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kilgray\memoQ40\AUClient.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Greenshot\Greenshot.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\AnvSoft\Any Video Converter\VideoConverter.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Notepad++\notepad++.exe
C:\Program Files\AnvSoft\Any Video Converter\mencoder.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: DeviceVM Url Search Hook: {0063bf63-bfff-4b8f-9d26-4267df7f17dd} - c:\windows\system32\dvmurl.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AGFormHelperObj Class: {6620e618-1ab9-4eb2-aca4-cbbe9066dbe6} - c:\progra~1\agat\agform\AGFORM~1.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AGForms: {ed2e7de7-07db-4941-a06d-f780b93ba730} - c:\program files\agat\agform\AGForms.dll
TB: Copernic Desktop Search - Home Toolbar: {4a1c6093-14f9-44d7-860e-5d265cfca9d9} - c:\program files\copernic desktop search - home\toolbar\ToolbarContainer101000325.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking11\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\naturallyspeaking11\Ereg.ini
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
IE: &ייצוא אל Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: &יצא ל- Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: SYSTRAN: &Clear Translation Cache - c:\program files\systran\standard\menuClearCache.html
IE: SYSTRAN: &Options - c:\program files\systran\standard\menuConfigure.html
IE: SYSTRAN: &Register - c:\program files\systran\standard\menuRegister.html
IE: SYSTRAN: &Translate - c:\program files\systran\standard\menuTranslate.html
IE: SYSTRAN: Check for &Updates - c:\program files\systran\standard\menuUpdate.html
IE: SYSTRAN: Translate All &Frames - c:\program files\systran\standard\menuTranslateAll.html
IE: {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - c:\program files\systran\standard\MenuTranslate.html
IE: {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - c:\program files\systran\standard\MenuTranslateAll.html
IE: {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - c:\program files\systran\standard\MenuConfigure.html
IE: {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - c:\program files\systran\standard\MenuClearCache.html
IE: {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - c:\program files\systran\standard\MenuRegister.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 212.143.212.143 194.90.1.5
TCP: Interfaces\{D3885D42-A1FD-4C05-8488-B4D9B9A5125B} : DhcpNameServer = 212.143.212.143 194.90.1.5
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\u43pwaqf.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdbplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\sony\media go\npmediago.dll
FF - plugin: c:\program files\sony\reader\data\bin\npebldetectmoz.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-8-10 11608]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2011-6-27 162544]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2011-6-27 44720]
R2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\common files\abbyy\finereader\10.00\licensing\pe\NetworkLicenseServer.exe [2009-12-22 814344]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-8-10 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-8-10 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-8-10 66616]
R2 DragonSvc;Dragon Service;c:\program files\common files\nuance\dgnsvc.exe [2010-7-23 296808]
R2 Kilgray Translation Technologies: memoQ update permissions manager. 979430.;Kilgray Translation Technologies: memoQ update permissions manager. 979430.;c:\program files\kilgray\memoq40\auclient.exe -permissionmanagerrun --> c:\program files\kilgray\memoq40\AUClient.exe -PermissionManagerRun [?]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-8-12 47640]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-8-9 366152]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2010-8-27 90112]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-8-9 22216]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2010-8-15 100712]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2011-5-16 111280]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2011-5-16 122224]
S0 cusqenr;cusqenr;c:\windows\system32\drivers\eyodhdi.sys --> c:\windows\system32\drivers\eyodhdi.sys [?]
S1 idaylcbk;idaylcbk;\??\c:\windows\system32\drivers\idaylcbk.sys --> c:\windows\system32\drivers\idaylcbk.sys [?]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-7-12 36640]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2011-3-9 30192]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 mcdevice;mcdevice;c:\windows\system32\drivers\mcdevice.sys [2009-12-1 323584]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys --> c:\windows\system32\drivers\nmwcdnsu.sys [?]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys --> c:\windows\system32\drivers\nmwcdnsuc.sys [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-7-8 27064]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [2011-6-27 33072]
S4 B-Service;B-Service;c:\documents and settings\administrator\application data\mikogo extra\B-Service.exe [2010-2-1 185640]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2011-12-02 05:47:34 -------- d-sh--w- C:\found.000
2011-12-01 19:50:34 -------- d-----w- c:\windows\system32\MpEngineStore
2011-11-26 17:04:20 -------- d-----w- C:\FRST
2011-11-24 10:43:49 -------- d-----w- C:\_OTL
2011-11-23 12:53:16 -------- d-sha-r- C:\cmdcons
2011-11-23 12:51:18 98816 ----a-w- c:\windows\sed.exe
2011-11-23 12:51:18 518144 ----a-w- c:\windows\SWREG.exe
2011-11-23 12:51:18 256000 ----a-w- c:\windows\PEV.exe
2011-11-23 12:51:18 208896 ----a-w- c:\windows\MBR.exe
2011-11-23 09:20:04 -------- d-----w- C:\FIGHTING THE
.
==================== Find3M ====================
.
2011-10-07 15:05:50 323624 ----a-w- c:\windows\system32\wiaaut.dll
2011-02-10 17:16:19 29541108 ----a-w- c:\program files\OmegaT_2.0.5_04_Windows.exe
2009-10-14 07:19:24 9794560 ----a-w- c:\program files\openofficeorg31.msi
2009-10-14 07:19:24 1822848 ----a-w- c:\program files\instmsiw.exe
2009-10-14 07:19:24 1709160 ----a-w- c:\program files\instmsia.exe
.
============= FINISH: 2:17:23.70 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 19/10/2009 19:08:05
System Uptime: 12/12/2011 20:38:36 (6 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | P43-ES3G
Processor: מעבד Intel Pentium III Xeon | Socket 775 | 2666/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 14.414 GiB free.
D: is CDROM ()
E: is Removable
N: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 3120 classic
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 3120 classic
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
.
==== System Restore Points ===================
.
RP413: 15/09/2011 08:11:23 - נקודת ביקורת של המערכת
RP414: 18/09/2011 09:23:41 - נקודת ביקורת של המערכת
RP415: 18/09/2011 10:35:26 - Configured Microsoft Office Enterprise 2007
RP416: 19/09/2011 15:09:47 - Configured Microsoft Office Enterprise 2007
RP417: 20/09/2011 09:03:24 - Configured Microsoft Office Enterprise 2007
RP418: 23/09/2011 13:58:27 - נקודת ביקורת של המערכת
RP419: 24/09/2011 22:25:12 - Configured Microsoft Office Enterprise 2007
RP420: 03/10/2011 07:23:56 - Configured Microsoft Office Enterprise 2007
RP421: 06/10/2011 15:10:54 - Configured Microsoft Office Enterprise 2007
RP422: 09/10/2011 07:36:14 - Configured Microsoft Office Enterprise 2007
RP423: 09/10/2011 12:33:27 - Configured Microsoft Office Enterprise 2007
RP424: 10/10/2011 13:54:57 - נקודת ביקורת של המערכת
RP425: 11/10/2011 07:43:49 - Configured Microsoft Office Enterprise 2007
RP426: 12/10/2011 09:27:21 - נקודת ביקורת של המערכת
RP427: 14/10/2011 13:27:10 - נקודת ביקורת של המערכת
RP428: 16/10/2011 12:19:11 - נקודת ביקורת של המערכת
RP429: 17/10/2011 14:44:28 - נקודת ביקורת של המערכת
RP430: 19/10/2011 12:19:03 - נקודת ביקורת של המערכת
RP431: 21/10/2011 08:44:52 - נקודת ביקורת של המערכת
RP432: 26/10/2011 13:27:04 - נקודת ביקורת של המערכת
RP433: 28/10/2011 14:41:39 - Configured Microsoft Office Enterprise 2007
RP434: 31/10/2011 15:18:02 - Configured Microsoft Office Enterprise 2007
