Jump to content

Recommended Posts

(Ver_10-10-10.03) - NTFSx86

Run by Administrator at 10:03:01.18 on Mon 10/18/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.447.175 [GMT 2:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RunDll32.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\ctfmon.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\AVG\AVG9\avgfws9.exe

C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\AVG\AVG9\avgam.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe

F:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRxdm185YYAL&fl=0&ptb=IwWWViNPnKJs4t.PT4vcQw&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll

BHO: IEConnect Class: {274f5e23-9386-4f84-a02f-b7808084ac30} - c:\program files\intein fjalor 2005\system\Word Addin.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll

BHO: : {fffffef0-5b30-21d4-945d-000000000000} - d:\stardo~1\SDIEInt.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

TB: {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - No File

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [updateMgr] c:\program files\adobe\acrobat 6.0\acrobat\AdobeUpdateManager.exe Acrobat6 -reboot 1

mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

IE: Download with Star Downloader - d:\star downloader\sdie.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: eng-alb - c:\program files\lingvosoft\lingvosoft talking dictionary 2007 (english-albanian) for windows\plugins\IE.htm

IE: {493C781B-249B-A04D-B647-F6C775884189} - c:\program files\lingvosoft\lingvosoft talking dictionary 2007 (english-albanian) for windows\plugins\IE.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/binary/MJSS.cab69309.cab

DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab

DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - hxxp://messenger.zone.msn.com/binary/Bankshot.cab57213.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} - hxxp://messenger.zone.msn.com/binary/Chess.cab57176.cab

DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Notify: avgrsstarter - avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

mASetup: {FC88681F-4735-4f2f-9514-C21BAC737CF8} - rundll32.exe advpack.dll,LaunchINFSection OPMWXPUP.inf,MUWeb.Install

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2010-2-1 25168]

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-2-1 52872]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-2-1 216400]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-2-1 29584]

R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-2-1 243024]

R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-10-16 308136]

R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-10-16 2331544]

R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-10-16 5897808]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-2-1 30104]

R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2010-2-1 122448]

R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2010-2-1 30288]

R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2010-2-1 26192]

S2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe --> c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe [?]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-2-1 30104]

=============== Created Last 30 ================

2010-10-18 07:51:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-18 07:51:34 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-18 07:51:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-10-18 07:09:26 -------- d-----w- c:\windows\system32\XPSViewer

2010-10-18 07:08:25 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

2010-10-18 07:06:58 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2010-10-18 07:06:58 117760 ------w- c:\windows\system32\prntvpt.dll

2010-10-18 07:06:57 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2010-10-18 07:06:57 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

2010-10-18 07:06:56 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2010-10-18 07:06:56 575488 ------w- c:\windows\system32\xpsshhdr.dll

2010-10-18 07:06:55 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2010-10-18 07:06:55 1676288 ------w- c:\windows\system32\xpssvcs.dll

2010-10-16 12:12:23 12536 ----a-w- c:\windows\system32\avgrsstx.dll

==================== Find3M ====================

2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2010-08-13 12:53:02 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2004-01-15 14:53:52 127596 ----a-w- c:\program files\common files\PFC027.SYS

2007-03-09 08:12:32 27648 --sha-w- c:\windows\system32\AVSredirect.dll

============= FINISH: 10:04:21.26 ===============

Attach.zip

ark.zip

Link to post
Share on other sites

Hello ,

And :) My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Please download OTL from one of the following mirrors:

    [*]Save it to your desktop.

    [*]Double click on the otlDesktopIcon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Push the Quick Scan button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop

  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop

Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

Link to post
Share on other sites

Hi you have all what you requested copied and pasted in here. Please can you notifie me thru my email so i know when you replied and i can reply too. Thank you tell me if you need anything else

OTL logfile created on: 10/25/2010 1:34:04 PM - Run 1

OTL by OldTimer - Version 3.2.17.1 Folder = G:\

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.00 Mb Total Physical Memory | 85.00 Mb Available Physical Memory | 19.00% Memory free

1.00 Gb Paging File | 1.00 Gb Available in Paging File | 65.00% Paging File free

Paging file location(s): c:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 19.53 Gb Total Space | 6.26 Gb Free Space | 32.08% Space Free | Partition Type: NTFS

Drive D: | 55.02 Gb Total Space | 46.59 Gb Free Space | 84.67% Space Free | Partition Type: NTFS

Drive G: | 1.87 Gb Total Space | 0.20 Gb Free Space | 10.59% Space Free | Partition Type: FAT

Computer Name: DD | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/25 13:32:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- G:\OTL.exe

PRC - [2010/10/16 14:12:34 | 002,067,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe

PRC - [2010/10/16 14:12:24 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe

PRC - [2010/10/16 14:12:22 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe

PRC - [2010/10/16 14:12:12 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe

PRC - [2010/10/16 14:12:05 | 000,755,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgscanx.exe

PRC - [2010/10/16 14:11:08 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe

PRC - [2010/10/16 14:11:08 | 000,596,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe

PRC - [2010/10/16 14:09:46 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe

PRC - [2010/10/16 14:08:57 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe

PRC - [2010/10/16 14:08:51 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe

PRC - [2010/10/16 14:08:18 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe

PRC - [2010/10/16 13:03:47 | 001,054,880 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgupd.exe

PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2008/07/03 13:38:24 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2003/10/24 06:37:56 | 000,217,194 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

========== Modules (SafeList) ==========

MOD - [2010/10/25 13:32:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- G:\OTL.exe

MOD - [2010/08/23 18:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe -- (MyWebSearchService)

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)

SRV - [2010/10/16 14:12:12 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)

SRV - [2010/10/16 14:11:08 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)

SRV - [2010/10/16 14:09:46 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)

SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2008/03/11 14:39:31 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\wudfrd.sys -- (WudfRd)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\WudfPf.sys -- (WudfPf)

DRV - [2010/10/16 14:12:29 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)

DRV - [2010/10/16 14:12:22 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)

DRV - [2010/10/16 14:11:12 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys -- (AVGIDSShimxpx)

DRV - [2010/10/16 14:11:12 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys -- (AVGIDSErHrxpx)

DRV - [2010/10/16 14:11:11 | 000,122,448 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys -- (AVGIDSDriverxpx)

DRV - [2010/10/16 14:11:11 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys -- (AVGIDSFilterxpx)

DRV - [2010/10/16 14:08:58 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)

DRV - [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2010/03/06 12:53:09 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)

DRV - [2010/02/01 16:46:10 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)

DRV - [2010/02/01 16:46:10 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)

DRV - [2008/04/14 14:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)

DRV - [2008/04/14 14:00:00 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)

DRV - [2004/08/04 00:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)

DRV - [2004/01/15 16:53:52 | 000,127,596 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc027.sys -- (SoC PC-Camera Service)

DRV - [2003/10/29 21:36:36 | 000,011,264 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)

DRV - [2003/10/29 20:54:58 | 000,427,776 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)

DRV - [2003/08/29 01:58:40 | 000,004,272 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bvrp_pci.sys -- (bvrp_pci)

DRV - [2003/07/18 03:58:20 | 000,036,992 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)

DRV - [2001/03/14 00:32:56 | 000,048,472 | ---- | M] (Canon Information Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cis1284.sys -- (cis1284)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\S-1-5-21-1085031214-299502267-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = My Web Search

IE - HKU\S-1-5-21-1085031214-299502267-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.mywebsearch.com/jsp/cfg_redir2....r={searchTerms}

IE - HKU\S-1-5-21-1085031214-299502267-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-1085031214-299502267-682003330-500\..\URLSearchHook: *{0BC6E3FA-78EF-4886-842C-5A1258C4455A} - Reg Error: Key error. File not found

IE - HKU\S-1-5-21-1085031214-299502267-682003330-500\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found

IE - HKU\S-1-5-21-1085031214-299502267-682003330-500\..\URLSearchHook: *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found

IE - HKU\S-1-5-21-1085031214-299502267-682003330-500\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()

IE - HKU\S-1-5-21-1085031214-299502267-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "http://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"

[2008/02/01 15:46:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\erhxzfny.default\extensions

[2008/02/01 15:46:32 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\erhxzfny.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

O1 HOSTS File: ([2008/11/28 14:59:14 | 000,267,282 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.032439.com

OTL Extras logfile created on: 10/25/2010 1:34:04 PM - Run 1

OTL by OldTimer - Version 3.2.17.1 Folder = G:\

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.00 Mb Total Physical Memory | 85.00 Mb Available Physical Memory | 19.00% Memory free

1.00 Gb Paging File | 1.00 Gb Available in Paging File | 65.00% Paging File free

Paging file location(s): c:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 19.53 Gb Total Space | 6.26 Gb Free Space | 32.08% Space Free | Partition Type: NTFS

Drive D: | 55.02 Gb Total Space | 46.59 Gb Free Space | 84.67% Space Free | Partition Type: NTFS

Drive G: | 1.87 Gb Total Space | 0.20 Gb Free Space | 10.59% Space Free | Partition Type: FAT

Computer Name: DD | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 1

"UpdatesDisableNotify" = 1

"AntiVirusOverride" = 1

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found

"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\eMule\eMule.exe" = C:\Program Files\eMule\eMule.exe:*:Enabled:eMule Plus -- File not found

"D:\Program Files\iMesh Applications\iMesh\iMesh.exe" = D:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh -- File not found

