View Full Version : 15 Virtumonde infections in Spybot
Hi
Friends and Experts
I see Virtumonde is very common in here. So my case doesn’t bring up any news. :)
Anyway,
Spybot find and display 15 Virtumonde infections with either a dll, prx or no extension
It removes them but require reboot to scan again. I restart but Spybot still find the infections no matter how many times I reboot and spybot scans my computer at startup.
What else I can say about my situation, windows update is disabled and can't be activated again. Also when I start and use IE, some pop-ups windows with Spam all the time. In that I then diffiantly don't use that program anymore, before my computer is clean.
Also by start up there displaying a few black windows a moment and windows tells that some dll file(s) is missing. I think that is the infection it asked about.
Another case: if I let Spybot not fix the infections at boot, windows won't load my desktop and I then forced to reboot and rescan again.
I haven't used my computer much since the infection, so I will just keep that plan.
Just I don’t really feel the computer has gotten slower.
I will of cause report if I do any special changes on my computer though the process other than you need to tell me I need to do.
I have read all the sticky’s around here very carefully and read a few tropics, so
I know how you do this process, so things give me enough understanding to me.
I am going to say thanks very much for help and I hope we find a way together fix my pc.
Spybot couldn’t fix this so I leave it to the Experts :)
Thank you
Greetings
Meizu
Here is the log file of HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:41:16, on 15-09-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
D:\Programmer\Lavasoft\Ad-Aware\aawservice.exe
d:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
d:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Viewpoint\Common\ViewpointService.exe
d:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
d:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmer\Viewpoint\Viewpoint Manager\ViewMgr.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
d:\Programmer\Trend Micro\HijackThis\HijackThis.exe
C:\Programmer\Outlook Express\msimn.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Microsoft Office\OFFICE11\WINWORD.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] d:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "d:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programmer\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [00e3503f] rundll32.exe "C:\WINDOWS\system32\abhcgmms.dll",b
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "D:\Pc Planet\Spybot - Search & Destroy\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA2569] command /c del "C:\WINDOWS\system32\awtrQJYR.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4390] cmd /c del "C:\WINDOWS\system32\awtrQJYR.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &ieSpell Options - res://d:\Programmer\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://d:\Programmer\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://d:\Programmer\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://d:\Programmer\ieSpell\wikipedia.HTM
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - d:\Programmer\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - d:\Programmer\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - d:\Programmer\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - d:\Programmer\ieSpell\iespell.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PCPLAN~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PCPLAN~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tdconline.dk/start
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_premium.pl?3&6&04.00.09.13&premium&unknown&http://www.fujifilm.com/products/digital_cameras/f/finepix_f40fd/simulation.html?noreloadredir
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/dk/win/QuickTimeFullInstaller.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1220700227043&h=91a7038699237b308bd3d1b5acb65f0c/&filename=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.fyn.dk/external/activex/AxisCamControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} (moDiagCollectionActiveX Object) - http://yme.music.yahoo.com/qos/cabs/DiagCollectionControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4C303F8-E336-44CA-AC69-444BA456C844}: NameServer = 193.162.153.164,194.239.134.83
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: sxqcpi.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Programmer\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - d:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - d:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - d:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - d:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programmer\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: ptssvc - PCTEL, INC. - (no file)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Programmer\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 9758 bytes
Hello and Welcome to the forums!
My name is peku006 and I will be helping you to remove any infection(s) that you may have.
Please observe these rules while we work:
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Please continue to respond until I give you the "All Clear"
If you follow these instructions, everything should go smoothly.
1 - Scan With ComboFix
Please visit this webpage for download links, and instructions for running ComboFix -
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once installed, you should see a blue screen prompt that says -
The Recovery Console was successfully installed.
Please continue as follows -
Close/Disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
2 - uninstall list
Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:
1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
3 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad
4 - Status Check
Please reply with
1. the ComboFix log(C:\ComboFix.txt)
2. the uninstall list
3. a fresh HijackThis log
Thanks peku006
Hi again. Proces done!
Spybot did suddenly start to scan to my computer again at that time I've moved the recovery console program to combofix but it did quckly stopped it again somehow. After my computer did a reboot I've got the log by combofix as usual. :)
XP did stil ask for missing dll file on that reboot but here are the logs:
ComboFix 08-09-15.02 - Michael 2008-09-16 19:34:15.1 - NTFSx86
Running from: C:\Documents and Settings\Michael\Skrivebord\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Karina\Cookies\karina@dk.msn[2].txt
C:\Documents and Settings\Michael\Cookies\michael@2o7[1].txt
C:\Documents and Settings\Michael\Cookies\michael@clicktorrent[1].txt
C:\Documents and Settings\Michael\Lokale indstillinger\Temporary Internet Files\633283068578125000.html
C:\Documents and Settings\Michael\Lokale indstillinger\Temporary Internet Files\633283074873437500.html
C:\Documents and Settings\Michael\Lokale indstillinger\Temporary Internet Files\633283168405312500.html
C:\Documents and Settings\Michael\Lokale indstillinger\Temporary Internet Files\633283169191875000.html
C:\WINDOWS\BM03d063a3.txt
C:\WINDOWS\BM03d063a3.xml
C:\WINDOWS\system32\actskn43.ocx
C:\WINDOWS\system32\awtrQJYR.dll
C:\WINDOWS\system32\brehanqs.dll
C:\WINDOWS\system32\cacepnvx.ini
C:\WINDOWS\system32\kjjlm.tmp
C:\WINDOWS\system32\kjjlm.tmp2
C:\WINDOWS\system32\kyyywq.dll
C:\WINDOWS\system32\nfhwlftk.dll
C:\WINDOWS\system32\smmgchba.ini
C:\WINDOWS\system32\vtUooOFy.dll
C:\WINDOWS\system32\xvnpecac.dll
C:\WINDOWS\system32\yFOooUtv.ini
C:\WINDOWS\system32\yFOooUtv.ini2
.
((((((((((((((((((((((((( Files Created from 2008-08-16 to 2008-09-16 )))))))))))))))))))))))))))))))
.
2008-09-14 21:55 . 2008-09-14 21:55 111,616 --a------ C:\WINDOWS\system32\sxqcpi.dll
2008-09-14 21:55 . 2008-09-14 21:55 111,616 --a------ C:\WINDOWS\system32\sdwtdbcw.dll
2008-09-14 15:41 . 2008-09-14 15:41 111,616 --a------ C:\WINDOWS\system32\grxqsrgy.dll
2008-09-14 15:41 . 2008-09-14 15:41 111,616 --a------ C:\WINDOWS\system32\coruss.dll
2008-09-14 14:28 . 2008-09-14 14:28 0 --ahs---- C:\WINDOWS\S8A120B56.tmp
2008-09-06 13:25 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-06 13:23 . <DIR> C:\Programmer\Fælles filer\Java
2008-09-06 13:20 . <DIR> C:\Programmer\Fælles filer\Adobe AIR
2008-09-06 11:12 . 2008-09-06 11:51 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-16 17:49 12,156,960 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-16 17:46 4,766,133 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-09-16 17:45 52,736 ----a-w C:\WINDOWS\Internet Logs\xDB9E.tmp
2008-09-16 17:45 2,396,672 ----a-w C:\WINDOWS\Internet Logs\xDB9F.tmp
2008-09-16 17:45 147,596 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-15 15:23 --------- d-----w C:\Documents and Settings\Michael\Application Data\BitTorrent
2008-09-14 20:09 31,744 ----a-w C:\WINDOWS\Internet Logs\xDB9D.tmp
2008-09-14 17:54 94,208 ----a-w C:\WINDOWS\Internet Logs\xDB9B.tmp
2008-09-14 17:54 2,357,760 ----a-w C:\WINDOWS\Internet Logs\xDB9C.tmp
2008-09-14 17:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-14 15:22 985,088 ----a-w C:\WINDOWS\Internet Logs\xDB9A.tmp
2008-09-14 13:28 --------- d-----w C:\Documents and Settings\Michael\Application Data\LimeWire
2008-09-06 21:23 932,352 ----a-w C:\WINDOWS\Internet Logs\xDB99.tmp
2008-09-06 13:58 --------- d-----w C:\Documents and Settings\Michael\Application Data\wsInspector
2008-09-06 11:25 --------- d-----w C:\Programmer\Java
2008-09-06 11:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\NOS
2008-09-06 11:18 --------- d-----w C:\Programmer\Fælles filer\Adobe
2008-09-06 11:13 --------- d-----w C:\Programmer\NOS
2008-09-06 11:00 --------- d-----w C:\Programmer\Sony
2008-09-06 10:48 --------- d--h--w C:\Programmer\InstallShield Installation Information