RP435: 31/10/2011 18:59:09 - Configured Microsoft Office Enterprise 2007
RP436: 02/11/2011 08:52:52 - Configured Microsoft Office Enterprise 2007
RP437: 03/11/2011 13:08:41 - נקודת ביקורת של המערכת
RP438: 07/11/2011 12:07:14 - נקודת ביקורת של המערכת
RP439: 07/11/2011 20:15:53 - Paint.NET v3.5.10
RP440: 10/11/2011 18:20:20 - Installed Falling Block Game 2
RP441: 14/11/2011 08:06:27 - נקודת ביקורת של המערכת
RP442: 16/11/2011 13:08:16 - נקודת ביקורת של המערכת
RP443: 17/11/2011 14:09:41 - נקודת ביקורת של המערכת
RP444: 18/11/2011 09:09:45 - נקודת ביקורת של המערכת
RP445: 21/11/2011 09:58:06 - נקודת ביקורת של המערכת
RP446: 22/11/2011 11:48:28 - נקודת ביקורת של המערכת
RP447: 23/11/2011 13:39:15 - נקודת ביקורת של המערכת
RP448: 25/11/2011 11:51:35 - נקודת ביקורת של המערכת
RP449: 28/11/2011 16:07:41 - נקודת ביקורת של המערכת
RP450: 29/11/2011 16:51:40 - נקודת ביקורת של המערכת
RP451: 01/12/2011 07:02:14 - נקודת ביקורת של המערכת
RP452: 02/12/2011 08:49:11 - נקודת ביקורת של המערכת
RP453: 04/12/2011 11:08:38 - נקודת ביקורת של המערכת
RP454: 04/12/2011 17:06:19 - עדכון למנהל התקן לא חתום
RP455: 04/12/2011 17:06:44 - התקנת מנהל התקן לא חתום
RP456: 06/12/2011 11:27:57 - נקודת ביקורת של המערכת
RP457: 07/12/2011 14:55:42 - נקודת ביקורת של המערכת
RP458: 09/12/2011 09:10:49 - נקודת ביקורת של המערכת
RP459: 12/12/2011 07:34:07 - נקודת ביקורת של המערכת
.
==== Installed Programs ======================
.
.
ערכת שפה של Microsoft .NET Framework 3.5 - HEB
תיקון חם עבור Windows XP (KB942288-v3)‎
2007 Microsoft Office Suite Service Pack 2 (SP2)
לוח הבקרה של NVIDIA 260.99
ABBYY FineReader 10 Professional Edition
ABC Amber LIT Converter
Able2Extract Professional v5.0
Acrobat.com
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Reader 9.3.3
Adobe Setup
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Advanced PDF Password Recovery
AlignAssist
AnalyzeAssist
Any Video Converter 3.1.2
Apple Software Update
ApSIC Xbench 2.8
ArcSoft TotalMedia Backup
Artisteer 2
Audacity 1.2.6
Avira AntiVir Personal - Free Antivirus
Browser Configuration Utility
calibre
CalorieKing Nutrition and Exercise Manager (remove only)
CamStudio
CamStudio OSS Desktop Recorder
Camtasia Studio 7
Canon MP Navigator EX 1.2
Canon MP190 series MP Drivers
Canon MP190 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CCleaner
Comic Life
ComicRack v0.9.93
Compatibility Pack for the 2007 Office system
Copernic Desktop Search - Home
CutePDF Writer 2.8
Data Access Objects (DAO) 3.5
DivX Player
DivXLand Media Subtitler
Dragon NaturallySpeaking 11
Dramatica Pro 4.0
DriveImage XML (Private Edition)
E-GOV.IL Sign&Verify Software - AGForm toolbar
Easy File Joiner
eBook CS7DGSWC
Falling Block Game 2
FileZilla Client 3.5.2
Foxit Reader
Free Download Manager 3.0
Freeware PDF Unlocker
Google Chrome
Google Desktop
Google Toolbar for Internet Explorer
Greenshot
Hero's Journey from clickok.co.uk
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
HTML-Kit
IBM SPSS Smartreader 20
IBM SPSS Statistics 20
IETester v0.4.10 (remove only)
Image Resizer Powertoy for Windows XP
Inkscape 0.48.1
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 10
Java DB 10.6.2.1
Java™ 6 Update 14
Java™ 6 Update 25
K-Lite Codec Pack 5.2.0 (Full)
LAME v3.98.2 for Audacity
LangOver 5.0
Lexmark Software Uninstall
LizardTech DjVu Control
MagicDisc 2.7.106
Malwarebytes' Anti-Malware version 1.51.2.1300
Manga Studio EX 3.0
Media Go
Media Player Classic - Home Cinema v1.5.2.3456
memoQ 4.5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - HEB
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - HEB
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 Language Pack - heb
Microsoft .NET Framework 3.5 SP1
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office 2000 Professional
Microsoft Office Access MUI (English) 2007
Microsoft Office Access MUI (Hebrew) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (Hebrew) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (Hebrew) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office InfoPath MUI (Hebrew) 2007
Microsoft Office Language Pack 2007 - Hebrew עברית
Microsoft Office O MUI (Hebrew) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office OneNote MUI (Hebrew) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Outlook MUI (Hebrew) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (Hebrew) 2007
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Hebrew) 2007
Microsoft Office Proof (Russian) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (Hebrew) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Publisher MUI (Hebrew) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (Hebrew) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer MUI (Hebrew) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (Hebrew) 2007
Microsoft Office Word Viewer 2003
Microsoft Office X MUI (Hebrew) 2007
Microsoft Primary Interoperability Assemblies 2005
Microsoft Reader
Microsoft Software Update for Web Folders (English) 12
Microsoft Software Update for Web Folders (Hebrew) 12
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visio Viewer 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft XML Parser
Mobipocket Reader 6.2
Mozilla Firefox 8.0.1 (x86 en-US)
MRU-Blaster v1.5 (Database 3/28/2004)
MSVC80_x86
MSXML 4.0 SP2 Parser and SDK
MuseScore 0.9 MuseScore score typesetter
Nero 8 Essentials
neroxml
Notepad++
NVIDIA תכנת nView 135.36
NVIDIA תכנת PhysX System 9.10.0514
NVIDIA Install Application
NVIDIA nView Desktop Manager
NVIDIA PhysX
NVIDIA מנהל התקן עבור נתונים גרפיים 260.99
NVIDIA מנהל ההתקן עבור שמע בתקן HD 1.1.9.0
Okapi Olifant
OmegaT version 2.2.3_04
OpenOffice.org 3.1
Oracle VM VirtualBox 4.0.8
Paint.NET v3.5.10
PC Connectivity Solution
PDF-Viewer
PDF Settings
PDF Splitter
pdfsam
Poedit
PostgreSQL 8.2
PRS-500 USB driver
QuickTime
Reader Library by Sony
RealNetworks - Microsoft Visual C++ 2005 Runtime
RealPlayer
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Samsung New PC Studio
SAMSUNG USB Driver for Mobile Phones
SDL TRADOS 7 Freelance
Sibelius Scorch (all browsers)
SimpleOCR 3.1
Skype web features
Skype™ 4.2
Sony Ericsson PC Companion 1.60.13
Sony Ericsson PC Suite 6.011.00
Storybook
SYSTRAN PROfessional Standard
TextMe 2.7
TortoiseSVN 1.6.6.17493 (32 bit)
TuneUp Utilities 2007
TweakGDS version 1.1.3
VCRedistSetup
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking
Visual C++ Runtime for Dragon NaturallySpeaking
VLC media player 1.1.0
VSO Image Resizer 3.0.0.140
Vtune 7.5
WampServer 2.0
WebFldrs XP
Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Media Player Firefox Plugin
WinHTTrack Website Copier 3.43-9D
WinMerge 2.12.4
WinRAR archiver
WinSoftMEsti
Xelif
XML Paper Specification Shared Components Language Pack 1.0
XnView 1.97.6
YouTube Downloader 2.6.5
.
==== Event Viewer Messages From Past Week ========
.
12/12/2011 20:42:24, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the nvsvc service.
12/12/2011 20:42:24, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
12/12/2011 20:42:24, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: ‏‏השירות לא הגיב לבקשת ההפעלה או לבקשת השליטה בזמן.
12/12/2011 20:41:09, error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
12/12/2011 19:22:44, error: atapi [9] - ‏‏התקן \Device\Ide\IdePort5 לא הגיב במהלך פרק הזמן שהוקצב.
12/12/2011 19:21:46, error: atapi [9] - ‏‏התקן \Device\Ide\IdePort5 לא הגיב במהלך פרק הזמן שהוקצב.
12/12/2011 19:10:14, error: atapi [9] - ‏‏התקן \Device\Ide\IdePort5 לא הגיב במהלך פרק הזמן שהוקצב.
12/12/2011 19:09:39, error: atapi [9] - ‏‏התקן \Device\Ide\IdePort5 לא הגיב במהלך פרק הזמן שהוקצב.
12/12/2011 19:09:39, error: atapi [11] - ‏‏מנהל ההתקן זיהה שגיאת בקר ב- \Device\Ide\IdePort5.
12/12/2011 19:08:00, error: atapi [9] - ‏‏התקן \Device\Ide\IdePort5 לא הגיב במהלך פרק הזמן שהוקצב.
12/12/2011 16:54:56, error: atapi [9] - ‏‏התקן \Device\Ide\IdePort5 לא הגיב במהלך פרק הזמן שהוקצב.
12/12/2011 16:54:45, error: atapi [9] - ‏‏התקן \Device\Ide\IdePort5 לא הגיב במהלך פרק הזמן שהוקצב.
12/12/2011 16:54:28, error: atapi [9] - ‏‏התקן \Device\Ide\IdePort5 לא הגיב במהלך פרק הזמן שהוקצב.
12/12/2011 16:20:23, error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
