Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware won't allow me to install malwarebyte. can't open the


  • This topic is locked This topic is locked

#16
el_jack

el_jack

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts
Ok I did as you suggested but the machine will not automatically reboot it is hungup. I have been turning off the computer by holding the power button.

any suggestions on this matter
  • 0

Advertisements


#17
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Has it rebooted after powering down ?
  • 0

#18
el_jack

el_jack

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts
It has now

here is the log


ComboFix 11-05-04.04 - HHA 05/05/2011 15:34:11.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1918.1263 [GMT -5:00]
Running from: c:\documents and settings\HHA\Desktop\Gotcha.exe
AV: PC-cillin Internet Security - Virus Protection *Disabled/Outdated* {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: PC-cillin Internet Security - Firewall *Disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\HHA\LOCALS~1\Temp\ds00k.exe
c:\docume~1\HHA\LOCALS~1\Temp\win32.exe
c:\documents and settings\HHA\Cookies\bakeguti.pif
c:\documents and settings\HHA\Cookies\hacucofomu.scr
c:\documents and settings\HHA\Cookies\icati.lib
c:\documents and settings\HHA\Cookies\kaloziwojy.ban
c:\documents and settings\HHA\Cookies\musexekiq.dl
c:\documents and settings\HHA\Cookies\povaze.dl
c:\documents and settings\HHA\Cookies\putux.db
c:\documents and settings\HHA\Cookies\qiryxiqavo._dl
c:\documents and settings\HHA\Cookies\tuma.bin
c:\documents and settings\HHA\Cookies\zunohoryma.bat
c:\documents and settings\HHA\Local Settings\Application Data\{412156D7-BA37-447D-A2BB-690F26A6ED62}
c:\documents and settings\HHA\Local Settings\Application Data\{412156D7-BA37-447D-A2BB-690F26A6ED62}\chrome.manifest
c:\documents and settings\HHA\Local Settings\Application Data\{412156D7-BA37-447D-A2BB-690F26A6ED62}\chrome\content\_cfg.js
c:\documents and settings\HHA\Local Settings\Application Data\{412156D7-BA37-447D-A2BB-690F26A6ED62}\chrome\content\overlay.xul
c:\documents and settings\HHA\Local Settings\Application Data\{412156D7-BA37-447D-A2BB-690F26A6ED62}\install.rdf
c:\documents and settings\HHA\ntload.dll
c:\documents and settings\HHA\Start Menu\Programs\Startup\scandisk.dll
c:\documents and settings\HHA\Start Menu\Programs\Startup\scandisk.lnk
c:\documents and settings\HHA\Start Menu\Programs\Your PC Protector
c:\documents and settings\HHA\Start Menu\Programs\Your PC Protector\Your PC Protector.lnk
c:\documents and settings\NetworkService\ntload.dll
C:\ntload.dll
c:\program files\adc32.dll
c:\program files\Common Files\hurew.db
c:\program files\Common Files\lubob.dl
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn.html
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REGHK.DLL
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SCrctr.dll
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3HTml.dll
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSg.dll
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3OUtlcn.dll
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSrcas.dll
c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\001F3188.bin
c:\program files\MyWebSearch\bar\Cache\001F34A5.bin
c:\program files\MyWebSearch\bar\Cache\001F35AF.bin
c:\program files\MyWebSearch\bar\Cache\001F366A.bin
c:\program files\MyWebSearch\bar\Cache\003D49F1.bin
c:\program files\MyWebSearch\bar\Cache\003D4D4C.bin
c:\program files\MyWebSearch\bar\Cache\01B7F45B
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\bar\Settings\setting2.htm
c:\program files\MyWebSearch\bar\Settings\settings.dat
c:\program files\schtml
c:\program files\schtml\dbsinit.exe
c:\program files\schtml\images\i1.gif
c:\program files\schtml\images\i2.gif
c:\program files\schtml\images\i3.gif
c:\program files\schtml\images\j1.gif
c:\program files\schtml\images\j2.gif
c:\program files\schtml\images\j3.gif
c:\program files\schtml\images\jj1.gif
c:\program files\schtml\images\jj2.gif
c:\program files\schtml\images\jj3.gif
c:\program files\schtml\images\l1.gif
c:\program files\schtml\images\l2.gif
c:\program files\schtml\images\l3.gif
c:\program files\schtml\images\pix.gif
c:\program files\schtml\images\t1.gif
c:\program files\schtml\images\t2.gif
c:\program files\schtml\images\Thumbs.db
c:\program files\schtml\images\up1.gif
c:\program files\schtml\images\up2.gif
c:\program files\schtml\images\w1.gif
c:\program files\schtml\images\w11.gif
c:\program files\schtml\images\w2.gif
c:\program files\schtml\images\w3.gif
c:\program files\schtml\images\w3.jpg
c:\program files\schtml\images\word.doc
c:\program files\schtml\images\wt1.gif
c:\program files\schtml\images\wt2.gif
c:\program files\schtml\images\wt3.gif
c:\program files\schtml\wispex.html
c:\program files\Shared\_lib.sig
c:\program files\Shared\lib.dll
c:\program files\Shared\lib.sig
c:\program files\Your PC Protector
C:\s
c:\windows\batmeter16.dll
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\gobuku._sy
c:\windows\gyrocuxyr._sy
c:\windows\Install.txt
c:\windows\iruqyjiweq.exe
c:\windows\oqahe._sy
c:\windows\system32\11478.exe
c:\windows\system32\15724.exe
c:\windows\system32\16056.exe
c:\windows\system32\16827.exe
c:\windows\system32\18467.exe
c:\windows\system32\19169.exe
c:\windows\system32\20550.exe
c:\windows\system32\23281.exe
c:\windows\system32\24361.exe
c:\windows\system32\24464.exe
c:\windows\system32\26500.exe
c:\windows\system32\26962.exe
c:\windows\system32\28145.exe
c:\windows\system32\29358.exe
c:\windows\system32\2995.exe
c:\windows\system32\41.exe
c:\windows\system32\4292.exe
c:\windows\system32\491.exe
c:\windows\system32\5686.exe
c:\windows\system32\5705.exe
c:\windows\system32\6334.exe
c:\windows\system32\6to4v32.dll
c:\windows\system32\9961.exe
c:\windows\system32\AVR10.exe
c:\windows\system32\BtwSrv.dll
c:\windows\system32\config\systemprofile\ntload.dll
c:\windows\system32\drivers\smss.exe
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\FastNetSrv.exe
c:\windows\system32\FInstall.sys
c:\windows\system32\Install.txt
c:\windows\system32\jayamuja.dll
c:\windows\system32\juresuwe.dll
c:\windows\system32\kuhunuze.dll
c:\windows\system32\laninejo.dll
c:\windows\system32\lsm32.sys
c:\windows\system32\msilojzb.dll
c:\windows\system32\notepad.dll
c:\windows\system32\opeia.exe
c:\windows\system32\raripizu.dll
c:\windows\system32\sawuzowu.dll
c:\windows\system32\winhelper86.dll
c:\windows\system32\winlogon86.exe
c:\windows\system32\winsts.sys
c:\windows\system32\winupdate86.exe
c:\windows\system32\wotologa.dll
c:\windows\system32\wowuputi.dll
c:\windows\system32\zavipava.dll
c:\windows\Tasks\zvfgyied.job
c:\windows\Temp\tmp3.tmp
c:\windows\usiqevoyoxaj.dll
c:\windows\vagy.exe
c:\windows\vura._sy
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_6TO4
-------\Legacy_BTWSRV
-------\Legacy_FASTNETSRV
-------\Legacy_WINSTS
-------\Service_6to4
-------\Service_BtwSrv
-------\Service_fastnetsrv
.
.
((((((((((((((((((((((((( Files Created from 2011-04-05 to 2011-05-05 )))))))))))))))))))))))))))))))
.
.
2011-05-05 17:32 . 2011-05-05 17:32 -------- d-----w- C:\_OTL
2011-05-02 02:52 . 2011-05-04 15:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-02 00:00 . 2011-05-02 00:00 -------- d-----w- c:\documents and settings\HHA\Application Data\Malwarebytes
2011-05-02 00:00 . 2011-05-02 00:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-15 20:26 . 2009-09-15 20:26 17527 ----a-w- c:\program files\Common Files\cugynofu.sys
2009-09-15 20:26 . 2009-09-15 20:26 11092 ----a-w- c:\program files\Common Files\zadavyfece.pif
2009-09-15 20:26 . 2009-09-15 20:26 17117 ----a-w- c:\program files\Common Files\liqehib.reg
2009-09-15 16:38 . 2009-09-15 16:38 12047 ----a-w- c:\program files\Common Files\ypymy.scr
2009-09-15 01:11 . 2009-09-15 01:11 18735 ----a-w- c:\program files\Common Files\ajawyv.vbs
2009-09-15 01:11 . 2009-09-15 01:11 13586 ----a-w- c:\program files\Common Files\ikebyrige.sys
2009-09-15 01:11 . 2009-09-15 01:11 19067 ----a-w- c:\program files\Common Files\yjatylin.bin
2009-09-15 01:11 . 2009-09-15 01:11 12504 ----a-w- c:\program files\Common Files\vusovysof.bin
2009-09-11 03:37 . 2009-09-11 03:37 12825 ----a-w- c:\program files\Common Files\cuvovy.vbs
2009-09-10 02:15 . 2009-09-10 02:15 13589 ----a-w- c:\program files\Common Files\nufarumiw.reg
1601-01-01 00:03 39424 --sha-w- c:\windows\system32\fedoniko.dll
1601-01-01 00:03 61440 --sha-w- c:\windows\system32\hovebipu.dll
1601-01-01 00:03 45568 --sha-w- c:\windows\system32\mokojela.dll
1601-01-01 00:03 45568 --sha-w- c:\windows\system32\mumonuwi.dll
1601-01-01 00:03 39424 --sha-w- c:\windows\system32\senukare.dll
1601-01-01 00:03 39424 --sha-w- c:\windows\system32\wipalego.dll
1601-01-01 00:03 45568 --sha-w- c:\windows\system32\yatewefa.dll
1601-01-01 00:03 39424 --sha-w- c:\windows\system32\zahasila.dll
2009-03-21 14:18 29696 --sha-w- c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\scandisk.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-06 68856]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"kaxplaka"="c:\documents and settings\HHA\Local Settings\Application Data\chgmna\uemjsysguard.exe" [2009-12-14 268032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"SigmatelSysTrayApp"="stsystra.exe" [2006-09-22 282624]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-12 623992]
"Acrobat Speed Launch"="c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe" [2006-10-23 46200]
"HostManager"="c:\program files\Common Files\AOL\1190319181\EE\AOLHostManager.exe" [2004-11-03 125528]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-10-20 34904]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-18 79448]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2007-09-20 26112]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe" [2007-05-11 738968]
.
c:\documents and settings\HHA\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-9-30 503808]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-9-20 24576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE_OEM]
2006-08-04 21:15 321040 ----a-w- c:\program files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]
2006-11-21 19:02 1807960 ----a-w- c:\program files\Trend Micro\Internet Security 14\pccguide.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"tmproxy"=2 (0x2)
"TmPfw"=2 (0x2)
"Tmntsrv"=2 (0x2)
"PcCtlCom"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1190319181\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\BCMWLTRY.EXE"=
"c:\\WINDOWS\\system32\\logon.scr"=
"c:\\Program Files\\Common Files\\Roxio Shared\\9.0\\SharedCOM\\CPSHelpRunner.exe"=
.
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [9/25/2006 3:26 PM 36368]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [9/25/2006 3:26 PM 280392]
S2 winsts;winsts;\??\c:\windows\system32\winsts.sys --> c:\windows\system32\winsts.sys [?]
S3 PCD5SRVC{FBEA8B78-1B22F121-05040000};PCD5SRVC{FBEA8B78-1B22F121-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms [12/5/2007 3:47 PM 20640]
S4 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [9/25/2006 3:26 PM 345696]
S4 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [9/25/2006 3:26 PM 923216]
S4 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [9/25/2006 3:26 PM 566872]
.
Contents of the 'Scheduled Tasks' folder
.
2009-10-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070920
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {CB06DD94-72C7-4901-A89D-DDE55C5C7F21} = 83.149.115.157,4.2.2.1
TCP: {DE51BFCB-C3B7-42F4-9531-F5A2408AF616} = 83.149.115.157,4.2.2.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{a15a8ed4-a396-43d6-b349-20c4cb213e79} - sawuzowu.dll
HKLM-Run-%PROVIDERID% - bin\sprtcmd.exe
HKLM-Run-Wcaqiq - c:\windows\usiqevoyoxaj.dll
HKLM-Run-yejokepor - c:\windows\system32\laninejo.dll
HKLM-Run-kotukunoyu - raripizu.dll
SharedTaskScheduler-{1954b358-7c61-4686-8962-a1d952ae35f1} - c:\windows\system32\pusodebe.dll
SharedTaskScheduler-{b40ff048-f3f2-4011-a5c8-1d14e5b27d35} - c:\windows\system32\darunuwe.dll
SharedTaskScheduler-{88c75c06-bd09-4655-acba-d832dbedac8b} - c:\windows\system32\hijaduge.dll
SharedTaskScheduler-{03e9f8fc-4a62-4a33-a6d3-b92e42f415b6} - c:\windows\system32\hijaduge.dll
SharedTaskScheduler-{7664a25b-9585-46dd-89ab-473eed64e42d} - c:\windows\system32\hijaduge.dll
SharedTaskScheduler-{7bd12508-c15b-411d-a691-832c44e9176b} - c:\windows\system32\rikopebo.dll
SharedTaskScheduler-{48c7b3db-bac5-428c-9f93-c1c82c947b21} - c:\windows\system32\kerevuti.dll
SharedTaskScheduler-{27ba87b9-2632-478b-af65-427c79bf61f9} - c:\windows\system32\wuyojogi.dll
SharedTaskScheduler-{3710be37-86ca-4bc8-a551-26166b3b6666} - c:\windows\system32\laninejo.dll
SSODL-gadenetow-{1954b358-7c61-4686-8962-a1d952ae35f1} - c:\windows\system32\pusodebe.dll
SSODL-tiduyugun-{b40ff048-f3f2-4011-a5c8-1d14e5b27d35} - c:\windows\system32\darunuwe.dll
SSODL-disobegos-{88c75c06-bd09-4655-acba-d832dbedac8b} - c:\windows\system32\hijaduge.dll
SSODL-vafayumem-{03e9f8fc-4a62-4a33-a6d3-b92e42f415b6} - c:\windows\system32\hijaduge.dll
SSODL-mosiyefir-{7664a25b-9585-46dd-89ab-473eed64e42d} - c:\windows\system32\hijaduge.dll
SSODL-gezafuvep-{7bd12508-c15b-411d-a691-832c44e9176b} - c:\windows\system32\rikopebo.dll
SSODL-detuwilij-{48c7b3db-bac5-428c-9f93-c1c82c947b21} - c:\windows\system32\kerevuti.dll
SSODL-fanewotey-{27ba87b9-2632-478b-af65-427c79bf61f9} - c:\windows\system32\wuyojogi.dll
SSODL-ribuwusun-{3710be37-86ca-4bc8-a551-26166b3b6666} - c:\windows\system32\laninejo.dll
MSConfigStartUp-iinjug - c:\windows\system32\msilojzb.dll
MSConfigStartUp-Wcaqiq - c:\windows\usiqevoyoxaj.dll
MSConfigStartUp-yejokepor - c:\windows\system32\laninejo.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-05 15:52
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCD5SRVC{FBEA8B78-1B22F121-05040000}]
"ImagePath"="\??\c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\Root\LEGACY_WINSTS\0000\LogConf]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1292)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(2808)
c:\program files\Common Files\AOL\ACS\WLHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\stsystra.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\progra~1\COMMON~1\AOL\119031~1\EE\AOLHOS~1.EXE
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wdfmgr.exe
c:\progra~1\COMMON~1\AOL\119031~1\EE\AOLServiceHost.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
.
**************************************************************************
.
Completion time: 2011-05-05 16:01:33 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-05 21:01
.
Pre-Run: 28,299,292,672 bytes free
Post-Run: 29,123,739,648 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 4C95A6B52772383229F956F8627BC05F
  • 0