2008-09-06 10:46 --------- d-----w C:\Programmer\Fælles filer\Macromedia
2008-09-06 10:22 --------- d-----w C:\Programmer\Google
2008-09-05 11:55 73,728 ----a-w C:\WINDOWS\Internet Logs\xDB98.tmp
2008-08-31 20:56 128,000 ----a-w C:\WINDOWS\Internet Logs\xDB97.tmp
2008-08-31 19:30 --------- d-----w C:\Documents and Settings\Michael\Application Data\Apple Computer
2008-08-20 19:58 226,816 ----a-w C:\WINDOWS\Internet Logs\xDB96.tmp
2008-08-19 20:38 2,252,288 ----a-w C:\WINDOWS\Internet Logs\xDB95.tmp
2008-08-17 20:19 313,856 ----a-w C:\WINDOWS\Internet Logs\xDB93.tmp
2008-08-17 20:19 2,251,264 ----a-w C:\WINDOWS\Internet Logs\xDB94.tmp
2008-08-16 21:01 2,241,024 ----a-w C:\WINDOWS\Internet Logs\xDB92.tmp
2008-08-14 20:40 194,048 ----a-w C:\WINDOWS\Internet Logs\xDB91.tmp
2008-08-14 17:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-11 09:16 56,832 ----a-w C:\WINDOWS\Internet Logs\xDB8F.tmp
2008-08-11 09:16 2,222,592 ----a-w C:\WINDOWS\Internet Logs\xDB90.tmp
2008-08-07 23:33 47,616 ----a-w C:\WINDOWS\Internet Logs\xDB8D.tmp
2008-08-07 23:33 2,220,544 ----a-w C:\WINDOWS\Internet Logs\xDB8E.tmp
2008-08-05 23:45 62,976 ----a-w C:\WINDOWS\Internet Logs\xDB8C.tmp
2008-08-04 22:49 46,080 ----a-w C:\WINDOWS\Internet Logs\xDB8B.tmp
2008-08-02 23:26 63,488 ----a-w C:\WINDOWS\Internet Logs\xDB8A.tmp
2008-07-30 21:59 60,928 ----a-w C:\WINDOWS\Internet Logs\xDB89.tmp
2008-07-28 17:46 44,544 ----a-w C:\WINDOWS\Internet Logs\xDB87.tmp
2008-07-28 17:46 2,204,672 ----a-w C:\WINDOWS\Internet Logs\xDB88.tmp
2008-07-26 19:59 2,201,600 ----a-w C:\WINDOWS\Internet Logs\xDB86.tmp
2008-07-26 19:58 703,488 ----a-w C:\WINDOWS\Internet Logs\xDB85.tmp
2008-07-26 17:54 --------- d-----w C:\Programmer\Fælles filer\Wise Installation Wizard
2008-07-26 17:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-23 22:11 43,008 ----a-w C:\WINDOWS\Internet Logs\xDB83.tmp
2008-07-23 22:11 2,180,096 ----a-w C:\WINDOWS\Internet Logs\xDB84.tmp
2008-07-21 21:51 74,752 ----a-w C:\WINDOWS\Internet Logs\xDB82.tmp
2008-07-18 15:44 190,464 ----a-w C:\WINDOWS\Internet Logs\xDB81.tmp
2008-07-18 13:27 --------- d-----w C:\Documents and Settings\Michael\Application Data\J River
2008-07-17 20:56 2,165,760 ----a-w C:\WINDOWS\Internet Logs\xDB80.tmp
2008-07-17 20:56 184,320 ----a-w C:\WINDOWS\Internet Logs\xDB7F.tmp
2008-07-17 00:12 28,672 ----a-w C:\WINDOWS\system32\drivers\VClone.sys
2008-07-15 16:33 2,162,176 ----a-w C:\WINDOWS\Internet Logs\xDB7E.tmp
2008-07-14 16:40 2,161,664 ----a-w C:\WINDOWS\Internet Logs\xDB7D.tmp
2008-07-13 18:30 2,161,152 ----a-w C:\WINDOWS\Internet Logs\xDB7C.tmp
2008-07-12 22:21 2,160,640 ----a-w C:\WINDOWS\Internet Logs\xDB7B.tmp
2008-07-12 22:20 54,272 ----a-w C:\WINDOWS\Internet Logs\xDB7A.tmp
2008-07-12 13:05 2,168,832 ----a-w C:\WINDOWS\Internet Logs\xDB79.tmp
2008-07-10 20:14 2,159,104 ----a-w C:\WINDOWS\Internet Logs\xDB78.tmp
2008-07-10 20:14 190,464 ----a-w C:\WINDOWS\Internet Logs\xDB77.tmp
2008-07-10 11:24 68,096 ----a-w C:\WINDOWS\Internet Logs\xDB76.tmp
2008-07-09 19:03 3,492,352 ----a-w C:\WINDOWS\Internet Logs\xDB75.tmp
2008-07-09 07:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2008-07-03 22:17 2,129,408 ----a-w C:\WINDOWS\Internet Logs\xDB74.tmp
2008-07-03 22:17 1,232,384 ----a-w C:\WINDOWS\Internet Logs\xDB73.tmp
2008-07-02 21:17 4,595,200 ----a-w C:\WINDOWS\Internet Logs\xDB71.tmp
2008-07-02 21:17 2,123,776 ----a-w C:\WINDOWS\Internet Logs\xDB72.tmp
2008-06-26 20:26 3,376,640 ----a-w C:\WINDOWS\Internet Logs\xDB70.tmp
2008-06-18 19:44 2,104,832 ----a-w C:\WINDOWS\Internet Logs\xDB6F.tmp
2008-06-18 19:44 1,322,496 ----a-w C:\WINDOWS\Internet Logs\xDB6E.tmp
2008-06-17 20:46 486,400 ----a-w C:\WINDOWS\Internet Logs\xDB6D.tmp
2008-06-17 16:28 3,658,752 ----a-w C:\WINDOWS\Internet Logs\xDB6B.tmp
2008-06-17 16:28 2,104,320 ----a-w C:\WINDOWS\Internet Logs\xDB6C.tmp
2001-11-23 04:08 712,704 -c--a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
1999-12-13 12:38 135,168 -c--a-w C:\WINDOWS\inf\Agfa\message.exe
2008-02-27 20:18 80 -csh--r C:\WINDOWS\system32\DEAE0E8E6F.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 15360]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-22 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="d:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"QuickTime Task"="D:\Programmer\K-Lite Codec Pack\QuickTime\qttask.exe" [2008-05-27 413696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-27 15360]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-22 68856]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=kyyywq.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"msacm.l3acm"= C:\WINDOWS\system32\l3codecp.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"vidc.yv12"= yv12vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3codec"= C:\WINDOWS\system32\l3codecp.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmer\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Programmer\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"C:\\Programmer\\Messenger\\msmsgs.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmer\\DNA\\btdna.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
S2 WinDriver;WinDriver;C:\WINDOWS\system32\drivers\WINDRVR.SYS [ ]
S3 getPlus(R) Helper;getPlus(R) Helper;C:\Programmer\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 MusCDriverV32;MusCDriverV32;C:\WINDOWS\system32\drivers\MusCDriverV32.sys [2007-06-15 513152]
S3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys [2001-08-17 112574]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{582610B8-E496-4813-993C-4B027173FE38}]
C:\Programmer\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
BHO-{2efe34db-dfd5-4eb5-9982-9d65f0669035} - C:\WINDOWS\system32\kyyywq.dll
BHO-{55737035-1B75-48DD-A4D8-66155D8AC7A3} - C:\WINDOWS\system32\awtrQJYR.dll
BHO-{60F3521C-1485-4096-A155-2FF238B0591D} - (no file)
BHO-{987B8710-FEB1-4355-B8A3-D9D200B4AE08} - C:\WINDOWS\system32\vtUooOFy.dll
HKLM-Run-00e3503f - C:\WINDOWS\system32\xvnpecac.dll
ShellExecuteHooks-{55737035-1B75-48DD-A4D8-66155D8AC7A3} - C:\WINDOWS\system32\awtrQJYR.dll
Notify-mlljg - (no file)
Notify-vtuurqq - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\hxjm9x6z.default\
.
.
------- File Associations -------
.
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-16 19:48:03
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\WgaTray.exe
D:\Programmer\Lavasoft\Ad-Aware\aawservice.exe
D:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
D:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\pctspk.exe
C:\Programmer\Viewpoint\Common\ViewpointService.exe
C:\Programmer\Viewpoint\Viewpoint Manager\ViewMgr.exe
D:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
.
**************************************************************************
.
Completion time: 2008-09-16 20:05:08 - machine was rebooted [Michael]
ComboFix-quarantined-files.txt 2008-09-16 18:04:42
Pre-Run: 5,186,191,360 byte ledig
Post-Run: 5,449,342,976 byte ledig
223 --- E O F --- 2008-09-09 23:06:31
Acrobat.com
Acrobat.com
Ad-Aware
Adobe AIR
Adobe AIR
Adobe Reader 9
Adobe Shockwave Player 11
Athlon 64 Processor Driver
Audacity 1.2.6
Autopano Pro
avast! Antivirus
AviSynth 2.5
Brother MFL-Pro Suite
C-Media WDM Audio Driver
Compatibility Pack for the 2007 Office system
dBpoweramp DSP Effects
dBpoweramp FLAC Codec
dBpoweramp Midi Decoder
dBpoweramp Monkeys Audio Codec
dBpoweramp Music Converter
dBpoweramp Ogg Vorbis Codec
dBpoweramp Windows Media Audio 10 Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Feed Detector (Windows Live Toolbar)
ffdshow [rev 1324] [2007-07-01]
getPlus(R) for Adobe
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
High Quality Photo Resizer 1.60
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix til Windows Internet Explorer 7 (KB947864)
Hotfix til Windows Media Player 11 (KB939683)
Hotfix til Windows XP (KB914440)
Hotfix til Windows XP (KB952287)
HSP56 MicroModem Drivers
ieSpell
Java(TM) 6 Update 7
K-Lite Codec Pack 3.8.0 Full
Logitech Desktop Messenger
Logitech Harmony Remote Software 7
Media Center 12
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.16)
Mp3tag v2.41
Musicmatch® Jukebox
Nero 6 Ultra Edition
Opdatering til Windows XP (KB894391)
Opdatering til Windows XP (KB896727)
Opdatering til Windows XP (KB898461)
Opdatering til Windows XP (KB900485)
Opdatering til Windows XP (KB904942)
Opdatering til Windows XP (KB910437)
Opdatering til Windows XP (KB916595)
Opdatering til Windows XP (KB920872)
Opdatering til Windows XP (KB922582)
Opdatering til Windows XP (KB927891)
Opdatering til Windows XP (KB929338)
Opdatering til Windows XP (KB930916)
Opdatering til Windows XP (KB931836)
Opdatering til Windows XP (KB932823-v3)
Opdatering til Windows XP (KB933360)
Opdatering til Windows XP (KB938828)
Opdatering til Windows XP (KB942763)
Opdatering til Windows XP (KB951072-v2)
Paint.NET v3.35
PaperPort
PhotoFiltre
PixiePack Codec Pack
Pop op-blokering (Windows Live Toolbar)
QuickTime
RealPlayer
Remote Control USB Driver
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
S3 S3TrayPlus
SA31xx Device Manager & Media Converter
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB938127)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB939653)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB942615)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB944533)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB950759)
Sikkerhedsopdatering til Windows Internet Explorer 7 (KB953838)
Sikkerhedsopdatering til Windows Media Player (KB911564)
Sikkerhedsopdatering til Windows Media Player 10 (KB911565)
Sikkerhedsopdatering til Windows Media Player 10 (KB917734)
Sikkerhedsopdatering til Windows Media Player 11 (KB936782)
Sikkerhedsopdatering til Windows Media Player 11 (KB954154)
Sikkerhedsopdatering til Windows Media Player 6.4 (KB925398)
Sikkerhedsopdatering til Windows XP (KB890046)
Sikkerhedsopdatering til Windows XP (KB893066)
Sikkerhedsopdatering til Windows XP (KB893756)
Sikkerhedsopdatering til Windows XP (KB896358)
Sikkerhedsopdatering til Windows XP (KB896422)
Sikkerhedsopdatering til Windows XP (KB896423)
Sikkerhedsopdatering til Windows XP (KB896424)
Sikkerhedsopdatering til Windows XP (KB896428)
Sikkerhedsopdatering til Windows XP (KB896688)
Sikkerhedsopdatering til Windows XP (KB899587)
Sikkerhedsopdatering til Windows XP (KB899588)
Sikkerhedsopdatering til Windows XP (KB899589)
Sikkerhedsopdatering til Windows XP (KB899591)
Sikkerhedsopdatering til Windows XP (KB900725)
Sikkerhedsopdatering til Windows XP (KB901017)
Sikkerhedsopdatering til Windows XP (KB901190)
Sikkerhedsopdatering til Windows XP (KB901214)
Sikkerhedsopdatering til Windows XP (KB902400)
Sikkerhedsopdatering til Windows XP (KB904706)
Sikkerhedsopdatering til Windows XP (KB905414)
Sikkerhedsopdatering til Windows XP (KB905749)
Sikkerhedsopdatering til Windows XP (KB905915)
Sikkerhedsopdatering til Windows XP (KB908519)
Sikkerhedsopdatering til Windows XP (KB908531)
Sikkerhedsopdatering til Windows XP (KB911280)
Sikkerhedsopdatering til Windows XP (KB911562)
Sikkerhedsopdatering til Windows XP (KB911567)
Sikkerhedsopdatering til Windows XP (KB911927)
Sikkerhedsopdatering til Windows XP (KB912812)
Sikkerhedsopdatering til Windows XP (KB912919)
Sikkerhedsopdatering til Windows XP (KB913446)
Sikkerhedsopdatering til Windows XP (KB913580)
Sikkerhedsopdatering til Windows XP (KB914388)
Sikkerhedsopdatering til Windows XP (KB914389)
Sikkerhedsopdatering til Windows XP (KB916281)
Sikkerhedsopdatering til Windows XP (KB917159)
Sikkerhedsopdatering til Windows XP (KB917344)
Sikkerhedsopdatering til Windows XP (KB917422)
Sikkerhedsopdatering til Windows XP (KB917953)
Sikkerhedsopdatering til Windows XP (KB918118)
Sikkerhedsopdatering til Windows XP (KB918439)
Sikkerhedsopdatering til Windows XP (KB918899)
Sikkerhedsopdatering til Windows XP (KB919007)
Sikkerhedsopdatering til Windows XP (KB920213)
Sikkerhedsopdatering til Windows XP (KB920214)
Sikkerhedsopdatering til Windows XP (KB920670)
Sikkerhedsopdatering til Windows XP (KB920683)
Sikkerhedsopdatering til Windows XP (KB920685)
Sikkerhedsopdatering til Windows XP (KB921398)
Sikkerhedsopdatering til Windows XP (KB921503)
Sikkerhedsopdatering til Windows XP (KB921883)
Sikkerhedsopdatering til Windows XP (KB922616)
Sikkerhedsopdatering til Windows XP (KB922760)
Sikkerhedsopdatering til Windows XP (KB922819)
Sikkerhedsopdatering til Windows XP (KB923191)
Sikkerhedsopdatering til Windows XP (KB923414)
Sikkerhedsopdatering til Windows XP (KB923689)
Sikkerhedsopdatering til Windows XP (KB923694)
Sikkerhedsopdatering til Windows XP (KB923980)
Sikkerhedsopdatering til Windows XP (KB924191)
Sikkerhedsopdatering til Windows XP (KB924270)
Sikkerhedsopdatering til Windows XP (KB924496)
Sikkerhedsopdatering til Windows XP (KB924667)
Sikkerhedsopdatering til Windows XP (KB925454)
Sikkerhedsopdatering til Windows XP (KB925486)
Sikkerhedsopdatering til Windows XP (KB925902)
Sikkerhedsopdatering til Windows XP (KB926255)
Sikkerhedsopdatering til Windows XP (KB926436)
Sikkerhedsopdatering til Windows XP (KB927779)
Sikkerhedsopdatering til Windows XP (KB927802)
Sikkerhedsopdatering til Windows XP (KB928090)
Sikkerhedsopdatering til Windows XP (KB928255)
Sikkerhedsopdatering til Windows XP (KB928843)
Sikkerhedsopdatering til Windows XP (KB929123)
Sikkerhedsopdatering til Windows XP (KB929969)
Sikkerhedsopdatering til Windows XP (KB930178)
Sikkerhedsopdatering til Windows XP (KB931261)
Sikkerhedsopdatering til Windows XP (KB931768)
Sikkerhedsopdatering til Windows XP (KB931784)
Sikkerhedsopdatering til Windows XP (KB932168)
Sikkerhedsopdatering til Windows XP (KB933566)
Sikkerhedsopdatering til Windows XP (KB933729)
Sikkerhedsopdatering til Windows XP (KB935839)
Sikkerhedsopdatering til Windows XP (KB935840)
Sikkerhedsopdatering til Windows XP (KB936021)
Sikkerhedsopdatering til Windows XP (KB937143)
Sikkerhedsopdatering til Windows XP (KB937894)
Sikkerhedsopdatering til Windows XP (KB938127)
Sikkerhedsopdatering til Windows XP (KB938464)
Sikkerhedsopdatering til Windows XP (KB938829)
Sikkerhedsopdatering til Windows XP (KB939653)
Sikkerhedsopdatering til Windows XP (KB941202)
Sikkerhedsopdatering til Windows XP (KB941568)
Sikkerhedsopdatering til Windows XP (KB941569)
Sikkerhedsopdatering til Windows XP (KB941644)
Sikkerhedsopdatering til Windows XP (KB941693)
Sikkerhedsopdatering til Windows XP (KB943055)
Sikkerhedsopdatering til Windows XP (KB943460)
Sikkerhedsopdatering til Windows XP (KB943485)
Sikkerhedsopdatering til Windows XP (KB944653)
Sikkerhedsopdatering til Windows XP (KB945553)
Sikkerhedsopdatering til Windows XP (KB946026)
Sikkerhedsopdatering til Windows XP (KB946648)
Sikkerhedsopdatering til Windows XP (KB948590)
Sikkerhedsopdatering til Windows XP (KB948881)
Sikkerhedsopdatering til Windows XP (KB950749)
Sikkerhedsopdatering til Windows XP (KB950760)
Sikkerhedsopdatering til Windows XP (KB950762)
Sikkerhedsopdatering til Windows XP (KB950974)
Sikkerhedsopdatering til Windows XP (KB951066)
Sikkerhedsopdatering til Windows XP (KB951376)
Sikkerhedsopdatering til Windows XP (KB951376-v2)
Sikkerhedsopdatering til Windows XP (KB951698)
Sikkerhedsopdatering til Windows XP (KB951748)
Sikkerhedsopdatering til Windows XP (KB952954)
Sikkerhedsopdatering til Windows XP (KB953839)
Smarte menuer (Windows Live Toolbar)
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Starcraft
SyncToy
Tilmeldingsassistent til Windows Live
Uninstall Startup Inspector
UserBar Generator 1.2
VIA Platform Device Manager
VIA/S3G Display Driver
Video Converter
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WA Update v3.50 beta2
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Toolbar
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Worms Armageddon
Yahoo! Toolbar
ZipGenius 6 (6.0.2.1056)
ZoneAlarm
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:15:09, on 16-09-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\WgaTray.exe
D:\Programmer\Lavasoft\Ad-Aware\aawservice.exe
d:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
d:\Programmer\Alwil Software\Avast4\ashServ.exe
D:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Viewpoint\Common\ViewpointService.exe
C:\Programmer\Viewpoint\Viewpoint Manager\ViewMgr.exe
d:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\explorer.exe
D:\Programmer\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Programmer\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "d:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programmer\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &ieSpell Options - res://d:\Programmer\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://d:\Programmer\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://d:\Programmer\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://d:\Programmer\ieSpell\wikipedia.HTM
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - d:\Programmer\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - d:\Programmer\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - d:\Programmer\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - d:\Programmer\ieSpell\iespell.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.tdconline.dk/start
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/dk/win/QuickTimeFullInstaller.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1220700227043&h=91a7038699237b308bd3d1b5acb65f0c/&filename=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.fyn.dk/external/activex/AxisCamControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} (moDiagCollectionActiveX Object) - http://yme.music.yahoo.com/qos/cabs/DiagCollectionControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4C303F8-E336-44CA-AC69-444BA456C844}: NameServer = 193.162.153.164,194.239.134.83
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: kyyywq.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Programmer\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - d:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - d:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - d:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - d:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programmer\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: ptssvc - PCTEL, INC. - (no file)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Programmer\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 9056 bytes
Hi Meizu
XP did stil ask for missing dll file on that reboot
which dll ?
1 - Remove bad HijackThis entries
Run HijackThis
Click on the Scan button
Put a check beside all of the items listed below (if present):
O20 - AppInit_DLLs: kyyywq.dllr
Close all open windows and browsers/email, etc...
Click on the "Fix Checked" button
When completed, close the application.
2 - Run CFScript
Open Notepad and copy/paste the text in the box into the window:
File::
C:\WINDOWS\system32\sxqcpi.dll
C:\WINDOWS\system32\sdwtdbcw.dll
C:\WINDOWS\system32\grxqsrgy.dll
C:\WINDOWS\system32\coruss.dll
Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
3 - Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
Update Malwarebytes' Anti-Malware
and Launch Malwarebytes' Anti-Malware then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
If you accidently close it, the log file is saved here and will be named like this:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
4 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad
5 - Status Check
Please reply with
1. the ComboFix log(C:\ComboFix.txt)
2.the Malwarebytes' Anti-Malware Log
3. a fresh HijackThis log
Thanks peku006
well sorry I didn't catch the real name of it, but I am very sure it was one the trojan above it asked about. Anyway, my computer has been shutdown and reboot since last time and windows don't ask about it anymore. the windows update problem seems be fixed again automaticly. I don't the red symbol anymore.
Proces done. Combofix did ask for download updates for itself but didn't reboot my computer. Thinks thats just normal. Else malware did found a lot of things.
Here are the logs:
ComboFix 08-09-16.03 - Michael 2008-09-17 13:45:58.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1030.18.121 [GMT 2:00]
Running from: C:\Documents and Settings\Michael\Skrivebord\ComboFix.exe
Command switches used :: C:\Documents and Settings\Michael\Skrivebord\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\coruss.dll
C:\WINDOWS\system32\grxqsrgy.dll
C:\WINDOWS\system32\sdwtdbcw.dll
C:\WINDOWS\system32\sxqcpi.dll
.
((((((((((((((((((((((((( Files Created from 2008-08-17 to 2008-09-17 )))))))))))))))))))))))))))))))
.
2008-09-14 14:28 . 2008-09-14 14:28 0 --ahs---- C:\WINDOWS\S8A120B56.tmp
2008-09-06 13:25 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-06 13:23 . 2008-09-06 13:23 <DIR> d-------- C:\Programmer\Fælles filer\Java
2008-09-06 13:20 . 2008-09-06 13:20 <DIR> d-------- C:\Programmer\Fælles filer\Adobe AIR
2008-09-06 11:12 . 2008-09-06 11:51 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-17 11:51 12,220,448 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-16 20:09 147,836 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-16 17:46 4,766,133 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-09-16 17:45 52,736 ----a-w C:\WINDOWS\Internet Logs\xDB9E.tmp
2008-09-16 17:45 2,396,672 ----a-w C:\WINDOWS\Internet Logs\xDB9F.tmp
2008-09-15 15:23 --------- d-----w C:\Documents and Settings\Michael\Application Data\BitTorrent
2008-09-14 20:09 31,744 ----a-w C:\WINDOWS\Internet Logs\xDB9D.tmp
2008-09-14 17:54 94,208 ----a-w C:\WINDOWS\Internet Logs\xDB9B.tmp
2008-09-14 17:54 2,357,760 ----a-w C:\WINDOWS\Internet Logs\xDB9C.tmp
2008-09-14 17:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-14 15:22 985,088 ----a-w C:\WINDOWS\Internet Logs\xDB9A.tmp
2008-09-14 13:28 --------- d-----w C:\Documents and Settings\Michael\Application Data\LimeWire
2008-09-06 21:23 932,352 ----a-w C:\WINDOWS\Internet Logs\xDB99.tmp
2008-09-06 13:58 --------- d-----w C:\Documents and Settings\Michael\Application Data\wsInspector
2008-09-06 11:25 --------- d-----w C:\Programmer\Java
2008-09-06 11:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\NOS
2008-09-06 11:18 --------- d-----w C:\Programmer\Fælles filer\Adobe
2008-09-06 11:13 --------- d-----w C:\Programmer\NOS
2008-09-06 11:00 --------- d-----w C:\Programmer\Sony
2008-09-06 10:48 --------- d--h--w C:\Programmer\InstallShield Installation Information
2008-09-06 10:46 --------- d-----w C:\Programmer\Fælles filer\Macromedia
2008-09-06 10:22 --------- d-----w C:\Programmer\Google
2008-09-05 11:55 73,728 ----a-w C:\WINDOWS\Internet Logs\xDB98.tmp
2008-08-31 20:56 128,000 ----a-w C:\WINDOWS\Internet Logs\xDB97.tmp
2008-08-31 19:30 --------- d-----w C:\Documents and Settings\Michael\Application Data\Apple Computer
2008-08-20 19:58 226,816 ----a-w C:\WINDOWS\Internet Logs\xDB96.tmp
2008-08-19 20:38 2,252,288 ----a-w C:\WINDOWS\Internet Logs\xDB95.tmp
2008-08-17 20:19 313,856 ----a-w C:\WINDOWS\Internet Logs\xDB93.tmp
2008-08-17 20:19 2,251,264 ----a-w C:\WINDOWS\Internet Logs\xDB94.tmp
2008-08-16 21:01 2,241,024 ----a-w C:\WINDOWS\Internet Logs\xDB92.tmp
2008-08-14 20:40 194,048 ----a-w C:\WINDOWS\Internet Logs\xDB91.tmp
2008-08-14 17:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-11 09:16 56,832 ----a-w C:\WINDOWS\Internet Logs\xDB8F.tmp
2008-08-11 09:16 2,222,592 ----a-w C:\WINDOWS\Internet Logs\xDB90.tmp
2008-08-07 23:33 47,616 ----a-w C:\WINDOWS\Internet Logs\xDB8D.tmp
2008-08-07 23:33 2,220,544 ----a-w C:\WINDOWS\Internet Logs\xDB8E.tmp
2008-08-05 23:45 62,976 ----a-w C:\WINDOWS\Internet Logs\xDB8C.tmp
2008-08-04 22:49 46,080 ----a-w C:\WINDOWS\Internet Logs\xDB8B.tmp
2008-08-02 23:26 63,488 ----a-w C:\WINDOWS\Internet Logs\xDB8A.tmp
2008-07-30 21:59 60,928 ----a-w C:\WINDOWS\Internet Logs\xDB89.tmp
2008-07-28 17:46 44,544 ----a-w C:\WINDOWS\Internet Logs\xDB87.tmp
2008-07-28 17:46 2,204,672 ----a-w C:\WINDOWS\Internet Logs\xDB88.tmp
2008-07-26 19:59 2,201,600 ----a-w C:\WINDOWS\Internet Logs\xDB86.tmp
2008-07-26 19:58 703,488 ----a-w C:\WINDOWS\Internet Logs\xDB85.tmp
2008-07-26 17:54 --------- d-----w C:\Programmer\Fælles filer\Wise Installation Wizard
2008-07-26 17:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-23 22:11 43,008 ----a-w C:\WINDOWS\Internet Logs\xDB83.tmp
2008-07-23 22:11 2,180,096 ----a-w C:\WINDOWS\Internet Logs\xDB84.tmp
2008-07-21 21:51 74,752 ----a-w C:\WINDOWS\Internet Logs\xDB82.tmp
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 15:44 190,464 ----a-w C:\WINDOWS\Internet Logs\xDB81.tmp
2008-07-18 13:27 --------- d-----w C:\Documents and Settings\Michael\Application Data\J River
2008-07-17 20:56 2,165,760 ----a-w C:\WINDOWS\Internet Logs\xDB80.tmp
2008-07-17 20:56 184,320 ----a-w C:\WINDOWS\Internet Logs\xDB7F.tmp
2008-07-17 00:12 28,672 ----a-w C:\WINDOWS\system32\drivers\VClone.sys
2008-07-15 16:33 2,162,176 ----a-w C:\WINDOWS\Internet Logs\xDB7E.tmp
2008-07-14 16:40 2,161,664 ----a-w C:\WINDOWS\Internet Logs\xDB7D.tmp
2008-07-13 18:30 2,161,152 ----a-w C:\WINDOWS\Internet Logs\xDB7C.tmp
2008-07-12 22:21 2,160,640 ----a-w C:\WINDOWS\Internet Logs\xDB7B.tmp
2008-07-12 22:20 54,272 ----a-w C:\WINDOWS\Internet Logs\xDB7A.tmp
2008-07-12 13:05 2,168,832 ----a-w C:\WINDOWS\Internet Logs\xDB79.tmp
2008-07-10 20:14 2,159,104 ----a-w C:\WINDOWS\Internet Logs\xDB78.tmp
2008-07-10 20:14 190,464 ----a-w C:\WINDOWS\Internet Logs\xDB77.tmp
2008-07-10 11:24 68,096 ----a-w C:\WINDOWS\Internet Logs\xDB76.tmp
2008-07-09 19:03 3,492,352 ----a-w C:\WINDOWS\Internet Logs\xDB75.tmp
2008-07-09 07:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2008-07-09 07:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-06 17:17 7,168 ----a-w C:\WINDOWS\system32\kbdibm02.dll
2008-07-06 17:17 6,144 ----a-w C:\WINDOWS\system32\kbdax2.dll
2008-07-06 17:17 6,144 ----a-w C:\WINDOWS\system32\kbd101a.dll
2008-07-06 17:15 7,680 ----a-w C:\WINDOWS\system32\kbdnecNT.dll
2008-07-06 17:14 7,168 ----a-w C:\WINDOWS\system32\kbdnec95.dll
2008-07-06 17:13 9,216 ----a-w C:\WINDOWS\system32\kbdnecAT.dll
2008-07-06 17:12 6,656 ----a-w C:\WINDOWS\system32\kbdlk41a.dll
2008-07-06 17:12 6,144 ----a-w C:\WINDOWS\system32\kbd106n.dll
2008-07-06 17:12 6,144 ----a-w C:\WINDOWS\system32\kbd101.dll
2008-07-06 17:08 6,144 ----a-w C:\WINDOWS\system32\kbdlk41j.dll
2008-07-03 22:17 2,129,408 ----a-w C:\WINDOWS\Internet Logs\xDB74.tmp
2008-07-03 22:17 1,232,384 ----a-w C:\WINDOWS\Internet Logs\xDB73.tmp
2008-07-02 21:17 4,595,200 ----a-w C:\WINDOWS\Internet Logs\xDB71.tmp
2008-07-02 21:17 2,123,776 ----a-w C:\WINDOWS\Internet Logs\xDB72.tmp
2008-06-26 20:26 3,376,640 ----a-w C:\WINDOWS\Internet Logs\xDB70.tmp
2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
2008-06-23 16:33 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:42 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-18 19:44 2,104,832 ----a-w C:\WINDOWS\Internet Logs\xDB6F.tmp
2008-06-18 19:44 1,322,496 ----a-w C:\WINDOWS\Internet Logs\xDB6E.tmp
2008-06-17 20:46 486,400 ----a-w C:\WINDOWS\Internet Logs\xDB6D.tmp
2008-06-17 16:28 3,658,752 ----a-w C:\WINDOWS\Internet Logs\xDB6B.tmp
2008-02-27 20:18 80 -csh--r C:\WINDOWS\system32\DEAE0E8E6F.dll
.
((((((((((((((((((((((((((((( snapshot@2008-09-16_20.02.49.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-17 11:14:05 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_160.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 15360]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-22 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="d:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"QuickTime Task"="D:\Programmer\K-Lite Codec Pack\QuickTime\qttask.exe" [2008-05-27 413696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-27 15360]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-22 68856]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"msacm.l3acm"= C:\WINDOWS\system32\l3codecp.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"vidc.yv12"= yv12vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3codec"= C:\WINDOWS\system32\l3codecp.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmer\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Programmer\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"C:\\Programmer\\Messenger\\msmsgs.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmer\\DNA\\btdna.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-10-04 86016]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Programmer\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S2 WinDriver;WinDriver;C:\WINDOWS\system32\drivers\WINDRVR.SYS [ ]
S3 getPlus(R) Helper;getPlus(R) Helper;C:\Programmer\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 MusCDriverV32;MusCDriverV32;C:\WINDOWS\system32\drivers\MusCDriverV32.sys [2007-06-15 513152]
S3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys [2001-08-17 112574]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{582610B8-E496-4813-993C-4B027173FE38}]
C:\Programmer\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-17 13:50:24
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-09-17 13:55:29
ComboFix-quarantined-files.txt 2008-09-17 11:54:43
ComboFix2.txt 2008-09-16 18:05:14
Pre-Run: 5,883,219,968 byte ledig
Post-Run: 5,851,664,384 byte ledig
198 --- E O F --- 2008-09-09 23:06:31
Malwarebytes' Anti-Malware 1.28
Database version: 1163
Windows 5.1.2600 Service Pack 2
17-09-2008 15:12:33
mbam-log-2008-09-17 (15-12-33).txt
Skan type: Fuldstændig skanning (C:\|D:\|)
Objekter skannet: 112738
Tid tilbagelagt: 1 hour(s), 4 minute(s), 59 second(s)
Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 1
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 3
Inficerede Filer: 25
Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)
Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)
Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)
Inficerede Registeringsdatabase Værdier:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\programmer\registrysmart\microsoft.vc80.mfc\ (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)
Inficerede Mapper:
C:\Programmer\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Programmer\RegistrySmart\Microsoft.VC80.CRT (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Programmer\RegistrySmart\Microsoft.VC80.MFC (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
Inficerede Filer:
C:\QooBox\Quarantine\C\WINDOWS\system32\brehanqs.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\coruss.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\grxqsrgy.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\kyyywq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\nfhwlftk.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\sdwtdbcw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\sxqcpi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\vtUooOFy.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\xvnpecac.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A82D599D-F6A4-4C53-9889-0919EB6ADEE2}\RP189\A0136748.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A82D599D-F6A4-4C53-9889-0919EB6ADEE2}\RP189\A0137823.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A82D599D-F6A4-4C53-9889-0919EB6ADEE2}\RP189\A0137824.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A82D599D-F6A4-4C53-9889-0919EB6ADEE2}\RP189\A0137825.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A82D599D-F6A4-4C53-9889-0919EB6ADEE2}\RP189\A0137827.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A82D599D-F6A4-4C53-9889-0919EB6ADEE2}\RP189\A0138020.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A82D599D-F6A4-4C53-9889-0919EB6ADEE2}\RP189\A0138042.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A82D599D-F6A4-4C53-9889-0919EB6ADEE2}\RP190\A0138105.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A82D599D-F6A4-4C53-9889-0919EB6ADEE2}\RP190\A0138106.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A82D599D-F6A4-4C53-9889-0919EB6ADEE2}\RP190\A0138107.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A82D599D-F6A4-4C53-9889-0919EB6ADEE2}\RP190\A0138108.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A82D599D-F6A4-4C53-9889-0919EB6ADEE2}\RP190\A0138109.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A82D599D-F6A4-4C53-9889-0919EB6ADEE2}\RP191\A0138698.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A82D599D-F6A4-4C53-9889-0919EB6ADEE2}\RP191\A0138699.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A82D599D-F6A4-4C53-9889-0919EB6ADEE2}\RP191\A0138700.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A82D599D-F6A4-4C53-9889-0919EB6ADEE2}\RP191\A0138701.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:15:17, on 17-09-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Programmer\Lavasoft\Ad-Aware\aawservice.exe
d:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
d:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Viewpoint\Common\ViewpointService.exe
D:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
D:\Programmer\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Programmer\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "d:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programmer\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &ieSpell Options - res://d:\Programmer\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://d:\Programmer\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://d:\Programmer\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://d:\Programmer\ieSpell\wikipedia.HTM
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - d:\Programmer\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - d:\Programmer\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - d:\Programmer\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - d:\Programmer\ieSpell\iespell.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.tdconline.dk/start
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/dk/win/QuickTimeFullInstaller.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1220700227043&h=91a7038699237b308bd3d1b5acb65f0c/&filename=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.fyn.dk/external/activex/AxisCamControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} (moDiagCollectionActiveX Object) - http://yme.music.yahoo.com/qos/cabs/DiagCollectionControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4C303F8-E336-44CA-AC69-444BA456C844}: NameServer = 193.162.153.164,194.239.134.83
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Programmer\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - d:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - d:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - d:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - d:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programmer\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: ptssvc - PCTEL, INC. - (no file)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Programmer\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 9007 bytes
Hi Meizu
Logs, looks good but let's run one online scan to be sure.........
1 - Clean temp files
Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.Double-click ATF Cleaner.exe to open it.
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
if you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
if you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program
2 - Kaspersky Online Scan
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.
3 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad
4 - Status Check
Please reply with
1. the Kaspersky online scanner report
2. a fresh HijackThis log
Thanks peku006
Great, process done! Took a little bit time but seems not to be complety waste of time. it found something! :)
Here are the logs:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, September 17, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, September 17, 2008 14:18:40
Records in database: 1245747
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
Scan statistics:
Files scanned: 64154
Threat name: 1
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 01:53:10
File name / Threat name / Threats count
D:\Common\ComponentMgr\HoldingArea\WebSys\WebSys.mmz Infected: not-a-virus:RiskTool.Win32.Deleter.f 1
D:\Musicmatch\WebSys\offline.mmz Infected: not-a-virus:RiskTool.Win32.Deleter.f 1
The selected area was scanned.
And last a fresh HijackThis log: :)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:48:34, on 17-09-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Programmer\Lavasoft\Ad-Aware\aawservice.exe
d:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
d:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Viewpoint\Common\ViewpointService.exe
D:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Programmer\Mozilla Firefox\firefox.exe
D:\Programmer\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Programmer\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "d:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programmer\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &ieSpell Options - res://d:\Programmer\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://d:\Programmer\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://d:\Programmer\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://d:\Programmer\ieSpell\wikipedia.HTM
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - d:\Programmer\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - d:\Programmer\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - d:\Programmer\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - d:\Programmer\ieSpell\iespell.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.tdconline.dk/start
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/dk/win/QuickTimeFullInstaller.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1220700227043&h=91a7038699237b308bd3d1b5acb65f0c/&filename=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.fyn.dk/external/activex/AxisCamControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} (moDiagCollectionActiveX Object) - http://yme.music.yahoo.com/qos/cabs/DiagCollectionControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4C303F8-E336-44CA-AC69-444BA456C844}: NameServer = 193.162.153.164,194.239.134.83
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Programmer\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - d:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - d:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - d:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - d:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programmer\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: ptssvc - PCTEL, INC. - (no file)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Programmer\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 9050 bytes
Hi Meizu
You have Viewpoint, Viewpoint Manager, Viewpoint Media Player installed on your system. These programs are not malware but are considered as foistware instead of malware since they are installed without user's approval, and for this reason I recommend you remove them.
http://www.greatis.com/appdata/u/v/viewmgr.exe.htm
http://www.spywareinfo.com/newslette....php#viewpoint
http://www.clickz.com/news/article.php/3561546
Please download the OTMoveIt2 by OldTimer (http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe).
Save it to your desktop.
Please double-click OTMoveIt2.exe to run it.
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
D:\Common\ComponentMgr\HoldingArea\WebSys\WebSys.mmz
D:\Musicmatch\WebSys\offline.mmz
Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Post:
OTMoveIt2 log
Thanks peku006
No problem. I actaully don't know what it really is. So let's go and and remove it. You mean I need to remove them maually from Control Panel in windows? Because I can see I have the option to remove the Manager and Media Player from there.
Process done! (smoothly) :) no reboot
here is the log from OTmoveIt2:
D:\Common\ComponentMgr\HoldingArea\WebSys\WebSys.mmz moved successfully.
D:\Musicmatch\WebSys\offline.mmz moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09172008_195225
Hi Meizu
You mean I need to remove them maually from Control Panel in windows?
naturligvis.......
To uninstall the the Viewpoint components (Viewpoint, Viewpoint Manager, Viewpoint Media Player):
Click Start, point to Settings, and then click Control Panel.
In Control Panel, double-click Add or Remove Programs.
In Add or Remove Programs, highlight >>Viewpoint component<< , click Remove.
Do the same for each Viewpoint component.
After that.............
Congratulations, your log looks clean! :yahoo:
Time for some housekeeping :cleaning:
Click START then RUN
Now type Combofix /u in the runbox and click OK
http://i147.photobucket.com/albums/r301/DFW_photos/CF_Cleanup.png
When shown the disclaimer, Select "2"
Double click OTMoveIt.exe to launch the programme.
Click on the CleanUp! button.
OTMoveIt will download a list from the Internet, if your firewall or other defensive programmes alerts you, allow it access.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
When finished exit out of OTMoveIt
The tool will delete itself once it finishes, if not delete it by yourself.
Here are some free programs I recommend that could help you improve your computer's security.
Spybot Search and Destroy 1.6
Download it from here (http://www.safer-networking.org/en/mirrors/index.html). Just choose a mirror and off you go.
Find here the tutorial on how to use Spybot properly here (http://www.bleepingcomputer.com/tutorials/tutorial43.html)
Install SpyWare Blaster 4.1
Download it from here (http://www.javacoolsoftware.com/spywareblaster.html)
Find here the tutorial on how to use Spyware Blaster here (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
Install WinPatrol
Download it from here (http://www.winpatrol.com/download.html)
Here you can find information about how WinPatrol works here (http://www.winpatrol.com/features.html)
Install FireTrust SiteHound
You can find information and download it from here (http://www.firetrust.com/en/products/sitehound)
Install MVPS Hosts File from here (http://mvps.org/winhelp2002/hosts.htm)
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm
Note:"Be sure to disable the service "DNS Client" FIRST to allow the use of large HOSTS files without slowdowns.
