[Resolved] fake windows security center

Home Forums Contact

Welcome! Register for a free account (or login) > How does it work?

Quickly register. It will only take 60 seconds.
Start a new topic. Ask your question. Wait for an email reply.
Is your system infected? Begin reading the malware removal guide.

register button

What the Tech > Spyware / Malware / Virus Removal > Infections Removal

Closed Topic

Start new topic

[Resolved] fake windows security center, problem with uacinit.dll

sam.omar View Member Profile	Sep 7 2009, 05:35 PM Post #1
New Member Group: Authentic Member Posts: 9 Joined: 7-September 09 Member No.: 87,782 Operating System: windows xp	Hello everyone As soon as I start up my computer I get the window which says "windows security center - protect your pc" and it keeps sending out fake alerts. I ran Malware Bytes anti-malware and able to remove everything except uacinit.dll. Just like some other users here, I've repeatedly run Malwarebytes in an attempt to remove it, but it's persistent. Please help me. Here is my Hijack this log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:26:36 PM, on 9/7/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AGI\common\win32\PythonService.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Microsoft Analysis Services\Bin\msmdsrv.exe C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\stsystra.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe C:\WINDOWS\system32\wscsvc32.exe C:\Program Files\Internet Explorer\Iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://personalfirewall.comodo.com/download_firewall.html R3 - URLSearchHook: (no name) - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - (no file) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [AntiSpyware Service] C:\WINDOWS\TEMP\a3vjo8lyv7.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AntiSpyware Service] C:\WINDOWS\TEMP\a3vjo8lyv7.exe (User 'Default user') O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Easy WiFi Radar.lnk = C:\Program Files\Makayama Interactive\Easy WiFi Radar\Easy WIFI Radar.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://csufvpns.fullerton.edu/dana-cached/...perSetupSP1.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: cru629.datSans Serif C:\WINDOWS\system32\guard32.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing) O23 - Service: NICCONFIGSVC - Unknown owner - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (file missing) O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing) O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing) O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 9528 bytes and also here is my Malware Bytes Anti-Malware Log File ------------------------------------------------------------------------------------------------------------ --------------------------------------------------------------------------------------------------------- Malwarebytes' Anti-Malware 1.40 Database version: 2753 Windows 5.1.2600 Service Pack 2 9/7/2009 12:40:42 PM mbam-log-2009-09-07 (12-40-42).txt Scan type: Full Scan (C:\\|D:\\|) Objects scanned: 230782 Time elapsed: 51 minute(s), 8 second(s) Memory Processes Infected: 1 Memory Modules Infected: 2 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 14 Memory Processes Infected: C:\WINDOWS\Temp\Installer.exe (Rogue.ProtectionSystem) -> Unloaded process successfully. Memory Modules Infected: \\?\globalroot\systemroot\system32\UACrnvdpbmesw.dll (Trojan.Agent) -> Delete on reboot. \\?\globalroot\systemroot\system32\hjgruinsrapgax.dll (Rootkit.TDSS) -> Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Malware.Trace) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\Protection System (Rogue.ProtectionSystem) -> Quarantined and deleted successfully. Files Infected: \\?\globalroot\systemroot\system32\UACrnvdpbmesw.dll (Trojan.Agent) -> Quarantined and deleted successfully. \\?\globalroot\systemroot\system32\hjgruinsrapgax.dll (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wingenocx.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\Installer.exe (Rogue.ProtectionSystem) -> Quarantined and deleted successfully. C:\Program Files\Protection System\blacklist.cga (Rogue.ProtectionSystem) -> Quarantined and deleted successfully. C:\Program Files\Protection System\core.cga (Rogue.ProtectionSystem) -> Quarantined and deleted successfully. C:\Program Files\Protection System\coreext.dll (Rogue.ProtectionSystem) -> Quarantined and deleted successfully. C:\Program Files\Protection System\firewall.dll (Rogue.ProtectionSystem) -> Quarantined and deleted successfully. C:\Program Files\Protection System\psystem.exe (Rogue.ProtectionSystem) -> Quarantined and deleted successfully. C:\Program Files\Protection System\uninstall.exe (Rogue.ProtectionSystem) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Desktop\nudetube.com.lnk (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Desktop\pornotube.com.lnk (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Desktop\youporn.com.lnk (Rogue.Link) -> Quarantined and deleted successfully. C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.

2 Pages

1 2 >

Start new topic

Replies (1 - 16)

jpshortstuff View Member Profile	Sep 8 2009, 05:32 AM Post #2
SuperHelper Group: Classroom Teacher Posts: 5,620 Joined: 28-April 07 From: UK Member No.: 69,799 Operating System: Windows XP (Professional), Windows Vista (Home Business), Windows 7 (Ultimate), Ubuntu Linux	Hi there, welcome to WhatTheTech Please follow the steps in this topic to obtain RootRepeal and DDS logs. Please post those logs in a new reply in this thread, rather than starting a new topic. Then I will be glad to assist you. Cheers.