#19
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Lets now get the rest

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
c:\program files\Common Files\cugynofu.sys
c:\program files\Common Files\zadavyfece.pif
c:\program files\Common Files\liqehib.reg
c:\program files\Common Files\ypymy.scr
c:\program files\Common Files\ajawyv.vbs
c:\program files\Common Files\ikebyrige.sys
c:\program files\Common Files\yjatylin.bin
c:\program files\Common Files\vusovysof.bin
c:\program files\Common Files\cuvovy.vbs
c:\program files\Common Files\nufarumiw.reg
c:\windows\system32\fedoniko.dll
c:\windows\system32\hovebipu.dll
c:\windows\system32\mokojela.dll
c:\windows\system32\mumonuwi.dll
c:\windows\system32\senukare.dll
c:\windows\system32\wipalego.dll
c:\windows\system32\yatewefa.dll
c:\windows\system32\zahasila.dll
c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\scandisk.dll
c:\windows\system32\winsts.sys

Folder::
c:\documents and settings\HHA\Local Settings\Application Data\chgmna

Driver::
winsts

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kaxplaka"=-


3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new OTListit log.

  • 0

#20
el_jack

el_jack

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts
here are the combofix.txt and the otlist log

combofix


ComboFix 11-05-04.04 - HHA 05/05/2011 16:27:33.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1918.1441 [GMT -5:00]
Running from: c:\documents and settings\HHA\Desktop\Gotcha.exe
Command switches used :: c:\documents and settings\HHA\Desktop\CFScript.txt
AV: PC-cillin Internet Security - Virus Protection *Disabled/Outdated* {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: PC-cillin Internet Security - Firewall *Disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.
FILE ::
"c:\program files\Common Files\ajawyv.vbs"
"c:\program files\Common Files\cugynofu.sys"
"c:\program files\Common Files\cuvovy.vbs"
"c:\program files\Common Files\ikebyrige.sys"
"c:\program files\Common Files\liqehib.reg"
"c:\program files\Common Files\nufarumiw.reg"
"c:\program files\Common Files\vusovysof.bin"
"c:\program files\Common Files\yjatylin.bin"
"c:\program files\Common Files\ypymy.scr"
"c:\program files\Common Files\zadavyfece.pif"
"c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\scandisk.dll"
"c:\windows\system32\fedoniko.dll"
"c:\windows\system32\hovebipu.dll"
"c:\windows\system32\mokojela.dll"
"c:\windows\system32\mumonuwi.dll"
"c:\windows\system32\senukare.dll"
"c:\windows\system32\winsts.sys"
"c:\windows\system32\wipalego.dll"
"c:\windows\system32\yatewefa.dll"
"c:\windows\system32\zahasila.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\HHA\Local Settings\Application Data\chgmna
c:\documents and settings\HHA\Local Settings\Application Data\chgmna\uemjsysguard.exe
c:\program files\Common Files\ajawyv.vbs
c:\program files\Common Files\cugynofu.sys
c:\program files\Common Files\cuvovy.vbs
c:\program files\Common Files\ikebyrige.sys
c:\program files\Common Files\liqehib.reg
c:\program files\Common Files\nufarumiw.reg
c:\program files\Common Files\vusovysof.bin
c:\program files\Common Files\yjatylin.bin
c:\program files\Common Files\ypymy.scr
c:\program files\Common Files\zadavyfece.pif
c:\program files\Shared
c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\scandisk.dll
c:\windows\system32\fedoniko.dll
c:\windows\system32\hovebipu.dll
c:\windows\system32\mokojela.dll
c:\windows\system32\mumonuwi.dll
c:\windows\system32\senukare.dll
c:\windows\system32\wipalego.dll
c:\windows\system32\yatewefa.dll
c:\windows\system32\zahasila.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_WINSTS
-------\Service_winsts
.
.
((((((((((((((((((((((((( Files Created from 2011-04-05 to 2011-05-05 )))))))))))))))))))))))))))))))
.
.
2011-05-05 17:32 . 2011-05-05 17:32 -------- d-----w- C:\_OTL
2011-05-02 02:52 . 2011-05-04 15:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-02 00:00 . 2011-05-02 00:00 -------- d-----w- c:\documents and settings\HHA\Application Data\Malwarebytes
2011-05-02 00:00 . 2011-05-02 00:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-06 68856]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"SigmatelSysTrayApp"="stsystra.exe" [2006-09-22 282624]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-12 623992]
"Acrobat Speed Launch"="c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe" [2006-10-23 46200]
"HostManager"="c:\program files\Common Files\AOL\1190319181\EE\AOLHostManager.exe" [2004-11-03 125528]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-10-20 34904]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-18 79448]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2007-09-20 26112]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe" [2007-05-11 738968]
.
c:\documents and settings\HHA\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-9-30 503808]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-9-20 24576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE_OEM]
2006-08-04 21:15 321040 ----a-w- c:\program files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]
2006-11-21 19:02 1807960 ----a-w- c:\program files\Trend Micro\Internet Security 14\pccguide.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"tmproxy"=2 (0x2)
"TmPfw"=2 (0x2)
"Tmntsrv"=2 (0x2)
"PcCtlCom"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1190319181\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\BCMWLTRY.EXE"=
"c:\\WINDOWS\\system32\\logon.scr"=
"c:\\Program Files\\Common Files\\Roxio Shared\\9.0\\SharedCOM\\CPSHelpRunner.exe"=
.
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [9/25/2006 3:26 PM 36368]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [9/25/2006 3:26 PM 280392]
S3 PCD5SRVC{FBEA8B78-1B22F121-05040000};PCD5SRVC{FBEA8B78-1B22F121-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms [12/5/2007 3:47 PM 20640]
S4 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [9/25/2006 3:26 PM 345696]
S4 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [9/25/2006 3:26 PM 923216]
S4 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [9/25/2006 3:26 PM 566872]
.
Contents of the 'Scheduled Tasks' folder
.
2009-10-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070920
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {CB06DD94-72C7-4901-A89D-DDE55C5C7F21} = 83.149.115.157,4.2.2.1
TCP: {DE51BFCB-C3B7-42F4-9531-F5A2408AF616} = 83.149.115.157,4.2.2.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-05 16:33
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCD5SRVC{FBEA8B78-1B22F121-05040000}]
"ImagePath"="\??\c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\Root\LEGACY_WINSTS\0000\LogConf]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1288)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(768)
c:\program files\Common Files\AOL\ACS\WLHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\stsystra.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\progra~1\COMMON~1\AOL\119031~1\EE\AOLHOS~1.EXE
c:\progra~1\COMMON~1\AOL\119031~1\EE\AOLServiceHost.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
.
**************************************************************************
.
Completion time: 2011-05-05 16:38:17 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-05 21:38
ComboFix2.txt 2011-05-05 21:01
.
Pre-Run: 28,861,648,896 bytes free
Post-Run: 28,849,336,320 bytes free
.
- - End Of File - - 8C46A77D3FEB833B2EED1281F58E1645



