• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
ritoun

Super infection!

13 posts in this topic

Hi there,

 

My Nod 32 warned me about a few viruses yesterday, I thought it was nothing more than usual. But when I restarted this morning, wooooow! after a few secs of the Windows screen, very short blue screen and restart, and again and again... No way to start in safe mode either... I used a windows disc to Repair. but as soon as connected to the net, bredolab.aa warning, a few others, atapi.sys, wigon.mmtrojan and other stuff I didn't note. Then windows froze, restart, and re-blue screen etc. I understood it came from the net connection so unplugged and it worked fine, tried malware byte, scan with Nod etc. Everything seemd fine, until I replugged to the net: rigth away, bredolab. I unpplugged, managed to get here, instaled combofix.

Here is the log, and Hijjack this follows.

 

ComboFix 09-12-06.A3 - Aharon 12/07/2009 21:13.1.4 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.972.1033.18.1023.480 [GMT 2:00]

Running from: c:\documents and settings\Aharon\Desktop\ComboFix.exe

AV: Eset NOD32 antivirus system 2.51 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

* Resident AV is active

 

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\Aharon\Start Menu\Programs\Startup\siszyd32.exe

c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

c:\windows\system32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd

c:\windows\system32\twain_32.dll

G:\Autorun.inf

 

.

((((((((((((((((((((((((( Files Created from 2009-11-07 to 2009-12-07 )))))))))))))))))))))))))))))))

.

 

2009-12-07 17:41 . 2009-12-07 17:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2009-12-07 12:21 . 2004-08-04 12:00 8704 -c--a-w- c:\windows\system32\dllcache\infoctrs.dll

2009-12-07 11:58 . 2004-08-04 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll

2009-12-07 11:58 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll

2009-12-07 11:58 . 2004-08-04 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll

2009-12-07 11:58 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll

2009-12-07 09:44 . 2004-08-04 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe

2009-12-07 09:44 . 2004-08-04 12:00 32768 -c--a-w- c:\windows\system32\dllcache\icwdl.dll

2009-12-07 09:44 . 2004-08-04 12:00 86016 -c--a-w- c:\windows\system32\dllcache\icwconn2.exe

2009-12-07 09:44 . 2004-08-04 12:00 214528 -c--a-w- c:\windows\system32\dllcache\icwconn1.exe

2009-12-07 09:44 . 2004-08-04 12:00 20480 -c--a-w- c:\windows\system32\dllcache\inetwiz.exe

2009-11-22 22:11 . 2009-11-22 22:11 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-11-22 21:00 . 2009-11-22 21:00 -------- d-----w- c:\program files\MPIO

2009-11-19 21:39 . 2009-11-19 21:39 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\SLICKHOUND

2009-11-19 10:42 . 2009-11-19 10:42 -------- d-----w- c:\program files\Xmarks

2009-11-19 10:28 . 2008-02-17 15:16 90112 ----a-w- c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll

2009-11-19 10:28 . 2007-12-28 09:15 172032 ----a-w- c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe

2009-11-19 10:28 . 2007-10-07 23:57 307200 ----a-w- c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe

2009-11-16 21:25 . 2009-10-20 11:33 103424 ----a-w- c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\piclens@cooliris.com\libs\pixomatic.dll

2009-11-16 21:25 . 2009-10-20 11:33 545280 ----a-w- c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe

2009-11-16 21:25 . 2009-10-20 11:33 4716544 ----a-w- c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\piclens@cooliris.com\components\cooliris.dll

2009-11-16 21:25 . 2009-10-20 11:33 344064 ----a-w- c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe

2009-11-16 21:25 . 2009-10-20 11:33 153600 ----a-w- c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll

2009-11-15 13:18 . 2009-11-16 07:20 -------- d-----w- c:\program files\Microsoft Silverlight

2009-11-15 13:16 . 2009-11-15 13:16 -------- d-----w- c:\program files\Microsoft

2009-11-13 10:34 . 2009-11-13 10:34 -------- d-----w- c:\program files\eMule

2009-11-12 13:20 . 2009-11-12 13:20 79488 ----a-w- c:\documents and settings\Aharon\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

2009-11-10 22:28 . 2009-11-10 22:28 247280 ----a-w- c:\documents and settings\Aharon\Application Data\Mozilla\plugins\npgoogletalk.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-07 19:22 . 2009-03-09 10:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater

2009-12-07 19:22 . 2007-10-09 19:09 25045 ----a-w- c:\windows\system32\tablet.dat

2009-12-07 17:59 . 2009-12-07 17:59 4706 ----a-w- c:\windows\system32\PerfStringBackup.TMP

2009-12-07 12:30 . 2007-10-08 21:16 364648 ----a-w- c:\documents and settings\Aharon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-12-07 12:18 . 2007-10-08 16:50 22764 ----a-w- c:\windows\system32\emptyregdb.dat

2009-12-07 11:17 . 2009-12-07 11:17 8 ----a-w- c:\windows\system32\config\systemprofile\Application Data\fvgqad.dat

2009-12-07 11:17 . 2009-12-07 11:17 8 ----a-w- c:\documents and settings\Aharon\Application Data\fvgqad.dat

2009-12-07 11:15 . 2009-08-25 12:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-12-07 11:15 . 2009-09-14 15:24 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-12-07 09:56 . 2009-12-07 09:56 16 ----a-w- c:\documents and settings\NetworkService\Application Data\fvgqad.dat

2009-12-07 01:18 . 2009-12-07 01:18 16 ----a-w- c:\documents and settings\LocalService\Application Data\fvgqad.dat

2009-12-07 01:18 . 2009-12-07 01:18 4 ----a-w- c:\documents and settings\Aharon\Application Data\avdrn.dat

2009-12-05 19:52 . 2007-10-08 19:46 -------- d-----w- c:\documents and settings\Aharon\Application Data\U3

2009-12-03 15:27 . 2007-10-09 21:33 -------- d-----w- c:\documents and settings\Aharon\Application Data\Canon

2009-12-03 14:14 . 2009-08-25 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-03 14:13 . 2009-08-25 12:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-03 10:23 . 2009-12-07 11:22 195228 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat

2009-12-01 16:29 . 2009-03-22 17:49 -------- d-----w- c:\program files\Allway Sync

2009-12-01 10:17 . 2007-11-22 09:07 -------- d-----w- c:\program files\Google

2009-11-26 21:16 . 2008-03-11 12:27 -------- d-----w- c:\documents and settings\Aharon\Application Data\Skype

2009-11-24 15:52 . 2009-08-24 13:39 -------- d-----w- c:\program files\SLICKHOUND

2009-11-23 17:28 . 2009-02-22 13:54 -------- d-----w- c:\program files\KeePass Password Safe

2009-11-23 12:30 . 2008-03-04 07:41 -------- d-----w- c:\program files\Windows Live

2009-11-22 21:00 . 2007-10-08 19:47 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-11-15 09:15 . 2007-10-14 16:39 -------- d-----w- c:\program files\HishKal

2009-11-02 18:42 . 2009-10-12 07:51 195456 ----a-w- c:\windows\system32\MpSigStub.exe

2009-10-29 10:53 . 2009-10-29 10:53 -------- d-----w- c:\program files\GENIUS TABLET

2009-10-29 10:50 . 2009-10-27 10:59 88 --sha-r- c:\windows\system32\02B752B3C4.sys

2009-10-29 10:50 . 2009-10-27 10:59 848 --sha-w- c:\windows\system32\KGyGaAvL.sys

2009-10-29 10:49 . 2009-10-29 10:49 -------- d-----w- c:\program files\PENSUITEPRO

2009-10-27 12:16 . 2009-10-27 12:16 -------- d-----w- c:\documents and settings\Aharon\Application Data\Doit.im.2A4FBC65A8766CA36EFEAC67D621E1CEDF0FC84D.1

2009-10-27 12:16 . 2009-10-27 12:16 -------- d-----w- c:\program files\Doit.im

2009-10-27 12:16 . 2009-03-08 15:29 -------- d-----w- c:\program files\Common Files\Adobe AIR

2009-10-27 12:11 . 2009-12-07 17:40 38208 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2009-10-27 12:11 . 2009-10-27 12:16 38208 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2009-10-27 10:59 . 2007-10-09 21:06 -------- d-----w- c:\documents and settings\Aharon\Application Data\Corel

2009-10-27 09:02 . 2009-10-27 09:01 -------- d-----w- c:\program files\Microsoft IntelliPoint

2009-10-27 09:01 . 2009-10-27 09:01 -------- d-----w- c:\program files\Microsoft IntelliType Pro

2009-10-27 08:55 . 2009-10-27 08:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel

2009-10-27 08:55 . 2007-10-09 20:52 -------- d-----w- c:\program files\Corel

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{1b03039f-30ec-499c-a235-3a12b105a37e}"= "c:\program files\SLICKHOUND\tbSLI1.dll" [2009-11-24 2166296]

 

[HKEY_CLASSES_ROOT\clsid\{1b03039f-30ec-499c-a235-3a12b105a37e}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1b03039f-30ec-499c-a235-3a12b105a37e}]

2009-11-24 15:52 2166296 ----a-w- c:\program files\SLICKHOUND\tbSLI1.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{1b03039f-30ec-499c-a235-3a12b105a37e}"= "c:\program files\SLICKHOUND\tbSLI1.dll" [2009-11-24 2166296]

 

[HKEY_CLASSES_ROOT\clsid\{1b03039f-30ec-499c-a235-3a12b105a37e}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{1B03039F-30EC-499C-A235-3A12B105A37E}"= "c:\program files\SLICKHOUND\tbSLI1.dll" [2009-11-24 2166296]

 

[HKEY_CLASSES_ROOT\clsid\{1b03039f-30ec-499c-a235-3a12b105a37e}]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]

@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"

[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]

2009-05-22 16:21 139264 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]

@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"

[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]

2009-05-22 16:21 139264 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]

@="{A759AFF6-5851-457D-A540-F4ECED148351}"

[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]

2009-05-22 16:21 139264 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]

@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"

[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]

2009-05-22 16:21 139264 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

"Google Update"="c:\documents and settings\Aharon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-01-05 133104]

"Copernic Desktop Search - Home"="c:\program files\Copernic Desktop Search 2\DesktopSearchService.exe" [2009-03-19 1602048]

"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]

"Xmarks"="c:\program files\Xmarks\IE Extension\xmarkssync.exe" [2009-11-12 1007616]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]

"nwiz"="nwiz.exe" [2007-05-10 1626112]

"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-10-09 921600]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-18 188416]

"Omnipage"="c:\program files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 49152]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 624248]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-21 1501064]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]

"WTClient"="WTClient.exe" [2007-04-11 40960]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-10 81920]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-10 8429568]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2007-02-03 430080]

"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

 

c:\documents and settings\Aharon\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-17 113664]