sam.omar View Member Profile	Sep 8 2009, 11:06 PM Post #3
New Member Group: Authentic Member Posts: 9 Joined: 7-September 09 Member No.: 87,782 Operating System: windows xp	Thankyou for your prrompt reply. I have copied 3 logs, 2 from DDS and 1 from Rootrepeal. DDS Log DDS.txt --------------------------------------------------------------- DDS (Ver_09-06-26.01) - NTFSx86 Run by aactech at 7:18:10.84 on Tue 09/08/2009 Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_06 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.266 [GMT -7:00] AV: COMODO Antivirus On-access scanning enabled (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B} FW: COMODO Firewall enabled {043803A3-4F86-4ef6-AFC5-F6E02A79969B} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\AGI\common\win32\PythonService.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Microsoft Analysis Services\Bin\msmdsrv.exe C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\stsystra.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wscsvc32.exe C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe C:\Program Files\Internet Explorer\Iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\aactech\Desktop\dds.scr ============== Pseudo HJT Report =============== mDefault_Search_URL = hxxp://www.google.com/ie mSearch Page = hxxp://www.google.com mStart Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = hxxp://personalfirewall.comodo.com/download_firewall.html mSearchAssistant = hxxp://www.google.com uURLSearchHooks: H - No File mURLSearchHooks: H - No File TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [SigmatelSysTrayApp] stsystra.exe mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_06\bin\jusched.exe" mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe" mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h dRun: [AntiSpyware Service] c:\windows\temp\a3vjo8lyv7.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\easywi~1.lnk - c:\program files\makayama interactive\easy wifi radar\Easy WIFI Radar.exe uPolicies-explorer: NoActiveDesktopChanges = 30 uPolicies-explorer: NoSetActiveDesktop = 30 uPolicies-explorer: NoFolderOptions = 30 IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\npjpi160_06.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813 DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://csufvpns.fullerton.edu/dana-cached/setup/JuniperSetupSP1.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll AppInit_DLLs: cru629.datSans Serif c:\windows\system32\guard32.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\aactech\applic~1\mozilla\firefox\profiles\l8e0znt5.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - component: c:\program files\mozilla firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll FF - HiddenExtension: XUL Cache: {33686B31-A2C3-4448-B2E6-2E06FB417FD8} - c:\documents and settings\saira\local settings\application data\{33686B31-A2C3-4448-B2E6-2E06FB417FD8} FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-9-7 132168] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-9-7 25160] S2 dzqe;dzqe;c:\windows\system32\drivers\iimwob.sys --> c:\windows\system32\drivers\iimwob.sys [?] S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-11-23 40840] S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-11-23 66952] S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-11-23 81288] =============== Created Last 30 ================ 2009-09-07 22:16 <DIR> --d----- c:\program files\Protection System 2009-09-07 15:21 320 a------- c:\windows\system32\drivers\sfi.dat 2009-09-07 13:12 120 a------- c:\windows\CIS_Setup_3.11.108364.552_XP_Vista_x32.INI 2009-09-07 13:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Comodo 2009-09-07 13:09 179,792 a------- c:\windows\system32\guard32.dll 2009-09-07 13:09 132,168 a------- c:\windows\system32\drivers\cmdguard.sys 2009-09-07 13:09 25,160 a------- c:\windows\system32\drivers\cmdhlp.sys 2009-09-07 13:09 <DIR> --d----- c:\program files\COMODO 2009-09-07 12:46 55,656 a------- c:\windows\system32\drivers\avgntflt.sys 2009-09-07 07:11 1,010,176 a------- c:\windows\system32\wscsvc32.exe 2009-08-26 00:11 <DIR> --d----- c:\docume~1\aactech\applic~1\Malwarebytes 2009-08-21 18:31 <DIR> --d----- C:\_OTM 2009-08-21 15:35 <DIR> a-d----- c:\windows\system32\images 2009-08-13 03:01 <DIR> --d----- c:\windows\ServicePackFiles ==================== Find3M ==================== 2009-08-05 02:11 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-08-03 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-03 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys 2009-07-17 11:55 58,880 a------- c:\windows\system32\atl.dll 2009-07-13 19:22 170,942 a------- c:\windows\pchealth\helpctr\config\cache\Professional_32_1033.dat 2009-07-13 05:48 219,648 a------- c:\windows\PEV.exe 2009-07-13 02:18 233,472 a------- c:\windows\system32\wmpdxm.dll 2009-06-26 09:18 659,456 a------- c:\windows\system32\wininet.dll 2009-06-26 09:18 81,920 a------- c:\windows\system32\ieencode.dll 2009-06-25 11:36 661,504 a------- c:\windows\system32\mqqm.dll 2009-06-25 11:36 517,120 a------- c:\windows\system32\mqsnap.dll 2009-06-25 11:36 471,552 a------- c:\windows\system32\mqutil.dll 2009-06-25 11:36 225,280 a------- c:\windows\system32\mqoa.dll 2009-06-25 11:36 186,880 a------- c:\windows\system32\mqtrig.dll 2009-06-25 11:36 177,152 a------- c:\windows\system32\mqrt.dll 2009-06-25 11:36 138,240 a------- c:\windows\system32\mqad.dll 2009-06-25 11:36 123,392 a------- c:\windows\system32\mqrtdep.dll 2009-06-25 11:36 95,744 a------- c:\windows\system32\mqsec.dll 2009-06-25 11:36 48,640 a------- c:\windows\system32\mqupgrd.dll 2009-06-25 11:36 47,104 a------- c:\windows\system32\mqdscli.dll 2009-06-25 11:36 16,896 a------- c:\windows\system32\mqise.dll 2009-06-25 01:17 729,600 a------- c:\windows\system32\lsasrv.dll 2009-06-25 01:17 301,568 a------- c:\windows\system32\kerberos.dll 2009-06-25 01:17 168,448 a------- c:\windows\system32\schannel.dll 2009-06-25 01:17 136,192 a------- c:\windows\system32\msv1_0.dll 2009-06-25 01:17 59,392 a------- c:\windows\system32\wdigest.dll 2009-06-25 01:17 56,320 a------- c:\windows\system32\secur32.dll 2009-06-22 04:49 117,248 a------- c:\windows\system32\mqtgsvc.exe 2009-06-22 04:49 19,968 a------- c:\windows\system32\mqbkup.exe 2009-06-22 04:49 4,608 a------- c:\windows\system32\mqsvc.exe 2009-06-16 07:55 119,808 a------- c:\windows\system32\t2embed.dll 2009-06-16 07:55 82,432 a------- c:\windows\system32\fontsub.dll 2009-06-12 04:50 80,896 a------- c:\windows\system32\tlntsess.exe 2009-06-12 04:50 76,288 a------- c:\windows\system32\telnet.exe 2009-06-10 07:21 84,992 a------- c:\windows\system32\avifil32.dll 2008-10-20 20:57 19,401 a------- c:\docume~1\alluse~1\applic~1\rixisex.reg 2008-10-20 20:57 16,321 a------- c:\program files\common files\lygone.dll 2008-10-20 20:57 13,507 a------- c:\docume~1\alluse~1\applic~1\wonojog.vbs 2008-10-20 20:57 13,362 a------- c:\program files\common files\gawiro._dl 2007-11-13 12:47 217 a------- c:\program files\setup.ini 2002-03-11 02:06 1,822,520 a------- c:\program files\instmsiw.exe 2002-03-11 01:45 1,708,856 a------- c:\program files\instmsia.exe 2008-12-02 16:31 4,096 a--sh--- c:\windows\system32\jefiyuna.exe ============= FINISH: 7:20:28.01 =============== ? ------------------------------------------------------------------------------------------------------------------------------------------------------------- ------------------------------------------------------------------------------------------------------------------------------------------------------------- ------------------------------------------------------------------------------------------------------------------------------------------------------------- DDS Log Attach.txt --------------------------------------------------------------- UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-06-26.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 2/3/2008 3:14:18 PM System Uptime: 9/8/2009 7:05:08 AM (0 hours ago) Motherboard: Dell Inc. \| \| 0KD882 Processor: Genuine Intel® CPU T2050 @ 1.60GHz \| Microprocessor \| 1323/133mhz Processor: Genuine Intel® CPU T2050 @ 1.60GHz \| Microprocessor \| 1323/133mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 29 GiB total, 2.259 GiB free. D: is FIXED (NTFS) - 40 GiB total, 24.458 GiB free. E: is CDROM () F: is CDROM () ==== Disabled Device Manager Items ============= Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: Base System Device Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_01BD1028&REV_01\4&2FE911E8&0&0AF0 Manufacturer: Name: Base System Device PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_01BD1028&REV_01\4&2FE911E8&0&0AF0 Service: Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: Base System Device Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_01BD1028&REV_0A\4&2FE911E8&0&0BF0 Manufacturer: Name: Base System Device PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_01BD1028&REV_0A\4&2FE911E8&0&0BF0 Service: Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: Base System Device Device ID: PCI\VEN_1180&DEV_0852&SUBSYS_01BD1028&REV_05\4&2FE911E8&0&0CF0 Manufacturer: Name: Base System Device PNP Device ID: PCI\VEN_1180&DEV_0852&SUBSYS_01BD1028&REV_05\4&2FE911E8&0&0CF0 Service: ==== System Restore Points =================== No restore point in system. ==== Installed Programs ====================== 2007 Microsoft Office Suite Service Pack 1 (SP1) Adobe Acrobat 7.0 Professional Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 8.1.1 Adobe Shockwave Player 11 Apple Software Update Bayesware Discoverer Student Edition 1.0 Broadcom 440x 10/100 Integrated Controller Choice Guard COMODO Internet Security Conexant HDA D110 MDC V.92 Modem Contextual Platform Worldadmarketplace Dell Resource CD Dell Wireless WLAN Card High Definition Audio Driver Package - KB835221 HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB896256) Hotfix for Windows XP (KB908673) Hotfix for Windows XP (KB914642) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Intel® Graphics Media Accelerator Driver J2SE Runtime Environment 5.0 Update 6 Java™ 6 Update 3 Java™ 6 Update 6 Java™ SE Development Kit 6 Update 1 Java™ SE Runtime Environment 6 Update 1 JCreator Pro 4.50 Macromedia Dreamweaver MX 2004 Macromedia Extension Manager Malwarebytes' Anti-Malware Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Visio MUI (English) 2007 Microsoft Office Visio Professional 2007 Microsoft Office Visio Professional 2007 Trial Microsoft Office Word MUI (English) 2007 Microsoft Reader Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs Microsoft Software Update for Web Folders (English) 12 Microsoft SQL Server 2000 Microsoft SQL Server 2000 Analysis Services Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Modem Helper Mozilla Firefox (3.0.13) MSVCRT MSXML 6 Service Pack 2 (KB954459) MySQL Server 5.1 MySQL Tools for 5.0 NetBeans IDE 6.0.1 OpenOffice.org 2.3 Paint.NET v3.22 Performance Solution Worldadmarketplace QuickSet QuickTime RealPlayer Security Update for 2007 Microsoft Office System (KB951550) Security Update for 2007 Microsoft Office System (KB951944) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB969679) Security Update for Microsoft Office Excel 2007 (KB969682) Security Update for Microsoft Office OneNote 2007 (KB950130) Security Update for Microsoft Office PowerPoint 2007 (KB957789) Security Update for Microsoft Office Publisher 2007 (KB969693) Security Update for Microsoft Office system 2007 (KB954326) Security Update for Microsoft Office system 2007 (KB969613) Security Update for Microsoft Office Visio 2007 (KB957831) Security Update for Microsoft Office Word 2007 (KB969604) Security Update for Visio 2007 (KB947590) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB936782) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921503) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB937894) Security Update for Windows XP (KB938127) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB938829) Security Update for Windows XP (KB941202) Security Update for Windows XP (KB941568) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB941644) Security Update for Windows XP (KB941693) Security Update for Windows XP (KB942615) Security Update for Windows XP (KB943055) Security Update for Windows XP (KB943460) Security Update for Windows XP (KB943485) Security Update for Windows XP (KB944338) Security Update for Windows XP (KB944533) Security Update for Windows XP (KB944653) Security Update for Windows XP (KB945553) Security Update for Windows XP (KB946026) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB947864) Security Update for Windows XP (KB948590) Security Update for Windows XP (KB948881) Security Update for Windows XP (KB950749) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953838) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956390) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958470) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960714) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB963027) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969897) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB971032) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972260) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Segoe UI SigmaTel Audio Skype web features Skype™ 4.1 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office Outlook 2007 (KB969907) Update for Outlook 2007 Junk Email Filter (kb972691) Update for Windows XP (KB894391) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB908531) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB925720) Update for Windows XP (KB927891) Update for Windows XP (KB930916) Update for Windows XP (KB936357) Update for Windows XP (KB938828) Update for Windows XP (KB942763) Update for Windows XP (KB942840) Update for Windows XP (KB946627) Update for Windows XP (KB951072-v2) Update for Windows XP (KB955839) Update for Windows XP (KB961503) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB973815) VideoLAN VLC media player 0.8.6f WebFldrs XP Webshots Desktop WIDCOMM Bluetooth Software Windows Imaging Component Windows Installer 3.1 (KB893803) Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Messenger Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB885855 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 WinRAR archiver XML Paper Specification Shared Components Pack 1.0 Yahoo! Messenger ==== Event Viewer Messages From Past Week ======== 9/7/2009 9:38:07 PM, error: Service Control Manager [7000] - The NICCONFIGSVC service failed to start due to the following error: The system cannot find the file specified. 9/7/2009 4:23:42 PM, error: Service Control Manager [7034] - The NICCONFIGSVC service terminated unexpectedly. It has done this 1 time(s). 9/7/2009 11:46:15 AM, error: Service Control Manager [7000] - The dzqe service failed to start due to the following error: The system cannot find the file specified. 9/7/2009 11:20:27 AM, error: Service Control Manager [7034] - The AntipyProex service terminated unexpectedly. It has done this 1 time(s). 9/6/2009 11:09:28 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume D:. 9/6/2009 11:09:15 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep 9/6/2009 11:09:11 PM, error: LDMS [3023] - The Logical Disk Manager Service failed while registering for device handle notifications on device \\?\ide#cdromphilips_dvd+-rw_sdvd8820________________ad18____#5&2c81f6de&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}. Win32 Error: 1381. 9/5/2009 9:44:47 AM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code. 9/4/2009 4:53:31 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001A920E0462. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. ==== End Of File =========================== ------------------------------------------------------------------------------------------------------------------------------------------------------------- ------------------------------------------------------------------------------------------------------------------------------------------------------------- ------------------------------------------------------------------------------------------------------------------------------------------------------------- Rootrepeal Log --------------------------------------------------------------- ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/09/08 07:24 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP2 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xAA0D6000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF8A02000 Size: 8192 File Visible: No Signed: - Status: - Name: hjgruixppyvbyq.sys Image Path: C:\WINDOWS\system32\drivers\hjgruixppyvbyq.sys Address: 0xAA2C1000 Size: 163840 File Visible: - Signed: - Status: Hidden from the Windows API! Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xA942D000 Size: 49152 File Visible: No Signed: - Status: - SSDT ------------------- #: 011 Function Name: NtAdjustPrivilegesToken Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa30df4a #: 031 Function Name: NtConnectPort Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa30d454 #: 037 Function Name: NtCreateFile Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa30daee #: 041 Function Name: NtCreateKey Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa30e4c6 #: 046 Function Name: NtCreatePort Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa30d132 #: 050 Function Name: NtCreateSection Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa30f1d6 #: 052 Function Name: NtCreateSymbolicLinkObject Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa30f4ae #: 053 Function Name: NtCreateThread Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa30ccf8 #: 063 Function Name: NtDeleteKey Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa30e130 #: 065 Function Name: NtDeleteValueKey Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa30e2e0 #: 068 Function Name: NtDuplicateObject Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa30ca5a #: 097 Function Name: NtLoadDriver Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa30ee58 #: 105 Function Name: NtMakeTemporaryObject Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa30d6d8 #: 116 Function Name: NtOpenFile Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa30dd32 #: 122 Function Name: NtOpenProcess Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa30c78a #: 125 Function Name: NtOpenSection Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa30d968 #: 128 Function Name: NtOpenThread Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa30c902 #: 192 Function Name: NtRenameKey Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa30e88c #: 200 Function Name: NtRequestWaitReplyPort Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa30d250 #: 210 Function Name: NtSecureConnectPort Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa30ebf4 #: 240 Function Name: NtSetSystemInformation Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa30f006 #: 247 Function Name: NtSetValueKey Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa30e68c #: 249 Function Name: NtShutdownSystem Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa30d672 #: 255 Function Name: NtSystemDebugControl Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa30d85c #: 257 Function Name: NtTerminateProcess Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa30cffc #: 258 Function Name: NtTerminateThread Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa30ceca Hidden Services ------------------- Service Name: hjgruilpxdkpia Image Path: C:\WINDOWS\system32\drivers\hjgruixppyvbyq.sys Service Name: UACd.sys Image Path: C:\WINDOWS\system32\drivers\UAChxiqlxrloy.sys ==EOF== Once again Thank You for all your help.