OTL log

========== OTL ==========
No active process named winupdate86.exe was found!
Process smss.exe killed successfully!
Error: No service named 6to4 was found to stop!
Service\Driver key 6to4 not found.
File C:\WINDOWS\system32\6to4v32.dll not found.
Error: No service named cb381f72 was found to stop!
Service\Driver key cb381f72 not found.
File C:\WINDOWS\System32\drivers\cb381f72.sys not found.
Error: No service named winsts was found to stop!
Service\Driver key winsts not found.
File C:\WINDOWS\system32\winsts.sys not found.
Registry value HKEY_USERS\S-1-5-21-2174217116-4051744875-3750064960-1008\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00A6FAF6-072E-44cf-8957-5838F569A31D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\ not found.
File C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL not found.
HKU\S-1-5-21-2174217116-4051744875-3750064960-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}\ not found.
File C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\%PROVIDERID% not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\kaxplaka not found.
File C:\Documents and Settings\HHA\Local Settings\Application Data\chgmna\uemjsysguard.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\My Web Search Bar not found.
File C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\notepad not found.
File C:\WINDOWS\System32\notepad.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Wcaqiq not found.
File C:\WINDOWS\usiqevoyoxaj.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\winupdate86.exe not found.
File C:\WINDOWS\system32\winupdate86.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\yejokepor not found.
File C:\WINDOWS\System32\laninejo.dll not found.
Registry value HKEY_USERS\S-1-5-21-2174217116-4051744875-3750064960-1008\Software\Microsoft\Windows\CurrentVersion\Run\\asg984jgkfmgasi8ug98jgkfgfb not found.
File C:\Documents and Settings\HHA\Local Settings\Temp\win32.exe not found.
Registry value HKEY_USERS\S-1-5-21-2174217116-4051744875-3750064960-1008\Software\Microsoft\Windows\CurrentVersion\Run\\kaxplaka not found.
File C:\Documents and Settings\HHA\Local Settings\Application Data\chgmna\uemjsysguard.exe not found.
Registry value HKEY_USERS\S-1-5-21-2174217116-4051744875-3750064960-1008\Software\Microsoft\Windows\CurrentVersion\Run\\ModemOnHold deleted successfully.
C:\Program Files\NetWaiting\netwaiting.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-2174217116-4051744875-3750064960-1008\Software\Microsoft\Windows\CurrentVersion\Run\\notepad not found.
File C:\WINDOWS\system32\config\systemprofile\ntload.dll not found.
Registry value HKEY_USERS\S-1-5-21-2174217116-4051744875-3750064960-1008\Software\Microsoft\Windows\CurrentVersion\Run\\ygua8e7yhuiesfha876yfauy8fe not found.
File C:\Documents and Settings\HHA\Local Settings\Temp\ds00k.exe not found.
Registry value HKEY_USERS\S-1-5-21-2174217116-4051744875-3750064960-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFolderOptions not found.
Registry value HKEY_USERS\S-1-5-21-2174217116-4051744875-3750064960-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls not found.
File C:\WINDOWS\system32\laninejo.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls not found.
File C:\WINDOWS\System32\wowuputi.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:rundll32.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:tapi.nfo deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:beforeglav deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\drivers\smss.exe deleted successfully.
File C:\WINDOWS\system32\drivers\smss.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\detuwilij not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48c7b3db-bac5-428c-9f93-c1c82c947b21}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\disobegos not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c75c06-bd09-4655-acba-d832dbedac8b}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\fanewotey not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27ba87b9-2632-478b-af65-427c79bf61f9}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\gadenetow not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1954b358-7c61-4686-8962-a1d952ae35f1}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\gezafuvep not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7bd12508-c15b-411d-a691-832c44e9176b}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\mosiyefir not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7664a25b-9585-46dd-89ab-473eed64e42d}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\ribuwusun not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3710be37-86ca-4bc8-a551-26166b3b6666}\ not found.
File C:\WINDOWS\system32\laninejo.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\tiduyugun not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b40ff048-f3f2-4011-a5c8-1d14e5b27d35}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\vafayumem not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03e9f8fc-4a62-4a33-a6d3-b92e42f415b6}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{03e9f8fc-4a62-4a33-a6d3-b92e42f415b6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03e9f8fc-4a62-4a33-a6d3-b92e42f415b6}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{1954b358-7c61-4686-8962-a1d952ae35f1} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1954b358-7c61-4686-8962-a1d952ae35f1}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{27ba87b9-2632-478b-af65-427c79bf61f9} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27ba87b9-2632-478b-af65-427c79bf61f9}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{3710be37-86ca-4bc8-a551-26166b3b6666} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3710be37-86ca-4bc8-a551-26166b3b6666}\ not found.
File C:\WINDOWS\system32\laninejo.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{48c7b3db-bac5-428c-9f93-c1c82c947b21} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48c7b3db-bac5-428c-9f93-c1c82c947b21}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{7664a25b-9585-46dd-89ab-473eed64e42d} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7664a25b-9585-46dd-89ab-473eed64e42d}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{7bd12508-c15b-411d-a691-832c44e9176b} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7bd12508-c15b-411d-a691-832c44e9176b}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{88c75c06-bd09-4655-acba-d832dbedac8b} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c75c06-bd09-4655-acba-d832dbedac8b}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{b40ff048-f3f2-4011-a5c8-1d14e5b27d35} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b40ff048-f3f2-4011-a5c8-1d14e5b27d35}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb81f444-3399-11de-bfc9-001c23905199}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb81f444-3399-11de-bfc9-001c23905199}\ not found.
File explorer . not found.
6to4 removed from NetSvcs value successfully!
File C:\WINDOWS\system32\6to4v32.dll not found.
File C:\Program Files\adc32.dll not found.
File C:\WINDOWS\System32\laninejo.dll not found.
File C:\WINDOWS\System32\hovebipu.dll not found.
File C:\WINDOWS\System32\yatewefa.dll not found.
File C:\WINDOWS\System32\mumonuwi.dll not found.
File C:\WINDOWS\System32\mokojela.dll not found.
File C:\WINDOWS\System32\zahasila.dll not found.
File C:\WINDOWS\System32\wipalego.dll not found.
File C:\WINDOWS\System32\senukare.dll not found.
File C:\WINDOWS\System32\fedoniko.dll not found.
C:\WINDOWS\system32\jarowara moved successfully.
File C:\WINDOWS\System32\11478.exe not found.
File C:\WINDOWS\System32\15724.exe not found.
File C:\WINDOWS\tasks\zvfgyied.job not found.
File C:\WINDOWS\System32\19169.exe not found.
File C:\WINDOWS\System32\26500.exe not found.
File C:\WINDOWS\System32\6334.exe not found.
File C:\WINDOWS\System32\18467.exe not found.
File C:\WINDOWS\System32\winhelper86.dll not found.
File C:\WINDOWS\System32\AVR10.exe not found.
File C:\WINDOWS\System32\41.exe not found.
File C:\WINDOWS\System32\2995.exe not found.
File C:\WINDOWS\System32\491.exe not found.
File C:\WINDOWS\System32\9961.exe not found.
File C:\WINDOWS\System32\16827.exe not found.
File C:\WINDOWS\System32\23281.exe not found.
File C:\WINDOWS\System32\28145.exe not found.
File C:\WINDOWS\System32\5705.exe not found.
File C:\WINDOWS\System32\24464.exe not found.
File C:\WINDOWS\System32\26962.exe not found.
File C:\WINDOWS\System32\29358.exe not found.
C:\WINDOWS\Pqanofepohebaf.dat moved successfully.
File C:\WINDOWS\System32\4292.exe not found.
File C:\WINDOWS\System32\16056.exe not found.
File C:\WINDOWS\System32\24361.exe not found.
File C:\WINDOWS\System32\5686.exe not found.
File C:\WINDOWS\System32\20550.exe not found.
File C:\Program Files\adc32.dll not found.
File C:\WINDOWS\System32\laninejo.dll not found.
File C:\WINDOWS\System32\hovebipu.dll not found.
File C:\WINDOWS\System32\yatewefa.dll not found.
File C:\WINDOWS\System32\mumonuwi.dll not found.
File C:\WINDOWS\System32\mokojela.dll not found.
File C:\WINDOWS\System32\zahasila.dll not found.
File C:\WINDOWS\System32\wipalego.dll not found.
File C:\WINDOWS\System32\senukare.dll not found.
File C:\WINDOWS\System32\fedoniko.dll not found.
File C:\WINDOWS\System32\2995.exe not found.
File C:\WINDOWS\System32\491.exe not found.
File C:\WINDOWS\System32\9961.exe not found.
File C:\WINDOWS\System32\16827.exe not found.
File C:\WINDOWS\System32\4292.exe not found.
File C:\WINDOWS\System32\16056.exe not found.
File C:\WINDOWS\System32\24361.exe not found.
File C:\WINDOWS\System32\5686.exe not found.
File C:\WINDOWS\System32\20550.exe not found.
File C:\WINDOWS\System32\26500.exe not found.
File C:\WINDOWS\System32\6334.exe not found.
File C:\WINDOWS\System32\24464.exe not found.
File C:\WINDOWS\System32\15724.exe not found.
File C:\WINDOWS\System32\19169.exe not found.
File C:\WINDOWS\System32\18467.exe not found.
C:\WINDOWS\system32\vejasoso.dll moved successfully.
C:\WINDOWS\system32\domagihi.dll moved successfully.
File C:\WINDOWS\System32\23281.exe not found.
File C:\WINDOWS\System32\28145.exe not found.
File C:\WINDOWS\System32\5705.exe not found.
File C:\WINDOWS\System32\26962.exe not found.
File C:\WINDOWS\System32\29358.exe not found.
File C:\WINDOWS\System32\11478.exe not found.
C:\WINDOWS\system32\yasofemo.dll moved successfully.
File C:\WINDOWS\System32\winhelper86.dll not found.
File C:\WINDOWS\System32\AVR10.exe not found.
File C:\WINDOWS\System32\41.exe not found.
File C:\WINDOWS\System32\winupdate86.exe not found.
File C:\WINDOWS\System32\winlogon86.exe not found.
File C:\WINDOWS\System32\kuhunuze.dll not found.
File C:\WINDOWS\System32\wotologa.dll not found.
C:\Documents and Settings\HHA\Local Settings\Application Data\olukicuc.dat moved successfully.
C:\Documents and Settings\All Users\Application Data\aceqib.vbs moved successfully.
C:\WINDOWS\system32\wukedonuq.dll moved successfully.
C:\Program Files\Common Files\ledenify._sy moved successfully.
C:\Documents and Settings\All Users\Application Data\vyhiradaz.db moved successfully.
C:\Documents and Settings\All Users\Application Data\daweqovogo.reg moved successfully.
C:\Documents and Settings\HHA\Application Data\hinifiba.com moved successfully.
C:\WINDOWS\system32\orezy.sys moved successfully.
C:\Documents and Settings\HHA\Local Settings\Application Data\hifon.reg moved successfully.
C:\Program Files\Common Files\ycibe.lib moved successfully.
C:\WINDOWS\melo.sys moved successfully.
File C:\WINDOWS\vagy.exe not found.
C:\WINDOWS\ehetec.sys moved successfully.
C:\Program Files\Common Files\yhywiro.inf moved successfully.
C:\Program Files\Common Files\piqe.dat moved successfully.
File C:\WINDOWS\System32\jayamuja.dll not found.
File C:\WINDOWS\System32\wowuputi.dll not found.
File C:\WINDOWS\System32\sawuzowu.dll not found.
File C:\WINDOWS\System32\raripizu.dll not found.
File C:\WINDOWS\System32\juresuwe.dll not found.
File C:\WINDOWS\System32\zavipava.dll not found.
C:\Documents and Settings\HHA\Local Settings\Application Data\huwurifi.pif moved successfully.
File C:\Program Files\Common Files\hurew.db not found.
File C:\Program Files\Common Files\cugynofu.sys not found.
C:\WINDOWS\akuqu.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\desyruli.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\hegagisa.vbs moved successfully.
File C:\Program Files\Common Files\zadavyfece.pif not found.
C:\WINDOWS\larykiwas.dat moved successfully.
C:\Documents and Settings\HHA\Application Data\gapugeja.dl moved successfully.
File C:\Program Files\Common Files\liqehib.reg not found.
C:\Program Files\Common Files\oxag.ban moved successfully.
C:\Documents and Settings\HHA\Local Settings\Application Data\dicaki._sy moved successfully.
File C:\Program Files\Common Files\lubob.dl not found.
C:\WINDOWS\pyruvot.com moved successfully.
C:\Documents and Settings\HHA\Application Data\orurati.lib moved successfully.
C:\Documents and Settings\HHA\Application Data\nywipeset._dl moved successfully.
C:\Documents and Settings\HHA\Local Settings\Application Data\jipa.inf moved successfully.
C:\Documents and Settings\HHA\Application Data\ebulegurul.dat moved successfully.
C:\Documents and Settings\All Users\Application Data\ozudyhudo.dat moved successfully.
C:\Documents and Settings\HHA\Local Settings\Application Data\umequl.dll moved successfully.
File C:\Program Files\Common Files\ypymy.scr not found.
C:\Documents and Settings\HHA\Local Settings\Application Data\hukahyl.scr moved successfully.
C:\Documents and Settings\HHA\Application Data\ibavakuno._sy moved successfully.
File C:\Program Files\Common Files\ajawyv.vbs not found.
C:\Documents and Settings\HHA\Application Data\qotuqo.scr moved successfully.
File C:\Program Files\Common Files\ikebyrige.sys not found.
C:\Documents and Settings\All Users\Application Data\ipepiru.db moved successfully.
File C:\Program Files\Common Files\yjatylin.bin not found.
C:\WINDOWS\system32\rixojysa.bin moved successfully.
C:\Documents and Settings\HHA\Application Data\qepagyhyc.lib moved successfully.
C:\WINDOWS\epebagek.sys moved successfully.
C:\Program Files\Common Files\tizihigys._sy moved successfully.
C:\Documents and Settings\All Users\Application Data\opinuvaqyt.reg moved successfully.
File C:\Program Files\Common Files\vusovysof.bin not found.
C:\Program Files\Common Files\anir._dl moved successfully.
C:\WINDOWS\system32\acyjeravob.dat moved successfully.
C:\WINDOWS\odatojefi.bin moved successfully.
C:\WINDOWS\system32\rinavegi.dll moved successfully.
C:\WINDOWS\system32\zozegura.dll moved successfully.
C:\WINDOWS\system32\wahajepo.dll moved successfully.
C:\Documents and Settings\HHA\Application Data\zamejiqiza.pif moved successfully.
C:\Documents and Settings\HHA\Application Data\jepavuva.scr moved successfully.
C:\WINDOWS\system32\losyvos.dat moved successfully.
C:\Documents and Settings\All Users\Application Data\neriz.dll moved successfully.
File C:\Program Files\Common Files\cuvovy.vbs not found.
C:\WINDOWS\ufoxadaka.com moved successfully.
C:\Documents and Settings\HHA\Local Settings\Application Data\qepu.dat moved successfully.
C:\Documents and Settings\HHA\Application Data\obucymezas.reg moved successfully.
File C:\Program Files\Common Files\nufarumiw.reg not found.
C:\Program Files\Common Files\nete._dl moved successfully.
C:\Documents and Settings\HHA\Application Data\ewuqohy.dat moved successfully.
C:\Documents and Settings\HHA\Local Settings\Application Data\obyny.sys moved successfully.
File C:\WINDOWS\iruqyjiweq.exe not found.
C:\Program Files\Common Files\fizef.dat moved successfully.
C:\WINDOWS\mamove.com moved successfully.
C:\Documents and Settings\HHA\Application Data\vijiqa.lib moved successfully.
File C:\WINDOWS\System32\drivers\cb381f72.sys not found.
File C:\WINDOWS\Pqanofepohebaf.dat not found.
File C:\WINDOWS\Tasks\zvfgyied.job not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\HHA\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\HHA\Desktop\cmd.txt deleted successfully.
File\Folder C:\Program Files\MyWebSearch not found.
Error: Unable to interpret <:Commands[purity]> in the current context!
Error: Unable to interpret <[resethosts]> in the current context!
Error: Unable to interpret <[emptytemp> in the current context!
Error: Unable to interpret <][EMPTYFLASH]> in the current context!
Error: Unable to interpret <[CREATERESTOREPOINT]> in the current context!
Error: Unable to interpret <[Reboot]> in the current context!