12/12/2011 07:34:07, error: sr [1] - ‏‏מסנן שחזור המערכת נתקל בשגיאה לא צפויה '0xC000009A' בעת עיבוד הקובץ 'rp.log' באמצעי האחסון 'HarddiskVolume1'. המסנן הפסיק את הפיקוח על אמצעי האחסון.
12/12/2011 07:28:32, error: Srv [2019] - The server was unable to allocate from the system nonpaged pool because the pool was empty.
12/12/2011 07:21:19, error: Cdrom [11] - ‏‏מנהל ההתקן זיהה שגיאת בקר ב- \Device\CdRom1.
12/12/2011 07:21:17, error: Cdrom [11] - ‏‏מנהל ההתקן זיהה שגיאת בקר ב- \Device\CdRom1.
12/12/2011 03:41:37, error: atapi [9] - ‏‏התקן \Device\Ide\IdePort5 לא הגיב במהלך פרק הזמן שהוקצב.
12/12/2011 03:23:39, error: atapi [9] - ‏‏התקן \Device\Ide\IdePort5 לא הגיב במהלך פרק הזמן שהוקצב.
12/12/2011 01:00:34, error: atapi [9] - ‏‏התקן \Device\Ide\IdePort5 לא הגיב במהלך פרק הזמן שהוקצב.
12/12/2011 01:00:31, error: atapi [9] - ‏‏התקן \Device\Ide\IdePort5 לא הגיב במהלך פרק הזמן שהוקצב.
12/12/2011 00:59:27, error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
11/12/2011 20:01:37, error: atapi [9] - ‏‏התקן \Device\Ide\IdePort5 לא הגיב במהלך פרק הזמן שהוקצב.
11/12/2011 18:41:25, error: atapi [9] - ‏‏התקן \Device\Ide\IdePort5 לא הגיב במהלך פרק הזמן שהוקצב.
11/12/2011 18:41:18, error: atapi [9] - ‏‏התקן \Device\Ide\IdePort5 לא הגיב במהלך פרק הזמן שהוקצב.
09/12/2011 14:02:40, error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
07/12/2011 11:02:01, error: Windows Update Agent [20] - ‏‏כשל בהתקנה: Windows נכשל בהתקנת העדכון הבא עם שגיאה 0x8e5e0226: Automatic Updates.
06/12/2011 18:20:13, error: Windows Update Agent [20] - ‏‏כשל בהתקנה: Windows נכשל בהתקנת העדכון הבא עם שגיאה 0x8e5e0226: Automatic Updates.
06/12/2011 14:19:41, error: Dhcp [1002] - The IP address lease 85.64.44.240 for the Network Card with network address 00241D831FDA has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
06/12/2011 13:19:02, error: Windows Update Agent [20] - ‏‏כשל בהתקנה: Windows נכשל בהתקנת העדכון הבא עם שגיאה 0x8e5e0226: Automatic Updates.
06/12/2011 10:10:44, error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
06/12/2011 09:50:31, error: שירות מקום אחסון נשלף [111] - ‏‏מנהל מקומות האחסון הנשלפים (RSM) לא הצליח לטעון מדיה בכונן כונן 0 של ספריה SanDisk Cruzer Blade USB Device.
06/12/2011 09:50:30, error: שירות מקום אחסון נשלף [111] - ‏‏מנהל מקומות האחסון הנשלפים (RSM) לא הצליח לטעון מדיה בכונן כונן 0 של ספריה SanDisk Cruzer Blade USB Device.
06/12/2011 03:44:52, error: שירות מקום אחסון נשלף [111] - ‏‏מנהל מקומות האחסון הנשלפים (RSM) לא הצליח לטעון מדיה בכונן כונן 0 של ספריה SanDisk Cruzer Blade USB Device.
06/12/2011 03:44:50, error: שירות מקום אחסון נשלף [111] - ‏‏מנהל מקומות האחסון הנשלפים (RSM) לא הצליח לטעון מדיה בכונן כונן 0 של ספריה SanDisk Cruzer Blade USB Device.
06/12/2011 03:31:44, error: שירות מקום אחסון נשלף [111] - ‏‏מנהל מקומות האחסון הנשלפים (RSM) לא הצליח לטעון מדיה בכונן כונן 0 של ספריה SanDisk Cruzer Blade USB Device.
06/12/2011 03:31:42, error: שירות מקום אחסון נשלף [111] - ‏‏מנהל מקומות האחסון הנשלפים (RSM) לא הצליח לטעון מדיה בכונן כונן 0 של ספריה SanDisk Cruzer Blade USB Device.
06/12/2011 03:28:48, error: שירות מקום אחסון נשלף [111] - ‏‏מנהל מקומות האחסון הנשלפים (RSM) לא הצליח לטעון מדיה בכונן כונן 0 של ספריה SanDisk Cruzer Blade USB Device.
06/12/2011 03:28:46, error: שירות מקום אחסון נשלף [111] - ‏‏מנהל מקומות האחסון הנשלפים (RSM) לא הצליח לטעון מדיה בכונן כונן 0 של ספריה SanDisk Cruzer Blade USB Device.
06/12/2011 03:23:08, error: שירות מקום אחסון נשלף [111] - ‏‏מנהל מקומות האחסון הנשלפים (RSM) לא הצליח לטעון מדיה בכונן כונן 0 של ספריה SanDisk Cruzer Blade USB Device.
06/12/2011 03:23:06, error: שירות מקום אחסון נשלף [111] - ‏‏מנהל מקומות האחסון הנשלפים (RSM) לא הצליח לטעון מדיה בכונן כונן 0 של ספריה SanDisk Cruzer Blade USB Device.
06/12/2011 03:13:31, error: שירות מקום אחסון נשלף [111] - ‏‏מנהל מקומות האחסון הנשלפים (RSM) לא הצליח לטעון מדיה בכונן כונן 0 של ספריה SanDisk Cruzer Blade USB Device.
06/12/2011 03:13:28, error: שירות מקום אחסון נשלף [111] - ‏‏מנהל מקומות האחסון הנשלפים (RSM) לא הצליח לטעון מדיה בכונן כונן 0 של ספריה SanDisk Cruzer Blade USB Device.
06/12/2011 03:07:54, error: שירות מקום אחסון נשלף [111] - ‏‏מנהל מקומות האחסון הנשלפים (RSM) לא הצליח לטעון מדיה בכונן כונן 0 של ספריה SanDisk Cruzer Blade USB Device.
06/12/2011 03:07:50, error: שירות מקום אחסון נשלף [111] - ‏‏מנהל מקומות האחסון הנשלפים (RSM) לא הצליח לטעון מדיה בכונן כונן 0 של ספריה SanDisk Cruzer Blade USB Device.
06/12/2011 02:43:19, error: שירות מקום אחסון נשלף [111] - ‏‏מנהל מקומות האחסון הנשלפים (RSM) לא הצליח לטעון מדיה בכונן כונן 0 של ספריה SanDisk Cruzer Blade USB Device.
06/12/2011 02:43:16, error: שירות מקום אחסון נשלף [111] - ‏‏מנהל מקומות האחסון הנשלפים (RSM) לא הצליח לטעון מדיה בכונן כונן 0 של ספריה SanDisk Cruzer Blade USB Device.
06/12/2011 02:37:41, error: שירות מקום אחסון נשלף [111] - ‏‏מנהל מקומות האחסון הנשלפים (RSM) לא הצליח לטעון מדיה בכונן כונן 0 של ספריה SanDisk Cruzer Blade USB Device.
06/12/2011 02:37:37, error: שירות מקום אחסון נשלף [111] - ‏‏מנהל מקומות האחסון הנשלפים (RSM) לא הצליח לטעון מדיה בכונן כונן 0 של ספריה SanDisk Cruzer Blade USB Device.
06/12/2011 02:19:03, error: שירות מקום אחסון נשלף [111] - ‏‏מנהל מקומות האחסון הנשלפים (RSM) לא הצליח לטעון מדיה בכונן כונן 0 של ספריה SanDisk Cruzer Blade USB Device.
06/12/2011 02:18:59, error: שירות מקום אחסון נשלף [111] - ‏‏מנהל מקומות האחסון הנשלפים (RSM) לא הצליח לטעון מדיה בכונן כונן 0 של ספריה SanDisk Cruzer Blade USB Device.
06/12/2011 02:11:28, error: שירות מקום אחסון נשלף [111] - ‏‏מנהל מקומות האחסון הנשלפים (RSM) לא הצליח לטעון מדיה בכונן כונן 0 של ספריה SanDisk Cruzer Blade USB Device.
06/12/2011 02:11:25, error: שירות מקום אחסון נשלף [111] - ‏‏מנהל מקומות האחסון הנשלפים (RSM) לא הצליח לטעון מדיה בכונן כונן 0 של ספריה SanDisk Cruzer Blade USB Device.
06/12/2011 01:52:36, error: שירות מקום אחסון נשלף [111] - ‏‏מנהל מקומות האחסון הנשלפים (RSM) לא הצליח לטעון מדיה בכונן כונן 0 של ספריה SanDisk Cruzer Blade USB Device.
06/12/2011 01:52:34, error: שירות מקום אחסון נשלף [111] - ‏‏מנהל מקומות האחסון הנשלפים (RSM) לא הצליח לטעון מדיה בכונן כונן 0 של ספריה SanDisk Cruzer Blade USB Device.
06/12/2011 01:26:32, error: שירות מקום אחסון נשלף [111] - ‏‏מנהל מקומות האחסון הנשלפים (RSM) לא הצליח לטעון מדיה בכונן כונן 0 של ספריה SanDisk Cruzer Blade USB Device.
06/12/2011 01:26:29, error: שירות מקום אחסון נשלף [111] - ‏‏מנהל מקומות האחסון הנשלפים (RSM) לא הצליח לטעון מדיה בכונן כונן 0 של ספריה SanDisk Cruzer Blade USB Device.
06/12/2011 01:10:16, error: שירות מקום אחסון נשלף [111] - ‏‏מנהל מקומות האחסון הנשלפים (RSM) לא הצליח לטעון מדיה בכונן כונן 0 של ספריה SanDisk Cruzer Blade USB Device.
06/12/2011 01:10:14, error: שירות מקום אחסון נשלף [111] - ‏‏מנהל מקומות האחסון הנשלפים (RSM) לא הצליח לטעון מדיה בכונן כונן 0 של ספריה SanDisk Cruzer Blade USB Device.
06/12/2011 01:02:27, error: שירות מקום אחסון נשלף [111] - ‏‏מנהל מקומות האחסון הנשלפים (RSM) לא הצליח לטעון מדיה בכונן כונן 0 של ספריה SanDisk Cruzer Blade USB Device.
06/12/2011 01:02:24, error: שירות מקום אחסון נשלף [111] - ‏‏מנהל מקומות האחסון הנשלפים (RSM) לא הצליח לטעון מדיה בכונן כונן 0 של ספריה SanDisk Cruzer Blade USB Device.
06/12/2011 00:54:31, error: שירות מקום אחסון נשלף [111] - ‏‏מנהל מקומות האחסון הנשלפים (RSM) לא הצליח לטעון מדיה בכונן כונן 0 של ספריה SanDisk Cruzer Blade USB Device.
06/12/2011 00:54:29, error: שירות מקום אחסון נשלף [111] - ‏‏מנהל מקומות האחסון הנשלפים (RSM) לא הצליח לטעון מדיה בכונן כונן 0 של ספריה SanDisk Cruzer Blade USB Device.
06/12/2011 00:47:17, error: שירות מקום אחסון נשלף [111] - ‏‏מנהל מקומות האחסון הנשלפים (RSM) לא הצליח לטעון מדיה בכונן כונן 0 של ספריה SanDisk Cruzer Blade USB Device.
06/12/2011 00:47:14, error: שירות מקום אחסון נשלף [111] - ‏‏מנהל מקומות האחסון הנשלפים (RSM) לא הצליח לטעון מדיה בכונן כונן 0 של ספריה SanDisk Cruzer Blade USB Device.
06/12/2011 00:11:34, error: שירות מקום אחסון נשלף [111] - ‏‏מנהל מקומות האחסון הנשלפים (RSM) לא הצליח לטעון מדיה בכונן כונן 0 של ספריה SanDisk Cruzer Blade USB Device.
06/12/2011 00:11:31, error: שירות מקום אחסון נשלף [111] - ‏‏מנהל מקומות האחסון הנשלפים (RSM) לא הצליח לטעון מדיה בכונן כונן 0 של ספריה SanDisk Cruzer Blade USB Device.
.
==== End Of File ===========================
.