"C:\Program Files\WebEye\WebEye.exe" = C:\Program Files\WebEye\WebEye.exe:*:Enabled:SocketAPI -- File not found

"C:\WINDOWS\system32\rtcshare.exe" = C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing -- (Microsoft Corporation)

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)

"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found

"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- File not found

"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR

"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware

"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox

"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update

"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService

"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax

"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2

"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini

"{2CC0E02A-02CF-43E8-8EDF-6B7BB6BBE829}" = Form Fill (Windows Live Toolbar)

"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant

"{398E8625-6F3A-4C54-B54C-28F0ABB89774}" = BPD_HPSU

"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support

"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12

"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC

"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery

"{5383D15F-68A1-4F67-A73E-E6F94949BFEE}" = CamMaestro 1.50 AU

"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)

"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help

"{5783F2D7-6001-0409-0002-0060B0CE6BBA}" = AutoCAD 2008 - English

"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp

"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan

"{62B8EDCD-D259-4281-8ECD-42029FBC9958}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)

"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc

"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm

"{6AA2FEF1-50F6-4CF9-942C-2F30759E7BF7}" = Windows Live Outlook Toolbar (Windows Live Toolbar)

"{6DE8138F-FC45-4531-8255-A7F3283B5A30}" = Fjalor i Integruar 5 Gjuhesh 2005

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{7075B251-75E7-47C4-9E54-B7D2FEFD1DCE}" = Microsoft Phishing Filter Add-in

"{73B1C023-4490-4A57-A7E1-F20268ECBE52}" = Windows Live Toolbar

"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0

"{7DED5635-B47C-4B0F-9AD0-8765D15FD94F}" = Tabbed Browsing (Windows Live Toolbar)

"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan

"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{9E7E97D2-3F83-460D-9348-CE40A21E2CA6}" = Windows Live Toolbar MSN Extension (Windows Live Toolbar)

"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0.1 Professional

"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2

"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8

"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0

"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update

"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply

"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5

"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2

"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C619B312-19F3-460A-9F7B-443248379F18}" = Opera 9.25

"{CABAEEF9-DB89-9ACB-97E0-44D156FAC6AD}" = Diner Dash

"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album

"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg

"{CD0773D5-C18E-495c-B39B-21A96415EDD5}" = HP Officejet J4500 Series

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr

"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch

"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component

"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01

"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0

"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2

"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer

"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500

"Adobe AIR" = Adobe AIR

"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader

"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2

"AutoCAD 2008 - English" = AutoCAD 2008 - English

"Autodesk DWF Viewer" = Autodesk DWF Viewer

"AVG9Uninstall" = AVG 9.0

"C-Media Audio" = C-Media 3D Audio

"C-Media Audio Driver" = C-Media WDM Audio Driver

"Diner Dash1.0 (Cracked By CoffeeMan)" = Diner Dash

"HP Document Manager" = HP Document Manager 1.0

"HP Imaging Device Functions" = HP Imaging Device Functions 10.0

"HP Photosmart Essential" = HP Photosmart Essential 2.5

"HP Smart Web Printing" = HP Smart Web Printing

"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0

"HPExtendedCapabilities" = HP Customer Participation Program 10.0

"HPOCR" = OCR Software by I.R.I.S. 10.0

"ie8" = Windows Internet Explorer 8

"iMesh" = iMesh

"InstallShield_{5383D15F-68A1-4F67-A73E-E6F94949BFEE}" = CamMaestro 1.50 AU

"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 1.69

"LingvoSoft Talking Dictionary 2007 English<->Albanian for Windows" = LingvoSoft Talking Dictionary 2007 English<->Albanian for Windows

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft Silverlight" = Microsoft Silverlight

"MSNINST" = MSN

"MultiPASS" = Canon FAX-L280

"Replay_Converter_1" = Replay Converter 2.8

"Shop for HP Supplies" = Shop for HP Supplies

"SiS 661FX_760_741_M661FX_M760_M741" = SiS 661FX_760_741_M661FX_M760_M741

"Windows Media Format Runtime" = Windows Media Format Runtime

"Windows Media Player" = Windows Media Player 10

"Windows Rights Management Client" = Windows Rights Management Client with Service Pack 2

"Windows Rights Management Client Backwards" = Windows Rights Management Client Backwards Compatibility SP2

"WinRAR archiver" = WinRAR archiver

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Yahoo! Messenger" = Yahoo! Messenger

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 10/18/2010 3:05:42 AM | Computer Name = DD | Source = ESENT | ID = 490

Description = svchost (1580) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"

for read / write access failed with system error 32 (0x00000020): "The process

cannot access the file because it is being used by another process. ". The open

file operation will fail with error -1032 (0xfffffbf8).

Error - 10/18/2010 3:05:42 AM | Computer Name = DD | Source = ESENT | ID = 439

Description = Catalog Database (1580) Unable to write a shadowed header for file

C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb. Error

-1032.

Error - 10/18/2010 3:05:42 AM | Computer Name = DD | Source = ESENT | ID = 473

Description = Catalog Database (1580) Database C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb

was partially detached. Error -1032 encountered updating database headers.

Error - 10/18/2010 3:07:07 AM | Computer Name = DD | Source = ESENT | ID = 494

Description = Catalog Database (1580) Database recovery failed with error -1216

because it encountered references to a database, 'C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb',

which is no longer present. The database was not brought to a consistent state

before it was removed (or possibly moved or renamed). The database engine will not

permit recovery to complete for this instance until the missing database is re-instated.

If the database is truly no longer available and no longer required, please contact

PSS for further instructions regarding the steps required in order to allow recovery

to proceed without this database.

Error - 10/18/2010 3:07:07 AM | Computer Name = DD | Source = ESENT | ID = 454

Description = Catalog Database (1580) Database recovery/restore failed with unexpected

error -1216.

Error - 10/18/2010 7:08:20 AM | Computer Name = DD | Source = ESENT | ID = 490

Description = svchost (1132) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"

for read / write access failed with system error 32 (0x00000020): "The process

cannot access the file because it is being used by another process. ". The open

file operation will fail with error -1032 (0xfffffbf8).

Error - 10/18/2010 7:08:23 AM | Computer Name = DD | Source = ESENT | ID = 490

Description = svchost (1132) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"

for read / write access failed with system error 32 (0x00000020): "The process

cannot access the file because it is being used by another process. ". The open

file operation will fail with error -1032 (0xfffffbf8).

Error - 10/18/2010 7:08:23 AM | Computer Name = DD | Source = ESENT | ID = 470

Description = Catalog Database (1132) Database C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb

is partially attached. Attachment stage: 3. Error: -1032.

Error - 10/18/2010 10:53:37 AM | Computer Name = DD | Source = ESENT | ID = 494

Description = Catalog Database (1132) Database recovery failed with error -1216

because it encountered references to a database, 'C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb',

which is no longer present. The database was not brought to a consistent state

before it was removed (or possibly moved or renamed). The database engine will not

permit recovery to complete for this instance until the missing database is re-instated.

If the database is truly no longer available and no longer required, please contact

PSS for further instructions regarding the steps required in order to allow recovery

to proceed without this database.

Error - 10/18/2010 10:53:37 AM | Computer Name = DD | Source = ESENT | ID = 454

Description = Catalog Database (1132) Database recovery/restore failed with unexpected

error -1216.

[ System Events ]

Error - 10/21/2010 2:14:29 AM | Computer Name = DD | Source = Service Control Manager | ID = 7022

Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 10/21/2010 2:19:19 AM | Computer Name = DD | Source = Windows Update Agent | ID = 16

Description = Unable to Connect: Windows is unable to connect to the automatic updates

service and therefore cannot download and install updates according to the set

schedule. Windows will continue to try to establish a connection.

Error - 10/22/2010 2:16:46 AM | Computer Name = DD | Source = Service Control Manager | ID = 7000

Description = The My Web Search Service service failed to start due to the following

error: %%3

Error - 10/22/2010 2:18:09 AM | Computer Name = DD | Source = Service Control Manager | ID = 7022

Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 10/23/2010 5:48:50 AM | Computer Name = DD | Source = Service Control Manager | ID = 7000

Description = The My Web Search Service service failed to start due to the following

error: %%3

Error - 10/23/2010 5:50:17 AM | Computer Name = DD | Source = Service Control Manager | ID = 7022

Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 10/23/2010 5:50:49 AM | Computer Name = DD | Source = Windows Update Agent | ID = 16

Description = Unable to Connect: Windows is unable to connect to the automatic updates

service and therefore cannot download and install updates according to the set

schedule. Windows will continue to try to establish a connection.

Error - 10/25/2010 2:21:12 AM | Computer Name = DD | Source = Service Control Manager | ID = 7000

Description = The My Web Search Service service failed to start due to the following

error: %%3

Error - 10/25/2010 2:22:35 AM | Computer Name = DD | Source = Service Control Manager | ID = 7022

Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 10/25/2010 5:50:37 AM | Computer Name = DD | Source = Windows Update Agent | ID = 16

Description = Unable to Connect: Windows is unable to connect to the automatic updates

service and therefore cannot download and install updates according to the set

schedule. Windows will continue to try to establish a connection.

