Jump to content


Photo

Super infection!


  • This topic is locked This topic is locked
12 replies to this topic

#1 ritoun

ritoun

    Member

  • Full Member
  • Pip
  • 61 posts

Posted 07 December 2009 - 02:44 PM

Hi there,

My Nod 32 warned me about a few viruses yesterday, I thought it was nothing more than usual. But when I restarted this morning, wooooow! after a few secs of the Windows screen, very short blue screen and restart, and again and again... No way to start in safe mode either... I used a windows disc to Repair. but as soon as connected to the net, bredolab.aa warning, a few others, atapi.sys, wigon.mmtrojan and other stuff I didn't note. Then windows froze, restart, and re-blue screen etc. I understood it came from the net connection so unplugged and it worked fine, tried malware byte, scan with Nod etc. Everything seemd fine, until I replugged to the net: rigth away, bredolab. I unpplugged, managed to get here, instaled combofix.
Here is the log, and Hijjack this follows.

ComboFix 09-12-06.A3 - Aharon 12/07/2009 21:13.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.972.1033.18.1023.480 [GMT 2:00]
Running from: c:\documents and settings\Aharon\Desktop\ComboFix.exe
AV: Eset NOD32 antivirus system 2.51 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Aharon\Start Menu\Programs\Startup\siszyd32.exe
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\windows\system32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\windows\system32\twain_32.dll
G:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-11-07 to 2009-12-07 )))))))))))))))))))))))))))))))
.

2009-12-07 17:41 . 2009-12-07 17:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-12-07 12:21 . 2004-08-04 12:00 8704 -c--a-w- c:\windows\system32\dllcache\infoctrs.dll
2009-12-07 11:58 . 2004-08-04 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-12-07 11:58 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2009-12-07 11:58 . 2004-08-04 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-12-07 11:58 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-12-07 09:44 . 2004-08-04 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2009-12-07 09:44 . 2004-08-04 12:00 32768 -c--a-w- c:\windows\system32\dllcache\icwdl.dll
2009-12-07 09:44 . 2004-08-04 12:00 86016 -c--a-w- c:\windows\system32\dllcache\icwconn2.exe
2009-12-07 09:44 . 2004-08-04 12:00 214528 -c--a-w- c:\windows\system32\dllcache\icwconn1.exe
2009-12-07 09:44 . 2004-08-04 12:00 20480 -c--a-w- c:\windows\system32\dllcache\inetwiz.exe
2009-11-22 22:11 . 2009-11-22 22:11 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-22 21:00 . 2009-11-22 21:00 -------- d-----w- c:\program files\MPIO
2009-11-19 21:39 . 2009-11-19 21:39 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\SLICKHOUND
2009-11-19 10:42 . 2009-11-19 10:42 -------- d-----w- c:\program files\Xmarks
2009-11-19 10:28 . 2008-02-17 15:16 90112 ----a-w- c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
2009-11-19 10:28 . 2007-12-28 09:15 172032 ----a-w- c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe
2009-11-19 10:28 . 2007-10-07 23:57 307200 ----a-w- c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe
2009-11-16 21:25 . 2009-10-20 11:33 103424 ----a-w- c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-11-16 21:25 . 2009-10-20 11:33 545280 ----a-w- c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-11-16 21:25 . 2009-10-20 11:33 4716544 ----a-w- c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\piclens@cooliris.com\components\cooliris.dll
2009-11-16 21:25 . 2009-10-20 11:33 344064 ----a-w- c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-11-16 21:25 . 2009-10-20 11:33 153600 ----a-w- c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2009-11-15 13:18 . 2009-11-16 07:20 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-15 13:16 . 2009-11-15 13:16 -------- d-----w- c:\program files\Microsoft
2009-11-13 10:34 . 2009-11-13 10:34 -------- d-----w- c:\program files\eMule
2009-11-12 13:20 . 2009-11-12 13:20 79488 ----a-w- c:\documents and settings\Aharon\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-10 22:28 . 2009-11-10 22:28 247280 ----a-w- c:\documents and settings\Aharon\Application Data\Mozilla\plugins\npgoogletalk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-07 19:22 . 2009-03-09 10:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-12-07 19:22 . 2007-10-09 19:09 25045 ----a-w- c:\windows\system32\tablet.dat
2009-12-07 17:59 . 2009-12-07 17:59 4706 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-12-07 12:30 . 2007-10-08 21:16 364648 ----a-w- c:\documents and settings\Aharon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-07 12:18 . 2007-10-08 16:50 22764 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-07 11:17 . 2009-12-07 11:17 8 ----a-w- c:\windows\system32\config\systemprofile\Application Data\fvgqad.dat
2009-12-07 11:17 . 2009-12-07 11:17 8 ----a-w- c:\documents and settings\Aharon\Application Data\fvgqad.dat
2009-12-07 11:15 . 2009-08-25 12:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-07 11:15 . 2009-09-14 15:24 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-07 09:56 . 2009-12-07 09:56 16 ----a-w- c:\documents and settings\NetworkService\Application Data\fvgqad.dat
2009-12-07 01:18 . 2009-12-07 01:18 16 ----a-w- c:\documents and settings\LocalService\Application Data\fvgqad.dat
2009-12-07 01:18 . 2009-12-07 01:18 4 ----a-w- c:\documents and settings\Aharon\Application Data\avdrn.dat
2009-12-05 19:52 . 2007-10-08 19:46 -------- d-----w- c:\documents and settings\Aharon\Application Data\U3
2009-12-03 15:27 . 2007-10-09 21:33 -------- d-----w- c:\documents and settings\Aharon\Application Data\Canon
2009-12-03 14:14 . 2009-08-25 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 14:13 . 2009-08-25 12:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-03 10:23 . 2009-12-07 11:22 195228 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2009-12-01 16:29 . 2009-03-22 17:49 -------- d-----w- c:\program files\Allway Sync
2009-12-01 10:17 . 2007-11-22 09:07 -------- d-----w- c:\program files\Google
2009-11-26 21:16 . 2008-03-11 12:27 -------- d-----w- c:\documents and settings\Aharon\Application Data\Skype
2009-11-24 15:52 . 2009-08-24 13:39 -------- d-----w- c:\program files\SLICKHOUND
2009-11-23 17:28 . 2009-02-22 13:54 -------- d-----w- c:\program files\KeePass Password Safe
2009-11-23 12:30 . 2008-03-04 07:41 -------- d-----w- c:\program files\Windows Live
2009-11-22 21:00 . 2007-10-08 19:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-15 09:15 . 2007-10-14 16:39 -------- d-----w- c:\program files\HishKal
2009-11-02 18:42 . 2009-10-12 07:51 195456 ----a-w- c:\windows\system32\MpSigStub.exe
2009-10-29 10:53 . 2009-10-29 10:53 -------- d-----w- c:\program files\GENIUS TABLET
2009-10-29 10:50 . 2009-10-27 10:59 88 --sha-r- c:\windows\system32\02B752B3C4.sys
2009-10-29 10:50 . 2009-10-27 10:59 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-10-29 10:49 . 2009-10-29 10:49 -------- d-----w- c:\program files\PENSUITEPRO
2009-10-27 12:16 . 2009-10-27 12:16 -------- d-----w- c:\documents and settings\Aharon\Application Data\Doit.im.2A4FBC65A8766CA36EFEAC67D621E1CEDF0FC84D.1
2009-10-27 12:16 . 2009-10-27 12:16 -------- d-----w- c:\program files\Doit.im
2009-10-27 12:16 . 2009-03-08 15:29 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-10-27 12:11 . 2009-12-07 17:40 38208 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-10-27 12:11 . 2009-10-27 12:16 38208 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-10-27 10:59 . 2007-10-09 21:06 -------- d-----w- c:\documents and settings\Aharon\Application Data\Corel
2009-10-27 09:02 . 2009-10-27 09:01 -------- d-----w- c:\program files\Microsoft IntelliPoint
2009-10-27 09:01 . 2009-10-27 09:01 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2009-10-27 08:55 . 2009-10-27 08:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2009-10-27 08:55 . 2007-10-09 20:52 -------- d-----w- c:\program files\Corel
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1b03039f-30ec-499c-a235-3a12b105a37e}"= "c:\program files\SLICKHOUND\tbSLI1.dll" [2009-11-24 2166296]

[HKEY_CLASSES_ROOT\clsid\{1b03039f-30ec-499c-a235-3a12b105a37e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1b03039f-30ec-499c-a235-3a12b105a37e}]
2009-11-24 15:52 2166296 ----a-w- c:\program files\SLICKHOUND\tbSLI1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1b03039f-30ec-499c-a235-3a12b105a37e}"= "c:\program files\SLICKHOUND\tbSLI1.dll" [2009-11-24 2166296]

[HKEY_CLASSES_ROOT\clsid\{1b03039f-30ec-499c-a235-3a12b105a37e}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1B03039F-30EC-499C-A235-3A12B105A37E}"= "c:\program files\SLICKHOUND\tbSLI1.dll" [2009-11-24 2166296]