If this isn't done first, the next reboot may take a VERY LONG TIME.
This is how to do it. First be sure you are signed in as a user with administrative privileges:
Stop and Disable the DNS Client Service
Go to Start, Run and type Services.msc and click OK.
Under the Extended Tab, Scroll down and find this service.
DNS Client
Right-Click on the DNS Client Service. Choose Properties
Select the General tab. Click on the Stop button.
Click the Arrow-down tab on the right-hand side at the Start-up Type box.
From the drop-down menu, click on Manual
Click the Apply tab, then click OK
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector (http://secunia.com/software_inspector/)
F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html)
Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com
Note: If you are running Windows XP SP2, you should upgrade to SP3.
Please check out Tony Klein's article "How did I get infected in the first place?" (http://castlecops.com/t7736-So_how_did_I_get_infected_in_the_first_place.html)
Read some information here (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) how to prevent Malware.
Happy safe surfing! :bigthumb:
YA-BA-DA-BA-DOO!!!! and Thank you very much :eek:
Your the No.1
Just combofx didn't display the disclaimer but did report it was removed from my computer. hopes that's normal.
There were only the Viewpoint Manager, Viewpoint Media Player to remove, but I search after the installation folder and it was just leaved emty so think all of it did go with the trash.
OTMoveIt is removed and my computer did reboot, so...
Then I might only have a single question for you.
Should I run any of these on my computer to make sure there really isn't anymore "junk"?
Spybot Search and Destroy 1.6
Avast Antivirus Free Edition
Ad-Aware 2008
Then I would reply back to tell you if everything is really running normally.:police:
My boot-up is normal but I haven't check any of my programs yet.
I did now checked my browsers, email program, firewall, games etc. and everything seems to work normal, EXCEPT ONE - Avast
I can't activate it again. I need to right-click on the icons in the system tray to activate the features but now there is no icons at all. And reboot didn't helped. :sad: Do you know a solutions on this I could try out?
I can run the main avast window and scan if I wish without problems, but I don't think I can activate it from here.
Thanks
Hi Meizu
Should I run any of these on my computer to make sure there really isn't anymore "junk"?
How to prevent Malware: (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html)
Avast
I can't activate it again
Have you tried uninstalling and reinstalling the avast!, Re-register and see if that license key works.
peku006
Hi again
Thanks for the links of security. I have a good time reading them!
I did reinstall avast and now it does work normally :)
(other things: I did also reinstall ad-ware for and installed Spywareblaster to my system. you can also find a fresh HijackThis below)
A did a scan with all my 3 programs above and they all got interesting results:
Spybot was completly negative :bigthumb: but avast! did found this:
18-09-2008 20:13:55 1221761635 Michael 2380 Sign of "Win32:Trojan-gen {Other}" has been found in "D:\Filer opbevaring Michael\Shared\Programmer\j.rivermediacenter12.x.xxxupdatedpatchsnd\J.River MEDIA CENTER 12.x.xxx Patch.exe" file.
18-09-2008 20:30:59 1221762659 Michael 2380 Sign of "Win32:Trojan-gen {Other}" has been found in "D:\System Volume Information\_restore{A82D599D-F6A4-4C53-9889-0919EB6ADEE2}\RP3\A0000346.exe" file.
They are moved to quarantine and ready for deletion, but i am just unsure if we need to do more on this or worry??
Ad-aware:
I did have a problem earlier with before the infection, the reason why I did made reinstall.
The search did suddenly stall when it reached 50-60 % and then I am then just forced to quit.
Today it did continue doing this but then it finally ended and display the summary screen. (Think I did abort it)
It did found some hosts files and some few cookies. The cookies are deleted but when did tried delete the others Ad-aware just pop-up with an error (no ditails) and then it refuse to delete them or move them to quarantine, I am just forced pressing the "Finish" bottom and do nothing.
I don't know if you guys know whats going on. It could nice you want to help me. I don't know if I need to worry about this.
It did make a log, here is it:
Ad-Aware Build
Log File Created on: 2008-09-18 21:05:18
This scan was aborted by the user, all infections might not have been logged.
Using Definitions File: C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\core.aawdef
Computer name: FLINDTST-5SX65G
Name of user performing scan: SYSTEM
System information
===========================
Number of processors: 1
Processor type: AMD Sempron(tm) Processor 2600+
Memory Available: 32%
Total Physical Memory: 468959232 Bytes
Available Physical Memory: 149958656 Bytes
Total Page File Size: 1104297984 Bytes
Available On Page File: 593985536 Bytes
Total Virtual Memory: 2147352576 Bytes
Available Virtual Memory: 1745383424 Bytes
OS: Microsoft Windows XP Service Pack 2 (Build 2600)
Ad-Aware Settings
===========================
Skipping files larger than 1048576 kB
Ignoring infections with lower TAI than: 3
Extended Ad-Aware Settings
===========================
Unloading known modules during scan
Ignoring spanned files when scanning cab archives
Reanalyzing results after scanning before displaying results
Trying to unload modules prior to removal
Let Windows remove files currently in use at next reboot
Removing quarantined objects after restore
Deactivating Ad-Watch during scans
Writeprotecting system files after repairs
Include info about ignored objects in log file
Including basic settings in log file
Including advanced settings in log file
Including user and computer name in log file
Create and save WebUpdate log file
Databaseinfo
===========================
Version number: 122
Build Number: 0
Build Date and Time: 2008/09/18 08:12:33
Scan Statistics
===========================
Method: Full
Scan tracking cookies.............................: On
Scan ADS filestreams..............................: Off
Item Scanned: 122150
Infections Detected: 11
Infections Ignored: 0
Scan detailed statistics
===========================
Type Critical Total
Process Scan....: 0 0
Registry Scan...: 0 0
Registry PE Scan: 0 0
Hosts File Scan.: 9 9
File Scan.......: 0 0
Folder Scan.....: 0 0
LSP Scan........: 0 0
ADS Scan........: 0 0
Cookie Scan.....: 2 2
File Hash Scan..: 0 0
Infections Found
===========================
Family Id: 563 Name: Redirected hostfile entry Category: Misc TAI:4
Item Id: 500000035 Value: IP Address: 127.0.0.1 Host Name: THEREALSEARCH.COM
Item Id: 500000045 Value: IP Address: 127.0.0.1 Host Name: GREG-SEARCH.COM
Item Id: 500000048 Value: IP Address: 127.0.0.1 Host Name: APPROVEDLINKS.COM
Item Id: 500000052 Value: IP Address: 127.0.0.1 Host Name: VSE-MOE.BIZ
Item Id: 500000065 Value: IP Address: 127.0.0.1 Host Name: AIFIND.INFO
Item Id: 500000073 Value: IP Address: 127.0.0.1 Host Name: FIND4U.NET
Item Id: 500000075 Value: IP Address: 127.0.0.1 Host Name: I-LOOKUP.COM
Item Id: 500000076 Value: IP Address: 127.0.0.1 Host Name: IE-SEARCH.COM
Item Id: 500000078 Value: IP Address: 127.0.0.1 Host Name: ITSEASY.US
Family Id: 725 Name: Tracking Cookie Category: DataMiner TAI:3
Item Id: 600000597 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Michael\Cookies\index.dat track.adform.net C /
Item Id: 600000597 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Michael\Cookies\index.dat track.adform.net cid /
Items Ignored During Scan
===========================
Listing of running processes
===========================
C:\WINDOWS\SYSTEM32\SMSS.EXE
c:\windows\system32\smss.exe
c:\windows\system32\ntdll.dll
C:\WINDOWS\SYSTEM32\CSRSS.EXE
c:\windows\system32\csrss.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\csrsrv.dll
c:\windows\system32\basesrv.dll
c:\windows\system32\winsrv.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sxs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\version.dll
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
c:\windows\system32\winlogon.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\authz.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\nddeapi.dll
c:\windows\system32\profmap.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\psapi.dll
c:\windows\system32\regapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\version.dll
c:\windows\system32\winsta.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\imm32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msgina.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\shsvcs.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\ole32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\winscard.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\serwvdrv.dll
c:\windows\system32\umdmxfrm.dll
c:\windows\system32\sxs.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\wlnotify.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\wgalogon.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cscui.dll
c:\windows\system32\msv1_0.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbem\wbemcomn.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\msvcp60.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\dnsapi.dll
C:\WINDOWS\SYSTEM32\SERVICES.EXE
c:\windows\system32\services.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\scesrv.dll
c:\windows\system32\authz.dll
c:\windows\system32\umpnpmgr.dll
c:\windows\system32\winsta.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\ncobjapi.dll
c:\windows\system32\msvcp60.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acadproc.dll
c:\windows\system32\imm32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\version.dll
c:\windows\system32\eventlog.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
C:\WINDOWS\SYSTEM32\LSASS.EXE
c:\windows\system32\lsass.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\lsasrv.dll
c:\windows\system32\mpr.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\samsrv.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\serwvdrv.dll
c:\windows\system32\umdmxfrm.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\msprivs.dll
c:\windows\system32\kerberos.dll
c:\windows\system32\msv1_0.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\netlogon.dll
c:\windows\system32\w32time.dll
c:\windows\system32\msvcp60.dll
c:\windows\system32\schannel.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wdigest.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\scecli.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\ipsecsvc.dll
c:\windows\system32\authz.dll
c:\windows\system32\oakley.dll
c:\windows\system32\winipsec.dll
c:\windows\system32\pstorsvc.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\psbase.dll
c:\windows\system32\dssenh.dll
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\serwvdrv.dll
c:\windows\system32\umdmxfrm.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\rpcss.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\termsrv.dll
c:\windows\system32\icaapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\authz.dll
c:\windows\system32\mstlsapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\atl.dll
c:\windows\system32\regapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\serwvdrv.dll
c:\windows\system32\umdmxfrm.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\rpcss.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\wshbth.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\serwvdrv.dll
c:\windows\system32\umdmxfrm.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\shsvcs.dll
c:\windows\system32\winsta.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\wzcsvc.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\wmi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\esent.dll
c:\windows\system32\atl.dll
c:\windows\system32\irmon.dll
c:\windows\system32\msv1_0.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wshirda.dll
c:\windows\system32\rastls.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\tapi32.dll
c:\windows\system32\schannel.dll
c:\windows\system32\winscard.dll
c:\windows\system32\raschap.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\audiosrv.dll
c:\windows\system32\wkssvc.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\cryptsvc.dll
c:\windows\system32\certcli.dll
c:\windows\system32\netman.dll
c:\windows\system32\netshell.dll
c:\windows\system32\credui.dll
c:\windows\system32\wzcsapi.dll
c:\windows\system32\srvsvc.dll
c:\windows\system32\hidserv.dll
c:\windows\system32\hid.dll
c:\windows\pchealth\helpctr\binaries\pchsvc.dll
c:\windows\system32\es.dll
c:\windows\system32\ersvc.dll
c:\windows\system32\dmserver.dll
c:\windows\system32\wuauserv.dll
c:\windows\system32\wbem\wmisvc.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\wuaueng.dll
c:\windows\system32\winspool.drv
c:\windows\system32\winhttp.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\mspatcha.dll
c:\windows\system32\w32time.dll
c:\windows\system32\msvcp60.dll
c:\windows\system32\trkwks.dll
c:\windows\system32\srsvc.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\seclogon.dll
c:\windows\system32\sens.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\browser.dll
c:\windows\system32\wscsvc.dll
c:\windows\system32\msi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\ipnathlp.dll
c:\windows\system32\authz.dll
c:\windows\system32\wbem\wbemcomn.dll
c:\windows\system32\wbem\wbemcore.dll
c:\windows\system32\wbem\esscli.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\comsvcs.dll
c:\windows\system32\colbact.dll
c:\windows\system32\mtxclu.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\clusapi.dll
c:\windows\system32\resutils.dll
c:\windows\system32\upnp.dll
c:\windows\system32\ssdpapi.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\wbem\repdrvfs.dll
c:\windows\system32\tapisrv.dll
c:\windows\system32\psapi.dll
c:\windows\system32\rasmans.dll
c:\windows\system32\winipsec.dll
c:\windows\system32\netcfgx.dll
c:\windows\system32\wbem\wmiprvsd.dll
c:\windows\system32\ncobjapi.dll
c:\windows\system32\wbem\wbemess.dll
c:\windows\system32\rastapi.dll
c:\windows\system32\unimdm.tsp
c:\windows\system32\uniplat.dll
c:\windows\system32\unimdmat.dll
c:\windows\system32\modemui.dll
c:\windows\system32\kmddsp.tsp
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ndptsp.tsp
c:\windows\system32\ipconf.tsp
c:\windows\system32\h323.tsp
c:\windows\system32\wbem\ncprov.dll
c:\windows\system32\hidphone.tsp
c:\windows\system32\rasppp.dll
c:\windows\system32\ntlsapi.dll
c:\windows\system32\kerberos.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\rasdlg.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advpack.dll
c:\windows\system32\catsrvut.dll
c:\windows\system32\catsrv.dll
c:\windows\system32\mfcsubs.dll
c:\windows\system32\mpr.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\serwvdrv.dll
c:\windows\system32\umdmxfrm.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\wudfsvc.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\wudfplatform.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\serwvdrv.dll
c:\windows\system32\umdmxfrm.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\dnsrslvr.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\serwvdrv.dll
c:\windows\system32\umdmxfrm.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\lmhsvc.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\webclnt.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\ssdpsrv.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\upnphost.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\ssdpapi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\httpapi.dll
C:\WINDOWS\SYSTEM32\WGATRAY.EXE
c:\windows\system32\wgatray.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imm32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\version.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\userenv.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\sxs.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbem\wbemcomn.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\msvcp60.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\samlib.dll
c:\windows\system32\msctf.dll
c:\windows\system32\msctfime.ime
C:\WINDOWS\EXPLORER.EXE
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\browseui.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\imm32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\serwvdrv.dll
c:\windows\system32\umdmxfrm.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\themeui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\xpsp2res.dll
c:\programmer\windows media player\wmpband.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\atl.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\netshell.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\credui.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\winsta.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\stobject.dll
c:\windows\system32\batmeter.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\mydocs.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\msi.dll
c:\windows\system32\msctf.dll
c:\windows\system32\mlang.dll
c:\windows\system32\drprov.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\netui0.dll
c:\windows\system32\netui1.dll
c:\windows\system32\netrap.dll
c:\windows\system32\samlib.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\msacm32.drv
c:\windows\system32\midimap.dll
c:\windows\system32\browselc.dll
d:\pcplan~1\spybot~1\spybot~1\sdhelper.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\faultrep.dll
c:\windows\system32\olepro32.dll
c:\windows\system32\jsproxy.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\gdiplus.dll
c:\windows\system32\duser.dll
c:\programmer\fælles filer\adobe\acrobat\activex\pdfshell.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcr80.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\msgina.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\sxs.dll
c:\windows\system32\sti.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\shmedia.dll
c:\windows\system32\msvfw32.dll
c:\windows\system32\avifil32.dll
c:\windows\system32\zipfldr.dll
d:\pcplan~1\zipgen~1\zgdrag~1.dll
c:\windows\system32\actxprxy.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\mscms.dll
c:\windows\system32\winspool.drv
d:\programmer\malwarebytes' anti-malware\mbamext.dll
d:\programmer\zone labs\zonealarm\zlavscan.dll
d:\pcplan~1\zipgen~1\contmenu.dll
d:\programmer\alwil software\avast4\ashshell.dll
D:\PROGRAMMER\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
d:\programmer\alwil software\avast4\aswupdsv.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
d:\programmer\alwil software\avast4\aswcmns.dll
d:\programmer\alwil software\avast4\aswcmnos.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\msvcp71.dll
c:\windows\system32\msvcr71.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2help.dll
d:\programmer\alwil software\avast4\aswcmnb.dll
c:\windows\system32\imm32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
D:\PROGRAMMER\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
d:\programmer\alwil software\avast4\ashserv.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\secur32.dll
d:\programmer\alwil software\avast4\aswaux.dll
c:\windows\system32\msvcp71.dll
c:\windows\system32\msvcr71.dll
d:\programmer\alwil software\avast4\aswcmnb.dll
d:\programmer\alwil software\avast4\aswcmnos.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2help.dll
d:\programmer\alwil software\avast4\aswengin.dll
d:\programmer\alwil software\avast4\aswscan.dll
d:\programmer\alwil software\avast4\aswcmns.dll
d:\programmer\alwil software\avast4\ashbase.dll
c:\windows\system32\version.dll
d:\programmer\alwil software\avast4\ashtask.dll
d:\programmer\alwil software\avast4\aswinteg.dll
d:\programmer\alwil software\avast4\aswidle.dll
d:\programmer\alwil software\avast4\aavm4h.dll
d:\programmer\alwil software\avast4\aavmrpch.dll
c:\windows\system32\imm32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\dbghelp.dll
d:\programmer\alwil software\avast4\danish\base.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\netapi32.dll
d:\programmer\alwil software\avast4\ahresmai.dll
d:\programmer\alwil software\avast4\ahresmes.dll
d:\programmer\alwil software\avast4\ahresns.dll
d:\programmer\alwil software\avast4\ahresout.dll
d:\programmer\alwil software\avast4\ahresp2p.dll
d:\programmer\alwil software\avast4\ahresstd.dll
d:\programmer\alwil software\avast4\ahresws.dll
d:\programmer\alwil software\avast4\ashssqlt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\winrnr.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\wshbth.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\perfos.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\apphelp.dll
d:\programmer\alwil software\avast4\aswres.dll
c:\windows\system32\psapi.dll
D:\PROGRA~1\ALWILS~1\AVAST4\ASHDISP.EXE
d:\progra~1\alwils~1\avast4\ashdisp.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\secur32.dll
d:\progra~1\alwils~1\avast4\aswcmnos.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msvcp71.dll
c:\windows\system32\msvcr71.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2help.dll
d:\progra~1\alwils~1\avast4\ashbase.dll
c:\windows\system32\version.dll
d:\progra~1\alwils~1\avast4\aswcmnb.dll
d:\progra~1\alwils~1\avast4\aswcmns.dll
d:\progra~1\alwils~1\avast4\ashtask.dll
d:\progra~1\alwils~1\avast4\aswaux.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
d:\progra~1\alwils~1\avast4\aavm4h.dll
d:\progra~1\alwils~1\avast4\aavmrpch.dll
c:\windows\system32\imm32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msctf.dll
c:\windows\system32\msctfime.ime
d:\programmer\alwil software\avast4\danish\base.dll
d:\programmer\alwil software\avast4\danish\lang.dll
c:\windows\system32\mfc71.dll
d:\programmer\alwil software\avast4\ahruimai.dll
d:\progra~1\alwils~1\avast4\ashuint.dll
d:\progra~1\alwils~1\avast4\xt1922.dll
d:\programmer\alwil software\avast4\ahruimes.dll
d:\programmer\alwil software\avast4\ahruins.dll
d:\programmer\alwil software\avast4\ahruiout.dll
c:\windows\system32\mapi32.dll
d:\programmer\alwil software\avast4\ahruip2p.dll
d:\programmer\alwil software\avast4\ahruistd.dll
d:\programmer\alwil software\avast4\ahruiws.dll
c:\windows\system32\winmm.dll
c:\windows\system32\serwvdrv.dll
c:\windows\system32\umdmxfrm.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\riched20.dll
d:\programmer\alwil software\avast4\aavmguih.dll
d:\programmer\alwil software\avast4\danish\langmai.dll
C:\WINDOWS\SYSTEM32\CTFMON.EXE
c:\windows\system32\ctfmon.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\msutb.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\serwvdrv.dll
c:\windows\system32\umdmxfrm.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\msctfime.ime
C:\WINDOWS\SYSTEM32\BRSVC01A.EXE
c:\windows\system32\brsvc01a.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
C:\WINDOWS\SYSTEM32\BRSS01A.EXE
c:\windows\system32\brss01a.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\ole32.dll
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
c:\windows\system32\spoolsv.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\serwvdrv.dll
c:\windows\system32\umdmxfrm.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\spoolss.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\localspl.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\winspool.drv
c:\windows\system32\netapi32.dll
c:\windows\system32\cnbjmon.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\mdimon.dll
c:\windows\system32\msi.dll
c:\windows\system32\pjlmon.dll
c:\windows\system32\tcpmon.dll
c:\windows\system32\usbmon.dll
c:\windows\system32\spool\prtprocs\w32x86\brmfpp1.dll
c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
c:\windows\system32\spool\prtprocs\w32x86\ppbipr.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\wshbth.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\win32spl.dll
c:\windows\system32\netrap.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\inetpp.dll
c:\windows\system32\xpsp2res.dll
C:\WINDOWS\SYSTEM32\BGSVCGEN.EXE
c:\windows\system32\bgsvcgen.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\serwvdrv.dll
c:\windows\system32\umdmxfrm.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\bthserv.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\msv1_0.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\iphlpapi.dll
C:\WINDOWS\SYSTEM32\PCTSPK.EXE
c:\windows\system32\pctspk.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\avifil32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\msvfw32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\serwvdrv.dll
c:\windows\system32\umdmxfrm.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\uxtheme.dll
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\serwvdrv.dll
c:\windows\system32\umdmxfrm.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\wiaservc.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\mscms.dll
c:\windows\system32\winspool.drv
c:\windows\system32\winsta.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\actxprxy.dll
c:\windows\system32\sti.dll
D:\PROGRAMMER\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
d:\programmer\alwil software\avast4\ashmaisv.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
d:\programmer\alwil software\avast4\ashbase.dll
c:\windows\system32\version.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msvcp71.dll
c:\windows\system32\msvcr71.dll
d:\programmer\alwil software\avast4\aswcmnos.dll
d:\programmer\alwil software\avast4\aswcmnb.dll
d:\programmer\alwil software\avast4\aswcmns.dll
d:\programmer\alwil software\avast4\ashtask.dll
d:\programmer\alwil software\avast4\aswaux.dll
d:\programmer\alwil software\avast4\aavm4h.dll
d:\programmer\alwil software\avast4\aavmrpch.dll
d:\programmer\alwil software\avast4\ahresmai.dll
c:\windows\system32\imm32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\dbghelp.dll
d:\programmer\alwil software\avast4\danish\base.dll
d:\programmer\alwil software\avast4\aswengin.dll
d:\programmer\alwil software\avast4\aswscan.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\wshbth.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\rasadhlp.dll
d:\programmer\alwil software\avast4\danish\lang.dll
c:\windows\system32\mfc71.dll
c:\windows\system32\shlwapi.dll
d:\programmer\alwil software\avast4\danish\langmai.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\ole32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\shell32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
D:\PROGRAMMER\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
d:\programmer\alwil software\avast4\ashwebsv.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
d:\programmer\alwil software\avast4\ashbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\version.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msvcp71.dll
c:\windows\system32\msvcr71.dll
d:\programmer\alwil software\avast4\aswcmnos.dll
d:\programmer\alwil software\avast4\aswcmnb.dll
d:\programmer\alwil software\avast4\aswcmns.dll
d:\programmer\alwil software\avast4\aavm4h.dll
d:\programmer\alwil software\avast4\aavmrpch.dll
d:\programmer\alwil software\avast4\ashtask.dll
d:\programmer\alwil software\avast4\aswaux.dll
c:\windows\system32\imm32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\dbghelp.dll
d:\programmer\alwil software\avast4\danish\base.dll
d:\programmer\alwil software\avast4\aswengin.dll
d:\programmer\alwil software\avast4\aswscan.dll
c:\windows\system32\psapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\security.dll
d:\programmer\alwil software\avast4\ashwsftr.dll
d:\progra~1\alwils~1\avast4\ahresws.dll
d:\programmer\alwil software\avast4\ashuint.dll
d:\programmer\alwil software\avast4\xt1922.dll
c:\windows\system32\mfc71.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\riched20.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\netapi32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
C:\WINDOWS\SYSTEM32\ALG.EXE
c:\windows\system32\alg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\atl.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\serwvdrv.dll
c:\windows\system32\umdmxfrm.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wshtcpip.dll
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\shimeng.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\serwvdrv.dll
c:\windows\system32\umdmxfrm.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\w3ssl.dll
c:\windows\system32\strmfilt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\httpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
D:\PROGRAMMER\LAVASOFT\AD-AWARE\AAWSERVICE.EXE
d:\programmer\lavasoft\ad-aware\aawservice.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
d:\programmer\lavasoft\ad-aware\ceapi.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
d:\programmer\lavasoft\ad-aware\pkarchive85u.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\version.dll
c:\windows\system32\userenv.dll
c:\windows\system32\imm32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshbth.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wshtcpip.dll
C:\PROGRAMMER\GOOGLE\GOOGLETOOLBARNOTIFIER\GOOGLETOOLBARNOTIFIER.EXE
c:\programmer\google\googletoolbarnotifier\googletoolbarnotifier.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\programmer\google\googletoolbarnotifier\2.0.301.7164\gtn.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\psapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\tapi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\serwvdrv.dll
c:\windows\system32\umdmxfrm.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shell32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\msv1_0.dll
c:\programmer\google\googletoolbarnotifier\2.0.301.7164\res_da.dll
c:\programmer\google\googletoolbarnotifier\2.0.301.7164\swg.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\version.dll
c:\windows\system32\xpsp2res.dll
c:\windows\system32\msi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\atl.dll
c:\windows\system32\samlib.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshbth.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wshtcpip.dll
D:\PROGRAMMER\LAVASOFT\AD-AWARE\AD-AWARE.EXE
d:\programmer\lavasoft\ad-aware\ad-aware.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\secur32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\version.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\comdlg32.dll
d:\programmer\lavasoft\ad-aware\lavalicense.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\winmm.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\msvcp60.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\serwvdrv.dll
c:\windows\system32\umdmxfrm.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msctf.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\setupapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\comres.dll
c:\windows\system32\userenv.dll
c:\windows\system32\olepro32.dll
d:\programmer\lavasoft\ad-aware\lavamessage.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\tapi32.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\msv1_0.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wshtcpip.dll
End of Scan Section
===========================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:12:15, on 18-09-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
d:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
d:\Programmer\Alwil Software\Avast4\ashServ.exe
D:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
d:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
d:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
D:\Programmer\Lavasoft\Ad-Aware\aawservice.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Mozilla Firefox\firefox.exe
D:\Programmer\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Programmer\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PCPLAN~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "d:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programmer\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] d:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &ieSpell Options - res://d:\Programmer\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://d:\Programmer\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://d:\Programmer\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://d:\Programmer\ieSpell\wikipedia.HTM
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - d:\Programmer\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - d:\Programmer\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - d:\Programmer\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - d:\Programmer\ieSpell\iespell.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PCPLAN~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PCPLAN~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tdconline.dk/start
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/dk/win/QuickTimeFullInstaller.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1220700227043&h=91a7038699237b308bd3d1b5acb65f0c/&filename=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.fyn.dk/external/activex/AxisCamControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} (moDiagCollectionActiveX Object) - http://yme.music.yahoo.com/qos/cabs/DiagCollectionControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4C303F8-E336-44CA-AC69-444BA456C844}: NameServer = 193.162.153.164,194.239.134.83
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Programmer\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - d:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - d:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - d:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - d:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programmer\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: ptssvc - PCTEL, INC. - (no file)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 9459 bytes
Hi Meizu
but avast! did found this
Do you know anything about this patch file ?
J.River MEDIA CENTER 12.x.xxx Patch.exe
if that J.River Media Center is legal you should restore that file from quarantine
18-09-2008 20:30:59 1221762659 Michael 2380 Sign of "Win32:Trojan-gen {Other}" has been found in "D:\System Volume Information\_restore{A82D599D-F6A4-4C53-9889-0919EB6ADEE2}\RP3\A0000346.exe" file.
" virus"is in System Restore are not active......
Go to Start > All Programs > Accessories > System Tools > System Restore
Select Create a restore point, and Ok it.
Next, go to Start > Run and type in cleanmgr
Select the More options tab
Choose the option to clean up system restore and OK it.
This will remove all restore points except the new one you just created.
Ad-Aware Log File :
Cookies are not dangerous
Item Id: 500000035 Value: IP Address: 127.0.0.1 Host Name: THEREALSEARCH.COM
Item Id: 500000045 Value: IP Address: 127.0.0.1 Host Name: GREG-SEARCH.COM
Item Id: 500000048 Value: IP Address: 127.0.0.1 Host Name: APPROVEDLINKS.COM
Item Id: 500000052 Value: IP Address: 127.0.0.1 Host Name: VSE-MOE.BIZ
Item Id: 500000065 Value: IP Address: 127.0.0.1 Host Name: AIFIND.INFO
Item Id: 500000073 Value: IP Address: 127.0.0.1 Host Name: FIND4U.NET
Item Id: 500000075 Value: IP Address: 127.0.0.1 Host Name: I-LOOKUP.COM
Item Id: 500000076 Value: IP Address: 127.0.0.1 Host Name: IE-SEARCH.COM
Item Id: 500000078 Value: IP Address: 127.0.0.1 Host Name: ITSEASY.US
they are in hosts file and Lavasoft is seeing the redirection as a threat........but they are are not dangerous (Ad-Aware it´s not my favorite software)
otherwise I dont see much wrong here........
peku006
:yes: Yes I do but not directly. I did contact my brother who a few times uses this computer too. He did know to this patch and program it can use on. It seems Avast! did found the patch. It's made for extend the license for free (normally not) and that's only not legal but lack of security, so...:nono:
Process done!
The computer has now got a new and properly safe restore point. :)
A last question:
the Ad-aware does not bring me much help at the moment. Do I even need it have such kind of software installed on my system. If I do, are you just saying there is a better alternative out there?
Hi Meizu
Good work ,everything is good now:yahoo:
MalwareBytes AntiMalware is excellent choice , it is a good program to have and to run every few weeks just to be sure that you are still clean.
regards peku006
Well then I just don't have to uninstall that program then. :funny:
I only need to clean my desktop, delete the quarantine files and maybe remove Ad-aware and HijackThis again.:yahoo:
Then I think I can take it from here!
Then I just have to say THANK YOU VERY MUCH for your help!
WELL DONE :D: :bigthumb: :2thumb:
:wav:
:hair:
:band:
Can't wait using my brand new computer.:present:
Thanks and bye until maybe next time :popcorn:
Greetings
Meizu
Denmark