OTL by OldTimer - Version 3.2.22.3 log created on 05052011_164414
  • 0

#21
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looks like OTL managed to run the fix after all

One more to remove now - on completion of these runs can you let me know what problems remain

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

RegLockDel::
[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\Root\LEGACY_WINSTS\0000\LogConf]


3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new OTListit log.

THEN

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

#22
el_jack

el_jack

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts
here are the post

I could not run malwarebyte The program will not install correctly. The virus left something attached to the folder probably. It is not located in the start menu. I have to go rightclick c: select programs folder and there malwarebyte is. I tried to delete it but it will not allow it.
What should I do

combo log
ComboFix 11-05-04.04 - HHA 05/06/2011 13:50:13.3.2 - x86
Running from: c:\documents and settings\HHA\Desktop\Gotcha.exe
Command switches used :: E:\CFScript.txt
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\spool\prtprocs\w32x86\x5pp.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-04-06 to 2011-05-06 )))))))))))))))))))))))))))))))
.
.
2011-05-05 17:32 . 2011-05-05 17:32 -------- d-----w- C:\_OTL
2011-05-02 02:52 . 2011-05-04 15:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-02 00:00 . 2011-05-02 00:00 -------- d-----w- c:\documents and settings\HHA\Application Data\Malwarebytes
2011-05-02 00:00 . 2011-05-02 00:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
------- Sigcheck -------
.
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys
.
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\drivers\asyncmac.sys
.
[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\beep.sys
[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\system32\drivers\kbdclass.sys
.
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys
.
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\ERDNT\cache\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\system32\dllcache\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\system32\drivers\ntfs.sys
[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys
.
[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\null.sys
[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\ERDNT\cache\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\tcpip.sys
[-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
.
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\browser.dll
[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\browser.dll
[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\system32\browser.dll
.
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\lsass.exe
[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\lsass.exe
[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe
.
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\ERDNT\cache\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\system32\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll
.
[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\comres.dll
[-] 2004-08-04 10:00 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\ERDNT\cache\comres.dll
[-] 2004-08-04 10:00 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\system32\comres.dll
.
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\qmgr.dll
[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\ERDNT\cache\qmgr.dll
[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\system32\qmgr.dll
.
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2009-02-09 . 24B5D53B9ACCC1E2EDCF0A878D6659D4 . 401408 . . [5.1.2600.3520] . . c:\windows\ERDNT\cache\rpcss.dll
[-] 2009-02-09 . 24B5D53B9ACCC1E2EDCF0A878D6659D4 . 401408 . . [5.1.2600.3520] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 24B5D53B9ACCC1E2EDCF0A878D6659D4 . 401408 . . [5.1.2600.3520] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-04-28 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll
[-] 2004-08-04 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB894391$\rpcss.dll
.
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2009-02-06 . 4712531AB7A01B7EE059853CA17D39BD . 110592 . . [5.1.2600.3520] . . c:\windows\ERDNT\cache\services.exe
[-] 2009-02-06 . 4712531AB7A01B7EE059853CA17D39BD . 110592 . . [5.1.2600.3520] . . c:\windows\system32\services.exe
[-] 2009-02-06 . 4712531AB7A01B7EE059853CA17D39BD . 110592 . . [5.1.2600.3520] . . c:\windows\system32\dllcache\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\services.exe
[-] 2004-08-04 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572$\services.exe
.
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\ERDNT\cache\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\system32\spoolsv.exe
.
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\winlogon.exe
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\winlogon.exe
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
.
[-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\ERDNT\cache\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2006-08-25 . C4E80875C1CF1222FC5EFD0314AE5C01 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[-] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2004-08-04 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
.
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\cryptsvc.dll
[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\cryptsvc.dll
[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\system32\cryptsvc.dll
.
[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\ERDNT\cache\es.dll
[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\es.dll
[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2004-08-04 10:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB950974$\es.dll
.
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\imm32.dll
[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\imm32.dll
[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\system32\imm32.dll
.
[-] 2009-03-21 . B6ACAED7588295129791E0E6A2B0FADE . 986112 . . [5.1.2600.3541] . . c:\windows\ERDNT\cache\kernel32.dll
[-] 2009-03-21 . B6ACAED7588295129791E0E6A2B0FADE . 986112 . . [5.1.2600.3541] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . B6ACAED7588295129791E0E6A2B0FADE . 986112 . . [5.1.2600.3541] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2009-03-21 . 80202858D245FF07DAA1739C57A3E19B . 989184 . . [5.1.2600.3541] . . c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\kernel32.dll
[-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
.
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\ERDNT\cache\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\system32\linkinfo.dll
[-] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll
.
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\lpk.dll
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\lpk.dll
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\lpk.dll
.
[-] 2009-07-18 . 7467941BE64DFC5F8E9F3DC1DE920806 . 3069440 . . [6.00.2900.5848] . . c:\windows\$hf_mig$\KB972260\SP3GDR\mshtml.dll
[-] 2009-07-18 . 9A878C4D12BE5598B598B27BFEA1B3C2 . 3069440 . . [6.00.2900.3603] . . c:\windows\ERDNT\cache\mshtml.dll
[-] 2009-07-18 . 9A878C4D12BE5598B598B27BFEA1B3C2 . 3069440 . . [6.00.2900.3603] . . c:\windows\system32\mshtml.dll
[-] 2009-07-18 . 9A878C4D12BE5598B598B27BFEA1B3C2 . 3069440 . . [6.00.2900.3603] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2009-07-18 . F3EE47F296295D08A97CB50EF57244D9 . 3069952 . . [6.00.2900.5848] . . c:\windows\$hf_mig$\KB972260\SP3QFE\mshtml.dll
[-] 2009-04-29 . ABD8093E43E53AEA5898D2214B92E9BA . 3068928 . . [6.00.2900.5803] . . c:\windows\$hf_mig$\KB969897\SP3GDR\mshtml.dll
[-] 2009-04-29 . 7BB862F4CBB8361551C34674291BA5EC . 3068928 . . [6.00.2900.3562] . . c:\windows\$NtUninstallKB972260$\mshtml.dll
[-] 2009-04-29 . 06CF679E3D24C3DF270556456A0F1EDA . 3069440 . . [6.00.2900.5803] . . c:\windows\$hf_mig$\KB969897\SP3QFE\mshtml.dll
[-] 2009-02-20 . 03D98EB3F7BBD1FA14C650597F1989BC . 3067904 . . [6.00.2900.3527] . . c:\windows\$NtUninstallKB969897$\mshtml.dll
[-] 2009-02-20 . 2F70F2F74C40397D031016FA162981C2 . 3068416 . . [6.00.2900.5764] . . c:\windows\$hf_mig$\KB963027\SP3GDR\mshtml.dll
[-] 2009-02-20 . 1618A4A2C5DD8164B8295190C8EA6544 . 3068416 . . [6.00.2900.5764] . . c:\windows\$hf_mig$\KB963027\SP3QFE\mshtml.dll
[-] 2008-12-12 . 6D1D493622EA050DBAABD0C4C1DFADB5 . 3067392 . . [6.00.2900.3492] . . c:\windows\$NtUninstallKB963027$\mshtml.dll
[-] 2008-12-12 . B6DAA74E2ED36C71B502945589A683AE . 3067904 . . [6.00.2900.5726] . . c:\windows\$hf_mig$\KB960714\SP3QFE\mshtml.dll
[-] 2008-12-12 . C828AA1C5469E72251F3D367005E589F . 3067904 . . [6.00.2900.5726] . . c:\windows\$hf_mig$\KB960714\SP3GDR\mshtml.dll
[-] 2008-10-16 . CC5A2205D37AE67CE23AB7FD3E1FDACA . 3067904 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\mshtml.dll
[-] 2008-10-16 . C99D8B48FC245D98E1A2BAB6594458C9 . 3067392 . . [6.00.2900.3462] . . c:\windows\$NtUninstallKB960714$\mshtml.dll
[-] 2008-10-16 . B846C2DE341CF32B42AD297437233742 . 3067904 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3GDR\mshtml.dll
[-] 2008-08-20 . 20D44D1A5A406CD8E129D3D4F0B5717C . 3067392 . . [6.00.2900.3429] . . c:\windows\$NtUninstallKB958215$\mshtml.dll
[-] 2008-08-20 . 507BDA42F7DB8209C0F0B3556A043491 . 3067904 . . [6.00.2900.5659] . . c:\windows\$hf_mig$\KB956390\SP3GDR\mshtml.dll
[-] 2008-08-20 . BD45470B132A0F98596277323D9F2E5A . 3067904 . . [6.00.2900.5659] . . c:\windows\$hf_mig$\KB956390\SP3QFE\mshtml.dll
[-] 2008-06-25 . 04EEC0FF4DD3C7041628973CA6832C33 . 3067904 . . [6.00.2900.5626] . . c:\windows\$hf_mig$\KB953838\SP3QFE\mshtml.dll
[-] 2008-06-23 . 1FC693A4EE1D9D9CD78DDA6C87232F6F . 3067392 . . [6.00.2900.3395] . . c:\windows\$NtUninstallKB956390$\mshtml.dll
[-] 2008-06-23 . F433136C23D13B120412B300D1324A7E . 3067392 . . [6.00.2900.5626] . . c:\windows\$hf_mig$\KB953838\SP3GDR\mshtml.dll
[-] 2008-04-21 . 083B967E6B0B2BB539CE6B08D45D631F . 3066880 . . [6.00.2900.3354] . . c:\windows\$NtUninstallKB953838$\mshtml.dll
[-] 2008-04-21 . FE406DE0651C9E8201DCB0460609D739 . 3066880 . . [6.00.2900.5583] . . c:\windows\$hf_mig$\KB950759\SP3GDR\mshtml.dll
[-] 2008-04-21 . 46A61BA430110F00DD990D058AA3D054 . 3067392 . . [6.00.2900.5583] . . c:\windows\$hf_mig$\KB950759\SP3QFE\mshtml.dll
[-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\mshtml.dll
[-] 2007-05-04 . 00ADCB32832A10ED9419493BCEA97526 . 3064320 . . [6.00.2900.3132] . . c:\windows\$hf_mig$\KB933566\SP2QFE\mshtml.dll
[-] 2007-05-04 . 00ADCB32832A10ED9419493BCEA97526 . 3064320 . . [6.00.2900.3132] . . c:\windows\$NtUninstallKB950759$\mshtml.dll
[-] 2007-05-04 . 4D92717B5BBCE85F1254BAD23B0D357C . 3058688 . . [6.00.2900.3132] . . c:\windows\$NtUninstallKB933566$\mshtml.dll
[-] 2006-02-01 . 51C91AC189321A320FC4BC90B56255A3 . 3073024 . . [6.00.2900.2838] . . c:\windows\$hf_mig$\KB912945\SP2QFE\mshtml.dll
.
[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\asms\70\msft\windows\mswincrt\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\msvcrt.dll
[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\ERDNT\cache\msvcrt.dll
[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\system32\msvcrt.dll
[-] 2004-08-04 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2004-08-04 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
.
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\ERDNT\cache\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\mswsock.dll
[-] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
.
[-] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\ERDNT\cache\netlogon.dll
[-] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\system32\netlogon.dll
[-] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\system32\dllcache\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\netlogon.dll
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB968389$\netlogon.dll
.
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\powrprof.dll
[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\ERDNT\cache\powrprof.dll
[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\system32\powrprof.dll
.
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\scecli.dll
[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\scecli.dll
[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\system32\scecli.dll
.
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\system32\sfc.dll
.
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\svchost.exe
[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\svchost.exe
[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe
.
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\ERDNT\cache\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\system32\tapisrv.dll
[-] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll
.
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\ERDNT\cache\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\system32\dllcache\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
.
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe
.
[-] 2009-06-26 . 70FFEA4793D7139A447B169CB0E500BC . 666624 . . [6.00.2900.5835] . . c:\windows\$hf_mig$\KB972260\SP3GDR\wininet.dll
[-] 2009-06-26 . 8553E6D4EC1563277323E6B2D6FBB954 . 668160 . . [6.00.2900.5835] . . c:\windows\$hf_mig$\KB972260\SP3QFE\wininet.dll
[-] 2009-06-26 . CF0B7B2738BEF0EB87673393CB7EA06E . 668160 . . [6.00.2900.3592] . . c:\windows\ERDNT\cache\wininet.dll
[-] 2009-06-26 . CF0B7B2738BEF0EB87673393CB7EA06E . 668160 . . [6.00.2900.3592] . . c:\windows\system32\wininet.dll
[-] 2009-06-26 . CF0B7B2738BEF0EB87673393CB7EA06E . 668160 . . [6.00.2900.3592] . . c:\windows\system32\dllcache\wininet.dll
[-] 2009-04-29 . 6002073519FA478BF89977369CDFD156 . 666624 . . [6.00.2900.5803] . . c:\windows\$hf_mig$\KB969897\SP3GDR\wininet.dll
[-] 2009-04-29 . 9E36A148748C5DE4EA1F47B9B625F412 . 668160 . . [6.00.2900.3562] . . c:\windows\$NtUninstallKB972260$\wininet.dll
[-] 2009-04-29 . 04BCB4F87B35502568F6CF33433543A5 . 668160 . . [6.00.2900.5803] . . c:\windows\$hf_mig$\KB969897\SP3QFE\wininet.dll
[-] 2009-02-20 . 1EA0E6DD74199209D60991FD46CE8643 . 668160 . . [6.00.2900.3527] . . c:\windows\$NtUninstallKB969897$\wininet.dll
[-] 2009-02-20 . 5B6A3EB7BB2F338BC2CB9F2FA4AAEA9E . 666112 . . [6.00.2900.5764] . . c:\windows\$hf_mig$\KB963027\SP3GDR\wininet.dll
[-] 2009-02-20 . 711FEABED387B29FF7ED61BC6806A06C . 667648 . . [6.00.2900.5764] . . c:\windows\$hf_mig$\KB963027\SP3QFE\wininet.dll
[-] 2008-10-16 . 93C9D0A216498EE14EB9B26119BB95EE . 667648 . . [6.00.2900.3462] . . c:\windows\$NtUninstallKB963027$\wininet.dll
[-] 2008-10-16 . E8FCE58A470999350F64C591557F9E42 . 667136 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll
[-] 2008-10-16 . 1576318BF08D28CC61D1278114AD8D5B . 666112 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3GDR\wininet.dll
[-] 2008-08-20 . C91E3A6EF094202F6B5CA8960DFCF243 . 667648 . . [6.00.2900.3429] . . c:\windows\$NtUninstallKB958215$\wininet.dll
[-] 2008-08-20 . 9AF5F25124FBDC36E2B510729CBA2674 . 666112 . . [6.00.2900.5659] . . c:\windows\$hf_mig$\KB956390\SP3GDR\wininet.dll
[-] 2008-08-20 . 94418F53D2612C26DBADC04DAFBC197C . 666624 . . [6.00.2900.5659] . . c:\windows\$hf_mig$\KB956390\SP3QFE\wininet.dll
[-] 2008-06-23 . 611ACE3F4201E9610AF8452F7C268995 . 667136 . . [6.00.2900.3395] . . c:\windows\$NtUninstallKB956390$\wininet.dll
[-] 2008-06-23 . F12FBB673DE9CC802C5DC518FE99AA2F . 666112 . . [6.00.2900.5626] . . c:\windows\$hf_mig$\KB953838\SP3GDR\wininet.dll
[-] 2008-06-23 . 972299B7241EC325D8C7E5638C884925 . 666624 . . [6.00.2900.5626] . . c:\windows\$hf_mig$\KB953838\SP3QFE\wininet.dll
[-] 2008-04-21 . 2E7DE1BF9418B071799EB53DE8CC22F5 . 666624 . . [6.00.2900.3354] . . c:\windows\$NtUninstallKB953838$\wininet.dll
[-] 2008-04-21 . 2B0C24AA747A93A28987B6D65A4A74BC . 666112 . . [6.00.2900.5583] . . c:\windows\$hf_mig$\KB950759\SP3GDR\wininet.dll
[-] 2008-04-21 . 26F240C250E5B4B395CB4B178BA75437 . 666624 . . [6.00.2900.5583] . . c:\windows\$hf_mig$\KB950759\SP3QFE\wininet.dll
[-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\wininet.dll
[-] 2007-04-18 . 4261BA03AFD659DE04F0A17DFBDD454D . 665600 . . [6.00.2900.3121] . . c:\windows\$hf_mig$\KB933566\SP2QFE\wininet.dll
[-] 2007-04-18 . 4261BA03AFD659DE04F0A17DFBDD454D . 665600 . . [6.00.2900.3121] . . c:\windows\$NtUninstallKB950759$\wininet.dll
[-] 2007-04-18 . B7156CD97E739F3014BC4D61758F868A . 658944 . . [6.00.2900.3121] . . c:\windows\$NtUninstallKB933566$\wininet.dll
[-] 2006-01-09 . DDE9597A3311748C1519444E2BC147BD . 662016 . . [6.00.2900.2823] . . c:\windows\$hf_mig$\KB912945\SP2QFE\wininet.dll
.
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ws2_32.dll
[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\ws2_32.dll
[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\ws2_32.dll
.
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ws2help.dll
[-] 2004-08-04 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\ws2help.dll
[-] 2004-08-04 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\system32\ws2help.dll
.
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\ERDNT\cache\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\system32\dllcache\explorer.exe
[-] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
.
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\regedit.exe
[-] 2004-08-04 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\regedit.exe
[-] 2004-08-04 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\regedit.exe
.
[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ole32.dll
[-] 2005-07-26 . AB8231D13692AC5088EB9C226B0C0576 . 1285120 . . [5.1.2600.2726] . . c:\windows\ERDNT\cache\ole32.dll
[-] 2005-07-26 . AB8231D13692AC5088EB9C226B0C0576 . 1285120 . . [5.1.2600.2726] . . c:\windows\system32\ole32.dll
[-] 2005-07-26 . A2F755E237FA2CDD748A80BFBE6657F3 . 1285632 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\ole32.dll
[-] 2005-04-28 . 7440D29F257B7E44329343F944F2142C . 1286144 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\ole32.dll
[-] 2005-04-28 . 5950E4F28FDA9D147576BF6798937397 . 1285120 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\ole32.dll
[-] 2004-08-04 . 4FE9D9FA62D020E35E0AC6D1AEEB96F0 . 1281536 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB894391$\ole32.dll
.
[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\usp10.dll
[-] 2004-08-04 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\ERDNT\cache\usp10.dll
[-] 2004-08-04 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\system32\usp10.dll
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll
.
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe
.
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll
.
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll
[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\eventlog.dll
[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\eventlog.dll
[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\eventlog.dll
.
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\sfcfiles.dll
[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\sfcfiles.dll
[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ctfmon.exe
[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\ctfmon.exe
[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
.
[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\ERDNT\cache\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\system32\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
.
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\regsvc.dll
[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\regsvc.dll
[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\regsvc.dll
.
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\system32\schedsvc.dll
.
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ssdpsrv.dll
[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\ssdpsrv.dll
[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\ssdpsrv.dll
.
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\system32\termsrv.dll
.
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\hnetcfg.dll
[-] 2004-08-04 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\hnetcfg.dll
[-] 2004-08-04 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\system32\hnetcfg.dll
.
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\appmgmts.dll
[-] 2004-08-04 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\appmgmts.dll
[-] 2004-08-04 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\system32\appmgmts.dll
.
[-] 2004-08-04 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\acpiec.sys
[-] 2004-08-04 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\Driver Cache\i386\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\ERDNT\cache\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\dllcache\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\system32\drivers\aec.sys
[-] 2004-08-04 03:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys
.
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\agp440.sys
[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\AGP440.SYS
[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\system32\drivers\AGP440.SYS
.
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ip6fw.sys
.
[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\mfc40u.dll
[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\ERDNT\cache\mfc40u.dll
[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\system32\dllcache\mfc40u.dll
.
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\msgsvc.dll
[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\msgsvc.dll
[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\msgsvc.dll
.
[-] 2005-01-28 18:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\ERDNT\cache\MsPMSNSv.dll
[-] 2005-01-28 18:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2005-01-28 18:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\system32\MsPMSNSv.dll
[-] 2005-01-28 18:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2004-08-04 10:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
.
[-] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2009-02-06 . 243223E3FB74B68DFFBB41989F33DFB3 . 2020864 . . [5.1.2600.3520] . . c:\windows\ERDNT\cache\ntkrnlpa.exe
[-] 2009-02-06 . 243223E3FB74B68DFFBB41989F33DFB3 . 2020864 . . [5.1.2600.3520] . . c:\windows\system32\ntkrnlpa.exe
[-] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 . 501FDE895F35DF1DAE49FD54BBF9D396 . 2020864 . . [5.1.2600.3427] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ntkrnlpa.exe
[-] 2007-02-28 . 2DFB215E291E3D9B1CF9A6739B3BF16C . 2017280 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2007-02-28 . A58AC1C6199EF34228ABEE7FC057AE09 . 2015744 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2005-03-02 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
.
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ntmssvc.dll
[-] 2004-08-04 10:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\ERDNT\cache\ntmssvc.dll
[-] 2004-08-04 10:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\system32\ntmssvc.dll
.
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\upnphost.dll
[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\ERDNT\cache\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\system32\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\system32\dllcache\upnphost.dll
.
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\dsound.dll
[-] 2004-08-04 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\ERDNT\cache\dsound.dll
[-] 2004-08-04 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\system32\dsound.dll
.
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\d3d9.dll
[-] 2004-08-04 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\ERDNT\cache\d3d9.dll
[-] 2004-08-04 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\system32\d3d9.dll
.
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ddraw.dll
[-] 2004-08-04 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\ERDNT\cache\ddraw.dll
[-] 2004-08-04 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\system32\ddraw.dll
.
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\olepro32.dll
[-] 2004-08-04 10:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\olepro32.dll
[-] 2004-08-04 10:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\system32\olepro32.dll
.
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\perfctrs.dll
[-] 2004-08-04 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\perfctrs.dll
[-] 2004-08-04 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\system32\perfctrs.dll
.
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\version.dll
[-] 2004-08-04 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\version.dll
[-] 2004-08-04 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\system32\version.dll
.
[-] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\iexplore.exe
[-] 2004-08-04 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\ERDNT\cache\IEXPLORE.EXE
.
[-] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[-] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2009-02-06 . 19A791C5DFE59AA9BB1461C4957004F6 . 2142720 . . [5.1.2600.3520] . . c:\windows\ERDNT\cache\ntoskrnl.exe
[-] 2009-02-06 . 19A791C5DFE59AA9BB1461C4957004F6 . 2142720 . . [5.1.2600.3520] . . c:\windows\system32\ntoskrnl.exe
[-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 . 60794EA12961B7341AD54C731B50AE15 . 2142720 . . [5.1.2600.3427] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ntoskrnl.exe
[-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 . E6679C3023B17D8B78946BC5DF53FA20 . 2137600 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[-] 2007-02-28 . 1220FAF071DEA8653EE21DE7DCDA8BFD . 2136064 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll
.
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\w32time.dll
[-] 2004-08-04 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\w32time.dll
[-] 2004-08-04 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\system32\w32time.dll
.
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\wiaservc.dll
[-] 2006-12-19 . D9F097AA3B97034D3358A01B43E635B2 . 333824 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB927802\SP2QFE\wiaservc.dll
[-] 2006-12-19 . B6763F8534AC547CF1AF98AFDFF2EDC8 . 333824 . . [5.1.2600.3051] . . c:\windows\ERDNT\cache\wiaservc.dll
[-] 2006-12-19 . B6763F8534AC547CF1AF98AFDFF2EDC8 . 333824 . . [5.1.2600.3051] . . c:\windows\system32\wiaservc.dll
[-] 2006-12-19 . B6763F8534AC547CF1AF98AFDFF2EDC8 . 333824 . . [5.1.2600.3051] . . c:\windows\system32\dllcache\wiaservc.dll
.
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\midimap.dll
[-] 2004-08-04 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\midimap.dll
[-] 2004-08-04 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\windows\system32\midimap.dll
.
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\rasadhlp.dll
[-] 2006-06-26 . B5D08C96B2DADAF5171FB69E341B272B . 7680 . . [5.1.2600.2938] . . c:\windows\$hf_mig$\KB920683\SP2QFE\rasadhlp.dll
[-] 2006-06-26 . 5F098BD2AE6B03044B085DECFFDF91EC . 8192 . . [5.1.2600.2938] . . c:\windows\ERDNT\cache\rasadhlp.dll
[-] 2006-06-26 . 5F098BD2AE6B03044B085DECFFDF91EC . 8192 . . [5.1.2600.2938] . . c:\windows\system32\rasadhlp.dll
[-] 2006-06-26 . 5F098BD2AE6B03044B085DECFFDF91EC . 8192 . . [5.1.2600.2938] . . c:\windows\system32\dllcache\rasadhlp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-06 68856]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
"SigmatelSysTrayApp"="stsystra.exe" [2006-09-22 282624]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-12 623992]
"Acrobat Speed Launch"="c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe" [2006-10-23 46200]
"HostManager"="c:\program files\Common Files\AOL\1190319181\EE\AOLHostManager.exe" [2004-11-03 125528]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-10-20 34904]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-18 79448]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2007-09-20 26112]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe" [2007-05-11 738968]
.
c:\documents and settings\HHA\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-9-30 503808]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-9-20 24576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE_OEM]
2006-08-04 21:15 321040 ----a-w- c:\program files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]
2006-11-21 19:02 1807960 ----a-w- c:\program files\Trend Micro\Internet Security 14\pccguide.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"tmproxy"=2 (0x2)
"TmPfw"=2 (0x2)
"Tmntsrv"=2 (0x2)
"PcCtlCom"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1190319181\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\BCMWLTRY.EXE"=
"c:\\WINDOWS\\system32\\logon.scr"=
"c:\\Program Files\\Common Files\\Roxio Shared\\9.0\\SharedCOM\\CPSHelpRunner.exe"=
.
R3 PCD5SRVC{FBEA8B78-1B22F121-05040000};PCD5SRVC{FBEA8B78-1B22F121-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms [2007-12-05 20640]
R4 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2006-09-25 345696]
R4 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2006-11-09 923216]
R4 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [2006-11-09 566872]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2008-11-26 36368]
S3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\DRIVERS\TM_CFW.sys [2006-11-09 280392]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2009-10-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070920
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {CB06DD94-72C7-4901-A89D-DDE55C5C7F21} = 83.149.115.157,4.2.2.1
TCP: {DE51BFCB-C3B7-42F4-9531-F5A2408AF616} = 83.149.115.157,4.2.2.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-06 13:55
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCD5SRVC{FBEA8B78-1B22F121-05040000}]
"ImagePath"="\??\c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1288)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
Completion time: 2011-05-06 13:58:24
ComboFix-quarantined-files.txt 2011-05-06 18:58
ComboFix2.txt 2011-05-05 21:38
ComboFix3.txt 2011-05-05 21:01
.
Pre-Run: 28,850,655,232 bytes free
Post-Run: 28,837,273,600 bytes free
.
- - End Of File - - 756129DE012300F66AE7DAF5878C4133