[HKEY_CLASSES_ROOT\clsid\{1b03039f-30ec-499c-a235-3a12b105a37e}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2009-05-22 16:21 139264 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2009-05-22 16:21 139264 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2009-05-22 16:21 139264 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2009-05-22 16:21 139264 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Google Update"="c:\documents and settings\Aharon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-01-05 133104]
"Copernic Desktop Search - Home"="c:\program files\Copernic Desktop Search 2\DesktopSearchService.exe" [2009-03-19 1602048]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
"Xmarks"="c:\program files\Xmarks\IE Extension\xmarkssync.exe" [2009-11-12 1007616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"nwiz"="nwiz.exe" [2007-05-10 1626112]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-10-09 921600]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-18 188416]
"Omnipage"="c:\program files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 49152]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 624248]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-21 1501064]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]
"WTClient"="WTClient.exe" [2007-04-11 40960]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-10 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-10 8429568]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2007-02-03 430080]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

c:\documents and settings\Aharon\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-17 113664]
Netvision Cable Connect.url [2009-11-10 97]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Aharon^Start Menu^Programs^Startup^siszyd32.exe]
path=c:\documents and settings\Aharon\Start Menu\Programs\Startup\siszyd32.exe
backup=c:\windows\pss\siszyd32.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TabUserW.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk
backup=c:\windows\pss\TabUserW.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
2007-03-21 16:23 1953792 ----a-r- c:\windows\system32\xRaidSetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EZEHM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 18:43 69632 ----a-r- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-01-03 13:54 486856 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ginipic]
2009-02-07 17:17 159232 ----a-w- c:\program files\Ginipic\Ginipic.Bootstrapper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-03-30 07:36 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2007-03-20 14:36 36864 ----a-r- c:\windows\RaidTool\xInsIDE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-05-10 22:03 8429568 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-03-28 20:37 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-03-21 14:49 16126464 ----a-r- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-09 15:03 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Documents and Settings\\Aharon\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Aharon\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [04/11/2006 03:19 13592]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [08/10/2007 21:47 38656]
R3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\drivers\PTSimBus.sys [07/06/2007 19:16 18944]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16/01/2008 17:18 715248]
S3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\drivers\PTSimHid.sys [23/04/2007 17:28 10752]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.nana.co.il
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
FF - ProfilePath - c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\piclens@cooliris.com\components\cooliris.dll
FF - plugin: c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\Aharon\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Aharon\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-Adobe SVG Viewer - c:\program files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fc:\program files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
AddRemove-Resco Audio Recorder - c:\windows\RSetupCE.exe -uninstc:\program files\Resco\Audio Recorder\_Install.log
AddRemove-_{05D60953-9012-44DF-A1A6-9DD97AD6580A} - c:\program files\Corel\Corel Painter X\MSILauncher {05D60953-9012-44DF-A1A6-9DD97AD6580A}



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2116)
c:\program files\ScanSoft\OmniPageSE\ophook32.dll
c:\program files\SugarSync\SugarSyncShellExt.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_heb.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\crypserv.exe
c:\program files\FolderSize\FolderSizeSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Eset\nod32krn.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\Tablet.exe
c:\windows\System32\Drivers\WTSRV.EXE
c:\windows\system32\WTClient.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\WISPTIS.EXE
c:\progra~1\MICROS~3\rapimgr.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Completion time: 2009-12-07 21:29 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-07 19:28

Pre-Run: 38,977,994,752 bytes free
Post-Run: 38,986,883,072 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=3 Default=3 Failed=0 LastKnownGood=7 Sets=1,2,3,4,5,6,7
- - End Of File - - 341CF4AE698BFF616AE508EF91BFB947


Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 21:41:38, on 07/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\WTClient.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Xmarks\IE Extension\xmarkssync.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\My Documents\spyware info\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nana.co.il
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: SLICKHOUND Toolbar - {1b03039f-30ec-499c-a235-3a12b105a37e} - C:\Program Files\SLICKHOUND\tbSLI1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SLICKHOUND Toolbar - {1b03039f-30ec-499c-a235-3a12b105a37e} - C:\Program Files\SLICKHOUND\tbSLI1.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Copernic Desktop Search - Home Toolbar - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - C:\Program Files\Copernic Desktop Search 2\Toolbar\ToolbarContainer101000311.dll
O3 - Toolbar: SLICKHOUND Toolbar - {1b03039f-30ec-499c-a235-3a12b105a37e} - C:\Program Files\SLICKHOUND\tbSLI1.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Aharon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Copernic Desktop Search - Home] "C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Xmarks] C:\Program Files\Xmarks\IE Extension\xmarkssync.exe -q
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Netvision Cable Connect.url
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {638F11AA-DF27-433b-BA2E-7281CE561D71} - C:\Program Files\Xmarks\IE Extension\xmarkssync.exe (HKCU)
O9 - Extra 'Tools' menuitem: Xmarks for IE... - {638F11AA-DF27-433b-BA2E-7281CE561D71} - C:\Program Files\Xmarks\IE Extension\xmarkssync.exe (HKCU)
O9 - Extra button: iSiloX Clipper - {C86027A6-12A1-4298-B6EA-A42AC6EE6C7C} - C:\Program Files\iSilo\iSiloX\iSiloXIE.dll (HKCU)
O9 - Extra 'Tools' menuitem: iSiloX Clipper... - {C86027A6-12A1-4298-B6EA-A42AC6EE6C7C} - C:\Program Files\iSilo\iSiloX\iSiloXIE.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ent/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Unknown owner - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -win32service (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: ????? Google Update (gupdate1c9a0a1bbf2215a) (gupdate1c9a0a1bbf2215a) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE

Thanks for helping me, wonderful people out there! What do I do now?

#2 ritoun

ritoun

    Member

  • Full Member
  • Pip
  • 61 posts

Posted 07 December 2009 - 08:05 PM

oops, my hijack was oldish... Here's the one withe current version, sry.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:00:03, on 08/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\WTClient.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Xmarks\IE Extension\xmarkssync.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\explorer.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Aharon\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nana.co.il
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R3 - URLSearchHook: SLICKHOUND Toolbar - {1b03039f-30ec-499c-a235-3a12b105a37e} - C:\Program Files\SLICKHOUND\tbSLI1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SLICKHOUND Toolbar - {1b03039f-30ec-499c-a235-3a12b105a37e} - C:\Program Files\SLICKHOUND\tbSLI1.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Copernic Desktop Search - Home Toolbar - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - C:\Program Files\Copernic Desktop Search 2\Toolbar\ToolbarContainer101000311.dll
O3 - Toolbar: SLICKHOUND Toolbar - {1b03039f-30ec-499c-a235-3a12b105a37e} - C:\Program Files\SLICKHOUND\tbSLI1.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Aharon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Copernic Desktop Search - Home] "C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Xmarks] C:\Program Files\Xmarks\IE Extension\xmarkssync.exe -q
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023 (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Netvision Cable Connect.url
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {638F11AA-DF27-433b-BA2E-7281CE561D71} - C:\Program Files\Xmarks\IE Extension\xmarkssync.exe (HKCU)
O9 - Extra 'Tools' menuitem: Xmarks for IE... - {638F11AA-DF27-433b-BA2E-7281CE561D71} - C:\Program Files\Xmarks\IE Extension\xmarkssync.exe (HKCU)
O9 - Extra button: iSiloX Clipper - {C86027A6-12A1-4298-B6EA-A42AC6EE6C7C} - C:\Program Files\iSilo\iSiloX\iSiloXIE.dll (HKCU)
O9 - Extra 'Tools' menuitem: iSiloX Clipper... - {C86027A6-12A1-4298-B6EA-A42AC6EE6C7C} - C:\Program Files\iSilo\iSiloX\iSiloXIE.dll (HKCU)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ent/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B02A58C-632E-4D54-943B-550EBF2BEA41}: NameServer = 212.143.212.143 194.90.1.5
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: ????? Google Update (gupdate1c9a0a1bbf2215a) (gupdate1c9a0a1bbf2215a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE

--
End of file - 12774 bytes

#3 ritoun

ritoun

    Member

  • Full Member
  • Pip
  • 61 posts

Posted 09 December 2009 - 05:26 AM

Hi there... nobody replied so I tried a few things in the meantime.
First, I saw somewhere that the issue with atapi.sys had to do with Daemon tools, which I disabled. Now my comp seems to work, and I see no sign of blue screen. But the Windows screen at the very beginning of start up remains long "greyed" (15 secs), then Windows actually begins. My comp is quite slow too.
Also, I don't know if it has to do with Windows Repair, but I had a lot of (70+) updates incl security updates from Windows Update.
SO I did install all of the updates, and I thought it might be a good idea to post new logs after all that process. So here they are:

Combofix:
ComboFix 09-12-08.04 - Aharon 12/09/2009 11:52:43.3.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.1023.506 [GMT 2:00]
Running from: c:\documents and settings\Aharon\Desktop\ComboFix.exe
AV: Eset NOD32 antivirus system 2.51 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2009-11-09 to 2009-12-09 )))))))))))))))))))))))))))))))
.

2009-12-08 21:14 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2009-12-08 21:13 . 2009-10-29 07:45 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-08 21:13 . 2009-10-29 07:45 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-08 21:13 . 2009-10-29 07:45 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-12-08 21:13 . 2009-10-29 07:45 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-08 21:13 . 2009-10-29 07:45 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-12-08 21:13 . 2009-10-29 07:45 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-12-08 19:13 . 2007-12-30 03:01 307200 ----a-w- c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe
2009-12-08 19:13 . 2007-12-30 03:01 172032 ----a-w- c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe
2009-12-08 19:13 . 2007-12-30 03:01 90112 ----a-w- c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
2009-12-08 12:38 . 2009-12-08 12:38 1962544 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-12-08 12:01 . 2009-12-08 12:56 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-12-08 11:09 . 2009-12-08 11:09 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-12-08 11:01 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-12-08 10:15 . 2004-08-04 12:00 403 -c----w- c:\windows\system32\dllcache\npdrmv2.zip
2009-12-08 10:15 . 2004-08-04 12:00 22060 -c----w- c:\windows\system32\dllcache\npds.zip
2009-12-08 10:15 . 2009-07-31 08:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2009-12-08 10:15 . 2008-04-13 17:27 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2009-12-08 10:14 . 2008-04-14 00:11 81920 ------w- c:\windows\system32\ieencode.dll
2009-12-08 10:14 . 2008-04-14 00:12 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2009-12-08 07:17 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-12-08 07:13 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-12-08 07:12 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-12-08 07:12 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-12-08 07:12 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-12-08 07:12 . 2009-06-25 08:25 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-12-08 07:12 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-12-08 07:12 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-12-08 07:12 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-12-08 07:12 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-12-08 07:12 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-12-08 07:12 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-12-08 07:08 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-12-08 07:08 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-12-08 07:08 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-12-08 07:07 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-12-08 07:07 . 2009-08-04 15:13 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-08 07:07 . 2009-08-04 14:20 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-08 07:07 . 2009-08-04 14:20 2066048 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-08 07:06 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-08 01:12 . 2009-06-30 07:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-12-08 01:12 . 2009-12-08 01:12 -------- d-----w- c:\program files\Panda Security
2009-12-07 19:49 . 2009-12-07 20:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-07 19:49 . 2009-12-07 20:03 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-07 17:41 . 2009-12-07 17:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-12-07 12:21 . 2008-04-14 00:09 315455 -c--a-w- c:\windows\system32\dllcache\imskf.dll
2009-12-07 11:58 . 2004-08-04 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-12-07 11:58 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2009-12-07 11:58 . 2004-08-04 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-12-07 11:58 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-12-07 09:44 . 2004-08-04 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2009-11-22 22:11 . 2009-11-22 22:11 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-22 21:00 . 2009-11-22 21:00 -------- d-----w- c:\program files\MPIO
2009-11-19 21:39 . 2009-11-19 21:39 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\SLICKHOUND
2009-11-19 10:42 . 2009-11-19 10:42 -------- d-----w- c:\program files\Xmarks
2009-11-16 21:25 . 2009-10-20 11:33 103424 ----a-w- c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-11-16 21:25 . 2009-10-20 11:33 545280 ----a-w- c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-11-16 21:25 . 2009-10-20 11:33 4716544 ----a-w- c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\piclens@cooliris.com\components\cooliris.dll
2009-11-16 21:25 . 2009-10-20 11:33 344064 ----a-w- c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-11-16 21:25 . 2009-10-20 11:33 153600 ----a-w- c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2009-11-15 13:18 . 2009-11-16 07:20 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-15 13:16 . 2009-11-15 13:16 -------- d-----w- c:\program files\Microsoft
2009-11-13 10:34 . 2009-11-13 10:34 -------- d-----w- c:\program files\eMule
2009-11-12 13:20 . 2009-11-12 13:20 79488 ----a-w- c:\documents and settings\Aharon\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-10 22:28 . 2009-11-10 22:28 247280 ----a-w- c:\documents and settings\Aharon\Application Data\Mozilla\plugins\npgoogletalk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-09 05:14 . 2007-10-09 19:09 25045 ----a-w- c:\windows\system32\tablet.dat
2009-12-08 20:23 . 2009-03-09 10:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-12-08 10:46 . 2007-10-08 21:16 364648 ----a-w- c:\documents and settings\Aharon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-07 12:18 . 2007-10-08 16:50 22764 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-07 11:17 . 2009-12-07 11:17 8 ----a-w- c:\windows\system32\config\systemprofile\Application Data\fvgqad.dat
2009-12-07 11:17 . 2009-12-07 11:17 8 ----a-w- c:\documents and settings\Aharon\Application Data\fvgqad.dat
2009-12-07 11:15 . 2009-08-25 12:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-07 11:15 . 2009-09-14 15:24 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-07 09:56 . 2009-12-07 09:56 16 ----a-w- c:\documents and settings\NetworkService\Application Data\fvgqad.dat
2009-12-07 01:18 . 2009-12-07 01:18 16 ----a-w- c:\documents and settings\LocalService\Application Data\fvgqad.dat
2009-12-07 01:18 . 2009-12-07 01:18 4 ----a-w- c:\documents and settings\Aharon\Application Data\avdrn.dat
2009-12-05 19:52 . 2007-10-08 19:46 -------- d-----w- c:\documents and settings\Aharon\Application Data\U3
2009-12-03 15:27 . 2007-10-09 21:33 -------- d-----w- c:\documents and settings\Aharon\Application Data\Canon
2009-12-03 14:14 . 2009-08-25 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 14:13 . 2009-08-25 12:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-01 16:29 . 2009-03-22 17:49 -------- d-----w- c:\program files\Allway Sync
2009-12-01 10:17 . 2007-11-22 09:07 -------- d-----w- c:\program files\Google
2009-11-26 21:16 . 2008-03-11 12:27 -------- d-----w- c:\documents and settings\Aharon\Application Data\Skype
2009-11-24 15:52 . 2009-08-24 13:39 -------- d-----w- c:\program files\SLICKHOUND
2009-11-23 17:28 . 2009-02-22 13:54 -------- d-----w- c:\program files\KeePass Password Safe
2009-11-23 12:30 . 2008-03-04 07:41 -------- d-----w- c:\program files\Windows Live
2009-11-22 21:00 . 2007-10-08 19:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-21 15:51 . 2004-08-04 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-15 09:15 . 2007-10-14 16:39 -------- d-----w- c:\program files\HishKal
2009-11-02 18:42 . 2009-10-12 07:51 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 10:53 . 2009-10-29 10:53 -------- d-----w- c:\program files\GENIUS TABLET
2009-10-29 10:50 . 2009-10-27 10:59 88 --sha-r- c:\windows\system32\02B752B3C4.sys
2009-10-29 10:50 . 2009-10-27 10:59 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-10-29 10:49 . 2009-10-29 10:49 -------- d-----w- c:\program files\PENSUITEPRO
2009-10-29 07:45 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 12:16 . 2009-10-27 12:16 -------- d-----w- c:\documents and settings\Aharon\Application Data\Doit.im.2A4FBC65A8766CA36EFEAC67D621E1CEDF0FC84D.1
2009-10-27 12:16 . 2009-10-27 12:16 -------- d-----w- c:\program files\Doit.im
2009-10-27 12:16 . 2009-03-08 15:29 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-10-27 12:11 . 2009-12-07 17:40 38208 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-10-27 12:11 . 2009-10-27 12:16 38208 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-10-27 10:59 . 2007-10-09 21:06 -------- d-----w- c:\documents and settings\Aharon\Application Data\Corel
2009-10-27 09:02 . 2009-10-27 09:01 -------- d-----w- c:\program files\Microsoft IntelliPoint
2009-10-27 09:01 . 2009-10-27 09:01 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2009-10-27 08:55 . 2009-10-27 08:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2009-10-27 08:55 . 2007-10-09 20:52 -------- d-----w- c:\program files\Corel
2009-10-21 05:38 . 2004-08-04 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2004-08-04 12:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-04 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-09-11 14:18 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-12-07_19.24.36 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-16 09:59 . 2008-04-14 00:12 57344 c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcirt.dll
+ 2009-12-08 10:14 . 2008-04-14 00:12 57344 c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcirt.dll
- 2008-09-16 09:59 . 2008-04-14 00:12 74802 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll
+ 2009-12-08 10:14 . 2008-04-14 00:12 74802 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 50688 c:\windows\twain_32.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 50688 c:\windows\twain_32.dll
+ 2009-12-09 06:15 . 2009-12-09 06:15 16384 c:\windows\Temp\Perflib_Perfdata_9c.dat
+ 2009-12-09 05:14 . 2009-12-09 05:14 16384 c:\windows\Temp\Perflib_Perfdata_178.dat
+ 2007-10-08 16:49 . 2008-04-14 00:12 11776 c:\windows\system32\xolehlp.dll
- 2007-10-08 16:49 . 2004-08-04 12:00 11776 c:\windows\system32\xolehlp.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 50176 c:\windows\system32\xmlprovi.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 50176 c:\windows\system32\xmlprovi.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 30720 c:\windows\system32\xcopy.exe
- 2004-08-04 12:00 . 2004-08-04 12:00 30720 c:\windows\system32\xcopy.exe
- 2004-08-04 12:00 . 2004-08-04 12:00 91648 c:\windows\system32\xactsrv.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 91648 c:\windows\system32\xactsrv.dll
+ 2004-08-04 00:56 . 2008-04-14 00:12 52736 c:\windows\system32\wzcsapi.dll
+ 2007-10-08 16:51 . 2009-08-06 17:24 35552 c:\windows\system32\wups.dll
+ 2007-10-08 16:51 . 2009-08-06 17:24 53472 c:\windows\system32\wuauclt.exe
- 2004-08-04 12:00 . 2004-08-04 12:00 18432 c:\windows\system32\wtsapi32.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 18432 c:\windows\system32\wtsapi32.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 50688 c:\windows\system32\wstdecod.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 50688 c:\windows\system32\wstdecod.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 22528 c:\windows\system32\wsock32.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 22528 c:\windows\system32\wsock32.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 41984 c:\windows\system32\wsnmp32.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 19456 c:\windows\system32\wshtcpip.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 11264 c:\windows\system32\wshrm.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 14336 c:\windows\system32\wship6.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 14336 c:\windows\system32\wship6.dll
+ 2004-08-04 12:00 . 2008-05-09 10:53 90112 c:\windows\system32\wshext.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 36864 c:\windows\system32\wshcon.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 80896 c:\windows\system32\wscsvc.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 13824 c:\windows\system32\wscntfy.exe
- 2004-08-04 12:00 . 2004-08-04 12:00 13824 c:\windows\system32\wscntfy.exe
- 2004-08-04 12:00 . 2004-08-04 12:00 19968 c:\windows\system32\ws2help.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 19968 c:\windows\system32\ws2help.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 82432 c:\windows\system32\ws2_32.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 11264 c:\windows\system32\wpnpinst.exe
- 2004-08-04 12:00 . 2004-08-04 12:00 32256 c:\windows\system32\wpabaln.exe
+ 2004-08-04 12:00 . 2008-04-14 00:12 32256 c:\windows\system32\wpabaln.exe
- 2004-08-04 12:00 . 2004-08-04 12:00 20480 c:\windows\system32\wmpui.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 20480 c:\windows\system32\wmpui.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 20480 c:\windows\system32\wmpcore.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 20480 c:\windows\system32\wmpcore.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 20480 c:\windows\system32\wmpcd.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 20480 c:\windows\system32\wmpcd.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 23552 c:\windows\system32\wmdmps.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 23552 c:\windows\system32\wmdmps.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 27136 c:\windows\system32\wmdmlog.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 27136 c:\windows\system32\wmdmlog.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 92672 c:\windows\system32\wlnotify.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 92672 c:\windows\system32\wlnotify.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 53760 c:\windows\system32\winsta.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 53760 c:\windows\system32\winsta.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 17408 c:\windows\system32\winshfhc.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 17408 c:\windows\system32\winshfhc.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 99328 c:\windows\system32\winscard.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 99328 c:\windows\system32\winscard.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 16896 c:\windows\system32\winrnr.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 16896 c:\windows\system32\winrnr.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 32256 c:\windows\system32\winipsec.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 75776 c:\windows\system32\wiascr.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 75776 c:\windows\system32\wiascr.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 65024 c:\windows\system32\wextract.exe
+ 2004-08-04 12:00 . 2008-04-14 00:12 68096 c:\windows\system32\webclnt.dll
+ 2004-08-04 00:56 . 2008-04-14 00:12 23552 c:\windows\system32\wdmaud.drv
- 2004-08-04 00:56 . 2004-08-04 12:00 23552 c:\windows\system32\wdmaud.drv
+ 2004-08-04 12:00 . 2009-06-25 08:25 54272 c:\windows\system32\wdigest.dll
+ 2007-10-08 16:49 . 2008-04-14 00:12 95232 c:\windows\system32\wbem\wmiutils.dll
- 2007-10-08 16:49 . 2004-08-04 12:00 95232 c:\windows\system32\wbem\wmiutils.dll
- 2007-10-08 16:49 . 2004-08-04 12:00 41472 c:\windows\system32\wbem\wmipsess.dll
+ 2007-10-08 16:49 . 2008-04-14 00:12 41472 c:\windows\system32\wbem\wmipsess.dll
+ 2007-10-08 16:49 . 2008-04-14 00:12 62464 c:\windows\system32\wbem\wmipjobj.dll
+ 2007-10-08 16:49 . 2008-04-14 00:12 61952 c:\windows\system32\wbem\wmipiprt.dll
- 2007-10-08 16:49 . 2004-08-04 12:00 60928 c:\windows\system32\wbem\wmicookr.dll
+ 2007-10-08 16:49 . 2008-04-14 00:12 60928 c:\windows\system32\wbem\wmicookr.dll
+ 2007-10-08 16:49 . 2008-04-14 00:12 88576 c:\windows\system32\wbem\wmiaprpl.dll
- 2007-10-08 16:49 . 2004-08-04 12:00 43520 c:\windows\system32\wbem\wbemsvc.dll
+ 2007-10-08 16:49 . 2008-04-14 00:12 43520 c:\windows\system32\wbem\wbemsvc.dll
- 2007-10-08 16:49 . 2004-08-04 12:00 18944 c:\windows\system32\wbem\wbemprox.dll
+ 2007-10-08 16:49 . 2008-04-14 00:12 18944 c:\windows\system32\wbem\wbemprox.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 43008 c:\windows\system32\wbem\wbemperf.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 43008 c:\windows\system32\wbem\wbemperf.dll
+ 2007-10-08 16:49 . 2008-04-14 00:12 71680 c:\windows\system32\wbem\wbemcons.dll
- 2007-10-08 16:49 . 2004-08-04 12:00 71680 c:\windows\system32\wbem\wbemcons.dll
- 2007-10-08 16:49 . 2004-08-04 12:00 86528 c:\windows\system32\wbem\stdprov.dll
+ 2007-10-08 16:49 . 2008-04-14 00:12 86528 c:\windows\system32\wbem\stdprov.dll
+ 2007-10-08 16:49 . 2008-04-14 00:12 36352 c:\windows\system32\wbem\scrcons.exe
+ 2007-10-08 16:49 . 2008-04-14 00:12 92672 c:\windows\system32\wbem\policman.dll
- 2007-10-08 16:49 . 2004-08-04 12:00 92672 c:\windows\system32\wbem\policman.dll
- 2007-10-08 16:49 . 2004-08-04 12:00 47104 c:\windows\system32\wbem\ncprov.dll
+ 2007-10-08 16:49 . 2008-04-14 00:12 47104 c:\windows\system32\wbem\ncprov.dll
- 2007-10-08 16:49 . 2004-08-04 12:00 16384 c:\windows\system32\wbem\mofcomp.exe
+ 2007-10-08 16:49 . 2008-04-14 00:12 16384 c:\windows\system32\wbem\mofcomp.exe
+ 2007-10-08 16:49 . 2008-04-14 00:11 24576 c:\windows\system32\wbem\krnlprov.dll
- 2007-10-08 16:49 . 2004-08-04 12:00 24576 c:\windows\system32\wbem\krnlprov.dll
+ 2004-08-04 12:00 . 2008-04-14 00:11 21504 c:\windows\system32\wbem\evntrprv.dll
+ 2004-08-04 12:00 . 2008-04-14 00:11 45056 c:\windows\system32\wbem\cmdevtgprov.dll
+ 2004-08-04 12:00 . 2008-04-13 18:44 17664 c:\windows\system32\watchdog.sys
- 2004-08-04 12:00 . 2004-08-04 12:00 17664 c:\windows\system32\watchdog.sys
+ 2004-08-04 12:00 . 2008-04-14 00:12 15872 c:\windows\system32\w3ssl.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 15872 c:\windows\system32\w3ssl.dll
- 2007-10-31 23:54 . 2004-08-03 22:56 53760 c:\windows\system32\vfwwdm32.dll
+ 2007-10-31 23:54 . 2008-04-14 00:12 53760 c:\windows\system32\vfwwdm32.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 18944 c:\windows\system32\version.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 18944 c:\windows\system32\version.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 26624 c:\windows\system32\verifier.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 51712 c:\windows\system32\vdmredir.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 51712 c:\windows\system32\vdmredir.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 26112 c:\windows\system32\vdmdbg.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 26112 c:\windows\system32\vdmdbg.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 30749 c:\windows\system32\vbajet32.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 30749 c:\windows\system32\vbajet32.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 50176 c:\windows\system32\utilman.exe
- 2004-08-04 12:00 . 2004-08-04 12:00 50176 c:\windows\system32\utilman.exe
- 2004-08-04 12:00 . 2004-08-04 12:00 19968 c:\windows\system32\usmt\log.dll
+ 2004-08-04 12:00 . 2008-04-14 00:11 19968 c:\windows\system32\usmt\log.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 26112 c:\windows\system32\userinit.exe
- 2004-08-04 00:56 . 2004-08-04 12:00 74240 c:\windows\system32\usbui.dll
+ 2004-08-04 00:56 . 2008-04-14 00:12 74240 c:\windows\system32\usbui.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 16896 c:\windows\system32\usbmon.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 16896 c:\windows\system32\usbmon.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 18432 c:\windows\system32\ups.exe
- 2004-08-04 12:00 . 2004-08-04 12:00 18432 c:\windows\system32\ups.exe
+ 2004-08-04 12:00 . 2008-04-14 00:12 16896 c:\windows\system32\upnpcont.exe
- 2004-08-04 12:00 . 2004-08-04 12:00 16896 c:\windows\system32\upnpcont.exe
+ 2004-08-04 12:00 . 2008-04-14 00:12 13824 c:\windows\system32\uniplat.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 13824 c:\windows\system32\uniplat.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 74240 c:\windows\system32\unimdmat.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 74240 c:\windows\system32\unimdmat.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 35840 c:\windows\system32\umandlg.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 35840 c:\windows\system32\umandlg.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 26624 c:\windows\system32\udhisapi.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 57856 c:\windows\system32\twext.dll
+ 2004-08-04 12:00 . 2008-04-14 00:13 12168 c:\windows\system32\tsddd.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 12168 c:\windows\system32\tsddd.dll
+ 2007-10-08 16:49 . 2008-04-14 00:12 93696 c:\windows\system32\tscfgwmi.dll
- 2007-10-08 16:49 . 2004-08-04 12:00 93696 c:\windows\system32\tscfgwmi.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 90112 c:\windows\system32\trkwks.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 12800 c:\windows\system32\tree.com
- 2004-08-04 12:00 . 2004-08-04 12:00 12288 c:\windows\system32\tracert.exe
+ 2004-08-04 12:00 . 2008-04-14 00:12 12288 c:\windows\system32\tracert.exe
- 2004-08-04 12:00 . 2004-08-04 12:00 73216 c:\windows\system32\tlntsvr.exe
+ 2004-08-04 12:00 . 2008-04-14 00:12 73216 c:\windows\system32\tlntsvr.exe
+ 2004-08-04 12:00 . 2009-06-12 12:31 80896 c:\windows\system32\tlntsess.exe
+ 2004-08-04 12:00 . 2008-04-14 00:12 61440 c:\windows\system32\tlntadmn.exe
- 2004-08-04 12:00 . 2004-08-04 12:00 61440 c:\windows\system32\tlntadmn.exe
+ 2004-08-04 12:00 . 2009-06-12 12:31 76288 c:\windows\system32\telnet.exe
+ 2004-08-04 12:00 . 2008-04-14 00:12 45568 c:\windows\system32\tcpmonui.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 45568 c:\windows\system32\tcpmonui.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 45568 c:\windows\system32\tcpmon.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 45568 c:\windows\system32\tcpmon.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 14848 c:\windows\system32\tcpmib.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 14848 c:\windows\system32\tcpmib.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 77824 c:\windows\system32\tasklist.exe
+ 2004-08-04 12:00 . 2008-04-14 00:12 76288 c:\windows\system32\taskkill.exe
+ 2004-08-04 12:00 . 2008-04-14 00:12 71680 c:\windows\system32\systeminfo.exe
- 2004-08-04 12:00 . 2004-08-04 12:00 57856 c:\windows\system32\synceng.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 57856 c:\windows\system32\synceng.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 14336 c:\windows\system32\svchost.exe
+ 2004-08-04 12:00 . 2008-04-14 00:12 14336 c:\windows\system32\svchost.exe
+ 2007-10-08 09:34 . 2008-04-14 00:12 74752 c:\windows\system32\storprop.dll
- 2007-10-08 09:34 . 2004-08-03 22:56 74752 c:\windows\system32\storprop.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 14848 c:\windows\system32\stimon.exe
- 2004-08-04 12:00 . 2004-08-04 12:00 14848 c:\windows\system32\stimon.exe
+ 2004-08-04 12:00 . 2008-04-14 00:12 68096 c:\windows\system32\sti.dll
+ 2007-10-08 16:49 . 2008-04-14 00:12 59392 c:\windows\system32\stclient.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 14336 c:\windows\system32\ssstars.scr
- 2004-08-04 12:00 . 2004-08-04 12:00 14336 c:\windows\system32\ssstars.scr
+ 2004-08-04 12:00 . 2008-04-14 00:12 18944 c:\windows\system32\ssmyst.scr
- 2004-08-04 12:00 . 2004-08-04 12:00 18944 c:\windows\system32\ssmyst.scr
+ 2004-08-04 12:00 . 2008-04-14 00:12 47104 c:\windows\system32\ssmypics.scr
- 2004-08-04 12:00 . 2004-08-04 12:00 47104 c:\windows\system32\ssmypics.scr
+ 2004-08-04 12:00 . 2008-04-14 00:12 20992 c:\windows\system32\ssmarque.scr
- 2004-08-04 12:00 . 2004-08-04 12:00 20992 c:\windows\system32\ssmarque.scr
+ 2004-08-04 12:00 . 2008-04-14 00:12 71680 c:\windows\system32\ssdpsrv.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 71680 c:\windows\system32\ssdpsrv.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 34816 c:\windows\system32\ssdpapi.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 34816 c:\windows\system32\ssdpapi.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 19968 c:\windows\system32\ssbezier.scr
- 2004-08-04 12:00 . 2004-08-04 12:00 19968 c:\windows\system32\ssbezier.scr
+ 2004-08-04 12:00 . 2008-04-14 00:12 96768 c:\windows\system32\srvsvc.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 96768 c:\windows\system32\srvsvc.dll
+ 2007-10-08 16:51 . 2008-04-14 00:12 67584 c:\windows\system32\srclient.dll
- 2007-10-08 16:51 . 2004-08-04 12:00 67584 c:\windows\system32\srclient.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 57856 c:\windows\system32\spoolsv.exe
- 2004-08-04 12:00 . 2004-08-04 12:00 57856 c:\windows\system32\spoolsv.exe
+ 2004-08-04 12:00 . 2008-04-14 00:12 75264 c:\windows\system32\spoolss.dll
+ 2004-08-04 12:00 . 2008-04-14 03:42 11264 c:\windows\system32\spnpinst.exe
+ 2004-08-04 12:00 . 2008-04-13 18:43 12800 c:\windows\system32\spiisupd.exe
- 2004-08-04 12:00 . 2004-08-04 12:00 12800 c:\windows\system32\spiisupd.exe
+ 2004-08-04 12:00 . 2008-04-14 00:12 24576 c:\windows\system32\sort.exe
+ 2004-08-04 12:00 . 2008-04-14 00:12 18944 c:\windows\system32\snmpapi.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 18944 c:\windows\system32\snmpapi.dll
+ 2008-09-16 09:59 . 2008-04-14 00:12 10752 c:\windows\system32\smtpapi.dll
- 2008-09-16 09:59 . 2004-08-04 12:00 10752 c:\windows\system32\smtpapi.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 50688 c:\windows\system32\smss.exe
- 2004-08-04 12:00 . 2004-08-04 12:00 50688 c:\windows\system32\smss.exe
- 2004-08-04 12:00 . 2004-08-04 12:00 89600 c:\windows\system32\smlogsvc.exe
+ 2004-08-04 12:00 . 2008-04-14 00:12 89600 c:\windows\system32\smlogsvc.exe
- 2008-09-16 09:59 . 2004-08-03 22:56 73796 c:\windows\system32\slserv.exe
+ 2008-09-16 09:59 . 2008-04-14 00:12 73796 c:\windows\system32\slserv.exe
+ 2008-09-16 09:59 . 2008-04-14 00:12 73832 c:\windows\system32\slcoinst.dll
- 2008-09-16 09:59 . 2004-08-03 22:56 73832 c:\windows\system32\slcoinst.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 98304 c:\windows\system32\slbiop.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 98304 c:\windows\system32\slbiop.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 25088 c:\windows\system32\slayerxp.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 25088 c:\windows\system32\slayerxp.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 26112 c:\windows\system32\skeys.exe
- 2004-08-04 12:00 . 2004-08-04 12:00 26112 c:\windows\system32\skeys.exe
+ 2004-08-04 12:00 . 2008-04-14 00:12 70144 c:\windows\system32\sigverif.exe
- 2004-08-04 12:00 . 2004-08-04 12:00 70144 c:\windows\system32\sigverif.exe
- 2004-08-04 12:00 . 2004-08-04 12:00 13312 c:\windows\system32\sigtab.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 13312 c:\windows\system32\sigtab.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 19456 c:\windows\system32\shutdown.exe
+ 2004-08-04 12:00 . 2008-04-14 00:12 19456 c:\windows\system32\shutdown.exe
+ 2004-08-04 12:00 . 2008-04-14 00:12 27648 c:\windows\system32\shscrap.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 27648 c:\windows\system32\shscrap.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 77824 c:\windows\system32\shrpubw.exe
- 2004-08-04 12:00 . 2004-08-04 12:00 77824 c:\windows\system32\shrpubw.exe
+ 2004-08-04 12:00 . 2008-04-14 00:12 45056 c:\windows\system32\shmgrate.exe
+ 2004-08-04 12:00 . 2008-04-14 00:12 65024 c:\windows\system32\shimeng.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 68096 c:\windows\system32\shgina.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 68096 c:\windows\system32\shgina.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 25088 c:\windows\system32\shfolder.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 25088 c:\windows\system32\shfolder.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 33792 c:\windows\system32\Setup\tabletoc.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 33792 c:\windows\system32\Setup\tabletoc.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 17408 c:\windows\system32\Setup\ocmsn.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 17408 c:\windows\system32\Setup\ocmsn.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 15360 c:\windows\system32\Setup\ocgen.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 62976 c:\windows\system32\Setup\ntoc.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 62976 c:\windows\system32\Setup\ntoc.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 77312 c:\windows\system32\Setup\netoc.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 77312 c:\windows\system32\Setup\netoc.dll
+ 2004-08-04 12:00 . 2008-04-14 00:11 15360 c:\windows\system32\Setup\msgrocm.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 15360 c:\windows\system32\Setup\msgrocm.dll
+ 2004-08-04 12:00 . 2008-04-14 00:11 90112 c:\windows\system32\Setup\msdtcstp.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 16896 c:\windows\system32\Setup\medctroc.dll
+ 2004-08-04 12:00 . 2008-04-14 00:11 16896 c:\windows\system32\Setup\medctroc.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 32828 c:\windows\system32\Setup\fp40ext.dll
+ 2004-08-04 12:00 . 2008-04-14 00:11 32828 c:\windows\system32\Setup\fp40ext.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 23040 c:\windows\system32\setup.exe
- 2004-08-04 12:00 . 2004-08-04 12:00 23040 c:\windows\system32\setup.exe
+ 2004-08-04 12:00 . 2008-04-14 00:12 31232 c:\windows\system32\sethc.exe
- 2004-08-04 12:00 . 2004-08-04 12:00 31232 c:\windows\system32\sethc.exe
+ 2007-10-08 16:49 . 2008-04-14 00:12 56320 c:\windows\system32\servdeps.dll
- 2007-10-08 16:49 . 2004-08-04 12:00 56320 c:\windows\system32\servdeps.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 39424 c:\windows\system32\sens.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 54784 c:\windows\system32\sendmail.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 29184 c:\windows\system32\sendcmsg.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 29184 c:\windows\system32\sendcmsg.dll
+ 2004-08-04 12:00 . 2009-06-25 08:25 56832 c:\windows\system32\secur32.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 18944 c:\windows\system32\seclogon.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 18944 c:\windows\system32\seclogon.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 18944 c:\windows\system32\secedit.exe
- 2004-08-04 12:00 . 2004-08-04 12:00 29184 c:\windows\system32\sdhcinst.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 29184 c:\windows\system32\sdhcinst.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 77312 c:\windows\system32\sdbinst.exe
- 2004-08-04 12:00 . 2004-08-04 12:00 77312 c:\windows\system32\sdbinst.exe
+ 2004-08-04 12:00 . 2008-04-14 00:12 20480 c:\windows\system32\sclgntfy.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 95744 c:\windows\system32\scardsvr.exe
+ 2004-08-04 12:00 . 2008-04-14 00:12 95744 c:\windows\system32\scardsvr.exe
- 2004-08-04 12:00 . 2004-08-04 12:00 69632 c:\windows\system32\scarddlg.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 69632 c:\windows\system32\scarddlg.dll
+ 2004-08-04 12:00 . 2009-02-06 10:39 35328 c:\windows\system32\sc.exe
- 2004-08-04 12:00 . 2004-08-04 12:00 13312 c:\windows\system32\savedump.exe
+ 2004-08-04 12:00 . 2008-04-14 00:12 13312 c:\windows\system32\savedump.exe
- 2004-08-04 12:00 . 2004-08-04 12:00 64000 c:\windows\system32\samlib.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 64000 c:\windows\system32\samlib.dll
+ 2007-10-08 16:51 . 2008-04-14 00:12 45568 c:\windows\system32\safrslv.dll
- 2007-10-08 16:51 . 2004-08-04 12:00 45568 c:\windows\system32\safrslv.dll
- 2007-10-08 16:51 . 2004-08-04 12:00 29696 c:\windows\system32\safrdm.dll
+ 2007-10-08 16:51 . 2008-04-14 00:12 29696 c:\windows\system32\safrdm.dll
- 2007-10-08 16:51 . 2004-08-04 12:00 43520 c:\windows\system32\safrcdlg.dll
+ 2007-10-08 16:51 . 2008-04-14 00:12 43520 c:\windows\system32\safrcdlg.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 14336 c:\windows\system32\runonce.exe
- 2004-08-04 12:00 . 2004-08-04 12:00 14336 c:\windows\system32\runonce.exe
+ 2004-08-04 12:00 . 2008-04-14 00:12 33280 c:\windows\system32\rundll32.exe
- 2004-08-04 12:00 . 2004-08-04 12:00 33280 c:\windows\system32\rundll32.exe
- 2004-08-04 12:00 . 2004-08-04 12:00 44032 c:\windows\system32\rtutils.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 44032 c:\windows\system32\rtutils.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 31744 c:\windows\system32\rtipxmib.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 31744 c:\windows\system32\rtipxmib.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 77312 c:\windows\system32\rtcshare.exe
+ 2004-08-04 12:00 . 2008-04-14 00:12 77312 c:\windows\system32\rtcshare.exe
+ 2004-08-04 12:00 . 2008-04-14 00:12 92672 c:\windows\system32\rsvpsp.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 18944 c:\windows\system32\rsmps.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 18944 c:\windows\system32\rsmps.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 39936 c:\windows\system32\rshx32.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 39936 c:\windows\system32\rshx32.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 14848 c:\windows\system32\rsh.exe
- 2004-08-04 12:00 . 2004-08-04 12:00 14848 c:\windows\system32\rsh.exe
- 2004-08-04 12:00 . 2004-08-04 12:00 13824 c:\windows\system32\rexec.exe
+ 2004-08-04 12:00 . 2008-04-14 00:12 13824 c:\windows\system32\rexec.exe
+ 2004-08-04 12:00 . 2008-04-14 00:12 58880 c:\windows\system32\resutils.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 58880 c:\windows\system32\resutils.dll
- 2007-10-08 16:49 . 2004-08-04 12:00 60416 c:\windows\system32\remotepg.dll