Netvision Cable Connect.url [2009-11-10 97]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKLM\~\startupfolder\C:^Documents and Settings^Aharon^Start Menu^Programs^Startup^siszyd32.exe]

path=c:\documents and settings\Aharon\Start Menu\Programs\Startup\siszyd32.exe

backup=c:\windows\pss\siszyd32.exeStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TabUserW.exe.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk

backup=c:\windows\pss\TabUserW.exe.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]

2007-03-21 16:23 1953792 ----a-r- c:\windows\system32\xRaidSetup.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EZEHM]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2005-05-03 18:43 69632 ----a-r- c:\windows\Alcmtr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2008-01-03 13:54 486856 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ginipic]

2009-02-07 17:17 159232 ----a-w- c:\program files\Ginipic\Ginipic.Bootstrapper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2008-03-30 07:36 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]

2007-03-20 14:36 36864 ----a-r- c:\windows\RaidTool\xInsIDE.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2007-05-10 22:03 8429568 ----a-w- c:\windows\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2008-03-28 20:37 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2007-03-21 14:49 16126464 ----a-r- c:\windows\RTHDCPL.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-03-09 15:03 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=

"c:\\Program Files\\ICQ6\\ICQ.exe"=

"c:\\Documents and Settings\\Aharon\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=

"c:\\Documents and Settings\\Aharon\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server

"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server

"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server

"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

 

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [04/11/2006 03:19 13592]

R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [08/10/2007 21:47 38656]

R3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\drivers\PTSimBus.sys [07/06/2007 19:16 18944]

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16/01/2008 17:18 715248]

S3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\drivers\PTSimHid.sys [23/04/2007 17:28 10752]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.nana.co.il

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

FF - ProfilePath - c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - component: c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll

FF - component: c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\piclens@cooliris.com\components\cooliris.dll

FF - plugin: c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll

FF - plugin: c:\documents and settings\Aharon\Application Data\Mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\Aharon\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

.

- - - - ORPHANS REMOVED - - - -

 

HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

AddRemove-Adobe SVG Viewer - c:\program files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fc:\program files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log

AddRemove-Resco Audio Recorder - c:\windows\RSetupCE.exe -uninstc:\program files\Resco\Audio Recorder\_Install.log

AddRemove-_{05D60953-9012-44DF-A1A6-9DD97AD6580A} - c:\program files\Corel\Corel Painter X\MSILauncher {05D60953-9012-44DF-A1A6-9DD97AD6580A}

 

 

 

**************************************************************************

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files:

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'explorer.exe'(2116)

c:\program files\ScanSoft\OmniPageSE\ophook32.dll

c:\program files\SugarSync\SugarSyncShellExt.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll

c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL

c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_heb.nlr

c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr

c:\program files\WinSCP\DragExt.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\crypserv.exe

c:\program files\FolderSize\FolderSizeSvc.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Eset\nod32krn.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\Tablet.exe

c:\windows\System32\Drivers\WTSRV.EXE

c:\windows\system32\WTClient.exe

c:\windows\system32\RUNDLL32.EXE

c:\windows\system32\WISPTIS.EXE

c:\progra~1\MICROS~3\rapimgr.exe

c:\program files\PC Connectivity Solution\ServiceLayer.exe

c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe

c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe

.

**************************************************************************

.

Completion time: 2009-12-07 21:29 - machine was rebooted

ComboFix-quarantined-files.txt 2009-12-07 19:28

 

Pre-Run: 38,977,994,752 bytes free

Post-Run: 38,986,883,072 bytes free

 

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

Current=3 Default=3 Failed=0 LastKnownGood=7 Sets=1,2,3,4,5,6,7

- - End Of File - - 341CF4AE698BFF616AE508EF91BFB947

 

 

Hijackthis log:

Logfile of HijackThis v1.99.1

Scan saved at 21:41:38, on 07/12/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\crypserv.exe

C:\Program Files\FolderSize\FolderSizeSvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Tablet.exe

C:\WINDOWS\System32\Drivers\WTSRV.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Google\Gmail Notifier\gnotify.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\WINDOWS\system32\WTClient.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\WISPTIS.EXE

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe

C:\PROGRA~1\MICROS~3\rapimgr.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Program Files\Xmarks\IE Extension\xmarkssync.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Mozilla Firefox\firefox.exe

D:\My Documents\spyware info\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nana.co.il

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: SLICKHOUND Toolbar - {1b03039f-30ec-499c-a235-3a12b105a37e} - C:\Program Files\SLICKHOUND\tbSLI1.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SLICKHOUND Toolbar - {1b03039f-30ec-499c-a235-3a12b105a37e} - C:\Program Files\SLICKHOUND\tbSLI1.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Copernic Desktop Search - Home Toolbar - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - C:\Program Files\Copernic Desktop Search 2\Toolbar\ToolbarContainer101000311.dll

O3 - Toolbar: SLICKHOUND Toolbar - {1b03039f-30ec-499c-a235-3a12b105a37e} - C:\Program Files\SLICKHOUND\tbSLI1.dll

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [WTClient] WTClient.exe

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Aharon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [Copernic Desktop Search - Home] "C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [Xmarks] C:\Program Files\Xmarks\IE Extension\xmarkssync.exe -q

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Netvision Cable Connect.url

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {638F11AA-DF27-433b-BA2E-7281CE561D71} - C:\Program Files\Xmarks\IE Extension\xmarkssync.exe (HKCU)

O9 - Extra 'Tools' menuitem: Xmarks for IE... - {638F11AA-DF27-433b-BA2E-7281CE561D71} - C:\Program Files\Xmarks\IE Extension\xmarkssync.exe (HKCU)

O9 - Extra button: iSiloX Clipper - {C86027A6-12A1-4298-B6EA-A42AC6EE6C7C} - C:\Program Files\iSilo\iSiloX\iSiloXIE.dll (HKCU)

O9 - Extra 'Tools' menuitem: iSiloX Clipper... - {C86027A6-12A1-4298-B6EA-A42AC6EE6C7C} - C:\Program Files\iSilo\iSiloX\iSiloXIE.dll (HKCU)

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Version Cue CS3 - Unknown owner - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -win32service (file missing)

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe

O23 - Service: ????? Google Update (gupdate1c9a0a1bbf2215a) (gupdate1c9a0a1bbf2215a) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE

 

Thanks for helping me, wonderful people out there! What do I do now?

Share this post


Link to post
Share on other sites

oops, my hijack was oldish... Here's the one withe current version, sry.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 03:00:03, on 08/12/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\crypserv.exe

C:\Program Files\FolderSize\FolderSizeSvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Tablet.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Google\Gmail Notifier\gnotify.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\WINDOWS\system32\WTClient.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\WISPTIS.EXE

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\PROGRA~1\MICROS~3\rapimgr.exe

C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Program Files\Xmarks\IE Extension\xmarkssync.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\explorer.exe

C:\Program Files\CCleaner\CCleaner.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Aharon\Desktop\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nana.co.il

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: SLICKHOUND Toolbar - {1b03039f-30ec-499c-a235-3a12b105a37e} - C:\Program Files\SLICKHOUND\tbSLI1.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SLICKHOUND Toolbar - {1b03039f-30ec-499c-a235-3a12b105a37e} - C:\Program Files\SLICKHOUND\tbSLI1.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Copernic Desktop Search - Home Toolbar - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - C:\Program Files\Copernic Desktop Search 2\Toolbar\ToolbarContainer101000311.dll

O3 - Toolbar: SLICKHOUND Toolbar - {1b03039f-30ec-499c-a235-3a12b105a37e} - C:\Program Files\SLICKHOUND\tbSLI1.dll

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [WTClient] WTClient.exe

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Aharon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [Copernic Desktop Search - Home] "C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [Xmarks] C:\Program Files\Xmarks\IE Extension\xmarkssync.exe -q

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023 (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Netvision Cable Connect.url

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {638F11AA-DF27-433b-BA2E-7281CE561D71} - C:\Program Files\Xmarks\IE Extension\xmarkssync.exe (HKCU)

O9 - Extra 'Tools' menuitem: Xmarks for IE... - {638F11AA-DF27-433b-BA2E-7281CE561D71} - C:\Program Files\Xmarks\IE Extension\xmarkssync.exe (HKCU)

O9 - Extra button: iSiloX Clipper - {C86027A6-12A1-4298-B6EA-A42AC6EE6C7C} - C:\Program Files\iSilo\iSiloX\iSiloXIE.dll (HKCU)

O9 - Extra 'Tools' menuitem: iSiloX Clipper... - {C86027A6-12A1-4298-B6EA-A42AC6EE6C7C} - C:\Program Files\iSilo\iSiloX\iSiloXIE.dll (HKCU)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5B02A58C-632E-4D54-943B-550EBF2BEA41}: NameServer = 212.143.212.143 194.90.1.5

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe

O23 - Service: ????? Google Update (gupdate1c9a0a1bbf2215a) (gupdate1c9a0a1bbf2215a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE

 

--

End of file - 12774 bytes

Share this post


Link to post
Share on other sites

Hi there... nobody replied so I tried a few things in the meantime.

First, I saw somewhere that the issue with atapi.sys had to do with Daemon tools, which I disabled. Now my comp seems to work, and I see no sign of blue screen. But the Windows screen at the very beginning of start up remains long "greyed" (15 secs), then Windows actually begins. My comp is quite slow too.

Also, I don't know if it has to do with Windows Repair, but I had a lot of (70+) updates incl security updates from Windows Update.

SO I did install all of the updates, and I thought it might be a good idea to post new logs after all that process. So here they are:

 

Combofix:

ComboFix 09-12-08.04 - Aharon 12/09/2009 11:52:43.3.4 - x86

Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.1023.506 [GMT 2:00]

Running from: c:\documents and settings\Aharon\Desktop\ComboFix.exe

AV: Eset NOD32 antivirus system 2.51 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

* Resident AV is active

 

.

 

((((((((((((((((((((((((( Files Created from 2009-11-09 to 2009-12-09 )))))))))))))))))))))))))))))))

.

 

2009-12-08 21:14 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2009-12-08 21:13 . 2009-10-29 07:45 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2009-12-08 21:13 . 2009-10-29 07:45 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2009-12-08 21:13 . 2009-10-29 07:45 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2009-12-08 21:13 . 2009-10-29 07:45 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2009-12-08 21:13 . 2009-10-29 07:45 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

2009-12-08 21:13 . 2009-10-29 07:45 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll

2009-12-08 19:13 . 2007-12-30 03:01 307200 ----a-w- c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe

2009-12-08 19:13 . 2007-12-30 03:01 172032 ----a-w- c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe

2009-12-08 19:13 . 2007-12-30 03:01 90112 ----a-w- c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll

2009-12-08 12:38 . 2009-12-08 12:38 1962544 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe

2009-12-08 12:01 . 2009-12-08 12:56 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2009-12-08 11:09 . 2009-12-08 11:09 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2009-12-08 11:01 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll

2009-12-08 10:15 . 2004-08-04 12:00 403 -c----w- c:\windows\system32\dllcache\npdrmv2.zip

2009-12-08 10:15 . 2004-08-04 12:00 22060 -c----w- c:\windows\system32\dllcache\npds.zip

2009-12-08 10:15 . 2009-07-31 08:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll

2009-12-08 10:15 . 2008-04-13 17:27 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll

2009-12-08 10:14 . 2008-04-14 00:11 81920 ------w- c:\windows\system32\ieencode.dll

2009-12-08 10:14 . 2008-04-14 00:12 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe

2009-12-08 07:17 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys

2009-12-08 07:13 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll

2009-12-08 07:12 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe

2009-12-08 07:12 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll

2009-12-08 07:12 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll

2009-12-08 07:12 . 2009-06-25 08:25 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll

2009-12-08 07:12 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll

2009-12-08 07:12 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll

2009-12-08 07:12 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe

2009-12-08 07:12 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe

2009-12-08 07:12 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll

2009-12-08 07:12 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll

2009-12-08 07:08 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys

2009-12-08 07:08 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys

2009-12-08 07:08 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

2009-12-08 07:07 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll

2009-12-08 07:07 . 2009-08-04 15:13 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2009-12-08 07:07 . 2009-08-04 14:20 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2009-12-08 07:07 . 2009-08-04 14:20 2066048 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe

2009-12-08 07:06 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2009-12-08 01:12 . 2009-06-30 07:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys

2009-12-08 01:12 . 2009-12-08 01:12 -------- d-----w- c:\program files\Panda Security

2009-12-07 19:49 . 2009-12-07 20:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-12-07 19:49 . 2009-12-07 20:03 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-12-07 17:41 . 2009-12-07 17:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2009-12-07 12:21 . 2008-04-14 00:09 315455 -c--a-w- c:\windows\system32\dllcache\imskf.dll

2009-12-07 11:58 . 2004-08-04 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll

2009-12-07 11:58 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll

2009-12-07 11:58 . 2004-08-04 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll

2009-12-07 11:58 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll

2009-12-07 09:44 . 2004-08-04 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe

2009-11-22 22:11 . 2009-11-22 22:11 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-11-22 21:00 . 2009-11-22 21:00 -------- d-----w- c:\program files\MPIO

2009-11-19 21:39 . 2009-11-19 21:39 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\SLICKHOUND

2009-11-19 10:42 . 2009-11-19 10:42 -------- d-----w- c:\program files\Xmarks

2009-11-16 21:25 . 2009-10-20 11:33 103424 ----a-w- c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\piclens@cooliris.com\libs\pixomatic.dll

2009-11-16 21:25 . 2009-10-20 11:33 545280 ----a-w- c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe

2009-11-16 21:25 . 2009-10-20 11:33 4716544 ----a-w- c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\piclens@cooliris.com\components\cooliris.dll

2009-11-16 21:25 . 2009-10-20 11:33 344064 ----a-w- c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe

2009-11-16 21:25 . 2009-10-20 11:33 153600 ----a-w- c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll

2009-11-15 13:18 . 2009-11-16 07:20 -------- d-----w- c:\program files\Microsoft Silverlight

2009-11-15 13:16 . 2009-11-15 13:16 -------- d-----w- c:\program files\Microsoft

2009-11-13 10:34 . 2009-11-13 10:34 -------- d-----w- c:\program files\eMule

2009-11-12 13:20 . 2009-11-12 13:20 79488 ----a-w- c:\documents and settings\Aharon\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

2009-11-10 22:28 . 2009-11-10 22:28 247280 ----a-w- c:\documents and settings\Aharon\Application Data\Mozilla\plugins\npgoogletalk.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-09 05:14 . 2007-10-09 19:09 25045 ----a-w- c:\windows\system32\tablet.dat

2009-12-08 20:23 . 2009-03-09 10:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater

2009-12-08 10:46 . 2007-10-08 21:16 364648 ----a-w- c:\documents and settings\Aharon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-12-07 12:18 . 2007-10-08 16:50 22764 ----a-w- c:\windows\system32\emptyregdb.dat

2009-12-07 11:17 . 2009-12-07 11:17 8 ----a-w- c:\windows\system32\config\systemprofile\Application Data\fvgqad.dat

2009-12-07 11:17 . 2009-12-07 11:17 8 ----a-w- c:\documents and settings\Aharon\Application Data\fvgqad.dat

2009-12-07 11:15 . 2009-08-25 12:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-12-07 11:15 . 2009-09-14 15:24 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-12-07 09:56 . 2009-12-07 09:56 16 ----a-w- c:\documents and settings\NetworkService\Application Data\fvgqad.dat

2009-12-07 01:18 . 2009-12-07 01:18 16 ----a-w- c:\documents and settings\LocalService\Application Data\fvgqad.dat

2009-12-07 01:18 . 2009-12-07 01:18 4 ----a-w- c:\documents and settings\Aharon\Application Data\avdrn.dat

2009-12-05 19:52 . 2007-10-08 19:46 -------- d-----w- c:\documents and settings\Aharon\Application Data\U3

2009-12-03 15:27 . 2007-10-09 21:33 -------- d-----w- c:\documents and settings\Aharon\Application Data\Canon

2009-12-03 14:14 . 2009-08-25 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-03 14:13 . 2009-08-25 12:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-01 16:29 . 2009-03-22 17:49 -------- d-----w- c:\program files\Allway Sync

2009-12-01 10:17 . 2007-11-22 09:07 -------- d-----w- c:\program files\Google

2009-11-26 21:16 . 2008-03-11 12:27 -------- d-----w- c:\documents and settings\Aharon\Application Data\Skype

2009-11-24 15:52 . 2009-08-24 13:39 -------- d-----w- c:\program files\SLICKHOUND

2009-11-23 17:28 . 2009-02-22 13:54 -------- d-----w- c:\program files\KeePass Password Safe

2009-11-23 12:30 . 2008-03-04 07:41 -------- d-----w- c:\program files\Windows Live

2009-11-22 21:00 . 2007-10-08 19:47 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-11-21 15:51 . 2004-08-04 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll

2009-11-15 09:15 . 2007-10-14 16:39 -------- d-----w- c:\program files\HishKal

2009-11-02 18:42 . 2009-10-12 07:51 195456 ------w- c:\windows\system32\MpSigStub.exe

2009-10-29 10:53 . 2009-10-29 10:53 -------- d-----w- c:\program files\GENIUS TABLET

2009-10-29 10:50 . 2009-10-27 10:59 88 --sha-r- c:\windows\system32\02B752B3C4.sys

2009-10-29 10:50 . 2009-10-27 10:59 848 --sha-w- c:\windows\system32\KGyGaAvL.sys

2009-10-29 10:49 . 2009-10-29 10:49 -------- d-----w- c:\program files\PENSUITEPRO

2009-10-29 07:45 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2009-10-27 12:16 . 2009-10-27 12:16 -------- d-----w- c:\documents and settings\Aharon\Application Data\Doit.im.2A4FBC65A8766CA36EFEAC67D621E1CEDF0FC84D.1

2009-10-27 12:16 . 2009-10-27 12:16 -------- d-----w- c:\program files\Doit.im

2009-10-27 12:16 . 2009-03-08 15:29 -------- d-----w- c:\program files\Common Files\Adobe AIR

2009-10-27 12:11 . 2009-12-07 17:40 38208 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2009-10-27 12:11 . 2009-10-27 12:16 38208 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2009-10-27 10:59 . 2007-10-09 21:06 -------- d-----w- c:\documents and settings\Aharon\Application Data\Corel

2009-10-27 09:02 . 2009-10-27 09:01 -------- d-----w- c:\program files\Microsoft IntelliPoint

2009-10-27 09:01 . 2009-10-27 09:01 -------- d-----w- c:\program files\Microsoft IntelliType Pro

2009-10-27 08:55 . 2009-10-27 08:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel

2009-10-27 08:55 . 2007-10-09 20:52 -------- d-----w- c:\program files\Corel

2009-10-21 05:38 . 2004-08-04 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:38 . 2004-08-04 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-20 16:20 . 2004-08-04 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys

2009-10-13 10:30 . 2004-08-04 12:00 270336 ----a-w- c:\windows\system32\oakley.dll

2009-10-12 13:38 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\rastls.dll

2009-10-12 13:38 . 2004-08-04 12:00 79872 ----a-w- c:\windows\system32\raschap.dll

2009-09-11 14:18 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll

.

 

((((((((((((((((((((((((((((( SnapShot@2009-12-07_19.24.36 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-09-16 09:59 . 2008-04-14 00:12 57344 c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcirt.dll

+ 2009-12-08 10:14 . 2008-04-14 00:12 57344 c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcirt.dll

- 2008-09-16 09:59 . 2008-04-14 00:12 74802 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll

+ 2009-12-08 10:14 . 2008-04-14 00:12 74802 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 50688 c:\windows\twain_32.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 50688 c:\windows\twain_32.dll

+ 2009-12-09 06:15 . 2009-12-09 06:15 16384 c:\windows\Temp\Perflib_Perfdata_9c.dat

+ 2009-12-09 05:14 . 2009-12-09 05:14 16384 c:\windows\Temp\Perflib_Perfdata_178.dat

+ 2007-10-08 16:49 . 2008-04-14 00:12 11776 c:\windows\system32\xolehlp.dll

- 2007-10-08 16:49 . 2004-08-04 12:00 11776 c:\windows\system32\xolehlp.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 50176 c:\windows\system32\xmlprovi.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 50176 c:\windows\system32\xmlprovi.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 30720 c:\windows\system32\xcopy.exe

- 2004-08-04 12:00 . 2004-08-04 12:00 30720 c:\windows\system32\xcopy.exe

- 2004-08-04 12:00 . 2004-08-04 12:00 91648 c:\windows\system32\xactsrv.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 91648 c:\windows\system32\xactsrv.dll

+ 2004-08-04 00:56 . 2008-04-14 00:12 52736 c:\windows\system32\wzcsapi.dll

+ 2007-10-08 16:51 . 2009-08-06 17:24 35552 c:\windows\system32\wups.dll

+ 2007-10-08 16:51 . 2009-08-06 17:24 53472 c:\windows\system32\wuauclt.exe

- 2004-08-04 12:00 . 2004-08-04 12:00 18432 c:\windows\system32\wtsapi32.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 18432 c:\windows\system32\wtsapi32.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 50688 c:\windows\system32\wstdecod.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 50688 c:\windows\system32\wstdecod.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 22528 c:\windows\system32\wsock32.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 22528 c:\windows\system32\wsock32.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 41984 c:\windows\system32\wsnmp32.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 19456 c:\windows\system32\wshtcpip.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 11264 c:\windows\system32\wshrm.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 14336 c:\windows\system32\wship6.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 14336 c:\windows\system32\wship6.dll

+ 2004-08-04 12:00 . 2008-05-09 10:53 90112 c:\windows\system32\wshext.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 36864 c:\windows\system32\wshcon.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 80896 c:\windows\system32\wscsvc.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 13824 c:\windows\system32\wscntfy.exe

- 2004-08-04 12:00 . 2004-08-04 12:00 13824 c:\windows\system32\wscntfy.exe

- 2004-08-04 12:00 . 2004-08-04 12:00 19968 c:\windows\system32\ws2help.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 19968 c:\windows\system32\ws2help.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 82432 c:\windows\system32\ws2_32.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 11264 c:\windows\system32\wpnpinst.exe

- 2004-08-04 12:00 . 2004-08-04 12:00 32256 c:\windows\system32\wpabaln.exe

+ 2004-08-04 12:00 . 2008-04-14 00:12 32256 c:\windows\system32\wpabaln.exe

- 2004-08-04 12:00 . 2004-08-04 12:00 20480 c:\windows\system32\wmpui.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 20480 c:\windows\system32\wmpui.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 20480 c:\windows\system32\wmpcore.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 20480 c:\windows\system32\wmpcore.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 20480 c:\windows\system32\wmpcd.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 20480 c:\windows\system32\wmpcd.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 23552 c:\windows\system32\wmdmps.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 23552 c:\windows\system32\wmdmps.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 27136 c:\windows\system32\wmdmlog.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 27136 c:\windows\system32\wmdmlog.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 92672 c:\windows\system32\wlnotify.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 92672 c:\windows\system32\wlnotify.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 53760 c:\windows\system32\winsta.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 53760 c:\windows\system32\winsta.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 17408 c:\windows\system32\winshfhc.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 17408 c:\windows\system32\winshfhc.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 99328 c:\windows\system32\winscard.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 99328 c:\windows\system32\winscard.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 16896 c:\windows\system32\winrnr.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 16896 c:\windows\system32\winrnr.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 32256 c:\windows\system32\winipsec.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 75776 c:\windows\system32\wiascr.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 75776 c:\windows\system32\wiascr.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 65024 c:\windows\system32\wextract.exe

+ 2004-08-04 12:00 . 2008-04-14 00:12 68096 c:\windows\system32\webclnt.dll

+ 2004-08-04 00:56 . 2008-04-14 00:12 23552 c:\windows\system32\wdmaud.drv

- 2004-08-04 00:56 . 2004-08-04 12:00 23552 c:\windows\system32\wdmaud.drv

+ 2004-08-04 12:00 . 2009-06-25 08:25 54272 c:\windows\system32\wdigest.dll

+ 2007-10-08 16:49 . 2008-04-14 00:12 95232 c:\windows\system32\wbem\wmiutils.dll

- 2007-10-08 16:49 . 2004-08-04 12:00 95232 c:\windows\system32\wbem\wmiutils.dll

- 2007-10-08 16:49 . 2004-08-04 12:00 41472 c:\windows\system32\wbem\wmipsess.dll

+ 2007-10-08 16:49 . 2008-04-14 00:12 41472 c:\windows\system32\wbem\wmipsess.dll

+ 2007-10-08 16:49 . 2008-04-14 00:12 62464 c:\windows\system32\wbem\wmipjobj.dll

+ 2007-10-08 16:49 . 2008-04-14 00:12 61952 c:\windows\system32\wbem\wmipiprt.dll

- 2007-10-08 16:49 . 2004-08-04 12:00 60928 c:\windows\system32\wbem\wmicookr.dll

+ 2007-10-08 16:49 . 2008-04-14 00:12 60928 c:\windows\system32\wbem\wmicookr.dll

+ 2007-10-08 16:49 . 2008-04-14 00:12 88576 c:\windows\system32\wbem\wmiaprpl.dll

- 2007-10-08 16:49 . 2004-08-04 12:00 43520 c:\windows\system32\wbem\wbemsvc.dll

+ 2007-10-08 16:49 . 2008-04-14 00:12 43520 c:\windows\system32\wbem\wbemsvc.dll

- 2007-10-08 16:49 . 2004-08-04 12:00 18944 c:\windows\system32\wbem\wbemprox.dll

+ 2007-10-08 16:49 . 2008-04-14 00:12 18944 c:\windows\system32\wbem\wbemprox.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 43008 c:\windows\system32\wbem\wbemperf.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 43008 c:\windows\system32\wbem\wbemperf.dll

+ 2007-10-08 16:49 . 2008-04-14 00:12 71680 c:\windows\system32\wbem\wbemcons.dll

- 2007-10-08 16:49 . 2004-08-04 12:00 71680 c:\windows\system32\wbem\wbemcons.dll

- 2007-10-08 16:49 . 2004-08-04 12:00 86528 c:\windows\system32\wbem\stdprov.dll

+ 2007-10-08 16:49 . 2008-04-14 00:12 86528 c:\windows\system32\wbem\stdprov.dll

+ 2007-10-08 16:49 . 2008-04-14 00:12 36352 c:\windows\system32\wbem\scrcons.exe

+ 2007-10-08 16:49 . 2008-04-14 00:12 92672 c:\windows\system32\wbem\policman.dll

- 2007-10-08 16:49 . 2004-08-04 12:00 92672 c:\windows\system32\wbem\policman.dll

- 2007-10-08 16:49 . 2004-08-04 12:00 47104 c:\windows\system32\wbem\ncprov.dll

+ 2007-10-08 16:49 . 2008-04-14 00:12 47104 c:\windows\system32\wbem\ncprov.dll

- 2007-10-08 16:49 . 2004-08-04 12:00 16384 c:\windows\system32\wbem\mofcomp.exe

+ 2007-10-08 16:49 . 2008-04-14 00:12 16384 c:\windows\system32\wbem\mofcomp.exe

+ 2007-10-08 16:49 . 2008-04-14 00:11 24576 c:\windows\system32\wbem\krnlprov.dll

- 2007-10-08 16:49 . 2004-08-04 12:00 24576 c:\windows\system32\wbem\krnlprov.dll

+ 2004-08-04 12:00 . 2008-04-14 00:11 21504 c:\windows\system32\wbem\evntrprv.dll

+ 2004-08-04 12:00 . 2008-04-14 00:11 45056 c:\windows\system32\wbem\cmdevtgprov.dll

+ 2004-08-04 12:00 . 2008-04-13 18:44 17664 c:\windows\system32\watchdog.sys

- 2004-08-04 12:00 . 2004-08-04 12:00 17664 c:\windows\system32\watchdog.sys

+ 2004-08-04 12:00 . 2008-04-14 00:12 15872 c:\windows\system32\w3ssl.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 15872 c:\windows\system32\w3ssl.dll

- 2007-10-31 23:54 . 2004-08-03 22:56 53760 c:\windows\system32\vfwwdm32.dll

+ 2007-10-31 23:54 . 2008-04-14 00:12 53760 c:\windows\system32\vfwwdm32.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 18944 c:\windows\system32\version.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 18944 c:\windows\system32\version.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 26624 c:\windows\system32\verifier.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 51712 c:\windows\system32\vdmredir.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 51712 c:\windows\system32\vdmredir.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 26112 c:\windows\system32\vdmdbg.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 26112 c:\windows\system32\vdmdbg.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 30749 c:\windows\system32\vbajet32.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 30749 c:\windows\system32\vbajet32.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 50176 c:\windows\system32\utilman.exe

- 2004-08-04 12:00 . 2004-08-04 12:00 50176 c:\windows\system32\utilman.exe

- 2004-08-04 12:00 . 2004-08-04 12:00 19968 c:\windows\system32\usmt\log.dll

+ 2004-08-04 12:00 . 2008-04-14 00:11 19968 c:\windows\system32\usmt\log.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 26112 c:\windows\system32\userinit.exe

- 2004-08-04 00:56 . 2004-08-04 12:00 74240 c:\windows\system32\usbui.dll

+ 2004-08-04 00:56 . 2008-04-14 00:12 74240 c:\windows\system32\usbui.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 16896 c:\windows\system32\usbmon.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 16896 c:\windows\system32\usbmon.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 18432 c:\windows\system32\ups.exe

- 2004-08-04 12:00 . 2004-08-04 12:00 18432 c:\windows\system32\ups.exe

+ 2004-08-04 12:00 . 2008-04-14 00:12 16896 c:\windows\system32\upnpcont.exe

- 2004-08-04 12:00 . 2004-08-04 12:00 16896 c:\windows\system32\upnpcont.exe

+ 2004-08-04 12:00 . 2008-04-14 00:12 13824 c:\windows\system32\uniplat.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 13824 c:\windows\system32\uniplat.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 74240 c:\windows\system32\unimdmat.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 74240 c:\windows\system32\unimdmat.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 35840 c:\windows\system32\umandlg.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 35840 c:\windows\system32\umandlg.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 26624 c:\windows\system32\udhisapi.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 57856 c:\windows\system32\twext.dll

+ 2004-08-04 12:00 . 2008-04-14 00:13 12168 c:\windows\system32\tsddd.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 12168 c:\windows\system32\tsddd.dll

+ 2007-10-08 16:49 . 2008-04-14 00:12 93696 c:\windows\system32\tscfgwmi.dll

- 2007-10-08 16:49 . 2004-08-04 12:00 93696 c:\windows\system32\tscfgwmi.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 90112 c:\windows\system32\trkwks.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 12800 c:\windows\system32\tree.com

- 2004-08-04 12:00 . 2004-08-04 12:00 12288 c:\windows\system32\tracert.exe

+ 2004-08-04 12:00 . 2008-04-14 00:12 12288 c:\windows\system32\tracert.exe

- 2004-08-04 12:00 . 2004-08-04 12:00 73216 c:\windows\system32\tlntsvr.exe

+ 2004-08-04 12:00 . 2008-04-14 00:12 73216 c:\windows\system32\tlntsvr.exe

+ 2004-08-04 12:00 . 2009-06-12 12:31 80896 c:\windows\system32\tlntsess.exe

+ 2004-08-04 12:00 . 2008-04-14 00:12 61440 c:\windows\system32\tlntadmn.exe

- 2004-08-04 12:00 . 2004-08-04 12:00 61440 c:\windows\system32\tlntadmn.exe

+ 2004-08-04 12:00 . 2009-06-12 12:31 76288 c:\windows\system32\telnet.exe

+ 2004-08-04 12:00 . 2008-04-14 00:12 45568 c:\windows\system32\tcpmonui.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 45568 c:\windows\system32\tcpmonui.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 45568 c:\windows\system32\tcpmon.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 45568 c:\windows\system32\tcpmon.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 14848 c:\windows\system32\tcpmib.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 14848 c:\windows\system32\tcpmib.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 77824 c:\windows\system32\tasklist.exe

+ 2004-08-04 12:00 . 2008-04-14 00:12 76288 c:\windows\system32\taskkill.exe

+ 2004-08-04 12:00 . 2008-04-14 00:12 71680 c:\windows\system32\systeminfo.exe

- 2004-08-04 12:00 . 2004-08-04 12:00 57856 c:\windows\system32\synceng.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 57856 c:\windows\system32\synceng.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 14336 c:\windows\system32\svchost.exe

+ 2004-08-04 12:00 . 2008-04-14 00:12 14336 c:\windows\system32\svchost.exe

+ 2007-10-08 09:34 . 2008-04-14 00:12 74752 c:\windows\system32\storprop.dll

- 2007-10-08 09:34 . 2004-08-03 22:56 74752 c:\windows\system32\storprop.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 14848 c:\windows\system32\stimon.exe

- 2004-08-04 12:00 . 2004-08-04 12:00 14848 c:\windows\system32\stimon.exe

+ 2004-08-04 12:00 . 2008-04-14 00:12 68096 c:\windows\system32\sti.dll

+ 2007-10-08 16:49 . 2008-04-14 00:12 59392 c:\windows\system32\stclient.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 14336 c:\windows\system32\ssstars.scr

- 2004-08-04 12:00 . 2004-08-04 12:00 14336 c:\windows\system32\ssstars.scr

+ 2004-08-04 12:00 . 2008-04-14 00:12 18944 c:\windows\system32\ssmyst.scr

- 2004-08-04 12:00 . 2004-08-04 12:00 18944 c:\windows\system32\ssmyst.scr

+ 2004-08-04 12:00 . 2008-04-14 00:12 47104 c:\windows\system32\ssmypics.scr

- 2004-08-04 12:00 . 2004-08-04 12:00 47104 c:\windows\system32\ssmypics.scr

+ 2004-08-04 12:00 . 2008-04-14 00:12 20992 c:\windows\system32\ssmarque.scr

- 2004-08-04 12:00 . 2004-08-04 12:00 20992 c:\windows\system32\ssmarque.scr

+ 2004-08-04 12:00 . 2008-04-14 00:12 71680 c:\windows\system32\ssdpsrv.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 71680 c:\windows\system32\ssdpsrv.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 34816 c:\windows\system32\ssdpapi.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 34816 c:\windows\system32\ssdpapi.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 19968 c:\windows\system32\ssbezier.scr

- 2004-08-04 12:00 . 2004-08-04 12:00 19968 c:\windows\system32\ssbezier.scr

+ 2004-08-04 12:00 . 2008-04-14 00:12 96768 c:\windows\system32\srvsvc.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 96768 c:\windows\system32\srvsvc.dll

+ 2007-10-08 16:51 . 2008-04-14 00:12 67584 c:\windows\system32\srclient.dll

- 2007-10-08 16:51 . 2004-08-04 12:00 67584 c:\windows\system32\srclient.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 57856 c:\windows\system32\spoolsv.exe

- 2004-08-04 12:00 . 2004-08-04 12:00 57856 c:\windows\system32\spoolsv.exe

+ 2004-08-04 12:00 . 2008-04-14 00:12 75264 c:\windows\system32\spoolss.dll

+ 2004-08-04 12:00 . 2008-04-14 03:42 11264 c:\windows\system32\spnpinst.exe

+ 2004-08-04 12:00 . 2008-04-13 18:43 12800 c:\windows\system32\spiisupd.exe

- 2004-08-04 12:00 . 2004-08-04 12:00 12800 c:\windows\system32\spiisupd.exe

+ 2004-08-04 12:00 . 2008-04-14 00:12 24576 c:\windows\system32\sort.exe

+ 2004-08-04 12:00 . 2008-04-14 00:12 18944 c:\windows\system32\snmpapi.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 18944 c:\windows\system32\snmpapi.dll

+ 2008-09-16 09:59 . 2008-04-14 00:12 10752 c:\windows\system32\smtpapi.dll

- 2008-09-16 09:59 . 2004-08-04 12:00 10752 c:\windows\system32\smtpapi.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 50688 c:\windows\system32\smss.exe

- 2004-08-04 12:00 . 2004-08-04 12:00 50688 c:\windows\system32\smss.exe

- 2004-08-04 12:00 . 2004-08-04 12:00 89600 c:\windows\system32\smlogsvc.exe

+ 2004-08-04 12:00 . 2008-04-14 00:12 89600 c:\windows\system32\smlogsvc.exe

- 2008-09-16 09:59 . 2004-08-03 22:56 73796 c:\windows\system32\slserv.exe

+ 2008-09-16 09:59 . 2008-04-14 00:12 73796 c:\windows\system32\slserv.exe

+ 2008-09-16 09:59 . 2008-04-14 00:12 73832 c:\windows\system32\slcoinst.dll

- 2008-09-16 09:59 . 2004-08-03 22:56 73832 c:\windows\system32\slcoinst.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 98304 c:\windows\system32\slbiop.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 98304 c:\windows\system32\slbiop.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 25088 c:\windows\system32\slayerxp.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 25088 c:\windows\system32\slayerxp.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 26112 c:\windows\system32\skeys.exe

- 2004-08-04 12:00 . 2004-08-04 12:00 26112 c:\windows\system32\skeys.exe

+ 2004-08-04 12:00 . 2008-04-14 00:12 70144 c:\windows\system32\sigverif.exe

- 2004-08-04 12:00 . 2004-08-04 12:00 70144 c:\windows\system32\sigverif.exe

- 2004-08-04 12:00 . 2004-08-04 12:00 13312 c:\windows\system32\sigtab.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 13312 c:\windows\system32\sigtab.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 19456 c:\windows\system32\shutdown.exe

+ 2004-08-04 12:00 . 2008-04-14 00:12 19456 c:\windows\system32\shutdown.exe

+ 2004-08-04 12:00 . 2008-04-14 00:12 27648 c:\windows\system32\shscrap.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 27648 c:\windows\system32\shscrap.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 77824 c:\windows\system32\shrpubw.exe

- 2004-08-04 12:00 . 2004-08-04 12:00 77824 c:\windows\system32\shrpubw.exe

+ 2004-08-04 12:00 . 2008-04-14 00:12 45056 c:\windows\system32\shmgrate.exe

+ 2004-08-04 12:00 . 2008-04-14 00:12 65024 c:\windows\system32\shimeng.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 68096 c:\windows\system32\shgina.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 68096 c:\windows\system32\shgina.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 25088 c:\windows\system32\shfolder.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 25088 c:\windows\system32\shfolder.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 33792 c:\windows\system32\Setup\tabletoc.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 33792 c:\windows\system32\Setup\tabletoc.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 17408 c:\windows\system32\Setup\ocmsn.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 17408 c:\windows\system32\Setup\ocmsn.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 15360 c:\windows\system32\Setup\ocgen.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 62976 c:\windows\system32\Setup\ntoc.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 62976 c:\windows\system32\Setup\ntoc.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 77312 c:\windows\system32\Setup\netoc.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 77312 c:\windows\system32\Setup\netoc.dll

+ 2004-08-04 12:00 . 2008-04-14 00:11 15360 c:\windows\system32\Setup\msgrocm.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 15360 c:\windows\system32\Setup\msgrocm.dll

+ 2004-08-04 12:00 . 2008-04-14 00:11 90112 c:\windows\system32\Setup\msdtcstp.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 16896 c:\windows\system32\Setup\medctroc.dll

+ 2004-08-04 12:00 . 2008-04-14 00:11 16896 c:\windows\system32\Setup\medctroc.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 32828 c:\windows\system32\Setup\fp40ext.dll

+ 2004-08-04 12:00 . 2008-04-14 00:11 32828 c:\windows\system32\Setup\fp40ext.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 23040 c:\windows\system32\setup.exe

- 2004-08-04 12:00 . 2004-08-04 12:00 23040 c:\windows\system32\setup.exe

+ 2004-08-04 12:00 . 2008-04-14 00:12 31232 c:\windows\system32\sethc.exe

- 2004-08-04 12:00 . 2004-08-04 12:00 31232 c:\windows\system32\sethc.exe

+ 2007-10-08 16:49 . 2008-04-14 00:12 56320 c:\windows\system32\servdeps.dll

- 2007-10-08 16:49 . 2004-08-04 12:00 56320 c:\windows\system32\servdeps.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 39424 c:\windows\system32\sens.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 54784 c:\windows\system32\sendmail.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 29184 c:\windows\system32\sendcmsg.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 29184 c:\windows\system32\sendcmsg.dll

+ 2004-08-04 12:00 . 2009-06-25 08:25 56832 c:\windows\system32\secur32.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 18944 c:\windows\system32\seclogon.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 18944 c:\windows\system32\seclogon.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 18944 c:\windows\system32\secedit.exe

- 2004-08-04 12:00 . 2004-08-04 12:00 29184 c:\windows\system32\sdhcinst.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 29184 c:\windows\system32\sdhcinst.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 77312 c:\windows\system32\sdbinst.exe

- 2004-08-04 12:00 . 2004-08-04 12:00 77312 c:\windows\system32\sdbinst.exe

+ 2004-08-04 12:00 . 2008-04-14 00:12 20480 c:\windows\system32\sclgntfy.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 95744 c:\windows\system32\scardsvr.exe

+ 2004-08-04 12:00 . 2008-04-14 00:12 95744 c:\windows\system32\scardsvr.exe

- 2004-08-04 12:00 . 2004-08-04 12:00 69632 c:\windows\system32\scarddlg.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 69632 c:\windows\system32\scarddlg.dll

+ 2004-08-04 12:00 . 2009-02-06 10:39 35328 c:\windows\system32\sc.exe

- 2004-08-04 12:00 . 2004-08-04 12:00 13312 c:\windows\system32\savedump.exe

+ 2004-08-04 12:00 . 2008-04-14 00:12 13312 c:\windows\system32\savedump.exe

- 2004-08-04 12:00 . 2004-08-04 12:00 64000 c:\windows\system32\samlib.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 64000 c:\windows\system32\samlib.dll

+ 2007-10-08 16:51 . 2008-04-14 00:12 45568 c:\windows\system32\safrslv.dll

- 2007-10-08 16:51 . 2004-08-04 12:00 45568 c:\windows\system32\safrslv.dll

- 2007-10-08 16:51 . 2004-08-04 12:00 29696 c:\windows\system32\safrdm.dll

+ 2007-10-08 16:51 . 2008-04-14 00:12 29696 c:\windows\system32\safrdm.dll

- 2007-10-08 16:51 . 2004-08-04 12:00 43520 c:\windows\system32\safrcdlg.dll

+ 2007-10-08 16:51 . 2008-04-14 00:12 43520 c:\windows\system32\safrcdlg.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 14336 c:\windows\system32\runonce.exe

- 2004-08-04 12:00 . 2004-08-04 12:00 14336 c:\windows\system32\runonce.exe

+ 2004-08-04 12:00 . 2008-04-14 00:12 33280 c:\windows\system32\rundll32.exe

- 2004-08-04 12:00 . 2004-08-04 12:00 33280 c:\windows\system32\rundll32.exe

- 2004-08-04 12:00 . 2004-08-04 12:00 44032 c:\windows\system32\rtutils.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 44032 c:\windows\system32\rtutils.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 31744 c:\windows\system32\rtipxmib.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 31744 c:\windows\system32\rtipxmib.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 77312 c:\windows\system32\rtcshare.exe

+ 2004-08-04 12:00 . 2008-04-14 00:12 77312 c:\windows\system32\rtcshare.exe

+ 2004-08-04 12:00 . 2008-04-14 00:12 92672 c:\windows\system32\rsvpsp.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 18944 c:\windows\system32\rsmps.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 18944 c:\windows\system32\rsmps.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 39936 c:\windows\system32\rshx32.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 39936 c:\windows\system32\rshx32.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 14848 c:\windows\system32\rsh.exe

- 2004-08-04 12:00 . 2004-08-04 12:00 14848 c:\windows\system32\rsh.exe

- 2004-08-04 12:00 . 2004-08-04 12:00 13824 c:\windows\system32\rexec.exe

+ 2004-08-04 12:00 . 2008-04-14 00:12 13824 c:\windows\system32\rexec.exe

+ 2004-08-04 12:00 . 2008-04-14 00:12 58880 c:\windows\system32\resutils.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 58880 c:\windows\system32\resutils.dll

- 2007-10-08 16:49 . 2004-08-04 12:00 60416 c:\windows\system32\remotepg.dll

+ 2007-10-08 16:49 . 2008-04-14 00:12 60416 c:\windows\system32\remotepg.dll

+ 2009-12-08 12:09 . 2004-08-04 12:00 36096 c:\windows\system32\ReinstallBackups\0029\DriverFiles\i386\intelppm.sys

+ 2009-12-08 12:09 . 2004-08-04 12:00 36096 c:\windows\system32\ReinstallBackups\0028\DriverFiles\i386\intelppm.sys

+ 2009-12-08 12:09 . 2004-08-04 12:00 36096 c:\windows\system32\ReinstallBackups\0027\DriverFiles\i386\intelppm.sys

+ 2009-12-08 12:09 . 2004-08-04 12:00 36096 c:\windows\system32\ReinstallBackups\0026\DriverFiles\i386\intelppm.sys

- 2004-08-04 12:00 . 2004-08-04 12:00 11776 c:\windows\system32\regsvr32.exe

+ 2004-08-04 12:00 . 2008-04-14 00:12 11776 c:\windows\system32\regsvr32.exe

- 2004-08-04 12:00 . 2004-08-04 12:00 59904 c:\windows\system32\regsvc.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 59904 c:\windows\system32\regsvc.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 49664 c:\windows\system32\regapi.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 49664 c:\windows\system32\regapi.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 50176 c:\windows\system32\reg.exe

+ 2004-08-04 12:00 . 2008-04-14 00:12 50176 c:\windows\system32\reg.exe

- 2007-10-08 16:49 . 2004-08-04 12:00 67072 c:\windows\system32\rdshost.exe

+ 2007-10-08 16:49 . 2008-04-14 00:12 67072 c:\windows\system32\rdshost.exe

- 2007-10-08 16:49 . 2004-08-04 12:00 13824 c:\windows\system32\rdsaddin.exe

+ 2007-10-08 16:49 . 2008-04-14 00:12 13824 c:\windows\system32\rdsaddin.exe

+ 2007-10-08 16:49 . 2008-04-14 00:13 87176 c:\windows\system32\rdpwsx.dll

- 2007-10-08 16:49 . 2004-08-04 12:00 87176 c:\windows\system32\rdpwsx.dll

- 2007-10-08 16:49 . 2004-08-04 12:00 19968 c:\windows\system32\rdpsnd.dll

+ 2007-10-08 16:49 . 2008-04-14 00:12 19968 c:\windows\system32\rdpsnd.dll

+ 2004-08-04 12:00 . 2008-04-14 00:13 92424 c:\windows\system32\rdpdd.dll

+ 2007-10-08 16:49 . 2008-04-14 00:12 62976 c:\windows\system32\rdpclip.exe

+ 2004-08-04 12:00 . 2008-04-14 00:12 21504 c:\windows\system32\rcp.exe

- 2004-08-04 12:00 . 2004-08-04 12:00 21504 c:\windows\system32\rcp.exe

- 2004-08-04 12:00 . 2004-08-04 12:00 35840 c:\windows\system32\rcimlby.exe

+ 2004-08-04 12:00 . 2008-04-14 00:12 35840 c:\windows\system32\rcimlby.exe

+ 2004-08-04 12:00 . 2008-04-14 00:12 58368 c:\windows\system32\rastapi.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 16384 c:\windows\system32\rassapi.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 56832 c:\windows\system32\rasphone.exe

+ 2004-08-04 12:00 . 2008-04-14 00:12 56832 c:\windows\system32\rasphone.exe

+ 2004-08-04 12:00 . 2008-04-14 00:12 61440 c:\windows\system32\rasman.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 61440 c:\windows\system32\rasman.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 88576 c:\windows\system32\rasauto.dll

- 2007-10-08 16:51 . 2004-08-04 12:00 43520 c:\windows\system32\racpldlg.dll

+ 2007-10-08 16:51 . 2008-04-14 00:12 43520 c:\windows\system32\racpldlg.dll

+ 2007-10-08 16:49 . 2008-04-14 00:12 19968 c:\windows\system32\qprocess.exe

- 2007-10-08 16:51 . 2004-08-04 12:00 18944 c:\windows\system32\qmgrprxy.dll

+ 2007-10-08 16:51 . 2008-04-14 00:12 18944 c:\windows\system32\qmgrprxy.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 34304 c:\windows\system32\pstorsvc.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 34304 c:\windows\system32\pstorsvc.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 43520 c:\windows\system32\pstorec.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 43520 c:\windows\system32\pstorec.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 96768 c:\windows\system32\psbase.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 96768 c:\windows\system32\psbase.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 23040 c:\windows\system32\psapi.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 23040 c:\windows\system32\psapi.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 50176 c:\windows\system32\proquota.exe

+ 2004-08-04 12:00 . 2008-04-14 00:12 50176 c:\windows\system32\proquota.exe

- 2004-08-04 12:00 . 2004-08-04 12:00 27648 c:\windows\system32\profmap.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 27648 c:\windows\system32\profmap.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 17408 c:\windows\system32\powrprof.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 17408 c:\windows\system32\powrprof.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 49152 c:\windows\system32\powercfg.exe

+ 2004-08-04 12:00 . 2008-04-14 00:12 49152 c:\windows\system32\powercfg.exe

+ 2004-08-04 12:00 . 2008-04-14 00:12 58880 c:\windows\system32\pnrpnsp.dll

+ 2004-08-04 12:00 . 2009-03-08 02:31 46592 c:\windows\system32\pngfilt.dll

+ 2004-08-04 00:56 . 2008-04-14 00:12 15360 c:\windows\system32\pjlmon.dll

- 2004-08-04 00:56 . 2004-08-04 12:00 15360 c:\windows\system32\pjlmon.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 17920 c:\windows\system32\ping.exe

- 2004-08-04 12:00 . 2004-08-04 12:00 17920 c:\windows\system32\ping.exe

+ 2004-08-04 12:00 . 2008-04-14 00:11 24064 c:\windows\system32\pidgen.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 24064 c:\windows\system32\pidgen.dll

+ 2004-08-04 00:56 . 2008-04-14 00:12 35328 c:\windows\system32\pid.dll

- 2004-08-04 00:56 . 2004-08-04 12:00 35328 c:\windows\system32\pid.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 34816 c:\windows\system32\perfproc.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 34816 c:\windows\system32\perfproc.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 25088 c:\windows\system32\perfos.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 25088 c:\windows\system32\perfos.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 17920 c:\windows\system32\perfnet.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 15872 c:\windows\system32\perfmon.exe

+ 2004-08-04 12:00 . 2008-04-14 00:12 15872 c:\windows\system32\perfmon.exe

- 2004-08-04 12:00 . 2004-08-04 12:00 26624 c:\windows\system32\perfdisk.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 26624 c:\windows\system32\perfdisk.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 39936 c:\windows\system32\perfctrs.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 39936 c:\windows\system32\perfctrs.dll

+ 2004-08-04 12:00 . 2009-12-08 23:01 63254 c:\windows\system32\perfc009.dat

+ 2004-08-04 12:00 . 2008-04-14 00:12 67584 c:\windows\system32\pautoenr.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 58368 c:\windows\system32\packager.exe

- 2004-08-04 12:00 . 2004-08-04 12:00 58368 c:\windows\system32\packager.exe

- 2004-08-04 12:00 . 2004-08-04 12:00 67584 c:\windows\system32\osuninst.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 67584 c:\windows\system32\osuninst.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 67584 c:\windows\system32\openfiles.exe

+ 2004-08-04 12:00 . 2008-04-14 00:12 67584 c:\windows\system32\openfiles.exe

+ 2007-10-08 16:51 . 2008-04-14 00:12 51200 c:\windows\system32\oobe\oobebaln.exe

- 2007-10-08 16:51 . 2004-08-04 12:00 51200 c:\windows\system32\oobe\oobebaln.exe

+ 2007-10-08 16:52 . 2008-04-14 00:12 29184 c:\windows\system32\oobe\msoobe.exe

+ 2007-10-08 16:51 . 2008-04-14 00:12 19456 c:\windows\system32\oobe\msobweb.dll

+ 2007-10-08 16:51 . 2008-04-14 00:12 30720 c:\windows\system32\oobe\msobshel.dll

- 2007-10-08 16:51 . 2004-08-04 12:00 30720 c:\windows\system32\oobe\msobshel.dll

- 2007-10-08 16:51 . 2004-08-04 12:00 16384 c:\windows\system32\oobe\msobdl.dll

+ 2007-10-08 16:51 . 2008-04-14 00:12 16384 c:\windows\system32\oobe\msobdl.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 84992 c:\windows\system32\olepro32.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 37376 c:\windows\system32\olecnv32.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 74752 c:\windows\system32\olecli32.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 20511 c:\windows\system32\odtext32.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 20511 c:\windows\system32\odtext32.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 20510 c:\windows\system32\odpdx32.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 20510 c:\windows\system32\odpdx32.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 20510 c:\windows\system32\odfox32.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 20510 c:\windows\system32\odfox32.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 20510 c:\windows\system32\odexl32.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 20510 c:\windows\system32\odexl32.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 20511 c:\windows\system32\oddbse32.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 20511 c:\windows\system32\oddbse32.dll

+ 2004-08-04 12:00 . 2008-04-13 17:26 12288 c:\windows\system32\odbcp32r.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 12288 c:\windows\system32\odbcp32r.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 53279 c:\windows\system32\odbcji32.dll

+ 2004-08-04 12:00 . 2008-04-14 00:10 53279 c:\windows\system32\odbcji32.dll

+ 2004-08-04 12:00 . 2008-04-13 17:26 94208 c:\windows\system32\odbcint.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 94208 c:\windows\system32\odbcint.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 65536 c:\windows\system32\odbccu32.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 65536 c:\windows\system32\odbccu32.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 65536 c:\windows\system32\odbccr32.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 65536 c:\windows\system32\odbccr32.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 69632 c:\windows\system32\odbcconf.exe

+ 2004-08-04 12:00 . 2008-04-14 00:12 69632 c:\windows\system32\odbcconf.exe

- 2004-08-04 12:00 . 2004-08-04 12:00 24576 c:\windows\system32\odbcbcp.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 24576 c:\windows\system32\odbcbcp.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 32768 c:\windows\system32\odbcad32.exe

+ 2004-08-04 12:00 . 2008-04-14 00:12 32768 c:\windows\system32\odbcad32.exe

+ 2004-08-04 12:00 . 2008-04-14 00:12 16384 c:\windows\system32\odbc32gt.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 16384 c:\windows\system32\odbc32gt.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 67584 c:\windows\system32\ocmanage.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 65536 c:\windows\system32\nwwks.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 64000 c:\windows\system32\nwapi32.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 15360 c:\windows\system32\ntvdmd.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 91136 c:\windows\system32\ntprint.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 91136 c:\windows\system32\ntprint.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 40960 c:\windows\system32\ntmsapi.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 40960 c:\windows\system32\ntmsapi.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 44032 c:\windows\system32\ntlanman.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 67072 c:\windows\system32\ntdsapi.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 67072 c:\windows\system32\ntdsapi.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 76800 c:\windows\system32\nslookup.exe

+ 2004-08-04 12:00 . 2008-04-14 00:12 76800 c:\windows\system32\nslookup.exe

- 2004-08-04 12:00 . 2004-08-04 12:00 54784

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

 

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hi,

I'm nasdaq.

 

 

You are running the Combofix while your Antivirus is enabled.

AV: Eset NOD32 antivirus system 2.51 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

* Resident AV is active

 

Please disable NOD and scan again with ComboFix.

 

Your last Combofix was truncated. It's very long and exceeded the forum permitted length. Break it in two and post in your next two posts.

===

 

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

===

 

Please download GMER from http://www2.gmer.net/tmp/gmer.exe

 

Close any open programs/windows!

 

Open the program and click on the Rootkit/Malware tab.

 

Make sure all the boxes on the right of the screen are checked, apart from 'Show All'.

2wg8via.gif

 

Click on Scan (1).

jijosi.gif

 

When the scan has run click Copy (2) and paste the results (if any) into this thread.

Share this post


Link to post
Share on other sites

Hi,

I'm nasdaq.

 

 

You are running the Combofix while your Antivirus is enabled.

AV: Eset NOD32 antivirus system 2.51 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

* Resident AV is active

 

Please disable NOD and scan again with ComboFix.

 

Your last Combofix was truncated. It's very long and exceeded the forum permitted length. Break it in two and post in your next two posts.

===

 

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

===

 

Please download GMER from http://www2.gmer.net/tmp/gmer.exe

 

Close any open programs/windows!

 

Open the program and click on the Rootkit/Malware tab.

 

Make sure all the boxes on the right of the screen are checked, apart from 'Show All'.

2wg8via.gif

 

Click on Scan (1).

jijosi.gif

 

When the scan has run click Copy (2) and paste the results (if any) into this thread.

Share this post


Link to post
Share on other sites

ComboFix 09-12-08.04 - Aharon 12/12/2009 23:20:03.4.4 - x86

Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.2047.1405 [GMT 2:00]

Running from: c:\documents and settings\Aharon\Desktop\ComboFix.exe

* Resident AV is active

 

.

 

((((((((((((((((((((((((( Files Created from 2009-11-12 to 2009-12-12 )))))))))))))))))))))))))))))))

.

 

2009-12-08 21:14 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2009-12-08 21:13 . 2009-10-29 07:45 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2009-12-08 21:13 . 2009-10-29 07:45 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2009-12-08 21:13 . 2009-10-29 07:45 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2009-12-08 21:13 . 2009-10-29 07:45 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2009-12-08 21:13 . 2009-10-29 07:45 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

2009-12-08 21:13 . 2009-10-29 07:45 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll

2009-12-08 19:13 . 2007-12-30 03:01 307200 ----a-w- c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe

2009-12-08 19:13 . 2007-12-30 03:01 172032 ----a-w- c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe

2009-12-08 19:13 . 2007-12-30 03:01 90112 ----a-w- c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll

2009-12-08 12:38 . 2009-12-08 12:38 1962544 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe

2009-12-08 12:01 . 2009-12-08 12:56 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2009-12-08 11:09 . 2009-12-08 11:09 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2009-12-08 11:01 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll

2009-12-08 10:15 . 2004-08-04 12:00 403 -c----w- c:\windows\system32\dllcache\npdrmv2.zip

2009-12-08 10:15 . 2004-08-04 12:00 22060 -c----w- c:\windows\system32\dllcache\npds.zip

2009-12-08 10:15 . 2009-07-31 08:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll

2009-12-08 10:15 . 2008-04-13 17:27 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll

2009-12-08 10:14 . 2008-04-14 00:11 81920 ------w- c:\windows\system32\ieencode.dll

2009-12-08 10:14 . 2008-04-14 00:12 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe

2009-12-08 07:17 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys

2009-12-08 07:13 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll

2009-12-08 07:12 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe

2009-12-08 07:12 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll

2009-12-08 07:12 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll

2009-12-08 07:12 . 2009-06-25 08:25 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll

2009-12-08 07:12 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll

2009-12-08 07:12 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll

2009-12-08 07:12 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe

2009-12-08 07:12 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe

2009-12-08 07:12 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll

2009-12-08 07:12 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll

2009-12-08 07:08 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys

2009-12-08 07:08 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys

2009-12-08 07:08 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

2009-12-08 07:07 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll

2009-12-08 07:07 . 2009-08-04 15:13 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2009-12-08 07:07 . 2009-08-04 14:20 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2009-12-08 07:07 . 2009-08-04 14:20 2066048 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe

2009-12-08 07:06 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2009-12-08 01:12 . 2009-06-30 07:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys

2009-12-08 01:12 . 2009-12-08 01:12 -------- d-----w- c:\program files\Panda Security

2009-12-07 19:49 . 2009-12-07 20:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-12-07 19:49 . 2009-12-07 20:03 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-12-07 17:41 . 2009-12-07 17:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2009-12-07 12:21 . 2008-04-14 00:09 315455 -c--a-w- c:\windows\system32\dllcache\imskf.dll

2009-12-07 11:58 . 2004-08-04 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll

2009-12-07 11:58 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll

2009-12-07 11:58 . 2004-08-04 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll

2009-12-07 11:58 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll

2009-12-07 09:44 . 2004-08-04 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe

2009-11-22 22:11 . 2009-11-22 22:11 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-11-22 21:00 . 2009-11-22 21:00 -------- d-----w- c:\program files\MPIO

2009-11-19 21:39 . 2009-11-19 21:39 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\SLICKHOUND

2009-11-19 10:42 . 2009-11-19 10:42 -------- d-----w- c:\program files\Xmarks

2009-11-16 21:25 . 2009-10-20 11:33 103424 ----a-w- c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\piclens@cooliris.com\libs\pixomatic.dll

2009-11-16 21:25 . 2009-10-20 11:33 545280 ----a-w- c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe

2009-11-16 21:25 . 2009-10-20 11:33 4716544 ----a-w- c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\piclens@cooliris.com\components\cooliris.dll

2009-11-16 21:25 . 2009-10-20 11:33 344064 ----a-w- c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe

2009-11-16 21:25 . 2009-10-20 11:33 153600 ----a-w- c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll

2009-11-15 13:18 . 2009-11-16 07:20 -------- d-----w- c:\program files\Microsoft Silverlight

2009-11-15 13:16 . 2009-11-15 13:16 -------- d-----w- c:\program files\Microsoft

2009-11-13 10:34 . 2009-11-13 10:34 -------- d-----w- c:\program files\eMule

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-12 21:18 . 2007-10-09 00:04 -------- d-----w- c:\program files\ESET

2009-12-12 21:15 . 2007-10-09 19:09 25045 ----a-w- c:\windows\system32\tablet.dat

2009-12-10 22:25 . 2009-03-09 10:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater

2009-12-08 10:46 . 2007-10-08 21:16 364648 ----a-w- c:\documents and settings\Aharon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-12-07 12:18 . 2007-10-08 16:50 22764 ----a-w- c:\windows\system32\emptyregdb.dat

2009-12-07 11:17 . 2009-12-07 11:17 8 ----a-w- c:\windows\system32\config\systemprofile\Application Data\fvgqad.dat

2009-12-07 11:17 . 2009-12-07 11:17 8 ----a-w- c:\documents and settings\Aharon\Application Data\fvgqad.dat

2009-12-07 11:15 . 2009-08-25 12:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-12-07 11:15 . 2009-09-14 15:24 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-12-07 09:56 . 2009-12-07 09:56 16 ----a-w- c:\documents and settings\NetworkService\Application Data\fvgqad.dat

2009-12-07 01:18 . 2009-12-07 01:18 16 ----a-w- c:\documents and settings\LocalService\Application Data\fvgqad.dat

2009-12-07 01:18 . 2009-12-07 01:18 4 ----a-w- c:\documents and settings\Aharon\Application Data\avdrn.dat

2009-12-05 19:52 . 2007-10-08 19:46 -------- d-----w- c:\documents and settings\Aharon\Application Data\U3

2009-12-03 15:27 . 2007-10-09 21:33 -------- d-----w- c:\documents and settings\Aharon\Application Data\Canon

2009-12-03 14:14 . 2009-08-25 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-03 14:13 . 2009-08-25 12:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-01 16:29 . 2009-03-22 17:49 -------- d-----w- c:\program files\Allway Sync

2009-12-01 10:17 . 2007-11-22 09:07 -------- d-----w- c:\program files\Google

2009-11-26 21:16 . 2008-03-11 12:27 -------- d-----w- c:\documents and settings\Aharon\Application Data\Skype

2009-11-24 15:52 . 2009-08-24 13:39 -------- d-----w- c:\program files\SLICKHOUND

2009-11-23 17:28 . 2009-02-22 13:54 -------- d-----w- c:\program files\KeePass Password Safe

2009-11-23 12:30 . 2008-03-04 07:41 -------- d-----w- c:\program files\Windows Live

2009-11-22 21:00 . 2007-10-08 19:47 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-11-21 15:51 . 2004-08-04 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll

2009-11-15 09:15 . 2007-10-14 16:39 -------- d-----w- c:\program files\HishKal

2009-11-12 13:20 . 2009-11-12 13:20 79488 ----a-w- c:\documents and settings\Aharon\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

2009-11-10 22:28 . 2009-11-10 22:28 247280 ----a-w- c:\documents and settings\Aharon\Application Data\Mozilla\plugins\npgoogletalk.dll

2009-11-02 18:42 . 2009-10-12 07:51 195456 ------w- c:\windows\system32\MpSigStub.exe

2009-10-29 10:53 . 2009-10-29 10:53 -------- d-----w- c:\program files\GENIUS TABLET

2009-10-29 10:50 . 2009-10-27 10:59 88 --sha-r- c:\windows\system32\02B752B3C4.sys

2009-10-29 10:50 . 2009-10-27 10:59 848 --sha-w- c:\windows\system32\KGyGaAvL.sys

2009-10-29 10:49 . 2009-10-29 10:49 -------- d-----w- c:\program files\PENSUITEPRO

2009-10-29 07:45 . 2004-08-04 12:00 916480 ------w- c:\windows\system32\wininet.dll

2009-10-27 12:16 . 2009-10-27 12:16 -------- d-----w- c:\documents and settings\Aharon\Application Data\Doit.im.2A4FBC65A8766CA36EFEAC67D621E1CEDF0FC84D.1

2009-10-27 12:16 . 2009-10-27 12:16 -------- d-----w- c:\program files\Doit.im

2009-10-27 12:16 . 2009-03-08 15:29 -------- d-----w- c:\program files\Common Files\Adobe AIR

2009-10-27 12:11 . 2009-12-07 17:40 38208 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2009-10-27 12:11 . 2009-10-27 12:16 38208 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2009-10-27 10:59 . 2007-10-09 21:06 -------- d-----w- c:\documents and settings\Aharon\Application Data\Corel

2009-10-27 09:02 . 2009-10-27 09:01 -------- d-----w- c:\program files\Microsoft IntelliPoint

2009-10-27 09:01 . 2009-10-27 09:01 -------- d-----w- c:\program files\Microsoft IntelliType Pro

2009-10-27 08:55 . 2009-10-27 08:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel

2009-10-27 08:55 . 2007-10-09 20:52 -------- d-----w- c:\program files\Corel

2009-10-21 05:38 . 2004-08-04 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:38 . 2004-08-04 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-20 16:20 . 2004-08-04 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys

2009-10-13 10:30 . 2004-08-04 12:00 270336 ----a-w- c:\windows\system32\oakley.dll

2009-10-12 13:38 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\rastls.dll

2009-10-12 13:38 . 2004-08-04 12:00 79872 ----a-w- c:\windows\system32\raschap.dll

.

 

((((((((((((((((((((((((((((( SnapShot_2009-12-09_10.02.00 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-12-12 21:15 . 2009-12-12 21:15 16384 c:\windows\Temp\Perflib_Perfdata_164.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{1b03039f-30ec-499c-a235-3a12b105a37e}"= "c:\program files\SLICKHOUND\tbSLI1.dll" [2009-11-24 2166296]

 

[HKEY_CLASSES_ROOT\clsid\{1b03039f-30ec-499c-a235-3a12b105a37e}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1b03039f-30ec-499c-a235-3a12b105a37e}]

2009-11-24 15:52 2166296 ----a-w- c:\program files\SLICKHOUND\tbSLI1.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{1b03039f-30ec-499c-a235-3a12b105a37e}"= "c:\program files\SLICKHOUND\tbSLI1.dll" [2009-11-24 2166296]

 

[HKEY_CLASSES_ROOT\clsid\{1b03039f-30ec-499c-a235-3a12b105a37e}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{1B03039F-30EC-499C-A235-3A12B105A37E}"= "c:\program files\SLICKHOUND\tbSLI1.dll" [2009-11-24 2166296]

 

[HKEY_CLASSES_ROOT\clsid\{1b03039f-30ec-499c-a235-3a12b105a37e}]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]

@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"

[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]

2009-05-22 16:21 139264 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]

@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"

[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]

2009-05-22 16:21 139264 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]

@="{A759AFF6-5851-457D-A540-F4ECED148351}"

[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]

2009-05-22 16:21 139264 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]

@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"

[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]

2009-05-22 16:21 139264 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

"Google Update"="c:\documents and settings\Aharon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-01-05 133104]

"Copernic Desktop Search - Home"="c:\program files\Copernic Desktop Search 2\DesktopSearchService.exe" [2009-03-19 1602048]

"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]

"Xmarks"="c:\program files\Xmarks\IE Extension\xmarkssync.exe" [2009-11-12 1007616]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]

"nwiz"="nwiz.exe" [2007-05-10 1626112]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-18 188416]

"Omnipage"="c:\program files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 49152]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 624248]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-21 1501064]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]

"WTClient"="WTClient.exe" [2007-04-11 40960]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-10 81920]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-10 8429568]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2007-02-03 430080]

"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

 

c:\documents and settings\Aharon\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-17 113664]

Netvision Cable Connect.url [2009-11-10 97]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKLM\~\startupfolder\C:^Documents and Settings^Aharon^Start Menu^Programs^Startup^siszyd32.exe]

path=c:\documents and settings\Aharon\Start Menu\Programs\Startup\siszyd32.exe

backup=c:\windows\pss\siszyd32.exeStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TabUserW.exe.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk

backup=c:\windows\pss\TabUserW.exe.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]

2007-03-21 16:23 1953792 ----a-r- c:\windows\system32\xRaidSetup.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EZEHM]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2005-05-03 18:43 69632 ----a-r- c:\windows\Alcmtr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2008-01-03 13:54 486856 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ginipic]

2009-02-07 17:17 159232 ----a-w- c:\program files\Ginipic\Ginipic.Bootstrapper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2008-03-30 07:36 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]

2007-03-20 14:36 36864 ----a-r- c:\windows\RaidTool\xInsIDE.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2007-05-10 22:03 8429568 ----a-w- c:\windows\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2008-03-28 20:37 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2007-03-21 14:49 16126464 ----a-r- c:\windows\RTHDCPL.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-03-09 15:03 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=

"c:\\Program Files\\ICQ6\\ICQ.exe"=

"c:\\Documents and Settings\\Aharon\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=

"c:\\Documents and Settings\\Aharon\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server

"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server

"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server

"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

 

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [08/12/2009 03:12 28552]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [04/11/2006 03:19 13592]

R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [08/10/2007 21:47 38656]

R3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\drivers\PTSimBus.sys [07/06/2007 19:16 18944]

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16/01/2008 17:18 715248]

S2 gupdate1c9a0a1bbf2215a;שירות Google Update (gupdate1c9a0a1bbf2215a);c:\program files\Google\Update\GoogleUpdate.exe [09/03/2009 12:28 133104]

S3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\drivers\PTSimHid.sys [23/04/2007 17:28 10752]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.nana.co.il

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

FF - ProfilePath - c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - component: c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll

FF - component: c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\piclens@cooliris.com\components\cooliris.dll

FF - plugin: c:\documents and settings\Aharon\Application Data\Mozilla\Firefox\Profiles\ns1mjenj.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll

FF - plugin: c:\documents and settings\Aharon\Application Data\Mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\Aharon\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-12 23:26

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'explorer.exe'(3036)

c:\windows\system32\WININET.dll

c:\program files\ScanSoft\OmniPageSE\ophook32.dll

c:\program files\SugarSync\SugarSyncShellExt.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2009-12-12 23:30:49

ComboFix-quarantined-files.txt 2009-12-12 21:30

ComboFix2.txt 2009-12-09 10:05

ComboFix3.txt 2009-12-07 22:04

ComboFix4.txt 2009-12-07 19:29

 

Pre-Run: 36,225,568,768 bytes free

Post-Run: 36,235,108,352 bytes free

 

Current=3 Default=3 Failed=0 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8

- - End Of File - - 69CD3098B6ECBB8AA7ABD75EED9370F4

Share this post


Link to post
Share on other sites

Hi Nasdaq and thanks for helping.

 

I just posted the combo log you asked for. I had to remove Nod since for some reason, even after following the instructions you sent a link to, continue to interfere with combofix... Maybe because it was V2... I think I will install avira antivir instead - do you think it's a good idea?

 

Now here 's a part of the Gmer log. SInce it takes awfully long, I will run it during the night and se if it finds something else. So in the meantime:

 

GMER 1.0.15.15279 - http://www.gmer.net

Rootkit scan 2009-12-13 00:58:17

Windows 5.1.2600 Service Pack 3

Running: gmer.exe; Driver: C:\DOCUME~1\Aharon\LOCALS~1\Temp\axrciuow.sys

 

 

---- System - GMER 1.0.15 ----

 

Code \??\C:\DOCUME~1\Aharon\LOCALS~1\Temp\catchme.sys pIofCallDriver

 

---- Kernel code sections - GMER 1.0.15 ----

 

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB932D380, 0x2F2FC7, 0xE8000020]

? C:\WINDOWS\system32\drivers\amon.sys The system cannot find the file specified. !

? C:\DOCUME~1\Aharon\LOCALS~1\Temp\catchme.sys The system cannot find the file specified. !

? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !

 

---- Devices - GMER 1.0.15 ----

 

AttachedDevice \FileSystem\Ntfs \Ntfs amon.sys

AttachedDevice \FileSystem\Fastfat \Fat amon.sys

 

---- Registry - GMER 1.0.15 ----

 

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5C 0xA6 0xE3 0xB2 ...

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE9 0x9C 0xE2 0x18 ...

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC8 0x6C 0xC4 0x52 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5C 0xA6 0xE3 0xB2 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE9 0x9C 0xE2 0x18 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC8 0x6C 0xC4 0x52 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5C 0xA6 0xE3 0xB2 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE9 0x9C 0xE2 0x18 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC8 0x6C 0xC4 0x52 ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5C 0xA6 0xE3 0xB2 ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE9 0x9C 0xE2 0x18 ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC8 0x6C 0xC4 0x52 ...

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5C 0xA6 0xE3 0xB2 ...

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE9 0x9C 0xE2 0x18 ...

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC8 0x6C 0xC4 0x52 ...

Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5C 0xA6 0xE3 0xB2 ...

Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE9 0x9C 0xE2 0x18 ...

Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC8 0x6C 0xC4 0x52 ...

Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5C 0xA6 0xE3 0xB2 ...

Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE9 0x9C 0xE2 0x18 ...

Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC8 0x6C 0xC4 0x52 ...

Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5C 0xA6 0xE3 0xB2 ...

Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE9 0x9C 0xE2 0x18 ...

Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC8 0x6C 0xC4 0x52 ...

Share this post


Link to post
Share on other sites
I just posted the combo log you asked for. I had to remove Nod since for some reason, even after following the instructions you sent a link to, continue to interfere with combofix... Maybe because it was V2... I think I will install avira antivir instead - do you think it's a good idea?

 

NOD is as good as any other Antivirus program. Keep it up to date.

 

Nothing suspicious was found on your your logs.

 

What problem persists?

Share this post


Link to post
Share on other sites
I just posted the combo log you asked for. I had to remove Nod since for some reason, even after following the instructions you sent a link to, continue to interfere with combofix... Maybe because it was V2... I think I will install avira antivir instead - do you think it's a good idea?

 

NOD is as good as any other Antivirus program. Keep it up to date.

 

Nothing suspicious was found on your your logs.

 

What problem persists?

Share this post


Link to post
Share on other sites

Actually, no problem persists.

But I was certain that after that mega infection my PC was still infected.

Happy to know I was wrong...

Thanks a lot for your time and advice!

I wish you loads of good things!

Share this post


Link to post
Share on other sites

Time for some housekeeping


  • The following will implement some cleanup procedures as well as reset System Restore points:
     
    Click Start > Run and copy/paste the following bolded text into the Run box and click OK:
     
    ComboFix /Uninstall

Share this post


Link to post
Share on other sites

Glad we could help. :)

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0