< End of report >

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows XP

Version 5.1.2600 (Service Pack 3)

Number of processors #1

==============================================

>Drivers

==============================================

0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2190080 bytes (Microsoft Corporation, NT Kernel & System)

0x804D7000 PnpManager 2190080 bytes

0x804D7000 RAW 2190080 bytes

0x804D7000 WMIxWDM 2190080 bytes

0xBF800000 Win32k 1863680 bytes

0xBF800000 C:\WINDOWS\System32\win32k.sys 1863680 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0xBF012000 C:\WINDOWS\System32\SiSGRV.dll 1122304 bytes (Silicon Integrated Systems Corporation, SiS Compatible Super VGA Driver)

0xF6AE4000 C:\WINDOWS\system32\drivers\cmuda.sys 757760 bytes (C-Media Inc, C-Media Audio WDM Driver)

0xF7379000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)

0xB52BD000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0xF6BD4000 C:\WINDOWS\system32\DRIVERS\sisgrp.sys 430080 bytes (Silicon Integrated Systems Corporation, SiS Compatible Super VGA Driver)

0xF6965000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)

0xB563C000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)

0xB4622000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)

0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)

0xB42E9000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)

0xB5602000 C:\WINDOWS\System32\Drivers\avgtdix.sys 237568 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)

0xB51E9000 C:\WINDOWS\System32\Drivers\avgldx86.sys 212992 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)

0xF6A30000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)

0xF74AB000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)

0xF734C000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)

0xB4B45000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 180224 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)

0xB3EAF000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)

0xB532D000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0xB4DF1000 C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys 163840 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)

0xB537A000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)

0xF7455000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)

0xB53DB000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)

0xB3EDA000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)

0xF6AC0000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0xF6A9C000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0xF6B9D000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)

0xB5358000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0x806EE000 ACPI_HAL 131968 bytes

0x806EE000 C:\WINDOWS\system32\hal.dll 131968 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0xF741D000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0xF747B000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)

0xF7332000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0xF743D000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)

0xB51D1000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes

0xF7406000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0xF6A71000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0xB4AB8000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)

0xF6A88000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)

0xF6BC0000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)

0xB5695000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)

0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)

0xF749A000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)

0xF6A60000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)

0xF773A000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)

0xF6CBD000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0xF770A000 C:\WINDOWS\system32\DRIVERS\rspndr.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)

0xF6C8D000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)

0xF6C9D000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0xF6CAD000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)

0xB4CD1000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)

0xF764A000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)

0xF753A000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)

0xF6CCD000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)

0xF6C7D000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0xF751A000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)

0xF756A000 avgrkx86.sys 49152 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)

0xF6C5D000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0xF76AA000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)

0xF750A000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)

0xF6C6D000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0xF754A000 uagp35.sys 45056 bytes (Microsoft Corporation, MS AGPv3.5 Filter)

0xF75FA000 C:\WINDOWS\system32\DRIVERS\amdk7.sys 40960 bytes (Microsoft Corporation, Processor Device Driver)

0xB528D000 C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys 40960 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)

0xF772A000 C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys 40960 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)

0xF74FA000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)

0xF762A000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)

0xF755A000 SISAGPX.sys 40960 bytes (Silicon Integrated Systems Corporation, SiS AGPv3.5 Filter)

0xF6C3D000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)

0xF757A000 AVGIDSxx.sys 36864 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)

0xF752A000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)

0xF767A000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)

0xF6C4D000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)

0xF768A000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)

0xB4E69000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0xF766A000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0xF789A000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)

0xF783A000 C:\WINDOWS\system32\DRIVERS\sisnic.sys 32768 bytes (SiS Corporation, SiS PCI Fast Ethernet Adapter Driver)

0xF7832000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0xF784A000 C:\WINDOWS\system32\DRIVERS\avgfwdx.sys 28672 bytes (AVG Technologies CZ, s.r.o., AVG Firewall intermediate miniport driver)

0xF77E2000 C:\WINDOWS\system32\drivers\cis1284.sys 28672 bytes (Canon Information Systems, Kernel mode P1284 Driver for MultiPASS)

0xF7842000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)

0xF78A2000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)

0xF777A000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0xF77CA000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)

0xF78BA000 C:\WINDOWS\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)

0xF7822000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)

0xF786A000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)

0xF788A000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0xF7892000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)

0xF7782000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)

0xF785A000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)

0xF7862000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)

0xF7852000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)

0xF782A000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)

0xF779A000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)

0xB50E1000 C:\WINDOWS\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)

0xF79E2000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)

0xB5091000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)

0xF79BE000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)

0xF790A000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)

0xB56C8000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)

0xF79C2000 C:\WINDOWS\system32\DRIVERS\gameenum.sys 12288 bytes (Microsoft Corporation, Game Port Enumerator)

0xF7996000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)

0xF79A2000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)

0xF79C6000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0xF72EA000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0xF79AA000 C:\WINDOWS\system32\DRIVERS\srvkp.sys 12288 bytes (Silicon Integrated Systems Corporation, SiS VGA Driver Manager)

0xF7A3A000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)

0xF79FE000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)

0xF7A84000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes

0xF7A38000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)

0xF79FA000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0xF7A3C000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)

0xF7A8A000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)

0xF7A3E000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)

0xF7A2E000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0xF7A36000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

0xF79FC000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0xF7B81000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)

0xF7C09000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)

0xF7C05000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)

0xF7AC2000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)

==============================================

>Stealth

==============================================

WARNING: Virus alike driver modification [intelC51.sys]

WARNING: Virus alike driver modification [mohfilt.sys]

WARNING: Virus alike driver modification [ASUSHWIO.SYS]

WARNING: Virus alike driver modification [intelC53.sys]

WARNING: Virus alike driver modification [intelC52.sys]

Link to post
Share on other sites

Hello there, in order to keep track of your replies, click the Options button in the right top corner of this topic and select "subscribe". In My Controls, under Subscriptions, select Immediate email notifications.

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

Hi, is this what you requested?? If so i have a quarantine full of viruses checeked by combofix. What shoul i do? Thanks a lot you are great.

ComboFix 10-10-25.02 - Administrator 10/26/2010 12:34:17.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.447.102 [GMT 2:00]

Running from: F:\ComboFix.exe

AV: AVG Internet Security *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\autorun.inf

c:\windows\Downloaded Program Files\popcaploader.inf

c:\windows\system32\test.ttt

c:\windows\system32\uniq.tll

c:\windows\system32\win32hlp.cnf

D:\autorun.inf

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_MYWEBSEARCHSERVICE

-------\Service_MyWebSearchService

((((((((((((((((((((((((( Files Created from 2010-09-26 to 2010-10-26 )))))))))))))))))))))))))))))))

.

2010-10-18 07:51 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-18 07:51 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-18 07:51 . 2010-10-18 07:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-10-18 07:09 . 2010-10-18 07:09 -------- d-----w- c:\windows\system32\XPSViewer

2010-10-18 07:09 . 2010-10-18 07:09 -------- d-----w- c:\program files\MSBuild

2010-10-18 07:08 . 2010-10-18 07:08 -------- d-----w- c:\program files\Reference Assemblies

2010-10-18 07:08 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

2010-10-18 07:06 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2010-10-18 07:06 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2010-10-18 07:06 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2010-10-18 07:06 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe

2010-10-18 07:06 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2010-10-18 07:06 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2010-10-18 07:06 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2010-10-18 07:06 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2010-10-16 14:27 . 2010-09-10 05:58 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-10-16 12:12 . 2010-10-16 12:12 12536 ----a-w- c:\windows\system32\avgrsstx.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-16 12:12 . 2010-02-01 14:47 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-10-16 12:12 . 2010-02-01 14:47 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-10-16 12:11 . 2010-02-01 14:47 25168 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys

2010-10-16 12:08 . 2010-02-01 14:47 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-09-18 10:23 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53 . 2008-04-14 12:00 974848 ------w- c:\windows\system32\mfc42.dll

2010-09-18 06:53 . 2008-04-14 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-18 06:53 . 2001-08-23 13:00 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-10 05:58 . 2008-06-23 16:01 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-10 05:58 . 2008-06-23 16:01 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-09-10 05:58 . 2007-08-13 16:44 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-01 11:48 . 2008-05-27 17:29 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-08-31 13:38 . 2008-05-30 11:42 1861888 ----a-w- c:\windows\system32\win32k.sys

2010-08-27 08:02 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2010-08-27 05:57 . 2008-04-14 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-26 13:39 . 2008-04-14 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys

2010-08-26 12:52 . 2009-05-16 09:25 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-08-23 16:12 . 2008-04-14 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll

2010-08-17 13:17 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-16 08:45 . 2008-04-14 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2004-01-15 14:53 . 2008-10-14 07:47 127596 ----a-w- c:\program files\Common Files\PFC027.SYS

2007-03-09 08:12 27648 --sha-w- c:\windows\system32\AVSredirect.dll

.

------- Sigcheck -------

[-] 2008-04-03 . 7E39A3EDC13B076E70FDB9A6F6D7A4B4 . 78336 . . [5.1.2600.5574] . . c:\windows\system32\browser.dll

[-] 2008-04-03 . 7E39A3EDC13B076E70FDB9A6F6D7A4B4 . 78336 . . [5.1.2600.5574] . . c:\windows\system32\dllcache\browser.dll

[-] 2008-04-17 . 06CF9EEDB7E827205C6948C9DAF56974 . 407040 . . [5.1.2600.5582] . . c:\windows\system32\netlogon.dll

[-] 2008-04-17 . 06CF9EEDB7E827205C6948C9DAF56974 . 407040 . . [5.1.2600.5582] . . c:\windows\system32\dllcache\netlogon.dll

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ssdpsrv.dll

[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll

[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\appmgmts.dll

[-] 2004-09-22 17:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll

[-] 2004-09-22 17:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll

[-] 2004-09-22 17:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\system32\MsPMSNSv.dll

[-] 2004-09-22 17:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\system32\dllcache\mspmsnsv.dll

[-] 2004-08-04 12:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\upnphost.dll

[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-11-25 12:02 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"updateMgr"="c:\program files\Adobe\Acrobat 6.0\Acrobat\AdobeUpdateManager.exe" [2003-05-14 303616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-10-16 2067808]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 217194]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-10-16 12:12 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\rtcshare.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2/1/2010 4:47 PM 25168]

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2/1/2010 4:47 PM 52872]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/1/2010 4:47 PM 216400]

R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/1/2010 4:47 PM 243024]

R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [10/16/2010 2:12 PM 308136]

R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [10/16/2010 2:09 PM 2331544]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/18/2010 9:51 AM 304464]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2/1/2010 4:46 PM 30104]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/18/2010 9:51 AM 20952]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2/1/2010 4:46 PM 30104]

S3 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [10/16/2010 2:11 PM 5897808]

S3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [2/1/2010 4:46 PM 122448]

S3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [2/1/2010 4:46 PM 30288]

S3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [2/1/2010 4:46 PM 26192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FC88681F-4735-4f2f-9514-C21BAC737CF8}]

2009-03-08 02:32 128512 ----a-w- c:\windows\system32\advpack.dll

.

Contents of the 'Scheduled Tasks' folder

2010-09-10 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRxdm185YYAL&fl=0&ptb=IwWWViNPnKJs4t.PT4vcQw&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}

IE: Download with Star Downloader - d:\star downloader\sdie.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: eng-alb - c:\program files\LingvoSoft\LingvoSoft Talking Dictionary 2007 (English-Albanian) for Windows\Plugins\IE.htm

IE: {{493C781B-249B-A04D-B647-F6C775884189} - c:\program files\LingvoSoft\LingvoSoft Talking Dictionary 2007 (English-Albanian) for Windows\Plugins\IE.htm

DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

.

- - - - ORPHANS REMOVED - - - -

URLSearchHooks-*{0BC6E3FA-78EF-4886-842C-5A1258C4455A} - (no file)

WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)

HKLM-Run-Cmaudio - cmicnfg.cpl

AddRemove-AutoCAD 2008 - English - d:\setup\Setup.exe

AddRemove-iMesh - d:\program files\iMesh Applications\iMesh\UninstallSurvey.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-10-26 12:45

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1085031214-299502267-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c4,a2,59,f1,d2,63,fc,45,b1,fa,ca,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b1,53,aa,c0,a9,5f,5b,4a,8e,8b,93,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3688)

c:\windows\system32\WININET.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\IEFRAME.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\msi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVG\AVG9\avgchsvx.exe

c:\program files\AVG\AVG9\avgrsx.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\AVG\AVG9\avgam.exe

c:\program files\AVG\AVG9\avgnsx.exe

c:\program files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe

c:\program files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe

.

**************************************************************************

.

Completion time: 2010-10-26 12:49:46 - machine was rebooted

ComboFix-quarantined-files.txt 2010-10-26 10:49

Pre-Run: 6,603,419,648 bytes free

Post-Run: 7,172,014,080 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - A703176B5C5227A972261B9FC2EBF2C9

Link to post
Share on other sites

Hello again, don't worry, we will uninstall combofix when done here, which will take care also of the quarantined items. :)

Please click Start > Run, type sfc /scannow and press enter. Let the system file checker run unhindered. Note - you may be prompted for your XP CD.

When done, rerun Combofix and post me the new log.

Link to post
Share on other sites

I did egzactly as you asked me here is the new log. thank you

ComboFix 10-10-25.02 - Administrator 10/27/2010 10:26:48.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.447.182 [GMT 2:00]

Running from: F:\ComboFix.exe

AV: AVG Internet Security *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}

.

((((((((((((((((((((((((( Files Created from 2010-09-27 to 2010-10-27 )))))))))))))))))))))))))))))))

.

2010-10-27 08:10 . 2008-04-13 22:09 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys

2010-10-27 08:10 . 2008-04-13 22:09 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2010-10-27 08:09 . 2010-10-27 08:10 -------- d-----w- c:\windows\LastGood

2010-10-18 07:51 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-18 07:51 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-18 07:51 . 2010-10-18 07:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-10-18 07:09 . 2010-10-18 07:09 -------- d-----w- c:\windows\system32\XPSViewer

2010-10-18 07:09 . 2010-10-18 07:09 -------- d-----w- c:\program files\MSBuild

2010-10-18 07:08 . 2010-10-18 07:08 -------- d-----w- c:\program files\Reference Assemblies

2010-10-18 07:08 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

2010-10-18 07:06 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2010-10-18 07:06 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2010-10-18 07:06 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2010-10-18 07:06 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe

2010-10-18 07:06 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2010-10-18 07:06 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2010-10-18 07:06 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2010-10-18 07:06 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2010-10-16 14:27 . 2010-09-10 05:58 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-10-16 12:12 . 2010-10-16 12:12 12536 ----a-w- c:\windows\system32\avgrsstx.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-16 12:12 . 2010-02-01 14:47 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-10-16 12:12 . 2010-02-01 14:47 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-10-16 12:11 . 2010-02-01 14:47 25168 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys

2010-10-16 12:08 . 2010-02-01 14:47 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-09-18 10:23 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53 . 2008-04-14 12:00 974848 ------w- c:\windows\system32\mfc42.dll

2010-09-18 06:53 . 2008-04-14 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-18 06:53 . 2001-08-23 13:00 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-10 05:58 . 2008-06-23 16:01 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-10 05:58 . 2008-06-23 16:01 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-09-10 05:58 . 2007-08-13 16:44 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-01 11:48 . 2008-05-27 17:29 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-08-31 13:38 . 2008-05-30 11:42 1861888 ----a-w- c:\windows\system32\win32k.sys

2010-08-27 08:02 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2010-08-27 05:57 . 2008-04-14 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-26 13:39 . 2008-04-14 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys

2010-08-26 12:52 . 2009-05-16 09:25 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-08-23 16:12 . 2008-04-14 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll

2010-08-17 13:17 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-16 08:45 . 2008-04-14 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2004-01-15 14:53 . 2008-10-14 07:47 127596 ----a-w- c:\program files\Common Files\PFC027.SYS

2007-03-09 08:12 27648 --sha-w- c:\windows\system32\AVSredirect.dll

.

------- Sigcheck -------

[-] 2008-04-03 . 7E39A3EDC13B076E70FDB9A6F6D7A4B4 . 78336 . . [5.1.2600.5574] . . c:\windows\system32\browser.dll

[-] 2008-04-17 . 06CF9EEDB7E827205C6948C9DAF56974 . 407040 . . [5.1.2600.5582] . . c:\windows\system32\netlogon.dll

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll

[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll

[-] 2004-09-22 17:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll

[-] 2004-09-22 17:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll

[-] 2004-09-22 17:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\system32\MsPMSNSv.dll

[-] 2004-08-04 12:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll

[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-11-25 12:02 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"updateMgr"="c:\program files\Adobe\Acrobat 6.0\Acrobat\AdobeUpdateManager.exe" [2003-05-14 303616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-10-16 2067808]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 217194]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-10-16 12:12 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\rtcshare.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2/1/2010 4:47 PM 25168]

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2/1/2010 4:47 PM 52872]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/1/2010 4:47 PM 216400]

R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/1/2010 4:47 PM 243024]

R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [10/16/2010 2:12 PM 308136]

R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [10/16/2010 2:09 PM 2331544]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/18/2010 9:51 AM 304464]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2/1/2010 4:46 PM 30104]

R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [2/1/2010 4:46 PM 122448]

R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [2/1/2010 4:46 PM 30288]

R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [2/1/2010 4:46 PM 26192]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/18/2010 9:51 AM 20952]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2/1/2010 4:46 PM 30104]

S3 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [10/16/2010 2:11 PM 5897808]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FC88681F-4735-4f2f-9514-C21BAC737CF8}]

2009-03-08 02:32 128512 ----a-w- c:\windows\system32\advpack.dll

.

Contents of the 'Scheduled Tasks' folder

2010-09-10 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRxdm185YYAL&fl=0&ptb=IwWWViNPnKJs4t.PT4vcQw&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}

IE: Download with Star Downloader - d:\star downloader\sdie.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: eng-alb - c:\program files\LingvoSoft\LingvoSoft Talking Dictionary 2007 (English-Albanian) for Windows\Plugins\IE.htm

IE: {{493C781B-249B-A04D-B647-F6C775884189} - c:\program files\LingvoSoft\LingvoSoft Talking Dictionary 2007 (English-Albanian) for Windows\Plugins\IE.htm

DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-10-27 10:33

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1085031214-299502267-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c4,a2,59,f1,d2,63,fc,45,b1,fa,ca,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b1,53,aa,c0,a9,5f,5b,4a,8e,8b,93,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2576)

c:\windows\system32\WININET.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\msi.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2010-10-27 10:36:34

ComboFix-quarantined-files.txt 2010-10-27 08:36

ComboFix2.txt 2010-10-26 10:49

Pre-Run: 6,807,056,384 bytes free

Post-Run: 6,796,951,552 bytes free

- - End Of File - - DA456A6F16E61763C593130F425061DC

Link to post
Share on other sites

Strange. Please try the following:

  • Please download Dial-A-Fix from one of the following mirrors:

    [*]Extract the zip file to your desktop.

    [*]Double click Dial-a-Fix.exe to start the program. Note - you might see an error message regarding Internet Explorer. Just ignore this and continue.

    [*]Check Fix HTTPS/SSL/CryptSvc/

    [*]Click on go

    [*]Exit/Close Dial-A-Fix

When done, rerun Combofix (download a new copy) and post me the new log.

Link to post
Share on other sites

Hi this is what you asked me, thanks

ComboFix 10-10-26.02 - Administrator 10/28/2010 10:34:40.3.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.447.129 [GMT 2:00]

Running from: F:\ComboFix.exe

AV: AVG Internet Security *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}

.

((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-28 )))))))))))))))))))))))))))))))

.

2010-10-28 07:24 . 2007-10-20 16:21 278016 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\SET37.tmp

2010-10-28 07:24 . 2007-10-20 16:25 117760 ----a-w- c:\windows\system32\hpzll5mu.dll

2010-10-27 08:10 . 2008-04-13 22:09 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys

2010-10-27 08:10 . 2008-04-13 22:09 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2010-10-18 07:51 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-18 07:51 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-18 07:51 . 2010-10-18 07:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-10-18 07:09 . 2010-10-18 07:09 -------- d-----w- c:\windows\system32\XPSViewer

2010-10-18 07:09 . 2010-10-18 07:09 -------- d-----w- c:\program files\MSBuild

2010-10-18 07:08 . 2010-10-18 07:08 -------- d-----w- c:\program files\Reference Assemblies

2010-10-18 07:08 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

2010-10-18 07:06 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2010-10-18 07:06 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2010-10-18 07:06 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2010-10-18 07:06 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe

2010-10-18 07:06 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2010-10-18 07:06 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2010-10-18 07:06 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2010-10-18 07:06 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2010-10-16 14:27 . 2010-09-10 05:58 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-10-16 12:12 . 2010-10-16 12:12 12536 ----a-w- c:\windows\system32\avgrsstx.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-16 12:12 . 2010-02-01 14:47 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-10-16 12:12 . 2010-02-01 14:47 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-10-16 12:11 . 2010-02-01 14:47 25168 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys

2010-10-16 12:08 . 2010-02-01 14:47 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-09-18 10:23 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53 . 2008-04-14 12:00 974848 ------w- c:\windows\system32\mfc42.dll

2010-09-18 06:53 . 2008-04-14 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-18 06:53 . 2001-08-23 13:00 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-10 05:58 . 2008-06-23 16:01 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-10 05:58 . 2008-06-23 16:01 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-09-10 05:58 . 2007-08-13 16:44 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-01 11:48 . 2008-05-27 17:29 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-08-31 13:38 . 2008-05-30 11:42 1861888 ----a-w- c:\windows\system32\win32k.sys

2010-08-27 08:02 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2010-08-27 05:57 . 2008-04-14 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-26 13:39 . 2008-04-14 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys

2010-08-26 12:52 . 2009-05-16 09:25 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-08-23 16:12 . 2008-04-14 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll

2010-08-17 13:17 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-16 08:45 . 2008-04-14 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2004-01-15 14:53 . 2008-10-14 07:47 127596 ----a-w- c:\program files\Common Files\PFC027.SYS

2007-03-09 08:12 27648 --sha-w- c:\windows\system32\AVSredirect.dll

.

------- Sigcheck -------

[-] 2008-04-03 . 7E39A3EDC13B076E70FDB9A6F6D7A4B4 . 78336 . . [5.1.2600.5574] . . c:\windows\system32\browser.dll

[-] 2008-04-17 . 06CF9EEDB7E827205C6948C9DAF56974 . 407040 . . [5.1.2600.5582] . . c:\windows\system32\netlogon.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-11-25 12:02 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"updateMgr"="c:\program files\Adobe\Acrobat 6.0\Acrobat\AdobeUpdateManager.exe" [2003-05-14 303616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-10-16 2067808]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 217194]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-10-16 12:12 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\rtcshare.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2/1/2010 4:47 PM 25168]

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2/1/2010 4:47 PM 52872]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/1/2010 4:47 PM 216400]

R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/1/2010 4:47 PM 243024]

R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [10/16/2010 2:12 PM 308136]

R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [10/16/2010 2:09 PM 2331544]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/18/2010 9:51 AM 304464]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2/1/2010 4:46 PM 30104]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/18/2010 9:51 AM 20952]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2/1/2010 4:46 PM 30104]

S3 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [10/16/2010 2:11 PM 5897808]

S3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [2/1/2010 4:46 PM 122448]

S3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [2/1/2010 4:46 PM 30288]

S3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [2/1/2010 4:46 PM 26192]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - HIDSERV

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FC88681F-4735-4f2f-9514-C21BAC737CF8}]

2009-03-08 02:32 128512 ----a-w- c:\windows\system32\advpack.dll

.

Contents of the 'Scheduled Tasks' folder

2010-09-10 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRxdm185YYAL&fl=0&ptb=IwWWViNPnKJs4t.PT4vcQw&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}

IE: Download with Star Downloader - d:\star downloader\sdie.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: eng-alb - c:\program files\LingvoSoft\LingvoSoft Talking Dictionary 2007 (English-Albanian) for Windows\Plugins\IE.htm

IE: {{493C781B-249B-A04D-B647-F6C775884189} - c:\program files\LingvoSoft\LingvoSoft Talking Dictionary 2007 (English-Albanian) for Windows\Plugins\IE.htm

DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-10-28 10:45

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\system32\hidserv.dll 21504 bytes executable

scan completed successfully

hidden files: 1

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1085031214-299502267-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c4,a2,59,f1,d2,63,fc,45,b1,fa,ca,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b1,53,aa,c0,a9,5f,5b,4a,8e,8b,93,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3956)

c:\windows\system32\WININET.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\IEFRAME.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\msi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVG\AVG9\avgchsvx.exe

c:\program files\AVG\AVG9\avgrsx.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\AVG\AVG9\avgam.exe

c:\program files\AVG\AVG9\avgnsx.exe

c:\program files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2010-10-28 10:50:53 - machine was rebooted

ComboFix-quarantined-files.txt 2010-10-28 08:50

ComboFix2.txt 2010-10-27 08:36

ComboFix3.txt 2010-10-26 10:49

Pre-Run: 6,817,296,384 bytes free

Post-Run: 6,812,266,496 bytes free

- - End Of File - - 7A83BBB144ABB6CD9871AB08328F1422

Link to post
Share on other sites

Hello again, how are things running at this point?

SHOW HIDDEN FILES AND FOLDERS

-------------------------------------------------

Go to Start > My Computer

Go to Tools > Folder Options

Click on the View tab

Untick the following:

  • Hide extensions for known file types
  • Hide protected operating system files (Recommended)

You will get a message warning you about showing protected operating system files, click Yes

Make sure this option is selected:

  • Show hidden files and folders

Click Apply and then click OK

UPLOAD A FILE

--------------------

We need to check a file. Please click this link VirusTotal

When the page has finished loading, click the Choose file button and navigate to the following file and click Send file.

c:\windows\system32\browser.dll

c:\windows\system32\netlogon.dll

If you get the message that the file has already been scanned before, please click Reanalyse file now.

Please post back the results of the scan in your next post.

Link to post
Share on other sites

I think things are better now i am postin the analizes of both files that you requested also you have been very helpfull thanks a mill.

File name: browser.dll

Submission date: 2010-10-28 13:37:29 (UTC)

Current status: queued queued (#1) analysing finished

Result: 0/ 42 (0.0%)

VT Community

not reviewed

Safety score: -

Compact Print results Antivirus Version Last Update Result

AhnLab-V3 2010.10.28.00 2010.10.27 -

AntiVir 7.10.13.65 2010.10.28 -

Antiy-AVL 2.0.3.7 2010.10.28 -

Authentium 5.2.0.5 2010.10.28 -

Avast 4.8.1351.0 2010.10.27 -

Avast5 5.0.594.0 2010.10.27 -

AVG 9.0.0.851 2010.10.28 -

BitDefender 7.2 2010.10.28 -

CAT-QuickHeal 11.00 2010.10.26 -

ClamAV 0.96.2.0-git 2010.10.28 -

Comodo 6537 2010.10.28 -

DrWeb 5.0.2.03300 2010.10.28 -

eSafe 7.0.17.0 2010.10.26 -

eTrust-Vet 36.1.7940 2010.10.28 -

F-Prot 4.6.2.117 2010.10.28 -

F-Secure 9.0.16160.0 2010.10.28 -

Fortinet 4.2.249.0 2010.10.28 -

GData 21 2010.10.28 -

Ikarus T3.1.1.90.0 2010.10.28 -

Jiangmin 13.0.900 2010.10.28 -

K7AntiVirus 9.66.2847 2010.10.27 -

Kaspersky 7.0.0.125 2010.10.28 -

McAfee 5.400.0.1158 2010.10.28 -

McAfee-GW-Edition 2010.1C 2010.10.28 -

Microsoft 1.6301 2010.10.28 -

NOD32 5571 2010.10.28 -

Norman 6.06.10 2010.10.28 -

nProtect 2010-10-28.01 2010.10.28 -

Panda 10.0.2.7 2010.10.28 -

PCTools 7.0.3.5 2010.10.28 -

Prevx 3.0 2010.10.28 -

Rising 22.71.02.04 2010.10.28 -

Sophos 4.59.0 2010.10.28 -

Sunbelt 7157 2010.10.28 -

SUPERAntiSpyware 4.40.0.1006 2010.10.28 -

Symantec 20101.2.0.161 2010.10.28 -

TheHacker 6.7.0.1.069 2010.10.27 -

TrendMicro 9.120.0.1004 2010.10.28 -

TrendMicro-HouseCall 9.120.0.1004 2010.10.28 -

VBA32 3.12.14.1 2010.10.28 -

ViRobot 2010.10.25.4110 2010.10.28 -

VirusBuster 12.70.9.0 2010.10.28 -

Additional informationShow all

MD5 : 7e39a3edc13b076e70fdb9a6f6d7a4b4

SHA1 : 788dea606e6323980446ccf765fc73151d59bb0c

SHA256: 08edbc3996f7104d4c259adda6672d1c37c547ba4dce590c1ff749d23b8c403b

ssdeep: 1536:NWzaKJwZftvuQzFMVf01ojIO9fqw1e6/7Vux6tsvST+UuPc0G:OaKJwZVWQzFqNIs7Wusv

8+7PV

File size : 78336 bytes

First seen: 2009-06-03 20:50:38

Last seen : 2010-10-28 13:37:29

TrID:

Win32 Executable MS Visual C++ (generic) (65.2%)

Win32 Executable Generic (14.7%)

Win32 Dynamic Link Library (generic) (13.1%)

Generic Win/DOS Executable (3.4%)

DOS Executable Generic (3.4%)

sigcheck:

publisher....: Microsoft Corporation

copyright....: © Microsoft Corporation. All rights reserved.

product......: Microsoft_ Windows_ Operating System

description..: Computer Browser Service DLL

original name: browser.dll

internal name: browser.dll

file version.: 5.1.2600.5574 (xpsp_sp3_qfe.080402-1256)

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

PEInfo: PE structure information

[[ basic data ]]

entrypointaddress: 0x1512

timedatestamp....: 0x47F4B559 (Thu Apr 03 10:45:45 2008)

machinetype......: 0x14c (I386)

[[ 4 section(s) ]]

name, viradd, virsiz, rawdsiz, ntropy, md5

.text, 0x1000, 0x11210, 0x11400, 6.58, 972a649afb214ed5f1a60bb9230ec764

.data, 0x13000, 0x668, 0x600, 2.07, c5aa36ba11aa868861ba556ea82f1582

.rsrc, 0x14000, 0x408, 0x600, 2.52, 2896674f18b2a1d24c58d14cb5b9e71c

.reloc, 0x15000, 0xCAC, 0xE00, 6.44, d9995811fa89e39f28bfe8d39b386b66

[[ 6 import(s) ]]

ADVAPI32.dll: RegisterEventSourceW, CloseServiceHandle, QueryServiceConfigW, OpenServiceW, OpenSCManagerW, RegisterServiceCtrlHandlerW, RegCloseKey, RegQueryInfoKeyW, OpenThreadToken, AccessCheck, RegConnectRegistryW, LsaOpenPolicy, LsaQueryInformationPolicy, LsaFreeMemory, LsaClose, SetServiceStatus, ReportEventW, DeregisterEventSource, RegOpenKeyExW, RegQueryValueExW, QueryServiceStatus, RegNotifyChangeKeyValue, RegOpenKeyExA, RegQueryValueExA

KERNEL32.dll: ExpandEnvironmentStringsW, MultiByteToWideChar, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, DisableThreadLibraryCalls, GetComputerNameExW, WaitForMultipleObjectsEx, DeleteCriticalSection, GetLastError, SetEvent, WaitForSingleObject, lstrcmpW, FreeLibrary, Sleep, GetProcAddress, LoadLibraryW, InitializeCriticalSection, CloseHandle, CreateEventW, SetThreadPriority, GetCurrentThread, LeaveCriticalSection, EnterCriticalSection, WaitForSingleObjectEx, lstrcpyA, LocalFree, LocalAlloc, GetSystemDirectoryW, SetFilePointer, CreateFileW, MoveFileW, DeleteFileW, WriteFile, GetLocalTime, DeviceIoControl, LoadLibraryA, lstrcpynA, lstrcmpA, lstrlenA, CreateSemaphoreW, ReleaseSemaphore

msvcrt.dll: wcschr, wcslen, wcsncpy, wcscpy, _wcsicmp, _except_handler3, _ultoa, wcstoul, qsort, wcsspn, mbstowcs, wcscat, vsprintf, sprintf, _local_unwind2, _wcsnicmp, _abnormal_termination, swprintf, _beginthreadex, memmove, wcscmp

NETAPI32.dll: NetApiBufferFree, NetUseDel, RxNetServerEnum, I_NetNameCanonicalize, NetShareGetInfo, DsGetDcNameW, I_BrowserQueryOtherDomains, Netbios, NetAlertRaiseEx, NetApiBufferAllocate, NetpIsRemote, I_NetServerSetServiceBitsEx

ntdll.dll: RtlReleaseResource, RtlAcquireResourceExclusive, NtClose, NtOpenFile, RtlInitUnicodeString, NtCancelIoFile, NtQueryPerformanceCounter, RtlAppendUnicodeToString, RtlCopyUnicodeString, NtDeviceIoControlFile, RtlCompareMemory, RtlUpcaseUnicodeToOemN, RtlTimeToSecondsSince1980, NtQuerySystemTime, NtQuerySystemInformation, DbgBreakPoint, RtlGetNtProductType, RtlEqualUnicodeString, RtlDeleteResource, RtlInitializeResource, RtlNtStatusToDosError, RtlUpcaseUnicodeStringToOemString, RtlInitializeSid, RtlLengthRequiredSid, RtlSubAuthoritySid, RtlCopySid, RtlSubAuthorityCountSid, RtlDeleteSecurityObject, RtlLengthSid, RtlSetSaclSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlSetGroupSecurityDescriptor, RtlSetOwnerSecurityDescriptor, RtlCreateSecurityDescriptor, RtlAddAce, RtlCreateAcl, RtlNewSecurityObject, NtOpenProcessToken, RtlCompareMemoryUlong, RtlSetEnvironmentVariable, RtlExpandEnvironmentStrings_U, RtlCreateEnvironment, RtlDestroyEnvironment, RtlInitAnsiString, RtlOemStringToUnicodeString, RtlInitString, NtCreateTimer, NtCancelTimer, NtSetTimer, RtlAcquireResourceShared

RPCRT4.dll: RpcRevertToSelf, NdrServerCall2, RpcServerUseProtseqEpW, RpcServerRegisterIfEx, RpcServerUnregisterIf, RpcBindingServerFromClient, RpcBindingToStringBindingW, RpcStringBindingParseW, RpcBindingFree, RpcStringFreeW, RpcImpersonateClient

[[ 3 export(s) ]]

I_BrowserServerEnumForXactsrv, ServiceMain, SvchostPushServiceGlobals

ExifTool:

file metadata

CharacterSet: Unicode

CodeSize: 70656

CompanyName: Microsoft Corporation

EntryPoint: 0x1512

FileDescription: Computer Browser Service DLL

FileFlagsMask: 0x003f

FileOS: Windows NT 32-bit

FileSize: 76 kB

FileSubtype: 0

FileType: Win32 DLL

FileVersion: 5.1.2600.5574 (xpsp_sp3_qfe.080402-1256)

FileVersionNumber: 5.1.2600.5574

ImageVersion: 5.1

InitializedDataSize: 7168

InternalName: browser.dll

LanguageCode: English (U.S.)

LegalCopyright: Microsoft Corporation. All rights reserved.

LinkerVersion: 7.1

MIMEType: application/octet-stream

MachineType: Intel 386 or later, and compatibles

OSVersion: 5.1

ObjectFileType: Dynamic link library

OriginalFilename: browser.dll

PEType: PE32

ProductName: Microsoft Windows Operating System

ProductVersion: 5.1.2600.5574

ProductVersionNumber: 5.1.2600.5574

Subsystem: Windows GUI

SubsystemVersion: 4.0

TimeStamp: 2008:04:03 12:45:45+02:00

UninitializedDataSize: 0

File name: netlogon.dll

Submission date: 2010-10-28 13:42:47 (UTC)

Current status: queued queued analysing finished

Result: 0/ 41 (0.0%)

VT Community

not reviewed

Safety score: -

Compact Print results Antivirus Version Last Update Result

AhnLab-V3 2010.10.28.00 2010.10.27 -

AntiVir 7.10.13.65 2010.10.28 -

Antiy-AVL 2.0.3.7 2010.10.28 -

Authentium 5.2.0.5 2010.10.28 -

Avast 4.8.1351.0 2010.10.27 -

Avast5 5.0.594.0 2010.10.27 -

AVG 9.0.0.851 2010.10.28 -

BitDefender 7.2 2010.10.28 -

CAT-QuickHeal 11.00 2010.10.26 -

ClamAV 0.96.2.0-git 2010.10.28 -

Comodo 6537 2010.10.28 -

DrWeb 5.0.2.03300 2010.10.28 -

eSafe 7.0.17.0 2010.10.26 -

eTrust-Vet 36.1.7940 2010.10.28 -

F-Prot 4.6.2.117 2010.10.28 -

F-Secure 9.0.16160.0 2010.10.28 -

Fortinet 4.2.249.0 2010.10.28 -

GData 21 2010.10.28 -

Ikarus T3.1.1.90.0 2010.10.28 -

Jiangmin 13.0.900 2010.10.28 -

K7AntiVirus 9.66.2847 2010.10.27 -

McAfee 5.400.0.1158 2010.10.28 -

McAfee-GW-Edition 2010.1C 2010.10.28 -

Microsoft 1.6301 2010.10.28 -

NOD32 5571 2010.10.28 -

Norman 6.06.10 2010.10.28 -

nProtect 2010-10-28.01 2010.10.28 -

Panda 10.0.2.7 2010.10.28 -

PCTools 7.0.3.5 2010.10.28 -

Prevx 3.0 2010.10.28 -

Rising 22.71.02.04 2010.10.28 -

Sophos 4.59.0 2010.10.28 -

Sunbelt 7157 2010.10.28 -

SUPERAntiSpyware 4.40.0.1006 2010.10.28 -

Symantec 20101.2.0.161 2010.10.28 -

TheHacker 6.7.0.1.069 2010.10.27 -

TrendMicro 9.120.0.1004 2010.10.28 -

TrendMicro-HouseCall 9.120.0.1004 2010.10.28 -

VBA32 3.12.14.1 2010.10.28 -

ViRobot 2010.10.25.4110 2010.10.28 -

VirusBuster 12.70.9.0 2010.10.28 -

Additional informationShow all

MD5 : 06cf9eedb7e827205c6948c9daf56974

SHA1 : 3604a43ced9cb6a18433bc5e64cb20d67ec389d0

SHA256: 16967f4914f34a69ce461282d3b4de31d031d99bf054c5ba47ea585aded7f3e0

ssdeep: 12288:QU82Tr9zhqvJAOH/nL4gJOSI5v6owL7T:b82X9zKJAOX9I1wr

File size : 407040 bytes

First seen: 2009-07-03 11:26:26

Last seen : 2010-10-28 13:42:47

TrID:

Win32 Executable MS Visual C++ (generic) (53.1%)

Windows Screen Saver (18.4%)

Win32 Executable Generic (12.0%)

Win32 Dynamic Link Library (generic) (10.6%)

Generic Win/DOS Executable (2.8%)

sigcheck:

publisher....: Microsoft Corporation

copyright....: © Microsoft Corporation. All rights reserved.

product......: Microsoft_ Windows_ Operating System

description..: Net Logon Services DLL

original name: NetLogon.DLL

internal name: NetLogon.DLL

file version.: 5.1.2600.5582 (xpsp_sp3_qfe.080416-1432)

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

PEInfo: PE structure information

[[ basic data ]]

entrypointaddress: 0x17A4

timedatestamp....: 0x4806D703 (Thu Apr 17 04:50:11 2008)

machinetype......: 0x14c (I386)

[[ 4 section(s) ]]

name, viradd, virsiz, rawdsiz, ntropy, md5

.text, 0x1000, 0x5CEF9, 0x5D000, 6.67, d6cf69d899cc6eaa02c003c1710269b2

.data, 0x5E000, 0x1DD4, 0x1800, 2.68, 65d3de171eb8131d4f708d35663e6aa1

.rsrc, 0x60000, 0xAA8, 0xC00, 5.92, 8df0e16f343799c962850ca5da20625f

.reloc, 0x61000, 0x3DE8, 0x3E00, 6.80, 24b0edf18f722cbc73e0d02893530694

[[ 16 import(s) ]]

ADVAPI32.dll: AllocateAndInitializeSid, LookupAccountSidA, FreeSid, RegQueryInfoKeyW, OpenThreadToken, AccessCheck, RegisterEventSourceW, ReportEventW, DeregisterEventSource, RegConnectRegistryW, RegisterTraceGuidsW, TraceEvent, GetTraceLoggerHandle, CryptGenRandom, SystemFunction033, SystemFunction032, RevertToSelf, SystemFunction004, RegDeleteValueW, RegSetValueExW, ConvertStringSecurityDescriptorToSecurityDescriptorW, LsaOpenPolicy, LsaQueryInformationPolicy, LsaFreeMemory, LsaEnumerateTrustedDomains, LsaClose, RegisterServiceCtrlHandlerW, RegNotifyChangeKeyValue, CryptAcquireContextW, QueryServiceConfigW, QueryServiceStatus, RegDeleteKeyA, I_ScSetServiceBitsW, SystemFunction007, SystemFunction031, RegOpenKeyW, RegQueryValueExW, RegOpenKeyExW, RegDeleteKeyW, SystemFunction001, SystemFunction002, SystemFunction012, SystemFunction014, SystemFunction013, SystemFunction015, UnregisterTraceGuids, CryptReleaseContext, SetServiceStatus, RegOpenKeyExA, RegQueryValueExA, RegCloseKey, OpenSCManagerW, OpenServiceW, CloseServiceHandle, RegCreateKeyExA, GetSidLengthRequired

cryptdll.dll: CDLocateCSystem, CDLocateCheckSum

DNSAPI.dll: DnsQuery_W, DnsValidateName_W, DnsNameCompare_UTF8, DnsNameCompare_W, DnsReplaceRecordSetUTF8, DnsModifyRecordsInSet_UTF8, DnsGetLastFailedUpdateInfo, DnsQuery_UTF8, DnsRecordListFree, DnsValidateName_UTF8

KERNEL32.dll: SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, GetCurrentProcessId, GetCurrentThreadId, QueryPerformanceCounter, GetModuleHandleW, GetModuleFileNameW, CreateMailslotA, CreateSemaphoreW, GetVersionExW, GetCurrentProcess, GetCurrentThread, DuplicateHandle, ReleaseSemaphore, QueueUserWorkItem, lstrcmpA, lstrcatA, lstrlenA, lstrcpyA, SetComputerNameExW, FormatMessageW, ExpandEnvironmentStringsW, GetThreadLocale, lstrcpyW, LoadLibraryA, GetLocalTime, GetFileAttributesW, CreateDirectoryW, SetFilePointer, GetComputerNameW, WaitForMultipleObjects, LoadLibraryExW, GetProcAddress, OpenEventW, RegisterWaitForSingleObject, MoveFileW, DisableThreadLibraryCalls, DeviceIoControl, GetOverlappedResult, UnregisterWaitEx, SetMailslotInfo, CompareStringW, WideCharToMultiByte, MultiByteToWideChar, GetTickCount, DeleteFileW, LocalReAlloc, GetComputerNameExW, GetFileSize, ReadFile, LocalAlloc, WriteFile, FlushFileBuffers, CreateFileW, DeleteCriticalSection, LocalFree, InitializeCriticalSection, CreateEventW, ResetEvent, CreateThread, FreeLibrary, GetSystemWindowsDirectoryW, Sleep, WaitForSingleObject, CloseHandle, GetSystemTimeAsFileTime, SetEvent, GetLastError, EnterCriticalSection, LeaveCriticalSection

LSASRV.dll: LsaIUpdateForestTrustInformation, LsaIQuerySiteInfo, LsaIFree_LSAP_SITE_INFO, LsaIOpenPolicyTrusted, LsarQueryInformationPolicy, LsaISafeMode, LsaIFree_LSAPR_POLICY_INFORMATION, LsarClose, LsaIUnregisterAllPolicyChangeNotificationCallback, LsaIRegisterPolicyChangeNotificationCallback, LsaIGetForestTrustInformation, LsaIFilterSids, LsaIFreeReturnBuffer, LsaICallPackagePassthrough, LsaIFreeHeap, LsaIGetNbAndDnsDomainNames, LsaIFree_LSAPR_SR_SECURITY_DESCRIPTOR, LsarQuerySecurityObject, LsaIFree_LSAPR_TRUSTED_DOMAIN_INFO, LsarQueryInfoTrustedDomain, LsarOpenTrustedDomain, LsaIFree_LSAPR_PRIVILEGE_SET, LsaIFree_LSAPR_UNICODE_STRING, LsarLookupPrivilegeName, LsarGetSystemAccessAccount, LsarEnumeratePrivilegesAccount, LsarOpenAccount, LsaIFree_LSAPR_CR_CIPHER_VALUE, LsarQuerySecret, LsarOpenSecret, LsarQueryTrustedDomainInfoByName, LsarSetSecret, LsarSetTrustedDomainInfoByName, LsaISetSerialNumberPolicy, LsaIGetSerialNumberPolicy, LsaINotifyNetlogonParametersChangeW, LsaIIsDsPaused, LsaIFree_LSAP_SITENAME_INFO, LsaIFree_LSAP_SUBNET_INFO, LsaIQuerySubnetInfo, LsaIGetSiteName, LsaICallPackage, LsaIFree_LSAI_SECRET_ENUM_BUFFER, LsaIFree_LSAPR_TRUSTED_ENUM_BUFFER, LsaIFree_LSAPR_ACCOUNT_ENUM_BUFFER, LsaIEnumerateSecrets, LsarEnumerateTrustedDomains, LsarEnumerateAccounts, LsaISetClientDnsHostName, LsarSetInformationPolicy, LsaIFree_LSAPR_UNICODE_STRING_BUFFER, LsaIForestTrustFindMatch, LsaIFreeForestTrustInfo, LsaIQueryForestTrustInfo, LsarEnumerateTrustedDomainsEx, LsaIFree_LSAPR_TRUSTED_ENUM_BUFFER_EX, LsarOpenPolicy

msv1_0.dll: MsvSamLogoff, MsvSamValidate, MsvGetLogonAttemptCount

msvcrt.dll: wcscmp, wcstoul, _strnicmp, wcsstr, sprintf, _wcsnicmp, swprintf, srand, _vsnprintf, strchr, qsort, rand, wcsrchr, free, _initterm, wcslen, _adjust_fdiv, wcschr, wcsncpy, isprint, _ltoa, time, _ultoa, _itoa, wcsspn, towupper, _wcsupr, strcspn, iswctype, wcscspn, _except_handler3, wcscat, strncmp, malloc, _wcsicmp, memmove, wcscpy

NETAPI32.dll: I_NetLogonSamLogonEx, NetGetDCName, I_NetServerPasswordGet, I_NetServerAuthenticate, I_NetServerAuthenticate2, I_NetServerAuthenticate3, NetApiBufferFree, I_NetNameCanonicalize, I_NetNameCompare, NetApiBufferAllocate, I_NetGetForestTrustInformation, I_NetLogonSamLogon, I_NetLogonSamLogonWithFlags, I_NetLogonSamLogoff, NetAlertRaiseEx, NetpIsRemote, I_NetLogonGetDomainInfo, NlBindingAddServerToCache, NlBindingSetAuthInfo, NlBindingRemoveServerFromCache, I_NetServerGetTrustInfo, I_NetServerTrustPasswordsGet, NetSessionEnum, I_NetPathCanonicalize, I_NetServerSetServiceBitsEx, NetServerComputerNameDel, NetServerTransportEnum, NetServerTransportAddEx, NetServerTransportDel, I_NetServerPasswordSet2, I_NetServerPasswordSet, NetShareAdd, NetShareGetInfo, NetShareDel, I_NetServerReqChallenge, I_NetLogonSendToSam

ntdll.dll: RtlLengthSid, RtlEqualSid, RtlInitUnicodeString, RtlAllocateAndInitializeSid, RtlGetNtProductType, RtlFreeSid, RtlFreeUnicodeString, RtlCreateUnicodeString, RtlUpcaseUnicodeToOemN, RtlEqualDomainName, RtlEqualComputerName, RtlDeleteResource, RtlReleaseResource, RtlAcquireResourceExclusive, NtClose, RtlSubAuthoritySid, RtlSubAuthorityCountSid, NtQueryInformationToken, NtOpenThreadToken, RtlExtendedMagicDivide, NtOpenFile, NtCancelIoFile, NtDeviceIoControlFile, NtCreateFile, RtlUpcaseUnicodeStringToOemString, RtlOemToUnicodeN, NtSetEvent, NtOpenEvent, NtCreateEvent, RtlInitializeResource, RtlxUnicodeStringToOemSize, NlsMbOemCodePageTag, DbgPrint, RtlCopyUnicodeString, RtlTimeToTimeFields, RtlSystemTimeToLocalTime, RtlValidSid, RtlConvertSidToUnicodeString, RtlAcquireResourceShared, RtlEqualUnicodeString, RtlCompareUnicodeString, RtlIntegerToUnicodeString, RtlCopySid, RtlLeaveCriticalSection, RtlEnterCriticalSection, RtlImpersonateSelf, RtlDowncaseUnicodeString, RtlInitString, NtImpersonateAnonymousToken, NtSetInformationThread, RtlOemStringToUnicodeString, RtlxOemStringToUnicodeSize, RtlCompareMemoryUlong, RtlNtStatusToDosError, RtlInitializeSid, RtlLengthRequiredSid, RtlDeleteSecurityObject, RtlSetSaclSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlSetGroupSecurityDescriptor, RtlSetOwnerSecurityDescriptor, RtlCreateSecurityDescriptor, RtlAddAce, RtlCreateAcl, RtlNewSecurityObject, NtOpenProcessToken, RtlUniform, NtQuerySystemTime, RtlTimeToSecondsSince1980, RtlInitAnsiString, RtlSetEnvironmentVariable, RtlExpandEnvironmentStrings_U, RtlCreateEnvironment, RtlDestroyEnvironment, RtlDetermineDosPathNameType_U, RtlIsDosDeviceName_U, RtlTimeToSecondsSince1970

NTDSAPI.dll: DsUnBindW, DsCrackNamesW, DsFreeNameResultW, DsBindW

RPCRT4.dll: RpcServerInqBindings, UuidToStringA, RpcServerUnregisterIf, NdrServerCall2, RpcRevertToSelf, RpcImpersonateClient, RpcBindingInqAuthClientW, RpcBindingVectorFree, RpcEpRegisterW, RpcServerUseProtseqExW, RpcServerRegisterIfEx, RpcServerUseProtseqEpW, RpcServerRegisterAuthInfoW, RpcStringFreeW, RpcBindingFromStringBindingW, RpcStringBindingComposeW, RpcBindingFree, RpcBindingToStringBindingW, RpcBindingServerFromClient, RpcServerYield, RpcCancelThread, RpcBindingSetAuthInfoW, RpcMgmtSetCancelTimeout, RpcBindingSetAuthInfoExA, RpcBindingFromStringBindingA, RpcStringBindingComposeA, NdrClientCall2, RpcStringFreeA

SAMSRV.dll: SamIEnumerateAccountRids, SamrQueryDisplayInformation, SamrEnumerateAliasesInDomain, SamIFree_SAMPR_ENUMERATION_BUFFER, SamISetPasswordInfoOnPdc, SamrSetInformationUser, SamIResetBadPwdCountOnPdc, SamINetLogonPing, SamIFree_SAMPR_GROUP_INFO_BUFFER, SamIFree_SAMPR_SR_SECURITY_DESCRIPTOR, SamrQueryInformationGroup, SamrQuerySecurityObject, SamIOpenAccount, SamIFree_SAMPR_GET_MEMBERS_BUFFER, SamrGetMembersInGroup, SamIFree_SAMPR_ALIAS_INFO_BUFFER, SamrQueryInformationAlias, SamIFree_SAMPR_PSID_ARRAY, SamrGetMembersInAlias, SamrQueryInformationUser, SamIFreeSidArray, SamIGetResourceGroupMembershipsTransitive, SamrLookupNamesInDomain, SamISameSite, SamIMixedDomain, SamrQueryInformationDomain, SamIFree_SAMPR_DOMAIN_INFO_BUFFER, SamIConnect, SamrOpenDomain, SamrCloseHandle, SamrOpenGroup, SamIFree_SAMPR_DISPLAY_INFO_BUFFER, SampUsingDsData, SamISetSerialNumberDomain, SamrGetAliasMembership, SamIFree_SAMPR_ULONG_ARRAY, SamIChangePasswordForeignUser, SamIGetUserLogonInformation, SamIFree_SAMPR_USER_INFO_BUFFER

USER32.dll: GetSystemMetrics

w32time.dll: W32TimeGetNetlogonServiceBits

WLDAP32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -

WS2_32.dll: -, WSAAddressToStringA, WSAAddressToStringW, -, -, -, WSAStringToAddressW, -, WSASocketW, WSAEventSelect, -, WSAIoctl, -, -, -

[[ 29 export(s) ]]

DsrGetDcName, DsrGetDcNameEx2, I_DsGetDcCache, I_NetLogonAddressToSiteName, I_NetLogonAppendChangeLog, I_NetLogonCloseChangeLog, I_NetLogonFree, I_NetLogonGetAuthDataEx, I_NetLogonGetDirectDomain, I_NetLogonGetIpAddresses, I_NetLogonGetSerialNumber, I_NetLogonLdapLookup, I_NetLogonLdapLookupEx, I_NetLogonMixedDomain, I_NetLogonNewChangeLog, I_NetLogonReadChangeLog, I_NetLogonSendToSamOnPdc, I_NetLogonSetServiceBits, I_NetNotifyDelta, I_NetNotifyDsChange, I_NetNotifyMachineAccount, I_NetNotifyNetlogonDllHandle, I_NetNotifyNtdsDsaDeletion, I_NetNotifyRole, I_NetNotifyTrustedDomain, InitSecurityInterfaceW, NetrLogonSamLogoff, NetrLogonSamLogon, NlNetlogonMain

ExifTool:

file metadata

CharacterSet: Unicode

CodeSize: 380928

CompanyName: Microsoft Corporation

EntryPoint: 0x17a4

FileDescription: Net Logon Services DLL

FileFlagsMask: 0x003f

FileOS: Windows NT 32-bit

FileSize: 398 kB

FileSubtype: 0

FileType: Win32 DLL

FileVersion: 5.1.2600.5582 (xpsp_sp3_qfe.080416-1432)

FileVersionNumber: 5.1.2600.5582

ImageVersion: 5.1

InitializedDataSize: 26624

InternalName: NetLogon.DLL

LanguageCode: English (U.S.)

LegalCopyright: Microsoft Corporation. All rights reserved.

LinkerVersion: 7.1

MIMEType: application/octet-stream

MachineType: Intel 386 or later, and compatibles

OSVersion: 5.1

ObjectFileType: Dynamic link library

OriginalFilename: NetLogon.DLL

PEType: PE32

ProductName: Microsoft Windows Operating System

ProductVersion: 5.1.2600.5582

ProductVersionNumber: 5.1.2600.5582

Subsystem: Windows command line

SubsystemVersion: 4.1

TimeStamp: 2008:04:17 06:50:11+02:00

UninitializedDataSize: 0

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.