+ 2007-10-08 16:49 . 2008-04-14 00:12 60416 c:\windows\system32\remotepg.dll
+ 2009-12-08 12:09 . 2004-08-04 12:00 36096 c:\windows\system32\ReinstallBackups\0029\DriverFiles\i386\intelppm.sys
+ 2009-12-08 12:09 . 2004-08-04 12:00 36096 c:\windows\system32\ReinstallBackups\0028\DriverFiles\i386\intelppm.sys
+ 2009-12-08 12:09 . 2004-08-04 12:00 36096 c:\windows\system32\ReinstallBackups\0027\DriverFiles\i386\intelppm.sys
+ 2009-12-08 12:09 . 2004-08-04 12:00 36096 c:\windows\system32\ReinstallBackups\0026\DriverFiles\i386\intelppm.sys
- 2004-08-04 12:00 . 2004-08-04 12:00 11776 c:\windows\system32\regsvr32.exe
+ 2004-08-04 12:00 . 2008-04-14 00:12 11776 c:\windows\system32\regsvr32.exe
- 2004-08-04 12:00 . 2004-08-04 12:00 59904 c:\windows\system32\regsvc.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 59904 c:\windows\system32\regsvc.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 49664 c:\windows\system32\regapi.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 49664 c:\windows\system32\regapi.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 50176 c:\windows\system32\reg.exe
+ 2004-08-04 12:00 . 2008-04-14 00:12 50176 c:\windows\system32\reg.exe
- 2007-10-08 16:49 . 2004-08-04 12:00 67072 c:\windows\system32\rdshost.exe
+ 2007-10-08 16:49 . 2008-04-14 00:12 67072 c:\windows\system32\rdshost.exe
- 2007-10-08 16:49 . 2004-08-04 12:00 13824 c:\windows\system32\rdsaddin.exe
+ 2007-10-08 16:49 . 2008-04-14 00:12 13824 c:\windows\system32\rdsaddin.exe
+ 2007-10-08 16:49 . 2008-04-14 00:13 87176 c:\windows\system32\rdpwsx.dll
- 2007-10-08 16:49 . 2004-08-04 12:00 87176 c:\windows\system32\rdpwsx.dll
- 2007-10-08 16:49 . 2004-08-04 12:00 19968 c:\windows\system32\rdpsnd.dll
+ 2007-10-08 16:49 . 2008-04-14 00:12 19968 c:\windows\system32\rdpsnd.dll
+ 2004-08-04 12:00 . 2008-04-14 00:13 92424 c:\windows\system32\rdpdd.dll
+ 2007-10-08 16:49 . 2008-04-14 00:12 62976 c:\windows\system32\rdpclip.exe
+ 2004-08-04 12:00 . 2008-04-14 00:12 21504 c:\windows\system32\rcp.exe
- 2004-08-04 12:00 . 2004-08-04 12:00 21504 c:\windows\system32\rcp.exe
- 2004-08-04 12:00 . 2004-08-04 12:00 35840 c:\windows\system32\rcimlby.exe
+ 2004-08-04 12:00 . 2008-04-14 00:12 35840 c:\windows\system32\rcimlby.exe
+ 2004-08-04 12:00 . 2008-04-14 00:12 58368 c:\windows\system32\rastapi.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 16384 c:\windows\system32\rassapi.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 56832 c:\windows\system32\rasphone.exe
+ 2004-08-04 12:00 . 2008-04-14 00:12 56832 c:\windows\system32\rasphone.exe
+ 2004-08-04 12:00 . 2008-04-14 00:12 61440 c:\windows\system32\rasman.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 61440 c:\windows\system32\rasman.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 88576 c:\windows\system32\rasauto.dll
- 2007-10-08 16:51 . 2004-08-04 12:00 43520 c:\windows\system32\racpldlg.dll
+ 2007-10-08 16:51 . 2008-04-14 00:12 43520 c:\windows\system32\racpldlg.dll
+ 2007-10-08 16:49 . 2008-04-14 00:12 19968 c:\windows\system32\qprocess.exe
- 2007-10-08 16:51 . 2004-08-04 12:00 18944 c:\windows\system32\qmgrprxy.dll
+ 2007-10-08 16:51 . 2008-04-14 00:12 18944 c:\windows\system32\qmgrprxy.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 34304 c:\windows\system32\pstorsvc.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 34304 c:\windows\system32\pstorsvc.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 43520 c:\windows\system32\pstorec.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 43520 c:\windows\system32\pstorec.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 96768 c:\windows\system32\psbase.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 96768 c:\windows\system32\psbase.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 23040 c:\windows\system32\psapi.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 23040 c:\windows\system32\psapi.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 50176 c:\windows\system32\proquota.exe
+ 2004-08-04 12:00 . 2008-04-14 00:12 50176 c:\windows\system32\proquota.exe
- 2004-08-04 12:00 . 2004-08-04 12:00 27648 c:\windows\system32\profmap.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 27648 c:\windows\system32\profmap.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 17408 c:\windows\system32\powrprof.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 17408 c:\windows\system32\powrprof.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 49152 c:\windows\system32\powercfg.exe
+ 2004-08-04 12:00 . 2008-04-14 00:12 49152 c:\windows\system32\powercfg.exe
+ 2004-08-04 12:00 . 2008-04-14 00:12 58880 c:\windows\system32\pnrpnsp.dll
+ 2004-08-04 12:00 . 2009-03-08 02:31 46592 c:\windows\system32\pngfilt.dll
+ 2004-08-04 00:56 . 2008-04-14 00:12 15360 c:\windows\system32\pjlmon.dll
- 2004-08-04 00:56 . 2004-08-04 12:00 15360 c:\windows\system32\pjlmon.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 17920 c:\windows\system32\ping.exe
- 2004-08-04 12:00 . 2004-08-04 12:00 17920 c:\windows\system32\ping.exe
+ 2004-08-04 12:00 . 2008-04-14 00:11 24064 c:\windows\system32\pidgen.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 24064 c:\windows\system32\pidgen.dll
+ 2004-08-04 00:56 . 2008-04-14 00:12 35328 c:\windows\system32\pid.dll
- 2004-08-04 00:56 . 2004-08-04 12:00 35328 c:\windows\system32\pid.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 34816 c:\windows\system32\perfproc.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 34816 c:\windows\system32\perfproc.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 25088 c:\windows\system32\perfos.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 25088 c:\windows\system32\perfos.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 17920 c:\windows\system32\perfnet.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 15872 c:\windows\system32\perfmon.exe
+ 2004-08-04 12:00 . 2008-04-14 00:12 15872 c:\windows\system32\perfmon.exe
- 2004-08-04 12:00 . 2004-08-04 12:00 26624 c:\windows\system32\perfdisk.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 26624 c:\windows\system32\perfdisk.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 39936 c:\windows\system32\perfctrs.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 39936 c:\windows\system32\perfctrs.dll
+ 2004-08-04 12:00 . 2009-12-08 23:01 63254 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2008-04-14 00:12 67584 c:\windows\system32\pautoenr.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 58368 c:\windows\system32\packager.exe
- 2004-08-04 12:00 . 2004-08-04 12:00 58368 c:\windows\system32\packager.exe
- 2004-08-04 12:00 . 2004-08-04 12:00 67584 c:\windows\system32\osuninst.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 67584 c:\windows\system32\osuninst.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 67584 c:\windows\system32\openfiles.exe
+ 2004-08-04 12:00 . 2008-04-14 00:12 67584 c:\windows\system32\openfiles.exe
+ 2007-10-08 16:51 . 2008-04-14 00:12 51200 c:\windows\system32\oobe\oobebaln.exe
- 2007-10-08 16:51 . 2004-08-04 12:00 51200 c:\windows\system32\oobe\oobebaln.exe
+ 2007-10-08 16:52 . 2008-04-14 00:12 29184 c:\windows\system32\oobe\msoobe.exe
+ 2007-10-08 16:51 . 2008-04-14 00:12 19456 c:\windows\system32\oobe\msobweb.dll
+ 2007-10-08 16:51 . 2008-04-14 00:12 30720 c:\windows\system32\oobe\msobshel.dll
- 2007-10-08 16:51 . 2004-08-04 12:00 30720 c:\windows\system32\oobe\msobshel.dll
- 2007-10-08 16:51 . 2004-08-04 12:00 16384 c:\windows\system32\oobe\msobdl.dll
+ 2007-10-08 16:51 . 2008-04-14 00:12 16384 c:\windows\system32\oobe\msobdl.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 84992 c:\windows\system32\olepro32.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 37376 c:\windows\system32\olecnv32.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 74752 c:\windows\system32\olecli32.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 20511 c:\windows\system32\odtext32.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 20511 c:\windows\system32\odtext32.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 20510 c:\windows\system32\odpdx32.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 20510 c:\windows\system32\odpdx32.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 20510 c:\windows\system32\odfox32.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 20510 c:\windows\system32\odfox32.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 20510 c:\windows\system32\odexl32.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 20510 c:\windows\system32\odexl32.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 20511 c:\windows\system32\oddbse32.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 20511 c:\windows\system32\oddbse32.dll
+ 2004-08-04 12:00 . 2008-04-13 17:26 12288 c:\windows\system32\odbcp32r.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 12288 c:\windows\system32\odbcp32r.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 53279 c:\windows\system32\odbcji32.dll
+ 2004-08-04 12:00 . 2008-04-14 00:10 53279 c:\windows\system32\odbcji32.dll
+ 2004-08-04 12:00 . 2008-04-13 17:26 94208 c:\windows\system32\odbcint.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 94208 c:\windows\system32\odbcint.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 65536 c:\windows\system32\odbccu32.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 65536 c:\windows\system32\odbccu32.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 65536 c:\windows\system32\odbccr32.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 65536 c:\windows\system32\odbccr32.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 69632 c:\windows\system32\odbcconf.exe
+ 2004-08-04 12:00 . 2008-04-14 00:12 69632 c:\windows\system32\odbcconf.exe
- 2004-08-04 12:00 . 2004-08-04 12:00 24576 c:\windows\system32\odbcbcp.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 24576 c:\windows\system32\odbcbcp.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 32768 c:\windows\system32\odbcad32.exe
+ 2004-08-04 12:00 . 2008-04-14 00:12 32768 c:\windows\system32\odbcad32.exe
+ 2004-08-04 12:00 . 2008-04-14 00:12 16384 c:\windows\system32\odbc32gt.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 16384 c:\windows\system32\odbc32gt.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 67584 c:\windows\system32\ocmanage.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 65536 c:\windows\system32\nwwks.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 64000 c:\windows\system32\nwapi32.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 15360 c:\windows\system32\ntvdmd.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 91136 c:\windows\system32\ntprint.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 91136 c:\windows\system32\ntprint.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 40960 c:\windows\system32\ntmsapi.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 40960 c:\windows\system32\ntmsapi.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 44032 c:\windows\system32\ntlanman.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 67072 c:\windows\system32\ntdsapi.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 67072 c:\windows\system32\ntdsapi.dll
- 2004-08-04 12:00 . 2004-08-04 12:00 76800 c:\windows\system32\nslookup.exe
+ 2004-08-04 12:00 . 2008-04-14 00:12 76800 c:\windows\system32\nslookup.exe
- 2004-08-04 12:00 . 2004-08-04 12:00 54784

#4 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,523 posts

Posted 10 December 2009 - 02:47 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.


[this is an automated reply]
This is an automated message. It does not count as help.

#5 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 11 December 2009 - 11:06 AM

Hi,
I'm nasdaq.


You are running the Combofix while your Antivirus is enabled.

AV: Eset NOD32 antivirus system 2.51 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active


Please disable NOD and scan again with ComboFix.

Your last Combofix was truncated. It's very long and exceeded the forum permitted length. Break it in two and post in your next two posts.
===

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingc...opic114351.html
===

Please download GMER from http://www2.gmer.net/tmp/gmer.exe

Close any open programs/windows!

Open the program and click on the Rootkit/Malware tab.

Make sure all the boxes on the right of the screen are checked, apart from 'Show All'.
Posted Image

Click on Scan (1).
Posted Image

When the scan has run click Copy (2) and paste the results (if any) into this thread.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#6 ritoun

ritoun

    Member

  • Full Member
  • Pip
  • 61 posts

Posted 12 December 2009 - 04:36 PM

Hi,
I'm nasdaq.


You are running the Combofix while your Antivirus is enabled.

AV: Eset NOD32 antivirus system 2.51 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active


Please disable NOD and scan again with ComboFix.

Your last Combofix was truncated. It's very long and exceeded the forum permitted length. Break it in two and post in your next two posts.
===

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingc...opic114351.html
===

Please download GMER from http://www2.gmer.net/tmp/gmer.exe

Close any open programs/windows!

Open the program and click on the Rootkit/Malware tab.

Make sure all the boxes on the right of the screen are checked, apart from 'Show All'.
Posted Image

Click on Scan (1).
Posted Image

When the scan has run click Copy (2) and paste the results (if any) into this thread.



#7 ritoun

ritoun

    Member

  • Full Member
  • Pip
  • 61 posts

Posted 12 December 2009 - 04:37 PM

ComboFix 09-12-08.04 - Aharon 12/12/2009 23:20:03.4.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.2047.1405 [GMT 2:00]
Running from: c:\documents and settings\Aharon\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2009-11-12 to 2009-12-12 )))))))))))))))))))))))))))))))
.

2009-12-08 21:14 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2009-12-08 21:13 . 2009-10-29 07:45 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-08 21:13 . 2009-10-29 07:45 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-08 21:13 . 2009-10-29 07:45 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-12-08 21:13 . 2009-10-29 07:45 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-08 21:13 . 2009-10-29 07:45 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-12-08 21:13 . 2009-10-29 07:45 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-12-08 19:13 . 2007-12-30 03:01 307200 ----a-w- c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe
2009-12-08 19:13 . 2007-12-30 03:01 172032 ----a-w- c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe
2009-12-08 19:13 . 2007-12-30 03:01 90112 ----a-w- c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
2009-12-08 12:38 . 2009-12-08 12:38 1962544 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-12-08 12:01 . 2009-12-08 12:56 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-12-08 11:09 . 2009-12-08 11:09 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-12-08 11:01 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-12-08 10:15 . 2004-08-04 12:00 403 -c----w- c:\windows\system32\dllcache\npdrmv2.zip
2009-12-08 10:15 . 2004-08-04 12:00 22060 -c----w- c:\windows\system32\dllcache\npds.zip
2009-12-08 10:15 . 2009-07-31 08:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2009-12-08 10:15 . 2008-04-13 17:27 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2009-12-08 10:14 . 2008-04-14 00:11 81920 ------w- c:\windows\system32\ieencode.dll
2009-12-08 10:14 . 2008-04-14 00:12 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2009-12-08 07:17 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-12-08 07:13 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-12-08 07:12 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-12-08 07:12 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-12-08 07:12 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-12-08 07:12 . 2009-06-25 08:25 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-12-08 07:12 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-12-08 07:12 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-12-08 07:12 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-12-08 07:12 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-12-08 07:12 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-12-08 07:12 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-12-08 07:08 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-12-08 07:08 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-12-08 07:08 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-12-08 07:07 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-12-08 07:07 . 2009-08-04 15:13 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-08 07:07 . 2009-08-04 14:20 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-08 07:07 . 2009-08-04 14:20 2066048 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-08 07:06 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-08 01:12 . 2009-06-30 07:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-12-08 01:12 . 2009-12-08 01:12 -------- d-----w- c:\program files\Panda Security
2009-12-07 19:49 . 2009-12-07 20:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-07 19:49 . 2009-12-07 20:03 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-07 17:41 . 2009-12-07 17:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-12-07 12:21 . 2008-04-14 00:09 315455 -c--a-w- c:\windows\system32\dllcache\imskf.dll
2009-12-07 11:58 . 2004-08-04 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-12-07 11:58 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2009-12-07 11:58 . 2004-08-04 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-12-07 11:58 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-12-07 09:44 . 2004-08-04 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2009-11-22 22:11 . 2009-11-22 22:11 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-22 21:00 . 2009-11-22 21:00 -------- d-----w- c:\program files\MPIO
2009-11-19 21:39 . 2009-11-19 21:39 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\SLICKHOUND
2009-11-19 10:42 . 2009-11-19 10:42 -------- d-----w- c:\program files\Xmarks
2009-11-16 21:25 . 2009-10-20 11:33 103424 ----a-w- c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-11-16 21:25 . 2009-10-20 11:33 545280 ----a-w- c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-11-16 21:25 . 2009-10-20 11:33 4716544 ----a-w- c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\piclens@cooliris.com\components\cooliris.dll
2009-11-16 21:25 . 2009-10-20 11:33 344064 ----a-w- c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-11-16 21:25 . 2009-10-20 11:33 153600 ----a-w- c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2009-11-15 13:18 . 2009-11-16 07:20 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-15 13:16 . 2009-11-15 13:16 -------- d-----w- c:\program files\Microsoft
2009-11-13 10:34 . 2009-11-13 10:34 -------- d-----w- c:\program files\eMule

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-12 21:18 . 2007-10-09 00:04 -------- d-----w- c:\program files\ESET
2009-12-12 21:15 . 2007-10-09 19:09 25045 ----a-w- c:\windows\system32\tablet.dat
2009-12-10 22:25 . 2009-03-09 10:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-12-08 10:46 . 2007-10-08 21:16 364648 ----a-w- c:\documents and settings\Aharon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-07 12:18 . 2007-10-08 16:50 22764 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-07 11:17 . 2009-12-07 11:17 8 ----a-w- c:\windows\system32\config\systemprofile\Application Data\fvgqad.dat
2009-12-07 11:17 . 2009-12-07 11:17 8 ----a-w- c:\documents and settings\Aharon\Application Data\fvgqad.dat
2009-12-07 11:15 . 2009-08-25 12:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-07 11:15 . 2009-09-14 15:24 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-07 09:56 . 2009-12-07 09:56 16 ----a-w- c:\documents and settings\NetworkService\Application Data\fvgqad.dat
2009-12-07 01:18 . 2009-12-07 01:18 16 ----a-w- c:\documents and settings\LocalService\Application Data\fvgqad.dat
2009-12-07 01:18 . 2009-12-07 01:18 4 ----a-w- c:\documents and settings\Aharon\Application Data\avdrn.dat
2009-12-05 19:52 . 2007-10-08 19:46 -------- d-----w- c:\documents and settings\Aharon\Application Data\U3
2009-12-03 15:27 . 2007-10-09 21:33 -------- d-----w- c:\documents and settings\Aharon\Application Data\Canon
2009-12-03 14:14 . 2009-08-25 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 14:13 . 2009-08-25 12:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-01 16:29 . 2009-03-22 17:49 -------- d-----w- c:\program files\Allway Sync
2009-12-01 10:17 . 2007-11-22 09:07 -------- d-----w- c:\program files\Google
2009-11-26 21:16 . 2008-03-11 12:27 -------- d-----w- c:\documents and settings\Aharon\Application Data\Skype
2009-11-24 15:52 . 2009-08-24 13:39 -------- d-----w- c:\program files\SLICKHOUND
2009-11-23 17:28 . 2009-02-22 13:54 -------- d-----w- c:\program files\KeePass Password Safe
2009-11-23 12:30 . 2008-03-04 07:41 -------- d-----w- c:\program files\Windows Live
2009-11-22 21:00 . 2007-10-08 19:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-21 15:51 . 2004-08-04 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-15 09:15 . 2007-10-14 16:39 -------- d-----w- c:\program files\HishKal
2009-11-12 13:20 . 2009-11-12 13:20 79488 ----a-w- c:\documents and settings\Aharon\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-10 22:28 . 2009-11-10 22:28 247280 ----a-w- c:\documents and settings\Aharon\Application Data\Mozilla\plugins\npgoogletalk.dll
2009-11-02 18:42 . 2009-10-12 07:51 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 10:53 . 2009-10-29 10:53 -------- d-----w- c:\program files\GENIUS TABLET
2009-10-29 10:50 . 2009-10-27 10:59 88 --sha-r- c:\windows\system32\02B752B3C4.sys
2009-10-29 10:50 . 2009-10-27 10:59 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-10-29 10:49 . 2009-10-29 10:49 -------- d-----w- c:\program files\PENSUITEPRO
2009-10-29 07:45 . 2004-08-04 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-10-27 12:16 . 2009-10-27 12:16 -------- d-----w- c:\documents and settings\Aharon\Application Data\Doit.im.2A4FBC65A8766CA36EFEAC67D621E1CEDF0FC84D.1
2009-10-27 12:16 . 2009-10-27 12:16 -------- d-----w- c:\program files\Doit.im
2009-10-27 12:16 . 2009-03-08 15:29 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-10-27 12:11 . 2009-12-07 17:40 38208 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-10-27 12:11 . 2009-10-27 12:16 38208 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-10-27 10:59 . 2007-10-09 21:06 -------- d-----w- c:\documents and settings\Aharon\Application Data\Corel
2009-10-27 09:02 . 2009-10-27 09:01 -------- d-----w- c:\program files\Microsoft IntelliPoint
2009-10-27 09:01 . 2009-10-27 09:01 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2009-10-27 08:55 . 2009-10-27 08:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2009-10-27 08:55 . 2007-10-09 20:52 -------- d-----w- c:\program files\Corel
2009-10-21 05:38 . 2004-08-04 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2004-08-04 12:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-04 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-12-09_10.02.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-12 21:15 . 2009-12-12 21:15 16384 c:\windows\Temp\Perflib_Perfdata_164.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1b03039f-30ec-499c-a235-3a12b105a37e}"= "c:\program files\SLICKHOUND\tbSLI1.dll" [2009-11-24 2166296]

[HKEY_CLASSES_ROOT\clsid\{1b03039f-30ec-499c-a235-3a12b105a37e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1b03039f-30ec-499c-a235-3a12b105a37e}]
2009-11-24 15:52 2166296 ----a-w- c:\program files\SLICKHOUND\tbSLI1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1b03039f-30ec-499c-a235-3a12b105a37e}"= "c:\program files\SLICKHOUND\tbSLI1.dll" [2009-11-24 2166296]

[HKEY_CLASSES_ROOT\clsid\{1b03039f-30ec-499c-a235-3a12b105a37e}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1B03039F-30EC-499C-A235-3A12B105A37E}"= "c:\program files\SLICKHOUND\tbSLI1.dll" [2009-11-24 2166296]

[HKEY_CLASSES_ROOT\clsid\{1b03039f-30ec-499c-a235-3a12b105a37e}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2009-05-22 16:21 139264 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2009-05-22 16:21 139264 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2009-05-22 16:21 139264 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2009-05-22 16:21 139264 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Google Update"="c:\documents and settings\Aharon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-01-05 133104]
"Copernic Desktop Search - Home"="c:\program files\Copernic Desktop Search 2\DesktopSearchService.exe" [2009-03-19 1602048]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
"Xmarks"="c:\program files\Xmarks\IE Extension\xmarkssync.exe" [2009-11-12 1007616]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"nwiz"="nwiz.exe" [2007-05-10 1626112]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-18 188416]
"Omnipage"="c:\program files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 49152]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 624248]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-21 1501064]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]
"WTClient"="WTClient.exe" [2007-04-11 40960]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-10 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-10 8429568]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2007-02-03 430080]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

c:\documents and settings\Aharon\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-17 113664]
Netvision Cable Connect.url [2009-11-10 97]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Aharon^Start Menu^Programs^Startup^siszyd32.exe]
path=c:\documents and settings\Aharon\Start Menu\Programs\Startup\siszyd32.exe
backup=c:\windows\pss\siszyd32.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TabUserW.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk
backup=c:\windows\pss\TabUserW.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
2007-03-21 16:23 1953792 ----a-r- c:\windows\system32\xRaidSetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EZEHM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 18:43 69632 ----a-r- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-01-03 13:54 486856 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ginipic]
2009-02-07 17:17 159232 ----a-w- c:\program files\Ginipic\Ginipic.Bootstrapper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-03-30 07:36 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2007-03-20 14:36 36864 ----a-r- c:\windows\RaidTool\xInsIDE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-05-10 22:03 8429568 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-03-28 20:37 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-03-21 14:49 16126464 ----a-r- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-09 15:03 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Documents and Settings\\Aharon\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Aharon\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [08/12/2009 03:12 28552]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [04/11/2006 03:19 13592]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [08/10/2007 21:47 38656]
R3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\drivers\PTSimBus.sys [07/06/2007 19:16 18944]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16/01/2008 17:18 715248]
S2 gupdate1c9a0a1bbf2215a;שירות Google Update (gupdate1c9a0a1bbf2215a);c:\program files\Google\Update\GoogleUpdate.exe [09/03/2009 12:28 133104]
S3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\drivers\PTSimHid.sys [23/04/2007 17:28 10752]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.nana.co.il
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
FF - ProfilePath - c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\piclens@cooliris.com\components\cooliris.dll
FF - plugin: c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\Aharon\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Aharon\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-12 23:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3036)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE\ophook32.dll
c:\program files\SugarSync\SugarSyncShellExt.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-12-12 23:30:49
ComboFix-quarantined-files.txt 2009-12-12 21:30
ComboFix2.txt 2009-12-09 10:05
ComboFix3.txt 2009-12-07 22:04
ComboFix4.txt 2009-12-07 19:29

Pre-Run: 36,225,568,768 bytes free
Post-Run: 36,235,108,352 bytes free

Current=3 Default=3 Failed=0 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
- - End Of File - - 69CD3098B6ECBB8AA7ABD75EED9370F4

#8 ritoun

ritoun

    Member

  • Full Member
  • Pip
  • 61 posts

Posted 12 December 2009 - 06:06 PM

Hi Nasdaq and thanks for helping.

I just posted the combo log you asked for. I had to remove Nod since for some reason, even after following the instructions you sent a link to, continue to interfere with combofix... Maybe because it was V2... I think I will install avira antivir instead - do you think it's a good idea?

Now here 's a part of the Gmer log. SInce it takes awfully long, I will run it during the night and se if it finds something else. So in the meantime:

GMER 1.0.15.15279 - http://www.gmer.net
Rootkit scan 2009-12-13 00:58:17
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Aharon\LOCALS~1\Temp\axrciuow.sys


---- System - GMER 1.0.15 ----

Code \??\C:\DOCUME~1\Aharon\LOCALS~1\Temp\catchme.sys pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB932D380, 0x2F2FC7, 0xE8000020]
? C:\WINDOWS\system32\drivers\amon.sys The system cannot find the file specified. !
? C:\DOCUME~1\Aharon\LOCALS~1\Temp\catchme.sys The system cannot find the file specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs amon.sys
AttachedDevice \FileSystem\Fastfat \Fat amon.sys

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5C 0xA6 0xE3 0xB2 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE9 0x9C 0xE2 0x18 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC8 0x6C 0xC4 0x52 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5C 0xA6 0xE3 0xB2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE9 0x9C 0xE2 0x18 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC8 0x6C 0xC4 0x52 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5C 0xA6 0xE3 0xB2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE9 0x9C 0xE2 0x18 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC8 0x6C 0xC4 0x52 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5C 0xA6 0xE3 0xB2 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE9 0x9C 0xE2 0x18 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC8 0x6C 0xC4 0x52 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5C 0xA6 0xE3 0xB2 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE9 0x9C 0xE2 0x18 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC8 0x6C 0xC4 0x52 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5C 0xA6 0xE3 0xB2 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE9 0x9C 0xE2 0x18 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC8 0x6C 0xC4 0x52 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5C 0xA6 0xE3 0xB2 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE9 0x9C 0xE2 0x18 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC8 0x6C 0xC4 0x52 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5C 0xA6 0xE3 0xB2 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE9 0x9C 0xE2 0x18 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC8 0x6C 0xC4 0x52 ...

#9 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 13 December 2009 - 04:45 PM

I just posted the combo log you asked for. I had to remove Nod since for some reason, even after following the instructions you sent a link to, continue to interfere with combofix... Maybe because it was V2... I think I will install avira antivir instead - do you think it's a good idea?


NOD is as good as any other Antivirus program. Keep it up to date.

Nothing suspicious was found on your your logs.

What problem persists?
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#10 ritoun

ritoun

    Member

  • Full Member
  • Pip
  • 61 posts

Posted 13 December 2009 - 06:23 PM

I just posted the combo log you asked for. I had to remove Nod since for some reason, even after following the instructions you sent a link to, continue to interfere with combofix... Maybe because it was V2... I think I will install avira antivir instead - do you think it's a good idea?


NOD is as good as any other Antivirus program. Keep it up to date.

Nothing suspicious was found on your your logs.

What problem persists?



#11 ritoun

ritoun

    Member

  • Full Member
  • Pip
  • 61 posts

Posted 13 December 2009 - 06:25 PM

Actually, no problem persists.
But I was certain that after that mega infection my PC was still infected.
Happy to know I was wrong...
Thanks a lot for your time and advice!
I wish you loads of good things!

#12 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 14 December 2009 - 09:03 AM

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#13 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 28 December 2009 - 10:05 AM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button