Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan:Win32/Alureon.gen!U how to remove? [Solved]


  • This topic is locked This topic is locked

#16
ag9723

ag9723

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Malwarebytes' Anti-Malware 1.40
Database version: 2622
Windows 5.1.2600 Service Pack 3

8/14/2009 6:16:05 AM
mbam-log-2009-08-14 (06-16-05).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 173758
Time elapsed: 49 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

Advertisements


#17
ag9723

ag9723

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=7.00.6000.16876 (vista_gdr.090625-2339)
# OnlineScanner.ocx=1.0.0.6048
# api_version=3.0.2
# EOSSerial=470472ea662df149b3321bb7008d89fb
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-08-14 11:05:39
# local_time=2009-08-14 06:05:39 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=65487
# found=1
# cleaned=1
# scan_time=2245
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\9YECAWX1\crypt_install[1].exe a variant of Win32/Kryptik.ADP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  • 0

#18
ag9723

ag9723

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
I think its still there
  • 0

#19
ag9723

ag9723

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
:)

Attached Thumbnails

  • untitled.JPG

  • 0

#20
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
That's the reason why you shouldn't run tools more than once unless specified.. You run ComboFix twice before.. When you run it second time, the log may change and we might fail to see what's left..

Can you delete the SkyNet key manually?
  • 0

#21
ag9723

ag9723

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
my mistake, and no i have tried.
  • 0

#22
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
1. Please open Notepad
  • If you don't know how, just go to Start >> Run >> copy/paste notepad.exe >> Enter

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

Driver::
SKYNETirkcjsni
SKYNETjuvgakkl

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SKYNETirkcjsni]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SKYNETjuvgakkl]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • Do you still see the bad SkyNet keys?.

Edited by fenzodahl512, 14 August 2009 - 10:54 PM.

  • 0

#23
ag9723

ag9723

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
ComboFix 09-08-10.06 - devry 08/15/2009 4:03.4.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.426 [GMT -5:00]
Running from: c:\documents and settings\devry\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\devry\Desktop\CFScript.txt
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.

((((((((((((((((((((((((( Files Created from 2009-07-15 to 2009-08-15 )))))))))))))))))))))))))))))))
.

2009-08-15 08:52 . 2009-08-15 08:52 -------- d-sh--w- c:\documents and settings\devry\IECompatCache
2009-08-15 08:51 . 2009-08-15 08:51 -------- d-sh--w- c:\documents and settings\devry\PrivacIE
2009-08-15 08:50 . 2009-08-15 08:50 -------- d-sh--w- c:\documents and settings\devry\IETldCache
2009-08-15 01:16 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-08-15 01:16 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-08-15 01:15 . 2009-08-15 01:19 -------- d-----w- c:\windows\ie8updates
2009-08-15 01:11 . 2009-07-01 07:08 101376 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-08-15 00:51 . 2009-08-15 01:10 -------- dc-h--w- c:\windows\ie8
2009-08-14 10:23 . 2009-08-14 10:23 -------- d-----w- c:\program files\ESET
2009-08-13 05:29 . 2009-08-13 05:29 -------- d-----w- c:\program files\ERUNT
2009-08-12 07:31 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-12 02:53 . 2009-08-12 17:10 -------- d-----w- C:\918a33bb93905ff2b83f
2009-08-12 01:40 . 2009-08-12 01:40 -------- d-----w- c:\documents and settings\devry\Application Data\Malwarebytes
2009-08-12 01:39 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-12 01:39 . 2009-08-12 01:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-12 01:39 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-12 01:39 . 2009-08-12 01:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-12 00:08 . 2009-08-12 02:24 -------- d-----w- C:\adab61f7192e14ffdf19a15749c0
2009-08-11 01:38 . 2009-08-11 01:38 -------- d-----w- c:\program files\Windows Defender
2009-08-09 17:35 . 2009-08-09 17:35 -------- d-----w- c:\windows\McAfee.com
2009-08-09 17:17 . 2009-08-09 17:17 1152 ----a-w- c:\windows\system32\windrv.sys
2009-08-09 17:07 . 2009-08-09 17:07 -------- d-----w- C:\32241fa13aa8c1c6fb1f98
2009-08-08 16:07 . 2009-08-11 12:05 -------- d-----w- c:\program files\Windows Live Safety Center
2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-31 13:00 . 2009-07-31 13:00 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\WMTools Downloaded Files
2009-07-28 16:06 . 2009-07-28 16:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-07-26 17:41 . 2001-08-17 18:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2009-07-26 17:41 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-07-26 15:42 . 2009-07-26 15:42 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Mozilla
2009-07-26 03:56 . 2009-08-05 17:43 -------- d-----w- c:\documents and settings\devry\Local Settings\Application Data\Temp
2009-07-26 03:56 . 2009-08-10 02:01 -------- d-----w- c:\documents and settings\devry\Local Settings\Application Data\Google
2009-07-26 03:55 . 2009-07-26 03:55 -------- d-----w- c:\documents and settings\devry\Local Settings\Application Data\Mozilla
2009-07-18 02:08 . 2009-08-14 19:22 -------- d-----w- c:\documents and settings\devry\Local Settings\Application Data\Paint.NET
2009-07-18 02:05 . 2009-07-18 02:05 -------- d-----w- c:\documents and settings\devry\Local Settings\Application Data\Yahoo
2009-07-18 02:03 . 2009-07-18 02:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-07-18 02:03 . 2009-05-27 00:50 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2009-07-18 02:03 . 2009-07-18 02:03 -------- d-----w- c:\program files\Yahoo!
2009-07-17 19:01 . 2009-07-17 19:01 58880 -c----w- c:\windows\system32\dllcache\atl.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-14 00:08 . 2009-08-13 05:34 -------- d-----w- c:\program files\trend micro
2009-08-12 17:02 . 2007-05-09 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-05 19:31 . 2008-08-22 14:59 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-05 09:01 . 2004-08-04 06:56 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2004-08-04 06:56 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 04:43 . 2004-08-04 06:56 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-11 16:34 . 2009-07-11 16:34 0 ----a-w- c:\windows\nsreg.dat
2009-07-11 16:30 . 2009-07-11 16:30 -------- d-----w- c:\program files\Paint.NET
2009-07-11 16:30 . 2007-05-09 15:05 84608 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-08 03:02 . 2009-07-08 03:02 84608 ----a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-07 11:46 . 2009-07-07 04:10 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-07-07 01:34 . 2007-09-01 14:36 84608 ----a-w- c:\documents and settings\devry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-03 17:09 . 2004-08-04 06:56 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2004-08-04 06:56 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-04 06:56 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-04 06:56 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-04 06:56 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-04 06:56 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-04 06:56 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-08-04 04:59 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2004-08-04 06:56 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2001-08-23 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 12:31 . 2004-08-04 06:56 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2004-08-04 06:56 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:19 . 2007-05-09 14:53 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 14:13 . 2004-08-04 06:56 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:14 . 2004-08-04 06:56 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2004-08-04 06:56 1291264 ----a-w- c:\windows\system32\quartz.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-08-14_08.59.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-05-09 15:50 . 2009-01-07 23:21 26144 c:\windows\system32\spupdsvc.exe
+ 2007-05-09 17:44 . 2009-01-07 23:20 16928 c:\windows\system32\spmsg.dll
+ 2004-08-04 06:56 . 2009-03-08 09:31 46592 c:\windows\system32\pngfilt.dll
- 2006-06-29 13:05 . 2006-06-29 13:05 23552 c:\windows\system32\normaliz.dll
+ 2006-06-29 13:05 . 2009-01-07 23:20 23552 c:\windows\system32\normaliz.dll
+ 2006-06-28 22:59 . 2009-01-07 23:20 24576 c:\windows\system32\nlsdl.dll
- 2006-06-28 22:59 . 2006-06-28 22:59 24576 c:\windows\system32\nlsdl.dll
+ 2004-08-04 06:56 . 2009-03-08 09:31 48128 c:\windows\system32\mshtmler.dll
- 2004-08-04 06:56 . 2006-10-17 16:28 48128 c:\windows\system32\mshtmler.dll
+ 2004-08-04 06:56 . 2009-03-08 09:31 66560 c:\windows\system32\mshtmled.dll
+ 2004-08-04 06:56 . 2009-03-08 09:31 45568 c:\windows\system32\mshta.exe
- 2004-08-04 06:56 . 2006-10-17 16:56 45568 c:\windows\system32\mshta.exe
+ 2006-10-17 16:58 . 2009-03-08 09:31 13312 c:\windows\system32\msfeedssync.exe
+ 2006-11-08 02:03 . 2009-07-03 17:09 55296 c:\windows\system32\msfeedsbs.dll
+ 2004-08-04 06:56 . 2009-03-08 09:34 43008 c:\windows\system32\licmgr10.dll
+ 2004-08-04 06:56 . 2009-07-03 17:09 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-04 06:56 . 2009-03-08 09:32 94720 c:\windows\system32\inseng.dll
+ 2004-08-04 06:56 . 2009-03-08 09:31 34816 c:\windows\system32\imgutil.dll
+ 2006-11-07 08:26 . 2009-03-08 09:32 36864 c:\windows\system32\ieudinit.exe
+ 2004-08-04 06:56 . 2009-03-08 09:32 71680 c:\windows\system32\iesetup.dll
+ 2004-08-04 06:56 . 2009-03-08 09:32 55808 c:\windows\system32\iernonce.dll
+ 2006-06-29 13:05 . 2009-01-07 23:20 26112 c:\windows\system32\idndl.dll
- 2006-06-29 13:05 . 2006-06-29 13:05 26112 c:\windows\system32\idndl.dll
+ 2006-10-17 16:58 . 2009-03-08 09:31 59904 c:\windows\system32\icardie.dll
+ 2004-08-04 06:56 . 2009-03-08 09:31 46592 c:\windows\system32\dllcache\pngfilt.dll
+ 2004-08-04 06:56 . 2009-03-08 09:31 48128 c:\windows\system32\dllcache\mshtmler.dll
- 2004-08-04 06:56 . 2006-10-17 16:28 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2004-08-04 06:56 . 2009-03-08 09:31 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2004-08-04 06:56 . 2006-10-17 16:56 45568 c:\windows\system32\dllcache\mshta.exe
+ 2004-08-04 06:56 . 2009-03-08 09:31 45568 c:\windows\system32\dllcache\mshta.exe
+ 2007-05-09 16:52 . 2009-07-03 17:09 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2004-08-04 06:56 . 2009-03-08 09:34 43008 c:\windows\system32\dllcache\licmgr10.dll
+ 2004-08-04 06:56 . 2009-07-03 17:09 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-04 06:56 . 2009-03-08 09:32 94720 c:\windows\system32\dllcache\inseng.dll
+ 2004-08-04 06:56 . 2009-03-08 09:31 34816 c:\windows\system32\dllcache\imgutil.dll
+ 2004-08-04 06:56 . 2009-03-08 09:32 71680 c:\windows\system32\dllcache\iesetup.dll
+ 2004-08-04 06:56 . 2009-03-08 09:32 55808 c:\windows\system32\dllcache\iernonce.dll
+ 2007-08-20 10:04 . 2009-03-08 09:31 59904 c:\windows\system32\dllcache\icardie.dll
+ 2007-05-09 14:55 . 2009-03-08 09:24 68608 c:\windows\system32\dllcache\hmmapi.dll
+ 2009-06-29 16:12 . 2009-03-08 09:33 18944 c:\windows\system32\dllcache\corpol.dll
+ 2004-08-04 06:56 . 2009-03-08 09:32 72704 c:\windows\system32\dllcache\admparse.dll
+ 2004-08-04 06:56 . 2009-03-08 09:33 18944 c:\windows\system32\corpol.dll
+ 2004-08-04 06:56 . 2009-03-08 09:32 72704 c:\windows\system32\admparse.dll
+ 2009-08-15 01:19 . 2009-03-08 09:33 12288 c:\windows\ie8updates\KB972260-IE8\xpshims.dll
+ 2009-08-15 01:19 . 2009-03-08 09:31 55296 c:\windows\ie8updates\KB972260-IE8\msfeedsbs.dll
+ 2009-08-15 01:19 . 2009-03-08 09:33 25600 c:\windows\ie8updates\KB972260-IE8\jsproxy.dll
+ 2009-08-15 01:02 . 2009-03-08 19:23 58464 c:\windows\ie8\spuninst\iecustom.dll
+ 2009-08-15 00:52 . 2009-06-29 16:12 44544 c:\windows\ie8\pngfilt.dll
+ 2009-08-15 00:51 . 2006-10-17 16:28 48128 c:\windows\ie8\mshtmler.dll
+ 2009-08-15 00:51 . 2006-10-17 16:56 45568 c:\windows\ie8\mshta.exe
+ 2009-08-15 00:52 . 2006-10-17 16:58 12288 c:\windows\ie8\msfeedssync.exe
+ 2009-08-15 00:51 . 2009-06-29 16:12 52224 c:\windows\ie8\msfeedsbs.dll
+ 2009-08-15 00:51 . 2006-10-17 17:05 40960 c:\windows\ie8\licmgr10.dll
+ 2009-08-15 00:51 . 2009-06-29 16:12 27648 c:\windows\ie8\jsproxy.dll
+ 2009-08-15 00:51 . 2006-11-07 08:26 92672 c:\windows\ie8\inseng.dll
+ 2009-08-15 00:51 . 2006-10-17 16:57 36352 c:\windows\ie8\imgutil.dll
+ 2009-08-15 00:51 . 2006-11-07 08:26 55296 c:\windows\ie8\iesetup.dll
+ 2009-08-15 00:51 . 2009-06-29 16:12 44544 c:\windows\ie8\iernonce.dll
+ 2009-08-15 00:51 . 2009-06-29 16:12 78336 c:\windows\ie8\ieencode.dll
+ 2009-08-15 00:51 . 2009-06-29 11:07 70656 c:\windows\ie8\ie4uinit.exe
+ 2009-08-15 00:51 . 2009-06-29 16:12 63488 c:\windows\ie8\icardie.dll
+ 2009-08-15 00:51 . 2006-10-17 16:44 60416 c:\windows\ie8\hmmapi.dll
+ 2009-08-15 00:51 . 2009-06-29 16:12 17408 c:\windows\ie8\corpol.dll
+ 2009-08-15 00:51 . 2006-11-07 08:26 71680 c:\windows\ie8\admparse.dll
+ 2009-08-15 01:15 . 2009-03-08 09:35 2048 c:\windows\ie8updates\KB972636-IE8\iecompat.dll
+ 2007-05-09 16:33 . 2009-01-07 23:21 121856 c:\windows\system32\xmllite.dll
- 2007-05-09 16:33 . 2008-04-14 00:12 121856 c:\windows\system32\xmllite.dll
+ 2006-10-17 17:05 . 2009-03-08 09:34 208384 c:\windows\system32\WinFXDocObj.exe
+ 2004-08-04 06:56 . 2009-03-08 09:34 236544 c:\windows\system32\webcheck.dll
+ 2004-08-04 06:56 . 2009-03-08 09:33 420352 c:\windows\system32\vbscript.dll
- 2004-08-04 06:56 . 2009-06-29 16:12 105984 c:\windows\system32\url.dll
+ 2004-08-04 06:56 . 2009-03-08 09:34 105984 c:\windows\system32\url.dll
+ 2004-08-04 06:56 . 2009-07-03 17:09 206848 c:\windows\system32\occache.dll
+ 2004-08-04 06:56 . 2009-03-08 09:32 611840 c:\windows\system32\mstime.dll
+ 2004-08-04 06:56 . 2009-03-08 09:34 193536 c:\windows\system32\msrating.dll
+ 2001-08-23 12:00 . 2009-03-08 09:22 156160 c:\windows\system32\msls31.dll
- 2001-08-23 12:00 . 2006-11-08 02:03 156160 c:\windows\system32\msls31.dll
+ 2006-11-08 02:03 . 2009-07-03 17:09 594432 c:\windows\system32\msfeeds.dll
+ 2009-01-07 23:20 . 2009-01-07 23:20 265720 c:\windows\system32\msdbg2.dll
+ 2004-08-04 06:56 . 2009-03-08 09:33 726528 c:\windows\system32\jscript.dll
+ 2007-06-07 16:35 . 2009-08-15 09:10 229772 c:\windows\system32\inetsrv\MetaBase.bin
+ 2006-11-08 02:03 . 2009-03-08 09:22 164352 c:\windows\system32\ieui.dll
+ 2004-08-04 06:56 . 2009-07-03 17:09 184320 c:\windows\system32\iepeers.dll
+ 2004-08-04 06:56 . 2009-07-03 17:09 386048 c:\windows\system32\iedkcs32.dll
+ 2006-10-17 16:27 . 2009-03-08 09:11 445952 c:\windows\system32\ieapfltr.dll
+ 2001-08-23 12:00 . 2009-03-08 09:32 163840 c:\windows\system32\ieakui.dll
+ 2004-08-04 06:56 . 2009-03-08 09:33 229376 c:\windows\system32\ieaksie.dll
+ 2004-08-04 06:56 . 2009-03-08 09:33 125952 c:\windows\system32\ieakeng.dll
+ 2004-08-04 06:56 . 2009-07-03 11:01 173056 c:\windows\system32\ie4uinit.exe
+ 2004-08-04 06:56 . 2009-03-08 09:31 216064 c:\windows\system32\dxtrans.dll
+ 2004-08-04 06:56 . 2009-03-08 09:31 348160 c:\windows\system32\dxtmsft.dll
+ 2004-08-04 06:56 . 2009-07-03 17:09 915456 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-04 06:56 . 2009-03-08 09:34 236544 c:\windows\system32\dllcache\webcheck.dll
+ 2007-05-09 14:56 . 2009-03-08 09:33 759296 c:\windows\system32\dllcache\VGX.dll
+ 2008-05-09 10:53 . 2009-03-08 09:33 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2004-08-04 06:56 . 2009-03-08 09:34 105984 c:\windows\system32\dllcache\url.dll
- 2004-08-04 06:56 . 2009-06-29 16:12 105984 c:\windows\system32\dllcache\url.dll
+ 2009-01-07 23:20 . 2009-01-07 23:20 134144 c:\windows\system32\dllcache\sqmapi.dll
+ 2009-01-07 23:20 . 2009-01-07 23:20 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2004-08-04 06:56 . 2009-07-03 17:09 206848 c:\windows\system32\dllcache\occache.dll
+ 2004-08-04 06:56 . 2009-03-08 09:32 611840 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-04 06:56 . 2009-03-08 09:34 193536 c:\windows\system32\dllcache\msrating.dll
- 2001-08-23 12:00 . 2006-11-08 02:03 156160 c:\windows\system32\dllcache\msls31.dll
+ 2001-08-23 12:00 . 2009-03-08 09:22 156160 c:\windows\system32\dllcache\msls31.dll
+ 2007-05-09 16:52 . 2009-07-03 17:09 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-05-09 10:53 . 2009-03-08 09:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2007-05-09 14:55 . 2009-03-08 19:09 638816 c:\windows\system32\dllcache\iexplore.exe
+ 2004-08-04 06:56 . 2009-07-03 17:09 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-04 06:56 . 2009-07-03 17:09 386048 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-05-09 16:52 . 2009-03-08 09:11 445952 c:\windows\system32\dllcache\ieapfltr.dll
+ 2001-08-23 12:00 . 2009-03-08 09:32 163840 c:\windows\system32\dllcache\ieakui.dll
+ 2004-08-04 06:56 . 2009-03-08 09:33 229376 c:\windows\system32\dllcache\ieaksie.dll
+ 2004-08-04 06:56 . 2009-03-08 09:33 125952 c:\windows\system32\dllcache\ieakeng.dll
+ 2004-08-04 06:56 . 2009-07-03 11:01 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2004-08-04 06:56 . 2009-03-08 09:31 216064 c:\windows\system32\dllcache\dxtrans.dll
+ 2004-08-04 06:56 . 2009-03-08 09:31 348160 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-04 06:56 . 2009-03-08 09:32 128512 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-04 06:56 . 2009-03-08 09:32 128512 c:\windows\system32\advpack.dll
+ 2009-08-15 01:15 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB972636-IE8\spuninst\updspapi.dll
+ 2009-08-15 01:15 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB972636-IE8\spuninst\spuninst.exe
+ 2009-08-15 01:19 . 2009-03-08 09:34 914944 c:\windows\ie8updates\KB972260-IE8\wininet.dll
+ 2009-08-15 01:19 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB972260-IE8\spuninst\updspapi.dll
+ 2009-08-15 01:19 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB972260-IE8\spuninst\spuninst.exe
+ 2009-08-15 01:19 . 2009-03-08 09:34 109568 c:\windows\ie8updates\KB972260-IE8\occache.dll
+ 2009-08-15 01:19 . 2009-03-08 09:32 594432 c:\windows\ie8updates\KB972260-IE8\msfeeds.dll
+ 2009-08-15 01:19 . 2009-03-08 09:33 246784 c:\windows\ie8updates\KB972260-IE8\ieproxy.dll
+ 2009-08-15 01:19 . 2009-03-08 09:31 183808 c:\windows\ie8updates\KB972260-IE8\iepeers.dll
+ 2009-08-15 01:19 . 2009-03-08 19:09 391536 c:\windows\ie8updates\KB972260-IE8\iedkcs32.dll
+ 2009-08-15 01:19 . 2009-03-08 09:32 173056 c:\windows\ie8updates\KB972260-IE8\ie4uinit.exe
+ 2009-08-15 00:52 . 2009-06-29 16:12 827392 c:\windows\ie8\wininet.dll
+ 2009-08-15 00:52 . 2006-10-17 17:05 206336 c:\windows\ie8\winfxdocobj.exe
+ 2009-08-15 00:52 . 2009-06-29 16:12 233472 c:\windows\ie8\webcheck.dll
+ 2009-08-15 00:52 . 2007-07-12 23:31 765952 c:\windows\ie8\vgx.dll
+ 2009-08-15 00:52 . 2008-05-09 10:53 430080 c:\windows\ie8\vbscript.dll
+ 2009-08-15 00:52 . 2009-06-29 16:12 105984 c:\windows\ie8\url.dll
+ 2009-08-15 01:02 . 2009-01-07 23:21 382496 c:\windows\ie8\spuninst\updspapi.dll
+ 2009-08-15 01:02 . 2009-01-07 23:20 231456 c:\windows\ie8\spuninst\spuninst.exe
+ 2009-08-15 00:51 . 2006-09-06 21:43 213216 c:\windows\ie8\spuninst.exe
+ 2009-08-15 00:52 . 2009-06-29 16:12 102912 c:\windows\ie8\occache.dll
+ 2009-08-15 00:51 . 2009-06-29 16:12 671232 c:\windows\ie8\mstime.dll
+ 2009-08-15 00:51 . 2009-06-29 16:12 193024 c:\windows\ie8\msrating.dll
+ 2009-08-15 00:51 . 2006-11-08 02:03 156160 c:\windows\ie8\msls31.dll
+ 2009-08-15 00:51 . 2009-06-29 16:12 477696 c:\windows\ie8\mshtmled.dll
+ 2009-08-15 00:51 . 2009-06-29 16:12 459264 c:\windows\ie8\msfeeds.dll
+ 2009-08-15 00:51 . 2008-05-09 10:53 512000 c:\windows\ie8\jscript.dll
+ 2009-08-15 00:51 . 2009-06-29 08:35 634632 c:\windows\ie8\iexplore.exe
+ 2009-08-15 00:52 . 2006-11-08 02:03 180736 c:\windows\ie8\ieui.dll
+ 2009-08-15 00:51 . 2009-06-29 16:12 268288 c:\windows\ie8\iertutil.dll
+ 2009-08-15 00:52 . 2006-11-08 02:03 287744 c:\windows\ie8\ieproxy.dll
+ 2009-08-15 00:51 . 2006-11-08 02:03 191488 c:\windows\ie8\iepeers.dll
+ 2009-08-15 00:51 . 2009-06-29 16:12 385024 c:\windows\ie8\iedkcs32.dll
+ 2009-08-15 00:51 . 2009-06-29 16:12 380928 c:\windows\ie8\ieapfltr.dll
+ 2009-08-15 00:51 . 2009-06-29 08:33 161792 c:\windows\ie8\ieakui.dll
+ 2009-08-15 00:51 . 2009-06-29 16:12 230400 c:\windows\ie8\ieaksie.dll
+ 2009-08-15 00:51 . 2009-06-29 16:12 153088 c:\windows\ie8\ieakeng.dll
+ 2009-08-15 00:51 . 2009-06-29 16:12 214528 c:\windows\ie8\dxtrans.dll
+ 2009-08-15 00:51 . 2009-06-29 16:12 347136 c:\windows\ie8\dxtmsft.dll
+ 2009-08-15 00:51 . 2009-06-29 16:12 124928 c:\windows\ie8\advpack.dll
+ 2009-08-15 08:51 . 2009-08-15 08:51 172032 c:\windows\ERDNT\AutoBackup\8-15-2009\Users\00000002\UsrClass.dat
+ 2009-08-15 08:51 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\8-15-2009\ERDNT.EXE
+ 2009-08-14 09:12 . 2009-08-14 09:12 172032 c:\windows\ERDNT\AutoBackup\8-14-2009\Users\00000002\UsrClass.dat
+ 2009-08-14 09:12 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\8-14-2009\ERDNT.EXE
+ 2004-08-04 06:56 . 2009-07-03 17:09 1208832 c:\windows\system32\urlmon.dll
+ 2004-08-04 06:56 . 2009-07-19 13:18 5937152 c:\windows\system32\mshtml.dll
+ 2006-10-17 16:57 . 2009-07-03 17:09 1985536 c:\windows\system32\iertutil.dll
+ 2006-09-06 04:01 . 2009-02-07 02:07 3698584 c:\windows\system32\ieapfltr.dat
+ 2004-08-04 06:56 . 2009-07-03 17:09 1208832 c:\windows\system32\dllcache\urlmon.dll
+ 2009-01-07 23:20 . 2009-01-07 23:20 1497088 c:\windows\system32\dllcache\shdocvw.dll
+ 2004-08-04 06:56 . 2009-07-19 13:18 5937152 c:\windows\system32\dllcache\mshtml.dll
+ 2007-05-09 16:52 . 2009-07-03 17:09 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2007-05-09 16:52 . 2009-02-07 02:07 3698584 c:\windows\system32\dllcache\ieapfltr.dat
+ 2009-01-07 23:20 . 2009-01-07 23:20 1022976 c:\windows\system32\dllcache\browseui.dll
+ 2009-08-15 01:19 . 2009-03-08 09:34 1206784 c:\windows\ie8updates\KB972260-IE8\urlmon.dll
+ 2009-08-15 01:19 . 2009-03-08 09:41 5937152 c:\windows\ie8updates\KB972260-IE8\mshtml.dll
+ 2009-08-15 01:19 . 2009-03-08 09:32 1985024 c:\windows\ie8updates\KB972260-IE8\iertutil.dll
+ 2009-08-15 00:52 . 2009-06-29 16:12 1159680 c:\windows\ie8\urlmon.dll
+ 2009-08-15 00:51 . 2009-07-19 13:33 3597824 c:\windows\ie8\mshtml.dll
+ 2009-08-15 00:51 . 2009-07-19 13:32 6067200 c:\windows\ie8\ieframe.dll
+ 2009-08-15 00:51 . 2009-06-29 08:33 2452872 c:\windows\ie8\ieapfltr.dat
+ 2009-08-15 08:51 . 2009-08-15 08:51 3457024 c:\windows\ERDNT\AutoBackup\8-15-2009\Users\00000001\NTUSER.DAT
+ 2009-08-14 09:12 . 2009-08-14 09:12 3457024 c:\windows\ERDNT\AutoBackup\8-14-2009\Users\00000001\NTUSER.DAT
+ 2006-11-08 02:03 . 2009-07-19 23:48 11067392 c:\windows\system32\ieframe.dll
+ 2007-05-09 16:52 . 2009-07-19 23:48 11067392 c:\windows\system32\dllcache\ieframe.dll
+ 2009-08-15 01:19 . 2009-03-08 09:39 11063808 c:\windows\ie8updates\KB972260-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2006-09-06 184320]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-12-11 151552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1040384]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-10-30 1116920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-01-20 159744]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-02-15 677408]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1282048]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]

c:\documents and settings\devry\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2007-5-9 184320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2007-02-07 06:30 74240 ----a-r- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [1/23/2007 8:07 PM 39080]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 1:56 AM 14336]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 1:56 AM 14336]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [1/23/2007 7:13 PM 36608]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [12/2/2006 6:17 AM 2805000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {09258F12-48E7-B18E-C414-1F48C215685F} /qb
.
Contents of the 'Scheduled Tasks' folder

2009-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1757981266-839522115-1011Core.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-08 03:04]

2009-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1757981266-839522115-1011UA.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-08 03:04]

2009-08-15 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]

2009-08-15 c:\windows\Tasks\User_Feed_Synchronization-{6CFACA31-FD93-45FE-A06E-C5B46E156B39}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
FF - ProfilePath - c:\documents and settings\devry\Application Data\Mozilla\Firefox\Profiles\8w948bkm.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-15 04:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\Ati2evxx.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll

- - - - - - - > 'lsass.exe'(768)
c:\program files\Hewlett-Packard\IAM\bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll

- - - - - - - > 'explorer.exe'(1296)
c:\windows\system32\WININET.dll
c:\windows\system32\APSHook.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\agrsmsvc.exe
c:\windows\system32\IFXTCS.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\Hewlett-Packard\IAM\Bin\asghost.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\windows\system32\IfxPsdSv.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\scardsvr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
.
**************************************************************************
.
Completion time: 2009-08-15 4:14 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-15 09:14
ComboFix2.txt 2009-08-14 09:22
ComboFix3.txt 2009-08-14 09:07
ComboFix4.txt 2009-08-14 09:00

Pre-Run: 142,202,023,936 bytes free
Post-Run: 142,230,892,544 bytes free

451 --- E O F --- 2009-08-12 17:03
  • 0

#24
ag9723

ag9723

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
unfortunately yes
  • 0

#25
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please download and unzip Icesword to its own folder.

Open the Icesword folder, locate Icesword.exe and double click it to run the program
Posted Image

Click the Registry tab in the bottom right corner of the Icesword window.
Posted Image

Navigate to HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SKYNETirkcjsni
Posted Image

Right click on SKYNETirkcjsni and choose Delete
Posted Image

Click Yes to confirm the deletion, then close Icesword by clicking the red X
Posted Image

Repeat above process with HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SKYNETjuvgakkl

Reboot the computer and tell me if you still can see it :)
  • 0

Advertisements


#26
ag9723

ag9723

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
:) THEYRE GONE!!! But are VirTool:win32/obfuscator.et and Trojan:Win32/Alureon.gen!U
the same?
I just want to make sure that I have removed everything.
  • 0

#27
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts

But are VirTool:win32/obfuscator.et and Trojan:Win32/Alureon.gen!U the same?


Honestly I don't know about that.. Alureon is a rootkit and obfuscator much more like Zlob to me.. Anyhow, they all bad and need to be removed

I just want to make sure that I have removed everything.


I can give you like hundreds scans but it would only waste of time :)

Lets do some cleanup...


Please download OTC and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTC
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes



Please read these excellent articles write by my friends:
Preventing Malware and Safe Computing by Rorschach112
What makes your machine slow? by Artellos


Also, please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware


Read these great info's about safe internet surfing..

http://www.pcpitstop...safesurfing.asp
http://bluefive.pair...afe_surfing.htm




Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :)



Have a safe and happy computing day!


Regards
fenzodahl512
  • 0

#28
ag9723

ag9723

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Trojan:Win32/Alureon.gen!U is the only thing left and
windows malicious software removal can not remove and Mcafee doesnt detect it. what next?
  • 0

#29
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts

Trojan:Win32/Alureon.gen!U is the only thing left and
windows malicious software removal can not remove and Mcafee doesnt detect it. what next?


Where is it?

Edited by fenzodahl512, 15 August 2009 - 08:08 AM.

  • 0

#30
ag9723

ag9723

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
It doesnt say and i have no clue how to find it
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP