What the Tech logo
Welcome! Register for a free account (or login) > How does it work?
  1. Quickly register. It will only take 60 seconds.
  2. Start a new topic. Ask your question. Wait for an email reply.
  3. Is your system infected? Begin reading the malware removal guide.
 register button
Closed TopicStart new topic
> [Resolved] Computer takeover, Virus & Spyware Protection Malfunctions
mesa215
post Nov 7 2009, 09:53 PM
Post #1


Authentic Member
**

Group: Authentic Member
Posts: 35
Joined: 1-January 09
From: Lewes, DE.
Member No.: 83,345
Operating System: Windows XP Home Basic
I do not know what is wrong with my computer. I went to run a scan with my pctools antivirus and it just disappeared of my scrin the middle of scanning. I tried to reopen it I gota message telling me that the exe file was corrupt and I needed to redownload. Everytime I redownload I get the same problem. I have tried to install other virus software as well and I keep getting the same problem. It seems that whatever is in my computer attaches itself to antivirus and spyware programs so they won't work. I also have a paid version of spyware detector and it ias doing the same thing. Computer is real slow and the internet explorer keeps shutting down with an error saying it has encountered a problem and needs to close. What should I do. Should I run a hijackthis scan and send you the log? I would really appreciate your help. Thanks for your time.
Go to the top of the page
 
+Quote Post
2 Pages V   1 2 >  
 Start new topic
Replies (1 - 14)
Raktor
post Nov 8 2009, 05:57 AM
Post #2


SuperMember
Group Icon

Group: Malware Team
Posts: 1,413
Joined: 29-October 08
From: Melbourne, Australia
Member No.: 82,162
Operating System: Windows 7 Professional 64bit, Windows XP Pro SP3, Mac OS X 10.5, Debian 5.0


Hi, welcome to the WTT Forums. My username is Raktor, and I would be glad to help you with your malware issues. I'd be grateful if you would note the following:

  • Absence of symptoms does not always mean the computer is clean
  • Please do not run any scans or fixes without my direction.
  • Finally, stay with this topic until I give you the final 'All clear' post.


1) exeHelper
Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

2) DDS

Please download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop.


3) RR
Please download RootRepeal.zip.
Save it to your Desktop. Alternate download links here or here.
Please print these instructions, you will not have an Internet connection!
If you have a 3rd party "unzipping" program...use it to open the zipped file...then skip to Step 5. Otherwise...
  1. Right click on RootRepeal.zip and select "Extract All"....
  2. Click Next on the "Welcome to the Compressed (zipped) Folders Extraction Wizard."
  3. Click on the Browse...button, then click on Desktop, then click OK.
  4. Once done, check (tick) the Show extracted files box and click Finish.
  5. Before running RootRepeal:
      Disconnect from the Internet as your system will be unprotected while using this tool.
      Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.
  6. Open the RootRepeal folder and double-click on RootRepeal.exe to launch it.
  7. When the program opens, click the Report tab at the bottom, then click the Scan button.
  8. In the Select Scan, dialog which asks What do you want to include in the scan?, check ALL the boxes.
  9. Click OK.
  10. In the Select Drives, dialog Please select drives to scan: select all drives showing, then click OK.
    The scan can take some time to finish. Do not use the computer while the scan is running.
    When the scan has completed, a list of files will be generated in the RootRepeal window.
  11. Click on the Save Report button and save it as "rootrepeal.txt" to your desktop.
  12. Close and exit RootRepeal
  13. Double-click on the file rootrepeal.txt... Notepad will open... copy/paste the file contents in your next reply.


Make sure to enable your anti-virus, Firewall and any other security programs you disabled.
Note: If RootRepeal cannot complete a scan and results in a crash report, try repeating the scan in "safe mode".

4) What You Will Need To Post:
  • exeHelper log
  • DDS logs
  • RR log
Go to the top of the page
 
+Quote Post
mesa215
post Nov 8 2009, 11:22 PM
Post #3


Authentic Member
**

Group: Authentic Member
Posts: 35
Joined: 1-January 09
From: Lewes, DE.
Member No.: 83,345
Operating System: Windows XP Home Basic
Thank you for helping. Unfortunately I had already ran other scans before I came to this site. I hope it didn't cause any problems. I downloaded everything. I ran the scans and here are the results:

DDS

DDS (Ver_09-10-26.01) - NTFSx86
Run by Sara & Yashe at 22:54:39.07 on Sun 11/08/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1493 [GMT -5:00]

AV: PC Tools AntiVirus 6.1.0.25 *On-access scanning enabled* (Updated) {832E7172-E406-4bb2-8B19-6D29F2C93A98}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Max Spyware Detector\MaxWatchDogService.exe
C:\Program Files\Digiarty\WinX DVD Author 5.5\NMSAccessU.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PRISMSVC.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Sara & Yashe\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://money.aol.com/?icid=AIMPro
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [CTSysVol] "c:\program files\creative\sound blaster live! 24-bit\surround mixer\CTSysVol.exe" /r
mRun: [P17Helper] "Rundll32" P17.dll,P17Helper
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [SoundMAXPnP] "c:\program files\analog devices\core\smax4pnp.exe"
mRun: [Microsoft Works Update Detection] "c:\program files\common files\microsoft shared\works shared\WkUFind.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [PCTAVApp] "c:\program files\pc tools antivirus\PCTAV.exe" /MONITORSCAN
mRun: [SDActiveMonitor] c:\program files\max spyware detector\MaxSDTray.exe "-AUTO"
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1255881411109
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: PRISMAPI.DLL - PRISMAPI.DLL
STS: PtleucosCnb.Ptleucos: {462db222-f475-4480-b981-6546c5e019da} - c:\windows\system32\ptleucos.dll

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-11-7 206256]
R2 MaxWatchDogService;MaxWatchDogService;c:\program files\max spyware detector\MaxWatchDogService.exe [2009-11-7 426928]
R2 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [2009-10-18 61526]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R3 SDActMon;SDActMon;c:\program files\max spyware detector\SDActMon.sys [2009-11-7 30128]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 gupdate1ca5829d41396fc;Google Update Service (gupdate1ca5829d41396fc);c:\program files\google\update\GoogleUpdate.exe [2009-10-28 133104]
S3 getPlusHelper;getPlus® Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2004-8-10 14336]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

=============== Created Last 30 ================

2009-11-08 23:06:34 0 d-----w- c:\program files\MSXML 4.0
2009-11-08 04:41:54 0 d-----w- c:\docume~1\sara&y~1\applic~1\PC Tools
2009-11-08 04:40:50 0 d-----w- c:\program files\Max Spyware Detector
2009-11-08 04:40:28 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-11-08 04:40:28 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-11-08 04:40:28 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-08 04:40:17 0 d-----w- c:\program files\common files\PC Tools
2009-11-08 04:40:16 28560 ----a-w- c:\windows\system32\drivers\AVHook.sys
2009-11-08 04:40:16 21904 ----a-w- c:\windows\system32\drivers\AVRec.sys
2009-11-08 04:40:16 21904 ----a-w- c:\windows\system32\drivers\AVFilter.sys
2009-11-08 04:40:00 0 d-----w- c:\program files\PC Tools AntiVirus
2009-11-08 04:26:32 0 d-sha-r- C:\cmdcons
2009-11-08 04:25:49 77312 ----a-w- c:\windows\MBR.exe
2009-11-08 04:25:49 267264 ----a-w- c:\windows\PEV.exe
2009-11-08 04:25:49 161792 ----a-w- c:\windows\SWREG.exe
2009-11-08 04:12:35 0 d-----w- c:\docume~1\sara&y~1\applic~1\Malwarebytes
2009-11-08 04:12:30 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-08 03:47:05 0 d-----w- c:\docume~1\alluse~1\applic~1\SITEguard
2009-11-08 03:46:11 0 d-----w- c:\program files\common files\iS3
2009-11-08 03:44:45 0 d-----w- c:\program files\Trend Micro
2009-11-08 03:30:17 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-08 03:30:17 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-11-08 02:24:01 0 d-----w- c:\program files\Ask.com
2009-11-08 02:23:40 0 d-----w- c:\program files\MSSOAP
2009-11-08 02:23:22 0 d-----w- c:\docume~1\sara&y~1\applic~1\Webroot
2009-11-08 02:19:21 164 ----a-w- c:\windows\install.dat
2009-11-07 09:53:33 0 d-----w- c:\program files\common files\xing shared
2009-11-07 09:53:13 0 d-----w- c:\program files\common files\Real
2009-11-07 07:49:10 0 d-----w- c:\docume~1\sara&y~1\applic~1\Spam Monitor
2009-11-07 07:43:43 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2009-11-07 00:18:53 0 ----a-r- c:\windows\win32k.sys
2009-11-05 02:54:20 0 d-----w- c:\docume~1\sara&y~1\applic~1\AIMPro
2009-11-05 02:40:05 0 d-----w- c:\program files\common files\Nullsoft
2009-11-05 02:39:56 0 d-----w- c:\program files\AIM
2009-11-02 20:39:43 0 d-----w- c:\docume~1\alluse~1\applic~1\Vantage
2009-11-02 20:39:33 0 d-----w- c:\docume~1\sara&y~1\applic~1\Vantage
2009-11-02 20:39:29 0 d-----w- c:\program files\Vantage Technologies
2009-10-31 16:52:32 0 d-----w- c:\docume~1\sara&y~1\applic~1\Alawar
2009-10-31 05:11:34 0 d-----w- c:\docume~1\sara&y~1\applic~1\GTM_Bodie
2009-10-28 23:54:00 0 d-----w- c:\program files\Zylom Games
2009-10-28 23:54:00 0 d-----w- c:\docume~1\alluse~1\applic~1\Zylom
2009-10-28 23:42:38 0 d-----w- c:\docume~1\alluse~1\applic~1\HipSoft
2009-10-28 09:44:22 0 d-----w- c:\windows\system32\appmgmt
2009-10-28 08:42:53 0 d-----w- c:\docume~1\alluse~1\applic~1\Princess Isabella
2009-10-28 08:40:05 0 d-----w- C:\GameHouse Games
2009-10-28 08:39:14 0 d-----w- c:\program files\RealArcade
2009-10-28 07:00:22 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-10-27 16:27:46 0 d-----w- c:\program files\common files\HP
2009-10-27 16:25:51 0 d-----w- c:\program files\common files\Hewlett-Packard
2009-10-27 16:25:16 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2009-10-27 16:25:11 51120 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2009-10-27 16:24:46 21744 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2009-10-27 16:24:04 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2009-10-27 16:24:04 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2009-10-27 16:24:04 61440 ----a-w- c:\windows\system32\HPZinw12.exe
2009-10-27 16:24:04 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2009-10-27 16:24:04 278584 ----a-w- c:\windows\system32\HPZidr12.dll
2009-10-27 16:24:04 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2009-10-27 16:24:02 306688 ----a-w- c:\windows\IsUninst.exe
2009-10-26 22:09:12 0 d-----w- c:\program files\Digiarty
2009-10-26 21:04:36 0 d-----w- c:\docume~1\sara&y~1\applic~1\IObit
2009-10-26 21:04:35 0 d-----w- c:\program files\IObit
2009-10-25 01:18:57 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2009-10-25 01:18:18 0 d-----w- c:\temp\MTGOInstall
2009-10-25 01:18:18 0 d-----w- C:\Temp
2009-10-25 01:11:06 0 d-----w- c:\docume~1\sara&y~1\applic~1\Wizards of the Coast
2009-10-25 01:10:53 0 d-----w- c:\program files\Wizards of the Coast
2009-10-25 00:58:22 0 d-----w- c:\docume~1\alluse~1\applic~1\Trymedia
2009-10-25 00:51:22 0 d-----w- c:\docume~1\sara&y~1\applic~1\MagicBall4
2009-10-25 00:50:15 0 d-----w- c:\program files\ReflexiveArcade
2009-10-19 05:44:44 1089593 -c----w- c:\windows\system32\dllcache\ntprint.cat
2009-10-19 01:20:15 0 d-----w- c:\windows\system32\XPSViewer
2009-10-19 01:19:36 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-19 01:19:36 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-19 01:19:36 117760 ------w- c:\windows\system32\prntvpt.dll
2009-10-19 01:19:35 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-10-19 01:19:35 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-10-19 01:19:35 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-10-19 01:19:35 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-10-19 01:19:34 0 d-----w- C:\a77d5422197f8a293a93ceaf97fafe2f
2009-10-19 01:14:15 501912 ----a-w- c:\windows\system32\PICSDK2.dll
2009-10-19 01:14:15 31053 ----a-w- c:\windows\system32\EPPICPattern131.dat
2009-10-19 01:14:15 27417 ----a-w- c:\windows\system32\EPPICPattern121.dat
2009-10-19 01:14:15 108704 ----a-w- c:\windows\system32\PICEntry.dll
2009-10-19 00:35:58 0 d-----w- C:\EPSONREG
2009-10-19 00:34:22 11776 ----a-w- c:\windows\system32\drivers\afc.sys
2009-10-19 00:32:02 264886 ----a-w- c:\windows\EPSTPLOG.BAK
2009-10-19 00:31:25 44 ----a-w- c:\windows\EPCX4800.ini
2009-10-19 00:30:42 0 d-----w- c:\program files\EPSON
2009-10-19 00:30:34 79679 ----a-w- c:\windows\system32\E_FLMADA.DLL
2009-10-19 00:30:34 64000 ----a-w- c:\windows\system32\E_FBCBADA.DLL
2009-10-19 00:30:34 34304 ----a-w- c:\windows\system32\E_FBCHADA.DLL
2009-10-19 00:29:48 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-10-19 00:29:48 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-10-19 00:29:33 22016 ----a-w- c:\windows\system32\esccmd.dll
2009-10-19 00:29:32 46080 ----a-w- c:\windows\system32\escimgd.dll
2009-10-19 00:29:32 29696 ----a-w- c:\windows\system32\escwiad.dll
2009-10-19 00:29:30 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-10-19 00:29:30 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-10-18 23:56:17 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-10-18 23:56:17 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2009-10-18 20:00:08 929 ----a-w- c:\windows\system32\drivers\ativcaxx.vp
2009-10-18 20:00:08 6684672 ----a-w- c:\windows\system32\atioglx1.dll
2009-10-18 20:00:08 6005 ----a-w- c:\windows\system32\atifglpf.xml
2009-10-18 20:00:08 58560 ----a-w- c:\windows\system32\drivers\ativckxx.vp
2009-10-18 20:00:08 40960 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-10-18 20:00:08 27232 ----a-w- c:\windows\system32\drivers\ativvpxx.vp
2009-10-18 20:00:08 151552 ----a-w- c:\windows\system32\atikvmag.dll
2009-10-18 20:00:08 114630 ----a-w- c:\windows\system32\atiicdxx.dat
2009-10-18 20:00:08 1114674 ----a-w- c:\windows\system32\drivers\ativcaxx.cpa
2009-10-18 20:00:00 5 ----a-w- c:\windows\system32\drivers\DELL_DIM_4700.MRK
2009-10-18 20:00:00 5 ----a-w- c:\windows\system32\drivers\1028_DELL_DIM_4700.MRK
2009-10-18 19:57:50 0 d-----w- c:\program files\Dell
2009-10-18 19:57:10 0 d-----w- c:\docume~1\alluse~1\applic~1\Prism
2009-10-18 19:57:08 61526 ----a-w- c:\windows\system32\PRISMSVC.exe
2009-10-18 19:57:08 49152 ----a-w- c:\windows\system32\StopSrvr.exe
2009-10-18 19:57:08 450646 ----a-w- c:\windows\system32\PRISMAPI.dll
2009-10-18 19:57:08 381014 ----a-w- c:\windows\system32\PRISMSVR.exe
2009-10-18 19:57:08 0 d-----w- c:\program files\Dell Wireless
2009-10-18 19:57:05 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-10-18 19:57:05 1396827 ----a-w- c:\windows\system32\PRISME5.dll
2009-10-18 19:53:43 588 ----a-w- c:\windows\system32\settingsbkup.sfm
2009-10-18 19:53:43 588 ----a-w- c:\windows\system32\settings.sfm
2009-10-18 19:30:33 62976 -c----w- c:\windows\system32\dllcache\cdrom.sys
2009-10-18 19:30:32 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll
2009-10-18 19:30:32 465920 ------w- c:\windows\system32\imapi2fs.dll
2009-10-18 19:30:32 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll
2009-10-18 19:30:32 317952 ------w- c:\windows\system32\imapi2.dll
2009-10-18 18:48:27 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2009-10-18 18:26:36 0 d-----w- c:\program files\Essentials Codec Pack
2009-10-18 18:21:21 0 d-----w- c:\program files\VideoLAN
2009-10-18 17:54:58 0 d-----w- c:\docume~1\sara&y~1\applic~1\LimeWire
2009-10-18 17:54:40 0 d-----w- c:\program files\LimeWire
2009-10-18 17:51:35 0 d-----w- c:\program files\Microsoft
2009-10-18 17:50:35 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-10-18 17:50:35 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-18 17:45:30 0 d-----w- c:\windows\system32\Adobe
2009-10-18 16:16:20 376 ----a-w- c:\windows\ODBC.INI
2009-10-18 16:16:15 28040 ----a-w- c:\windows\system32\mdimon.dll
2009-10-18 16:15:23 0 d-----w- c:\program files\Microsoft ActiveSync
2009-10-18 16:13:32 0 d-----w- c:\windows\SHELLNEW
2009-10-18 16:04:42 0 d-----w- c:\program files\Microsoft Picture It! 9
2009-10-18 15:59:23 0 d-----w- c:\program files\Microsoft Works Suite 2004
2009-10-18 15:50:27 0 d-sh--w- c:\documents and settings\sara & yashe\IECompatCache
2009-10-18 15:49:58 0 d-sh--w- c:\documents and settings\sara & yashe\PrivacIE
2009-10-18 15:38:58 331776 ------w- c:\windows\system32\CTMEDENG.DLL
2009-10-18 15:38:57 24576 ----a-w- c:\windows\system32\CTMERes.DLL
2009-10-18 15:38:57 139264 ----a-w- c:\windows\system32\Video.skn
2009-10-18 15:38:20 692 ----a-w- c:\windows\system32\USBAudio.cpl.manifest
2009-10-18 15:38:20 45390 ----a-w- c:\windows\system32\usbaudio.chm
2009-10-18 15:38:20 176128 ----a-w- c:\windows\system32\USBAudio.cpl
2009-10-18 15:38:20 135168 ----a-w- c:\windows\system32\USBAudio.crl
2009-10-18 15:37:29 0 d-----w- c:\program files\Creative
2009-10-18 15:12:11 0 d-----w- c:\windows\system32\scripting
2009-10-18 15:12:10 0 d-----w- c:\windows\system32\en
2009-10-18 15:12:10 0 d-----w- c:\windows\system32\bits
2009-10-18 15:12:10 0 d-----w- c:\windows\l2schemas
2009-10-18 15:08:56 0 d-----w- c:\windows\network diagnostic
2009-10-18 12:45:00 0 d-----w- c:\windows\system32\ReinstallBackups
2009-10-18 12:42:08 520192 ------w- c:\windows\system32\ati2sgag.exe
2009-10-18 12:41:29 0 d-----w- c:\program files\ATI Technologies
2009-10-18 12:36:10 1902 ------w- c:\windows\system32\SetupBD.din
2009-10-18 12:35:20 5110 ----a-w- c:\windows\system32\e100b325.din
2009-10-18 12:35:20 24064 ----a-w- c:\windows\system32\IntelNic.dll
2009-10-18 12:35:20 154112 -c--a-w- c:\windows\system32\dllcache\e100b325.sys
2009-10-18 12:35:20 154112 ----a-w- c:\windows\system32\drivers\e100b325.sys
2009-10-18 12:35:20 12288 ----a-w- c:\windows\system32\e100bmsg.dll
2009-10-18 12:35:20 118784 ----a-w- c:\windows\system32\Prounstl.exe
2009-10-18 12:35:20 0 d-----w- C:\drvrtmp
2009-10-18 12:30:09 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2009-10-18 12:30:07 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2009-10-18 12:30:05 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2009-10-18 12:28:56 65536 ----a-w- c:\windows\system32\Audio3d.dll
2009-10-18 12:28:56 0 d-----w- c:\windows\VirtualEar
2009-10-18 12:28:55 991232 ----a-w- c:\windows\system32\virtear.dll
2009-10-18 12:28:53 0 d-----w- c:\program files\Analog Devices
2009-10-18 12:28:52 49152 ----a-w- c:\windows\system32\DSndUp.exe
2009-10-18 12:28:52 45056 ----a-w- c:\windows\system32\CleanUp.exe
2009-10-18 12:28:14 260352 ----a-w- c:\windows\system32\drivers\smwdm.sys
2009-10-18 12:28:12 732928 ----a-w- c:\windows\system32\drivers\senfilt.sys
2009-10-18 12:28:12 23040 ----a-w- c:\windows\system32\PostProc.dll
2009-10-18 12:28:11 311296 ----a-w- c:\windows\system32\Edcrypt.dll
2009-10-18 12:28:10 765952 ----a-w- c:\windows\system\crlds3d.dll
2009-10-18 12:26:38 446464 ----a-r- c:\windows\system32\hhactivex.dll
2009-10-18 12:26:38 176128 ----a-w- c:\windows\system32\RcdScan.dll
2009-10-18 12:26:37 645616 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2009-10-18 12:26:37 414944 ----a-w- c:\windows\system32\COMCT332.OCX
2009-10-18 12:26:37 328480 ----a-w- c:\windows\system32\ssa3d30.ocx
2009-10-18 12:26:35 7348 ----a-w- c:\windows\system32\Odbcjet.cnt
2009-10-18 12:26:35 171967 ----a-w- c:\windows\system32\Odbcjet.hlp
2009-10-18 12:26:29 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2009-10-18 12:26:21 13632 ------w- c:\windows\system32\drivers\omci.sys
2009-10-18 08:30:51 0 d-sh--w- c:\documents and settings\sara & yashe\IETldCache
2009-10-18 08:25:06 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-10-18 08:25:05 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-10-18 08:25:04 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-10-18 08:25:04 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-18 08:25:04 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-10-18 08:25:03 11069440 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-10-18 08:24:55 0 d-----w- c:\windows\ie8updates
2009-10-18 08:24:42 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-10-18 08:21:50 0 dc-h--w- c:\windows\ie8
2009-10-18 06:41:07 0 d-----w- c:\windows\ServicePackFiles
2009-10-18 04:22:55 11868 ------w- c:\windows\system32\drivers\mdmxsdk.sys
2009-10-18 04:22:45 1041536 ------w- c:\windows\system32\drivers\hsfdpsp2.sys
2009-10-18 04:22:44 685056 ------w- c:\windows\system32\drivers\hsfcxts2.sys
2009-10-18 04:22:44 220032 ------w- c:\windows\system32\drivers\hsfbs2s2.sys
2009-10-18 04:22:26 129045 ------w- c:\windows\system32\drivers\cxthsfs2.cty
2009-10-18 04:02:44 0 d-sh--w- c:\documents and settings\sara & yashe\UserData
2009-10-18 03:39:47 499712 ----a-w- c:\windows\system32\CheckDll.dll
2009-10-18 03:31:07 123 ----a-w- c:\windows\system\SysSD.dll
2009-10-18 03:29:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-10-18 03:29:09 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-10-18 03:28:09 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-10-18 03:28:08 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-10-18 03:28:07 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-10-18 03:28:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-10-18 03:27:50 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-10-18 03:27:04 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-10-18 03:27:04 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-10-18 03:26:15 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-10-18 03:26:15 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-10-18 03:26:15 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-10-18 03:26:15 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-10-18 03:26:15 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-10-18 03:26:15 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-10-18 03:26:14 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-10-18 03:26:14 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-10-18 03:26:14 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-10-18 03:26:14 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-10-18 03:26:13 2189184 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-10-18 03:26:13 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-10-18 03:25:36 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-10-18 03:21:42 0 d-----w- c:\windows\system32\PreInstall
2009-10-18 03:18:03 0 d-----w- c:\windows\RegisteredPackages
2009-10-18 03:16:25 46592 ------w- c:\windows\system32\drivers\irbus.sys
2009-10-18 03:16:25 19200 ------w- c:\windows\system32\drivers\hidir.sys
2009-10-18 03:15:25 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-10-18 03:13:32 0 d-----w- c:\windows\system32\URTTemp
2009-10-18 03:13:12 0 d-----w- c:\program files\RGB
2009-10-18 03:11:25 0 d-----w- c:\program files\DIGStream
2009-10-18 03:11:23 0 d-----w- c:\program files\ESPNMotion
2009-10-18 03:11:21 0 d-----w- c:\program files\GemMaster
2009-10-18 03:11:19 0 d-----w- c:\program files\EnglishOtto
2009-10-18 03:06:45 0 d-----w- c:\windows\system32\SoftwareDistribution
2009-10-18 03:02:17 0 d-s---w- c:\windows\system32\Microsoft
2009-10-18 02:51:48 0 d-sh--w- c:\documents and settings\all users\DRM
2009-10-18 02:51:30 0 d--h--w- c:\program files\WindowsUpdate
2009-10-18 02:50:49 0 d-----w- c:\program files\common files\MSSoap
2009-10-18 02:48:32 0 d-----w- c:\program files\Windows Plus
2009-10-18 02:47:31 0 d-----w- c:\program files\Messenger
2009-10-18 02:47:28 0 d-----w- c:\program files\MSN Gaming Zone
2009-10-18 02:46:59 0 d-----w- c:\program files\Windows NT
2009-10-17 21:39:47 0 d-----w- c:\program files\common files\ODBC
2009-10-17 21:39:44 0 d-----w- c:\program files\common files\SpeechEngines
2009-10-17 21:39:25 0 d-----r- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-11-07 09:53:17 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-11-07 09:53:17 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-10-18 02:49:23 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-09-25 05:48:59 81920 ------w- c:\windows\system32\ieencode.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08:21 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2001-03-30 17:04:42 32768 --sha-r- c:\windows\system32\pcrelayin.dll
2001-03-30 17:04:48 372736 --sha-r- c:\windows\system32\ptleucos.dll

============= FINISH: 22:54:55.59 ===============



exeHelper by Raktor
Build 20091021
Run at 22:51:59 on 11/08/09
Now searching...
Checking for numerical processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/08 22:58
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: mchInjDrv.sys
Image Path: C:\WINDOWS\system32\Drivers\mchInjDrv.sys
Address: 0xBAF19000 Size: 2560 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xAF332000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.ISOImage.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.ISOImage.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\DellDriverDownloadManager.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\DellDriverDownloadManager.exe.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\DellDriverDownloadManager.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\DellDriverDownloadManager.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Core.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Core.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Interop.IWshRuntimeLibrary.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Interop.IWshRuntimeLibrary.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\stdole.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\stdole.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Xceed.Compression.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Xceed.Compression.manifest
Status: Locked to the Windows API!

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "PCTCore.sys" at address 0xba6b2d72

#: 047 Function Name: NtCreateProcess
Status: Hooked by "PCTCore.sys" at address 0xba6939a6

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "PCTCore.sys" at address 0xba693b98

#: 063 Function Name: NtDeleteKey
Status: Hooked by "PCTCore.sys" at address 0xba6b3568

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "PCTCore.sys" at address 0xba6b3820

#: 119 Function Name: NtOpenKey
Status: Hooked by "PCTCore.sys" at address 0xba6b1a80

#: 192 Function Name: NtRenameKey
Status: Hooked by "PCTCore.sys" at address 0xba6b3c8a

#: 247 Function Name: NtSetValueKey
Status: Hooked by "PCTCore.sys" at address 0xba6b3036

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "PCTCore.sys" at address 0xba693656

==EOF==
Go to the top of the page
 
+Quote Post
Raktor
post Nov 11 2009, 05:59 AM
Post #4


SuperMember
Group Icon

Group: Malware Team
Posts: 1,413
Joined: 29-October 08
From: Melbourne, Australia
Member No.: 82,162
Operating System: Windows 7 Professional 64bit, Windows XP Pro SP3, Mac OS X 10.5, Debian 5.0
Sorry for the delay, I accidentally missed your reply.

After the scans you have now completed, are you still experiencing problems?
Go to the top of the page
 
+Quote Post
mesa215
post Nov 11 2009, 10:27 AM
Post #5


Authentic Member
**

Group: Authentic Member
Posts: 35
Joined: 1-January 09
From: Lewes, DE.
Member No.: 83,345
Operating System: Windows XP Home Basic
Yes, The computer is extremely slow and I have to keep running my spyware detector because I keep getting a message that I need to download a virus software which I know not to download. my spyware detector quarentines it but it seems to come back. What else can I do?
Go to the top of the page
 
+Quote Post
Raktor
post Nov 11 2009, 09:46 PM
Post #6


SuperMember
Group Icon

Group: Malware Team
Posts: 1,413
Joined: 29-October 08
From: Melbourne, Australia
Member No.: 82,162
Operating System: Windows 7 Professional 64bit, Windows XP Pro SP3, Mac OS X 10.5, Debian 5.0
Download Combofix from any of the links below.

Link 1
Link 2


==================================

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.
Go to the top of the page
 
+Quote Post
mesa215
post Nov 12 2009, 04:20 AM
Post #7


Authentic Member
**

Group: Authentic Member
Posts: 35
Joined: 1-January 09
From: Lewes, DE.
Member No.: 83,345
Operating System: Windows XP Home Basic
I ran ComboFix. Here is the log:

ComboFix 09-11-11.02 - Sara & Yashe 11/12/2009 5:01.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1457 [GMT -5:00]
Running from: c:\documents and settings\Sara & Yashe\Desktop\ComboFix.exe
AV: PC Tools AntiVirus 6.1.0.25 *On-access scanning enabled* (Updated) {832E7172-E406-4bb2-8B19-6D29F2C93A98}
.

((((((((((((((((((((((((( Files Created from 2009-10-12 to 2009-11-12 )))))))))))))))))))))))))))))))
.

2009-11-12 02:03 . 2009-11-12 02:03 -------- d-----w- c:\program files\Conduit
2009-11-12 02:03 . 2009-11-12 02:03 -------- d-----w- c:\documents and settings\Sara & Yashe\Local Settings\Application Data\Conduit
2009-11-12 02:03 . 2009-11-12 02:04 -------- d-----w- c:\documents and settings\Sara & Yashe\Local Settings\Application Data\IObitCom
2009-11-12 02:02 . 2009-11-12 02:03 -------- d-----w- c:\program files\IObitCom
2009-11-12 02:02 . 2009-11-04 21:49 635664 ----a-w- c:\documents and settings\Sara & Yashe\Application Data\IObit\Common\TB_Helper.exe
2009-11-12 01:51 . 2004-08-10 11:00 57398 -c--a-w- c:\windows\system32\dllcache\imjpdadm.exe
2009-11-12 01:51 . 2004-08-10 11:00 45109 -c--a-w- c:\windows\system32\dllcache\imjpuex.exe
2009-11-12 01:51 . 2004-08-10 11:00 6656 -c--a-w- c:\windows\system32\dllcache\c_is2022.dll
2009-11-12 01:51 . 2004-08-10 11:00 6656 ----a-w- c:\windows\system32\c_is2022.dll
2009-11-12 01:49 . 2001-08-18 03:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2009-11-12 01:49 . 2001-08-18 03:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2009-11-12 01:49 . 2001-08-18 03:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2009-11-12 01:49 . 2001-08-18 03:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2009-11-12 01:49 . 2001-08-17 19:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2009-11-12 01:49 . 2001-08-17 19:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2009-11-12 01:49 . 2001-08-17 19:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2009-11-12 01:49 . 2001-08-17 19:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2009-11-12 01:49 . 2001-08-17 19:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2009-11-12 01:49 . 2001-08-17 19:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2009-11-12 01:49 . 2008-04-14 01:09 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2009-11-12 01:49 . 2008-04-14 01:09 6144 ----a-w- c:\windows\system32\kbd106.dll
2009-11-11 22:13 . 2009-11-11 22:13 -------- d-----w- c:\documents and settings\Nani\Local Settings\Application Data\Temp
2009-11-09 03:55 . 2009-11-09 03:55 0 ----a-w- c:\documents and settings\Sara & Yashe\settings.dat
2009-11-08 23:06 . 2009-11-08 23:06 -------- d-----w- c:\program files\MSXML 4.0
2009-11-08 04:41 . 2009-11-08 04:41 -------- d-----w- c:\documents and settings\Sara & Yashe\Application Data\PC Tools
2009-11-08 04:40 . 2009-11-12 07:04 -------- d-----w- c:\program files\Max Spyware Detector
2009-11-08 04:40 . 2009-08-24 19:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-08 04:40 . 2009-08-19 16:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-11-08 04:40 . 2009-11-08 04:40 -------- d-----w- c:\program files\Common Files\PC Tools
2009-11-08 04:40 . 2009-02-10 15:13 21904 ----a-w- c:\windows\system32\drivers\AVRec.sys
2009-11-08 04:40 . 2009-02-10 15:13 28560 ----a-w- c:\windows\system32\drivers\AVHook.sys
2009-11-08 04:40 . 2009-02-10 15:13 21904 ----a-w- c:\windows\system32\drivers\AVFilter.sys
2009-11-08 04:40 . 2009-11-12 10:02 -------- d-----w- c:\program files\PC Tools AntiVirus
2009-11-08 04:12 . 2009-11-08 04:12 -------- d-----w- c:\documents and settings\Sara & Yashe\Application Data\Malwarebytes
2009-11-08 04:12 . 2009-11-08 04:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-08 03:47 . 2009-11-08 03:47 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-11-08 03:46 . 2009-11-08 03:46 -------- d-----w- c:\program files\Common Files\iS3
2009-11-08 03:44 . 2009-11-08 03:44 -------- d-----w- c:\program files\Trend Micro
2009-11-08 03:30 . 2009-11-08 03:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-08 03:30 . 2009-11-08 03:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-08 02:28 . 2009-11-08 02:30 -------- d-----w- c:\documents and settings\Sara & Yashe\Local Settings\Application Data\AskToolbar
2009-11-08 02:24 . 2009-11-08 02:24 -------- d-----w- c:\program files\Ask.com
2009-11-08 02:23 . 2009-11-08 02:23 -------- d-----w- c:\program files\MSSOAP
2009-11-08 02:23 . 2009-11-08 04:01 -------- d-----w- c:\documents and settings\Sara & Yashe\Application Data\Webroot
2009-11-08 02:19 . 2009-11-08 02:19 164 ----a-w- c:\windows\install.dat
2009-11-08 00:04 . 2009-11-08 00:04 -------- d-----w- c:\program files\NOS
2009-11-07 09:53 . 2009-11-07 09:53 -------- d-----w- c:\program files\Common Files\xing shared
2009-11-07 09:53 . 2009-11-07 09:53 -------- d-----w- c:\program files\Common Files\Real
2009-11-07 09:53 . 2009-11-07 09:53 -------- d-----w- c:\program files\Real
2009-11-07 08:20 . 2009-11-07 08:20 -------- d-----w- c:\documents and settings\LocalService\Application Data\PCToolsFirewallPlus
2009-11-07 08:20 . 2009-11-07 08:20 -------- d-----w- c:\documents and settings\LocalService\Application Data\Spam Monitor
2009-11-07 07:49 . 2009-11-07 07:49 -------- d-----w- c:\documents and settings\Sara & Yashe\Application Data\Spam Monitor
2009-11-07 07:48 . 2009-11-07 07:48 -------- d-----w- c:\documents and settings\Sara & Yashe\Local Settings\Application Data\Threat Expert
2009-11-07 07:43 . 2009-11-08 04:41 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-11-07 00:18 . 2009-11-08 04:02 0 ----a-r- c:\windows\win32k.sys
2009-11-06 23:33 . 2009-11-06 23:33 64744 ----a-w- c:\documents and settings\Nani\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-06 23:21 . 2009-11-06 23:21 -------- d-----w- c:\documents and settings\Nani\Local Settings\Application Data\Adobe
2009-11-06 15:23 . 2009-11-06 15:23 -------- d-----w- c:\documents and settings\Nani\Application Data\acccore
2009-11-06 15:23 . 2009-11-06 15:23 -------- d-----w- c:\documents and settings\Nani\Application Data\AIMPro
2009-11-05 21:28 . 2009-11-05 21:28 -------- d-----w- c:\documents and settings\Sara & Yashe\Local Settings\Application Data\Identities
2009-11-05 02:54 . 2009-11-05 02:54 -------- d-----w- c:\documents and settings\Sara & Yashe\Application Data\acccore
2009-11-05 02:54 . 2009-11-05 02:54 -------- d-----w- c:\documents and settings\Sara & Yashe\Application Data\AIMPro
2009-11-05 02:40 . 2009-11-05 02:40 -------- d-----w- c:\program files\Common Files\Nullsoft
2009-11-05 02:39 . 2009-11-05 02:39 -------- d-----w- c:\program files\AIM
2009-11-05 02:39 . 2009-11-05 02:39 -------- d-----w- c:\documents and settings\Sara & Yashe\Application Data\AIM
2009-11-04 02:47 . 2009-11-05 15:19 152576 ----a-w- c:\documents and settings\Sara & Yashe\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-02 20:39 . 2009-11-02 20:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Vantage
2009-11-02 20:39 . 2009-11-02 20:39 -------- d-----w- c:\documents and settings\Sara & Yashe\Application Data\Vantage
2009-11-02 20:39 . 2009-11-02 20:39 -------- d-----w- c:\program files\Vantage Technologies
2009-11-02 02:56 . 2009-11-08 16:18 -------- d-----w- c:\documents and settings\Nani\Application Data\vlc
2009-11-02 02:52 . 2009-11-02 02:52 -------- d-sh--w- c:\documents and settings\Nani\PrivacIE
2009-10-31 16:52 . 2009-10-31 16:52 -------- d-----w- c:\documents and settings\Sara & Yashe\Application Data\Alawar
2009-10-31 05:11 . 2009-10-31 05:12 -------- d-----w- c:\documents and settings\Sara & Yashe\Application Data\GTM_Bodie
2009-10-29 00:08 . 2009-11-01 03:08 -------- d-----w- c:\documents and settings\Sara & Yashe\Local Settings\Application Data\Temp
2009-10-29 00:08 . 2009-10-29 00:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-10-28 23:54 . 2009-10-28 23:54 -------- d-----w- c:\program files\Zylom Games
2009-10-28 23:54 . 2009-10-28 23:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Zylom
2009-10-28 23:54 . 2009-07-02 15:19 102400 ----a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
2009-10-28 23:54 . 2004-12-20 16:17 147456 ----a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylomgamesplayer.dll
2009-10-28 23:53 . 2009-10-28 23:53 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-10-28 23:53 . 2009-11-01 18:05 -------- d-----w- c:\documents and settings\Sara & Yashe\Local Settings\Application Data\Google
2009-10-28 23:42 . 2009-10-28 23:42 -------- d-----w- c:\documents and settings\All Users\Application Data\HipSoft
2009-10-28 23:41 . 2009-11-01 18:05 -------- d-----w- c:\program files\Google
2009-10-28 08:42 . 2009-10-28 08:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Princess Isabella
2009-10-28 08:40 . 2009-11-08 02:16 -------- d-----w- C:\GameHouse Games
2009-10-28 08:39 . 2009-11-08 02:16 -------- d-----w- c:\program files\RealArcade
2009-10-28 07:00 . 2009-10-28 07:00 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-10-27 16:27 . 2009-10-27 16:27 -------- d-----w- c:\program files\Common Files\HP
2009-10-27 16:25 . 2009-10-27 16:25 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-10-27 16:25 . 2004-12-14 16:07 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2009-10-27 16:25 . 2004-12-14 16:07 51120 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2009-10-27 16:24 . 2004-12-14 16:07 21744 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2009-10-27 16:24 . 2004-09-29 16:15 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2009-10-27 16:24 . 2004-09-29 16:14 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2009-10-27 16:24 . 2004-09-29 16:12 278584 ----a-w- c:\windows\system32\HPZidr12.dll
2009-10-27 16:24 . 2004-09-29 16:09 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2009-10-27 16:24 . 2004-09-29 16:09 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2009-10-27 16:24 . 2004-09-29 16:08 61440 ----a-w- c:\windows\system32\HPZinw12.exe
2009-10-27 16:24 . 1998-10-29 20:45 306688 ----a-w- c:\windows\IsUninst.exe
2009-10-26 22:09 . 2009-10-26 22:09 -------- d-----w- c:\program files\Digiarty
2009-10-26 21:04 . 2009-11-12 02:02 -------- d-----w- c:\documents and settings\Sara & Yashe\Application Data\IObit
2009-10-26 21:04 . 2009-10-26 21:29 -------- d-----w- c:\program files\IObit
2009-10-25 01:18 . 2005-05-26 19:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2009-10-25 01:18 . 2009-10-25 01:18 -------- d-----w- c:\temp\MTGOInstall
2009-10-25 01:18 . 2009-10-25 01:18 -------- d-----w- C:\Temp
2009-10-25 01:11 . 2009-10-25 01:57 -------- d-----w- c:\documents and settings\Sara & Yashe\Application Data\Wizards of the Coast
2009-10-25 01:10 . 2009-10-25 01:10 -------- d-----w- c:\program files\Wizards of the Coast
2009-10-25 00:58 . 2009-10-25 00:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2009-10-25 00:51 . 2009-10-25 00:52 -------- d-----w- c:\documents and settings\Sara & Yashe\Application Data\MagicBall4
2009-10-25 00:50 . 2009-10-25 00:50 -------- d-----w- c:\program files\ReflexiveArcade
2009-10-19 01:20 . 2009-10-19 01:20 -------- d-----w- c:\windows\system32\XPSViewer
2009-10-19 01:20 . 2009-10-19 01:20 -------- d-----w- c:\program files\MSBuild
2009-10-19 01:20 . 2009-10-19 01:20 -------- d-----w- c:\program files\Reference Assemblies
2009-10-19 01:19 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-19 01:19 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-10-19 01:19 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-19 01:19 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-10-19 01:19 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-10-19 01:19 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-10-19 01:19 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-10-19 01:19 . 2009-10-19 01:19 -------- d-----w- C:\a77d5422197f8a293a93ceaf97fafe2f
2009-10-19 01:14 . 2006-10-20 04:10 501912 ----a-w- c:\windows\system32\PICSDK2.dll
2009-10-19 01:14 . 2006-10-20 04:10 108704 ----a-w- c:\windows\system32\PICEntry.dll
2009-10-19 01:14 . 2004-03-03 10:10 31053 ----a-w- c:\windows\system32\EPPICPattern131.dat
2009-10-19 01:14 . 2004-03-03 10:10 27417 ----a-w- c:\windows\system32\EPPICPattern121.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-07 09:53 . 2009-07-31 12:47 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-11-07 09:53 . 2009-07-31 12:47 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-11-07 06:55 . 2009-11-02 02:49 -------- d-----w- c:\documents and settings\Nani\Application Data\PC Tools
2009-10-19 00:33 . 2009-10-19 00:33 -------- d-----w- c:\program files\ArcSoft
2009-10-18 15:15 . 2009-10-18 02:51 87747 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-18 02:53 . 2009-10-18 02:53 -------- d-----w- c:\program files\microsoft frontpage
2009-10-18 02:49 . 2009-10-18 02:49 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-18 02:48 . 2009-10-18 02:48 -------- d-----w- c:\program files\Windows Plus
2009-09-25 05:48 . 2009-09-25 05:48 81920 ------w- c:\windows\system32\ieencode.dll
2009-09-11 14:18 . 2004-08-10 11:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-10 11:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2006-03-04 03:33 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-10 11:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-14 13:21 . 2004-08-10 11:00 1850624 ----a-w- c:\windows\system32\win32k.sys
2001-03-30 17:04 . 2001-03-30 17:04 32768 --sha-r- c:\windows\system32\pcrelayin.dll
2001-03-30 17:04 . 2001-03-30 17:04 372736 --sha-r- c:\windows\system32\ptleucos.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{31c7d459-9cc3-44f2-9dca-fc11795309b4}"= "c:\program files\IObitCom\tbIObi.dll" [2009-10-01 2166296]

[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]
2009-10-01 22:29 2166296 ----a-w- c:\program files\IObitCom\tbIObi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-02-09 20:06 764296 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296]
"{31c7d459-9cc3-44f2-9dca-fc11795309b4}"= "c:\program files\IObitCom\tbIObi.dll" [2009-10-01 2166296]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296]
"{31C7D459-9CC3-44F2-9DCA-FC11795309B4}"= "c:\program files\IObitCom\tbIObi.dll" [2009-10-01 2166296]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064]
"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 50688]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-07 198160]
"PCTAVApp"="c:\program files\PC Tools AntiVirus\PCTAV.exe" [2009-04-16 1505168]
"SDActiveMonitor"="c:\program files\Max Spyware Detector\MaxSDTray.exe" [2009-10-10 800688]
"P17Helper"="P17.dll" - c:\windows\system32\P17.dll [2004-06-10 60928]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{462DB222-F475-4480-B981-6546C5E019DA}"= "c:\windows\system32\ptleucos.dll" [2001-03-30 372736]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL]
2005-12-23 00:08 450646 ----a-w- c:\windows\system32\PRISMAPI.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=winaux.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCTAVSvc]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Vantage Technologies\\CorrectEnglish\\CorrectEnglish.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/7/2009 11:40 PM 206256]
R2 MaxWatchDogService;MaxWatchDogService;c:\program files\Max Spyware Detector\MaxWatchDogService.exe [11/7/2009 11:40 PM 426928]
R2 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [10/18/2009 2:57 PM 61526]
R3 SDActMon;SDActMon;c:\program files\Max Spyware Detector\SDActMon.sys [11/7/2009 11:40 PM 30128]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 gupdate1ca5829d41396fc;Google Update Service (gupdate1ca5829d41396fc);c:\program files\Google\Update\GoogleUpdate.exe [10/28/2009 6:53 PM 133104]
S3 getPlusHelper;getPlus® Helper;c:\windows\System32\svchost.exe -k getPlusHelper [8/10/2004 6:00 AM 14336]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
*Deregistered* - mchInjDrv
*Deregistered* - PROCEXP113

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2009-11-12 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-10-26 20:35]

2009-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-28 23:53]

2009-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-28 23:53]

2009-11-12 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-02-09 20:06]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
.
- - - - ORPHANS REMOVED - - - -

Notify-SDNotify - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-12 05:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3944)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\ptleucos.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\pcrelayin.dll
.
Completion time: 2009-11-12 5:16
ComboFix-quarantined-files.txt 2009-11-12 10:16
ComboFix2.txt 2009-11-08 04:35

Pre-Run: 65,236,541,440 bytes free
Post-Run: 65,267,036,160 bytes free

- - End Of File - - EE2E193ADCE6BA2132BAD5CF7C13F831
Go to the top of the page
 
+Quote Post
Raktor
post Nov 12 2009, 04:27 AM
Post #8


SuperMember
Group Icon

Group: Malware Team
Posts: 1,413
Joined: 29-October 08
From: Melbourne, Australia
Member No.: 82,162
Operating System: Windows 7 Professional 64bit, Windows XP Pro SP3, Mac OS X 10.5, Debian 5.0
Please go to Add/Remove programs, and remove any programs made by IOBit. Then..

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
http://forums.whatthetech.com/Computer_takeover_t108163.html
Collect::
c:\windows\system32\ptleucos.dll

Registry::
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{462DB222-F475-4480-B981-6546C5E019DA}"= -


Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Go to the top of the page
 
+Quote Post
mesa215
post Nov 13 2009, 02:13 AM
Post #9


Authentic Member
**

Group: Authentic Member
Posts: 35
Joined: 1-January 09
From: Lewes, DE.
Member No.: 83,345
Operating System: Windows XP Home Basic
I deleted Iobit programs and disabled virus and spyware programs. I saved the text above and ran ComboFix. ComboFix deleted some files and then uploaded something for further anylsis. Here is the log:

ComboFix 09-11-13.04 - Sara & Yashe 11/13/2009 2:54.3.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1618 [GMT -5:00]
Running from: c:\documents and settings\Sara & Yashe\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Sara & Yashe\Desktop\CFScript.txt
AV: PC Tools AntiVirus 6.1.0.25 *On-access scanning disabled* (Updated) {832E7172-E406-4bb2-8B19-6D29F2C93A98}

file zipped: c:\windows\system32\ptleucos.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ptleucos.dll

.
((((((((((((((((((((((((( Files Created from 2009-10-13 to 2009-11-13 )))))))))))))))))))))))))))))))
.

2009-11-12 18:33 . 2009-11-12 18:33 -------- d-----w- c:\documents and settings\Nani\Local Settings\Application Data\Conduit
2009-11-12 18:33 . 2009-11-12 18:33 -------- d-----w- c:\documents and settings\Nani\Local Settings\Application Data\IObitCom
2009-11-12 02:03 . 2009-11-12 02:03 -------- d-----w- c:\program files\Conduit
2009-11-12 02:03 . 2009-11-12 02:03 -------- d-----w- c:\documents and settings\Sara & Yashe\Local Settings\Application Data\Conduit
2009-11-12 02:02 . 2009-11-04 21:49 635664 ----a-w- c:\documents and settings\Sara & Yashe\Application Data\IObit\Common\TB_Helper.exe
2009-11-12 01:51 . 2004-08-10 11:00 57398 -c--a-w- c:\windows\system32\dllcache\imjpdadm.exe
2009-11-12 01:51 . 2004-08-10 11:00 45109 -c--a-w- c:\windows\system32\dllcache\imjpuex.exe
2009-11-12 01:51 . 2004-08-10 11:00 6656 -c--a-w- c:\windows\system32\dllcache\c_is2022.dll
2009-11-12 01:51 . 2004-08-10 11:00 6656 ----a-w- c:\windows\system32\c_is2022.dll
2009-11-12 01:49 . 2001-08-18 03:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2009-11-12 01:49 . 2001-08-18 03:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2009-11-12 01:49 . 2001-08-18 03:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2009-11-12 01:49 . 2001-08-18 03:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2009-11-12 01:49 . 2001-08-17 19:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2009-11-12 01:49 . 2001-08-17 19:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2009-11-12 01:49 . 2001-08-17 19:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2009-11-12 01:49 . 2001-08-17 19:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2009-11-12 01:49 . 2001-08-17 19:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2009-11-12 01:49 . 2001-08-17 19:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2009-11-12 01:49 . 2008-04-14 01:09 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2009-11-12 01:49 . 2008-04-14 01:09 6144 ----a-w- c:\windows\system32\kbd106.dll
2009-11-11 22:13 . 2009-11-11 22:13 -------- d-----w- c:\documents and settings\Nani\Local Settings\Application Data\Temp
2009-11-09 03:55 . 2009-11-09 03:55 0 ----a-w- c:\documents and settings\Sara & Yashe\settings.dat
2009-11-08 23:06 . 2009-11-08 23:06 -------- d-----w- c:\program files\MSXML 4.0
2009-11-08 04:41 . 2009-11-08 04:41 -------- d-----w- c:\documents and settings\Sara & Yashe\Application Data\PC Tools
2009-11-08 04:40 . 2009-11-12 19:26 -------- d-----w- c:\program files\Max Spyware Detector
2009-11-08 04:40 . 2009-08-24 19:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-08 04:40 . 2009-08-19 16:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-11-08 04:40 . 2009-11-08 04:40 -------- d-----w- c:\program files\Common Files\PC Tools
2009-11-08 04:40 . 2009-02-10 15:13 21904 ----a-w- c:\windows\system32\drivers\AVRec.sys
2009-11-08 04:40 . 2009-02-10 15:13 28560 ----a-w- c:\windows\system32\drivers\AVHook.sys
2009-11-08 04:40 . 2009-02-10 15:13 21904 ----a-w- c:\windows\system32\drivers\AVFilter.sys
2009-11-08 04:40 . 2009-11-13 07:38 -------- d-----w- c:\program files\PC Tools AntiVirus
2009-11-08 04:12 . 2009-11-08 04:12 -------- d-----w- c:\documents and settings\Sara & Yashe\Application Data\Malwarebytes
2009-11-08 04:12 . 2009-11-08 04:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-08 03:47 . 2009-11-08 03:47 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-11-08 03:46 . 2009-11-08 03:46 -------- d-----w- c:\program files\Common Files\iS3
2009-11-08 03:44 . 2009-11-08 03:44 -------- d-----w- c:\program files\Trend Micro
2009-11-08 03:30 . 2009-11-08 03:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-08 03:30 . 2009-11-08 03:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-08 02:28 . 2009-11-08 02:30 -------- d-----w- c:\documents and settings\Sara & Yashe\Local Settings\Application Data\AskToolbar
2009-11-08 02:24 . 2009-11-08 02:24 -------- d-----w- c:\program files\Ask.com
2009-11-08 02:23 . 2009-11-08 02:23 -------- d-----w- c:\program files\MSSOAP
2009-11-08 02:23 . 2009-11-08 04:01 -------- d-----w- c:\documents and settings\Sara & Yashe\Application Data\Webroot
2009-11-08 02:19 . 2009-11-08 02:19 164 ----a-w- c:\windows\install.dat
2009-11-08 00:04 . 2009-11-08 00:04 -------- d-----w- c:\program files\NOS
2009-11-07 09:53 . 2009-11-07 09:53 -------- d-----w- c:\program files\Common Files\xing shared
2009-11-07 09:53 . 2009-11-07 09:53 -------- d-----w- c:\program files\Common Files\Real
2009-11-07 09:53 . 2009-11-07 09:53 -------- d-----w- c:\program files\Real
2009-11-07 08:20 . 2009-11-07 08:20 -------- d-----w- c:\documents and settings\LocalService\Application Data\PCToolsFirewallPlus
2009-11-07 08:20 . 2009-11-07 08:20 -------- d-----w- c:\documents and settings\LocalService\Application Data\Spam Monitor
2009-11-07 07:49 . 2009-11-07 07:49 -------- d-----w- c:\documents and settings\Sara & Yashe\Application Data\Spam Monitor
2009-11-07 07:48 . 2009-11-07 07:48 -------- d-----w- c:\documents and settings\Sara & Yashe\Local Settings\Application Data\Threat Expert
2009-11-07 07:43 . 2009-11-08 04:41 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-11-07 00:18 . 2009-11-08 04:02 0 ----a-r- c:\windows\win32k.sys
2009-11-06 23:33 . 2009-11-06 23:33 64744 ----a-w- c:\documents and settings\Nani\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-06 23:21 . 2009-11-06 23:21 -------- d-----w- c:\documents and settings\Nani\Local Settings\Application Data\Adobe
2009-11-06 15:23 . 2009-11-06 15:23 -------- d-----w- c:\documents and settings\Nani\Application Data\acccore
2009-11-06 15:23 . 2009-11-06 15:23 -------- d-----w- c:\documents and settings\Nani\Application Data\AIMPro
2009-11-05 21:28 . 2009-11-05 21:28 -------- d-----w- c:\documents and settings\Sara & Yashe\Local Settings\Application Data\Identities
2009-11-05 02:54 . 2009-11-05 02:54 -------- d-----w- c:\documents and settings\Sara & Yashe\Application Data\acccore
2009-11-05 02:54 . 2009-11-05 02:54 -------- d-----w- c:\documents and settings\Sara & Yashe\Application Data\AIMPro
2009-11-05 02:40 . 2009-11-05 02:40 -------- d-----w- c:\program files\Common Files\Nullsoft
2009-11-05 02:39 . 2009-11-05 02:39 -------- d-----w- c:\program files\AIM
2009-11-05 02:39 . 2009-11-05 02:39 -------- d-----w- c:\documents and settings\Sara & Yashe\Application Data\AIM
2009-11-04 02:47 . 2009-11-05 15:19 152576 ----a-w- c:\documents and settings\Sara & Yashe\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-02 20:39 . 2009-11-02 20:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Vantage
2009-11-02 20:39 . 2009-11-02 20:39 -------- d-----w- c:\documents and settings\Sara & Yashe\Application Data\Vantage
2009-11-02 20:39 . 2009-11-02 20:39 -------- d-----w- c:\program files\Vantage Technologies
2009-11-02 02:56 . 2009-11-08 16:18 -------- d-----w- c:\documents and settings\Nani\Application Data\vlc
2009-11-02 02:52 . 2009-11-02 02:52 -------- d-sh--w- c:\documents and settings\Nani\PrivacIE
2009-10-31 16:52 . 2009-10-31 16:52 -------- d-----w- c:\documents and settings\Sara & Yashe\Application Data\Alawar
2009-10-31 05:11 . 2009-10-31 05:12 -------- d-----w- c:\documents and settings\Sara & Yashe\Application Data\GTM_Bodie
2009-10-29 00:08 . 2009-11-01 03:08 -------- d-----w- c:\documents and settings\Sara & Yashe\Local Settings\Application Data\Temp
2009-10-29 00:08 . 2009-10-29 00:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-10-28 23:54 . 2009-10-28 23:54 -------- d-----w- c:\program files\Zylom Games
2009-10-28 23:54 . 2009-10-28 23:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Zylom
2009-10-28 23:54 . 2009-07-02 15:19 102400 ----a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
2009-10-28 23:54 . 2004-12-20 16:17 147456 ----a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylomgamesplayer.dll
2009-10-28 23:53 . 2009-10-28 23:53 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-10-28 23:53 . 2009-11-01 18:05 -------- d-----w- c:\documents and settings\Sara & Yashe\Local Settings\Application Data\Google
2009-10-28 23:42 . 2009-10-28 23:42 -------- d-----w- c:\documents and settings\All Users\Application Data\HipSoft
2009-10-28 23:41 . 2009-11-01 18:05 -------- d-----w- c:\program files\Google
2009-10-28 08:42 . 2009-10-28 08:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Princess Isabella
2009-10-28 08:40 . 2009-11-08 02:16 -------- d-----w- C:\GameHouse Games
2009-10-28 08:39 . 2009-11-08 02:16 -------- d-----w- c:\program files\RealArcade
2009-10-28 07:00 . 2009-10-28 07:00 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-10-27 16:27 . 2009-10-27 16:27 -------- d-----w- c:\program files\Common Files\HP
2009-10-27 16:25 . 2009-10-27 16:25 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-10-27 16:25 . 2004-12-14 16:07 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2009-10-27 16:25 . 2004-12-14 16:07 51120 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2009-10-27 16:24 . 2004-12-14 16:07 21744 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2009-10-27 16:24 . 2004-09-29 16:15 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2009-10-27 16:24 . 2004-09-29 16:14 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2009-10-27 16:24 . 2004-09-29 16:12 278584 ----a-w- c:\windows\system32\HPZidr12.dll
2009-10-27 16:24 . 2004-09-29 16:09 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2009-10-27 16:24 . 2004-09-29 16:09 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2009-10-27 16:24 . 2004-09-29 16:08 61440 ----a-w- c:\windows\system32\HPZinw12.exe
2009-10-27 16:24 . 1998-10-29 20:45 306688 ----a-w- c:\windows\IsUninst.exe
2009-10-26 22:09 . 2009-10-26 22:09 -------- d-----w- c:\program files\Digiarty
2009-10-26 21:04 . 2009-11-12 02:02 -------- d-----w- c:\documents and settings\Sara & Yashe\Application Data\IObit
2009-10-26 21:04 . 2009-10-26 21:29 -------- d-----w- c:\program files\IObit
2009-10-25 01:18 . 2005-05-26 19:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2009-10-25 01:18 . 2009-10-25 01:18 -------- d-----w- c:\temp\MTGOInstall
2009-10-25 01:18 . 2009-10-25 01:18 -------- d-----w- C:\Temp
2009-10-25 01:11 . 2009-10-25 01:57 -------- d-----w- c:\documents and settings\Sara & Yashe\Application Data\Wizards of the Coast
2009-10-25 01:10 . 2009-10-25 01:10 -------- d-----w- c:\program files\Wizards of the Coast
2009-10-25 00:58 . 2009-10-25 00:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2009-10-25 00:51 . 2009-10-25 00:52 -------- d-----w- c:\documents and settings\Sara & Yashe\Application Data\MagicBall4
2009-10-25 00:50 . 2009-10-25 00:50 -------- d-----w- c:\program files\ReflexiveArcade
2009-10-19 01:20 . 2009-10-19 01:20 -------- d-----w- c:\windows\system32\XPSViewer
2009-10-19 01:20 . 2009-10-19 01:20 -------- d-----w- c:\program files\MSBuild
2009-10-19 01:20 . 2009-10-19 01:20 -------- d-----w- c:\program files\Reference Assemblies
2009-10-19 01:19 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-19 01:19 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-10-19 01:19 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-19 01:19 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-10-19 01:19 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-10-19 01:19 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-10-19 01:19 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-10-19 01:19 . 2009-10-19 01:19 -------- d-----w- C:\a77d5422197f8a293a93ceaf97fafe2f
2009-10-19 01:14 . 2006-10-20 04:10 501912 ----a-w- c:\windows\system32\PICSDK2.dll
2009-10-19 01:14 . 2006-10-20 04:10 108704 ----a-w- c:\windows\system32\PICEntry.dll
2009-10-19 01:14 . 2004-03-03 10:10 31053 ----a-w- c:\windows\system32\EPPICPattern131.dat
2009-10-19 01:14 . 2004-03-03 10:10 27417 ----a-w- c:\windows\system32\EPPICPattern121.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-07 09:53 . 2009-07-31 12:47 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-11-07 09:53 . 2009-07-31 12:47 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-11-07 06:55 . 2009-11-02 02:49 -------- d-----w- c:\documents and settings\Nani\Application Data\PC Tools
2009-10-19 00:33 . 2009-10-19 00:33 -------- d-----w- c:\program files\ArcSoft
2009-10-18 15:15 . 2009-10-18 02:51 87747 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-18 02:53 . 2009-10-18 02:53 -------- d-----w- c:\program files\microsoft frontpage
2009-10-18 02:49 . 2009-10-18 02:49 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-18 02:48 . 2009-10-18 02:48 -------- d-----w- c:\program files\Windows Plus
2009-09-25 05:48 . 2009-09-25 05:48 81920 ------w- c:\windows\system32\ieencode.dll
2009-09-11 14:18 . 2004-08-10 11:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-10 11:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2006-03-04 03:33 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-10 11:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2001-03-30 17:04 . 2001-03-30 17:04 32768 --sha-r- c:\windows\system32\pcrelayin.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-02-09 20:06 764296 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064]
"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 50688]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-07 198160]
"PCTAVApp"="c:\program files\PC Tools AntiVirus\PCTAV.exe" [2009-04-16 1505168]
"SDActiveMonitor"="c:\program files\Max Spyware Detector\MaxSDTray.exe" [2009-10-10 800688]
"P17Helper"="P17.dll" - c:\windows\system32\P17.dll [2004-06-10 60928]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL]
2005-12-23 00:08 450646 ----a-w- c:\windows\system32\PRISMAPI.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=winaux.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCTAVSvc]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Vantage Technologies\\CorrectEnglish\\CorrectEnglish.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/7/2009 11:40 PM 206256]
R2 MaxWatchDogService;MaxWatchDogService;c:\program files\Max Spyware Detector\MaxWatchDogService.exe [11/7/2009 11:40 PM 426928]
R2 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [10/18/2009 2:57 PM 61526]
R3 SDActMon;SDActMon;c:\program files\Max Spyware Detector\SDActMon.sys [11/7/2009 11:40 PM 30128]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 gupdate1ca5829d41396fc;Google Update Service (gupdate1ca5829d41396fc);c:\program files\Google\Update\GoogleUpdate.exe [10/28/2009 6:53 PM 133104]
S3 getPlusHelper;getPlus® Helper;c:\windows\System32\svchost.exe -k getPlusHelper [8/10/2004 6:00 AM 14336]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
*Deregistered* - mchInjDrv
*Deregistered* - PROCEXP113

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2009-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-28 23:53]

2009-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-28 23:53]

2009-11-13 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-02-09 20:06]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-13 03:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-11-13 03:06
ComboFix-quarantined-files.txt 2009-11-13 08:06
ComboFix2.txt 2009-11-12 10:16
ComboFix3.txt 2009-11-08 04:35

Pre-Run: 65,053,515,776 bytes free
Post-Run: 65,239,519,232 bytes free

- - End Of File - - 9A8555144C3B5142D87860D847A43A9A
Upload was successful
Go to the top of the page
 
+Quote Post
Raktor
post Nov 13 2009, 06:49 AM
Post #10


SuperMember
Group Icon

Group: Malware Team
Posts: 1,413
Joined: 29-October 08
From: Melbourne, Australia
Member No.: 82,162
Operating System: Windows 7 Professional 64bit, Windows XP Pro SP3, Mac OS X 10.5, Debian 5.0
1) MBAM
Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.


2) ESET
You can use either Internet Explorer or Mozilla FireFox for this scan.

  • Please go here then click on:
    QUOTE
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on:
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:

    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on:
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on:
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


3) What You Will Need To Post:
  • MBAM log
  • ESET log
  • How your PC is performing now
Go to the top of the page
 
+Quote Post
mesa215
post Nov 14 2009, 12:11 AM
Post #11


Authentic Member
**

Group: Authentic Member
Posts: 35
Joined: 1-January 09
From: Lewes, DE.
Member No.: 83,345
Operating System: Windows XP Home Basic
I installed and ran MBAM. I allowed it to update. I ran the scan and removed all. I then rebooted the computer as asked. Here is the log:

Malwarebytes' Anti-Malware 1.41
Database version: 3168
Windows 5.1.2600 Service Pack 3

11/14/2009 12:07:49 AM
mbam-log-2009-11-14 (00-07-49).txt

Scan type: Quick Scan
Objects scanned: 118462
Time elapsed: 11 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\win32k.sys (Trojan.Dropper) -> Quarantined and deleted successfully.
__________________________________________________________________________

I then installed ESET and set it to scan archives. I did not remove anything. I checked the potentially unwanted applications, unsafe applications, and enabled AntiStealth Tech. Here is the log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=bfa243a1861f3c419c46b91d8650fac9
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-11-14 06:48:58
# local_time=2009-11-14 01:48:58 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=2561 16777189 100 85 0 19170405 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=54246
# found=5
# cleaned=0
# scan_time=2250
C:\Program Files\Max Spyware Detector\LiveUpdate.exe a variant of Win32/MaxPCsecure application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\msa.exe.vir a variant of Win32/Kryptik.AXQ trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\eventlog.dll.vir Win32/Sirefef.A trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{ED174C6A-51AE-4E79-B174-D92052E90A13}\RP79\A0021672.exe a variant of Win32/Kryptik.AXQ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{ED174C6A-51AE-4E79-B174-D92052E90A13}\RP79\A0021673.dll Win32/Sirefef.A trojan 00000000000000000000000000000000 I
_______________________________________________________________

I have just finished doing the scans. I am unsure how the computer is running overall. I do know that it took a long time for my "my computer" folder to open so I could retrieve the ESET log file.

This post has been edited by mesa215: Nov 14 2009, 01:43 AM
Go to the top of the page
 
+Quote Post
Raktor
post Nov 14 2009, 02:20 AM
Post #12


SuperMember
Group Icon

Group: Malware Team
Posts: 1,413
Joined: 29-October 08
From: Melbourne, Australia
Member No.: 82,162
Operating System: Windows 7 Professional 64bit, Windows XP Pro SP3, Mac OS X 10.5, Debian 5.0
Please delete the folder C:\Program Files\Max Spyware Detector.

For a bit of a speed up....

1) TFC
Please download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should reboot your machine, if not, manually reboot to ensure a complete clean


2) chkdsk
  • Close any open windows.
  • Go to the Start Menu, Run, type in cmd.exe and press enter
  • In the command window that appears, type chkdsk /r, and press enter
  • Agree to any prompts - then reboot the computer.
  • chkdsk should run as you boot the machine up - this will check the harddrive for damaged sectors and attempt to repair them.


3) Defrag
  • Close any open windows.
  • Go to the Start Menu, Progams, Accessories, System Tools, Defrag
  • Defrag all drives in the Disk Defragmenter


Reboot, then let me know the performance. smile.gif
Go to the top of the page
 
+Quote Post
mesa215
post Nov 14 2009, 03:12 PM
Post #13


Authentic Member
**

Group: Authentic Member
Posts: 35
Joined: 1-January 09
From: Lewes, DE.
Member No.: 83,345
Operating System: Windows XP Home Basic
I ran TFC, checkdisk, and defragged the computer. The start up is still a little slow. The music still pops up on its own though. Is there anything else?
Go to the top of the page
 
+Quote Post
Raktor
post Nov 14 2009, 07:18 PM
Post #14


SuperMember
Group Icon

Group: Malware Team
Posts: 1,413
Joined: 29-October 08
From: Melbourne, Australia
Member No.: 82,162
Operating System: Windows 7 Professional 64bit, Windows XP Pro SP3, Mac OS X 10.5, Debian 5.0
Run a new DDS scan for me, so I can see what's running on startup and currently; we'll see if there's anything we can get rid of.
Go to the top of the page
 
+Quote Post
mesa215
post Nov 16 2009, 07:35 AM
Post #15


Authentic Member
**

Group: Authentic Member
Posts: 35
Joined: 1-January 09
From: Lewes, DE.
Member No.: 83,345
Operating System: Windows XP Home Basic

I ran the DDS and here is the log:

DDS (Ver_09-10-26.01) - NTFSx86
Run by Sara & Yashe at 8:31:05.22 on Mon 11/16/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1454 [GMT -5:00]

AV: PC Tools AntiVirus 6.1.0.25 *On-access scanning enabled* (Updated) {832E7172-E406-4bb2-8B19-6D29F2C93A98}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Max Spyware Detector\MaxWatchDogService.exe
C:\Program Files\Max Spyware Detector\MaxActMon.exe
C:\Program Files\Digiarty\WinX DVD Author 5.5\NMSAccessU.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PRISMSVC.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\PC Tools AntiVirus\PCTAV.exe
C:\Program Files\Max Spyware Detector\MaxSDTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Sara & Yashe\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [CTSysVol] "c:\program files\creative\sound blaster live! 24-bit\surround mixer\CTSysVol.exe" /r
mRun: [P17Helper] "Rundll32" P17.dll,P17Helper
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [SoundMAXPnP] "c:\program files\analog devices\core\smax4pnp.exe"
mRun: [Microsoft Works Update Detection] "c:\program files\common files\microsoft shared\works shared\WkUFind.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [PCTAVApp] "c:\program files\pc tools antivirus\PCTAV.exe" /MONITORSCAN
mRun: [SDActiveMonitor] c:\program files\max spyware detector\MaxSDTray.exe "-AUTO"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1255881411109
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: PRISMAPI.DLL - PRISMAPI.DLL

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-11-7 206256]
R2 MaxWatchDogService;MaxWatchDogService;c:\program files\max spyware detector\MaxWatchDogService.exe [2009-11-7 426928]
R2 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [2009-10-18 61526]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R3 SDActMon;SDActMon;c:\program files\max spyware detector\SDActMon.sys [2009-11-7 30128]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 gupdate1ca5829d41396fc;Google Update Service (gupdate1ca5829d41396fc);c:\program files\google\update\GoogleUpdate.exe [2009-10-28 133104]
S3 getPlusHelper;getPlus® Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2004-8-10 14336]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

=============== Created Last 30 ================

2009-11-14 05:17:45 0 d-----w- c:\program files\ESET
2009-11-14 04:48:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-14 04:48:35 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-14 04:48:35 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-13 07:52:38 0 d-----w- C:\ComboFix
2009-11-12 09:59:58 98816 ----a-w- c:\windows\sed.exe
2009-11-12 01:49:09 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2009-11-12 01:49:09 8192 ----a-w- c:\windows\system32\kbdkor.dll
2009-11-12 01:49:08 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2009-11-12 01:49:08 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2009-11-12 01:49:08 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2009-11-12 01:49:08 6144 ----a-w- c:\windows\system32\kbd101c.dll
2009-11-12 01:49:08 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2009-11-12 01:49:08 5632 ----a-w- c:\windows\system32\kbd103.dll
2009-11-12 01:49:04 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2009-11-12 01:49:04 6144 ----a-w- c:\windows\system32\kbd101b.dll
2009-11-12 01:49:03 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2009-11-12 01:49:03 6144 ----a-w- c:\windows\system32\kbd106.dll
2009-11-09 03:55:59 0 ----a-w- c:\documents and settings\sara & yashe\settings.dat
2009-11-08 23:06:34 0 d-----w- c:\program files\MSXML 4.0
2009-11-08 04:41:54 0 d-----w- c:\docume~1\sara&y~1\applic~1\PC Tools
2009-11-08 04:40:50 0 d-----w- c:\program files\Max Spyware Detector
2009-11-08 04:40:28 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-11-08 04:40:28 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-11-08 04:40:28 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-08 04:40:17 0 d-----w- c:\program files\common files\PC Tools
2009-11-08 04:40:16 28560 ----a-w- c:\windows\system32\drivers\AVHook.sys
2009-11-08 04:40:16 21904 ----a-w- c:\windows\system32\drivers\AVRec.sys
2009-11-08 04:40:16 21904 ----a-w- c:\windows\system32\drivers\AVFilter.sys
2009-11-08 04:40:00 0 d-----w- c:\program files\PC Tools AntiVirus
2009-11-08 04:26:32 0 d-sha-r- C:\cmdcons
2009-11-08 04:25:49 77312 ----a-w- c:\windows\MBR.exe
2009-11-08 04:25:49 260608 ----a-w- c:\windows\PEV.exe
2009-11-08 04:25:49 161792 ----a-w- c:\windows\SWREG.exe
2009-11-08 04:12:35 0 d-----w- c:\docume~1\sara&y~1\applic~1\Malwarebytes
2009-11-08 04:12:30 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-08 03:47:05 0 d-----w- c:\docume~1\alluse~1\applic~1\SITEguard
2009-11-08 03:46:11 0 d-----w- c:\program files\common files\iS3
2009-11-08 03:44:45 0 d-----w- c:\program files\Trend Micro
2009-11-08 03:30:17 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-08 03:30:17 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-11-08 02:24:01 0 d-----w- c:\program files\Ask.com
2009-11-08 02:23:40 0 d-----w- c:\program files\MSSOAP
2009-11-08 02:23:22 0 d-----w- c:\docume~1\sara&y~1\applic~1\Webroot
2009-11-08 02:19:21 164 ----a-w- c:\windows\install.dat
2009-11-07 09:53:33 0 d-----w- c:\program files\common files\xing shared
2009-11-07 09:53:13 0 d-----w- c:\program files\common files\Real
2009-11-07 07:49:10 0 d-----w- c:\docume~1\sara&y~1\applic~1\Spam Monitor
2009-11-07 07:43:43 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2009-11-05 02:54:20 0 d-----w- c:\docume~1\sara&y~1\applic~1\AIMPro
2009-11-05 02:40:05 0 d-----w- c:\program files\common files\Nullsoft
2009-11-05 02:39:56 0 d-----w- c:\program files\AIM
2009-11-02 20:39:43 0 d-----w- c:\docume~1\alluse~1\applic~1\Vantage
2009-11-02 20:39:33 0 d-----w- c:\docume~1\sara&y~1\applic~1\Vantage
2009-11-02 20:39:29 0 d-----w- c:\program files\Vantage Technologies
2009-10-31 16:52:32 0 d-----w- c:\docume~1\sara&y~1\applic~1\Alawar
2009-10-31 05:11:34 0 d-----w- c:\docume~1\sara&y~1\applic~1\GTM_Bodie
2009-10-28 23:54:00 0 d-----w- c:\program files\Zylom Games
2009-10-28 23:54:00 0 d-----w- c:\docume~1\alluse~1\applic~1\Zylom
2009-10-28 23:42:38 0 d-----w- c:\docume~1\alluse~1\applic~1\HipSoft
2009-10-28 09:44:22 0 d-----w- c:\windows\system32\appmgmt
2009-10-28 08:42:53 0 d-----w- c:\docume~1\alluse~1\applic~1\Princess Isabella
2009-10-28 08:40:05 0 d-----w- C:\GameHouse Games
2009-10-28 08:39:14 0 d-----w- c:\program files\RealArcade
2009-10-28 07:00:22 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-10-27 16:27:46 0 d-----w- c:\program files\common files\HP
2009-10-27 16:25:51 0 d-----w- c:\program files\common files\Hewlett-Packard
2009-10-27 16:25:16 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2009-10-27 16:25:11 51120 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2009-10-27 16:24:46 21744 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2009-10-27 16:24:04 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2009-10-27 16:24:04 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2009-10-27 16:24:04 61440 ----a-w- c:\windows\system32\HPZinw12.exe
2009-10-27 16:24:04 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2009-10-27 16:24:04 278584 ----a-w- c:\windows\system32\HPZidr12.dll
2009-10-27 16:24:04 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2009-10-27 16:24:02 306688 ----a-w- c:\windows\IsUninst.exe
2009-10-26 22:09:12 0 d-----w- c:\program files\Digiarty
2009-10-26 21:04:36 0 d-----w- c:\docume~1\sara&y~1\applic~1\IObit
2009-10-26 21:04:35 0 d-----w- c:\program files\IObit
2009-10-25 01:18:57 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2009-10-25 01:18:18 0 d-----w- c:\temp\MTGOInstall
2009-10-25 01:18:18 0 d-----w- C:\Temp
2009-10-25 01:11:06 0 d-----w- c:\docume~1\sara&y~1\applic~1\Wizards of the Coast
2009-10-25 01:10:53 0 d-----w- c:\program files\Wizards of the Coast
2009-10-25 00:58:22 0 d-----w- c:\docume~1\alluse~1\applic~1\Trymedia
2009-10-25 00:51:22 0 d-----w- c:\docume~1\sara&y~1\applic~1\MagicBall4
2009-10-25 00:50:15 0 d-----w- c:\program files\ReflexiveArcade
2009-10-19 05:44:44 1089593 -c----w- c:\windows\system32\dllcache\ntprint.cat
2009-10-19 01:20:15 0 d-----w- c:\windows\system32\XPSViewer
2009-10-19 01:19:36 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-19 01:19:36 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-19 01:19:36 117760 ------w- c:\windows\system32\prntvpt.dll
2009-10-19 01:19:35 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-10-19 01:19:35 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-10-19 01:19:35 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-10-19 01:19:35 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-10-19 01:19:34 0 d-----w- C:\a77d5422197f8a293a93ceaf97fafe2f
2009-10-19 01:14:15 501912 ----a-w- c:\windows\system32\PICSDK2.dll
2009-10-19 01:14:15 31053 ----a-w- c:\windows\system32\EPPICPattern131.dat
2009-10-19 01:14:15 27417 ----a-w- c:\windows\system32\EPPICPattern121.dat
2009-10-19 01:14:15 108704 ----a-w- c:\windows\system32\PICEntry.dll
2009-10-19 00:35:58 0 d-----w- C:\EPSONREG
2009-10-19 00:34:22 11776 ----a-w- c:\windows\system32\drivers\afc.sys
2009-10-19 00:32:02 264886 ----a-w- c:\windows\EPSTPLOG.BAK
2009-10-19 00:31:25 44 ----a-w- c:\windows\EPCX4800.ini
2009-10-19 00:30:42 0 d-----w- c:\program files\EPSON
2009-10-19 00:30:34 79679 ----a-w- c:\windows\system32\E_FLMADA.DLL
2009-10-19 00:30:34 64000 ----a-w- c:\windows\system32\E_FBCBADA.DLL
2009-10-19 00:30:34 34304 ----a-w- c:\windows\system32\E_FBCHADA.DLL
2009-10-19 00:29:48 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-10-19 00:29:48 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-10-19 00:29:33 22016 ----a-w- c:\windows\system32\esccmd.dll
2009-10-19 00:29:32 46080 ----a-w- c:\windows\system32\escimgd.dll
2009-10-19 00:29:32 29696 ----a-w- c:\windows\system32\escwiad.dll
2009-10-19 00:29:30 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-10-19 00:29:30 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-10-18 23:56:17 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-10-18 23:56:17 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2009-10-18 20:00:08 929 ----a-w- c:\windows\system32\drivers\ativcaxx.vp
2009-10-18 20:00:08 6684672 ----a-w- c:\windows\system32\atioglx1.dll
2009-10-18 20:00:08 6005 ----a-w- c:\windows\system32\atifglpf.xml
2009-10-18 20:00:08 58560 ----a-w- c:\windows\system32\drivers\ativckxx.vp
2009-10-18 20:00:08 40960 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-10-18 20:00:08 27232 ----a-w- c:\windows\system32\drivers\ativvpxx.vp
2009-10-18 20:00:08 151552 ----a-w- c:\windows\system32\atikvmag.dll
2009-10-18 20:00:08 114630 ----a-w- c:\windows\system32\atiicdxx.dat
2009-10-18 20:00:08 1114674 ----a-w- c:\windows\system32\drivers\ativcaxx.cpa
2009-10-18 20:00:00 5 ----a-w- c:\windows\system32\drivers\DELL_DIM_4700.MRK
2009-10-18 20:00:00 5 ----a-w- c:\windows\system32\drivers\1028_DELL_DIM_4700.MRK
2009-10-18 19:57:50 0 d-----w- c:\program files\Dell
2009-10-18 19:57:10 0 d-----w- c:\docume~1\alluse~1\applic~1\Prism
2009-10-18 19:57:08 61526 ----a-w- c:\windows\system32\PRISMSVC.exe
2009-10-18 19:57:08 49152 ----a-w- c:\windows\system32\StopSrvr.exe
2009-10-18 19:57:08 450646 ----a-w- c:\windows\system32\PRISMAPI.dll
2009-10-18 19:57:08 381014 ----a-w- c:\windows\system32\PRISMSVR.exe
2009-10-18 19:57:08 0 d-----w- c:\program files\Dell Wireless
2009-10-18 19:57:05 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-10-18 19:57:05 1396827 ----a-w- c:\windows\system32\PRISME5.dll
2009-10-18 19:53:43 588 ----a-w- c:\windows\system32\settingsbkup.sfm
2009-10-18 19:53:43 588 ----a-w- c:\windows\system32\settings.sfm
2009-10-18 19:30:33 62976 -c----w- c:\windows\system32\dllcache\cdrom.sys
2009-10-18 19:30:32 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll
2009-10-18 19:30:32 465920 ------w- c:\windows\system32\imapi2fs.dll
2009-10-18 19:30:32 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll
2009-10-18 19:30:32 317952 ------w- c:\windows\system32\imapi2.dll
2009-10-18 18:48:27 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2009-10-18 18:26:36 0 d-----w- c:\program files\Essentials Codec Pack
2009-10-18 18:21:21 0 d-----w- c:\program files\VideoLAN
2009-10-18 17:54:58 0 d-----w- c:\docume~1\sara&y~1\applic~1\LimeWire
2009-10-18 17:54:40 0 d-----w- c:\program files\LimeWire
2009-10-18 17:51:35 0 d-----w- c:\program files\Microsoft
2009-10-18 17:50:35 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-10-18 17:50:35 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-18 17:45:30 0 d-----w- c:\windows\system32\Adobe
2009-10-18 16:16:20 376 ----a-w- c:\windows\ODBC.INI
2009-10-18 16:16:15 28040 ----a-w- c:\windows\system32\mdimon.dll
2009-10-18 16:15:23 0 d-----w- c:\program files\Microsoft ActiveSync
2009-10-18 16:13:32 0 d-----w- c:\windows\SHELLNEW
2009-10-18 16:04:42 0 d-----w- c:\program files\Microsoft Picture It! 9
2009-10-18 15:59:23 0 d-----w- c:\program files\Microsoft Works Suite 2004
2009-10-18 15:50:27 0 d-sh--w- c:\documents and settings\sara & yashe\IECompatCache
2009-10-18 15:49:58 0 d-sh--w- c:\documents and settings\sara & yashe\PrivacIE
2009-10-18 15:38:58 331776 ------w- c:\windows\system32\CTMEDENG.DLL
2009-10-18 15:38:57 24576 ----a-w- c:\windows\system32\CTMERes.DLL
2009-10-18 15:38:57 139264 ----a-w- c:\windows\system32\Video.skn
2009-10-18 15:38:20 692 ----a-w- c:\windows\system32\USBAudio.cpl.manifest
2009-10-18 15:38:20 45390 ----a-w- c:\windows\system32\usbaudio.chm
2009-10-18 15:38:20 176128 ----a-w- c:\windows\system32\USBAudio.cpl
2009-10-18 15:38:20 135168 ----a-w- c:\windows\system32\USBAudio.crl
2009-10-18 15:37:29 0 d-----w- c:\program files\Creative
2009-10-18 15:12:11 0 d-----w- c:\windows\system32\scripting
2009-10-18 15:12:10 0 d-----w- c:\windows\system32\en
2009-10-18 15:12:10 0 d-----w- c:\windows\system32\bits
2009-10-18 15:12:10 0 d-----w- c:\windows\l2schemas
2009-10-18 15:08:56 0 d-----w- c:\windows\network diagnostic
2009-10-18 12:45:00 0 d-----w- c:\windows\system32\ReinstallBackups
2009-10-18 12:42:08 520192 ------w- c:\windows\system32\ati2sgag.exe
2009-10-18 12:41:29 0 d-----w- c:\program files\ATI Technologies
2009-10-18 12:36:10 1902 ------w- c:\windows\system32\SetupBD.din
2009-10-18 12:35:20 5110 ----a-w- c:\windows\system32\e100b325.din
2009-10-18 12:35:20 24064 ----a-w- c:\windows\system32\IntelNic.dll
2009-10-18 12:35:20 154112 -c--a-w- c:\windows\system32\dllcache\e100b325.sys
2009-10-18 12:35:20 154112 ----a-w- c:\windows\system32\drivers\e100b325.sys
2009-10-18 12:35:20 12288 ----a-w- c:\windows\system32\e100bmsg.dll
2009-10-18 12:35:20 118784 ----a-w- c:\windows\system32\Prounstl.exe
2009-10-18 12:35:20 0 d-----w- C:\drvrtmp
2009-10-18 12:30:09 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2009-10-18 12:30:07 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2009-10-18 12:30:05 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2009-10-18 12:28:56 65536 ----a-w- c:\windows\system32\Audio3d.dll
2009-10-18 12:28:56 0 d-----w- c:\windows\VirtualEar
2009-10-18 12:28:55 991232 ----a-w- c:\windows\system32\virtear.dll
2009-10-18 12:28:53 0 d-----w- c:\program files\Analog Devices
2009-10-18 12:28:52 49152 ----a-w- c:\windows\system32\DSndUp.exe
2009-10-18 12:28:52 45056 ----a-w- c:\windows\system32\CleanUp.exe
2009-10-18 12:28:14 260352 ----a-w- c:\windows\system32\drivers\smwdm.sys
2009-10-18 12:28:12 732928 ----a-w- c:\windows\system32\drivers\senfilt.sys
2009-10-18 12:28:12 23040 ----a-w- c:\windows\system32\PostProc.dll
2009-10-18 12:28:11 311296 ----a-w- c:\windows\system32\Edcrypt.dll
2009-10-18 12:28:10 765952 ----a-w- c:\windows\system\crlds3d.dll
2009-10-18 12:26:38 446464 ----a-r- c:\windows\system32\hhactivex.dll
2009-10-18 12:26:38 176128 ----a-w- c:\windows\system32\RcdScan.dll
2009-10-18 12:26:37 645616 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2009-10-18 12:26:37 414944 ----a-w- c:\windows\system32\COMCT332.OCX
2009-10-18 12:26:37 328480 ----a-w- c:\windows\system32\ssa3d30.ocx
2009-10-18 12:26:35 7348 ----a-w- c:\windows\system32\Odbcjet.cnt
2009-10-18 12:26:35 171967 ----a-w- c:\windows\system32\Odbcjet.hlp
2009-10-18 12:26:29 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2009-10-18 12:26:21 13632 ------w- c:\windows\system32\drivers\omci.sys
2009-10-18 08:30:51 0 d-sh--w- c:\documents and settings\sara & yashe\IETldCache
2009-10-18 08:25:06 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-10-18 08:25:05 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-10-18 08:25:04 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-10-18 08:25:04 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-18 08:25:04 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-10-18 08:25:03 11069440 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-10-18 08:24:55 0 d-----w- c:\windows\ie8updates
2009-10-18 08:24:42 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-10-18 08:21:50 0 dc-h--w- c:\windows\ie8
2009-10-18 06:41:07 0 d-----w- c:\windows\ServicePackFiles
2009-10-18 04:22:55 11868 ------w- c:\windows\system32\drivers\mdmxsdk.sys
2009-10-18 04:18:23 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2009-10-18 04:02:44 0 d-sh--w- c:\documents and settings\sara & yashe\UserData
2009-10-18 03:39:47 499712 ----a-w- c:\windows\system32\CheckDll.dll
2009-10-18 03:31:07 123 ----a-w- c:\windows\system\SysSD.dll
2009-10-18 03:29:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-10-18 03:29:09 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-10-18 03:28:09 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-10-18 03:28:08 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-10-18 03:28:07 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-10-18 03:28:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-10-18 03:27:50 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-10-18 03:27:04 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-10-18 03:27:04 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-10-18 03:26:15 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-10-18 03:26:15 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-10-18 03:26:15 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-10-18 03:26:15 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-10-18 03:26:15 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-10-18 03:26:15 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-10-18 03:26:14 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-10-18 03:26:14 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-10-18 03:26:14 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-10-18 03:26:14 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-10-18 03:26:13 2189184 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-10-18 03:26:13 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-10-18 03:25:36 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-10-18 03:21:42 0 d-----w- c:\windows\system32\PreInstall
2009-10-18 03:18:03 0 d-----w- c:\windows\RegisteredPackages
2009-10-18 03:16:25 46592 ------w- c:\windows\system32\drivers\irbus.sys
2009-10-18 03:16:25 19200 ------w- c:\windows\system32\drivers\hidir.sys
2009-10-18 03:15:25 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-10-18 03:13:32 0 d-----w- c:\windows\system32\URTTemp
2009-10-18 03:13:12 0 d-----w- c:\program files\RGB
2009-10-18 03:11:25 0 d-----w- c:\program files\DIGStream
2009-10-18 03:11:23 0 d-----w- c:\program files\ESPNMotion
2009-10-18 03:11:21 0 d-----w- c:\program files\GemMaster
2009-10-18 03:11:19 0 d-----w- c:\program files\EnglishOtto
2009-10-18 03:06:45 0 d-----w- c:\windows\system32\SoftwareDistribution
2009-10-18 03:02:17 0 d-s---w- c:\windows\system32\Microsoft
2009-10-18 02:51:48 0 d-sh--w- c:\documents and settings\all users\DRM
2009-10-18 02:51:30 0 d--h--w- c:\program files\WindowsUpdate
2009-10-18 02:50:49 0 d-----w- c:\program files\common files\MSSoap
2009-10-18 02:48:32 0 d-----w- c:\program files\Windows Plus
2009-10-18 02:47:31 0 d-----w- c:\program files\Messenger
2009-10-18 02:47:28 0 d-----w- c:\program files\MSN Gaming Zone
2009-10-18 02:46:59 0 d-----w- c:\program files\Windows NT
2009-10-17 21:39:47 0 d-----w- c:\program files\common files\ODBC
2009-10-17 21:39:44 0 d-----w- c:\program files\common files\SpeechEngines
2009-10-17 21:39:25 0 d-----r- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-11-07 09:53:17 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-11-07 09:53:17 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-10-18 02:49:23 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-09-25 05:48:59 81920 ------w- c:\windows\system32\ieencode.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08:21 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2001-03-30 17:04:42 32768 --sha-r- c:\windows\system32\pcrelayin.dll

============= FINISH: 8:31:30.76 ===============
Go to the top of the page
 
+Quote Post
« Next Oldest · Infections Removal · Next Newest »
 

2 Pages V   1 2 >
Closed TopicStart new topic

 
RSS Time is now: 13th March 2010 - 08:21 AM
Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk.
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
Memory Forums | Auto Repair Forum
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy
Powered By IP.Board © 2010  IPS, Inc.