here is otl

========== OTL ==========
No active process named winupdate86.exe was found!
Process smss.exe killed successfully!
Error: No service named 6to4 was found to stop!
Service\Driver key 6to4 not found.
File C:\WINDOWS\system32\6to4v32.dll not found.
Error: No service named cb381f72 was found to stop!
Service\Driver key cb381f72 not found.
File C:\WINDOWS\System32\drivers\cb381f72.sys not found.
Error: No service named winsts was found to stop!
Service\Driver key winsts not found.
File C:\WINDOWS\system32\winsts.sys not found.
Registry value HKEY_USERS\S-1-5-21-2174217116-4051744875-3750064960-1008\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00A6FAF6-072E-44cf-8957-5838F569A31D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\ not found.
File C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL not found.
HKU\S-1-5-21-2174217116-4051744875-3750064960-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}\ not found.
File C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\%PROVIDERID% not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\kaxplaka not found.
File C:\Documents and Settings\HHA\Local Settings\Application Data\chgmna\uemjsysguard.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\My Web Search Bar not found.
File C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\notepad not found.
File C:\WINDOWS\System32\notepad.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Wcaqiq not found.
File C:\WINDOWS\usiqevoyoxaj.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\winupdate86.exe not found.
File C:\WINDOWS\system32\winupdate86.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\yejokepor not found.
File C:\WINDOWS\System32\laninejo.dll not found.
Registry value HKEY_USERS\S-1-5-21-2174217116-4051744875-3750064960-1008\Software\Microsoft\Windows\CurrentVersion\Run\\asg984jgkfmgasi8ug98jgkfgfb not found.
File C:\Documents and Settings\HHA\Local Settings\Temp\win32.exe not found.
Registry value HKEY_USERS\S-1-5-21-2174217116-4051744875-3750064960-1008\Software\Microsoft\Windows\CurrentVersion\Run\\kaxplaka not found.
File C:\Documents and Settings\HHA\Local Settings\Application Data\chgmna\uemjsysguard.exe not found.
Registry value HKEY_USERS\S-1-5-21-2174217116-4051744875-3750064960-1008\Software\Microsoft\Windows\CurrentVersion\Run\\ModemOnHold not found.
File C:\Program Files\NetWaiting\netwaiting.exe not found.
Registry value HKEY_USERS\S-1-5-21-2174217116-4051744875-3750064960-1008\Software\Microsoft\Windows\CurrentVersion\Run\\notepad not found.
File C:\WINDOWS\system32\config\systemprofile\ntload.dll not found.
Registry value HKEY_USERS\S-1-5-21-2174217116-4051744875-3750064960-1008\Software\Microsoft\Windows\CurrentVersion\Run\\ygua8e7yhuiesfha876yfauy8fe not found.
File C:\Documents and Settings\HHA\Local Settings\Temp\ds00k.exe not found.
Registry value HKEY_USERS\S-1-5-21-2174217116-4051744875-3750064960-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFolderOptions not found.
Registry value HKEY_USERS\S-1-5-21-2174217116-4051744875-3750064960-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls not found.
File C:\WINDOWS\system32\laninejo.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls not found.
File C:\WINDOWS\System32\wowuputi.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:rundll32.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:tapi.nfo deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:beforeglav deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\drivers\smss.exe deleted successfully.
File C:\WINDOWS\system32\drivers\smss.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\detuwilij not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48c7b3db-bac5-428c-9f93-c1c82c947b21}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\disobegos not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c75c06-bd09-4655-acba-d832dbedac8b}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\fanewotey not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27ba87b9-2632-478b-af65-427c79bf61f9}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\gadenetow not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1954b358-7c61-4686-8962-a1d952ae35f1}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\gezafuvep not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7bd12508-c15b-411d-a691-832c44e9176b}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\mosiyefir not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7664a25b-9585-46dd-89ab-473eed64e42d}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\ribuwusun not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3710be37-86ca-4bc8-a551-26166b3b6666}\ not found.
File C:\WINDOWS\system32\laninejo.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\tiduyugun not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b40ff048-f3f2-4011-a5c8-1d14e5b27d35}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\vafayumem not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03e9f8fc-4a62-4a33-a6d3-b92e42f415b6}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{03e9f8fc-4a62-4a33-a6d3-b92e42f415b6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03e9f8fc-4a62-4a33-a6d3-b92e42f415b6}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{1954b358-7c61-4686-8962-a1d952ae35f1} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1954b358-7c61-4686-8962-a1d952ae35f1}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{27ba87b9-2632-478b-af65-427c79bf61f9} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27ba87b9-2632-478b-af65-427c79bf61f9}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{3710be37-86ca-4bc8-a551-26166b3b6666} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3710be37-86ca-4bc8-a551-26166b3b6666}\ not found.
File C:\WINDOWS\system32\laninejo.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{48c7b3db-bac5-428c-9f93-c1c82c947b21} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48c7b3db-bac5-428c-9f93-c1c82c947b21}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{7664a25b-9585-46dd-89ab-473eed64e42d} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7664a25b-9585-46dd-89ab-473eed64e42d}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{7bd12508-c15b-411d-a691-832c44e9176b} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7bd12508-c15b-411d-a691-832c44e9176b}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{88c75c06-bd09-4655-acba-d832dbedac8b} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c75c06-bd09-4655-acba-d832dbedac8b}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{b40ff048-f3f2-4011-a5c8-1d14e5b27d35} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b40ff048-f3f2-4011-a5c8-1d14e5b27d35}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb81f444-3399-11de-bfc9-001c23905199}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb81f444-3399-11de-bfc9-001c23905199}\ not found.
File explorer . not found.
6to4 removed from NetSvcs value successfully!
File C:\WINDOWS\system32\6to4v32.dll not found.
File C:\Program Files\adc32.dll not found.
File C:\WINDOWS\System32\laninejo.dll not found.
File C:\WINDOWS\System32\hovebipu.dll not found.
File C:\WINDOWS\System32\yatewefa.dll not found.
File C:\WINDOWS\System32\mumonuwi.dll not found.
File C:\WINDOWS\System32\mokojela.dll not found.
File C:\WINDOWS\System32\zahasila.dll not found.
File C:\WINDOWS\System32\wipalego.dll not found.
File C:\WINDOWS\System32\senukare.dll not found.
File C:\WINDOWS\System32\fedoniko.dll not found.
File C:\WINDOWS\System32\jarowara not found.
File C:\WINDOWS\System32\11478.exe not found.
File C:\WINDOWS\System32\15724.exe not found.
File C:\WINDOWS\tasks\zvfgyied.job not found.
File C:\WINDOWS\System32\19169.exe not found.
File C:\WINDOWS\System32\26500.exe not found.
File C:\WINDOWS\System32\6334.exe not found.
File C:\WINDOWS\System32\18467.exe not found.
File C:\WINDOWS\System32\winhelper86.dll not found.
File C:\WINDOWS\System32\AVR10.exe not found.
File C:\WINDOWS\System32\41.exe not found.
File C:\WINDOWS\System32\2995.exe not found.
File C:\WINDOWS\System32\491.exe not found.
File C:\WINDOWS\System32\9961.exe not found.
File C:\WINDOWS\System32\16827.exe not found.
File C:\WINDOWS\System32\23281.exe not found.
File C:\WINDOWS\System32\28145.exe not found.
File C:\WINDOWS\System32\5705.exe not found.
File C:\WINDOWS\System32\24464.exe not found.
File C:\WINDOWS\System32\26962.exe not found.
File C:\WINDOWS\System32\29358.exe not found.
File C:\WINDOWS\Pqanofepohebaf.dat not found.
File C:\WINDOWS\System32\4292.exe not found.
File C:\WINDOWS\System32\16056.exe not found.
File C:\WINDOWS\System32\24361.exe not found.
File C:\WINDOWS\System32\5686.exe not found.
File C:\WINDOWS\System32\20550.exe not found.
File C:\Program Files\adc32.dll not found.
File C:\WINDOWS\System32\laninejo.dll not found.
File C:\WINDOWS\System32\hovebipu.dll not found.
File C:\WINDOWS\System32\yatewefa.dll not found.
File C:\WINDOWS\System32\mumonuwi.dll not found.
File C:\WINDOWS\System32\mokojela.dll not found.
File C:\WINDOWS\System32\zahasila.dll not found.
File C:\WINDOWS\System32\wipalego.dll not found.
File C:\WINDOWS\System32\senukare.dll not found.
File C:\WINDOWS\System32\fedoniko.dll not found.
File C:\WINDOWS\System32\2995.exe not found.
File C:\WINDOWS\System32\491.exe not found.
