Bagle virus [RESOLVED]

Need a geek? You've come to the right place! Geeks to Go offers free, quality technical support, in a non-technical way. Volunteers are waiting to help. Friendly, technology experts who have knowledge to share, and find reward in helping others. Feel free to browse the site as a guest. However, to reply to a topic, or start a new one, you'll need to register (also removes advertising). New here? Visit our Welcome Guide. Infected with a Virus, Spyware, or Trojan? Read our Malware and Spyware Cleaning Guide.

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

2 Pages

1 2 >

Bagle virus [RESOLVED], Please help to remove

Options

kifera View Member Profile	Apr 26 2008, 02:18 AM Post #1
Member Posts: 22 OS: windows xp	I have read one of the threads dedicated to Bagle, and it seems that I have it as well. Due to this, laptop became disconnected from internet, I can't connect at all. Can't run SpyBot, AVG and other antivirus as it gives error messages. Running Superantispyware led to computer freeze, stop error screen. I was able to run Malwarebytes that detected Bagle, but it couldn't remove it permanently. As i can't connect to internet, I was not able to rename ComboFix into Combo-Fix, as the system tells me I can't give this name, but the nameComboFix2 was accepted (shortcut from a memory stick to the desktop). I am posting the logs in the order I obtained them. Please advise on how to remove the virus. Thank you. Deckard's System Scanner v20071014.68 Run by NK on 2008-04-26 09:54:15 Computer is in Normal Mode. -------------------------------------------------------------------------------- Percentage of Memory in Use: 83% (more than 75%). Total Physical Memory: 503 MiB (512 MiB recommended). -- HijackThis (run as Nkulik.exe) ---------------------------------------------- Unable to find log (file not found); running clone. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-04-26 09:55:20 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\WINDOWS\explorer.exe C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe C:\Program Files\Microsoft ActiveSync\rapimgr.exe C:\Program Files\UFDisk\UFDisk Format Tool\iFormat.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe C:\WINDOWS\system32\CF7090.exe C:\ComboFix\nircmd.com G:\dss.exe C:\Program Files\Hijackthis\Nkulik.exe C:\WINDOWS\system32\HPBPRO.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.1.192:8080 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie O1 - Hosts: 172.16.1.54 antivirus O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray O4 - HKLM\..\Run: [TempRemove] "C:\Program Files\Crystal Ball\CB Predictor\terminator.exe" O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe" O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe" O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [XPRepairPro2007] C:\Program Files\XP Repair Pro 2007\XPRepairPro.exe /r O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: iFormat.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210 O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc3.cab O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1145496174593 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab O17 - HKLM\Software\..\Telephony: DomainName = Alghanim.com O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: Domain = Alghanim.com O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: Domain = Alghanim.com O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPCap\rpcapd.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SavRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 12216 bytes Extra.txt file: -- Files created between 2008-03-26 and 2008-04-26 ----------------------------- 2008-04-26 09:53:29 68096 --a------ C:\WINDOWS\zip.exe 2008-04-26 09:53:29 49152 --a------ C:\WINDOWS\VFind.exe 2008-04-26 09:53:29 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists> 2008-04-26 09:53:29 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller> 2008-04-26 09:53:29 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor> 2008-04-26 09:53:29 98816 --a------ C:\WINDOWS\sed.exe 2008-04-26 09:53:29 80412 --a------ C:\WINDOWS\grep.exe 2008-04-26 09:53:29 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; > 2008-04-26 00:18:52 0 d--hs---- C:\FOUND.000 2008-04-25 23:26:25 0 d-------- C:\Program Files\McAfee.com 2008-04-25 23:26:17 0 d-------- C:\Program Files\Common Files\McAfee 2008-04-25 23:26:10 0 d-------- C:\Program Files\McAfee 2008-04-25 23:07:21 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee 2008-04-25 22:28:55 0 d-------- C:\Documents and Settings\nruskulik\Application Data\Malwarebytes 2008-04-25 22:28:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-04-25 22:27:58 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-04-25 22:17:43 0 d-------- C:\Documents and Settings\nruskulik\Application Data\U3 -- Find3M Report --------------------------------------------------------------- 2008-04-26 04:37:22 12 --a------ C:\WINDOWS\bthservsdp.dat -- Registry Dump --------------------------------------------------------------- Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "epm-dm"="c:\acer\epm\epm-dm.exe" [2005-06-01 10:09] "StatusClient 2.6"="C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2004-02-27 20:29] "TomcatStartup 2.5"="C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-05-20 19:40] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-01-07 13:02] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-04-26 04:26] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2008-04-26 04:30] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-09-27 12:37] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-09-27 12:37] "EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-09-27 12:41] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 23:56 C:\WINDOWS\system32\bthprops.cpl] "PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2005-12-13 08:49] "TempRemove"="C:\Program Files\Crystal Ball\CB Predictor\terminator.exe" [1998-12-19 11:06] "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12] "@"="" [] "CaISSDT"="C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe" [2006-04-21 14:42] "eTrustPPAP"="C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" [2006-04-20 18:17] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2008-04-26 04:29] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"="C:\PROGRA~1\MI3AA1~1\wcescomm.exe" [2006-06-26 16:13] "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-11-30 16:56] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-01-29 15:36] "XPRepairPro2007"="C:\Program Files\XP Repair Pro 2007\XPRepairPro.exe" [] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ iFormat.lnk - C:\Program Files\UFDisk\UFDisk Format Tool\iFormat.exe [2007-02-11 11:16:54] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-04-20 08:32:06] Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe [2007-06-13 17:23:23] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "disableregistrytools"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, SafeBoot registry key needs repairs. This machine cannot enter Safe Mode. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] @="Driver Group" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] @="DiskDrive" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] @="Hdc" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] @="Keyboard" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] @="Mouse" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] @="System" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] @="Volume" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk] backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk] backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^IT^Start Menu^Programs^Startup^palmOne Registration.lnk] backup=C:\WINDOWS\pss\palmOne Registration.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] ALCMTR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPM-DM] c:\acer\epm\epm-dm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePowerManagement] C:\Acer\ePM\ePM.exe boot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut] HDAShCut.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] C:\WINDOWS\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp] Alaunch [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Scheduler] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] RTHDCPL.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "lanmanworkstation"=2 (0x2) "W32Time"=2 (0x2) "RemoteRegistry"=2 (0x2) "RDSessMgr"=3 (0x3) "mnmsrvc"=3 (0x3) "CiSvc"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##172.16.3.70#GLOBAL] Auto\command- N:\setup.exe AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] AutoRun\command- E:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c186efd-12fb-11dd-895a-0013ceec6868}] AutoRun\command- G:\h2.com explore\Command- G:\h2.com open\Command- G:\h2.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b2c753e-c6a6-11dc-8953-0016ceefd597}] AutoRun\command- wd_windows_tools\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b9e0985-af60-11db-88ca-0013ceec6868}] Auto\command- F:\setup.exe AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe -- End of Deckard's System Scanner: finished at 2008-04-26 09:55:58 ------------ Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel® Pentium® M processor 1.70GHz Percentage of Memory in Use: 50% Physical Memory (total/avail): 502.05 MiB / 246.79 MiB Pagefile Memory (total/avail): 1225.55 MiB / 776.09 MiB Virtual Memory (total/avail): 2047.88 MiB / 1934.6 MiB C: is Fixed (FAT32) - 29.23 GiB total, 14.75 GiB free. D: is Fixed (FAT32) - 23.7 GiB total, 23.57 GiB free. E: is Fixed (NTFS) - 111.79 GiB total, 34.35 GiB free. F: is CDROM (CDFS) G: is Removable (FAT) W: is CDROM (No Media) \\.\PHYSICALDRIVE0 - HTS541060G9AT00 - 55.89 GiB - 3 partitions \PARTITION0 - Unknown - 2.93 GiB \PARTITION1 (bootable) - Unknown - 29.25 GiB - C: \PARTITION2 - Unknown - 23.71 GiB - D: \\.\PHYSICALDRIVE1 - Generic USB Disk USB Device - 111.79 GiB - 1 partition \PARTITION0 - Installable File System - 111.79 GiB - E: \\.\PHYSICALDRIVE2 - SanDisk U3 Cruzer Micro USB Device - 1953.22 MiB - 1 partition \PARTITION0 - MS-DOS V4 Huge - 1952.88 MiB - G: -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is disabled. FirstRunDisabled is set. AV: Symantec AntiVirus Corporate Edition v10.1.0.394 (Symantec Corporation) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe::Enabled:MSN Messenger 7.0" "C:\\Program Files\\palmOne\\Hotsync.exe"="C:\\Program Files\\palmOne\\Hotsync.exe::Enabled:HotSync� Manager Application" "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "C:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"="C:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe::Enabled:javaw" "C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"="C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe::Enabled:OTI@Home User Interface" "C:\\Program Files\\Common Files\\Nokia\\Service Layer\\nsl_host_process.exe"="C:\\Program Files\\Common Files\\Nokia\\Service Layer\\nsl_host_process.exe::Enabled:Nokia Service Layer Host Process " "C:\\Program Files\\utorrent\\utorrent.exe"="C:\\Program Files\\utorrent\\utorrent.exe::Enabled:�Torrent" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe::Enabled:Skype" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"="C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe::Enabled:CyberLink PowerCinema Resident Program" "C:\\Program Files\\palmOne\\Hotsync.exe"="C:\\Program Files\\palmOne\\Hotsync.exe::Enabled:HotSync� Manager Application" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe::Enabled:MSN Messenger 7.0" "C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe::Enabled:Yahoo! Messenger" "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe::Enabled:Yahoo! FT Server" "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "C:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"="C:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe::Disabled:javaw" "C:\\Program Files\\UTORRENT\\utorrent.exe"="C:\\Program Files\\UTORRENT\\utorrent.exe::Enabled:�Torrent" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe::Enabled:Skype" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\nruskulik\Application Data CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=CHAHINE-LT3217 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\nruskulik LOGONSERVER=\\ALGHODC01 NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\Intel\Wireless\Bin\;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 6, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0d06 ProgramFiles=C:\Program Files PROMPT=$P$G SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\NRUSKU~1\LOCALS~1\Temp TMP=C:\DOCUME~1\NRUSKU~1\LOCALS~1\Temp USERDNSDOMAIN=ALGHANIM.COM USERDOMAIN=AI USERNAME=Nkulik USERPROFILE=C:\Documents and Settings\nruskulik windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- IT (admin)* Administrator (new local, admin) nruskulik (admin) mchahine (admin) -- Add/Remove Programs --------------------------------------------------------- -> --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acer Inc.\Acer English Online Help Creator\Uninst.isu" --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13E613EF-BB55-11D9-9D77-000129760D75}\setup.exe" -uninstall --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC4F90EC-B1DA-11D9-9D77-000129760D75}\setup.exe" -uninstall --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf �Torrent --> "C:\Program Files\uTorrent\uninstall.exe" Acer Arcade --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall Acer eManager for Notebook --> Acer eManager for Notebook --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{827289F5-B44F-4E49-9993-840741585A62} Acer eNetManagement --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\Setup.exe" -l0x9 Acer ePowerManagement --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\Setup.exe" -l0x9 Acer GridVista --> C:\WINDOWS\UnInst32.exe GridV.UNI Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} Adobe Acrobat 7.0 Professional - English, Fran�ais, Deutsch --> Adobe Acrobat 7.0 Professional - English, Fran�ais, Deutsch --> msiexec /I {AC76BA86-1033-F400-7760-100000000002} Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002} Advanced Flash Player --> C:\WINDOWS\iun6002.exe "C:\Program Files\Mohsoft\Advanced Flash Player\irunin.ini" Available Domains Standard Edition 4.0.3 --> "C:\Program Files\Available Domains Standard\unins000.exe" CA eTrust PestPatrol Anti-Spyware --> "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\cauninst.exe" /u CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe" Crystal Ball 2000 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Crystal Ball\Uninst.isu" Crystal Ball Tutorial 2.0 --> MsiExec.exe /I{5EEEE1A1-68F6-4D9A-8A1C-F377061F9B59} DBF Manager (remove only) --> C:\Program Files\DBF Manager\Uninst.exe Domain Finder Demo --> MsiExec.exe /I{8483B04B-EF40-4F97-8A93-0233CBED274A} Flash Saving Plugin --> "C:\Program Files\UnH Solutions\Flash Saving Plugin\unins000.exe" HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_AcrS009E\HXFSETUP.EXE -U -IAcrS009E.inf HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_1025008F\HXFSETUP.EXE -U -IAcr008FK.inf Hijackthis 1.99.1 --> "C:\Program Files\Hijackthis\unins000.exe" HijackThis 1.99.1 --> C:\Program Files\Hijackthis\HijackThis.exe /uninstall hp LaserJet 1160/1320 series --> MsiExec.exe /x {7F04B272-E0DD-47E7-8B55-D97483DB0EBD} HP Software Update --> MsiExec.exe /X{90B5E602-1867-449D-86FD-FC9DEA4434BF} Intel® Graphics Media Accelerator Driver for Mobile --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592 Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe Launch Manager --> C:\WINDOWS\UnInst32.exe QtZgAcer.UNI LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779} mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29} mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49} mEoU --> MsiExec.exe /I{B502B428-3386-40A9-98DB-079AAB72E64F} mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68} Microsoft ActiveSync 4.0 --> MsiExec.exe /I{B208806F-A231-4FA0-AB3F-5C1B8979223E} Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9} mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F} mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7} mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5} mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5} mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9} mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83} mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4} mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401} mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023} Nokia Connectivity Cable Driver --> MsiExec.exe /X{0FF1922C-B6C4-40BB-AF30-BEF75A482444} Nokia PC Suite --> MsiExec.exe /I{FF059F2A-62A7-4E6A-B305-559591D2769E} Nokia Software Updater --> MsiExec.exe /X{DDE986ED-87F8-41AA-A27E-120CAB0700F6} NTI Backup NOW! 4 --> NTI Backup NOW! 4 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{385979FE-DC4F-4140-8EAD-A59625000D72} /l1033 BUN4 NTI CD & DVD-Maker --> NTI CD & DVD-Maker --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1033 CDM7 Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan PowerVideoMaker Professional 2.6.6 --> "C:\Program Files\Presentersoft PowerVideoMaker\unins000.exe" PrintScreen --> REALTEK Gigabit and Fast Ethernet NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\setup.exe" -l0x9 REMOVE Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly Skype 3.0 --> "C:\Program Files\Skype\Phone\unins000.exe" Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03} SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} SWF Extractor 2.2 --> "C:\Program Files\GlobFX Technologies\SWF Extractor\unins000.exe" SWF Opener --> "C:\Program Files\UnH Solutions\SWF Opener\unins000.exe" Symantec AntiVirus --> MsiExec.exe /I{A011A1DC-7F1D-4EA8-BD11-0C5F9718E428} Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall UFDisk Format Tool Uninstaller --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{87FB32FC-E7A5-456C-A38B-39D3D9A7B7DB}\setup.exe" -uninst UltraISO Premium V8.61 --> "C:\Program Files\UltraISO\unins000.exe" WebFldrs XP --> Windows Driver Package - Intel (w29n51) net (09/12/2005 9.0.3.9) --> C:\PROGRA~1\DIFX\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\w29n51_B4DB085D140C6265DCA5E78CC26122444CD2D577\w29n51.inf Windows Rights Management Client Backwards Compatibility SP2 --> MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790} Windows Rights Management Client with Service Pack 2 --> MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8} WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall Xvid 1.1.3 final uninstall --> "C:\Program Files\Xvid\unins000.exe" -- Application Event Log ------------------------------------------------------- Event Record #/Type11009 / Error Event Submitted/Written: 04/26/2008 03:33:52 AM Event ID/Source: 1054 / Userenv Event Description: Windows cannot obtain the domain controller name for your computer network. (The workstation driver is not installed. ). Group Policy processing aborted. Event Record #/Type11008 / Error Event Submitted/Written: 04/26/2008 01:58:44 AM Event ID/Source: 1054 / Userenv Event Description: Windows cannot obtain the domain controller name for your computer network. (The workstation driver is not installed. ). Group Policy processing aborted. Event Record #/Type11007 / Error Event Submitted/Written: 04/26/2008 01:58:44 AM Event ID/Source: 1054 / Userenv Event Description: Windows cannot obtain the domain controller name for your computer network. (The workstation driver is not installed. ). Group Policy processing aborted. Event Record #/Type11003 / Error Event Submitted/Written: 04/26/2008 00:24:41 AM Event ID/Source: 1054 / Userenv Event Description: Windows cannot obtain the domain controller name for your computer network. (The workstation driver is not installed. ). Group Policy processing aborted. Event Record #/Type11002 / Error Event Submitted/Written: 04/26/2008 00:24:41 AM Event ID/Source: 1054 / Userenv Event Description: Windows cannot obtain the domain controller name for your computer network. (The workstation driver is not installed. ). Group Policy processing aborted. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type18999 / Error Event Submitted/Written: 04/26/2008 00:26:08 AM Event ID/Source: 7034 / Service Control Manager Event Description: The CyberLink Task Scheduler (CTS) service terminated unexpectedly. It has done this 1 time(s). Event Record #/Type18998 / Error Event Submitted/Written: 04/26/2008 00:26:08 AM Event ID/Source: 7000 / Service Control Manager Event Description: The Bluetooth Port Client Driver service failed to start due to the following error: %%2 Event Record #/Type18997 / Error Event Submitted/Written: 04/26/2008 00:26:08 AM Event ID/Source: 7001 / Service Control Manager Event Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error: %%1058 Event Record #/Type18996 / Error Event Submitted/Written: 04/26/2008 00:26:08 AM Event ID/Source: 7001 / Service Control Manager Event Description: The Net Logon service depends on the Workstation service which failed to start because of the following error: %%1058 Event Record #/Type18995 / Error Event Submitted/Written: 04/26/2008 00:26:08 AM Event ID/Source: 7001 / Service Control Manager Event Description: The Wireless Zero Configuration service depends on the NDIS Usermode I/O Protocol service which failed to start because of the following error: %%1058 -- End of Deckard's System Scanner: finished at 2008-04-26 03:35:03 ------------

kifera View Member Profile	Apr 26 2008, 02:23 AM Post #2
Member Posts: 22 OS: windows xp	ComboFix 08-04-24.1 - NK 2008-04-26 10:27:12.2 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.100 [GMT 3:00] Running from: C:\Documents and Settings\nruskulik\Desktop\Combo-Fix2.exe Command switches used :: C:\Documents and Settings\nruskulik\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\drivers\down . ((((((((((((((((((((((((( Files Created from 2008-03-26 to 2008-04-26 ))))))))))))))))))))))))))))))) . 2008-04-26 10:13 . 2008-04-26 10:13 <DIR> d-------- C:\Combo-Fix 2008-04-26 10:01 . 2008-04-26 10:01 <DIR> d-------- C:\Program Files\Trend Micro 2008-04-26 10:00 . 2008-02-24 10:13 113,669 -r-hs---- C:\h2.com 2008-04-26 03:24 . 2008-04-26 03:24 <DIR> d-------- C:\Deckard 2008-04-26 00:18 . 2008-04-26 00:18 <DIR> d--hs---- C:\FOUND.000 2008-04-25 23:26 . 2008-04-25 23:26 <DIR> d-------- C:\Program Files\McAfee.com 2008-04-25 23:26 . 2008-04-25 23:26 <DIR> d-------- C:\Program Files\McAfee 2008-04-25 23:26 . 2008-04-25 23:26 <DIR> d-------- C:\Program Files\Common Files\McAfee 2008-04-25 23:07 . 2008-04-25 23:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee 2008-04-25 22:28 . 2008-04-25 22:28 <DIR> d-------- C:\Documents and Settings\nruskulik\Application Data\Malwarebytes 2008-04-25 22:28 . 2008-04-25 22:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-04-25 22:27 . 2008-04-25 22:28 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-04-25 22:17 . 2008-04-25 22:17 <DIR> d-------- C:\Documents and Settings\nruskulik\Application Data\U3 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-26 01:20 68,096 ----a-w C:\WINDOWS\system32\dllcache\sysinfo.exe 2008-04-26 01:20 14,848 ----a-w C:\WINDOWS\system32\dllcache\register.exe . ((((((((((((((((((((((((((((( snapshot@2008-04-26_10.09.58.96 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-26 07:07:36 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-04-26 07:19:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"="C:\PROGRA~1\MI3AA1~1\wcescomm.exe" [2006-06-26 16:13 1207080] "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-11-30 16:56 1306624] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-01-29 15:36 25370152] "XPRepairPro2007"="C:\Program Files\XP Repair Pro 2007\XPRepairPro.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "epm-dm"="c:\acer\epm\epm-dm.exe" [2005-06-01 10:09 741827] "StatusClient 2.6"="C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2004-02-27 20:29 61440] "TomcatStartup 2.5"="C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-05-20 19:40 188416] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-01-07 13:02 49152] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-04-26 10:04 53408] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2008-04-26 10:04 124656] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-09-27 12:37 667718] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-09-27 12:37 602182] "EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-09-27 12:41 569413] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 23:56 110592 C:\WINDOWS\system32\bthprops.cpl] "PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2005-12-13 08:49 217088] "TempRemove"="C:\Program Files\Crystal Ball\CB Predictor\terminator.exe" [1998-12-19 11:06 7680] "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12 483328] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2008-04-26 10:04 582992] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ iFormat.lnk - C:\Program Files\UFDisk\UFDisk Format Tool\iFormat.exe [2007-02-11 11:16:54 798720] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-04-20 08:32:06 389120] Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe [2007-06-13 17:23:23 25214] [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au] "NoAutoUpdate"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.mkdmp3enc"= C:\PROGRA~1\Acer\ACERAR~1\Kernel\Burner\MKDMP3Enc.ACM "VIDC.HFYU"= huffyuv.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk] backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk] backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^IT^Start Menu^Programs^Startup^palmOne Registration.lnk] backup=C:\WINDOWS\pss\palmOne Registration.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] --a------ 2005-05-03 18:43 69632 C:\WINDOWS\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel] --a------ 2005-06-11 19:51 53248 C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] --a------ 2004-08-03 23:56 110592 C:\WINDOWS\system32\bthprops.cpl [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] --a------ 2008-04-26 10:04 53408 C:\Program Files\Common Files\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-03 23:56 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPM-DM] --a------ 2005-06-01 10:09 741827 c:\acer\epm\epm-dm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePowerManagement] --a------ 2005-03-15 10:03 2893824 C:\Acer\ePM\ePM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService] --a------ 2008-04-26 04:31 385024 C:\Acer\Empowering Technology\eRecovery\Monitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut] --------- 2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] --a------ 2005-07-18 20:06 77824 C:\WINDOWS\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] --a------ 2005-07-18 20:10 114688 C:\WINDOWS\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] --a------ 2005-07-18 20:09 94208 C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] --a------ 2004-08-04 05:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager] --a------ 2005-10-11 14:04 462848 C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Scheduler] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] --------- 2005-08-31 19:59 147456 C:\Program Files\Acer\Acer Arcade\PCMService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] --a------ 2005-08-09 15:17 14743552 C:\WINDOWS\RTHDCPL.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] --a------ 2007-01-29 15:36 25370152 C:\Program Files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] --a------ 2004-10-08 14:43 688218 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr] --a------ 2004-10-08 14:44 98394 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray] --a------ 2008-04-26 10:04 124656 C:\PROGRA~1\SYMANT~1\VPTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "lanmanworkstation"=2 (0x2) "W32Time"=2 (0x2) "RemoteRegistry"=2 (0x2) "RDSessMgr"=3 (0x3) "mnmsrvc"=3 (0x3) "CiSvc"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "C:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"= "C:\\Program Files\\UTORRENT\\utorrent.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10] R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 18:08] R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58] R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##172.16.3.70#GLOBAL] \Shell\Auto\command - N:\setup.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] \Shell\AutoRun\command - E:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b2c753e-c6a6-11dc-8953-0016ceefd597}] \Shell\AutoRun\command - wd_windows_tools\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b9e0985-af60-11db-88ca-0013ceec6868}] \Shell\Auto\command - F:\setup.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe Newly Created Service - CATCHME . ************************************************************************ catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-26 10:28:34 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** "ImagePath"="\"C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe\"\00\|5\01\00�\00\00\00\00\0c\00\00\00D\00\00\00\00\00R\02\18�\|\00\00\00\00~\00\00\00�- [\02��\|~\00\00\00x\01\15\00��\13\00E\1d�\|�\1b" . Completion time: 2008-04-26 10:29:00 ComboFix-quarantined-files.txt 2008-04-26 07:29:00 ComboFix2.txt 2008-04-26 07:10:38 Pre-Run: 15,397,453,824 bytes free Post-Run: 15,393,390,592 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons 195 ****************************** Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:01, on 2008-04-26 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe C:\PROGRA~1\MI3AA1~1\wcescomm.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\UFDisk\UFDisk Format Tool\iFormat.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe C:\WINDOWS\system32\CF7090.exe C:\ComboFix\nircmd.com C:\PROGRA~1\HIJACK~1\Nkulik.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.1.192:8080 O1 - Hosts: 172.16.1.54 antivirus O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray O4 - HKLM\..\Run: [TempRemove] "C:\Program Files\Crystal Ball\CB Predictor\terminator.exe" O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe" O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe" O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [XPRepairPro2007] C:\Program Files\XP Repair Pro 2007\XPRepairPro.exe /r O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: iFormat.lnk = C:\Program Files\UFDisk\UFDisk Format Tool\iFormat.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210 O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU) O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1145496174593 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Alghanim.com O17 - HKLM\Software\..\Telephony: DomainName = Alghanim.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Alghanim.com O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 10117 bytes

Rorschach112 View Member Profile	Apr 27 2008, 06:13 PM Post #3
GeekU Teacher Posts: 29,623 From: Dublin OS: XP	Hello Delete ComboFix.exe and the folders C:\ComboFix and C:\qoobox then do this Please visit this webpage for instructions for downloading and running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofix This includes installing the Windows XP Recovery Console in case you have not installed it yet. for more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058. once you install the Recovery Console, when you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. that is normal. Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

kifera View Member Profile	Apr 28 2008, 01:39 PM Post #4
Member Posts: 22 OS: windows xp	I have followed your instructions, deleted and re-launched ComboFix, and here are new logs: ComboFix 08-04-24.1 - Nkulik 2008-04-28 22:26:43.5 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.108 [GMT 3:00] Running from: C:\Documents and Settings\nruskulik\Desktop\Combo-Fix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\drivers\down . ((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-28 ))))))))))))))))))))))))))))))) . 2008-04-26 21:23 . 2008-04-26 21:23 <DIR> d-------- C:\Documents and Settings\nruskulik\DoctorWeb 2008-04-26 21:13 . 2008-04-26 21:13 <DIR> d--hs---- C:\FOUND.001 2008-04-26 21:07 . 2008-04-26 05:40 <DIR> d-------- C:\SDFix 2008-04-26 20:32 . 2008-04-26 20:32 <DIR> d-------- C:\Program Files\doc 2008-04-26 10:01 . 2008-04-26 10:01 <DIR> d-------- C:\Program Files\Trend Micro 2008-04-26 10:00 . 2008-02-24 10:13 113,669 -r-hs---- C:\h2.com 2008-04-26 03:24 . 2008-04-26 03:24 <DIR> d-------- C:\Deckard 2008-04-26 00:18 . 2008-04-26 00:18 <DIR> d--hs---- C:\FOUND.000 2008-04-25 23:26 . 2008-04-25 23:26 <DIR> d-------- C:\Program Files\McAfee.com 2008-04-25 23:26 . 2008-04-25 23:26 <DIR> d-------- C:\Program Files\McAfee 2008-04-25 23:26 . 2008-04-25 23:26 <DIR> d-------- C:\Program Files\Common Files\McAfee 2008-04-25 23:07 . 2008-04-25 23:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee 2008-04-25 22:28 . 2008-04-25 22:28 <DIR> d-------- C:\Documents and Settings\nruskulik\Application Data\Malwarebytes 2008-04-25 22:28 . 2008-04-25 22:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-04-25 22:27 . 2008-04-25 22:28 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-04-25 22:17 . 2008-04-25 22:17 <DIR> d-------- C:\Documents and Settings\nruskulik\Application Data\U3 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-26 01:20 68,096 ----a-w C:\WINDOWS\system32\dllcache\sysinfo.exe 2008-04-26 01:20 14,848 ----a-w C:\WINDOWS\system32\dllcache\register.exe 2008-02-12 13:14 78,756 ----a-w C:\Program Files\release_notes_kav7.0mp1cf1_en.html 2008-02-08 16:04 72,264 ----a-w C:\Program Files\setup.exe 2008-02-08 16:03 30,529,024 ----a-w C:\Program Files\kav.en.msi 2007-08-02 13:53 536 ----a-w C:\Program Files\setup.reg . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"="C:\PROGRA~1\MI3AA1~1\wcescomm.exe" [2006-06-26 16:13 1207080] "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-11-30 16:56 1306624] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-01-29 15:36 25370152] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StatusClient 2.6"="C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2004-02-27 20:29 61440] "TomcatStartup 2.5"="C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-05-20 19:40 188416] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-01-07 13:02 49152] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-09-27 12:37 667718] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-09-27 12:37 602182] "EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-09-27 12:41 569413] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 23:56 110592 C:\WINDOWS\system32\bthprops.cpl] "PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2005-12-13 08:49 217088] "TempRemove"="C:\Program Files\Crystal Ball\CB Predictor\terminator.exe" [1998-12-19 11:06 7680] "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12 483328] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2008-04-26 20:49 582992] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 14:44 98394] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 14:43 688218] "RTHDCPL"="RTHDCPL.EXE" [2005-08-09 15:17 14743552 C:\WINDOWS\RTHDCPL.EXE] "PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2005-08-31 19:59 147456] "LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2005-10-11 14:04 462848] "LaunchApp"="Alaunch" [] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 05:00 208952] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-18 20:09 94208] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-18 20:10 114688] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-18 20:06 77824] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe] "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2008-04-26 20:49 385024] "ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-15 10:03 2893824] "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 19:51 53248] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ iFormat.lnk - C:\Program Files\UFDisk\UFDisk Format Tool\iFormat.exe [2007-02-11 11:16:54 798720] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-04-20 08:32:06 389120] Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe [2007-06-13 17:23:23 25214] [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au] "NoAutoUpdate"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.mkdmp3enc"= C:\PROGRA~1\Acer\ACERAR~1\Kernel\Burner\MKDMP3Enc.ACM "VIDC.HFYU"= huffyuv.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk] backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk] backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^IT^Start Menu^Programs^Startup^palmOne Registration.lnk] backup=C:\WINDOWS\pss\palmOne Registration.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Scheduler] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "C:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"= "C:\\Program Files\\UTORRENT\\utorrent.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10] R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 18:08] R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58] R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##172.16.3.70#GLOBAL] \Shell\Auto\command - N:\setup.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] \Shell\AutoRun\command - E:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b2c753e-c6a6-11dc-8953-0016ceefd597}] \Shell\AutoRun\command - wd_windows_tools\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b9e0985-af60-11db-88ca-0013ceec6868}] \Shell\Auto\command - F:\setup.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe Newly Created Service - CATCHME . ************************************************************************ catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-28 22:27:55 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** "ImagePath"="\"C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe\"\00\|5\01\00�\00\00\00\00\0c\00\00\00D\00\00\00\00\00R\02\18�\|\00\00\00\00~\00\00\00�- [\02��\|~\00\00\00x\01\15\00��\13\00E\1d�\|�\1b" . Completion time: 2008-04-28 22:28:15 ComboFix-quarantined-files.txt 2008-04-28 19:28:14 Pre-Run: 15,862,005,760 bytes free Post-Run: 15,841,542,144 bytes free 144 ************************************* Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:29, on 2008-04-28 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Acer\Acer Arcade\PCMService.exe C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\hkcmd.exe C:\PROGRA~1\MI3AA1~1\wcescomm.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Skype\Phone\Skype.exe C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\UFDisk\UFDisk Format Tool\iFormat.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.1.192:8080 O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray O4 - HKLM\..\Run: [TempRemove] "C:\Program Files\Crystal Ball\CB Predictor\terminator.exe" O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe" O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe" O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: iFormat.lnk = C:\Program Files\UFDisk\UFDisk Format Tool\iFormat.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210 O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU) O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1145496174593 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Alghanim.com O17 - HKLM\Software\..\Telephony: DomainName = Alghanim.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Alghanim.com O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- End of file - 10610 bytes

Rorschach112 View Member Profile	Apr 28 2008, 02:52 PM Post #5
GeekU Teacher Posts: 29,623 From: Dublin OS: XP	Hello Go to this site: http://www.virustotal.com/ On top you'll find 'Browse' Click the browse button and browse to the file: C:\WINDOWS\system32\dllcache\sysinfo.exe Click open. Then click the 'Send' button next to it. This will scan the file. Please be patient. Once scanned, copy and paste the results as well in your next reply. 1. Close any open browsers. 2. Open notepad and copy/paste the text in the quotebox below into it: QUOTE File:: N:\setup.exe F:\setup.exe E:\LaunchU3.exe Folder:: C:\FOUND.001 C:\FOUND.000 Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##172.16.3.70#GLOBAL] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b2c753e-c6a6-11dc-8953-0016ceefd597}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b9e0985-af60-11db-88ca-0013ceec6868}] Driver:: Save this as CFScript.txt, in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at "C:\ComboFix.txt" Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall Reboot and do this Download NIAP to your desktop and unzip it to it's own folder Close all windows and run NIAP_XRay_FileMgr Click the Log tab at the top and click Create System log. Check the boxes beside Autorun.inf file. and System Critical Files and click OK. Save the log to your desktop and let the program run. Exit out of NIAP_XRay_FileMgr Next run NIAP_XRay_Regedit Click the Log tab then click on Get log. Once it is finished scanning, click Save and call the log NiapReg, then save it to your desktop Exit out of NIAP_XRay_Regedit Finally run NIAP_XRay_System Click the Log tab and click Create log. Check all the boxes and click Log, save it to your desktop. Let the program run. Once it is done close the program and post the log back here along with the other two logs.

kifera View Member Profile	Apr 30 2008, 10:39 AM Post #6
Member Posts: 22 OS: windows xp	Hi, here are the new logs File sysinfo.exe received on 04.29.2008 22:19:54 (CET) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 0/31 (0%) Loading server information... Your file is queued in position: 3. Estimated start time is between 43 and 61 seconds. Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result AhnLab-V3 2008.4.30.0 2008.04.29 - AntiVir 7.8.0.10 2008.04.29 - Authentium 4.93.8 2008.04.27 - Avast 4.8.1169.0 2008.04.29 - AVG 7.5.0.516 2008.04.29 - BitDefender 7.2 2008.04.29 - CAT-QuickHeal 9.50 2008.04.29 - ClamAV 0.92.1 2008.04.29 - DrWeb 4.44.0.09170 2008.04.29 - eSafe 7.0.15.0 2008.04.28 - eTrust-Vet 31.3.5744 2008.04.29 - Ewido 4.0 2008.04.29 - F-Prot 4.4.2.54 2008.04.28 - F-Secure 6.70.13260.0 2008.04.29 - Fortinet 3.14.0.0 2008.04.29 - Ikarus T3.1.1.26.0 2008.04.29 - Kaspersky 7.0.0.125 2008.04.29 - McAfee 5284 2008.04.29 - Microsoft 1.3408 2008.04.22 - NOD32v2 3064 2008.04.29 - Norman 5.80.02 2008.04.29 - Panda 9.0.0.4 2008.04.29 - Prevx1 V2 2008.04.29 - Rising 20.42.12.00 2008.04.29 - Sophos 4.28.0 2008.04.29 - Sunbelt 3.0.1056.0 2008.04.17 - Symantec 10 2008.04.29 - TheHacker 6.2.92.297 2008.04.29 - VBA32 3.12.6.5 2008.04.29 - VirusBuster 4.3.26:9 2008.04.29 - Webwasher-Gateway 6.6.2 2008.04.29 - Additional information File size: 68096 bytes MD5...: 62e1b537f1df9edadccd77105f51b9ab SHA1..: 0851f5488b7f7234d86e4851833a72597f6f2c47 SHA256: 552a7a91ce3779250e3e954508e7af4c95425523fddca626af031c43223fcd66 SHA512: 0b6accdda8f2188f785865d06c16fb9c3b397c038d754907fd80efb6a30a689e 88ff5c0bd982b761f9452a4e795f0d1403525143f1ab8ec3f0778881cd9813a9 PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x100825b timedatestamp.....: 0x3b7d846f (Fri Aug 17 20:54:07 2001) machinetype.......: 0x100 (invalid) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0xd418 0xd600 6.16 5b865e8842eaa1dd31d147e7af9da41a .data 0xf000 0x6c 0x200 0.42 e2414457dbea3421dfc9b0e511403761 .tls 0x10000 0x15 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b .rsrc 0x11000 0x2b08 0x2c00 3.44 8a4238f2d665f9713e8208e2e27cc296 ( 10 imports ) > msvcrt.dll: __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, __1type_info@@UAE@XZ, _controlfp, _except_handler3, _terminate@@YAXXZ, __CxxFrameHandler, _iob, __2@YAPAXI@Z, _ui64tow, _wtoi64, _ftol, _wcsicmp, _initterm, __wgetmainargs, __winitenv, calloc, free, wcstod, wcstol, wcsstr, wcsncmp, _wcsnicmp, realloc, fflush, fprintf, wcschr, strtok, exit, _cexit, _XcptFilter, _exit, _c_exit, _CxxThrowException, wcstok, wcslen, wcscpy, __3@YAXPAX@Z > ADVAPI32.dll: RegQueryValueExW, RegConnectRegistryW, RegOpenKeyExW, RegCloseKey > KERNEL32.dll: GetConsoleMode, SetConsoleMode, ReadFile, ReadConsoleW, MultiByteToWideChar, LoadLibraryW, GetProcAddress, FreeLibrary, lstrcpynW, WideCharToMultiByte, VerSetConditionMask, VerifyVersionInfoW, lstrcmpW, LocalFree, lstrcatW, FormatMessageW, LocalAlloc, InterlockedIncrement, GetStdHandle, lstrcpyW, GetDateFormatW, GetTimeFormatW, InterlockedDecrement, GetLastError, GetConsoleScreenBufferInfo, GetUserDefaultLCID, lstrcmpiW, GetComputerNameExW, FileTimeToSystemTime, GetModuleHandleA, lstrlenW, WriteConsoleW, SetConsoleCursorPosition, SetLastError, GetNumberFormatW, GetLocaleInfoW > USER32.dll: LoadStringW, CharUpperW, wsprintfW > MPR.dll: WNetGetLastErrorW, WNetCancelConnection2W > ole32.dll: CoTaskMemAlloc, CoCreateInstance, CoInitializeSecurity, CoInitializeEx, CoTaskMemFree, CoUninitialize > OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, - > framedyn.dll: _Empty@CHString@@QAEXXZ, _Compare@CHString@@QBEHPBG@Z, __YCHString@@QAEABV0@PBG@Z, _Left@CHString@@QBE_AV1@H@Z, _FindOneOf@CHString@@QBEHPBG@Z, _Find@CHString@@QBEHG@Z, _Mid@CHString@@QBE_AV1@H@Z, __0CHString@@QAE@PBG@Z, _GetData@CHString@@IBEPAUCHStringData@@XZ, __4CHString@@QAEABV0@PBG@Z, __1CHString@@QAE@XZ, __4CHString@@QAEABV0@ABV0@@Z, _Right@CHString@@QBE_AV1@H@Z, __0CHString@@QAE@XZ, _ReleaseBuffer@CHString@@QAEXH@Z, _GetBufferSetLength@CHString@@QAEPAGH@Z, _GetBuffer@CHString@@QAEPAGH@Z, _Mid@CHString@@QBE_AV1@HH@Z, _Format@CHString@@QAAXPBGZZ, __YCHString@@QAEABV0@ABV0@@Z, __H@YG_AVCHString@@PBGABV0@@Z > Secur32.dll: GetUserNameExW > WS2_32.dll: -, -, -, -, - ( 0 exports ) ************************* ComboFix 08-04-24.1 - Nkulik 2008-04-29 20:51:04.6 - FAT32*x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.254 [GMT 3:00] Running from: C:\Documents and Settings\nruskulik\Desktop\Combo-Fix.exe Command switches used :: C:\Documents and Settings\nruskulik\Desktop\CFScript.txt Created a new restore point FILE :: E:\LaunchU3.exe F:\setup.exe N:\setup.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\FOUND.000 C:\FOUND.000\FILE0000.CHK C:\FOUND.001 C:\FOUND.001\FILE0000.CHK . ((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-29 ))))))))))))))))))))))))))))))) . 2008-04-29 08:15 . 2008-04-29 08:15 <DIR> dr-h----- C:\$VAULT$.AVG 2008-04-28 23:01 . 2008-04-28 23:01 <DIR> d-------- C:\Documents and Settings\nruskulik\Application Data\AVG7 2008-04-28 23:01 . 2008-04-28 23:01 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2008-04-28 23:00 . 2008-04-28 23:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-04-28 23:00 . 2008-04-28 23:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7 2008-04-26 21:23 . 2008-04-26 21:23 <DIR> d-------- C:\Documents and Settings\nruskulik\DoctorWeb 2008-04-26 21:07 . 2008-04-26 05:40 <DIR> d-------- C:\SDFix 2008-04-26 20:32 . 2008-04-26 20:32 <DIR> d-------- C:\Program Files\doc 2008-04-26 10:01 . 2008-04-26 10:01 <DIR> d-------- C:\Program Files\Trend Micro 2008-04-26 03:24 . 2008-04-26 03:24 <DIR> d-------- C:\Deckard 2008-04-25 23:26 . 2008-04-25 23:26 <DIR> d-------- C:\Program Files\McAfee.com 2008-04-25 23:26 . 2008-04-25 23:26 <DIR> d-------- C:\Program Files\McAfee 2008-04-25 23:26 . 2008-04-25 23:26 <DIR> d-------- C:\Program Files\Common Files\McAfee 2008-04-25 23:07 . 2008-04-25 23:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee 2008-04-25 22:28 . 2008-04-25 22:28 <DIR> d-------- C:\Documents and Settings\nruskulik\Application Data\Malwarebytes 2008-04-25 22:28 . 2008-04-25 22:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-04-25 22:27 . 2008-04-25 22:28 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-04-25 22:17 . 2008-04-25 22:17 <DIR> d-------- C:\Documents and Settings\nruskulik\Application Data\U3 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-26 01:20 68,096 ----a-w C:\WINDOWS\system32\dllcache\sysinfo.exe 2008-04-26 01:20 14,848 ----a-w C:\WINDOWS\system32\dllcache\register.exe 2008-02-12 13:14 78,756 ----a-w C:\Program Files\release_notes_kav7.0mp1cf1_en.html 2008-02-08 16:04 72,264 ----a-w C:\Program Files\setup.exe 2008-02-08 16:03 30,529,024 ----a-w C:\Program Files\kav.en.msi 2007-08-02 13:53 536 ----a-w C:\Program Files\setup.reg . ((((((((((((((((((((((((((((( snapshot@2008-04-28_22.28.06.01 ))))))))))))))))))))))))))))))))))))))))) . + 2008-04-28 20:00:42 821,856 ----a-w C:\WINDOWS\system32\drivers\avg7core.sys + 2008-04-28 20:00:46 4,224 ----a-w C:\WINDOWS\system32\drivers\avg7rsw.sys + 2008-04-28 20:00:46 27,776 ----a-w C:\WINDOWS\system32\drivers\avg7rsxp.sys + 2008-04-28 20:00:48 10,760 ----a-w C:\WINDOWS\system32\drivers\avgclean.sys + 2008-04-28 20:00:48 26,952 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"="C:\PROGRA~1\MI3AA1~1\wcescomm.exe" [2006-06-26 16:13 1207080] "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-11-30 16:56 1306624] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-01-29 15:36 25370152] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StatusClient 2.6"="C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2004-02-27 20:29 61440] "TomcatStartup 2.5"="C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-05-20 19:40 188416] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-01-07 13:02 49152] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-09-27 12:37 667718] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-09-27 12:37 602182] "EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-09-27 12:41 569413] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 23:56 110592 C:\WINDOWS\system32\bthprops.cpl] "PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2005-12-13 08:49 217088] "TempRemove"="C:\Program Files\Crystal Ball\CB Predictor\terminator.exe" [1998-12-19 11:06 7680] "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12 483328] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2008-04-26 20:49 582992] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 14:44 98394] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 14:43 688218] "RTHDCPL"="RTHDCPL.EXE" [2005-08-09 15:17 14743552 C:\WINDOWS\RTHDCPL.EXE] "PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2005-08-31 19:59 147456] "LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2005-10-11 14:04 462848] "LaunchApp"="Alaunch" [] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 05:00 208952] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-18 20:09 94208] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-18 20:10 114688] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-18 20:06 77824] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe] "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2008-04-26 20:49 385024] "ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-15 10:03 2893824] "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 19:51 53248] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-28 23:00 579584] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-28 23:00 219136] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ iFormat.lnk - C:\Program Files\UFDisk\UFDisk Format Tool\iFormat.exe [2007-02-11 11:16:54 798720] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-04-20 08:32:06 389120] Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe [2007-06-13 17:23:23 25214] [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au] "NoAutoUpdate"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.mkdmp3enc"= C:\PROGRA~1\Acer\ACERAR~1\Kernel\Burner\MKDMP3Enc.ACM "VIDC.HFYU"= huffyuv.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk] backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk] backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^IT^Start Menu^Programs^Startup^palmOne Registration.lnk] backup=C:\WINDOWS\pss\palmOne Registration.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Scheduler] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "C:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"= "C:\\Program Files\\UTORRENT\\utorrent.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10] R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 18:08] R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58] R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57] Newly Created Service - AVG7ALRT Newly Created Service - AVG7CORE Newly Created Service - AVG7RSXP Newly Created Service - AVG7UPDSVC Newly Created Service - AVGCLEAN Newly Created Service - CATCHME . ************************************************************************ catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-29 20:53:08 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ "ImagePath"="\"C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe\"\00\|5\01\00�\00\00\00\00\0c\00\00\00D\00\00\00\00\00R\02\18�\|\00\00\00\00~\00\00\00�- [\02��\|~\00\00\00x\01\15\00��\13\00E\1d�\|�\1b" . Completion time: 2008-04-29 20:53:27 ComboFix-quarantined-files.txt 2008-04-29 17:53:26 ComboFix2.txt 2008-04-28 19:28:18 Pre-Run: 15,646,277,632 bytes free Post-Run: 15,638,724,608 bytes free 164

kifera View Member Profile	Apr 30 2008, 10:43 AM Post #7
Member Posts: 22 OS: windows xp	# NIAP_XRay_FileMgr.exe 0.0.0.4 # 2008-04-30 19:25:41 # ------------------------------------------------------------------------ # Scan Autorun.inf in: Z:\ # Scan Autorun.inf in: W:\ # Scan Autorun.inf in: N:\ # Scan Autorun.inf in: G:\ # Not Found. # Scan Autorun.inf in: F:\ # Scan Autorun.inf in: D:\ # Not Found. # Scan Autorun.inf in: C:\ # Not Found. # Verify System Critical File C:\WINDOWS\explorer.exe;OK C:\WINDOWS\system32\win32k.sys;OK C:\WINDOWS\system32\watchdog.sys;OK C:\WINDOWS\system32\hal.dll;OK C:\WINDOWS\system32\ntkrnlpa.exe;OK C:\WINDOWS\system32\ntoskrnl.exe;OK C:\WINDOWS\system32\smss.exe;OK C:\WINDOWS\system32\csrss.exe;OK C:\WINDOWS\system32\winlogon.exe;OK C:\WINDOWS\system32\lsass.exe;OK C:\WINDOWS\system32\services.exe;OK C:\WINDOWS\system32\svchost.exe;OK C:\WINDOWS\system32\userinit.exe;OK C:\WINDOWS\system32\drivers\acpi.sys;OK C:\WINDOWS\system32\drivers\atapi.sys;OK C:\WINDOWS\system32\drivers\beep.sys;OK C:\WINDOWS\system32\drivers\cdfs.sys;OK C:\WINDOWS\system32\drivers\cdrom.sys;OK C:\WINDOWS\system32\drivers\disk.sys;OK C:\WINDOWS\system32\drivers\fastfat.sys;OK C:\WINDOWS\system32\drivers\fs_rec.sys;OK C:\WINDOWS\system32\drivers\ftdisk.sys;OK C:\WINDOWS\system32\drivers\i8042prt.sys;OK C:\WINDOWS\system32\drivers\kbdclass.sys;OK C:\WINDOWS\system32\drivers\mouclass.sys;OK C:\WINDOWS\system32\drivers\ndis.sys;OK C:\WINDOWS\system32\drivers\ntfs.sys;OK C:\WINDOWS\system32\drivers\null.sys;OK C:\WINDOWS\system32\drivers\partmgr.sys;OK C:\WINDOWS\system32\drivers\pci.sys;OK C:\WINDOWS\system32\drivers\pciidex.sys;OK C:\WINDOWS\system32\drivers\redbook.sys;OK C:\WINDOWS\system32\drivers\scsiport.sys;OK C:\WINDOWS\system32\drivers\sr.sys;OK C:\WINDOWS\system32\drivers\termdd.sys;OK C:\WINDOWS\system32\drivers\usbhub.sys;OK C:\WINDOWS\system32\drivers\usbport.sys;OK C:\WINDOWS\system32\drivers\volsnap.sys;OK C:\WINDOWS\system32\drivers\tcpip.sys;OK C:\WINDOWS\system32\drivers\tdi.sys;OK Report: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\: Name:StatusClient 2.6 , Path:C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto Name:TomcatStartup 2.5 , Path:C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe Name:HP Software Update , Path:"C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" Name:IntelZeroConfig , Path:"C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" Name:IntelWireless , Path:"C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless Name:EOUApp , Path:"C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" Name:BluetoothAuthenticationAgent , Path:rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent Name:PCSuiteTrayApplication , Path:C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray Name:TempRemove , Path:"C:\Program Files\Crystal Ball\CB Predictor\terminator.exe" Name:Acrobat Assistant 7.0 , Path:"C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" Name:mcagent_exe , Path:C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey Name:SynTPLpr , Path:C:\Program Files\Synaptics\SynTP\SynTPLpr.exe Name:SynTPEnh , Path:C:\Program Files\Synaptics\SynTP\SynTPEnh.exe Name:RTHDCPL , Path:RTHDCPL.EXE Name:PCMService , Path:"C:\Program Files\Acer\Acer Arcade\PCMService.exe" Name:LManager , Path:C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE Name:LaunchApp , Path:Alaunch Name:IMJPMIG8.1 , Path:"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 Name:igfxtray , Path:C:\WINDOWS\system32\igfxtray.exe Name:igfxpers , Path:C:\WINDOWS\system32\igfxpers.exe Name:igfxhkcmd , Path:C:\WINDOWS\system32\hkcmd.exe Name:High Definition Audio Property Page Shortcut , Path:HDAShCut.exe Name:eRecoveryService , Path:C:\Acer\Empowering Technology\eRecovery\Monitor.exe Name:ePowerManagement , Path:C:\Acer\ePM\ePM.exe boot Name:AzMixerSel , Path:C:\Program Files\Realtek\InstallShield\AzMixerSel.exe Name:AVG7_CC , Path:C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\: Name:H/PC Connection Agent , Path:"C:\PROGRA~1\MI3AA1~1\wcescomm.exe" Name:PcSync , Path:C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog Name:ctfmon.exe , Path:C:\WINDOWS\system32\ctfmon.exe Name:Skype , Path:"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\: HKCC\Software\Microsoft\Windows NT\CurrentVersion\Windows\[Load]: Value: None HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\[Userinit]: Value: C:\WINDOWS\system32\userinit.exe, HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\[Shell]: Value: Explorer.exe HKLM\SYSTEM\ControlSet001\Control\Session Manager\[BootExecute]: Value: autocheck autochk * lsdelete BHO Items List: {AE7CD045-E861-484f-8273-0445EE161910} InprocServer32:C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll ThreadingModel:Apartment ProgID:Adobe.AcroIEToolbarHelper.1 Programmable: TypeLib:{04C567CB-A52F-41f4-9628-10CC965E7179} VersionIndependentProgID:Adobe.AcroIEToolbarHelper File Links List: .txt: %SystemRoot%\system32\NOTEPAD.EXE %1 .exe: "%1" %* .com: "%1" %* .pif: "%1" %* .bat: "%1" %* .reg: regedit.exe "%1" .chm: "C:\WINDOWS\hh.exe" %1 .hlp: %SystemRoot%\System32\winhlp32.exe %1 .ini: %SystemRoot%\System32\NOTEPAD.EXE %1 .inf: %SystemRoot%\System32\NOTEPAD.EXE %1 .vbs: %SystemRoot%\System32\WScript.exe "%1" %* .js: %SystemRoot%\System32\WScript.exe "%1" %* .lnk: CLSID: {00021401-0000-0000-C000-000000000046} shell32.dll Image File Execution Options: Your Image File Name Here without a path: ntsd -d HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\[AppInit_DLLs]: Value: ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} : URL Exec Hook InProcServer32:shell32.dll {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} : SABShellExecuteHook Class InProcServer32:C:\Program Files\SUPERAntiSpyware\SASSEH.DLL HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AeDebug\[Debugger]: Value: drwtsn32 -p %ld -e %ld -g Kernel Drivers: AegisP DisplayName:AEGIS Protocol (IEEE 802.1x) v3.4.5.0 Description:AEGIS Protocol (IEEE 802.1x) v3.4.5.0 ImagePath:system32\DRIVERS\AegisP.sys ObjectName:None Start:SERVICE_AUTO_START(2) Type:SERVICE_KERNEL_DRIVER(1) Avg7Core DisplayName:AVG7 Kernel Description:None ImagePath:\SystemRoot\System32\Drivers\avg7core.sys ObjectName:None Start:SERVICE_SYSTEM_START(1) Type:SERVICE_KERNEL_DRIVER(1) Avg7RsW DisplayName:AVG7 Wrap Driver Description:None ImagePath:\SystemRoot\System32\Drivers\avg7rsw.sys ObjectName:None Start:SERVICE_SYSTEM_START(1) Type:SERVICE_KERNEL_DRIVER(1) Avg7RsXP DisplayName:AVG7 Resident Driver XP Description:None ImagePath:\SystemRoot\System32\Drivers\avg7rsxp.sys ObjectName:None Start:SERVICE_SYSTEM_START(1) Type:SERVICE_KERNEL_DRIVER(1) btaudio DisplayName:Bluetooth Audio Device Description:None ImagePath:system32\drivers\btaudio.sys [File not found] ObjectName:None Start:SERVICE_DEMAND_START(3) Type:SERVICE_KERNEL_DRIVER(1) BTDriver DisplayName:Bluetooth Virtual Communications Driver Description:None ImagePath:system32\DRIVERS\btport.sys [File not found] ObjectName:None Start:SERVICE_DEMAND_START(3) Type:SERVICE_KERNEL_DRIVER(1) BTKRNL DisplayName:Bluetooth Bus Enumerator Description:None ImagePath:system32\DRIVERS\btkrnl.sys [File not found] ObjectName:None Start:SERVICE_DEMAND_START(3) Type:SERVICE_KERNEL_DRIVER(1) BTSLBCSP DisplayName:Bluetooth Port Client Driver Description:None ImagePath:\??\C:\WINDOWS\system32\drivers\btslbcsp.sys [File not found] ObjectName:None Start:SERVICE_AUTO_START(2) Type:SERVICE_KERNEL_DRIVER(1) BTWDNDIS DisplayName:Bluetooth LAN Access Server Description:None ImagePath:system32\DRIVERS\btwdndis.sys [File not found] ObjectName:None Start:SERVICE_DEMAND_START(3) Type:SERVICE_KERNEL_DRIVER(1) btwmodem DisplayName:Bluetooth Modem Description:None ImagePath:system32\DRIVERS\btwmodem.sys ObjectName:None Start:SERVICE_DEMAND_START(3) Type:SERVICE_KERNEL_DRIVER(1) BTWUSB DisplayName:WIDCOMM USB Bluetooth Driver Description:None ImagePath:System32\Drivers\btwusb.sys [File not found] ObjectName:None Start:SERVICE_DEMAND_START(3) Type:SERVICE_KERNEL_DRIVER(1) EpmPsd DisplayName:Acer EPM Power Scheme Driver Description:None ImagePath:\??\C:\WINDOWS\system32\drivers\epm-psd.sys ObjectName:None Start:SERVICE_AUTO_START(2) Type:SERVICE_KERNEL_DRIVER(1) EpmShd DisplayName:Acer EPM System Hardware Driver Description:None ImagePath:\??\C:\WINDOWS\system32\drivers\epm-shd.sys ObjectName:None Start:SERVICE_AUTO_START(2) Type:SERVICE_KERNEL_DRIVER(1) ISODrive DisplayName:ISO CD-ROM Device Driver Description:None ImagePath:\??\C:\Program Files\UltraISO\drivers\ISODrive.sys ObjectName:None Start:SERVICE_SYSTEM_START(1) Type:SERVICE_FILE_SYSTEM_DRIVER(2) NIAPSafe DisplayName:NIAPSafe Description:None ImagePath:\??\G:\NIAP 0.5\NIAPMirrorSystem.sys ObjectName:None Start:SERVICE_DISABLED(4) Type:SERVICE_KERNEL_DRIVER(1) NTIDrvr DisplayName:Upper Class Filter Driver Description:None ImagePath:system32\DRIVERS\NTIDrvr.sys ObjectName:None Start:SERVICE_DEMAND_START(3) Type:SERVICE_KERNEL_DRIVER(1) osaio DisplayName:osaio Description:None ImagePath:\??\C:\WINDOWS\system32\drivers\osaio.sys ObjectName:None Start:SERVICE_AUTO_START(2) Type:SERVICE_KERNEL_DRIVER(1) osanbm DisplayName:osanbm Description:None ImagePath:\??\C:\WINDOWS\system32\drivers\osanbm.sys ObjectName:None Start:SERVICE_AUTO_START(2) Type:SERVICE_KERNEL_DRIVER(1) s24trans DisplayName:WLAN Transport Description:WLAN Transport ImagePath:system32\DRIVERS\s24trans.sys ObjectName:None Start:SERVICE_AUTO_START(2) Type:SERVICE_KERNEL_DRIVER(1) SASDIFSV DisplayName:SASDIFSV Description:None ImagePath:\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS ObjectName:None Start:SERVICE_SYSTEM_START(1) Type:SERVICE_KERNEL_DRIVER(1) SASENUM DisplayName:SASENUM Description:None ImagePath:\??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ObjectName:None Start:SERVICE_DEMAND_START(3) Type:SERVICE_KERNEL_DRIVER(1) SASKUTIL DisplayName:SASKUTIL Description:None ImagePath:\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys ObjectName:None Start:SERVICE_SYSTEM_START(1) Type:SERVICE_KERNEL_DRIVER(1) Services: anbmService DisplayName:Notebook Manager Service Description:None ImagePath:C:\Acer\eManager\anbmServ.exe ObjectName:LocalSystem Start:SERVICE_AUTO_START(2) Type:None Avg7Alrt DisplayName:AVG7 Alert Manager Server Description:None ImagePath:C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe ObjectName:LocalSystem Start:SERVICE_AUTO_START(2) Type:None Avg7UpdSvc DisplayName:AVG7 Update Service Description:None ImagePath:C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe ObjectName:LocalSystem Start:SERVICE_AUTO_START(2) Type:SERVICE_WIN32_OWN_PROCESS(16) CLCapSvc DisplayName:CyberLink Background Capture Service (CBCS) Description:Provides background buffering, recording and burning functionality for CyberLink Capturing ImagePath:"C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe" ObjectName:LocalSystem Start:SERVICE_AUTO_START(2) Type:None CLSched DisplayName:CyberLink Task Scheduler (CTS) Description:Enables a user to configure and schedule a automated task for CyberLink Scheduling ImagePath:"C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe" ObjectName:LocalSystem Start:SERVICE_AUTO_START(2) Type:None CyberLink Media Library Service DisplayName:CyberLink Media Library Service Description:None ImagePath:"C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe" ObjectName:LocalSystem Start:SERVICE_AUTO_START(2) Type:None EvtEng DisplayName:Intel® PROSet/Wireless Event Log Description:Manages the event trace messages for all the components of Intel® PROSet/Wireless software. ImagePath:C:\Program Files\Intel\Wireless\Bin\EvtEng.exe ObjectName:LocalSystem Start:SERVICE_AUTO_START(2) Type:SERVICE_WIN32_OWN_PROCESS(16) HidServ DisplayName:Human Interface Device Access Description:Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start. ImagePath:%SystemRoot%\System32\svchost.exe -k netsvcs ServiceDll:%SystemRoot%\System32\hidserv.dll [File not found] ObjectName:LocalSystem Start:SERVICE_DISABLED(4) Type:SERVICE_WIN32_SHARE_PROCESS(32) Pml Driver HPZ12 DisplayName:Pml Driver HPZ12 Description:None ImagePath:C:\WINDOWS\system32\HPZipm12.exe ObjectName:LocalSystem Start:SERVICE_DEMAND_START(3) Type:SERVICE_WIN32_OWN_PROCESS(16) RegSrvc DisplayName:Intel® PROSet/Wireless Registry Service Description:Intel® PROSet/Wireless Registry Service ImagePath:C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe ObjectName:LocalSystem Start:SERVICE_AUTO_START(2) Type:SERVICE_WIN32_OWN_PROCESS(16) RichVideo DisplayName:Cyberlink RichVideo Service(CRVS) Description:None ImagePath:"C:\Program Files\CyberLink\Shared Files\RichVideo.exe" ObjectName:LocalSystem Start:SERVICE_AUTO_START(2) Type:None rpcapd DisplayName:Remote Packet Capture Protocol v.0 (experimental) Description:Allows to capture traffic on this machine from a remote machine. ImagePath:"%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" ObjectName:LocalSystem Start:SERVICE_DEMAND_START(3) Type:None S24EventMonitor DisplayName:Intel® PROSet/Wireless Service Description:Wireless Management Service for Intel® PROSet/Wireless ImagePath:C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe ObjectName:LocalSystem Start:SERVICE_AUTO_START(2) Type:None NIAP_XRay_System Version 0.0.0.5 System log Process: PID \| EPROCESS \| Process Name \| Module Path 00000004 837C9490 System 0000009C 8352D990 CLMLSERVICE.EXE C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe 000000CC 8343B920 MDM.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE 00000128 8344BB98 REGSRVC.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe 00000140 83446668 RICHVIDEO.EXE C:\Program Files\CyberLink\Shared Files\RichVideo.exe 00000198 8345FA60 WDFMGR.EXE C:\WINDOWS\system32\wdfmgr.exe 000001E0 83553788 CLSCHED.EXE C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe 00000250 83433DA0 STATUSCLIENT.EX C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe 00000268 83472DA0 FXSSVC.EXE C:\WINDOWS\system32\fxssvc.exe 00000274 833BADA0 SMSS.EXE \SystemRoot\System32\smss.exe 00000290 83476990 HPWUSCHD2.EXE C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe 00000294 83470580 ZCFGSVC.EXE C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe 00000298 8346F9D0 IFRMEWRK.EXE C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe 000002A4 83477DA0 EOUWIZ.EXE C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe 000002AC 834CC260 CSRSS.EXE \??\C:\WINDOWS\system32\csrss.exe 000002B0 834773D0 RUNDLL32.EXE C:\WINDOWS\system32\rundll32.exe 000002C4 834C6DA0 WINLOGON.EXE \??\C:\WINDOWS\system32\winlogon.exe 000002F0 835253A8 SERVICES.EXE C:\WINDOWS\system32\services.exe 000002FC 83537DA0 LSASS.EXE C:\WINDOWS\system32\lsass.exe 00000364 8367C020 LAUNCH~1.EXE C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE 00000390 83538268 SVCHOST.EXE C:\WINDOWS\system32\svchost.exe 00000398 833688E0 SYNTPENH.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 000003A4 834B2C30 ACROTRAY.EXE C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe 000003AC 834B2368 SYNTPLPR.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe 000003D4 83528760 SVCHOST.EXE C:\WINDOWS\system32\svchost.exe 000003F0 833C3418 IGFXPERS.EXE C:\WINDOWS\system32\igfxpers.exe 00000400 834EA5E8 SVCHOST.EXE C:\WINDOWS\System32\svchost.exe 0000041C 834B13F8 RTHDCPL.EXE C:\WINDOWS\RTHDCPL.EXE 00000420 83697658 QTZGACER.EXE C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE 00000454 83575688 PCMSERVICE.EXE C:\Program Files\Acer\Acer Arcade\PCMService.exe 00000484 833948F0 IGFXTRAY.EXE C:\WINDOWS\system32\igfxtray.exe 0000048C 83485020 EVTENG.EXE C:\Program Files\Intel\Wireless\Bin\EvtEng.exe 000004B8 834CEA40 S24EVMON.EXE C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe 000004DC 834FA020 SVCHOST.EXE C:\WINDOWS\system32\svchost.exe 000004E8 834B6DA0 HKCMD.EXE C:\WINDOWS\system32\hkcmd.exe 000004F8 8351FC68 SVCHOST.EXE C:\WINDOWS\system32\svchost.exe 0000053C 83493590 SPOOLSV.EXE C:\WINDOWS\system32\spoolsv.exe 000005C0 8343EB28 ANBMSERV.EXE C:\Acer\eManager\anbmServ.exe 000005CC 82A4E9E8 avgcc.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe 000005D8 828ABB98 WCESCOMM.EXE C:\PROGRA~1\MI3AA1~1\wcescomm.exe 000005E8 82906598 PCSYNC2.EXE C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe 000005F0 82905390 CTFMON.EXE C:\WINDOWS\system32\ctfmon.exe 000005F8 828A7DA0 SKYPE.EXE C:\Program Files\Skype\Phone\Skype.exe 000006AC 83594508 avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe 000007B4 8346EDA0 avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe 000007C0 8343AC68 SVCHOST.EXE C:\WINDOWS\system32\svchost.exe 000007D0 8346DDA0 EXPLORER.EXE C:\WINDOWS\Explorer.EXE 000007DC 833E0578 CLCAPSVC.EXE C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe 000007F4 83438DA0 CLMLSERVER.EXE C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe 0000081C 827DB968 IFORMAT.EXE C:\Program Files\UFDisk\UFDisk Format Tool\iFormat.exe 00000824 828F60B8 RAPIMGR.EXE C:\PROGRA~1\MI3AA1~1\rapimgr.exe 0000083C 82899DA0 MPAPI3s.exe C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe 000008AC 828984C8 WZQKPICK.EXE C:\Program Files\WinZip\WZQKPICK.EXE 000008B4 827CBDA0 JAVAW.EXE C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe 000008F4 83621B58 acrobat_sl.exe C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe 00000C64 82927558 avgw.exe C:\PROGRA~1\Grisoft\AVG7\avgw.exe 00000D98 836736D8 wuauclt.exe C:\WINDOWS\system32\wuauclt.exe 00000ED8 827F16A8 alg.exe C:\WINDOWS\System32\alg.exe 00000FB0 8289F9A0 NIAP_XRay_Syste G:\NIAP 0.5\NIAP_XRay_System.exe 00000FD0 8261E240 NIAP_XRay_Syste G:\NIAP 0.5\NIAP_XRay_System.exe Kernel Module: EntryPoint \| Module Base \| Image Size \| Module Path 806AC2BE 804D7000 00214100 ntoskrnl.exe \WINDOWS\system32\ntoskrnl.exe 807090BC 806EC000 00020380 hal.dll \WINDOWS\system32\hal.dll F8C43CE6 F8C43000 00002000 kdcom.dll \WINDOWS\system32\KDCOM.DLL F8B54872 F8B53000 00003000 BOOTVID.dll \WINDOWS\system32\BOOTVID.dll F871D059 F86F4000 0002E000 ACPI.sys ACPI.sys F8C45B80 F8C45000 00002000 WMILIB.SYS \WINDOWS\system32\DRIVERS\WMILIB.SYS F86F1004 F86E3000 00011000 pci.sys pci.sys F874A3E4 F8743000 00009000 isapnp.sys isapnp.sys F8B58A00 F8B57000 00003000 compbatt.sys compbatt.sys F8B5BF00 F8B5B000 00004000 BATTC.SYS \WINDOWS\system32\DRIVERS\BATTC.SYS F8D0B61E F8D0B000 00001000 pciide.sys pciide.sys F89C8205 F89C3000 00007000 PCIIDEX.SYS \WINDOWS\system32\DRIVERS\PCIIDEX.SYS F8C47B6E F8C47000 00002000 aliide.sys aliide.sys F8C49F05 F8C49000 00002000 intelide.sys intelide.sys F8C4BA94 F8C4B000 00002000 toside.sys toside.sys F8C4DE85 F8C4D000 00002000 viaide.sys viaide.sys F8C502F4 F8C4F000 00002000 cmdide.sys cmdide.sys F86DFB86 F86C5000 0001E000 pcmcia.sys pcmcia.sys F875C1B4 F8753000 0000B000 MountMgr.sys MountMgr.sys F86C14E2 F86A6000 0001F000 ftdisk.sys ftdisk.sys F8C51BF6 F8C51000 00002000 dmload.sys dmload.sys F86A1F05 F8680000 00026000 dmio.sys dmio.sys F8B60D00 F8B5F000 00003000 ACPIEC.sys ACPIEC.sys F8D0C34A F8D0C000 00001000 OPRGHDLR.SYS \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS F89CE880 F89CB000 00005000 PartMgr.sys PartMgr.sys F8B65C1A F8B63000 00004000 UBHelper.sys UBHelper.sys F876CD3E F8763000 0000D000 VolSnap.sys VolSnap.sys F8B67300 F8B67000 00004000 cpqarray.sys cpqarray.sys F867D039 F8668000 00018000 SCSIPORT.SYS \WINDOWS\system32\DRIVERS\SCSIPORT.SYS F86655F7 F8650000 00018000 atapi.sys atapi.sys F8B6CBD2 F8B6B000 00004000 aha154x.sys aha154x.sys F89D3FEA F89D3000 00005000 sparrow.sys sparrow.sys F877E808 F8773000 0000E000 aic78xx.sys aic78xx.sys F8B71A38 F8B6F000 00004000 dac960nt.sys dac960nt.sys F8785042 F8783000 00009000 ql10wnt.sys ql10wnt.sys F8B75472 F8B73000 00003000 amsint.sys amsint.sys F89DC636 F89DB000 00007000 asc.sys asc.sys F8B77F52 F8B77000 00004000 asc3550.sys asc3550.sys F89E3A78 F89E3000 00005000 mraid35x.sys mraid35x.sys F89EEF85 F89EB000 00005000 i2omp.sys i2omp.sys F8B7E1D4 F8B7B000 00004000 ini910u.sys ini910u.sys F8795034 F8793000 0000A000 ql1240.sys ql1240.sys F87AE99A F87A3000 0000E000 aic78u2.sys aic78u2.sys F89F8F86 F89F3000 00008000 symc8xx.sys symc8xx.sys F8A00A66 F89FB000 00007000 sym_hi.sys sym_hi.sys F8A09268 F8A03000 00008000 sym_u3.sys sym_u3.sys F8A0C642 F8A0B000 00006000 ABP480N5.SYS ABP480N5.SYS F8A13C3E F8A13000 00006000 asc3350p.sys asc3350p.sys F8C53A15 F8C53000 00002000 cd20xrnt.sys cd20xrnt.sys F87B8CE8 F87B3000 00009000 ultra.sys ultra.sys F8A1EE30 F8A1B000 00005000 dpti2o.sys dpti2o.sys F864B3C0 F8637000 00019000 adpu160m.sys adpu160m.sys F87C4F9C F87C3000 0000A000 ql1080.sys ql1080.sys F87D6C0A F87D3000 0000C000 ql1280.sys ql1280.sys F87E6BE8 F87E3000 0000C000 ql12160.sys ql12160.sys F8B81CE0 F8B7F000 00004000 cbidf2k.sys cbidf2k.sys F8616B00 F860B000 0002C000 dac2w2k.sys dac2w2k.sys F8A2605A F8A23000 00007000 hpn.sys hpn.sys F8A2E05A F8A2B000 00007000 perc2.sys perc2.sys F8C55DC0 F8C55000 00002000 perc2hib.sys perc2hib.sys F87FA8AB F87F3000 00009000 disk.sys disk.sys F880DE8F F8803000 0000D000 CLASSPNP.SYS \WINDOWS\system32\DRIVERS\CLASSPNP.SYS F8607D6A F85EC000 0001F000 fltMgr.sys fltMgr.sys F85E9FD4 F85DA000 00012000 sr.sys sr.sys F85D68A7 F85B7000 00023000 Fastfat.sys Fastfat.sys F85B4E29 F85A0000 00017000 KSecDD.sys KSecDD.sys F859C205 F8573000 0002D000 NDIS.sys NDIS.sys F881B885 F8813000 0000B000 sisagp.sys sisagp.sys F882BD05 F8823000 0000B000 viaagp.sys viaagp.sys F856FBFA F8558000 0001B000 Mup.sys Mup.sys F883BF85 F8833000 0000B000 alim1541.sys alim1541.sys F884BF85 F8843000 0000B000 amdagp.sys amdagp.sys F885BD85 F8853000 0000B000 agp440.sys agp440.sys F886C705 F8863000 0000B000 agpCPQ.sys agpCPQ.sys F8888885 F8883000 00009000 intelppm.sys \SystemRoot\system32\DRIVERS\intelppm.sys F8371980 F827B000 00101000 ialmnt5.sys \SystemRoot\system32\DRIVERS\ialmnt5.sys F8278310 F8267000 00014000 VIDEOPRT.SYS \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS F8262000 F8242000 00025000 HDAudBus.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys F8A87605 F8A83000 00005000 usbuhci.sys \SystemRoot\system32\DRIVERS\usbuhci.sys F823F985 F821F000 00023000 USBPORT.SYS \SystemRoot\system32\DRIVERS\USBPORT.SYS F8A90E05 F8A8B000 00007000 usbehci.sys \SystemRoot\system32\DRIVERS\usbehci.sys F7EF95E0 F7EF9000 00326000 w29n51.sys \SystemRoot\system32\DRIVERS\w29n51.sys F8A97480 F8A93000 00006000 RTL8139.SYS \SystemRoot\system32\DRIVERS\RTL8139.SYS F889C385 F8893000 0000D000 i8042prt.sys \SystemRoot\system32\DRIVERS\i8042prt.sys F8A9E66E F8A9B000 00005000 DKbFltr.sys \SystemRoot\system32\DRIVERS\DKbFltr.sys F8AA7610 F8AA3000 00006000 kbdclass.sys \SystemRoot\system32\DRIVERS\kbdclass.sys F7EF5CA0 F7ECB000 0002E000 SynTP.sys \SystemRoot\system32\DRIVERS\SynTP.sys F8C5D300 F8C5D000 00002000 USBD.SYS \SystemRoot\system32\DRIVERS\USBD.SYS F8AAF035 F8AAB000 00006000 mouclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys F88AB9FB F88A3000 0000B000 imapi.sys \SystemRoot\system32\DRIVERS\imapi.sys F88BD6DA F88B3000 0000D000 cdrom.sys \SystemRoot\system32\DRIVERS\cdrom.sys F88CE685 F88C3000 0000F000 redbook.sys \SystemRoot\system32\DRIVERS\redbook.sys F7EC7FB5 F7EA8000 00023000 ks.sys \SystemRoot\system32\DRIVERS\ks.sys F8C5FF48 F8C5F000 00002000 NTIDrvr.sys \SystemRoot\system32\DRIVERS\NTIDrvr.sys F8C01966 F8BFF000 00004000 CmBatt.sys \SystemRoot\system32\DRIVERS\CmBatt.sys F83E8600 F83E8000 00001000 audstub.sys \SystemRoot\system32\DRIVERS\audstub.sys F88DE505 F88D3000 0000D000 rasl2tp.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys F8C04A22 F8C03000 00003000 ndistapi.sys \SystemRoot\system32\DRIVERS\ndistapi.sys F7EA5323 F7E91000 00017000 ndiswan.sys \SystemRoot\system32\DRIVERS\ndiswan.sys F88EC165 F88E3000 0000B000 raspppoe.sys \SystemRoot\system32\DRIVERS\raspppoe.sys F88FD905 F88F3000 0000C000 raspptp.sys \SystemRoot\system32\DRIVERS\raspptp.sys F8AB6B05 F8AB3000 00005000 TDI.SYS \SystemRoot\system32\DRIVERS\TDI.SYS F7E8F200 F7E80000 00011000 psched.sys \SystemRoot\system32\DRIVERS\psched.sys F890AA85 F8903000 00009000 msgpc.sys \SystemRoot\system32\DRIVERS\msgpc.sys F8ABE4A2 F8ABB000 00005000 ptilink.sys \SystemRoot\system32\DRIVERS\ptilink.sys F8AC6200 F8AC3000 00005000 raspti.sys \SystemRoot\system32\DRIVERS\raspti.sys F7E7A885 F7E4F000 00031000 rdpdr.sys \SystemRoot\system32\DRIVERS\rdpdr.sys F891B657 F8913000 0000A000 termdd.sys \SystemRoot\system32\DRIVERS\termdd.sys F8C618DD F8C61000 00002000 swenum.sys \SystemRoot\system32\DRIVERS\swenum.sys F7E4D048 F7E1B000 00034000 update.sys \SystemRoot\system32\DRIVERS\update.sys F8C19BE6 F8C17000 00004000 mssmbios.sys \SystemRoot\system32\DRIVERS\mssmbios.sys F892AF20 F8923000 0000A000 NDProxy.SYS \SystemRoot\System32\Drivers\NDProxy.SYS AAFAC000 AABF5000 003CB000 RtkHDAud.sys \SystemRoot\system32\drivers\RtkHDAud.sys AABF1C85 AABD1000 00024000 portcls.sys \SystemRoot\system32\drivers\portcls.sys F8950D85 F8943000 0000F000 drmk.sys \SystemRoot\system32\drivers\drmk.sys AABCC4B8 AAB9B000 00036000 HSFHWAZL.sys \SystemRoot\system32\DRIVERS\HSFHWAZL.sys AAB91CB8 AAAA7000 000F4000 HSF_DPV.sys \SystemRoot\system32\DRIVERS\HSF_DPV.sys AAA99500 AA9F6000 000B1000 HSF_CNXT.sys \SystemRoot\system32\DRIVERS\HSF_CNXT.sys F8AD0E6D F8ACB000 00008000 Modem.SYS \SystemRoot\System32\Drivers\Modem.SYS F895FA05 F8953000 0000F000 usbhub.sys \SystemRoot\system32\DRIVERS\usbhub.sys F8C6A785 F8C69000 00002000 i2omgmt.SYS \SystemRoot\System32\Drivers\i2omgmt.SYS F8C6C5E4 F8C6B000 00002000 Fs_Rec.SYS \SystemRoot\System32\Drivers\Fs_Rec.SYS F83A559A F83A5000 00001000 Null.SYS \SystemRoot\System32\Drivers\Null.SYS F8C6D66C F8C6D000 00002000 Beep.SYS \SystemRoot\System32\Drivers\Beep.SYS F83A2A85 F83A2000 00001000 avgclean.sys \SystemRoot\System32\Drivers\avgclean.sys F8AEF642 F8AEB000 00006000 vga.sys \SystemRoot\System32\drivers\vga.sys F8C6F646 F8C6F000 00002000 mnmdd.SYS \SystemRoot\System32\Drivers\mnmdd.SYS F8C71944 F8C71000 00002000 RDPCDD.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys F8AF6BED F8AF3000 00005000 Msfs.SYS \SystemRoot\System32\Drivers\Msfs.SYS F8B016D3 F8AFB000 00008000 Npfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS F852966B F8528000 00003000 rasacd.sys \SystemRoot\system32\DRIVERS\rasacd.sys AA9AB885 AA99B000 00013000 ipsec.sys \SystemRoot\system32\DRIVERS\ipsec.sys AA994416 AA943000 00058000 tcpip.sys \SystemRoot\system32\DRIVERS\tcpip.sys AA93EF85 AA91B000 00028000 netbt.sys \SystemRoot\system32\DRIVERS\netbt.sys AA916F40 AA8F9000 00022000 afd.sys \SystemRoot\System32\drivers\afd.sys F896A4A9 F8963000 00009000 netbios.sys \SystemRoot\system32\DRIVERS\netbios.sys F8974C90 F8973000 0000C000 SASKUTIL.sys \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys F8B04000 F8B03000 00007000 SASDIFSV.SYS \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS AA8F659C AA8D8000 00021000 ipnat.sys \SystemRoot\system32\DRIVERS\ipnat.sys F8989FD6 F8983000 00009000 wanarp.sys \SystemRoot\system32\DRIVERS\wanarp.sys AA8D3EF8 AA8AD000 0002B000 rdbss.sys \SystemRoot\system32\DRIVERS\rdbss.sys AA8A5203 AA83E000 0006F000 mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys AA83BA27 AA82A000 00014000 ISODrive.sys \??\C:\Program Files\UltraISO\drivers\ISODrive.sys F8997F2B F8993000 00009000 Fips.SYS \SystemRoot\System32\Drivers\Fips.SYS AA7F8D8E AA739000 000C9000 avg7core.sys \SystemRoot\System32\Drivers\avg7core.sys F8C73AC0 F8C73000 00002000 avg7rsw.sys \SystemRoot\System32\Drivers\avg7rsw.sys F8B106AA F8B0B000 00007000 avg7rsxp.sys \SystemRoot\System32\Drivers\avg7rsxp.sys F89B0A85 F89A3000 00010000 Cdfs.SYS \SystemRoot\System32\Drivers\Cdfs.SYS AA6E65F7 AA6D1000 00018000 dump_atapi.sys \SystemRoot\System32\Drivers\dump_atapi.sys F8C75B80 F8C75000 00002000 dump_WMILIB.SYS \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF9AE4EF BF800000 001C2000 win32k.sys \SystemRoot\System32\win32k.sys F7E10E80 F7E0F000 00003000 Dxapi.sys \SystemRoot\System32\drivers\Dxapi.sys F8B16890 F8B13000 00005000 watchdog.sys \SystemRoot\System32\watchdog.sys BF9D2090 BF9C2000 00012000 dxg.sys \SystemRoot\System32\drivers\dxg.sys F8E1F359 F8E1F000 00001000 dxgthk.sys \SystemRoot\System32\drivers\dxgthk.sys BF9ECFF0 BF9E2000 00021000 ialmdnt5.dll \SystemRoot\System32\ialmdnt5.dll BF9D8A4D BF9D4000 0000E000 ialmrnt5.dll \SystemRoot\System32\ialmrnt5.dll BFA13690 BFA03000 00034000 ialmdev5.DLL \SystemRoot\System32\ialmdev5.DLL BFA4ECF0 BFA37000 000E2000 ialmdd5.DLL \SystemRoot\System32\ialmdd5.DLL F8B269D6 F8B23000 00005000 AegisP.sys \SystemRoot\system32\DRIVERS\AegisP.sys AA5A7805 AA5A5000 00004000 s24trans.sys \SystemRoot\system32\DRIVERS\s24trans.sys AA2BC405 AA294000 0002D000 mrxdav.sys \SystemRoot\system32\DRIVERS\mrxdav.sys AA1F1D85 AA1DF000 00015000 wdmaud.sys \SystemRoot\system32\drivers\wdmaud.sys F7DE08E1 F7DD3000 0000F000 sysaudio.sys \SystemRoot\system32\drivers\sysaudio.sys F8D4768A F8D47000 00001000 epm-psd.sys \??\C:\WINDOWS\system32\drivers\epm-psd.sys A9EFCD26 A9EFC000 00014000 epm-shd.sys \??\C:\WINDOWS\system32\drivers\epm-shd.sys AA202780 AA200000 00004000 mdmxsdk.sys \SystemRoot\system32\DRIVERS\mdmxsdk.sys F8CAA1A4 F8CA9000 00002000 osaio.sys \??\C:\WINDOWS\system32\drivers\osaio.sys F8D95306 F8D95000 00001000 osanbm.sys \??\C:\WINDOWS\system32\drivers\osanbm.sys A9D14C05 A9CCA000 00052000 srv.sys \SystemRoot\system32\DRIVERS\srv.sys F8B2ED1D F8B2B000 00005000 BTHUSB.sys \SystemRoot\System32\Drivers\BTHUSB.sys A983E2BD A97FF000 00043000 bthport.sys \SystemRoot\System32\Drivers\bthport.sys A98DF619 A98D2000 0000F000 rfcomm.sys \SystemRoot\system32\DRIVERS\rfcomm.sys F8B364A9 F8B33000 00005000 BthEnum.sys \SystemRoot\system32\DRIVERS\BthEnum.sys A973381F A971E000 00019000 bthpan.sys \SystemRoot\system32\DRIVERS\bthpan.sys A9B62092 A9B5A000 0000A000 bthmodem.sys \SystemRoot\system32\DRIVERS\bthmodem.sys A93FDCD7 A93C3000 00041000 HTTP.sys \SystemRoot\System32\Drivers\HTTP.sys F8A60805 F8A5B000 00007000 USBSTOR.SYS \SystemRoot\system32\DRIVERS\USBSTOR.SYS A9BBCF50 A9BBA000 0000E000 NIAPMirrorSystem.sys \??\G:\NIAP 0.5\NIAPMirrorSystem.sys A92A8E85 A9281000 0002A000 kmixer.sys \SystemRoot\system32\drivers\kmixer.sys A9249B50 A9245000 0001A000 NIAPRkDetect.sys \??\G:\NIAP 0.5\NIAPRkDetect.sys SSDT: ID \| Current Function Address \| Module Path \| Source Function Address \| Function Name HOOK 0000011C A9BBC530 \??\G:\NIAP 0.5\NIAPMirrorSystem.sys D763C355 ----- HOOK 0000011D A9BBC590 \??\G:\NIAP 0.5\NIAPMirrorSystem.sys 71318D8B ----- HOOK 0000011E A9BBC5E0 \??\G:\NIAP 0.5\NIAPMirrorSystem.sys 049B6FDF ----- HOOK 0000011F A9BBC630 \??\G:\NIAP 0.5\NIAPMirrorSystem.sys 7FDD7024 ----- HOOK 00000120 A9BBC680 \??\G:\NIAP 0.5\NIAPMirrorSystem.sys 9C50ABFF ----- HOOK 00000121 A9BBC6D0 \??\G:\NIAP 0.5\NIAPMirrorSystem.sys 68618673 ----- HOOK 00000122 A9BBC710 \??\G:\NIAP 0.5\NIAPMirrorSystem.sys 800E5F79 ----- HOOK 00000123 A9BBC750 \??\G:\NIAP 0.5\NIAPMirrorSystem.sys 051D300B ----- HOOK 00000124 A9BBC7A0 \??\G:\NIAP 0.5\NIAPMirrorSystem.sys 800D70D8 ----- HOOK 00000125 A9BBC7F0 \??\G:\NIAP 0.5\NIAPMirrorSystem.sys 2329B38B ----- HOOK 00000126 A9BBC850 \??\G:\NIAP 0.5\NIAPMirrorSystem.sys 7FED6008 ----- HOOK 00000127 A9BBC8A0 \??\G:\NIAP 0.5\NIAPMirrorSystem.sys 813A23FF ----- HOOK 00000128 A9BBC8F0 \??\G:\NIAP 0.5\NIAPMirrorSystem.sys 13987000 ----- HOOK 00000129 A9BBC940 \??\G:\NIAP 0.5\NIAPMirrorSystem.sys 800D7134 ----- HOOK 0000012A A9BBC980 \??\G:\NIAP 0.5\NIAPMirrorSystem.sys 9880FB52 ----- HOOK 0000012B A9BBC9E0 \??\G:\NIAP 0.5\NIAPMirrorSystem.sys ACB0F956 ----- HOOK 0000012C A9BBCA30 \??\G:\NIAP 0.5\NIAPMirrorSystem.sys 030D7001 ----- HOOK 0000012D A9BBCA80 \??\G:\NIAP 0.5\NIAPMirrorSystem.sys 7C9960E4 ----- HOOK 0000012E A9BBCAC0 \??\G:\NIAP 0.5\NIAPMirrorSystem.sys 821E5C81 ----- HOOK 0000012F A9BBCB00 \??\G:\NIAP 0.5\NIAPMirrorSystem.sys 6E8E7000 ----- HOOK 00000130 A9BBCB40 \??\G:\NIAP 0.5\NIAPMirrorSystem.sys 800D7210 ----- HOOK 00000131 A9BBCBB0 \??\G:\NIAP 0.5\NIAPMirrorSystem.sys 091BFBFA ----- HOOK 00000132 A9BBCC00 \??\G:\NIAP 0.5\NIAPMirrorSystem.sys CE98940C ----- HOOK 00000133 A9BBCC40 \??\G:\NIAP 0.5\NIAPMirrorSystem.sys A459F904 ----- HOOK 00000134 A9BBCC80 \??\G:\NIAP 0.5\NIAPMirrorSystem.sys 885BFB04 ----- HOOK 00000135 A9BBCCF0 \??\G:\NIAP 0.5\NIAPMirrorSystem.sys 8831BC89 ----- HOOK 00000136 A9BBCD40 \??\G:\NIAP 0.5\NIAPMirrorSystem.sys 0925BE8B ----- HOOK 00000137 A9BBCD90 \??\G:\NIAP 0.5\NIAPMirrorSystem.sys 0B25944C ----- HOOK 00000138 A9BBCDF0 \??\G:\NIAP 0.5\NIAPMirrorSystem.sys 800F7C8E ----- HOOK 00000139 A9BBCE50 \??\G:\NIAP 0.5\NIAPMirrorSystem.sys A499F900 ----- Shadow Table: ID \| Current Function Address \| Module Path \| Source Function Address \| Function Name FSD Dispatch hook: Driver Name \| Major Function \| Address \| Module Path Kernel Mode Hook: Module Name \| Address \| Hook Type \| Memo Windows Hook: Process Name \| IsGlobal \| Function Address \| Hook Type \| Module Path NIAP_XRay_Syste Local 00431453 WH_MSGFILTER G:\NIAP 0.5\NIAP_XRay_System.exe NIAP_XRay_Syste Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll NIAP_XRay_Syste Global 74730DE9 WH_GETMESSAGE C:\WINDOWS\system32\MSCTF.dll NIAP_XRay_Syste Local 0041EB20 WH_CBT G:\NIAP 0.5\NIAP_XRay_System.exe NIAP_XRay_Syste Global 63001580 WH_CBT C:\WINDOWS\system32\SynTPFcs.dll NIAP_XRay_Syste Global 747308B6 WH_CBT C:\WINDOWS\system32\MSCTF.dll NIAP_XRay_Syste Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll NIAP_XRay_Syste Global 74730D4E WH_SHELL C:\WINDOWS\system32\MSCTF.dll NIAP_XRay_Syste Local 00431453 WH_MSGFILTER G:\NIAP 0.5\NIAP_XRay_System.exe NIAP_XRay_Syste Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll NIAP_XRay_Syste Global 74730DE9 WH_GETMESSAGE C:\WINDOWS\system32\MSCTF.dll NIAP_XRay_Syste Local 0041EB20 WH_CBT G:\NIAP 0.5\NIAP_XRay_System.exe NIAP_XRay_Syste Global 63001580 WH_CBT C:\WINDOWS\system32\SynTPFcs.dll NIAP_XRay_Syste Global 747308B6 WH_CBT C:\WINDOWS\system32\MSCTF.dll NIAP_XRay_Syste Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll NIAP_XRay_Syste Global 74730D4E WH_SHELL C:\WINDOWS\system32\MSCTF.dll avgw.exe Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll avgw.exe Global 74730DE9 WH_GETMESSAGE C:\WINDOWS\system32\MSCTF.dll avgw.exe Local 7C16FAE1 WH_CBT C:\WINDOWS\system32\MFC71.DLL avgw.exe Global 63001580 WH_CBT C:\WINDOWS\system32\SynTPFcs.dll avgw.exe Global 747308B6 WH_CBT C:\WINDOWS\system32\MSCTF.dll avgw.exe Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll avgw.exe Global 74730D4E WH_SHELL C:\WINDOWS\system32\MSCTF.dll avgw.exe Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll avgw.exe Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll JAVAW.EXE Global 00010DE9 WH_GETMESSAGE C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe JAVAW.EXE Global 00001580 WH_CBT C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe JAVAW.EXE Global 000108B6 WH_CBT C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe JAVAW.EXE Global 00010D4E WH_SHELL C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe WZQKPICK.EXE Local 004038D0 WH_MSGFILTER C:\Program Files\WinZip\WZQKPICK.EXE WZQKPICK.EXE Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll WZQKPICK.EXE Global 74730DE9 WH_GETMESSAGE C:\WINDOWS\system32\MSCTF.dll WZQKPICK.EXE Global 63001580 WH_CBT C:\WINDOWS\system32\SynTPFcs.dll WZQKPICK.EXE Global 747308B6 WH_CBT C:\WINDOWS\system32\MSCTF.dll WZQKPICK.EXE Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll WZQKPICK.EXE Global 74730D4E WH_SHELL C:\WINDOWS\system32\MSCTF.dll MPAPI3s.exe Global 74730DE9 WH_GETMESSAGE C:\WINDOWS\system32\MSCTF.dll MPAPI3s.exe Global 63001580 WH_CBT C:\WINDOWS\system32\SynTPFcs.dll MPAPI3s.exe Global 747308B6 WH_CBT C:\WINDOWS\system32\MSCTF.dll MPAPI3s.exe Global 74730D4E WH_SHELL C:\WINDOWS\system32\MSCTF.dll MPAPI3s.exe Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll MPAPI3s.exe Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll RAPIMGR.EXE Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll RAPIMGR.EXE Global 74730DE9 WH_GETMESSAGE C:\WINDOWS\system32\MSCTF.dll RAPIMGR.EXE Global 63001580 WH_CBT C:\WINDOWS\system32\SynTPFcs.dll RAPIMGR.EXE Global 747308B6 WH_CBT C:\WINDOWS\system32\MSCTF.dll RAPIMGR.EXE Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll RAPIMGR.EXE Global 74730D4E WH_SHELL C:\WINDOWS\system32\MSCTF.dll IFORMAT.EXE Local 00439E3D WH_MSGFILTER C:\Program Files\UFDisk\UFDisk Format Tool\iFormat.exe IFORMAT.EXE Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll IFORMAT.EXE Global 74730DE9 WH_GETMESSAGE C:\WINDOWS\system32\MSCTF.dll IFORMAT.EXE Local 004365B8 WH_CBT C:\Program Files\UFDisk\UFDisk Format Tool\iFormat.exe IFORMAT.EXE Global 63001580 WH_CBT C:\WINDOWS\system32\SynTPFcs.dll IFORMAT.EXE Global 747308B6 WH_CBT C:\WINDOWS\system32\MSCTF.dll IFORMAT.EXE Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll IFORMAT.EXE Global 74730D4E WH_SHELL C:\WINDOWS\system32\MSCTF.dll CLMLSERVER.EXE Global 00010DE9 WH_GETMESSAGE C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe CLMLSERVER.EXE Global 00001580 WH_CBT C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe CLMLSERVER.EXE Global 000108B6 WH_CBT C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe CLMLSERVER.EXE Global 00010D4E WH_SHELL C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe CLCAPSVC.EXE Global 00010DE9 WH_GETMESSAGE C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe CLCAPSVC.EXE Global 00001580 WH_CBT C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe CLCAPSVC.EXE Global 000108B6 WH_CBT C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe CLCAPSVC.EXE Global 00010D4E WH_SHELL C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe EXPLORER.EXE Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll EXPLORER.EXE Global 74730DE9 WH_GETMESSAGE C:\WINDOWS\system32\MSCTF.dll EXPLORER.EXE Global 63001580 WH_CBT C:\WINDOWS\system32\SynTPFcs.dll EXPLORER.EXE Global 747308B6 WH_CBT C:\WINDOWS\system32\MSCTF.dll EXPLORER.EXE Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll EXPLORER.EXE Global 74730D4E WH_SHELL C:\WINDOWS\system32\MSCTF.dll EXPLORER.EXE Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll EXPLORER.EXE Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll EXPLORER.EXE Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll EXPLORER.EXE Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll EXPLORER.EXE Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll EXPLORER.EXE Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll avgamsvr.exe Global 00010DE9 WH_GETMESSAGE C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe avgamsvr.exe Global 00001580 WH_CBT C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe avgamsvr.exe Global 000108B6 WH_CBT C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe avgamsvr.exe Global 00010D4E WH_SHELL C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe SKYPE.EXE Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll SKYPE.EXE Local 006E3794 WH_GETMESSAGE C:\Program Files\Skype\Phone\Skype.exe SKYPE.EXE Local 004C1468 WH_GETMESSAGE C:\Program Files\Skype\Phone\Skype.exe SKYPE.EXE Global 74730DE9 WH_GETMESSAGE C:\WINDOWS\system32\MSCTF.dll SKYPE.EXE Global 63001580 WH_CBT C:\WINDOWS\system32\SynTPFcs.dll SKYPE.EXE Global 747308B6 WH_CBT C:\WINDOWS\system32\MSCTF.dll SKYPE.EXE Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll SKYPE.EXE Global 74730D4E WH_SHELL C:\WINDOWS\system32\MSCTF.dll SKYPE.EXE Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll SKYPE.EXE Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll PCSYNC2.EXE Local 72834A2D WH_MSGFILTER C:\WINDOWS\system32\MFC42u.DLL PCSYNC2.EXE Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll PCSYNC2.EXE Global 74730DE9 WH_GETMESSAGE C:\WINDOWS\system32\MSCTF.dll PCSYNC2.EXE Local 72834157 WH_CBT C:\WINDOWS\system32\MFC42u.DLL PCSYNC2.EXE Global 63001580 WH_CBT C:\WINDOWS\system32\SynTPFcs.dll PCSYNC2.EXE Global 747308B6 WH_CBT C:\WINDOWS\system32\MSCTF.dll PCSYNC2.EXE Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll PCSYNC2.EXE Global 74730D4E WH_SHELL C:\WINDOWS\system32\MSCTF.dll WCESCOMM.EXE Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll WCESCOMM.EXE Global 74730DE9 WH_GETMESSAGE C:\WINDOWS\system32\MSCTF.dll WCESCOMM.EXE Global 63001580 WH_CBT C:\WINDOWS\system32\SynTPFcs.dll WCESCOMM.EXE Global 747308B6 WH_CBT C:\WINDOWS\system32\MSCTF.dll WCESCOMM.EXE Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll WCESCOMM.EXE Global 74730D4E WH_SHELL C:\WINDOWS\system32\MSCTF.dll avgcc.exe Local 7C172389 WH_MSGFILTER C:\WINDOWS\system32\MFC71.DLL avgcc.exe Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll avgcc.exe Global 74730DE9 WH_GETMESSAGE C:\WINDOWS\system32\MSCTF.dll avgcc.exe Local 7C16FAE1 WH_CBT C:\WINDOWS\system32\MFC71.DLL avgcc.exe Global 63001580 WH_CBT C:\WINDOWS\system32\SynTPFcs.dll avgcc.exe Global 747308B6 WH_CBT C:\WINDOWS\system32\MSCTF.dll avgcc.exe Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll avgcc.exe Global 74730D4E WH_SHELL C:\WINDOWS\system32\MSCTF.dll avgcc.exe Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll avgcc.exe Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll ANBMSERV.EXE Global 00010DE9 WH_GETMESSAGE C:\Acer\eManager\anbmServ.exe ANBMSERV.EXE Global 00001580 WH_CBT C:\Acer\eManager\anbmServ.exe ANBMSERV.EXE Global 000108B6 WH_CBT C:\Acer\eManager\anbmServ.exe ANBMSERV.EXE Global 00010D4E WH_SHELL C:\Acer\eManager\anbmServ.exe SPOOLSV.EXE Global 00010DE9 WH_GETMESSAGE C:\WINDOWS\system32\spoolsv.exe SPOOLSV.EXE Global 00001580 WH_CBT C:\WINDOWS\system32\spoolsv.exe SPOOLSV.EXE Global 000108B6 WH_CBT C:\WINDOWS\system32\spoolsv.exe SPOOLSV.EXE Global 00010D4E WH_SHELL C:\WINDOWS\system32\spoolsv.exe HKCMD.EXE Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll HKCMD.EXE Global 74730DE9 WH_GETMESSAGE C:\WINDOWS\system32\MSCTF.dll HKCMD.EXE Global 63001580 WH_CBT C:\WINDOWS\system32\SynTPFcs.dll HKCMD.EXE Global 747308B6 WH_CBT C:\WINDOWS\system32\MSCTF.dll HKCMD.EXE Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll HKCMD.EXE Global 74730D4E WH_SHELL C:\WINDOWS\system32\MSCTF.dll S24EVMON.EXE Global 00010DE9 WH_GETMESSAGE C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe S24EVMON.EXE Global 00001580 WH_CBT C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe S24EVMON.EXE Global 000108B6 WH_CBT C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe S24EVMON.EXE Global 00010D4E WH_SHELL C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe IGFXTRAY.EXE Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll IGFXTRAY.EXE Global 74730DE9 WH_GETMESSAGE C:\WINDOWS\system32\MSCTF.dll IGFXTRAY.EXE Global 00001580 WH_CBT C:\WINDOWS\system32\igfxtray.exe IGFXTRAY.EXE Global 747308B6 WH_CBT C:\WINDOWS\system32\MSCTF.dll IGFXTRAY.EXE Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll IGFXTRAY.EXE Global 74730D4E WH_SHELL C:\WINDOWS\system32\MSCTF.dll PCMSERVICE.EXE Local 7C172389 WH_MSGFILTER C:\Program Files\Acer\Acer Arcade\MFC71.DLL PCMSERVICE.EXE Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll PCMSERVICE.EXE Global 74730DE9 WH_GETMESSAGE C:\WINDOWS\system32\MSCTF.dll PCMSERVICE.EXE Local 7C16FAE1 WH_CBT C:\Program Files\Acer\Acer Arcade\MFC71.DLL PCMSERVICE.EXE Global 63001580 WH_CBT C:\WINDOWS\system32\SynTPFcs.dll PCMSERVICE.EXE Global 747308B6 WH_CBT C:\WINDOWS\system32\MSCTF.dll PCMSERVICE.EXE Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll PCMSERVICE.EXE Global 74730D4E WH_SHELL C:\WINDOWS\system32\MSCTF.dll QTZGACER.EXE Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll QTZGACER.EXE Global 74730DE9 WH_GETMESSAGE C:\WINDOWS\system32\MSCTF.dll QTZGACER.EXE Global 63001580 WH_CBT C:\WINDOWS\system32\SynTPFcs.dll QTZGACER.EXE Global 747308B6 WH_CBT C:\WINDOWS\system32\MSCTF.dll QTZGACER.EXE Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll QTZGACER.EXE Global 74730D4E WH_SHELL C:\WINDOWS\system32\MSCTF.dll QTZGACER.EXE Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll QTZGACER.EXE Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll RTHDCPL.EXE Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll RTHDCPL.EXE Global 74730DE9 WH_GETMESSAGE C:\WINDOWS\system32\MSCTF.dll RTHDCPL.EXE Global 63001580 WH_CBT C:\WINDOWS\system32\SynTPFcs.dll RTHDCPL.EXE Global 747308B6 WH_CBT C:\WINDOWS\system32\MSCTF.dll RTHDCPL.EXE Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll RTHDCPL.EXE Global 74730D4E WH_SHELL C:\WINDOWS\system32\MSCTF.dll IGFXPERS.EXE Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll IGFXPERS.EXE Global 74730DE9 WH_GETMESSAGE C:\WINDOWS\system32\MSCTF.dll IGFXPERS.EXE Global 63001580 WH_CBT C:\WINDOWS\system32\SynTPFcs.dll IGFXPERS.EXE Global 747308B6 WH_CBT C:\WINDOWS\system32\MSCTF.dll IGFXPERS.EXE Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll IGFXPERS.EXE Global 74730D4E WH_SHELL C:\WINDOWS\system32\MSCTF.dll IGFXPERS.EXE Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll IGFXPERS.EXE Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll SYNTPLPR.EXE Global 74730DE9 WH_GETMESSAGE C:\WINDOWS\system32\MSCTF.dll SYNTPLPR.EXE Global 00001580 WH_CBT C:\Program Files\Synaptics\SynTP\SynTPLpr.exe SYNTPLPR.EXE Global 747308B6 WH_CBT C:\WINDOWS\system32\MSCTF.dll SYNTPLPR.EXE Global 74730D4E WH_SHELL C:\WINDOWS\system32\MSCTF.dll SYNTPENH.EXE Global 74730DE9 WH_GETMESSAGE C:\WINDOWS\system32\MSCTF.dll SYNTPENH.EXE Global 011F1580 WH_CBT C:\WINDOWS\system32\SynTPFcs.dll SYNTPENH.EXE Global 747308B6 WH_CBT C:\WINDOWS\system32\MSCTF.dll SYNTPENH.EXE Global 74730D4E WH_SHELL C:\WINDOWS\system32\MSCTF.dll<

kifera View Member Profile	Apr 30 2008, 10:45 AM Post #8
Member Posts: 22 OS: windows xp	The previous message got truncated. Windows Hook: Process Name \| IsGlobal \| Function Address \| Hook Type \| Module Path NIAP_XRay_Syste Local 00431453 WH_MSGFILTER G:\NIAP 0.5\NIAP_XRay_System.exe NIAP_XRay_Syste Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll NIAP_XRay_Syste Global 74730DE9 WH_GETMESSAGE C:\WINDOWS\system32\MSCTF.dll NIAP_XRay_Syste Local 0041EB20 WH_CBT G:\NIAP 0.5\NIAP_XRay_System.exe NIAP_XRay_Syste Global 63001580 WH_CBT C:\WINDOWS\system32\SynTPFcs.dll NIAP_XRay_Syste Global 747308B6 WH_CBT C:\WINDOWS\system32\MSCTF.dll NIAP_XRay_Syste Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll NIAP_XRay_Syste Global 74730D4E WH_SHELL C:\WINDOWS\system32\MSCTF.dll NIAP_XRay_Syste Local 00431453 WH_MSGFILTER G:\NIAP 0.5\NIAP_XRay_System.exe NIAP_XRay_Syste Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll NIAP_XRay_Syste Global 74730DE9 WH_GETMESSAGE C:\WINDOWS\system32\MSCTF.dll NIAP_XRay_Syste Local 0041EB20 WH_CBT G:\NIAP 0.5\NIAP_XRay_System.exe NIAP_XRay_Syste Global 63001580 WH_CBT C:\WINDOWS\system32\SynTPFcs.dll NIAP_XRay_Syste Global 747308B6 WH_CBT C:\WINDOWS\system32\MSCTF.dll NIAP_XRay_Syste Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll NIAP_XRay_Syste Global 74730D4E WH_SHELL C:\WINDOWS\system32\MSCTF.dll avgw.exe Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll avgw.exe Global 74730DE9 WH_GETMESSAGE C:\WINDOWS\system32\MSCTF.dll avgw.exe Local 7C16FAE1 WH_CBT C:\WINDOWS\system32\MFC71.DLL avgw.exe Global 63001580 WH_CBT C:\WINDOWS\system32\SynTPFcs.dll avgw.exe Global 747308B6 WH_CBT C:\WINDOWS\system32\MSCTF.dll avgw.exe Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll avgw.exe Global 74730D4E WH_SHELL C:\WINDOWS\system32\MSCTF.dll avgw.exe Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll avgw.exe Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll JAVAW.EXE Global 00010DE9 WH_GETMESSAGE C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe JAVAW.EXE Global 00001580 WH_CBT C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe JAVAW.EXE Global 000108B6 WH_CBT C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe JAVAW.EXE Global 00010D4E WH_SHELL C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe WZQKPICK.EXE Local 004038D0 WH_MSGFILTER C:\Program Files\WinZip\WZQKPICK.EXE WZQKPICK.EXE Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll WZQKPICK.EXE Global 74730DE9 WH_GETMESSAGE C:\WINDOWS\system32\MSCTF.dll WZQKPICK.EXE Global 63001580 WH_CBT C:\WINDOWS\system32\SynTPFcs.dll WZQKPICK.EXE Global 747308B6 WH_CBT C:\WINDOWS\system32\MSCTF.dll WZQKPICK.EXE Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll WZQKPICK.EXE Global 74730D4E WH_SHELL C:\WINDOWS\system32\MSCTF.dll MPAPI3s.exe Global 74730DE9 WH_GETMESSAGE C:\WINDOWS\system32\MSCTF.dll MPAPI3s.exe Global 63001580 WH_CBT C:\WINDOWS\system32\SynTPFcs.dll MPAPI3s.exe Global 747308B6 WH_CBT C:\WINDOWS\system32\MSCTF.dll MPAPI3s.exe Global 74730D4E WH_SHELL C:\WINDOWS\system32\MSCTF.dll MPAPI3s.exe Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll MPAPI3s.exe Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll RAPIMGR.EXE Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll RAPIMGR.EXE Global 74730DE9 WH_GETMESSAGE C:\WINDOWS\system32\MSCTF.dll RAPIMGR.EXE Global 63001580 WH_CBT C:\WINDOWS\system32\SynTPFcs.dll RAPIMGR.EXE Global 747308B6 WH_CBT C:\WINDOWS\system32\MSCTF.dll RAPIMGR.EXE Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll RAPIMGR.EXE Global 74730D4E WH_SHELL C:\WINDOWS\system32\MSCTF.dll IFORMAT.EXE Local 00439E3D WH_MSGFILTER C:\Program Files\UFDisk\UFDisk Format Tool\iFormat.exe IFORMAT.EXE Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll IFORMAT.EXE Global 74730DE9 WH_GETMESSAGE C:\WINDOWS\system32\MSCTF.dll IFORMAT.EXE Local 004365B8 WH_CBT C:\Program Files\UFDisk\UFDisk Format Tool\iFormat.exe IFORMAT.EXE Global 63001580 WH_CBT C:\WINDOWS\system32\SynTPFcs.dll IFORMAT.EXE Global 747308B6 WH_CBT C:\WINDOWS\system32\MSCTF.dll IFORMAT.EXE Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll IFORMAT.EXE Global 74730D4E WH_SHELL C:\WINDOWS\system32\MSCTF.dll CLMLSERVER.EXE Global 00010DE9 WH_GETMESSAGE C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe CLMLSERVER.EXE Global 00001580 WH_CBT C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe CLMLSERVER.EXE Global 000108B6 WH_CBT C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe CLMLSERVER.EXE Global 00010D4E WH_SHELL C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe CLCAPSVC.EXE Global 00010DE9 WH_GETMESSAGE C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe CLCAPSVC.EXE Global 00001580 WH_CBT C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe CLCAPSVC.EXE Global 000108B6 WH_CBT C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe CLCAPSVC.EXE Global 00010D4E WH_SHELL C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe EXPLORER.EXE Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll EXPLORER.EXE Global 74730DE9 WH_GETMESSAGE C:\WINDOWS\system32\MSCTF.dll EXPLORER.EXE Global 63001580 WH_CBT C:\WINDOWS\system32\SynTPFcs.dll EXPLORER.EXE Global 747308B6 WH_CBT C:\WINDOWS\system32\MSCTF.dll EXPLORER.EXE Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll EXPLORER.EXE Global 74730D4E WH_SHELL C:\WINDOWS\system32\MSCTF.dll EXPLORER.EXE Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll EXPLORER.EXE Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll EXPLORER.EXE Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll EXPLORER.EXE Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll EXPLORER.EXE Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll EXPLORER.EXE Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll avgamsvr.exe Global 00010DE9 WH_GETMESSAGE C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe avgamsvr.exe Global 00001580 WH_CBT C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe avgamsvr.exe Global 000108B6 WH_CBT C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe avgamsvr.exe Global 00010D4E WH_SHELL C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe SKYPE.EXE Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll SKYPE.EXE Local 006E3794 WH_GETMESSAGE C:\Program Files\Skype\Phone\Skype.exe SKYPE.EXE Local 004C1468 WH_GETMESSAGE C:\Program Files\Skype\Phone\Skype.exe SKYPE.EXE Global 74730DE9 WH_GETMESSAGE C:\WINDOWS\system32\MSCTF.dll SKYPE.EXE Global 63001580 WH_CBT C:\WINDOWS\system32\SynTPFcs.dll SKYPE.EXE Global 747308B6 WH_CBT C:\WINDOWS\system32\MSCTF.dll SKYPE.EXE Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll SKYPE.EXE Global 74730D4E WH_SHELL C:\WINDOWS\system32\MSCTF.dll SKYPE.EXE Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll SKYPE.EXE Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll PCSYNC2.EXE Local 72834A2D WH_MSGFILTER C:\WINDOWS\system32\MFC42u.DLL PCSYNC2.EXE Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll PCSYNC2.EXE Global 74730DE9 WH_GETMESSAGE C:\WINDOWS\system32\MSCTF.dll PCSYNC2.EXE Local 72834157 WH_CBT C:\WINDOWS\system32\MFC42u.DLL PCSYNC2.EXE Global 63001580 WH_CBT C:\WINDOWS\system32\SynTPFcs.dll PCSYNC2.EXE Global 747308B6 WH_CBT C:\WINDOWS\system32\MSCTF.dll PCSYNC2.EXE Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll PCSYNC2.EXE Global 74730D4E WH_SHELL C:\WINDOWS\system32\MSCTF.dll WCESCOMM.EXE Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll WCESCOMM.EXE Global 74730DE9 WH_GETMESSAGE C:\WINDOWS\system32\MSCTF.dll WCESCOMM.EXE Global 63001580 WH_CBT C:\WINDOWS\system32\SynTPFcs.dll WCESCOMM.EXE Global 747308B6 WH_CBT C:\WINDOWS\system32\MSCTF.dll WCESCOMM.EXE Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll WCESCOMM.EXE Global 74730D4E WH_SHELL C:\WINDOWS\system32\MSCTF.dll avgcc.exe Local 7C172389 WH_MSGFILTER C:\WINDOWS\system32\MFC71.DLL avgcc.exe Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll avgcc.exe Global 74730DE9 WH_GETMESSAGE C:\WINDOWS\system32\MSCTF.dll avgcc.exe Local 7C16FAE1 WH_CBT C:\WINDOWS\system32\MFC71.DLL avgcc.exe Global 63001580 WH_CBT C:\WINDOWS\system32\SynTPFcs.dll avgcc.exe Global 747308B6 WH_CBT C:\WINDOWS\system32\MSCTF.dll avgcc.exe Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll avgcc.exe Global 74730D4E WH_SHELL C:\WINDOWS\system32\MSCTF.dll avgcc.exe Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll avgcc.exe Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll ANBMSERV.EXE Global 00010DE9 WH_GETMESSAGE C:\Acer\eManager\anbmServ.exe ANBMSERV.EXE Global 00001580 WH_CBT C:\Acer\eManager\anbmServ.exe ANBMSERV.EXE Global 000108B6 WH_CBT C:\Acer\eManager\anbmServ.exe ANBMSERV.EXE Global 00010D4E WH_SHELL C:\Acer\eManager\anbmServ.exe SPOOLSV.EXE Global 00010DE9 WH_GETMESSAGE C:\WINDOWS\system32\spoolsv.exe SPOOLSV.EXE Global 00001580 WH_CBT C:\WINDOWS\system32\spoolsv.exe SPOOLSV.EXE Global 000108B6 WH_CBT C:\WINDOWS\system32\spoolsv.exe SPOOLSV.EXE Global 00010D4E WH_SHELL C:\WINDOWS\system32\spoolsv.exe HKCMD.EXE Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll HKCMD.EXE Global 74730DE9 WH_GETMESSAGE C:\WINDOWS\system32\MSCTF.dll HKCMD.EXE Global 63001580 WH_CBT C:\WINDOWS\system32\SynTPFcs.dll HKCMD.EXE Global 747308B6 WH_CBT C:\WINDOWS\system32\MSCTF.dll HKCMD.EXE Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll HKCMD.EXE Global 74730D4E WH_SHELL C:\WINDOWS\system32\MSCTF.dll S24EVMON.EXE Global 00010DE9 WH_GETMESSAGE C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe S24EVMON.EXE Global 00001580 WH_CBT C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe S24EVMON.EXE Global 000108B6 WH_CBT C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe S24EVMON.EXE Global 00010D4E WH_SHELL C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe IGFXTRAY.EXE Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll IGFXTRAY.EXE Global 74730DE9 WH_GETMESSAGE C:\WINDOWS\system32\MSCTF.dll IGFXTRAY.EXE Global 00001580 WH_CBT C:\WINDOWS\system32\igfxtray.exe IGFXTRAY.EXE Global 747308B6 WH_CBT C:\WINDOWS\system32\MSCTF.dll IGFXTRAY.EXE Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll IGFXTRAY.EXE Global 74730D4E WH_SHELL C:\WINDOWS\system32\MSCTF.dll PCMSERVICE.EXE Local 7C172389 WH_MSGFILTER C:\Program Files\Acer\Acer Arcade\MFC71.DLL PCMSERVICE.EXE Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll PCMSERVICE.EXE Global 74730DE9 WH_GETMESSAGE C:\WINDOWS\system32\MSCTF.dll PCMSERVICE.EXE Local 7C16FAE1 WH_CBT C:\Program Files\Acer\Acer Arcade\MFC71.DLL PCMSERVICE.EXE Global 63001580 WH_CBT C:\WINDOWS\system32\SynTPFcs.dll PCMSERVICE.EXE Global 747308B6 WH_CBT C:\WINDOWS\system32\MSCTF.dll PCMSERVICE.EXE Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll PCMSERVICE.EXE Global 74730D4E WH_SHELL C:\WINDOWS\system32\MSCTF.dll QTZGACER.EXE Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll QTZGACER.EXE Global 74730DE9 WH_GETMESSAGE C:\WINDOWS\system32\MSCTF.dll QTZGACER.EXE Global 63001580 WH_CBT C:\WINDOWS\system32\SynTPFcs.dll QTZGACER.EXE Global 747308B6 WH_CBT C:\WINDOWS\system32\MSCTF.dll QTZGACER.EXE Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll QTZGACER.EXE Global 74730D4E WH_SHELL C:\WINDOWS\system32\MSCTF.dll QTZGACER.EXE Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll QTZGACER.EXE Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll RTHDCPL.EXE Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll RTHDCPL.EXE Global 74730DE9 WH_GETMESSAGE C:\WINDOWS\system32\MSCTF.dll RTHDCPL.EXE Global 63001580 WH_CBT C:\WINDOWS\system32\SynTPFcs.dll RTHDCPL.EXE Global 747308B6 WH_CBT C:\WINDOWS\system32\MSCTF.dll RTHDCPL.EXE Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll RTHDCPL.EXE Global 74730D4E WH_SHELL C:\WINDOWS\system32\MSCTF.dll IGFXPERS.EXE Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll IGFXPERS.EXE Global 74730DE9 WH_GETMESSAGE C:\WINDOWS\system32\MSCTF.dll IGFXPERS.EXE Global 63001580 WH_CBT C:\WINDOWS\system32\SynTPFcs.dll IGFXPERS.EXE Global 747308B6 WH_CBT C:\WINDOWS\system32\MSCTF.dll IGFXPERS.EXE Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll IGFXPERS.EXE Global 74730D4E WH_SHELL C:\WINDOWS\system32\MSCTF.dll IGFXPERS.EXE Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll IGFXPERS.EXE Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll SYNTPLPR.EXE Global 74730DE9 WH_GETMESSAGE C:\WINDOWS\system32\MSCTF.dll SYNTPLPR.EXE Global 00001580 WH_CBT C:\Program Files\Synaptics\SynTP\SynTPLpr.exe SYNTPLPR.EXE Global 747308B6 WH_CBT C:\WINDOWS\system32\MSCTF.dll SYNTPLPR.EXE Global 74730D4E WH_SHELL C:\WINDOWS\system32\MSCTF.dll SYNTPENH.EXE Global 74730DE9 WH_GETMESSAGE C:\WINDOWS\system32\MSCTF.dll SYNTPENH.EXE Global 011F1580 WH_CBT C:\WINDOWS\system32\SynTPFcs.dll SYNTPENH.EXE Global 747308B6 WH_CBT C:\WINDOWS\system32\MSCTF.dll SYNTPENH.EXE Global 74730D4E WH_SHELL C:\WINDOWS\system32\MSCTF.dll SYNTPENH.EXE Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll SYNTPENH.EXE Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll LAUNCH~1.EXE Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll LAUNCH~1.EXE Global 74730DE9 WH_GETMESSAGE C:\WINDOWS\system32\MSCTF.dll LAUNCH~1.EXE Global 63001580 WH_CBT C:\WINDOWS\system32\SynTPFcs.dll LAUNCH~1.EXE Global 747308B6 WH_CBT C:\WINDOWS\system32\MSCTF.dll LAUNCH~1.EXE Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll LAUNCH~1.EXE Global 74730D4E WH_SHELL C:\WINDOWS\system32\MSCTF.dll RUNDLL32.EXE Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll RUNDLL32.EXE Global 74730DE9 WH_GETMESSAGE C:\WINDOWS\system32\MSCTF.dll RUNDLL32.EXE Global 63001580 WH_CBT C:\WINDOWS\system32\SynTPFcs.dll RUNDLL32.EXE Global 747308B6 WH_CBT C:\WINDOWS\system32\MSCTF.dll RUNDLL32.EXE Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll RUNDLL32.EXE Global 74730D4E WH_SHELL C:\WINDOWS\system32\MSCTF.dll EOUWIZ.EXE Local 004419AB WH_MSGFILTER C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe EOUWIZ.EXE Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll EOUWIZ.EXE Global 74730DE9 WH_GETMESSAGE C:\WINDOWS\system32\MSCTF.dll EOUWIZ.EXE Local 0043DC28 WH_CBT C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe EOUWIZ.EXE Global 00001580 WH_CBT C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe EOUWIZ.EXE Global 747308B6 WH_CBT C:\WINDOWS\system32\MSCTF.dll EOUWIZ.EXE Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll EOUWIZ.EXE Global 74730D4E WH_SHELL C:\WINDOWS\system32\MSCTF.dll IFRMEWRK.EXE Local 0044A650 WH_MSGFILTER C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe IFRMEWRK.EXE Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll IFRMEWRK.EXE Global 74730DE9 WH_GETMESSAGE C:\WINDOWS\system32\MSCTF.dll IFRMEWRK.EXE Local 00445AB5 WH_CBT C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe IFRMEWRK.EXE Global 63001580 WH_CBT C:\WINDOWS\system32\SynTPFcs.dll IFRMEWRK.EXE Global 747308B6 WH_CBT C:\WINDOWS\system32\MSCTF.dll IFRMEWRK.EXE Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll IFRMEWRK.EXE Global 74730D4E WH_SHELL C:\WINDOWS\system32\MSCTF.dll ZCFGSVC.EXE Local 00459E4B WH_MSGFILTER C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe ZCFGSVC.EXE Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll ZCFGSVC.EXE Global 74730DE9 WH_GETMESSAGE C:\WINDOWS\system32\MSCTF.dll ZCFGSVC.EXE Local 004551B4 WH_CBT C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe ZCFGSVC.EXE Global 63001580 WH_CBT C:\WINDOWS\system32\SynTPFcs.dll ZCFGSVC.EXE Global 747308B6 WH_CBT C:\WINDOWS\system32\MSCTF.dll ZCFGSVC.EXE Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll ZCFGSVC.EXE Global 74730D4E WH_SHELL C:\WINDOWS\system32\MSCTF.dll STATUSCLIENT.EX Global 74730DE9 WH_GETMESSAGE C:\WINDOWS\system32\MSCTF.dll STATUSCLIENT.EX Global 63001580 WH_CBT C:\WINDOWS\system32\SynTPFcs.dll STATUSCLIENT.EX Global 747308B6 WH_CBT C:\WINDOWS\system32\MSCTF.dll STATUSCLIENT.EX Global 74730D4E WH_SHELL C:\WINDOWS\system32\MSCTF.dll STATUSCLIENT.EX Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll STATUSCLIENT.EX Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll STATUSCLIENT.EX Local 7473024B WH_KEYBOARD C:\WINDOWS\system32\MSCTF.dll STATUSCLIENT.EX Local 7472FF89 WH_MOUSE C:\WINDOWS\system32\MSCTF.dll CLSCHED.EXE Global 00010DE9 WH_GETMESSAGE C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe CLSCHED.EXE Global 00001580 WH_CBT C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe CLSCHED.EXE Global 000108B6 WH_CBT C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe CLSCHED.EXE Global 00010D4E WH_SHELL C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe RICHVIDEO.EXE Global 00010DE9 WH_GETMESSAGE C:\Program Files\CyberLink\Shared Files\RichVideo.exe RICHVIDEO.EXE Global 00001580 WH_CBT C:\Program Files\CyberLink\Shared Files\RichVideo.exe RICHVIDEO.EXE Global 000108B6 WH_CBT C:\Program Files\CyberLink\Shared Files\RichVideo.exe RICHVIDEO.EXE Global 00010D4E WH_SHELL C:\Program Files\CyberLink\Shared Files\RichVideo.exe MDM.EXE Global 00010DE9 WH_GETMESSAGE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE MDM.EXE Global 00001580 WH_CBT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE MDM.EXE Global 000108B6 WH_CBT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE MDM.EXE Global 00010D4E WH_SHELL C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE CLMLSERVICE.EXE Global 00010DE9 WH_GETMESSAGE C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe CLMLSERVICE.EXE Global 00001580 WH_CBT C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe CLMLSERVICE.EXE Global 000108B6 WH_CBT C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe CLMLSERVICE.EXE Global 00010D4E WH_SHELL C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe

Rorschach112 View Member Profile	Apr 30 2008, 12:21 PM Post #9
GeekU Teacher Posts: 29,623 From: Dublin OS: XP	Looking good Now we need to reconfigure Windows XP to show hidden files: Double-click the My Computer icon on the Windows desktop. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select "Show hidden files and folders". Uncheck the "Hide protected operating system files (recommended)" option. Uncheck the "Hide file extensions for known file types" option. Click Yes to confirm. Click OK. Can you tell me if this folder is present C:\Windows\system32\drivers\disdn Please do an online scan with Kaspersky WebScanner Click on Kaspersky Online Scanner and click Accept You will be prompted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make that the following are selected: Scan using the following Anti-Virus database: Extended (if available otherwise Standard) Scan Options: Scan Archives Scan Mail Bases Click OK Now under select a target to scan: Select My Computer This will program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button: Save the file to your desktop. Copy and paste that information in your next post. Click here to use the F-Secure Online Scanner Then click the Start Scanning button below. You should get a notification (bar on top) to install the activeX. Click on it and select to install the ActiveX. Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan. In case you are having problems with installing the ActiveX/starting the scan, please read here. Click the Full System Scan button. It will start to download scanner components and databases. This can take a while. The main scan will start. Once the scan finished scanning, click the Automatic cleaning (recommended) button It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure. The cleaning can take a while, so please be patient. Then click the Show report button and copy and paste what's present under results in your next reply. Also post a new HijackThis log

kifera View Member Profile	May 1 2008, 12:17 AM Post #10
Member Posts: 22 OS: windows xp	Hi, The folder disdn is present, but doesn't contain any files. Unfortunately I can't use any online scanner since I think that due to the virus my internet connection was messed up, and now I can't connect. Tried to repair, but Windows doesn't see any wireless netowkrs and would not start Wireless Zero Configuration that is suggested. LAN doesn't work either. Intel ProSet Wireless device software detects multiple wireless networks, but doesn't connect to them either. I have ACG software and SuperAntiSpyware that I could run since they do not require online access.

Rorschach112 View Member Profile	May 1 2008, 06:23 AM Post #11
GeekU Teacher Posts: 29,623 From: Dublin OS: XP	Hello 1. Close any open browsers. 2. Open notepad and copy/paste the text in the quotebox below into it: QUOTE File:: Folder:: C:\Windows\system32\drivers\disdn Registry:: Driver:: Save this as CFScript.txt, in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at "C:\ComboFix.txt" Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall You will need to transfer this over to your PC with a USB flash key or something Download Dr.Web CureIt to the desktop: ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe Doubleclick the drweb-cureit.exe file and Allow to run the express scan This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan. Once the short scan has finished, mark the drives that you want to scan. Select all drives. A red dot shows which drives have been chosen. Click the green arrow at the right, and the scan will start. Click 'Yes to all' if it asks if you want to cure/move the file. When the scan has finished, in the menu, click file and choose save report list Save the report to your desktop. The report will be called DrWeb.csv Close Dr.Web Cureit. Also post a new HijackThis log and tell me how your PC is running

kifera View Member Profile	May 2 2008, 06:16 AM Post #12
Member Posts: 22 OS: windows xp	Hi, I managed to restore internet connection and ran Kaspersy and F-Secure. Here are the logs: ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT 2008-05-02 12:10 Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 2/05/2008 Kaspersky Anti-Virus database records: 735310 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ F:\ N:\ W:\ Z:\ Scan Statistics: Total number of scanned objects: 46489 Number of viruses found: 0 Number of infected objects: 0 Number of suspicious objects: 0 Duration of the scan process: 00:49:39 Infected Object Name / Virus Name / Last Action C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped C:\WINDOWS\system32\config\SYSTEM Object is locked skipped C:\WINDOWS\system32\config\DEFAULT Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\Temp\sqlite_4BkMeBuskKXwU3C Object is locked skipped C:\WINDOWS\Temp\CLML_AGENT_LOG1.txt Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\Debug\Netlogon.log Object is locked skipped C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\tmp.edb Object is locked skipped C:\WINDOWS\pchealth\helpctr\Config\Cache\Professional_32_1033.dat Object is locked skipped C:\WINDOWS\Downloaded Program Files\CONFLICT.1\daas.log Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{F82DAD0F-8E25-468D-A617-7FD631BAC136}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\CSC\00000001 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\nruskulik\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\nruskulik\Local Settings\Temp\WCESLog.log Object is locked skipped C:\Documents and Settings\nruskulik\Local Settings\Temp\jar_cache45706.tmp Object is locked skipped C:\Documents and Settings\nruskulik\Local Settings\Temp\jar_cache45707.tmp Object is locked skipped C:\Documents and Settings\nruskulik\Local Settings\Temp\jar_cache45708.tmp Object is locked skipped C:\Documents and Settings\nruskulik\Local Settings\Temp\jar_cache45709.tmp Object is locked skipped C:\Documents and Settings\nruskulik\Local Settings\Temp\jar_cache45710.tmp Object is locked skipped C:\Documents and Settings\nruskulik\Local Settings\Temp\jar_cache45711.tmp Object is locked skipped C:\Documents and Settings\nruskulik\Local Settings\Temp\jar_cache45712.tmp Object is locked skipped C:\Documents and Settings\nruskulik\Local Settings\Temp\jar_cache45713.tmp Object is locked skipped C:\Documents and Settings\nruskulik\Local Settings\Temp\jar_cache45714.tmp Object is locked skipped C:\Documents and Settings\nruskulik\Local Settings\Temp\toolbox_healer45715.log Object is locked skipped C:\Documents and Settings\nruskulik\Local Settings\Temp\jar_cache45716.tmp Object is locked skipped C:\Documents and Settings\nruskulik\Local Settings\Temp\jar_cache45717.tmp Object is locked skipped C:\Documents and Settings\nruskulik\Local Settings\Temp\jar_cache45718.tmp Object is locked skipped C:\Documents and Settings\nruskulik\Local Settings\Temp\jar_cache45719.tmp Object is locked skipped C:\Documents and Settings\nruskulik\Local Settings\Temp\jar_cache45720.tmp Object is locked skipped C:\Documents and Settings\nruskulik\Local Settings\Temp\MPC309C.tmp Object is locked skipped C:\Documents and Settings\nruskulik\Local Settings\Temp\jar_cache45721.tmp Object is locked skipped C:\Documents and Settings\nruskulik\Local Settings\Temp\~DFA68E.tmp Object is locked skipped C:\Documents and Settings\nruskulik\Local Settings\Temp\jar_cache45722.tmp Object is locked skipped C:\Documents and Settings\nruskulik\Local Settings\Temp\~DFA69A.tmp Object is locked skipped C:\Documents and Settings\nruskulik\Local Settings\Temp\PCHC_1_1\Anti-Virus\perf.dat Object is locked skipped C:\Documents and Settings\nruskulik\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\nruskulik\Local Settings\History\History.IE5\MSHist012008050220080503\index.dat Object is locked skipped C:\Documents and Settings\nruskulik\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\nruskulik\Local Settings\Temporary Internet Files\Content.IE5\IFKVILPW\default[2].htm Object is locked skipped C:\Documents and Settings\nruskulik\Local Settings\Application Data\Acer Arcade\Trace.log Object is locked skipped C:\Documents and Settings\nruskulik\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\nruskulik\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\nruskulik\Cookies\index.dat Object is locked skipped C:\Documents and Settings\nruskulik\Application Data\$_hpcst$.hpc Object is locked skipped C:\Documents and Settings\nruskulik\UserData\index.dat Object is locked skipped C:\Documents and Settings\nruskulik\NTUSER.DAT Object is locked skipped C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLML_MAIN\CLML.db Object is locked skipped Scan process completed. ******************************* F-Secure log: Scanning Report Friday, May 02, 2008 13:00:07 - 13:48:34 Computer name: CHAHINE-LT3217 Scanning type: Scan system for malware, rootkits Target: C:\ D:\ -------------------------------------------------------------------------------- Result: 1 malware found Tracking Cookie (spyware) System -------------------------------------------------------------------------------- Statistics Scanned: Files: 34062 System: 3971 Not scanned: 9 Actions: Disinfected: 0 Renamed: 0 Deleted: 0 None: 1 Submitted: 0 Files not scanned: C:\HIBERFIL.SYS C:\PAGEFILE.SYS C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{F82DAD0F-8E25-468D-A617-7FD631BAC136}.BIN C:\WINDOWS\TEMP\SQLITE_4BKMEBUSKKXWU3C C:\WINDOWS\SYSTEM32\CONFIG\SECURITY C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT C:\WINDOWS\SYSTEM32\CONFIG\SAM -------------------------------------------------------------------------------- Options Scanning engines: F-Secure USS: 2.30.0 F-Secure Hydra: 2.8.8110, 2008-05-02 F-Secure AVP: 7.0.171, 2008-05-02 F-Secure Pegasus: 1.20.0, 2008-02-28 F-Secure Blacklight: 1.0.64 Scanning options: Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR Use Advanced heuristics *************************** Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:50, on 2008-05-02 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Acer\Acer Arcade\PCMService.exe C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe C:\PROGRA~1\MI3AA1~1\wcescomm.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\UFDisk\UFDisk Format Tool\iFormat.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.1.192:8080 O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray O4 - HKLM\..\Run: [TempRemove] "C:\Program Files\Crystal Ball\CB Predictor\terminator.exe" O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe" O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe" O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: iFormat.lnk = C:\Program Files\UFDisk\UFDisk Format Tool\iFormat.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210 O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU) O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1209716959968 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {E1E73B44-2D20-47A9-9CA2-B534CEBBF856} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/onlin.../fshc/fscax.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Alghanim.com O17 - HKLM\Software\..\Telephony: DomainName = Alghanim.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Alghanim.com O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- End of file - 11698 bytes

kifera View Member Profile	May 2 2008, 06:26 AM Post #13
Member Posts: 22 OS: windows xp	Then I also ran ComboFix and Dr. Cure accroding to your instructions ComboFix 08-04-24.1 - Nkulik 2008-05-02 15:03:58.8 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.197 [GMT 3:00] Running from: C:\Documents and Settings\nruskulik\Desktop\Combo-Fix.exe Command switches used :: C:\Documents and Settings\nruskulik\Desktop\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\system32\drivers\disdn . . . . failed to delete . ((((((((((((((((((((((((( Files Created from 2008-04-02 to 2008-05-02 ))))))))))))))))))))))))))))))) . 2008-05-02 14:52 . 2008-05-02 14:52 <DIR> d-------- C:\Program Files\IObit 2008-05-02 14:31 . 2008-05-02 14:31 <DIR> d-------- C:\Program Files\Siber Systems 2008-05-02 14:31 . 2008-05-02 14:31 <DIR> d-------- C:\Documents and Settings\nruskulik\Application Data\GoodSync 2008-05-02 11:30 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui 2008-05-02 11:30 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui 2008-05-02 11:30 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2008-05-02 11:30 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui 2008-05-01 11:11 . 2008-05-01 11:11 <DIR> d-------- C:\fsaua.data 2008-05-01 10:59 . 2008-05-01 10:59 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy 2008-05-01 10:54 . 2008-05-01 10:54 21,035 --a------ C:\WINDOWS\system32\drivers\AegisP.sys 2008-05-01 10:47 . 2008-05-01 10:47 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\PC Suite 2008-05-01 10:47 . 2008-05-01 10:47 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7 2008-05-01 10:28 . 2008-05-01 10:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-05-01 10:27 . 2008-05-01 10:27 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-04-29 08:15 . 2008-04-29 08:15 <DIR> dr-h----- C:\$VAULT$.AVG 2008-04-28 23:01 . 2008-04-28 23:01 <DIR> d-------- C:\Documents and Settings\nruskulik\Application Data\AVG7 2008-04-28 23:01 . 2008-04-28 23:01 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2008-04-28 23:00 . 2008-04-28 23:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-04-28 23:00 . 2008-04-28 23:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7 2008-04-26 21:23 . 2008-04-26 21:23 <DIR> d-------- C:\Documents and Settings\nruskulik\DoctorWeb 2008-04-26 21:07 . 2008-04-26 05:40 <DIR> d-------- C:\SDFix 2008-04-26 20:32 . 2008-04-26 20:32 <DIR> d-------- C:\Program Files\doc 2008-04-26 10:01 . 2008-04-26 10:01 <DIR> d-------- C:\Program Files\Trend Micro 2008-04-26 03:24 . 2008-04-26 03:24 <DIR> d-------- C:\Deckard 2008-04-25 23:26 . 2008-04-25 23:26 <DIR> d-------- C:\Program Files\McAfee.com 2008-04-25 23:26 . 2008-04-25 23:26 <DIR> d-------- C:\Program Files\McAfee 2008-04-25 23:26 . 2008-04-25 23:26 <DIR> d-------- C:\Program Files\Common Files\McAfee 2008-04-25 23:07 . 2008-04-25 23:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee 2008-04-25 22:28 . 2008-04-25 22:28 <DIR> d-------- C:\Documents and Settings\nruskulik\Application Data\Malwarebytes 2008-04-25 22:28 . 2008-04-25 22:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-04-25 22:27 . 2008-04-25 22:28 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-04-25 22:17 . 2008-04-25 22:17 <DIR> d-------- C:\Documents and Settings\nruskulik\Application Data\U3 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-26 01:20 68,096 ----a-w C:\WINDOWS\system32\dllcache\sysinfo.exe 2008-04-26 01:20 14,848 ----a-w C:\WINDOWS\system32\dllcache\register.exe 2008-02-12 13:14 78,756 ----a-w C:\Program Files\release_notes_kav7.0mp1cf1_en.html 2008-02-08 16:04 72,264 ----a-w C:\Program Files\setup.exe 2008-02-08 16:03 30,529,024 ----a-w C:\Program Files\kav.en.msi 2007-08-02 13:53 536 ----a-w C:\Program Files\setup.reg . ((((((((((((((((((((((((((((( snapshot@2008-04-28_22.28.06.01 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-28 19:24:38 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-02 12:06:38 2,048 --s-a-w C:\WINDOWS\bootstat.dat - 2008-04-28 19:23:44 1,660 ----a-w C:\WINDOWS\bthservsdp.dat + 2008-05-02 12:05:54 1,660 ----a-w C:\WINDOWS\bthservsdp.dat + 2008-02-27 12:59:28 290,816 ----a-w C:\WINDOWS\Downloaded Program Files\auc_lib.dll + 2008-03-07 15:50:50 290,816 ----a-w C:\WINDOWS\Downloaded Program Files\CONFLICT.1\auc_lib.dll + 2008-03-07 15:50:50 495,616 ----a-w C:\WINDOWS\Downloaded Program Files\CONFLICT.1\daas_s.dll + 2008-03-07 15:51:48 380,928 ----a-w C:\WINDOWS\Downloaded Program Files\CONFLICT.1\fscax.dll + 2008-03-07 15:50:50 159,744 ----a-w C:\WINDOWS\Downloaded Program Files\CONFLICT.1\fsld32.dll + 2008-03-07 15:50:32 588,456 ----a-w C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gatelauncher.exe + 2008-03-07 15:50:32 588,456 ----a-w C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gatelauncheradmin.exe + 2008-02-27 12:59:28 495,616 ----a-w C:\WINDOWS\Downloaded Program Files\daas_s.dll + 2008-02-27 13:00:12 262,144 ----a-w C:\WINDOWS\Downloaded Program Files\fscax.dll + 2008-02-27 12:59:16 588,392 ----a-w C:\WINDOWS\Downloaded Program Files\gatelauncher.exe - 2005-05-26 01:16:24 75,544 ----a-w C:\WINDOWS\system32\cdm.dll + 2007-07-30 16:19:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll - 2005-05-26 01:16:24 75,544 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll + 2007-07-30 16:19:20 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll - 2005-05-26 01:16:30 465,176 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll + 2007-07-30 16:19:36 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll - 2005-05-26 01:16:30 124,184 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe + 2007-07-30 16:19:16 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe - 2005-05-26 01:16:30 1,343,768 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll + 2007-07-30 16:19:42 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll - 2005-05-26 01:16:30 127,256 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll + 2007-07-30 16:19:32 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll - 2005-05-26 01:16:30 41,240 ----a-w C:\WINDOWS\system32\dllcache\wups.dll + 2007-07-30 16:18:40 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll - 2005-05-26 01:19:32 173,536 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll + 2007-07-30 16:19:46 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll + 2008-04-28 20:00:42 821,856 ----a-w C:\WINDOWS\system32\drivers\avg7core.sys + 2008-04-28 20:00:46 4,224 ----a-w C:\WINDOWS\system32\drivers\avg7rsw.sys + 2008-04-28 20:00:46 27,776 ----a-w C:\WINDOWS\system32\drivers\avg7rsxp.sys + 2008-04-28 20:00:48 10,760 ----a-w C:\WINDOWS\system32\drivers\avgclean.sys + 2008-04-28 20:00:48 26,952 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys + 2005-05-24 09:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll + 2007-08-29 12:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe + 2007-08-29 12:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll - 2008-04-26 09:19:42 18,433 ----a-w C:\WINDOWS\system32\Lang\Arabic.bin + 2008-05-01 07:47:24 18,433 ----a-w C:\WINDOWS\system32\Lang\Arabic.bin - 2008-04-26 09:19:32 21,036 ----a-w C:\WINDOWS\system32\Lang\Danish.bin + 2008-05-01 07:47:24 21,036 ----a-w C:\WINDOWS\system32\Lang\Danish.bin - 2008-04-26 09:19:34 22,184 ----a-w C:\WINDOWS\system32\Lang\Dutch.bin + 2008-05-01 07:47:24 22,184 ----a-w C:\WINDOWS\system32\Lang\Dutch.bin - 2008-04-26 09:19:40 19,023 ----a-w C:\WINDOWS\system32\Lang\English.bin + 2008-05-01 07:47:24 19,023 ----a-w C:\WINDOWS\system32\Lang\English.bin - 2008-04-26 09:19:34 23,732 ----a-w C:\WINDOWS\system32\Lang\French.bin + 2008-05-01 07:47:24 23,732 ----a-w C:\WINDOWS\system32\Lang\French.bin - 2008-04-26 09:19:34 22,322 ----a-w C:\WINDOWS\system32\Lang\German.bin + 2008-05-01 07:47:24 22,322 ----a-w C:\WINDOWS\system32\Lang\German.bin - 2008-04-26 09:19:42 21,687 ----a-w C:\WINDOWS\system32\Lang\Greek.bin + 2008-05-01 07:47:24 21,687 ----a-w C:\WINDOWS\system32\Lang\Greek.bin - 2008-04-26 09:19:34 23,929 ----a-w C:\WINDOWS\system32\Lang\Italian.bin + 2008-05-01 07:47:24 23,929 ----a-w C:\WINDOWS\system32\Lang\Italian.bin - 2008-04-26 09:19:32 20,930 ----a-w C:\WINDOWS\system32\Lang\Japanese.bin + 2008-05-01 07:47:24 20,930 ----a-w C:\WINDOWS\system32\Lang\Japanese.bin - 2008-04-26 09:19:32 17,413 ----a-w C:\WINDOWS\system32\Lang\Korean.bin + 2008-05-01 07:47:24 17,413 ----a-w C:\WINDOWS\system32\Lang\Korean.bin - 2008-04-26 09:19:42 20,749 ----a-w C:\WINDOWS\system32\Lang\Polish.bin + 2008-05-01 07:47:24 20,749 ----a-w C:\WINDOWS\system32\Lang\Polish.bin - 2008-04-26 09:19:44 21,733 ----a-w C:\WINDOWS\system32\Lang\Portuguese(Brazil).bin + 2008-05-01 07:47:24 21,733 ----a-w C:\WINDOWS\system32\Lang\Portuguese(Brazil).bin - 2008-04-26 09:19:40 22,587 ----a-w C:\WINDOWS\system32\Lang\Portuguese.bin + 2008-05-01 07:47:24 22,587 ----a-w C:\WINDOWS\system32\Lang\Portuguese.bin - 2008-04-26 09:19:34 22,768 ----a-w C:\WINDOWS\system32\Lang\Russian.bin + 2008-05-01 07:47:24 22,768 ----a-w C:\WINDOWS\system32\Lang\Russian.bin - 2008-04-26 09:19:42 14,382 ----a-w C:\WINDOWS\system32\Lang\SimChin.bin + 2008-05-01 07:47:24 14,382 ----a-w C:\WINDOWS\system32\Lang\SimChin.bin - 2008-04-26 09:19:36 24,009 ----a-w C:\WINDOWS\system32\Lang\Spanish.bin + 2008-05-01 07:47:24 24,009 ----a-w C:\WINDOWS\system32\Lang\Spanish.bin - 2008-04-26 09:19:36 20,912 ----a-w C:\WINDOWS\system32\Lang\SWEDISH.bin + 2008-05-01 07:47:24 20,912 ----a-w C:\WINDOWS\system32\Lang\SWEDISH.bin - 2008-04-26 09:19:42 19,081 ----a-w C:\WINDOWS\system32\Lang\Thai.bin + 2008-05-01 07:47:24 19,081 ----a-w C:\WINDOWS\system32\Lang\Thai.bin - 2008-04-26 09:19:34 14,944 ----a-w C:\WINDOWS\system32\Lang\TradChin.bin + 2008-05-01 07:47:24 14,944 ----a-w C:\WINDOWS\system32\Lang\TradChin.bin - 2006-05-17 08:23:38 579,888 ------w C:\WINDOWS\system32\LegitCheckControl.dll + 2008-03-20 15:06:36 1,480,232 ------w C:\WINDOWS\system32\LegitCheckControl.dll + 2007-07-30 16:18:34 207,736 ----a-w C:\WINDOWS\system32\muweb.dll + 2005-09-12 07:49:44 3,298,432 ----a-w C:\WINDOWS\system32\ReinstallBackups\0024\DriverFiles\w29n51.sys + 2005-09-05 18:25:34 466,944 ----a-w C:\WINDOWS\system32\ReinstallBackups\0024\DriverFiles\w29NCPA.dll + 2007-07-30 16:19:36 549,720 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wuapi.dll\7.0.6000.381\wuapi.dll + 2007-07-30 16:18:40 33,624 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\wups.dll + 2007-07-30 16:19:12 43,352 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.0.6000.381\wups2.dll - 2006-04-03 08:40:10 14,048 ------w C:\WINDOWS\system32\spmsg.dll + 2008-03-20 11:41:20 14,640 ------w C:\WINDOWS\system32\spmsg.dll - 2005-05-26 01:16:30 465,176 ----a-w C:\WINDOWS\system32\wuapi.dll + 2007-07-30 16:19:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll - 2005-05-26 01:16:30 124,184 ----a-w C:\WINDOWS\system32\wuauclt.exe + 2007-07-30 16:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe - 2005-05-26 01:16:30 1,343,768 ----a-w C:\WINDOWS\system32\wuaueng.dll + 2007-07-30 16:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll - 2005-05-26 01:16:30 127,256 ----a-w C:\WINDOWS\system32\wucltui.dll + 2007-07-30 16:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll - 2005-05-26 01:16:30 41,240 ----a-w C:\WINDOWS\system32\wups.dll + 2007-07-30 16:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll - 2005-05-26 01:16:30 18,200 ----a-w C:\WINDOWS\system32\wups2.dll + 2007-07-30 16:19:12 43,352 ----a-w C:\WINDOWS\system32\wups2.dll - 2005-05-26 01:19:32 173,536 ----a-w C:\WINDOWS\system32\wuweb.dll + 2007-07-30 16:19:46 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"="C:\PROGRA~1\MI3AA1~1\wcescomm.exe" [2006-06-26 16:13 1207080] "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-11-30 16:56 1306624] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-01-29 15:36 25370152] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StatusClient 2.6"="C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2004-02-27 20:29 61440] "TomcatStartup 2.5"="C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-05-20 19:40 188416] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-01-07 13:02 49152] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 23:56 110592 C:\WINDOWS\system32\bthprops.cpl] "PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2005-12-13 08:49 217088] "TempRemove"="C:\Program Files\Crystal Ball\CB Predictor\terminator.exe" [1998-12-19 11:06 7680] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 14:44 98394] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 14:43 688218] "RTHDCPL"="RTHDCPL.EXE" [2005-08-09 15:17 14743552 C:\WINDOWS\RTHDCPL.EXE] "PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2005-08-31 19:59 147456] "LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2005-10-11 14:04 462848] "LaunchApp"="Alaunch" [] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 05:00 208952] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-18 20:09 94208] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-18 20:10 114688] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-18 20:06 77824] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe] "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2008-04-26 20:49 385024] "ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-15 10:03 2893824] "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 19:51 53248] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-28 23:00 579584] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-09-27 12:37 667718] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-09-27 12:37 602182] "EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-09-27 12:41 569413] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-28 23:00 219136] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe [2007-06-13 17:23:23 25214] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "LogonType"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveSearch"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au] "NoAutoUpdate"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.mkdmp3enc"= C:\PROGRA~1\Acer\ACERAR~1\Kernel\Burner\MKDMP3Enc.ACM "VIDC.HFYU"= huffyuv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0] "Script"=\\Alghanim.com\sysvol\Alghanim.com\scripts\AV_Repair.bat [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk] backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk] backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^IT^Start Menu^Programs^Startup^palmOne Registration.lnk] backup=C:\WINDOWS\pss\palmOne Registration.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Scheduler] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "C:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"= "C:\\Program Files\\UTORRENT\\utorrent.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10] R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 18:08] R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58] R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57] . ************************************************************************ catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-02 15:07:46 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** "ImagePath"="\"C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe\"\00\|5\01\00�\00\00\00\00\0c\00\00\00D\00\00\00\00\00R\02\18�\|\00\00\00\00~\00\00\00�- [\02��\|~\00\00\00x\01\15\00��\13\00E\1d�\|�\1b" . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Acer\eManager\anbmServ.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe . ************************************************************************ . Completion time: 2008-05-02 15:09:40 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-02 12:09:36 ComboFix4.txt 2008-04-28 19:28:18 ComboFix3.txt 2008-04-29 17:53:28 ComboFix2.txt 2008-04-29 20:27:02 Pre-Run: 14,479,556,608 bytes free Post-Run: 14,481,227,776 bytes free 288

kifera View Member Profile	May 2 2008, 07:37 AM Post #14
Member Posts: 22 OS: windows xp	Log from Dr.Web: mbam.exe;C:\Program Files\Malwarebytes' Anti-Malware;Probably BACKDOOR.Trojan;; Process.exe;C:\SDFix\apps;Tool.Prockill;;

Rorschach112 View Member Profile	May 2 2008, 08:22 AM Post #15
GeekU Teacher Posts: 29,623 From: Dublin OS: XP	Looking good Follow these steps to uninstall Combofix and tools used in the removal of malware Click START then RUN Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there. Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here : http://www.adobe.com/products/acrobat/readstep2.html Below I have included a number of recommendations for how to protect your computer against malware infections. * Keep Windows updated by regularly checking their website at : http://windowsupdate.microsoft.com/ This will ensure your computer has always the latest security updates available installed on your computer. * To reduce re-infection for malware in the future, I strongly recommend installing these free programs: SpywareBlaster protects against bad ActiveX IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all Have a look at this tutorial for IE-Spyad here * SpywareGuard offers realtime protection from spyware installation attempts. Make Internet Explorer more secure Click Start > Run Type Inetcpl.cpl & click OK Click on the Security tab Click Reset all zones to default level Make sure the Internet Zone is selected & Click Custom level In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable". Next Click OK, then Apply button and then OK to exit the Internet Properties page. * MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future. * Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from Here * Take a good look at the following suggestions for malware prevention by reading Tony Klein�s article 'How Did I Get Infected In The First Place' Here Thank you for your patience, and performing all of the procedures requested.

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

2 Pages

1 2 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal KOOBFACE Virus [RESOLVED]	8 / 271	15th December 2008 - 05:45 AM torr_tom started - last by miekiemoes
Virus, Spyware and Trojan Removal Need help removing Troj/Virtum-Gen virus [RESOLVED]	12 / 1,295	9th December 2008 - 05:05 PM klay44 started - last by Essexboy
Virus, Spyware and Trojan Removal Need help removing Troj/Virtum-Gen Virus [RESOLVED]	3 / 341	9th December 2008 - 10:38 PM bwelty started - last by fenzodahl512
Virus, Spyware and Trojan Removal Weird Continuous Attacking Virus [RESOLVED]	1 / 129	21st February 2009 - 09:38 AM patdied started - last by patdied