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,428 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:06 AM

Posted 15 December 2011 - 09:13 AM

Hello, my name is Elise and I'll assist you with this issue.

Let me first of all answer some of your questions.

4. Some questions about circumvention:
Question:If I change my operating system to Linux - would the virus then be annulled and I'll be able use my files?
Question: What about windows running in a Virtual-box environment - accessing my general file system through sharing? - Would that be a way to circumvent the Trojan?

Conficker is not able to infected a Linux system (at the moment there is no Linux malware, because Windows is the most-used OS).

If you share your files with a Virtual Machine, your VM will get infected as well. Conficker is well known to "jump".

I see you have also run Combofix. Please post me the log you'll find at c:\combofix.txt

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#5 espelled

espelled
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 16 December 2011 - 03:43 AM

Hi Elise, thanks for taking up this challenge.
I'm attaching the combofix log. Unfortunately it is to big to attach so I'm pasting it here.
Thanks in advance,
Shakhar

ComboFix 11-11-22.03 - Administrator 23/11/2011 15:00:38.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1255.1.1037.18.3070.2417 [GMT 2:00]
Running from: c:\documents and settings\Administrator\שולחן העבודה\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\My Documents\~WRL1516.tmp
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\hpe7F.dll
c:\documents and settings\All Users\Application Data\TEMP
C:\install.exe
c:\program files\OOo_3.1.1_he_install_win32_091014.exe
c:\program files\Setup.exe
C:\Thumbs.db
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\lsprst7.dll
c:\windows\system32\PowerToyReadme.htm
c:\windows\system32\zlibwapi.dll
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2011-10-23 to 2011-11-23 )))))))))))))))))))))))))))))))
.
.
2011-11-23 09:20 . 2011-11-23 09:51 -------- d-----w- C:\FIGHTING THE
2011-11-18 08:33 . 2011-11-23 10:44 163185 ----a-w- c:\windows\system32\x
2011-11-11 12:29 . 2011-11-11 12:29 -------- d-----w- C:\GERMAN_AND_YIDDISH
2011-11-10 16:20 . 2011-11-10 16:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Fbg2
2011-11-10 16:20 . 2011-11-10 16:36 -------- d-----w- c:\program files\Falling Block Game 2
2011-11-08 11:14 . 2011-11-08 11:19 -------- d-----w- C:\WAY_TO_KOKHAV_YAAKOV
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-07 15:05 . 2011-10-07 15:05 323624 ----a-w- c:\windows\system32\wiaaut.dll
2011-09-13 21:57 . 2011-09-13 21:57 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-31 15:00 . 2010-08-09 17:28 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-10 17:16 . 2011-02-10 16:55 29541108 ----a-w- c:\program files\OmegaT_2.0.5_04_Windows.exe
2009-10-14 07:19 . 2009-10-14 07:19 9794560 ----a-w- c:\program files\openofficeorg31.msi
2009-10-14 07:19 . 2009-10-14 07:19 1822848 ----a-w- c:\program files\instmsiw.exe
2009-10-14 07:19 . 2009-10-14 07:19 1709160 ----a-w- c:\program files\instmsia.exe
2009-08-08 23:11 . 2009-08-08 23:11 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll
2009-08-08 23:30 . 2009-08-08 23:30 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2011-11-23 09:17 . 2011-05-08 21:03 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-03-09 12:55 . 2011-03-09 12:55 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-08-09 . 2F6B767422A6EEEDB29BC29D831FC5A6 . 1571328 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2007-04-16 259624]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-05 198160]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2008-08-09 123904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-08-12 15:44 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^תפריט התחלה^תוכניות^הפעלה^Greenshot.lnk]
path=c:\documents and settings\Administrator\תפריט התחלה\תוכניות\הפעלה\Greenshot.lnk
backup=c:\windows\pss\Greenshot.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^תפריט התחלה^תוכניות^הפעלה^MagicDisc.lnk]
path=c:\documents and settings\Administrator\תפריט התחלה\תוכניות\הפעלה\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^תפריט התחלה^תוכניות^הפעלה^Netvision Cable Connect.url]
path=c:\documents and settings\Administrator\תפריט התחלה\תוכניות\הפעלה\Netvision Cable Connect.url
backup=c:\windows\pss\Netvision Cable Connect.urlStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^תפריט התחלה^תוכניות^הפעלה^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\Administrator\תפריט התחלה\תוכניות\הפעלה\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^תפריט התחלה^תוכניות^הפעלה^Microsoft Office.lnk]
path=c:\documents and settings\All Users\תפריט התחלה\תוכניות\הפעלה\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^תפריט התחלה^תוכניות^הפעלה^SDL Trados 2007 Speed Launcher.lnk]
path=c:\documents and settings\All Users\תפריט התחלה\תוכניות\הפעלה\SDL Trados 2007 Speed Launcher.lnk
backup=c:\windows\pss\SDL Trados 2007 Speed Launcher.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^תפריט התחלה^תוכניות^הפעלה^Symantec Fax Starter Edition Port.lnk]
path=c:\documents and settings\All Users\תפריט התחלה\תוכניות\הפעלה\Symantec Fax Starter Edition Port.lnk
backup=c:\windows\pss\Symantec Fax Starter Edition Port.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^תפריט התחלה^תוכניות^הפעלה^TotalMedia Backup Monitor.lnk]
path=c:\documents and settings\All Users\תפריט התחלה\תוכניות\הפעלה\TotalMedia Backup Monitor.lnk
backup=c:\windows\pss\TotalMedia Backup Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2010-06-09 08:53 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 08:20 57344 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-03-18 09:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStart PC Studio]
2010-03-11 17:23 2049376 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NewPCStudio.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2010-03-11 17:20 116056 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bonus.SSR.FR10]
2010-01-27 09:29 941320 ----a-w- c:\program files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-09-13 16:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-10-25 16:10 652624 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Copernic Desktop Search - Home]
2010-09-07 19:16 1611736 ----a-w- c:\program files\Copernic Desktop Search - Home\DesktopSearchService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2011-03-09 12:55 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-11-27 09:04 135664 ----atw- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2010-07-23 10:46 222496 ----a-w- c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 14:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LangOver]
2010-11-05 16:35 1486848 ----a-w- c:\program files\LangOver\LangOver.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-08-31 15:00 449608 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-02-18 15:29 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-07-09 13:39 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nuance.ctfmngr]
2011-07-22 03:16 39856 ----a-w- c:\program files\Nuance\NaturallySpeaking11\Program\ctfmngr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-10-16 10:04 13851752 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-10-16 10:04 110696 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-08-25 22:12 1753192 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 13:09 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reader Library Launcher]
2010-07-12 23:34 906648 ----a-w- c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-01-13 06:37 18084864 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
2009-12-08 12:51 774144 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-03-16 16:09 148888 ----a-w- c:\program files\Java\jre1.6.0_14\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPanel]
2009-05-12 13:43 2158592 ----a-w- c:\program files\Vtune\TBPANEL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-12-05 18:37 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)
"B-Service"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Free Download Manager\\fdmwi.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe"=
"c:\\WINDOWS\\KMSEmulator.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\IBM\\SPSS\\Smartreader\\20\\JRE\\bin\\javaw.exe"=
"c:\\Program Files\\IBM\\SPSS\\Statistics\\20\\stats.exe"=
"c:\\Program Files\\IBM\\SPSS\\Statistics\\20\\stats.com"=
"c:\\Program Files\\IBM\\SPSS\\Statistics\\20\\WinWrapIDE.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4100:UDP"= 4100:UDP:uPNP Router Control Port
.
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [27/06/2011 15:15 162544]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [27/06/2011 15:15 44720]
R2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [22/12/2009 01:08 814344]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/08/2010 15:14 136360]
R2 DragonSvc;Dragon Service;c:\program files\Common Files\Nuance\dgnsvc.exe [23/07/2010 13:19 296808]
R2 Kilgray Translation Technologies: memoQ update permissions manager. 979430.;Kilgray Translation Technologies: memoQ update permissions manager. 979430.;c:\program files\Kilgray\memoQ40\AUClient.exe -PermissionManagerRun --> c:\program files\Kilgray\memoQ40\AUClient.exe -PermissionManagerRun [?]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [09/08/2010 19:28 366152]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [27/08/2010 09:11 90112]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [09/08/2010 19:28 22216]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [15/08/2010 17:53 100712]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [16/05/2011 19:01 111280]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [16/05/2011 19:01 122224]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [12/07/2010 13:23 36640]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [09/03/2011 14:55 30192]
S3 mcdevice;mcdevice;c:\windows\system32\drivers\mcdevice.sys [01/12/2009 17:02 323584]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys --> c:\windows\system32\drivers\nmwcdnsu.sys [?]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys --> c:\windows\system32\drivers\nmwcdnsuc.sys [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [08/07/2011 08:30 27064]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [27/06/2011 15:15 33072]
S4 B-Service;B-Service;c:\documents and settings\Administrator\Application Data\Mikogo Extra\B-Service.exe [01/02/2010 20:39 185640]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-23 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-26 19:51]
.
2011-11-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-842925246-1801674531-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-27 09:04]
.
2011-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-842925246-1801674531-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-27 09:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ייצוא אל Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: &יצא ל- Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: SYSTRAN: &Clear Translation Cache - c:\program files\Systran\Standard\menuClearCache.html
IE: SYSTRAN: &Options - c:\program files\Systran\Standard\menuConfigure.html
IE: SYSTRAN: &Register - c:\program files\Systran\Standard\menuRegister.html
IE: SYSTRAN: &Translate - c:\program files\Systran\Standard\menuTranslate.html
IE: SYSTRAN: Check for &Updates - c:\program files\Systran\Standard\menuUpdate.html
IE: SYSTRAN: Translate All &Frames - c:\program files\Systran\Standard\menuTranslateAll.html
IE: {{703436F1-3E1F-11d3-8F6B-00105A2A1D59} - c:\program files\Systran\Standard\MenuTranslate.html
IE: {{703436F2-3E1F-11d3-8F6B-00105A2A1D59} - c:\program files\Systran\Standard\MenuTranslateAll.html
IE: {{703436F3-3E1F-11d3-8F6B-00105A2A1D59} - c:\program files\Systran\Standard\MenuConfigure.html
IE: {{703436F4-3E1F-11d3-8F6B-00105A2A1D59} - c:\program files\Systran\Standard\MenuClearCache.html
IE: {{703436F5-3E1F-11d3-8F6B-00105A2A1D59} - c:\program files\Systran\Standard\MenuRegister.html
IE: {{703436F6-3E1F-11d3-8F6B-00105A2A1D59} - c:\program files\Systran\Standard\MenuUpdates.html
TCP: DhcpNameServer = 212.143.212.143 194.90.1.5
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\u43pwaqf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1425416&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1425416&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
MSConfigStartUp-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
MSConfigStartUp-LogMeIn GUI - c:\program files\LogMeIn\x86\LogMeInSystray.exe
AddRemove-Diff Doc_is1 - c:\program files\Softinterface
AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_MS_USB_Modem_Driver - c:\program files\SAMSUNG\USB Drivers\22_MS_USB_Modem_Driver\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-23 15:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\documents and settings\Administrator\c:\documents and settings\Administrator\ 142 bytes
c:\documents and settings\Administrator\ 355 bytes
c:\documents and settings\Administrator\ 173 bytes
c:\documents and settings\Administrator\ 176 bytes
c:\documents and settings\Administrator\c:\documents and settings\Administrator\c:\documents and settings\Administrator\c:\documents and settings\Administrator\ 399 bytes
c:\documents and settings\Administrator\ 218 bytes
c:\documents and settings\Administrator\c:\documents and settings\Administrator\c:\documents and settings\Administrator\c:\documents and settings\Administrator\c:\documents and settings\Administrator\c:\documents and settings\Administrator\c:\documents and settings\Administrator\c:\documents and settings\Administrator\ 104 bytes
c:\documents and settings\Administrator\ 0 bytes
c:\documents and settings\Administrator\ 0 bytes
c:\documents and settings\Administrator\c:\documents and settings\Administrator\c:\documents and settings\Administrator\c:\documents and settings\Administrator\c:\documents and settings\Administrator\ 14417920 bytes
c:\documents and settings\Administrator\ 1024 bytes
c:\documents and settings\Administrator\ 8912896 bytes
c:\documents and settings\Administrator\ 0 bytes
c:\documents and settings\Administrator\ 278 bytes
c:\documents and settings\Administrator\c:\documents and settings\Administrator\c:\documents and settings\Administrator\c:\documents and settings\Administrator\c:\documents and settings\Administrator\c:\documents and settings\Administrator\c:\documents and settings\Administrator\c:\documents and settings\Administrator\
c:\documents and settings\All Users\c:\documents and settings\All Users\c:\documents and settings\All Users\c:\documents and settings\All Users\c:\documents and settings\All Users\c:\documents and settings\All Users\c:\documents and settings\All Users\c:\documents and settings\All Users\
.
scan completed successfully
hidden files: 45
.
**************************************************************************
"ImagePath"="system32\DRIVERS\kbdhid.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Kilgray Translation Technologies: memoQ update permissions manager. 979430.]
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1390067357-842925246-1801674531-500\Software\Microsoft\Ntbackup\   *װׂׁױ]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1390067357-842925246-1801674531-500\Software\Microsoft\  M*i*c*r*o*s*o*f*t* *M*a*n*a*g*e*m*e*n*t* *C*o*n*s*o*l*e*\Recent File List]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"File1"="c:\\WINDOWS\\system32\\dfrg.msc"
"File2"="c:\\WINDOWS\\system32\\services.msc"
"File3"="c:\\WINDOWS\\system32\\ciadv.msc"
"File4"="c:\\Program Files\\Runtime Software\\DriveImage XML\\diskmagn.msc"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1124)
c:\windows\system32\LMIinit.dll
.
- - - - - - - > 'explorer.exe'(264)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Kilgray\memoQ40\AUClient.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dwwin.exe
.
**************************************************************************
.
Completion time: 2011-11-23 15:11:13 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-23 13:11
.
Pre-Run: 14,895,153,152 bytes free
Post-Run: 16,815,546,368 bytes free
.
- - End Of File - - ACB365B7CEA6B6FC0B93CD65A50A5AF2

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,428 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:06 AM

Posted 16 December 2011 - 08:19 AM

I see no sign of active conficker here. What actual symptoms do you still have?

Please delete any old copy of combofix you might still have and download/run a new one as instructed below.

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#7 espelled

espelled
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 17 December 2011 - 11:29 AM

Hello Elise,
Unfortunately I couldn't shut down Avira - there was no icon, and it was access denied when I tried through the task manager.
My symptoms are still the Svchost.exe error in accessing memory at 0x6f8916e2 (this error came up about 3 times during the combofix run. Also, from time to time, there is a bleep.
When I began running Combofix - the system began throwing up svhost.exe errors one after the other - and firefox crashed.

Here are the Combo results:
ComboFix 11-12-16.03 - Administrator 17/12/2011 17:59:13.2.4 - x86
Running from: c:\documents and settings\Administrator\שולחן העבודה\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
C:\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2011-11-17 to 2011-12-17 )))))))))))))))))))))))))))))))
.
.
2011-12-02 05:47 . 2011-12-02 05:47 -------- d-----w- C:\found.000
2011-12-01 19:50 . 2011-12-05 20:28 -------- d-----w- c:\windows\system32\MpEngineStore
2011-11-24 10:43 . 2011-11-24 10:43 -------- d-----w- C:\_OTL
2011-11-23 09:20 . 2011-12-12 14:30 -------- d-----w- C:\FIGHTING THE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-16 08:31 . 2011-12-16 08:31 7142 ----a-w- C:\ComboFix.zip
2011-12-11 16:29 . 2011-12-11 16:29 5053 ----a-w- C:\Attach.zip
2011-10-07 15:05 . 2011-10-07 15:05 323624 ----a-w- c:\windows\system32\wiaaut.dll
2011-02-10 17:16 . 2011-02-10 16:55 29541108 ----a-w- c:\program files\OmegaT_2.0.5_04_Windows.exe
2009-10-14 07:19 . 2009-10-14 07:19 9794560 ----a-w- c:\program files\openofficeorg31.msi
2009-10-14 07:19 . 2009-10-14 07:19 1822848 ----a-w- c:\program files\instmsiw.exe
2009-10-14 07:19 . 2009-10-14 07:19 1709160 ----a-w- c:\program files\instmsia.exe
2009-08-08 23:11 . 2009-08-08 23:11 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll
2009-08-08 23:30 . 2009-08-08 23:30 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2011-11-23 09:17 . 2011-05-08 21:03 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-03-09 12:55 . 2011-03-09 12:55 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-08-09 . 2F6B767422A6EEEDB29BC29D831FC5A6 . 1571328 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2007-04-16 259624]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-05 198160]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-08-09 123904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-08-12 15:44 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^תפריט התחלה^תוכניות^הפעלה^Greenshot.lnk]
path=c:\documents and settings\Administrator\תפריט התחלה\תוכניות\הפעלה\Greenshot.lnk
backup=c:\windows\pss\Greenshot.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^תפריט התחלה^תוכניות^הפעלה^MagicDisc.lnk]
path=c:\documents and settings\Administrator\תפריט התחלה\תוכניות\הפעלה\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^תפריט התחלה^תוכניות^הפעלה^Netvision Cable Connect.url]
path=c:\documents and settings\Administrator\תפריט התחלה\תוכניות\הפעלה\Netvision Cable Connect.url
backup=c:\windows\pss\Netvision Cable Connect.urlStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^תפריט התחלה^תוכניות^הפעלה^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\Administrator\תפריט התחלה\תוכניות\הפעלה\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^תפריט התחלה^תוכניות^הפעלה^Microsoft Office.lnk]
path=c:\documents and settings\All Users\תפריט התחלה\תוכניות\הפעלה\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^תפריט התחלה^תוכניות^הפעלה^SDL Trados 2007 Speed Launcher.lnk]
path=c:\documents and settings\All Users\תפריט התחלה\תוכניות\הפעלה\SDL Trados 2007 Speed Launcher.lnk
backup=c:\windows\pss\SDL Trados 2007 Speed Launcher.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^תפריט התחלה^תוכניות^הפעלה^Symantec Fax Starter Edition Port.lnk]
path=c:\documents and settings\All Users\תפריט התחלה\תוכניות\הפעלה\Symantec Fax Starter Edition Port.lnk
backup=c:\windows\pss\Symantec Fax Starter Edition Port.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^תפריט התחלה^תוכניות^הפעלה^TotalMedia Backup Monitor.lnk]
path=c:\documents and settings\All Users\תפריט התחלה\תוכניות\הפעלה\TotalMedia Backup Monitor.lnk
backup=c:\windows\pss\TotalMedia Backup Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2010-06-09 08:53 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 08:20 57344 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-03-18 09:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStart PC Studio]
2010-03-11 17:23 2049376 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NewPCStudio.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2010-03-11 17:20 116056 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bonus.SSR.FR10]
2010-01-27 09:29 941320 ----a-w- c:\program files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-09-13 16:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-10-25 16:10 652624 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Copernic Desktop Search - Home]
2010-09-07 19:16 1611736 ----a-w- c:\program files\Copernic Desktop Search - Home\DesktopSearchService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2011-03-09 12:55 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-11-27 09:04 135664 ----atw- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2010-07-23 10:46 222496 ----a-w- c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 14:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LangOver]
2010-11-05 16:35 1486848 ----a-w- c:\program files\LangOver\LangOver.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-08-31 15:00 449608 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-02-18 15:29 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-07-09 13:39 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nuance.ctfmngr]
2011-07-22 03:16 39856 ----a-w- c:\program files\Nuance\NaturallySpeaking11\Program\ctfmngr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-10-16 10:04 13851752 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-10-16 10:04 110696 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-08-25 22:12 1753192 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 13:09 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reader Library Launcher]
2010-07-12 23:34 906648 ----a-w- c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-01-13 06:37 18084864 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
2009-12-08 12:51 774144 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-03-16 16:09 148888 ----a-w- c:\program files\Java\jre1.6.0_14\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPanel]
2009-05-12 13:43 2158592 ----a-w- c:\program files\Vtune\TBPANEL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-12-05 18:37 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)
"B-Service"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Free Download Manager\\fdmwi.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\IBM\\SPSS\\Smartreader\\20\\JRE\\bin\\javaw.exe"=
"c:\\Program Files\\IBM\\SPSS\\Statistics\\20\\stats.exe"=
"c:\\Program Files\\IBM\\SPSS\\Statistics\\20\\stats.com"=
"c:\\Program Files\\IBM\\SPSS\\Statistics\\20\\WinWrapIDE.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4100:UDP"= 4100:UDP:uPNP Router Control Port
.
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [27/06/2011 15:15 162544]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [27/06/2011 15:15 44720]
R2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [22/12/2009 01:08 814344]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/08/2010 15:14 136360]
R2 DragonSvc;Dragon Service;c:\program files\Common Files\Nuance\dgnsvc.exe [23/07/2010 13:19 296808]
R2 Kilgray Translation Technologies: memoQ update permissions manager. 979430.;Kilgray Translation Technologies: memoQ update permissions manager. 979430.;c:\program files\Kilgray\memoQ40\AUClient.exe -PermissionManagerRun --> c:\program files\Kilgray\memoQ40\AUClient.exe -PermissionManagerRun [?]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [09/08/2010 19:28 366152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [09/08/2010 19:28 22216]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [15/08/2010 17:53 100712]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [16/05/2011 19:01 111280]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [16/05/2011 19:01 122224]
S0 cusqenr;cusqenr;c:\windows\system32\drivers\eyodhdi.sys --> c:\windows\system32\drivers\eyodhdi.sys [?]
S1 idaylcbk;idaylcbk;\??\c:\windows\system32\drivers\idaylcbk.sys --> c:\windows\system32\drivers\idaylcbk.sys [?]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [27/08/2010 09:11 90112]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [12/07/2010 13:23 36640]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [09/03/2011 14:55 30192]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 mcdevice;mcdevice;c:\windows\system32\drivers\mcdevice.sys [01/12/2009 17:02 323584]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys --> c:\windows\system32\drivers\nmwcdnsu.sys [?]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys --> c:\windows\system32\drivers\nmwcdnsuc.sys [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [08/07/2011 08:30 27064]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [27/06/2011 15:15 33072]
S4 B-Service;B-Service;c:\documents and settings\Administrator\Application Data\Mikogo Extra\B-Service.exe [01/02/2010 20:39 185640]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-23 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-26 19:51]
.
2011-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-842925246-1801674531-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-27 09:04]
.
2011-12-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-842925246-1801674531-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-27 09:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ייצוא אל Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: &יצא ל- Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: SYSTRAN: &Clear Translation Cache - c:\program files\Systran\Standard\menuClearCache.html
IE: SYSTRAN: &Options - c:\program files\Systran\Standard\menuConfigure.html
IE: SYSTRAN: &Register - c:\program files\Systran\Standard\menuRegister.html
IE: SYSTRAN: &Translate - c:\program files\Systran\Standard\menuTranslate.html
IE: SYSTRAN: Check for &Updates - c:\program files\Systran\Standard\menuUpdate.html
IE: SYSTRAN: Translate All &Frames - c:\program files\Systran\Standard\menuTranslateAll.html
IE: {{703436F1-3E1F-11d3-8F6B-00105A2A1D59} - c:\program files\Systran\Standard\MenuTranslate.html
IE: {{703436F2-3E1F-11d3-8F6B-00105A2A1D59} - c:\program files\Systran\Standard\MenuTranslateAll.html
IE: {{703436F3-3E1F-11d3-8F6B-00105A2A1D59} - c:\program files\Systran\Standard\MenuConfigure.html
IE: {{703436F4-3E1F-11d3-8F6B-00105A2A1D59} - c:\program files\Systran\Standard\MenuClearCache.html
IE: {{703436F5-3E1F-11d3-8F6B-00105A2A1D59} - c:\program files\Systran\Standard\MenuRegister.html
TCP: DhcpNameServer = 212.143.212.143 194.90.1.5
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\u43pwaqf.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-17 18:10
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\documents and settings\Administrator\c:\documents and settings\Administrator\ 142 bytes
c:\documents and settings\Administrator\ 355 bytes
c:\documents and settings\Administrator\ 173 bytes
c:\documents and settings\Administrator\ 176 bytes
c:\documents and settings\Administrator\c:\documents and settings\Administrator\c:\documents and settings\Administrator\c:\documents and settings\Administrator\ 399 bytes
c:\documents and settings\Administrator\ 218 bytes
c:\documents and settings\Administrator\c:\documents and settings\Administrator\c:\documents and settings\Administrator\c:\documents and settings\Administrator\c:\documents and settings\Administrator\c:\documents and settings\Administrator\c:\documents and settings\Administrator\c:\documents and settings\Administrator\ 51 bytes
c:\documents and settings\Administrator\ 0 bytes
c:\documents and settings\Administrator\ 0 bytes
c:\documents and settings\Administrator\c:\documents and settings\Administrator\c:\documents and settings\Administrator\c:\documents and settings\Administrator\c:\documents and settings\Administrator\ 14417920 bytes
c:\documents and settings\Administrator\ 1024 bytes
c:\documents and settings\Administrator\ 8912896 bytes
c:\documents and settings\Administrator\ 0 bytes
c:\documents and settings\Administrator\ 278 bytes
c:\documents and settings\Administrator\c:\documents and settings\Administrator\c:\documents and settings\Administrator\c:\documents and settings\Administrator\c:\documents and settings\Administrator\c:\documents and settings\Administrator\c:\documents and settings\Administrator\c:\documents and settings\Administrator\
c:\documents and settings\All Users\c:\documents and settings\All Users\c:\documents and settings\All Users\c:\documents and settings\All Users\c:\documents and settings\All Users\c:\documents and settings\All Users\c:\documents and settings\All Users\c:\documents and settings\All Users\
.
scan completed successfully
hidden files: 45
.
**************************************************************************
"ImagePath"="system32\DRIVERS\kbdhid.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Kilgray Translation Technologies: memoQ update permissions manager. 979430.]
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1390067357-842925246-1801674531-500\Software\Microsoft\Ntbackup\   *װׂׁױ]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1390067357-842925246-1801674531-500\Software\Microsoft\  M*i*c*r*o*s*o*f*t* *M*a*n*a*g*e*m*e*n*t* *C*o*n*s*o*l*e*\Recent File List]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"File1"="c:\\WINDOWS\\system32\\dfrg.msc"
"File2"="c:\\WINDOWS\\system32\\services.msc"
"File3"="c:\\WINDOWS\\system32\\ciadv.msc"
"File4"="c:\\Program Files\\Runtime Software\\DriveImage XML\\diskmagn.msc"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1120)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2011-12-17 18:13:55
ComboFix-quarantined-files.txt 2011-12-17 16:13
ComboFix2.txt 2011-11-23 13:11
.
Pre-Run: 28,707,811,328 bytes free
Post-Run: 29,839,331,328 bytes free
.
- - End Of File - - E97BDBB1B572E3EC7848120612DCB24B

ComboFix 11-12-16.03 - Administrator 17/12/2011 17:59:13.2.4 - x86
Running from: c:\documents and settings\Administrator\שולחן העבודה\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
C:\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2011-11-17 to 2011-12-17 )))))))))))))))))))))))))))))))
.
.
2011-12-02 05:47 . 2011-12-02 05:47 -------- d-----w- C:\found.000
2011-12-01 19:50 . 2011-12-05 20:28 -------- d-----w- c:\windows\system32\MpEngineStore
2011-11-24 10:43 . 2011-11-24 10:43 -------- d-----w- C:\_OTL
2011-11-23 09:20 . 2011-12-12 14:30 -------- d-----w- C:\FIGHTING THE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-16 08:31 . 2011-12-16 08:31 7142 ----a-w- C:\ComboFix.zip
2011-12-11 16:29 . 2011-12-11 16:29 5053 ----a-w- C:\Attach.zip
2011-10-07 15:05 . 2011-10-07 15:05 323624 ----a-w- c:\windows\system32\wiaaut.dll
2011-02-10 17:16 . 2011-02-10 16:55 29541108 ----a-w- c:\program files\OmegaT_2.0.5_04_Windows.exe
2009-10-14 07:19 . 2009-10-14 07:19 9794560 ----a-w- c:\program files\openofficeorg31.msi
2009-10-14 07:19 . 2009-10-14 07:19 1822848 ----a-w- c:\program files\instmsiw.exe
2009-10-14 07:19 . 2009-10-14 07:19 1709160 ----a-w- c:\program files\instmsia.exe
2009-08-08 23:11 . 2009-08-08 23:11 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll
2009-08-08 23:30 . 2009-08-08 23:30 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2011-11-23 09:17 . 2011-05-08 21:03 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-03-09 12:55 . 2011-03-09 12:55 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-08-09 . 2F6B767422A6EEEDB29BC29D831FC5A6 . 1571328 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 16:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2007-04-16 259624]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-05 198160]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-08-09 123904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-08-12 15:44 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^תפריט התחלה^תוכניות^הפעלה^Greenshot.lnk]
path=c:\documents and settings\Administrator\תפריט התחלה\תוכניות\הפעלה\Greenshot.lnk
backup=c:\windows\pss\Greenshot.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^תפריט התחלה^תוכניות^הפעלה^MagicDisc.lnk]
path=c:\documents and settings\Administrator\תפריט התחלה\תוכניות\הפעלה\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^תפריט התחלה^תוכניות^הפעלה^Netvision Cable Connect.url]
path=c:\documents and settings\Administrator\תפריט התחלה\תוכניות\הפעלה\Netvision Cable Connect.url
backup=c:\windows\pss\Netvision Cable Connect.urlStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^תפריט התחלה^תוכניות^הפעלה^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\Administrator\תפריט התחלה\תוכניות\הפעלה\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^תפריט התחלה^תוכניות^הפעלה^Microsoft Office.lnk]
path=c:\documents and settings\All Users\תפריט התחלה\תוכניות\הפעלה\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^תפריט התחלה^תוכניות^הפעלה^SDL Trados 2007 Speed Launcher.lnk]
path=c:\documents and settings\All Users\תפריט התחלה\תוכניות\הפעלה\SDL Trados 2007 Speed Launcher.lnk
backup=c:\windows\pss\SDL Trados 2007 Speed Launcher.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^תפריט התחלה^תוכניות^הפעלה^Symantec Fax Starter Edition Port.lnk]
path=c:\documents and settings\All Users\תפריט התחלה\תוכניות\הפעלה\Symantec Fax Starter Edition Port.lnk
backup=c:\windows\pss\Symantec Fax Starter Edition Port.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^תפריט התחלה^תוכניות^הפעלה^TotalMedia Backup Monitor.lnk]
path=c:\documents and settings\All Users\תפריט התחלה\תוכניות\הפעלה\TotalMedia Backup Monitor.lnk
backup=c:\windows\pss\TotalMedia Backup Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2010-06-09 08:53 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 08:20 57344 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-03-18 09:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStart PC Studio]
2010-03-11 17:23 2049376 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NewPCStudio.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2010-03-11 17:20 116056 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bonus.SSR.FR10]
2010-01-27 09:29 941320 ----a-w- c:\program files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-09-13 16:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-10-25 16:10 652624 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Copernic Desktop Search - Home]
2010-09-07 19:16 1611736 ----a-w- c:\program files\Copernic Desktop Search - Home\DesktopSearchService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2011-03-09 12:55 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-11-27 09:04 135664 ----atw- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2010-07-23 10:46 222496 ----a-w- c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 14:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LangOver]
2010-11-05 16:35 1486848 ----a-w- c:\program files\LangOver\LangOver.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-08-31 15:00 449608 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-02-18 15:29 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-07-09 13:39 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nuance.ctfmngr]
2011-07-22 03:16 39856 ----a-w- c:\program files\Nuance\NaturallySpeaking11\Program\ctfmngr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-10-16 10:04 13851752 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-10-16 10:04 110696 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-08-25 22:12 1753192 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 13:09 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reader Library Launcher]
2010-07-12 23:34 906648 ----a-w- c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-01-13 06:37 18084864 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
2009-12-08 12:51 774144 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-03-16 16:09 148888 ----a-w- c:\program files\Java\jre1.6.0_14\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPanel]
2009-05-12 13:43 2158592 ----a-w- c:\program files\Vtune\TBPANEL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-12-05 18:37 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)
"B-Service"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Free Download Manager\\fdmwi.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\IBM\\SPSS\\Smartreader\\20\\JRE\\bin\\javaw.exe"=
"c:\\Program Files\\IBM\\SPSS\\Statistics\\20\\stats.exe"=
"c:\\Program Files\\IBM\\SPSS\\Statistics\\20\\stats.com"=
"c:\\Program Files\\IBM\\SPSS\\Statistics\\20\\WinWrapIDE.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4100:UDP"= 4100:UDP:uPNP Router Control Port
.
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [27/06/2011 15:15 162544]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [27/06/2011 15:15 44720]
R2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [22/12/2009 01:08 814344]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/08/2010 15:14 136360]
R2 DragonSvc;Dragon Service;c:\program files\Common Files\Nuance\dgnsvc.exe [23/07/2010 13:19 296808]
R2 Kilgray Translation Technologies: memoQ update permissions manager. 979430.;Kilgray Translation Technologies: memoQ update permissions manager. 979430.;c:\program files\Kilgray\memoQ40\AUClient.exe -PermissionManagerRun --> c:\program files\Kilgray\memoQ40\AUClient.exe -PermissionManagerRun [?]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [09/08/2010 19:28 366152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [09/08/2010 19:28 22216]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [15/08/2010 17:53 100712]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [16/05/2011 19:01 111280]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [16/05/2011 19:01 122224]
S0 cusqenr;cusqenr;c:\windows\system32\drivers\eyodhdi.sys --> c:\windows\system32\drivers\eyodhdi.sys [?]
S1 idaylcbk;idaylcbk;\??\c:\windows\system32\drivers\idaylcbk.sys --> c:\windows\system32\drivers\idaylcbk.sys [?]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [27/08/2010 09:11 90112]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [12/07/2010 13:23 36640]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [09/03/2011 14:55 30192]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 mcdevice;mcdevice;c:\windows\system32\drivers\mcdevice.sys [01/12/2009 17:02 323584]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys --> c:\windows\system32\drivers\nmwcdnsu.sys [?]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys --> c:\windows\system32\drivers\nmwcdnsuc.sys [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [08/07/2011 08:30 27064]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [27/06/2011 15:15 33072]
S4 B-Service;B-Service;c:\documents and settings\Administrator\Application Data\Mikogo Extra\B-Service.exe [01/02/2010 20:39 185640]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-23 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-26 19:51]
.
2011-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-842925246-1801674531-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-27 09:04]
.
2011-12-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-842925246-1801674531-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-27 09:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ייצוא אל Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: &יצא ל- Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: SYSTRAN: &Clear Translation Cache - c:\program files\Systran\Standard\menuClearCache.html
IE: SYSTRAN: &Options - c:\program files\Systran\Standard\menuConfigure.html
IE: SYSTRAN: &Register - c:\program files\Systran\Standard\menuRegister.html
IE: SYSTRAN: &Translate - c:\program files\Systran\Standard\menuTranslate.html
IE: SYSTRAN: Check for &Updates - c:\program files\Systran\Standard\menuUpdate.html
IE: SYSTRAN: Translate All &Frames - c:\program files\Systran\Standard\menuTranslateAll.html
IE: {{703436F1-3E1F-11d3-8F6B-00105A2A1D59} - c:\program files\Systran\Standard\MenuTranslate.html
IE: {{703436F2-3E1F-11d3-8F6B-00105A2A1D59} - c:\program files\Systran\Standard\MenuTranslateAll.html
IE: {{703436F3-3E1F-11d3-8F6B-00105A2A1D59} - c:\program files\Systran\Standard\MenuConfigure.html
IE: {{703436F4-3E1F-11d3-8F6B-00105A2A1D59} - c:\program files\Systran\Standard\MenuClearCache.html
IE: {{703436F5-3E1F-11d3-8F6B-00105A2A1D59} - c:\program files\Systran\Standard\MenuRegister.html
TCP: DhcpNameServer = 212.143.212.143 194.90.1.5
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\u43pwaqf.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-17 18:10
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\documents and settings\Administrator\c:\documents and settings\Administrator\ 142 bytes
c:\documents and settings\Administrator\ 355 bytes
c:\documents and settings\Administrator\ 173 bytes
c:\documents and settings\Administrator\ 176 bytes
c:\documents and settings\Administrator\c:\documents and settings\Administrator\c:\documents and settings\Administrator\c:\documents and settings\Administrator\ 399 bytes
c:\documents and settings\Administrator\ 218 bytes
c:\documents and settings\Administrator\c:\documents and settings\Administrator\c:\documents and settings\Administrator\c:\documents and settings\Administrator\c:\documents and settings\Administrator\c:\documents and settings\Administrator\c:\documents and settings\Administrator\c:\documents and settings\Administrator\ 51 bytes
c:\documents and settings\Administrator\ 0 bytes
c:\documents and settings\Administrator\ 0 bytes
c:\documents and settings\Administrator\c:\documents and settings\Administrator\c:\documents and settings\Administrator\c:\documents and settings\Administrator\c:\documents and settings\Administrator\ 14417920 bytes
c:\documents and settings\Administrator\ 1024 bytes
c:\documents and settings\Administrator\ 8912896 bytes
c:\documents and settings\Administrator\ 0 bytes
c:\documents and settings\Administrator\ 278 bytes
c:\documents and settings\Administrator\c:\documents and settings\Administrator\c:\documents and settings\Administrator\c:\documents and settings\Administrator\c:\documents and settings\Administrator\c:\documents and settings\Administrator\c:\documents and settings\Administrator\c:\documents and settings\Administrator\
c:\documents and settings\All Users\c:\documents and settings\All Users\c:\documents and settings\All Users\c:\documents and settings\All Users\c:\documents and settings\All Users\c:\documents and settings\All Users\c:\documents and settings\All Users\c:\documents and settings\All Users\
.
scan completed successfully
hidden files: 45
.
**************************************************************************
"ImagePath"="system32\DRIVERS\kbdhid.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Kilgray Translation Technologies: memoQ update permissions manager. 979430.]
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1390067357-842925246-1801674531-500\Software\Microsoft\Ntbackup\   *װׂׁױ]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1390067357-842925246-1801674531-500\Software\Microsoft\  M*i*c*r*o*s*o*f*t* *M*a*n*a*g*e*m*e*n*t* *C*o*n*s*o*l*e*\Recent File List]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"File1"="c:\\WINDOWS\\system32\\dfrg.msc"
"File2"="c:\\WINDOWS\\system32\\services.msc"
"File3"="c:\\WINDOWS\\system32\\ciadv.msc"
"File4"="c:\\Program Files\\Runtime Software\\DriveImage XML\\diskmagn.msc"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1120)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2011-12-17 18:13:55
ComboFix-quarantined-files.txt 2011-12-17 16:13
ComboFix2.txt 2011-11-23 13:11
.
Pre-Run: 28,707,811,328 bytes free
Post-Run: 29,839,331,328 bytes free
.
- - End Of File - - E97BDBB1B572E3EC7848120612DCB24B

#8 espelled

espelled
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 20 December 2011 - 08:49 AM

Hello Elise, since I haven't heard from you, I wanted to inquire if your are still helping me on this. And if not, can your recommend another forum that I can turn to for help (as you can see from my previous correspondence you are the second person on this form to try to help me - and it doesn't seem to be going very well)?
Thanks in advance,
Shakhar

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,428 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:06 AM

Posted 20 December 2011 - 09:59 AM

My apologies, I had seen your reply and supposedly replied to it, but apparently not. :o If I do not reply withing 48 hours, please feel free to send me a PM!

Please click Start > Run, type chkdsk /r and press enter. Type Y and press enter to schedule the scan for next restart.

Let the disk check run unhindered (note, this may take a long time). When done, let me know if you notice any improvement (you can see some results on screen when it is finished before the reboot).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#10 espelled

espelled
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 20 December 2011 - 10:26 AM

Hi Elise,
Thanks for the swift response. I am happy to hear from you. I will run the check and let you know.
All the best,
Shakhar

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,428 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:06 AM

Posted 20 December 2011 - 12:05 PM

Okay, please take your time! :)

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#12 espelled

espelled
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 23 December 2011 - 06:05 AM

Hi Elise,
I've finished the Checkdisk function (it certainly took some time! More than 24 hours).
Unfortunately, immediately on booting up after the check I got the Generic Host Process error.
Please advise.
All the best,
Shakhar

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,428 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:06 AM

Posted 23 December 2011 - 06:40 AM

What language is your computer set to? Is it possible for you to translate the Event Viewer message in the attach.txt log you posted? (Many of them appear the same, if you can translate one of each, that would be great).

Did you see if Checkdisk had fixed anything (for example found bad sectors)?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#14 espelled

espelled
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 23 December 2011 - 07:04 AM

Hi Elise,
The chckdisk found no errors. All was fine.
I'm using a Hebrew environment, but I couldn't find the text you were referring to. Can you paste it here, so that I can translate it?
Thanks in advance,
Shakhar

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,428 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:06 AM

Posted 23 December 2011 - 07:09 AM

Given the text I could understand, lets first do a memory test.

Please follow the steps in this tutorial and let me know if any errors were found.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users