File C:\WINDOWS\System32\9961.exe not found.
File C:\WINDOWS\System32\16827.exe not found.
File C:\WINDOWS\System32\4292.exe not found.
File C:\WINDOWS\System32\16056.exe not found.
File C:\WINDOWS\System32\24361.exe not found.
File C:\WINDOWS\System32\5686.exe not found.
File C:\WINDOWS\System32\20550.exe not found.
File C:\WINDOWS\System32\26500.exe not found.
File C:\WINDOWS\System32\6334.exe not found.
File C:\WINDOWS\System32\24464.exe not found.
File C:\WINDOWS\System32\15724.exe not found.
File C:\WINDOWS\System32\19169.exe not found.
File C:\WINDOWS\System32\18467.exe not found.
File C:\WINDOWS\System32\vejasoso.dll not found.
File C:\WINDOWS\System32\domagihi.dll not found.
File C:\WINDOWS\System32\23281.exe not found.
File C:\WINDOWS\System32\28145.exe not found.
File C:\WINDOWS\System32\5705.exe not found.
File C:\WINDOWS\System32\26962.exe not found.
File C:\WINDOWS\System32\29358.exe not found.
File C:\WINDOWS\System32\11478.exe not found.
File C:\WINDOWS\System32\yasofemo.dll not found.
File C:\WINDOWS\System32\winhelper86.dll not found.
File C:\WINDOWS\System32\AVR10.exe not found.
File C:\WINDOWS\System32\41.exe not found.
File C:\WINDOWS\System32\winupdate86.exe not found.
File C:\WINDOWS\System32\winlogon86.exe not found.
File C:\WINDOWS\System32\kuhunuze.dll not found.
File C:\WINDOWS\System32\wotologa.dll not found.
File C:\Documents and Settings\HHA\Local Settings\Application Data\olukicuc.dat not found.
File C:\Documents and Settings\All Users\Application Data\aceqib.vbs not found.
File C:\WINDOWS\System32\wukedonuq.dll not found.
File C:\Program Files\Common Files\ledenify._sy not found.
File C:\Documents and Settings\All Users\Application Data\vyhiradaz.db not found.
File C:\Documents and Settings\All Users\Application Data\daweqovogo.reg not found.
File C:\Documents and Settings\HHA\Application Data\hinifiba.com not found.
File C:\WINDOWS\System32\orezy.sys not found.
File C:\Documents and Settings\HHA\Local Settings\Application Data\hifon.reg not found.
File C:\Program Files\Common Files\ycibe.lib not found.
File C:\WINDOWS\melo.sys not found.
File C:\WINDOWS\vagy.exe not found.
File C:\WINDOWS\ehetec.sys not found.
File C:\Program Files\Common Files\yhywiro.inf not found.
File C:\Program Files\Common Files\piqe.dat not found.
File C:\WINDOWS\System32\jayamuja.dll not found.
File C:\WINDOWS\System32\wowuputi.dll not found.
File C:\WINDOWS\System32\sawuzowu.dll not found.
File C:\WINDOWS\System32\raripizu.dll not found.
File C:\WINDOWS\System32\juresuwe.dll not found.
File C:\WINDOWS\System32\zavipava.dll not found.
File C:\Documents and Settings\HHA\Local Settings\Application Data\huwurifi.pif not found.
File C:\Program Files\Common Files\hurew.db not found.
File C:\Program Files\Common Files\cugynofu.sys not found.
File C:\WINDOWS\akuqu.sys not found.
File C:\Documents and Settings\All Users\Application Data\desyruli.sys not found.
File C:\Documents and Settings\All Users\Application Data\hegagisa.vbs not found.
File C:\Program Files\Common Files\zadavyfece.pif not found.
File C:\WINDOWS\larykiwas.dat not found.
File C:\Documents and Settings\HHA\Application Data\gapugeja.dl not found.
File C:\Program Files\Common Files\liqehib.reg not found.
File C:\Program Files\Common Files\oxag.ban not found.
File C:\Documents and Settings\HHA\Local Settings\Application Data\dicaki._sy not found.
File C:\Program Files\Common Files\lubob.dl not found.
File C:\WINDOWS\pyruvot.com not found.
File C:\Documents and Settings\HHA\Application Data\orurati.lib not found.
File C:\Documents and Settings\HHA\Application Data\nywipeset._dl not found.
File C:\Documents and Settings\HHA\Local Settings\Application Data\jipa.inf not found.
File C:\Documents and Settings\HHA\Application Data\ebulegurul.dat not found.
File C:\Documents and Settings\All Users\Application Data\ozudyhudo.dat not found.
File C:\Documents and Settings\HHA\Local Settings\Application Data\umequl.dll not found.
File C:\Program Files\Common Files\ypymy.scr not found.
File C:\Documents and Settings\HHA\Local Settings\Application Data\hukahyl.scr not found.
File C:\Documents and Settings\HHA\Application Data\ibavakuno._sy not found.
File C:\Program Files\Common Files\ajawyv.vbs not found.
File C:\Documents and Settings\HHA\Application Data\qotuqo.scr not found.
File C:\Program Files\Common Files\ikebyrige.sys not found.
File C:\Documents and Settings\All Users\Application Data\ipepiru.db not found.
File C:\Program Files\Common Files\yjatylin.bin not found.
File C:\WINDOWS\System32\rixojysa.bin not found.
File C:\Documents and Settings\HHA\Application Data\qepagyhyc.lib not found.
File C:\WINDOWS\epebagek.sys not found.
File C:\Program Files\Common Files\tizihigys._sy not found.
File C:\Documents and Settings\All Users\Application Data\opinuvaqyt.reg not found.
File C:\Program Files\Common Files\vusovysof.bin not found.
File C:\Program Files\Common Files\anir._dl not found.
File C:\WINDOWS\System32\acyjeravob.dat not found.
File C:\WINDOWS\odatojefi.bin not found.
File C:\WINDOWS\System32\rinavegi.dll not found.
File C:\WINDOWS\System32\zozegura.dll not found.
File C:\WINDOWS\System32\wahajepo.dll not found.
File C:\Documents and Settings\HHA\Application Data\zamejiqiza.pif not found.
File C:\Documents and Settings\HHA\Application Data\jepavuva.scr not found.
File C:\WINDOWS\System32\losyvos.dat not found.
File C:\Documents and Settings\All Users\Application Data\neriz.dll not found.
File C:\Program Files\Common Files\cuvovy.vbs not found.
File C:\WINDOWS\ufoxadaka.com not found.
File C:\Documents and Settings\HHA\Local Settings\Application Data\qepu.dat not found.
File C:\Documents and Settings\HHA\Application Data\obucymezas.reg not found.
File C:\Program Files\Common Files\nufarumiw.reg not found.
File C:\Program Files\Common Files\nete._dl not found.
File C:\Documents and Settings\HHA\Application Data\ewuqohy.dat not found.
File C:\Documents and Settings\HHA\Local Settings\Application Data\obyny.sys not found.
File C:\WINDOWS\iruqyjiweq.exe not found.
File C:\Program Files\Common Files\fizef.dat not found.
File C:\WINDOWS\mamove.com not found.
File C:\Documents and Settings\HHA\Application Data\vijiqa.lib not found.
File C:\WINDOWS\System32\drivers\cb381f72.sys not found.
File C:\WINDOWS\Pqanofepohebaf.dat not found.
File C:\WINDOWS\Tasks\zvfgyied.job not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\HHA\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\HHA\Desktop\cmd.txt deleted successfully.
File\Folder C:\Program Files\MyWebSearch not found.
Error: Unable to interpret <:Commands[purity]> in the current context!
Error: Unable to interpret <[resethosts]> in the current context!
Error: Unable to interpret <[emptytemp> in the current context!
Error: Unable to interpret <][EMPTYFLASH]> in the current context!
Error: Unable to interpret <[CREATERESTOREPOINT]> in the current context!
Error: Unable to interpret <[Reboot]> in the current context!

OTL by OldTimer - Version 3.2.22.3 log created on 05062011_140040
  • 0

#23
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
With OTL you appear to be running the fix again as opposed to a scan - could you run OTL and just press the scan button please

With Malwarebytes did you download and install a fresh copy ?
  • 0

#24
el_jack

el_jack

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts
here is the otl log. I got a fresh copy of MB but when i click to launch it says run-time error '339' component 'vbalsgrid6.ocx' or one of its dependencies not correctly registered:
file is missing or invalid

otl log
OTL logfile created on: 5/6/2011 2:26:41 PM - Run 5
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\HHA\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 77.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.14 Gb Total Space | 26.88 Gb Free Space | 52.57% Space Free | Partition Type: NTFS

Computer Name: HHA01 | User Name: HHA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/04 10:48:43 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HHA\Desktop\OTL.com
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/01/11 20:54:31 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/09/20 15:13:46 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2007/09/20 15:11:53 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/05 11:22:16 | 000,221,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006/11/05 10:55:48 | 000,010,752 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2006/09/22 11:06:26 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/01/02 16:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2004/11/03 16:03:00 | 000,125,528 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1190319181\EE\AOLHostManager.exe
PRC - [2004/11/03 16:03:00 | 000,110,680 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1190319181\EE\AOLServiceHost.exe
PRC - [2004/10/20 08:40:04 | 000,034,904 | R--- | M] (America Online) -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
PRC - [2004/10/20 08:40:04 | 000,010,328 | R--- | M] (America Online) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2004/10/15 15:54:14 | 000,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PRC - [2004/10/15 15:54:12 | 000,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe


========== Modules (SafeList) ==========

MOD - [2011/05/04 10:48:43 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HHA\Desktop\OTL.com
MOD - [2006/08/25 08:45:56 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2005/07/07 14:26:04 | 000,004,608 | R--- | M] (America Online) -- C:\Program Files\Common Files\AOL\ACS\WLHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/05/19 16:17:14 | 001,475,936 | ---- | M] (Trend Micro Inc.) [Disabled | Stopped] -- C:\Program Files\Trend Micro\Internet Security 14\PcCtlCom.exe -- (PcCtlCom)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/09/20 15:11:53 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/03/19 12:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/11/09 16:04:02 | 000,566,872 | ---- | M] (Trend Micro Inc.) [Disabled | Stopped] -- C:\Program Files\Trend Micro\Internet Security 14\tmproxy.exe -- (tmproxy)
SRV - [2006/11/09 16:03:42 | 000,923,216 | ---- | M] (Trend Micro Inc.) [Disabled | Stopped] -- C:\Program Files\Trend Micro\Internet Security 14\TmPfw.exe -- (TmPfw)
SRV - [2006/09/25 15:26:26 | 000,345,696 | ---- | M] (Trend Micro Inc.) [Disabled | Stopped] -- C:\Program Files\Trend Micro\Internet Security 14\Tmntsrv.exe -- (Tmntsrv)
SRV - [2004/10/20 08:40:04 | 000,010,328 | R--- | M] (America Online) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2004/10/15 15:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto | Running] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2008/11/26 18:42:42 | 000,205,328 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2008/11/26 18:42:40 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2008/11/26 18:39:56 | 001,195,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vsapint.sys -- (vsapint)
DRV - [2007/12/05 15:47:42 | 000,020,640 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms -- (PCD5SRVC{FBEA8B78-1B22F121-05040000})
DRV - [2007/09/20 15:13:49 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2007/04/19 11:09:42 | 000,194,048 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2007/04/19 11:09:42 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2007/04/19 11:09:42 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2007/03/16 10:10:56 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/09 16:04:20 | 000,280,392 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw)
DRV - [2006/11/09 16:04:20 | 000,073,288 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2006/10/11 12:43:56 | 001,777,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/09/22 11:06:26 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/08/18 13:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 13:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 13:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 13:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 13:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 13:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 13:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 13:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/17 13:55:16 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/08/11 10:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 10:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/07/01 22:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/08/12 16:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/07/14 23:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2003/01/10 15:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/11/26 14:54:58 | 000,016,936 | ---- | M] (Smith Micro Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMNDIS5.sys -- (SMNDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070920
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070920

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{70792061-6446-436C-BC17-AE8A4069451A}: C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{70792061-6446-436C-BC17-AE8A4069451A}\ [2009/12/08 17:25:41 | 000,000,000 | ---D | M]

[2009/10/19 17:21:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HHA\Application Data\Mozilla\Extensions
[2009/10/19 17:21:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HHA\Application Data\Mozilla\Extensions\[email protected]

O1 HOSTS File: ([2011/05/06 13:55:35 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Acrobat Speed Launch] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Synchronizer] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AOL Spyware Protection] C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe ()
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (America Online)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1190319181\EE\AOLHostManager.exe (America Online, Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - Startup: C:\Documents and Settings\HHA\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\HHA\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HHA\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/06 13:59:26 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/06 13:49:12 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/05 15:33:02 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/05 15:29:11 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/05 15:29:11 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/05 15:29:11 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/05 15:29:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/05 15:03:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/05 12:32:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/04 17:18:19 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HHA\Desktop\OTL.com
[2011/05/04 16:38:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HHA\Desktop\RK_Quarantine
[2011/05/01 21:52:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/01 19:03:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/05/01 19:00:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HHA\Application Data\Malwarebytes
[2011/05/01 19:00:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\HHA\Desktop\*.tmp files -> C:\Documents and Settings\HHA\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/06 13:55:35 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/06 13:40:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/06 13:38:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/06 13:38:39 | 2011,213,824 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/05 16:27:31 | 000,001,236 | ---- | M] () -- C:\CF-Submit.htm
[2011/05/05 15:56:59 | 000,492,646 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/05 15:56:59 | 000,090,500 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/05 15:33:07 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2011/05/05 15:24:30 | 004,342,022 | R--- | M] () -- C:\Documents and Settings\HHA\Desktop\Gotcha.exe
[2011/05/04 11:02:22 | 000,000,223 | ---- | M] () -- C:\Boot.bak
[2011/05/04 10:48:43 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HHA\Desktop\OTL.com
[2011/05/04 10:44:45 | 000,550,912 | ---- | M] () -- C:\Documents and Settings\HHA\Desktop\winlogon.exe
[2011/05/04 09:39:03 | 000,002,415 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dell Support Center.lnk
[2011/05/01 18:37:01 | 000,000,012 | ---- | M] () -- C:\Documents and Settings\HHA\settings.dat
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\HHA\Desktop\*.tmp files -> C:\Documents and Settings\HHA\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/05 16:27:31 | 000,001,236 | ---- | C] () -- C:\CF-Submit.htm
[2011/05/05 15:33:07 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2011/05/05 15:33:03 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/05/05 15:29:11 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/05 15:29:11 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/05 15:29:11 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/05 15:29:11 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/05 15:29:11 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/05 15:28:27 | 004,342,022 | R--- | C] () -- C:\Documents and Settings\HHA\Desktop\Gotcha.exe
[2011/05/04 16:38:07 | 000,550,912 | ---- | C] () -- C:\Documents and Settings\HHA\Desktop\winlogon.exe
[2011/05/01 18:35:28 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\HHA\settings.dat
[2008/02/06 10:48:42 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\HHA\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/06 10:45:36 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\HHA\Local Settings\Application Data\fusioncache.dat
[2007/09/20 15:30:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/09/20 15:12:53 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/09/20 14:58:25 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2007/09/20 14:58:25 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/09/20 14:50:11 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2007/09/20 14:50:10 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2007/09/20 14:50:09 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007/09/20 14:22:28 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2007/09/20 14:22:26 | 000,136,650 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2007/09/20 14:22:22 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2007/09/20 14:22:20 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2004/08/11 17:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 17:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 17:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 17:06:43 | 000,314,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 17:00:36 | 000,044,544 | ---- | C] () -- C:\WINDOWS\fgrdsy.dll
[2004/08/11 17:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 17:00:28 | 000,492,646 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 17:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 17:00:28 | 000,090,500 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 17:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 17:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 17:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 17:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 17:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 17:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 17:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 17:00:04 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

< End of report >
  • 0

#25
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK we need to fully uninstall MBAM then install a fresh copy. What problems do you have at the moment ?

To uninstall MBAM then download an install Revo uninstaller free
Run Revo and use that to uninstal MBAM ensure that all is removed

Then re-install MBAM
  • 0

Advertisements


#26
el_jack

el_jack

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts
Ok here is the mb log


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6516

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

5/6/2011 3:34:47 PM
mbam-log-2011-05-06 (15-34-47).txt

Scan type: Full scan (C:\|)
Objects scanned: 223771
Time elapsed: 34 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 4
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 77

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mBt (Backdoor.Bot) -> Value: mBt -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udfa (Backdoor.Bot) -> Value: udfa -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mfa (Backdoor.Bot) -> Value: mfa -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CB06DD94-72C7-4901-A89D-DDE55C5C7F21}\NameServer (Trojan.DNSChanger) -> Bad: (83.149.115.157,4.2.2.1) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DE51BFCB-C3B7-42F4-9531-F5A2408AF616}\NameServer (Trojan.DNSChanger) -> Bad: (83.149.115.157,4.2.2.1) Good: () -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\HHA\Desktop\rk_quarantine\ds00k.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\HHA\Desktop\rk_quarantine\laninejo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\documents and settings\HHA\Desktop\rk_quarantine\notepad.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\HHA\Desktop\rk_quarantine\ntload.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\HHA\Desktop\rk_quarantine\uemjsysguard.exe.vir (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\documents and settings\HHA\Desktop\rk_quarantine\usiqevoyoxaj.dll.vir (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\documents and settings\HHA\Desktop\rk_quarantine\win32.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\documents and settings\HHA\ntload.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\documents and settings\HHA\local settings\application data\chgmna\uemjsysguard.exe.vir (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\documents and settings\HHA\start menu\Programs\Startup\scandisk.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\adc32.dll.vir (Rogue.ASCAntiSpyware) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\mywebsearch\bar\1.bin\f3cjpeg.dll.vir (PUP.FunWebProducts) -> Not selected for removal.
c:\Qoobox\quarantine\C\program files\mywebsearch\bar\1.bin\f3dtactl.dll.vir (PUP.FunWebProducts) -> Not selected for removal.
c:\Qoobox\quarantine\C\program files\mywebsearch\bar\1.bin\f3histsw.dll.vir (PUP.FunWebProducts) -> Not selected for removal.
c:\Qoobox\quarantine\C\program files\mywebsearch\bar\1.bin\f3hkstub.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\mywebsearch\bar\1.bin\f3htmlmu.dll.vir (PUP.FunWebProducts) -> Not selected for removal.
c:\Qoobox\quarantine\C\program files\mywebsearch\bar\1.bin\f3httpct.dll.vir (PUP.FunWebProducts) -> Not selected for removal.
c:\Qoobox\quarantine\C\program files\mywebsearch\bar\1.bin\f3popswt.dll.vir (PUP.FunWebProducts) -> Not selected for removal.
c:\Qoobox\quarantine\C\program files\mywebsearch\bar\1.bin\f3pssavr.scr.vir (PUP.FunWebProducts) -> Not selected for removal.
c:\Qoobox\quarantine\C\program files\mywebsearch\bar\1.bin\f3reghk.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\mywebsearch\bar\1.bin\f3reprox.dll.vir (PUP.FunWebProducts) -> Not selected for removal.
c:\Qoobox\quarantine\C\program files\mywebsearch\bar\1.bin\f3restub.dll.vir (PUP.FunWebProducts) -> Not selected for removal.
c:\Qoobox\quarantine\C\program files\mywebsearch\bar\1.bin\f3schmon.exe.vir (PUP.FunWebProducts) -> Not selected for removal.
c:\Qoobox\quarantine\C\program files\mywebsearch\bar\1.bin\f3scrctr.dll.vir (PUP.FunWebProducts) -> Not selected for removal.
c:\Qoobox\quarantine\C\program files\mywebsearch\bar\1.bin\f3wphook.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\mywebsearch\bar\1.bin\m3highin.exe.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\mywebsearch\bar\1.bin\m3html.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\mywebsearch\bar\1.bin\m3idle.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\mywebsearch\bar\1.bin\m3impipe.exe.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\mywebsearch\bar\1.bin\m3medint.exe.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\mywebsearch\bar\1.bin\m3msg.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\mywebsearch\bar\1.bin\m3outlcn.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\mywebsearch\bar\1.bin\m3plugin.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\mywebsearch\bar\1.bin\m3skin.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\mywebsearch\bar\1.bin\m3skplay.exe.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\mywebsearch\bar\1.bin\m3slsrch.exe.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\mywebsearch\bar\1.bin\m3srchmn.exe.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\mywebsearch\bar\1.bin\mwsbar.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\mywebsearch\bar\1.bin\mwsoeplg.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\mywebsearch\bar\1.bin\mwsoestb.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\mywebsearch\bar\1.bin\mwssrcas.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\mywebsearch\bar\1.bin\mwssvc.exe.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\mywebsearch\bar\1.bin\npmywebs.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\usiqevoyoxaj.dll.vir (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\fastnetsrv.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\6to4v32.dll.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\btwsrv.dll.vir (Trojan.Koblu) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\f3pssavr.scr.vir (PUP.FunWebProducts) -> Not selected for removal.
c:\Qoobox\quarantine\C\WINDOWS\system32\jayamuja.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\juresuwe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\kuhunuze.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\laninejo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\lsm32.sys.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\msilojzb.dll.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\opeia.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\raripizu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\sawuzowu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\winsts.sys.vir (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\wotologa.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\wowuputi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\zavipava.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\config\systemprofile\ntload.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\drivers\smss.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP1\A0000098.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP1\A0000107.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP1\A0000108.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP1\A0000109.dll (Trojan.Vundo.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP1\A0000110.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP1\A0000111.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP1\A0000112.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP1\A0000113.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP1\A0000114.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP1\A0000115.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\fgrdsy.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\spool\prtprocs\w32x86\18.tmp (Malware.Packer) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\config\systemprofile\start menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\HHA\Desktop\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
  • 0

#27
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The majority of that was in quarantine allready

What problems are you experiencing now ?
  • 0

#28
el_jack

el_jack

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts
It is taking a long time for Icons to show up on the desktop and the network connection icons are not there in the network folder. network connection service is not running. I don't know how to correct these issues.
  • 0

#29
el_jack

el_jack

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts
also the windows classic theme is set and xp is not listed. I wan't to have xp theme. It is not in the display settings
  • 0

#30
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK could you update now to service pack 3

On completion could you let me know what problems remain
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP