Jump to content

Trojan.BHO fsharproj


jben04

Recommended Posts

Seems i will be jumping on the bandwagon as i have seen a numerous amount of posts about this exact thing.

i run malwarebytes, it locates it and i remove it,only for it to reappear, i did try combo fix before the malware prog,but with no success.

As with other people, if i click a link from google it directs me to a advert page

Here is the Malwarebytes log :

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7660

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

9/12/2011 12:36:56 PM

mbam-log-2011-09-12 (12-36-56).txt

Scan type: Full scan (C:\|)

Objects scanned: 277147

Time elapsed: 2 hour(s), 56 minute(s), 20 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\program files\mIRC\patch.exe (Trojan.Agent.CK) -> Not selected for removal.

mbam-log-2011-09-12 (12-36-56).txt

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7720

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

9/17/2011 6:53:06 AM

mbam-log-2011-09-17 (06-53-06).txt

Scan type: Quick scan

Objects scanned: 188290

Time elapsed: 24 minute(s), 2 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\RECYCLER\s-1-5-21-709899021-2297727937-2409367604-1003\Dc6.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15

Run by Owner at 6:54:37 on 2011-09-17

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.208 [GMT -4:00]

.

AV: Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\Program Files\Softex\OmniPass\OPXPApp.exe

C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\Logitech\Easy Synchronization\servicestub.exe

C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe

C:\Program Files\PC Tools Security\pctsAuxs.exe

C:\Program Files\PC Tools Security\pctsSvc.exe

C:\HP\KBD\KBD.EXE

C:\WINDOWS\ALCXMNTR.EXE

C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Logitech\SetPoint\LBTWiz.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\PC Tools Security\BDT\FGuard.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\PC Tools Security\pctsGui.exe

C:\Program Files\PC Tools Security\TFEngine\TFService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\NOTEPAD.EXE

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Search_URL = hxxp://srch-us8.hpwis.com/

uInternet Settings,ProxyOverride = 127.0.0.1;localhost;*.local

uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: hp toolkit: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\hp\explorebar\HPTOOLKT.DLL

TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

EB: hp toolkit: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll

uRun: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [KBD] c:\hp\kbd\KBD.EXE

mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [PS2] c:\windows\system32\ps2.exe

mRun: [AlcxMonitor] ALCXMNTR.EXE

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [Easy Synchronization] c:\program files\logitech\easy synchronization\LogitechEasySync.exe

mRun: [EPSON Stylus Photo R220 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [bluetooth Connection Assistant] LBTWIZ.EXE -silent

mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice

mRun: [iSTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI

mRun: [PCTools FGuard] c:\program files\pc tools security\bdt\FGuard.exe

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

mRunOnce: [Easy Synchronization] c:\program files\logitech\easy synchronization\LogitechEasySync.exe --ports

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

LSP: SpSubLSP.dll

LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1299511789140

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1299531100718

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 24.178.162.3 97.81.22.195 24.159.64.23

TCP: Interfaces\{B2323E0A-FEB5-49CA-922A-B7F8E0E7FCB0} : DhcpNameServer = 24.178.162.3 97.81.22.195 24.159.64.23

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxsrvc.dll

Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

Notify: OPXPGina - c:\program files\softex\omnipass\opxpgina.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: ShellExecuteHook class: {fe24cd78-7c63-465d-8787-4edf7fc79895} - c:\program files\logitech\easy synchronization\shellexecutehook.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\twatzv4a.default\

FF - prefs.js: browser.startup.homepage - www.google.com

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll

FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll

FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll

FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll

.

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

.

============= SERVICES / DRIVERS ===============

.

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-9-14 263888]

R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-9-14 338880]

R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-9-14 656320]

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-9-16 51984]

R0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-9-16 69392]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-7-9 218688]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-3-19 107256]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-3-19 93848]

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2011-9-14 251560]

R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2011-9-14 233976]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2011-9-14 337872]

R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-3-19 731840]

R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-9-14 371472]

R2 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-9-14 1117144]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-9-17 41272]

R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2011-9-14 70536]

R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-9-16 33552]

R3 ThreatFire;ThreatFire;c:\program files\pc tools security\tfengine\tfservice.exe service --> c:\program files\pc tools security\tfengine\TFService.exe service [?]

S3 CallerIP;Visualware CallerIP;c:\program files\callerip\cip-nt.exe --> c:\program files\callerip\cip-nt.exe [?]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

.

=============== Created Last 30 ================

.

2011-09-17 10:28:00 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-09-17 02:09:30 69392 --s---w- c:\windows\system32\drivers\TfSysMon.sys

2011-09-17 02:09:30 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys

2011-09-17 02:09:30 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys

2011-09-15 10:14:45 -------- d-----w- c:\documents and settings\owner\local settings\application data\Threat Expert

2011-09-14 16:13:26 767952 ----a-w- c:\windows\BDTSupport.dll

2011-09-14 16:13:25 149456 ----a-w- c:\windows\SGDetectionTool.dll

2011-09-14 16:13:24 2074576 ----a-w- c:\windows\PCTBDCore.dll

2011-09-14 16:13:24 1533904 ----a-w- c:\windows\PCTBDRes.dll

2011-09-14 16:10:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys

2011-09-14 16:10:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys

2011-09-14 16:10:55 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2011-09-14 16:10:18 263888 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2011-09-14 16:10:18 160576 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2011-09-14 16:10:09 233976 ----a-w- c:\windows\system32\drivers\PCTSD.sys

2011-09-14 16:09:48 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2011-09-14 16:08:59 -------- d-----w- c:\documents and settings\all users\application data\PC Tools

2011-09-14 15:26:56 767952 ----a-w- c:\windows\BDTSupport.dll0945.old

2011-09-14 15:26:55 149456 ----a-w- c:\windows\SGDetectionTool.dll0945.old

2011-09-14 15:26:54 2074576 ----a-w- c:\windows\PCTBDCore.dll0945.old

2011-09-14 15:23:09 -------- d-----w- c:\program files\common files\PC Tools

2011-09-14 15:23:08 -------- d-----w- c:\program files\PC Tools Security

2011-09-14 14:40:41 -------- d-----w- c:\documents and settings\owner\a

2011-09-12 13:27:50 0 ---ha-w- c:\documents and settings\owner\bybesfbrjd.tmp

2011-09-12 12:51:07 -------- d-----w- C:\ComboFix

2011-09-10 10:28:26 -------- d-----w- c:\program files\ESET

2011-09-09 14:04:33 -------- d-----w- c:\documents and settings\all users\application data\PIXELA

2011-09-09 13:57:29 -------- d-----w- c:\program files\PIXELA

2011-09-09 13:56:26 -------- d-----w- c:\program files\Digital Photo Navigator 1.5

2011-09-08 18:07:16 388096 ----a-r- c:\documents and settings\owner\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-09-08 18:07:12 -------- d-----w- c:\program files\Trend Micro

2011-09-07 23:47:28 -------- d-----w- c:\program files\AviSynth 2.5

2011-09-07 23:45:33 -------- d-----w- c:\program files\AutoGK

2011-09-07 18:19:49 -------- d-----w- c:\program files\Xilisoft

2011-09-06 19:25:30 22 --sha-w- c:\documents and settings\owner\application data\Sys2662.Config.Repository.bin

2011-09-06 18:05:45 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-09-06 18:05:45 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy

2011-09-05 17:18:00 -------- d-----w- c:\program files\EPSON Print CD

2011-09-05 17:04:56 183696 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

2011-09-05 17:04:56 183696 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

2011-09-05 16:42:21 98816 ----a-w- c:\windows\sed.exe

2011-09-05 16:42:21 518144 ----a-w- c:\windows\SWREG.exe

2011-09-05 16:42:21 256000 ----a-w- c:\windows\PEV.exe

2011-09-05 16:42:21 208896 ----a-w- c:\windows\MBR.exe

2011-09-03 10:17:37 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll

2011-09-02 16:51:47 645632 ----a-w- c:\windows\system32\xvidcore.dll

2011-09-02 16:51:47 240640 ----a-w- c:\windows\system32\xvidvfw.dll

2011-09-02 16:51:47 153088 ----a-w- c:\windows\system32\xvid.ax

2011-09-02 16:51:13 -------- d-----w- c:\program files\Xvid

2011-09-02 16:29:31 -------- d-----w- c:\program files\iOrgSoft

2011-09-02 16:28:40 -------- d-----w- c:\documents and settings\owner\application data\GetRightToGo

2011-09-02 16:27:08 40960 ----a-w- c:\windows\system\vdremote.dll

2011-09-02 16:27:08 36864 ----a-w- c:\windows\system\vdsvrlnk.dll

.

==================== Find3M ====================

.

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-08 09:42:18 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-20 00:55:00 21064 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-07-16 18:30:04 30601 ----a-w- c:\windows\java\x.exe

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-09 21:46:29 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-23 18:36:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec

2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll

.

============= FINISH: 7:02:14.10 ===============

Link to post
Share on other sites

  • Staff

Hi,

I notice that you are using more than one antivirus program (ESET and Spyware Doctor). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus program.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

ComboFix 11-09-17.04 - Owner 09/18/2011 8:26.3.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.951 [GMT -4:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

AV: Spyware Doctor with AntiVirus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bt1q2dom.default\extensions\{7de83ea9-816d-4113-bc37-4e7ebfef6ee1}

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bt1q2dom.default\extensions\{7de83ea9-816d-4113-bc37-4e7ebfef6ee1}\chrome.manifest

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bt1q2dom.default\extensions\{7de83ea9-816d-4113-bc37-4e7ebfef6ee1}\chrome\xulcache.jar

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bt1q2dom.default\extensions\{7de83ea9-816d-4113-bc37-4e7ebfef6ee1}\defaults\preferences\xulcache.js

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bt1q2dom.default\extensions\{7de83ea9-816d-4113-bc37-4e7ebfef6ee1}\install.rdf

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bt1q2dom.default\extensions\{a025c798-c6f6-4b99-80dc-3687e85e074d}

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bt1q2dom.default\extensions\{a025c798-c6f6-4b99-80dc-3687e85e074d}\chrome.manifest

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bt1q2dom.default\extensions\{a025c798-c6f6-4b99-80dc-3687e85e074d}\chrome\xulcache.jar

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bt1q2dom.default\extensions\{a025c798-c6f6-4b99-80dc-3687e85e074d}\defaults\preferences\xulcache.js

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bt1q2dom.default\extensions\{a025c798-c6f6-4b99-80dc-3687e85e074d}\install.rdf

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bt1q2dom.default\extensions\{e7a6ac18-214b-492f-a2c2-c2404b2a7e79}

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bt1q2dom.default\extensions\{e7a6ac18-214b-492f-a2c2-c2404b2a7e79}\chrome.manifest

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bt1q2dom.default\extensions\{e7a6ac18-214b-492f-a2c2-c2404b2a7e79}\chrome\xulcache.jar

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bt1q2dom.default\extensions\{e7a6ac18-214b-492f-a2c2-c2404b2a7e79}\defaults\preferences\xulcache.js

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bt1q2dom.default\extensions\{e7a6ac18-214b-492f-a2c2-c2404b2a7e79}\install.rdf

c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\twatzv4a.default\extensions\{7de83ea9-816d-4113-bc37-4e7ebfef6ee1}

c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\twatzv4a.default\extensions\{7de83ea9-816d-4113-bc37-4e7ebfef6ee1}\chrome.manifest

c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\twatzv4a.default\extensions\{7de83ea9-816d-4113-bc37-4e7ebfef6ee1}\chrome\xulcache.jar

c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\twatzv4a.default\extensions\{7de83ea9-816d-4113-bc37-4e7ebfef6ee1}\defaults\preferences\xulcache.js

c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\twatzv4a.default\extensions\{7de83ea9-816d-4113-bc37-4e7ebfef6ee1}\install.rdf

c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\twatzv4a.default\extensions\{a025c798-c6f6-4b99-80dc-3687e85e074d}

c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\twatzv4a.default\extensions\{a025c798-c6f6-4b99-80dc-3687e85e074d}\chrome.manifest

c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\twatzv4a.default\extensions\{a025c798-c6f6-4b99-80dc-3687e85e074d}\chrome\xulcache.jar

c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\twatzv4a.default\extensions\{a025c798-c6f6-4b99-80dc-3687e85e074d}\defaults\preferences\xulcache.js

c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\twatzv4a.default\extensions\{a025c798-c6f6-4b99-80dc-3687e85e074d}\install.rdf

c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\twatzv4a.default\extensions\{e7a6ac18-214b-492f-a2c2-c2404b2a7e79}

c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\twatzv4a.default\extensions\{e7a6ac18-214b-492f-a2c2-c2404b2a7e79}\chrome.manifest

c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\twatzv4a.default\extensions\{e7a6ac18-214b-492f-a2c2-c2404b2a7e79}\chrome\xulcache.jar

c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\twatzv4a.default\extensions\{e7a6ac18-214b-492f-a2c2-c2404b2a7e79}\defaults\preferences\xulcache.js

c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\twatzv4a.default\extensions\{e7a6ac18-214b-492f-a2c2-c2404b2a7e79}\install.rdf

c:\documents and settings\Owner\bybesfbrjd.tmp

c:\program files\Skype\Plugin Manager\SkypePM.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-08-18 to 2011-09-18 )))))))))))))))))))))))))))))))

.

.

2011-09-17 11:49 . 2011-09-17 11:54 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe

2011-09-17 11:36 . 2011-09-17 11:36 -------- d-----w- c:\program files\Adobe Media Player

2011-09-17 02:09 . 2011-01-20 17:27 69392 --s---w- c:\windows\system32\drivers\TfSysMon.sys

2011-09-17 02:09 . 2011-01-20 17:27 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys

2011-09-17 02:09 . 2011-01-20 17:27 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys

2011-09-17 02:05 . 2011-09-17 02:05 -------- d-----w- c:\program files\Common Files\Adobe AIR

2011-09-15 10:14 . 2011-09-15 10:14 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Threat Expert

2011-09-14 16:13 . 2011-04-27 19:36 767952 ----a-w- c:\windows\BDTSupport.dll

2011-09-14 15:23 . 2011-09-18 12:13 -------- d-----w- c:\program files\PC Tools Security

2011-09-14 14:40 . 2011-09-14 14:43 -------- d-----w- c:\documents and settings\Owner\a

2011-09-10 10:28 . 2011-09-10 10:28 -------- d-----w- c:\program files\ESET

2011-09-10 00:42 . 2011-09-10 00:42 -------- d-----w- c:\program files\7-Zip

2011-09-09 14:04 . 2011-09-09 14:04 -------- d-----w- c:\documents and settings\All Users\Application Data\PIXELA

2011-09-09 13:57 . 2011-09-09 13:57 -------- d-----w- c:\program files\PIXELA

2011-09-09 13:56 . 2011-09-09 13:56 -------- d-----w- c:\program files\Digital Photo Navigator 1.5

2011-09-08 18:07 . 2011-09-08 18:07 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-09-08 18:07 . 2011-09-08 18:07 -------- d-----w- c:\program files\Trend Micro

2011-09-08 10:27 . 2011-09-10 10:10 -------- d-----w- c:\documents and settings\Owner\Application Data\Media Player Classic

2011-09-07 23:47 . 2011-09-07 23:47 -------- d-----w- c:\program files\AviSynth 2.5

2011-09-07 23:46 . 2011-09-07 23:46 -------- d-----w- c:\program files\Gabest

2011-09-07 23:45 . 2011-09-07 23:47 -------- d-----w- c:\program files\AutoGK

2011-09-07 18:19 . 2011-09-07 18:19 -------- d-----w- c:\program files\Xilisoft

2011-09-06 19:25 . 2011-09-06 19:25 22 --sha-w- c:\documents and settings\Owner\Application Data\Sys2662.Config.Repository.bin

2011-09-06 18:05 . 2011-09-14 12:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2011-09-06 18:05 . 2011-09-06 18:09 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-09-05 17:18 . 2011-09-14 14:28 -------- d-----w- c:\program files\EPSON Print CD

2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll

2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

2011-09-03 10:17 . 2011-09-09 09:12 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll

2011-09-02 16:51 . 2011-05-30 13:42 240640 ----a-w- c:\windows\system32\xvidvfw.dll

2011-09-02 16:51 . 2011-05-23 09:52 153088 ----a-w- c:\windows\system32\xvid.ax

2011-09-02 16:51 . 2011-05-23 07:46 645632 ----a-w- c:\windows\system32\xvidcore.dll

2011-09-02 16:51 . 2011-09-07 23:47 -------- d-----w- c:\program files\Xvid

2011-09-02 16:29 . 2011-09-04 19:25 -------- d-----w- c:\program files\iOrgSoft

2011-09-02 16:28 . 2011-09-02 16:29 -------- d-----w- c:\documents and settings\Owner\Application Data\GetRightToGo

2011-09-02 16:27 . 2000-04-16 17:22 40960 ----a-w- c:\windows\system\vdremote.dll

2011-09-02 16:27 . 2000-03-04 05:40 36864 ----a-w- c:\windows\system\vdsvrlnk.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-09 09:12 . 2001-01-03 13:38 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-08 09:42 . 2011-05-21 14:13 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-31 21:00 . 2011-07-13 19:28 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-20 00:55 . 2011-07-20 00:55 21064 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-07-16 18:30 . 2011-07-16 18:30 30601 ----a-w- c:\windows\java\x.exe

2011-07-15 13:29 . 2001-01-03 13:38 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-09 21:46 . 2011-07-09 21:46 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2011-07-08 14:02 . 2001-01-03 13:11 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-06-24 14:10 . 2001-01-03 13:11 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:36 . 2006-06-23 16:33 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:36 . 2001-01-03 13:38 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-23 18:36 . 2001-01-03 13:38 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-06-23 12:05 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec

2011-06-20 17:44 . 2001-01-03 13:13 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-09-07 18:15 . 2011-05-13 22:55 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot_2011-09-12_13.03.59 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-04-19 02:51 . 2011-04-19 02:51 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f\vcomp90.dll

+ 2007-11-07 06:19 . 2007-11-07 06:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90rus.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90kor.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90jpn.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90ita.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90fra.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esp.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esn.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 53584 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 63312 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90deu.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90cht.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 35664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90chs.dll

+ 2008-07-29 12:05 . 2008-07-29 12:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll

+ 2008-07-29 12:05 . 2008-07-29 12:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll

+ 2008-07-29 12:05 . 2008-07-29 12:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll

+ 2008-07-29 12:05 . 2008-07-29 12:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll

+ 2008-07-29 12:05 . 2008-07-29 12:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll

+ 2008-07-29 12:05 . 2008-07-29 12:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll

+ 2008-07-29 12:05 . 2008-07-29 12:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll

+ 2008-07-29 12:05 . 2008-07-29 12:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll

+ 2008-07-29 12:05 . 2008-07-29 12:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll

+ 2008-07-29 12:05 . 2008-07-29 12:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll

+ 2008-07-29 12:05 . 2008-07-29 12:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90u.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90.dll

+ 2009-06-26 23:10 . 2009-06-26 23:10 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4137_x-ww_a57b1f13\mfcm90u.dll

+ 2009-06-26 23:10 . 2009-06-26 23:10 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4137_x-ww_a57b1f13\mfcm90.dll

+ 2008-07-29 10:07 . 2008-07-29 10:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll

+ 2008-07-29 10:07 . 2008-07-29 10:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll

+ 2009-07-12 00:32 . 2009-07-12 00:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll

+ 2009-07-12 00:32 . 2009-07-12 00:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll

+ 2009-07-12 00:32 . 2009-07-12 00:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll

+ 2009-07-12 00:32 . 2009-07-12 00:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll

+ 2009-07-12 00:32 . 2009-07-12 00:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll

+ 2009-07-12 00:32 . 2009-07-12 00:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll

+ 2009-07-12 00:32 . 2009-07-12 00:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll

+ 2009-07-12 00:32 . 2009-07-12 00:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll

+ 2009-07-12 00:32 . 2009-07-12 00:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll

+ 2009-07-12 05:07 . 2009-07-12 05:07 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll

+ 2009-07-12 05:19 . 2009-07-12 05:19 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll

+ 2003-04-10 05:05 . 2011-09-18 12:10 81470 c:\windows\system32\perfc009.dat

- 2003-04-10 05:05 . 2011-09-11 15:39 81470 c:\windows\system32\perfc009.dat

+ 2011-09-14 16:09 . 2010-12-16 11:46 70536 c:\windows\system32\drivers\pctplsg.sys

+ 2011-09-17 02:06 . 2011-09-17 02:06 22528 c:\windows\Installer\8628b3b.msi

+ 2011-09-17 02:05 . 2011-09-17 02:05 27648 c:\windows\Installer\8628b32.msi

+ 2011-09-17 11:36 . 2011-09-17 11:36 22016 c:\windows\Installer\102a33.msi

+ 2011-09-17 11:26 . 2011-09-17 11:26 10134 c:\windows\Installer\{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}\ARPPRODUCTICON.exe

+ 2011-09-17 11:26 . 2011-09-17 11:26 10134 c:\windows\Installer\{D1A19B02-817E-4296-A45B-07853FD74D57}\ARPPRODUCTICON.exe

+ 2011-09-17 11:26 . 2011-09-17 11:26 10134 c:\windows\Installer\{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}\ARPPRODUCTICON.exe

+ 2011-03-09 15:45 . 2011-09-15 03:19 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe

- 2011-03-09 15:45 . 2011-08-11 03:13 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe

+ 2011-03-09 15:45 . 2011-09-15 03:19 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe

- 2011-03-09 15:45 . 2011-08-11 03:13 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe

- 2011-03-09 15:45 . 2011-08-11 03:13 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe

+ 2011-03-09 15:45 . 2011-09-15 03:19 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe

+ 2011-09-17 11:27 . 2011-09-17 11:27 10134 c:\windows\Installer\{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}\ARPPRODUCTICON.exe

+ 2011-09-17 11:34 . 2011-09-17 11:34 10134 c:\windows\Installer\{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}\ARPPRODUCTICON.exe

+ 2011-09-17 11:26 . 2011-09-17 11:26 10134 c:\windows\Installer\{08D2E121-7F6A-43EB-97FD-629B44903403}\ARPPRODUCTICON.exe

+ 2011-09-17 11:26 . 2011-09-17 11:26 10134 c:\windows\Installer\{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}\ARPPRODUCTICON.exe

+ 2011-06-06 16:55 . 2011-06-06 16:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe

+ 2011-06-06 16:55 . 2011-06-06 16:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe

+ 2011-06-06 16:55 . 2011-06-06 16:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe

+ 2011-06-06 16:55 . 2011-06-06 16:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe

+ 2011-06-06 16:55 . 2011-06-06 16:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 653136 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 569680 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcm90.dll

+ 2009-06-26 23:07 . 2009-06-26 23:07 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4137_x-ww_d494ac0e\msvcr90.dll

+ 2009-06-26 23:07 . 2009-06-26 23:07 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4137_x-ww_d494ac0e\msvcp90.dll

+ 2009-06-26 23:10 . 2009-06-26 23:10 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4137_x-ww_d494ac0e\msvcm90.dll

+ 2008-07-29 12:05 . 2008-07-29 12:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll

+ 2008-07-29 12:05 . 2008-07-29 12:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll

+ 2008-07-29 07:54 . 2008-07-29 07:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 159048 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7\atl90.dll

+ 2009-06-26 23:07 . 2009-06-26 23:07 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4137_x-ww_35349982\atl90.dll

+ 2008-07-29 12:05 . 2008-07-29 12:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll

- 2003-04-10 05:05 . 2011-09-11 15:39 485178 c:\windows\system32\perfh009.dat

+ 2003-04-10 05:05 . 2011-09-18 12:10 485178 c:\windows\system32\perfh009.dat

+ 2001-01-03 13:39 . 2010-03-05 14:13 947472 c:\windows\system32\msjava.dll

+ 2011-09-14 16:10 . 2011-03-10 13:08 233976 c:\windows\system32\drivers\PCTSD.sys

+ 2011-09-14 16:10 . 2011-01-17 13:10 251560 c:\windows\system32\drivers\pctgntdi.sys

+ 2011-09-14 16:10 . 2010-07-16 18:59 656320 c:\windows\system32\drivers\pctEFA.sys

+ 2011-09-14 16:10 . 2010-07-16 18:59 338880 c:\windows\system32\drivers\pctDS.sys

+ 2011-09-14 16:10 . 2011-03-10 14:06 263888 c:\windows\system32\drivers\PCTCore.sys

+ 2011-09-14 16:10 . 2011-03-11 12:06 160576 c:\windows\system32\drivers\PCTAppEvent.sys

+ 2011-09-14 16:13 . 2011-04-27 19:37 149456 c:\windows\SGDetectionTool.dll

+ 2011-09-14 15:23 . 2011-09-14 15:23 228352 c:\windows\Installer\91b513b.msi

+ 2011-09-15 03:17 . 2011-09-15 03:17 223744 c:\windows\Installer\1083848.msi

+ 2011-09-17 11:34 . 2011-09-17 11:34 356352 c:\windows\Installer\102a2a.msi

+ 2011-09-17 11:27 . 2011-09-17 11:27 316928 c:\windows\Installer\102a20.msi

+ 2011-09-17 11:26 . 2011-09-17 11:26 315392 c:\windows\Installer\102a15.msi

+ 2011-09-17 11:26 . 2011-09-17 11:26 356864 c:\windows\Installer\102a0a.msi

+ 2011-09-17 11:26 . 2011-09-17 11:26 359424 c:\windows\Installer\1029ff.msi

+ 2011-09-17 11:26 . 2011-09-17 11:26 316416 c:\windows\Installer\1029f4.msi

+ 2011-09-17 11:26 . 2011-09-17 11:26 356352 c:\windows\Installer\1029e9.msi

+ 2011-03-09 15:45 . 2011-09-15 03:19 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe

- 2011-03-09 15:45 . 2011-08-11 03:13 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe

- 2011-03-09 15:45 . 2011-08-11 03:13 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe

+ 2011-03-09 15:45 . 2011-09-15 03:19 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe

- 2011-03-09 15:45 . 2011-08-11 03:13 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe

+ 2011-03-09 15:45 . 2011-09-15 03:19 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe

- 2011-03-09 15:45 . 2011-08-11 03:13 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe

+ 2011-03-09 15:45 . 2011-09-15 03:19 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe

+ 2011-03-09 15:45 . 2011-09-15 03:19 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe

- 2011-03-09 15:45 . 2011-08-11 03:13 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe

+ 2011-03-09 15:45 . 2011-09-15 03:19 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe

- 2011-03-09 15:45 . 2011-08-11 03:13 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe

- 2011-03-09 15:45 . 2011-08-11 03:13 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe

+ 2011-03-09 15:45 . 2011-09-15 03:19 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe

+ 2011-06-06 16:55 . 2011-06-06 16:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 103848 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlrShim.exe

+ 2011-06-06 16:55 . 2011-06-06 16:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe

+ 2011-06-06 16:55 . 2011-06-06 16:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll

+ 2011-01-14 11:10 . 2011-01-14 11:10 155520 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD6.DLL

+ 2011-01-14 11:10 . 2011-01-14 11:10 140160 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL2.DLL

+ 2009-02-14 10:04 . 2009-02-14 10:04 625520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEWEBSERVICES.DLL

+ 2009-02-12 19:19 . 2009-02-12 19:19 688512 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEWEBPLATFORMSERVICES.DLL

+ 2009-03-06 08:33 . 2009-03-06 08:33 961888 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEUTIL.DLL

+ 2009-02-14 10:03 . 2009-02-14 10:03 337264 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVE.EXE

+ 2011-04-19 02:51 . 2011-04-19 02:51 3781960 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll

+ 2011-04-19 02:51 . 2011-04-19 02:51 3766600 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90.dll

+ 2009-06-26 23:07 . 2009-06-26 23:07 3780416 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4137_x-ww_a57b1f13\mfc90u.dll

+ 2009-06-26 23:07 . 2009-06-26 23:07 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4137_x-ww_a57b1f13\mfc90.dll

+ 2008-07-29 12:05 . 2008-07-29 12:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll

+ 2008-07-29 12:05 . 2008-07-29 12:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll

+ 2009-07-12 00:46 . 2009-07-12 00:46 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll

+ 2009-07-12 00:46 . 2009-07-12 00:46 1105920 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll

+ 2003-04-09 22:09 . 2011-09-17 14:17 3624328 c:\windows\system32\FNTCACHE.DAT

+ 2011-09-14 16:13 . 2011-04-27 19:37 1533904 c:\windows\PCTBDRes.dll

+ 2011-09-14 16:13 . 2011-04-27 19:37 2074576 c:\windows\PCTBDCore.dll

+ 2011-08-10 21:43 . 2011-08-10 21:43 3795968 c:\windows\Installer\1083861.msp

+ 2011-09-07 01:46 . 2011-09-07 01:46 9006080 c:\windows\Installer\108383d.msp

+ 2011-06-21 15:59 . 2011-06-21 15:59 1764352 c:\windows\Installer\1083823.msp

+ 2011-08-24 10:37 . 2011-08-24 10:37 4985856 c:\windows\Installer\1083805.msp

+ 2011-08-10 21:42 . 2011-08-10 21:42 7070208 c:\windows\Installer\10837eb.msp

+ 2011-07-21 16:34 . 2011-07-21 16:34 3456000 c:\windows\Installer\10837d2.msp

+ 2011-09-07 01:48 . 2011-09-07 01:48 8181248 c:\windows\Installer\10837c3.msp

+ 2011-07-27 11:39 . 2011-07-27 11:39 9892352 c:\windows\Installer\108377f.msp

+ 2011-09-17 11:36 . 2011-09-17 11:36 2096128 c:\windows\Installer\102a3c.msi

- 2011-03-09 15:45 . 2011-08-11 03:13 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe

+ 2011-03-09 15:45 . 2011-09-15 03:19 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe

- 2011-03-09 15:45 . 2011-08-11 03:13 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe

+ 2011-03-09 15:45 . 2011-09-15 03:19 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe

+ 2011-06-06 16:55 . 2011-06-06 16:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe

+ 2011-06-06 16:55 . 2011-06-06 16:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe

+ 2011-01-14 11:10 . 2011-01-14 11:10 2395008 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD.DLL

+ 2011-01-14 11:10 . 2011-01-14 11:10 2180992 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKPOWERPOINT.DLL

+ 2011-01-14 11:10 . 2011-01-14 11:10 3443072 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL.DLL

+ 2009-04-03 22:21 . 2009-04-03 22:21 8543096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OARTCONV.DLL

+ 2009-02-14 10:03 . 2009-02-14 10:03 3070832 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GROOVEDOCUMENTSHARETOOL.DLL

+ 2011-03-07 17:14 . 2011-09-15 03:07 46249416 c:\windows\system32\MRT.exe

+ 2011-09-05 22:01 . 2011-09-05 22:01 13135872 c:\windows\Installer\d4e44.msp

+ 2011-07-27 11:37 . 2011-07-27 11:37 11592192 c:\windows\Installer\10837a9.msp

+ 2011-06-06 16:55 . 2011-06-06 16:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll

+ 2009-04-03 22:21 . 2009-04-03 22:21 16037736 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OART.DLL

+ 2009-04-03 22:46 . 2009-04-03 22:46 17314688 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSO.DLL

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NVIEW"="nview.dll" [2003-07-28 852038]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X]

"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-03-12 114688]

"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-07-28 4841472]

"nwiz"="nwiz.exe" [2003-07-28 323584]

"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]

"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]

"Easy Synchronization"="c:\program files\Logitech\Easy Synchronization\LogitechEasySync.exe" [2005-10-05 53248]

"EPSON Stylus Photo R220 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE" [2005-03-09 98304]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-25 28672]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-03-19 2029640]

"PCTools FGuard"="c:\program files\PC Tools Security\BDT\FGuard.exe" [2011-04-27 247760]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Easy Synchronization"="c:\program files\Logitech\Easy Synchronization\LogitechEasySync.exe" [2005-10-05 53248]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-29 561213]

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2011-3-7 67128]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-3-7 805392]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{FE24CD78-7C63-465D-8787-4EDF7FC79895}"= "c:\program files\Logitech\Easy Synchronization\shellexecutehook.dll" [2005-10-05 69632]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-05-02 06:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]

2003-02-21 10:50 40960 ----a-w- c:\program files\Softex\OmniPass\OPXPGina.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MBCameraMonitor.lnk]

backup=c:\windows\pss\MBCameraMonitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]

backup=c:\windows\pss\Updates from HP.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

backup=c:\windows\pss\Windows Search.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk]

backup=c:\windows\pss\spamsubtract.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-06-06 16:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-09-05 17:04 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]

2002-06-22 14:27 69632 ----a-w- c:\program files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]

1998-05-07 23:04 52736 ----a-w- c:\windows\system\hpsysdrv.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2008-06-24 21:06 1840424 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-03-07 20:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]

2009-02-25 16:14 2387968 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2008-07-09 20:39 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]

2003-03-18 08:50 331776 ----a-w- c:\windows\CREATOR\Remind_XP.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]

2002-04-18 00:42 69632 ----a-w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]

2003-02-13 15:01 155648 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2003-04-10 06:36 151597 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

2011-04-22 12:21 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2011-03-22 18:37 74752 ----a-w- c:\program files\Winamp\winampa.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2006-10-19 00:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"omniserv"=2 (0x2)

"WMPNetworkSvc"=2 (0x2)

"ose"=3 (0x3)

"odserv"=3 (0x3)

"NVSvc"=2 (0x2)

"NMIndexingService"=3 (0x3)

"LightScribeService"=2 (0x2)

"JavaQuickStarterService"=2 (0x2)

"iPod Service"=3 (0x3)

"Bonjour Service"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\mIRC\\mirc.exe"=

"c:\\Acid-Chat\\mirc.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Barnes & Noble\\NOOKstudy\\NOOKstudy.exe"=

"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [9/14/2011 12:10 PM 263888]

R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [9/14/2011 12:10 PM 338880]

R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [9/14/2011 12:10 PM 656320]

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [9/16/2011 10:09 PM 51984]

R0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [9/16/2011 10:09 PM 69392]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [7/9/2011 5:46 PM 218688]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [3/19/2009 11:44 AM 107256]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3/19/2009 11:45 AM 93848]

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [9/14/2011 12:10 PM 251560]

R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [9/14/2011 12:10 PM 233976]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [9/14/2011 12:13 PM 337872]

R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [3/19/2009 11:44 AM 731840]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [4/22/2011 8:21 AM 92592]

R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [9/16/2011 10:09 PM 33552]

S3 CallerIP;Visualware CallerIP;c:\program files\CallerIP\cip-nt.exe --> c:\program files\CallerIP\cip-nt.exe [?]

S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [9/14/2011 12:09 PM 70536]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [9/14/2011 12:09 PM 371472]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]

S3 ThreatFire;ThreatFire;c:\program files\PC Tools Security\TFEngine\TFService.exe service --> c:\program files\PC Tools Security\TFEngine\TFService.exe service [?]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - PCTSDInjDriver32

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-02-25 16:12 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-18 c:\windows\Tasks\AdobeAAMUpdater-1.0-HOME1-Owner.job

- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-09-17 07:44]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uDefault_Search_URL = hxxp://srch-us8.hpwis.com/

uInternet Settings,ProxyOverride = 127.0.0.1;localhost;*.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

LSP: SpSubLSP.dll

LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

TCP: DhcpNameServer = 24.178.162.3 97.81.22.195 24.159.64.23

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\twatzv4a.default\

FF - prefs.js: browser.startup.homepage - www.google.com

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-AppleUpdate - c:\documents and settings\Owner\Application Data\Apple Computer\AppleUpdate\Appleupdt32.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-09-18 08:51

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]

@Denied: (2) (LocalSystem)

@SACL=

"AppDataDir"="c:\\Documents and Settings\\All Users\\Application Data\\ESET\\ESET NOD32 Antivirus\\"

"DataDir"="ESET\\ESET NOD32 Antivirus\\"

"EditionName"=" "

"InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\"

"LanguageId"=dword:00000409

"PackageTag"=dword:6090e758

"ProductBase"=dword:00000000

"ProductCode"="{FE9C13F6-6BBD-47D3-B939-F7E061BC4930}"

"ProductName"="ESET NOD32 Antivirus"

"ProductType"="eav"

"ProductVersion"="4.0.417.0"

"UniqueId"="000915704E6B3D33"

"ScannerBuild"=dword:0000121d

"ScannerVersionId"=dword:00000f6c

"ScannerVersion"="Locked/open ESET for status."

"FixId"=dword:00000009

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(652)

c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

c:\program files\Softex\OmniPass\opxpgina.dll

c:\program files\common files\logitech\bluetooth\LBTServ.dll

.

Completion time: 2011-09-18 09:03:48

ComboFix-quarantined-files.txt 2011-09-18 13:03

ComboFix2.txt 2011-09-12 13:07

ComboFix3.txt 2011-09-05 16:56

.

Pre-Run: 53,924,163,584 bytes free

Post-Run: 54,016,499,712 bytes free

.

- - End Of File - - B293299EDCBC51551C9B1886BC6A80D2

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15

Run by Owner at 9:19:41 on 2011-09-18

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.875 [GMT -4:00]

.

AV: Spyware Doctor with AntiVirus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE

C:\Program Files\Softex\OmniPass\OPXPApp.exe

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\Logitech\Easy Synchronization\servicestub.exe

C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HP\KBD\KBD.EXE

C:\WINDOWS\ALCXMNTR.EXE

C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Logitech\SetPoint\LBTWiz.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\PC Tools Security\BDT\FGuard.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Search_URL = hxxp://srch-us8.hpwis.com/

uInternet Settings,ProxyOverride = 127.0.0.1;localhost;*.local

uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: hp toolkit: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\hp\explorebar\HPTOOLKT.DLL

TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

EB: hp toolkit: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll

uRun: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [KBD] c:\hp\kbd\KBD.EXE

mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [PS2] c:\windows\system32\ps2.exe

mRun: [AlcxMonitor] ALCXMNTR.EXE

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [Easy Synchronization] c:\program files\logitech\easy synchronization\LogitechEasySync.exe

mRun: [EPSON Stylus Photo R220 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [bluetooth Connection Assistant] LBTWIZ.EXE -silent

mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice

mRun: [PCTools FGuard] c:\program files\pc tools security\bdt\FGuard.exe

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

mRunOnce: [Easy Synchronization] c:\program files\logitech\easy synchronization\LogitechEasySync.exe --ports

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

LSP: SpSubLSP.dll

LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1299511789140

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1299531100718

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 24.178.162.3 97.81.22.195 24.159.64.23

TCP: Interfaces\{B2323E0A-FEB5-49CA-922A-B7F8E0E7FCB0} : DhcpNameServer = 24.178.162.3 97.81.22.195 24.159.64.23

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxsrvc.dll

Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

Notify: OPXPGina - c:\program files\softex\omnipass\opxpgina.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: ShellExecuteHook class: {fe24cd78-7c63-465d-8787-4edf7fc79895} - c:\program files\logitech\easy synchronization\shellexecutehook.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\twatzv4a.default\

FF - prefs.js: browser.startup.homepage - www.google.com

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll

FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll

FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll

FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll

.

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

.

============= SERVICES / DRIVERS ===============

.

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-9-14 263888]

R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-9-14 338880]

R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-9-14 656320]

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-9-16 51984]

R0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-9-16 69392]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-7-9 218688]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-3-19 107256]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-3-19 93848]

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2011-9-14 251560]

R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2011-9-14 233976]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2011-9-14 337872]

R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-3-19 731840]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592]

S3 CallerIP;Visualware CallerIP;c:\program files\callerip\cip-nt.exe --> c:\program files\callerip\cip-nt.exe [?]

S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2011-9-14 70536]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-9-14 371472]

S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-9-14 1117144]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-9-16 33552]

S3 ThreatFire;ThreatFire;c:\program files\pc tools security\tfengine\tfservice.exe service --> c:\program files\pc tools security\tfengine\TFService.exe service [?]

.

=============== Created Last 30 ================

.

2011-09-18 12:21:31 -------- d-----w- C:\ComboFix

2011-09-17 11:49:16 -------- d-----w- c:\documents and settings\all users\application data\regid.1986-12.com.adobe

2011-09-17 02:09:30 69392 --s---w- c:\windows\system32\drivers\TfSysMon.sys

2011-09-17 02:09:30 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys

2011-09-17 02:09:30 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys

2011-09-15 10:14:45 -------- d-----w- c:\documents and settings\owner\local settings\application data\Threat Expert

2011-09-14 16:13:26 767952 ----a-w- c:\windows\BDTSupport.dll

2011-09-14 16:13:25 149456 ----a-w- c:\windows\SGDetectionTool.dll

2011-09-14 16:13:24 2074576 ----a-w- c:\windows\PCTBDCore.dll

2011-09-14 16:13:24 1533904 ----a-w- c:\windows\PCTBDRes.dll

2011-09-14 16:10:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys

2011-09-14 16:10:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys

2011-09-14 16:10:55 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2011-09-14 16:10:18 263888 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2011-09-14 16:10:18 160576 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2011-09-14 16:10:09 233976 ----a-w- c:\windows\system32\drivers\PCTSD.sys

2011-09-14 16:09:48 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2011-09-14 16:08:59 -------- d-----w- c:\documents and settings\all users\application data\PC Tools

2011-09-14 15:26:56 767952 ----a-w- c:\windows\BDTSupport.dll0945.old

2011-09-14 15:26:55 149456 ----a-w- c:\windows\SGDetectionTool.dll0945.old

2011-09-14 15:26:54 2074576 ----a-w- c:\windows\PCTBDCore.dll0945.old

2011-09-14 15:23:09 -------- d-----w- c:\program files\common files\PC Tools

2011-09-14 15:23:08 -------- d-----w- c:\program files\PC Tools Security

2011-09-14 14:40:41 -------- d-----w- c:\documents and settings\owner\a

2011-09-10 10:28:26 -------- d-----w- c:\program files\ESET

2011-09-09 14:04:33 -------- d-----w- c:\documents and settings\all users\application data\PIXELA

2011-09-09 13:57:29 -------- d-----w- c:\program files\PIXELA

2011-09-09 13:56:26 -------- d-----w- c:\program files\Digital Photo Navigator 1.5

2011-09-08 18:07:16 388096 ----a-r- c:\documents and settings\owner\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-09-08 18:07:12 -------- d-----w- c:\program files\Trend Micro

2011-09-07 23:47:28 -------- d-----w- c:\program files\AviSynth 2.5

2011-09-07 23:45:33 -------- d-----w- c:\program files\AutoGK

2011-09-07 18:19:49 -------- d-----w- c:\program files\Xilisoft

2011-09-06 19:25:30 22 --sha-w- c:\documents and settings\owner\application data\Sys2662.Config.Repository.bin

2011-09-06 18:05:45 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-09-06 18:05:45 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy

2011-09-05 17:18:00 -------- d-----w- c:\program files\EPSON Print CD

2011-09-05 17:04:56 183696 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

2011-09-05 17:04:56 183696 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

2011-09-05 16:42:21 98816 ----a-w- c:\windows\sed.exe

2011-09-05 16:42:21 518144 ----a-w- c:\windows\SWREG.exe

2011-09-05 16:42:21 256000 ----a-w- c:\windows\PEV.exe

2011-09-05 16:42:21 208896 ----a-w- c:\windows\MBR.exe

2011-09-03 10:17:37 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll

2011-09-02 16:51:47 645632 ----a-w- c:\windows\system32\xvidcore.dll

2011-09-02 16:51:47 240640 ----a-w- c:\windows\system32\xvidvfw.dll

2011-09-02 16:51:47 153088 ----a-w- c:\windows\system32\xvid.ax

2011-09-02 16:51:13 -------- d-----w- c:\program files\Xvid

2011-09-02 16:29:31 -------- d-----w- c:\program files\iOrgSoft

2011-09-02 16:28:40 -------- d-----w- c:\documents and settings\owner\application data\GetRightToGo

2011-09-02 16:27:08 40960 ----a-w- c:\windows\system\vdremote.dll

2011-09-02 16:27:08 36864 ----a-w- c:\windows\system\vdsvrlnk.dll

.

==================== Find3M ====================

.

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-08 09:42:18 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-20 00:55:00 21064 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-07-16 18:30:04 30601 ----a-w- c:\windows\java\x.exe

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-09 21:46:29 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-23 18:36:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec

2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll

.

============= FINISH: 9:23:09.79 ===============

Link to post
Share on other sites

  • Staff

Which antivirus did you end up uninstalling??

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=8903d290e056124086692190e07acb93

# end=stopped

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-09-21 11:06:07

# local_time=2011-09-21 07:06:07 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 175171 175171 0 0

# compatibility_mode=2560 16777191 100 0 0 0 0 0

# compatibility_mode=8199 22380389 100 100 0 78203111 0 0

# scanned=16911

# found=1

# cleaned=1

# scan_time=1166

# nod_component=V3 Build:0x30000000

C:\Documents and Settings\Owner\Application Data\Apple Computer\AppleUpdate\Appleupdt32.dll a variant of Win32/Kryptik.TAF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

esets_scanner_update returned -1 esets_gle=53251

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=8903d290e056124086692190e07acb93

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-09-21 02:01:22

# local_time=2011-09-21 10:01:22 (-0500, Eastern Daylight Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 177047 177047 0 0

# compatibility_mode=2560 16777191 100 0 0 0 0 0

# compatibility_mode=8199 22380389 100 100 0 78204987 0 0

# scanned=172430

# found=42

# cleaned=42

# scan_time=9808

# nod_component=V3 Build:0x30000000

C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bt1q2dom.default\extensions\{0d63b291-a5b8-4171-8504-17c2bc8cd530}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bt1q2dom.default\extensions\{78d1df97-397b-423a-814e-318d85167c35}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bt1q2dom.default\extensions\{7de83ea9-816d-4113-bc37-4e7ebfef6ee1}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bt1q2dom.default\extensions\{a025c798-c6f6-4b99-80dc-3687e85e074d}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bt1q2dom.default\extensions\{e7a6ac18-214b-492f-a2c2-c2404b2a7e79}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\DirectxServiceTray.dll.vir a variant of Win32/Kryptik.TAF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\twatzv4a.default\extensions\{0d63b291-a5b8-4171-8504-17c2bc8cd530}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\twatzv4a.default\extensions\{78d1df97-397b-423a-814e-318d85167c35}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\twatzv4a.default\extensions\{7de83ea9-816d-4113-bc37-4e7ebfef6ee1}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\twatzv4a.default\extensions\{a025c798-c6f6-4b99-80dc-3687e85e074d}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\twatzv4a.default\extensions\{e7a6ac18-214b-492f-a2c2-c2404b2a7e79}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP343\A0073373.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP344\A0073395.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP344\A0074374.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP344\A0074375.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP345\A0074410.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP345\A0074592.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP345\A0074593.dll a variant of Win32/Kryptik.TAF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP345\A0074594.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP345\A0074595.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP345\A0075375.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP345\A0075376.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP346\A0075415.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP346\A0075416.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP347\A0075436.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP347\A0075539.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP347\A0075541.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP347\A0075915.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP347\A0075916.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP347\A0077139.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP347\A0077140.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP347\A0077210.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP347\A0077211.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP352\A0082019.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP352\A0082020.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP352\A0082021.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP352\A0082022.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP352\A0082023.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP352\A0082024.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP355\A0084308.dll a variant of Win32/Kryptik.TAF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

H:\justin\jutty--to burn\Progs - most burned off\Hirens Boot CD 10.4\HBCDCustomize.exe a variant of Win32/Injector.AZX trojan (deleted - quarantined) 00000000000000000000000000000000 C

H:\justin\jutty--to burn\Progs - most burned off\NERO LITE MICRO EDITION 9.4.13.2 (SUPPORTING 22 LANG) - SHAMNBOYZ !!!\Nero Lite Micro.exe Win32/Packed.Autoit.C.Gen application (deleted - quarantined) 00000000000000000000000000000000 C

Results of screen317's Security Check version 0.99.18

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET NOD32 Antivirus

ESET Online Scanner v3

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

CCleaner

Java 6 Update 15

Out of date Java installed!

Adobe Flash Player 10.3.183.7

Adobe Reader X (10.1.1)

Mozilla Firefox (x86 en-US..)

````````````````````````````````

Process Check:

objlist.exe by Laurent

``````````End of Log````````````

I ended up Disabling the spyware doctor antivirus...last time i used spyware doc it didnt have AV ,,was just the spyware thing.

Anyways ,,things seem to be running ok atm,, It was just that first trojan thing that was giving me a problem

I did notice this pop up again "appleupdt32.dll"

C:\Documents and Settings\Owner\Application Data\Apple Computer\AppleUpdate\Appleupdt32.dll a variant of Win32/Kryptik.TAF trojan (cleaned by deleting - quarantined)

So it seems it was quarantined, just need to keep eye on it.

Link to post
Share on other sites

  • Staff

If it pops up again, let me know.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program(s) (if present):

ESET Online Scanner v3

Java™ 6 Update 15

Restart your computer.

Get the latest version of Java.

Let me know what issues remain.

-screen317

Link to post
Share on other sites

If it pops up again, let me know.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program(s) (if present):

ESET Online Scanner v3

Java™ 6 Update 15

Restart your computer.

Get the latest version of Java.

Let me know what issues remain.

-screen317

Hiya.

Yup looks like everything is working great now..

No issues that i can see :)

Link to post
Share on other sites

Hi, May I add to this topic? Oh, my goodness. This is the 4th day I have been trying to get rid of this thing! Glad to find info here - thanx!

I followed the instructions. After installing ComboFix, look at the message it gave me:

ComboFixFoundRootkitZeroAccess100211.JPG

Nice one! I am following the rest of the instructions. Would you care to check out the log file ComboFix created?

Thanx!

Link to post
Share on other sites

Here is the result of the security check:

Results of screen317's Security Check version 0.99.20

Windows XP Service Pack 2

Out of date service pack!!

Internet Explorer 6 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Online Scanner v3

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

CCleaner (remove only)

Java 6 Update 22

Out of date Java installed!

Flash Player Out of Date!

Adobe Flash Player 10.0.42.34

Mozilla Firefox ((3.6.15)) Firefox Out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

``````````End of Log````````````

Link to post
Share on other sites

Thanx, screen371, for all your efforts and help! They speak very highly of Malwarebytes at my host, Fluidhosting!

I ran one more Malwarebytes in regular mode before I signed off last night, after completing the above steps, and it showed zero infections. My computer is really fast right now!

But I ran a PCTools Registry Mechanic scan, and alot of the registries had to be fixed. That was before the Malwarebytes.

Link to post
Share on other sites

  • Staff

jben04,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program(s) (if present):

ESET Online Scanner v3

Java™ 6 Update 15

Restart your computer.

Get the latest version of Java.

Let me know what issues remain.

-screen317

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.