jpshortstuff View Member Profile	Sep 9 2009, 01:38 AM Post #4
SuperHelper Group: Classroom Teacher Posts: 5,620 Joined: 28-April 07 From: UK Member No.: 69,799 Operating System: Windows XP (Professional), Windows Vista (Home Business), Windows 7 (Ultimate), Ubuntu Linux	Hi Thanks for those logs, let's begin cleaning. Please download GooredFix from one of the locations below and save it to your Desktop Download Mirror #1 Download Mirror #2 Ensure all Firefox windows are closed. To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista). When prompted to run the scan, click Yes. GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt). If you already have a copy of ComboFix, please delete it. Please download ComboFix to your desktop from one of these locations. You must rename it before saving it. Save it to your desktop. Link 1 Link 2 Link 3 IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on Combo-Fix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. Notes: 1. Do not mouse-click Combofix's window while it is running. That may cause it to stall. 2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions. 3. ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser. 4. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please advise. 5. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine. After this, please run RootRepeal again, checking all the boxes this time, and post the log it gives.

sam.omar View Member Profile	Sep 9 2009, 08:06 AM Post #5
New Member Group: Authentic Member Posts: 9 Joined: 7-September 09 Member No.: 87,782 Operating System: windows xp	Thanks once again for all your clear and complete help. GooredFix Log ----------------------------------------------------------------------------- GooredFix by jpshortstuff (12.07.09) Log created at 06:11 on 09/09/2009 (aactech) Firefox version 3.0.13 (en-US) ========== GooredScan ========== Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{33686B31-A2C3-4448-B2E6-2E06FB417FD8} -> Success! Deleting C:\Documents and Settings\Saira\Local Settings\Application Data\{33686B31-A2C3-4448-B2E6-2E06FB417FD8} -> Success! C:\Program Files\Mozilla Firefox\extensions\ browserhighlighter@ebay.com [08:01 22/08/2009] {972ce4c6-7e08-4474-a285-3208198ce6fd} [03:08 17/03/2008] {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} [17:14 22/06/2008] [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [10:07 22/08/2009] -=E.O.F=- --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ComboFix Log ----------------------------------------------------------------------------- ComboFix 09-09-08.07 - aactech 09/09/2009 6:29.5.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.233 [GMT -7:00] Running from: c:\documents and settings\aactech\Desktop\Combo-Fix.exe AV: COMODO Antivirus On-access scanning disabled (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B} FW: COMODO Firewall disabled {043803A3-4F86-4ef6-AFC5-F6E02A79969B} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\rixisex.reg c:\documents and settings\All Users\Application Data\wonojog.vbs c:\documents and settings\All Users\Documents\recasibi.bat c:\documents and settings\Saira\Local Settings\Application Data\pikonepesu.inf c:\documents and settings\Saira\Local Settings\Application Data\ymonygibe.bat c:\program files\Protection System c:\windows\run.log c:\windows\system32\doxajyl.vbs c:\windows\system32\drivers\1028_DELL_XPS_MM061 .MRK c:\windows\system32\drivers\DELL_XPS_MM061 .MRK c:\windows\system32\drivers\hjgruixppyvbyq.sys c:\windows\system32\drivers\UAChxiqlxrloy.sys c:\windows\system32\gavulowe.dll.tmp c:\windows\system32\hjgruifpwvrosl.dat c:\windows\system32\hjgruihgltokto.dll c:\windows\system32\hjgruimqllgpfq.dat c:\windows\system32\hjgruinsrapgax.dll c:\windows\system32\hjgruiovdlnnsr.dll c:\windows\system32\images c:\windows\system32\images\i1.gif c:\windows\system32\images\i2.gif c:\windows\system32\images\i3.gif c:\windows\system32\images\j1.gif c:\windows\system32\images\j2.gif c:\windows\system32\images\j3.gif c:\windows\system32\images\jj1.gif c:\windows\system32\images\jj2.gif c:\windows\system32\images\jj3.gif c:\windows\system32\images\l1.gif c:\windows\system32\images\l2.gif c:\windows\system32\images\l3.gif c:\windows\system32\images\pix.gif c:\windows\system32\images\t1.gif c:\windows\system32\images\t2.gif c:\windows\system32\images\up1.gif c:\windows\system32\images\up2.gif c:\windows\system32\images\w1.gif c:\windows\system32\images\w11.gif c:\windows\system32\images\w2.gif c:\windows\system32\images\w3.gif c:\windows\system32\images\w3.jpg c:\windows\system32\images\wt1.gif c:\windows\system32\images\wt2.gif c:\windows\system32\images\wt3.gif c:\windows\system32\ltfil13n.dll c:\windows\system32\pedabara.dll.tmp c:\windows\system32\UACfxxvmyvjdk.dat c:\windows\system32\uacinit.dll c:\windows\system32\UACmnrersytqr.dll c:\windows\system32\UACnunhnfemxf.dll c:\windows\system32\UACqjwqomurrw.dll c:\windows\system32\UACrnvdpbmesw.dll c:\windows\system32\wscsvc32.exe c:\windows\Temp\1019167004.exe c:\windows\Temp\2498985320.exe c:\windows\Temp\292873626.exe c:\windows\ynykanyf.bat . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_hjgruilpxdkpia -------\Legacy_hjgruilpxdkpia -------\Service_UACd.sys -------\Legacy_UACd.sys ((((((((((((((((((((((((( Files Created from 2009-08-09 to 2009-09-09 ))))))))))))))))))))))))))))))) . 2009-09-09 13:37 . 2009-09-09 13:37 -------- d-----w- c:\documents and settings\aactech\Application Data\agi 2009-09-08 14:22 . 2009-09-08 14:22 0 ----a-w- c:\documents and settings\aactech\settings.dat 2009-09-07 22:21 . 2009-09-07 23:12 320 ----a-w- c:\windows\system32\drivers\sfi.dat 2009-09-07 20:10 . 2009-09-07 22:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo 2009-09-07 20:09 . 2009-09-07 20:09 87104 ----a-w- c:\windows\system32\drivers\inspect.sys 2009-09-07 20:09 . 2009-09-07 20:09 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2009-09-07 20:09 . 2009-09-07 20:09 179792 ----a-w- c:\windows\system32\guard32.dll 2009-09-07 20:09 . 2009-09-07 20:09 132168 ----a-w- c:\windows\system32\drivers\cmdguard.sys 2009-09-07 20:09 . 2009-09-07 20:09 -------- d-----w- c:\program files\COMODO 2009-09-07 19:46 . 2009-07-28 23:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-08-26 15:20 . 2009-09-07 18:48 -------- d-----w- c:\documents and settings\aactech\Application Data\skypePM 2009-08-26 15:19 . 2009-09-07 20:48 -------- d-----w- c:\documents and settings\aactech\Application Data\Skype 2009-08-26 07:26 . 2009-08-26 07:26 -------- d-----w- c:\documents and settings\aactech\Local Settings\Application Data\Mozilla 2009-08-26 07:25 . 2009-08-26 07:25 -------- d-----w- c:\documents and settings\aactech\Application Data\Apple Computer 2009-08-26 07:12 . 2009-09-02 18:31 -------- d-----w- c:\documents and settings\aactech\Local Settings\Application Data\Adobe 2009-08-26 07:11 . 2009-08-26 07:11 -------- d-----w- c:\documents and settings\aactech\Application Data\Malwarebytes 2009-08-22 08:01 . 2009-08-22 08:01 -------- d-----w- c:\program files\Common Files\Skype 2009-08-22 01:31 . 2009-08-22 01:31 -------- d-----w- C:\_OTM 2009-08-13 10:01 . 2009-08-13 10:01 -------- d-----w- c:\windows\ServicePackFiles . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-09 06:32 . 2008-03-13 21:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-09-07 18:33 . 2008-10-21 04:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-07 14:41 . 2008-06-08 21:58 -------- d-----w- c:\documents and settings\Saira\Application Data\Skype 2009-09-07 07:03 . 2008-06-08 21:59 -------- d-----w- c:\documents and settings\Saira\Application Data\skypePM 2009-09-07 06:09 . 2008-02-09 06:37 -------- d-----w- c:\documents and settings\Saira\Application Data\OpenOffice.org2 2009-08-29 17:00 . 2008-02-04 00:26 72360 ----a-w- c:\documents and settings\Saira\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-26 07:25 . 2008-04-04 18:12 72360 ----a-w- c:\documents and settings\aactech\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-22 08:01 . 2008-06-08 21:57 -------- d-----r- c:\program files\Skype 2009-08-22 08:01 . 2008-06-08 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2009-08-05 09:11 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-03 20:36 . 2008-10-21 04:14 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-03 20:36 . 2008-10-21 04:14 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-19 01:54 . 2008-02-07 05:39 -------- d-----w- c:\documents and settings\Saira\Application Data\NetSarang 2009-07-19 01:48 . 2008-12-01 17:20 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-07-19 01:40 . 2008-02-04 00:10 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-19 01:39 . 2009-07-18 21:03 -------- d-----w- c:\program files\Astonsoft 2009-07-18 22:05 . 2008-06-28 01:05 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-07-18 01:57 . 2009-07-18 01:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2009-07-18 01:57 . 2008-06-20 06:35 -------- d-----w- c:\program files\Norton Security Scan 2009-07-18 01:02 . 2009-07-18 01:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-07-18 01:02 . 2009-07-18 01:02 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller 2009-07-17 18:55 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 09:18 . 2004-08-04 12:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-13 04:09 . 2008-04-04 22:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-06-26 16:18 . 2004-08-04 12:00 659456 ----a-w- c:\windows\system32\wininet.dll 2009-06-26 16:18 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-06-25 18:36 . 2004-08-04 12:00 95744 ----a-w- c:\windows\system32\mqsec.dll 2009-06-25 18:36 . 2004-08-04 12:00 661504 ----a-w- c:\windows\system32\mqqm.dll 2009-06-25 18:36 . 2004-08-04 12:00 517120 ----a-w- c:\windows\system32\mqsnap.dll 2009-06-25 18:36 . 2004-08-04 12:00 48640 ----a-w- c:\windows\system32\mqupgrd.dll 2009-06-25 18:36 . 2004-08-04 12:00 471552 ----a-w- c:\windows\system32\mqutil.dll 2009-06-25 18:36 . 2004-08-04 12:00 47104 ----a-w- c:\windows\system32\mqdscli.dll 2009-06-25 18:36 . 2004-08-04 12:00 225280 ----a-w- c:\windows\system32\mqoa.dll 2009-06-25 18:36 . 2004-08-04 12:00 186880 ----a-w- c:\windows\system32\mqtrig.dll 2009-06-25 18:36 . 2004-08-04 12:00 177152 ----a-w- c:\windows\system32\mqrt.dll 2009-06-25 18:36 . 2004-08-04 12:00 16896 ----a-w- c:\windows\system32\mqise.dll 2009-06-25 18:36 . 2004-08-04 12:00 138240 ----a-w- c:\windows\system32\mqad.dll 2009-06-25 18:36 . 2004-08-04 12:00 123392 ----a-w- c:\windows\system32\mqrtdep.dll 2009-06-25 08:17 . 2004-08-04 12:00 729600 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:17 . 2004-08-04 12:00 59392 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:17 . 2004-08-04 12:00 56320 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:17 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-25 08:17 . 2004-08-04 12:00 168448 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:17 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-22 11:49 . 2004-08-04 12:00 19968 ----a-w- c:\windows\system32\mqbkup.exe 2009-06-22 11:49 . 2004-08-04 12:00 117248 ----a-w- c:\windows\system32\mqtgsvc.exe 2009-06-22 11:49 . 2004-08-04 12:00 4608 ----a-w- c:\windows\system32\mqsvc.exe 2009-06-22 11:48 . 2004-08-04 12:00 91776 ----a-w- c:\windows\system32\drivers\mqac.sys 2009-06-22 11:35 . 2004-08-04 12:00 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-06-16 14:55 . 2004-08-04 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:55 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-12 11:50 . 2004-08-04 12:00 80896 ----a-w- c:\windows\system32\tlntsess.exe 2009-06-12 11:50 . 2004-08-04 12:00 76288 ----a-w- c:\windows\system32\telnet.exe 2008-10-21 03:57 . 2008-10-21 03:57 16321 ----a-w- c:\program files\Common Files\lygone.dll 2008-10-21 03:57 . 2008-10-21 03:57 13362 ----a-w- c:\program files\Common Files\gawiro._dl 2007-11-13 19:47 . 2007-11-13 19:47 217 ----a-w- c:\program files\setup.ini 2002-03-11 09:06 . 2002-03-11 09:06 1822520 ----a-w- c:\program files\instmsiw.exe 2002-03-11 08:45 . 2002-03-11 08:45 1708856 ----a-w- c:\program files\instmsia.exe 2008-09-06 03:33 . 2008-09-06 03:33 63211 --sha-w- c:\windows\system32\fepuhegu.dll.tmp 2008-09-02 04:39 . 2008-09-02 04:39 64052 --sha-w- c:\windows\system32\fosepoyo.dll.tmp 2008-12-02 23:31 . 2008-12-02 23:31 4096 --sha-w- c:\windows\system32\jefiyuna.exe 2008-09-04 15:32 . 2008-09-04 15:32 66101 --sha-w- c:\windows\system32\regogera.dll.tmp 2008-09-06 03:33 . 2008-09-06 03:33 63211 --sha-w- c:\windows\system32\tiseluwi.dll.tmp 2008-09-02 04:39 . 2008-09-02 04:39 64052 --sha-w- c:\windows\system32\wepejapu.dll.tmp 2008-09-04 15:32 . 2008-09-04 15:32 66101 --sha-w- c:\windows\system32\wojigovu.dll.tmp . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-08-04 1032192] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-31 138008] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-01 385024] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-20 185896] "Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-09-07 1796368] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-25 282624] c:\documents and settings\Saira\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440] OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216] Webshots.lnk - c:\program files\Webshots\Launcher.exe [2008-11-14 157000] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2009-3-31 25214] Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\guard32.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk /r \??\C:\0autocheck autochk * [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\apps\\Java\\jdk1.6.0_01\\bin\\java.exe"= "c:\\apps\\Java\\jdk1.6.0_01\\jre\\bin\\java.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Java\\jre1.6.0_03\\bin\\java.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\WLTRYSVC.EXE"= "c:\\Program Files\\OpenOffice.org 2.3\\program\\soffice.bin"= "c:\\Program Files\\AGI\\common\\win32\\pythonservice.exe"= "c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"= "c:\\WINDOWS\\system32\\taskmgr.exe"= "c:\\Program Files\\OpenOffice.org 2.3\\program\\soffice.exe"= "c:\\WINDOWS\\system32\\BCMWLTRY.EXE"= "c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"= "c:\\Program Files\\Java\\jre1.6.0_06\\bin\\jusched.exe"= "c:\\WINDOWS\\system32\\spoolsv.exe"= "c:\\WINDOWS\\system32\\WLTRAY.EXE"= "c:\\Program Files\\WIDCOMM\\Bluetooth Software\\bin\\btwdins.exe"= "c:\\WINDOWS\\system32\\wbem\\wmiadap.exe"= "c:\\WINDOWS\\system32\\verclsid.exe"= "c:\\Program Files\\AGI\\Python25\\pythonw.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [9/7/2009 1:09 PM 132168] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [9/7/2009 1:09 PM 25160] R2 AGWinService;AG Windows Service;c:\program files\AGI\common\win32\pythonservice.exe [11/14/2008 7:31 PM 10240] S2 dzqe;dzqe;c:\windows\system32\drivers\iimwob.sys --> c:\windows\system32\drivers\iimwob.sys [?] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe --> c:\program files\Spyware Doctor\pctsAuxs.exe [?] . . ------- Supplementary Scan ------- . mStart Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = hxxp://personalfirewall.comodo.com/download_firewall.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\aactech\Application Data\Mozilla\Firefox\Profiles\l8e0znt5.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS REMOVED - - - - URLSearchHooks-{0BC6E3FA-78EF-4886-842C-5A1258C4455A} - (no file) HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe AddRemove-ef275db8-4dba-fbe7-3e42-8217943b3fcb - c:\windows\system32\ef275db8-4dba-fbe7-3e42-8217943b3fcb.exe AddRemove-Microsoft SQL Server 2000 Analysis Services - c:\windows\ISUNINST.EXE -fc:\program files\Microsoft Analysis Services\uninst.isu AddRemove-qowtnhqtfmmvuf - c:\windows\system32\qowtnhqtfmmvuf.exe ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-09 06:37 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwClose, ZwOpenFile scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\docume~1\aactech\LOCALS~1\Temp\Perflib_Perfdata_664.dat 16384 bytes scan completed successfully hidden files: 1 ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL] "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL" . Completion time: 2009-09-09 6:38 ComboFix-quarantined-files.txt 2009-09-09 13:38 ComboFix2.txt 2009-07-14 02:13 Pre-Run: 2,331,435,008 bytes free Post-Run: 2,626,985,984 bytes free 282 --- E O F --- 2009-09-09 06:33 --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- RootRepeal Log ----------------------------------------------------------------------------- ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/09/09 06:49 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP2 ================================================== Drivers ------------------- Name: catchme.sys Image Path: C:\DOCUME~1\aactech\LOCALS~1\Temp\catchme.sys Address: 0xF8864000 Size: 31744 File Visible: No Signed: - Status: - Name: Combo-Fix.sys Image Path: Combo-Fix.sys Address: 0xF8524000 Size: 60416 File Visible: No Signed: - Status: - Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xAA082000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF8A68000 Size: 8192 File Visible: No Signed: - Status: - Name: PROCEXP90.SYS Image Path: C:\WINDOWS\system32\Drivers\PROCEXP90.SYS Address: 0xF89EC000 Size: 6464 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xA958C000 Size: 49152 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: C:\WINDOWS\Temp\ib1C3.tmp Status: Locked to the Windows API! Path: C:\WINDOWS\Temp\ib1C4.tmp Status: Locked to the Windows API! Path: C:\WINDOWS\Temp\ib1C5.tmp Status: Locked to the Windows API! Path: C:\WINDOWS\Temp\ib1C6.tmp Status: Locked to the Windows API! Path: C:\WINDOWS\Temp\ib1C7.tmp Status: Locked to the Windows API! Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine Status: Locked to the Windows API! Path: C:\WINDOWS\system32\drivers\sfi.dat Status: Locked to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\Perflib_Perfdata_620.dat Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\TMP87.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\TMP88.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\TMP89.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\TMP8A.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\UAC000 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\UAC4c56.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\url.txt Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\UserInfoSetup(20090517194657C34).log Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\VBE Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\walmartyourzone.bmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\WebshotsTemp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\WER1046.dir00 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\WER1317.dir00 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\Quality factors.doc Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\QuickTimePlayer (2009-07-14 0.37.11).dmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\rem4D.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\seneka000 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\setup.exe Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\SetupExe(2009051718430827C).log Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\SetupExe(20090517194655C34).log Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\winamp.exe Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\WMC0000.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\wzszx000 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\xas1D7.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\y8o1D5.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\ywiseext.dll Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\z4g33F.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\__SkypeIEToolbar_Cache Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\{90A64B70-3ED6-45EF-B5B8-E0A518E416AC} Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\~DF18C6.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\~DF193E.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\~DF1A10.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\~DF1D43.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\~DF2D24.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\~DF2D65.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\~DF2E97.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\~DF2F8A.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\~DF2F95.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\~DF3E87.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\OIS Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-65 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-66 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-67 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-68 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-69 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-7 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-70 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-71 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-72 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-73 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-74 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-75 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-76 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-77 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-78 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-79 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-8 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-80 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-81 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\~DF8996.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\~DF8AC9.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\~DF9842.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\~DF9855.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\~DF9B29.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\~DFA731.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\~DFB0DB.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\~DFB109.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\~DFB164.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\~DFB8EE.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\~DFC981.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\~DFCC91.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\~DFCEC4.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\~DFD14F.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\~DFD30C.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\~DFDD61.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\~DFDD6C.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\~DFE18C.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\~DFE3B1.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\~DFE635.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\~DFF0B0.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\~DFF131.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\~DFF2EB.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\~DFFB07.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\Shreve%2C Anita - Olympia OK.rar Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\SKYNET000 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\SkypeSetup.exe Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\SoftArchDocTemplate-1.doc Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\SoftArchDocTemplate.doc Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\spoolsv.exe Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\Stephanie Laurens-Bastion Club books.rar Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\svkl1.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\system.exe Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\tbh_ff.txt Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\tdss000 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\Temporary Directory 1 for spring-framework-2.5.2-with-dependencies.zip Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\Temporary Internet Files Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\TFR1C1.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\OneNoteRuntimeCache Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\outlook logging Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\Perflib_Perfdata__755.dat Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\phn contacts.csv Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\Picture 250.jpg Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-10 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-11 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-12 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-13 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-14 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-15 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-16 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-17 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-18 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-19 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-2 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-20 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-21 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-22 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-23 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-24 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-25 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-26 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-27 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-47 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-48 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-49 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-5 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-50 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-51 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-52 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-53 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-54 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-55 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-56 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-57 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-58 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-59 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-6 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-60 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-61 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-62 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-63 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\Perflib_Perfdata_6a4.dat Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\Perflib_Perfdata_78c.dat Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\Perflib_Perfdata_7d4.dat Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\Perflib_Perfdata_830.dat Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\Perflib_Perfdata_848.dat Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\Perflib_Perfdata_868.dat Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\Perflib_Perfdata_888.dat Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\Perflib_Perfdata_918.dat Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\Perflib_Perfdata_948.dat Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\Perflib_Perfdata_9a0.dat Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\Perflib_Perfdata_9d8.dat Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\Perflib_Perfdata_a4c.dat Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\Perflib_Perfdata_a5c.dat Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\Perflib_Perfdata_a90.dat Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\Perflib_Perfdata_ae4.dat Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\Perflib_Perfdata_af8.dat Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\Perflib_Perfdata_b0c.dat Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\Perflib_Perfdata_b90.dat Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\Perflib_Perfdata_bb8.dat Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\Perflib_Perfdata_c00.dat Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\Perflib_Perfdata_c0c.dat Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\Perflib_Perfdata_c58.dat Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\Police Dispatch System F09-1.doc Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\Police Dispatch System F09-2.doc Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\Police Dispatch System F09-3.doc Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\Police Dispatch System F09.doc Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\ppt2A9.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\purinaproplan.bmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\pvu332.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\quadra000 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\Quality Exercise.doc Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\WER1650.dir00 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\WER1f16.dir00 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\WER63fd.dir00 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\WER71d4.dir00 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\WER7438.dir00 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\WER77b1.dir00 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\WER7b84.dir00 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\WER9b1c.dir00 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\WERa64b.dir00 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\WERbb77.dir00 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-29 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-3 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-30 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-31 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-32 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-33 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-34 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-35 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-36 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-37 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-38 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-39 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-4 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-40 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-41 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-42 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-43 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-44 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\plugtmp-45 Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\~DF4580.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\~DF4599.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\~DF460D.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\~DF4738.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\~DF4B6E.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\~DF5592.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\~DF58A6.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\~DF599A.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\~DF59A5.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\~DF5E4.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\~DF66BD.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\~DF6864.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\~DF69E.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\~DF6EAA.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\~DF6FFE.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\~DF706E.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\~DF7C16.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\~DF834F.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\~DF8363.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\~DF84AF.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\~DF84BA.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\nsg1CF1.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\NSSRT.exe Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\o8q1A9.tmp Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\Perflib_Perfdata_108.dat Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\Perflib_Perfdata_194.dat Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\Perflib_Perfdata_3bc.dat Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\Perflib_Perfdata_410.dat Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\Perflib_Perfdata_53c.dat Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\Perflib_Perfdata_5e4.dat Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\Perflib_Perfdata_c88.dat Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\Perflib_Perfdata_cc8.dat Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\Perflib_Perfdata_ce8.dat Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\Perflib_Perfdata_d0.dat Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\Perflib_Perfdata_d08.dat Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\Perflib_Perfdata_d40.dat Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\Perflib_Perfdata_d54.dat Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\Perflib_Perfdata_d6c.dat Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\Perflib_Perfdata_dc0.dat Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\Perflib_Perfdata_e54.dat Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\Perflib_Perfdata_e94.dat Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\Perflib_Perfdata_ec0.dat Status: Invisible to the Windows API! Path: C:\Documents and Settings\Saira\Local Settings\temp\Perflib_Perfdata_ed4.dat Status: Invisible to tSSDT ------------------- #: 011 Function Name: NtAdjustPrivilegesToken Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa31ef4a #: 031 Function Name: NtConnectPort Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa31e454 #: 037 Function Name: NtCreateFile Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa31eaee #: 041 Function Name: NtCreateKey Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa31f4c6 #: 046 Function Name: NtCreatePort Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa31e132 #: 050 Function Name: NtCreateSection Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa3201d6 #: 052 Function Name: NtCreateSymbolicLinkObject Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa3204ae #: 053 Function Name: NtCreateThread Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa31dcf8 #: 063 Function Name: NtDeleteKey Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa31f130 #: 065 Function Name: NtDeleteValueKey Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa31f2e0 #: 068 Function Name: NtDuplicateObject Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa31da5a #: 097 Function Name: NtLoadDriver Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa31fe58 #: 105 Function Name: NtMakeTemporaryObject Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa31e6d8 #: 116 Function Name: NtOpenFile Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa31ed32 #: 122 Function Name: NtOpenProcess Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa31d78a #: 125 Function Name: NtOpenSection Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa31e968 #: 128 Function Name: NtOpenThread Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa31d902 #: 192 Function Name: NtRenameKey Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa31f88c #: 200 Function Name: NtRequestWaitReplyPort Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa31e250 #: 210 Function Name: NtSecureConnectPort Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa31fbf4 #: 240 Function Name: NtSetSystemInformation Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa320006 #: 247 Function Name: NtSetValueKey Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa31f68c #: 249 Function Name: NtShutdownSystem Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa31e672 #: 255 Function Name: NtSystemDebugControl Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa31e85c #: 257 Function Name: NtTerminateProcess Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa31dffc #: 258 Function Name: NtTerminateThread Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa31deca Shadow SSDT ------------------- #: 013 Function Name: NtGdiBitBlt Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa32228a #: 122 Function Name: NtGdiDeleteObjectApp Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa3229ae #: 227 Function Name: NtGdiMaskBlt Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa3223be #: 233 Function Name: NtGdiOpenDCW Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa32286e #: 237 Function Name: NtGdiPlgBlt Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa3224fe #: 292 Function Name: NtGdiStretchBlt Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa322632 #: 310 Function Name: NtUserBlockInput Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa32210a #: 319 Function Name: NtUserCallHwndParamLock Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa32135c #: 383 Function Name: NtUserGetAsyncKeyState Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa321dda #: 389 Function Name: NtUserGetClipboardData Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa32276c #: 414 Function Name: NtUserGetKeyboardState Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa321b48 #: 416 Function Name: NtUserGetKeyState Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa321c8a #: 460 Function Name: NtUserMessageCall Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa32182c #: 465 Function Name: NtUserMoveWindow Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa321094 #: 475 Function Name: NtUserPostMessage Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa3214de #: 476 Function Name: NtUserPostThreadMessage Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa32168a #: 491 Function Name: NtUserRegisterRawInputDevices Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa321f2a #: 502 Function Name: NtUserSendInput Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa3219ee #: 509 Function Name: NtUserSetClipboardViewer Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa322020 #: 529 Function Name: NtUserSetParent Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa321204 #: 549 Function Name: NtUserSetWindowsHookEx Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa322a14 #: 552 Function Name: NtUserSetWinEventHook Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xaa322c48 ==EOF==

jpshortstuff View Member Profile	Sep 9 2009, 08:26 AM Post #6
SuperHelper Group: Classroom Teacher Posts: 5,620 Joined: 28-April 07 From: UK Member No.: 69,799 Operating System: Windows XP (Professional), Windows Vista (Home Business), Windows 7 (Ultimate), Ubuntu Linux	Hi, Looks like that got most of it, now we just need to clean up. 1. Please open Notepad Click Start , then Run Type notepad.exe in the Run Box. 2. Now copy/paste the entire content of the codebox below into the Notepad window: CODE http://forums.whatthetech.com/fake_windows_security_center_t106803.html Collect:: c:\windows\system32\fepuhegu.dll.tmp c:\windows\system32\fosepoyo.dll.tmp c:\windows\system32\jefiyuna.exe c:\windows\system32\regogera.dll.tmp c:\windows\system32\tiseluwi.dll.tmp c:\windows\system32\wepejapu.dll.tmp c:\windows\system32\wojigovu.dll.tmp c:\program files\Common Files\lygone.dll c:\program files\Common Files\gawiro._dl Driver:: dzqe DirLook:: c:\documents and settings\aactech\Application Data\agi FileLook:: c:\program files\instmsiw.exe c:\program files\instmsia.exe 3. Save the above as CFScript.txt 4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again. 5. After reboot, (in case it asks to reboot), please post ComboFix.txt in your next reply.[/list] I recommend you get the latest Java JRE and remove the older ones, as they can be exploited. You can remove these in Control Panel >> Add/Remove Programs: J2SE Runtime Environment 5.0 Update 6 Java™ 6 Update 3 Java™ 6 Update 6 Java™ SE Runtime Environment 6 Update 1 You can download the latest here: https://cds.sun.com/is-bin/INTERSHOP.enfini...S-CDS_Developer Please run MalwareBytes AntiMalware, update it, and then run a Full System Scan. If it finds anything, please post the log it gives. Let me know how things are running now.

sam.omar View Member Profile	Sep 9 2009, 11:59 PM Post #7
New Member Group: Authentic Member Posts: 9 Joined: 7-September 09 Member No.: 87,782 Operating System: windows xp	Hi I am sorry, I did as you said but after reboot I couldn't find ComboFix.txt.. I did exactly as you said. However, I downloaded new jre update and removed the old ones like you suggested. Also I am posting Malware Bytes Scan Log. It said it found two infections. Malwarebytes' Anti-Malware 1.40 Database version: 2769 Windows 5.1.2600 Service Pack 2 9/9/2009 7:30:42 PM mbam-log-2009-09-09 (19-30-42).txt Scan type: Full Scan (C:\\|D:\\|) Objects scanned: 222895 Time elapsed: 1 hour(s), 4 minute(s), 58 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Qoobox\Quarantine\C\WINDOWS\system32\UACmnrersytqr.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\UACrnvdpbmesw.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully. Thanks for your help

jpshortstuff View Member Profile	Sep 10 2009, 05:31 AM Post #8
SuperHelper Group: Classroom Teacher Posts: 5,620 Joined: 28-April 07 From: UK Member No.: 69,799 Operating System: Windows XP (Professional), Windows Vista (Home Business), Windows 7 (Ultimate), Ubuntu Linux	Is there a log at c:\combofix.txt? How are things running at the moment?

sam.omar View Member Profile	Sep 10 2009, 07:28 AM Post #9
New Member Group: Authentic Member Posts: 9 Joined: 7-September 09 Member No.: 87,782 Operating System: windows xp	No there is no ComboFix.txt in C drive. Computer is running perfectly normal. .no signs of any virus, the fake virus alerts are gone! Even the Computer speed is no longer slow. Everything is great thanks to you. However, I had a question Can you suggest some techniques to avoid future malware infections like these? Thanks

jpshortstuff View Member Profile	Sep 10 2009, 09:12 AM Post #10
SuperHelper Group: Classroom Teacher Posts: 5,620 Joined: 28-April 07 From: UK Member No.: 69,799 Operating System: Windows XP (Professional), Windows Vista (Home Business), Windows 7 (Ultimate), Ubuntu Linux	I will give you such tips at the end, but we just need to make sure all the malware is gone since we have no combofix log. Please run DDS again and post the first log it gives (DDS.txt).

sam.omar View Member Profile	Sep 10 2009, 08:29 PM Post #11
New Member Group: Authentic Member Posts: 9 Joined: 7-September 09 Member No.: 87,782 Operating System: windows xp	Here is the DDS.txt Log DDS (Ver_09-06-26.01) - NTFSx86 Run by aactech at 19:28:10.42 on Thu 09/10/2009 Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_16 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.145 [GMT -7:00] ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\AGI\common\win32\PythonService.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft Analysis Services\Bin\msmdsrv.exe C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\stsystra.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroDist.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\aactech\Desktop\dds.scr ============== Pseudo HJT Report =============== mStart Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = hxxp://personalfirewall.comodo.com/download_firewall.html mURLSearchHooks: H - No File BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [SigmatelSysTrayApp] stsystra.exe mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe" mRun: [combofix] c:\windows\system32\cf6489.exe /c c:\combo-fix\Combobatch.bat mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\easywi~1.lnk - c:\program files\makayama interactive\easy wifi radar\Easy WIFI Radar.exe IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813 DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://csufvpns.fullerton.edu/dana-cached/setup/JuniperSetupSP1.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\aactech\applic~1\mozilla\firefox\profiles\l8e0znt5.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R2 AGWinService;AG Windows Service;c:\program files\agi\common\win32\pythonservice.exe [2008-11-14 10240] S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-11-23 40840] S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-11-23 66952] S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-11-23 81288] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsauxs.exe --> c:\program files\spyware doctor\pctsAuxs.exe [?] S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctssvc.exe --> c:\program files\spyware doctor\pctsSvc.exe [?] =============== Created Last 30 ================ 2009-09-09 15:13 411,368 a------- c:\windows\system32\deploytk.dll 2009-09-09 15:13 73,728 a------- c:\windows\system32\javacpl.cpl 2009-09-09 14:57 0 a------- c:\windows\system32\REN1E.tmp 2009-09-09 14:57 0 a------- c:\windows\system32\REN1D.tmp 2009-09-09 14:57 0 a------- c:\windows\system32\REN1C.tmp 2009-09-09 13:18 388,608 a------- c:\windows\system32\CF6489.exe 2009-09-09 13:17 388,608 a------- c:\windows\system32\CF29784.exe 2009-09-09 12:01 <DIR> --d----- c:\documents and settings\aactech\Tracing 2009-09-09 06:37 <DIR> --d----- c:\docume~1\aactech\applic~1\agi 2009-09-08 07:22 0 a------- c:\documents and settings\aactech\settings.dat 2009-09-07 15:21 320 a------- c:\windows\system32\drivers\sfi.dat 2009-09-07 13:12 120 a------- c:\windows\CIS_Setup_3.11.108364.552_XP_Vista_x32.INI 2009-09-07 13:09 <DIR> --d----- c:\program files\COMODO 2009-09-07 12:46 55,656 a------- c:\windows\system32\drivers\avgntflt.sys 2009-08-26 00:11 <DIR> --d----- c:\docume~1\aactech\applic~1\Malwarebytes 2009-08-13 03:01 <DIR> --d----- c:\windows\ServicePackFiles ==================== Find3M ==================== 2009-09-03 22:25 230,912 a------- c:\windows\PEV.exe 2009-08-05 02:11 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-08-03 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-03 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys 2009-07-17 11:55 58,880 a------- c:\windows\system32\atl.dll 2009-07-13 19:22 170,942 a------- c:\windows\pchealth\helpctr\config\cache\Professional_32_1033.dat 2009-07-13 02:18 233,472 a------- c:\windows\system32\wmpdxm.dll 2009-06-26 09:18 659,456 -------- c:\windows\system32\wininet.dll 2009-06-26 09:18 81,920 a------- c:\windows\system32\ieencode.dll 2009-06-25 11:36 661,504 a------- c:\windows\system32\mqqm.dll 2009-06-25 11:36 517,120 a------- c:\windows\system32\mqsnap.dll 2009-06-25 11:36 471,552 a------- c:\windows\system32\mqutil.dll 2009-06-25 11:36 225,280 a------- c:\windows\system32\mqoa.dll 2009-06-25 11:36 186,880 a------- c:\windows\system32\mqtrig.dll 2009-06-25 11:36 177,152 a------- c:\windows\system32\mqrt.dll 2009-06-25 11:36 138,240 a------- c:\windows\system32\mqad.dll 2009-06-25 11:36 123,392 a------- c:\windows\system32\mqrtdep.dll 2009-06-25 11:36 95,744 a------- c:\windows\system32\mqsec.dll 2009-06-25 11:36 48,640 a------- c:\windows\system32\mqupgrd.dll 2009-06-25 11:36 47,104 a------- c:\windows\system32\mqdscli.dll 2009-06-25 11:36 16,896 a------- c:\windows\system32\mqise.dll 2009-06-25 01:17 729,600 a------- c:\windows\system32\lsasrv.dll 2009-06-25 01:17 301,568 a------- c:\windows\system32\kerberos.dll 2009-06-25 01:17 168,448 a------- c:\windows\system32\schannel.dll 2009-06-25 01:17 136,192 a------- c:\windows\system32\msv1_0.dll 2009-06-25 01:17 59,392 a------- c:\windows\system32\wdigest.dll 2009-06-25 01:17 56,320 a------- c:\windows\system32\secur32.dll 2009-06-22 04:49 117,248 a------- c:\windows\system32\mqtgsvc.exe 2009-06-22 04:49 19,968 a------- c:\windows\system32\mqbkup.exe 2009-06-22 04:49 4,608 a------- c:\windows\system32\mqsvc.exe 2009-06-16 07:55 119,808 a------- c:\windows\system32\t2embed.dll 2009-06-16 07:55 82,432 a------- c:\windows\system32\fontsub.dll 2007-11-13 12:47 217 a------- c:\program files\setup.ini 2002-03-11 02:06 1,822,520 a------- c:\program files\instmsiw.exe 2002-03-11 01:45 1,708,856 a------- c:\program files\instmsia.exe ============= FINISH: 19:28:46.57 =============== Many Thanks

jpshortstuff View Member Profile	Sep 11 2009, 06:07 AM Post #12
SuperHelper Group: Classroom Teacher Posts: 5,620 Joined: 28-April 07 From: UK Member No.: 69,799 Operating System: Windows XP (Professional), Windows Vista (Home Business), Windows 7 (Ultimate), Ubuntu Linux	Hmm, that shows us that combofix didn't complete it's run. Can you please try running the CFScript again?

sam.omar View Member Profile	Sep 12 2009, 12:17 AM Post #13
New Member Group: Authentic Member Posts: 9 Joined: 7-September 09 Member No.: 87,782 Operating System: windows xp	Hi I re-ran ComboFix with the CFScript. I got the ComboFix log this time. I am posting it below. ---------------------------------------------------------------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------------------------------------------------------------------------- ComboFix 09-09-11.01 - aactech 09/11/2009 23:04.7.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.126 [GMT -7:00] Running from: c:\documents and settings\aactech\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\aactech\Desktop\CFScript.txt . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . c:\program files\Common Files\gawiro._dl c:\program files\Common Files\lygone.dll c:\windows\system32\fepuhegu.dll.tmp c:\windows\system32\fosepoyo.dll.tmp c:\windows\system32\jefiyuna.exe c:\windows\system32\regogera.dll.tmp c:\windows\system32\tiseluwi.dll.tmp c:\windows\system32\wepejapu.dll.tmp c:\windows\system32\wojigovu.dll.tmp . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_dzqe ((((((((((((((((((((((((( Files Created from 2009-08-12 to 2009-09-12 ))))))))))))))))))))))))))))))) . 2009-09-09 23:28 . 2009-09-09 23:28 -------- d-----w- c:\documents and settings\aactech\Application Data\AdobeUM 2009-09-09 22:13 . 2009-09-09 22:12 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-09-09 19:01 . 2009-09-12 05:59 -------- d-----w- c:\documents and settings\aactech\Tracing 2009-09-09 13:37 . 2009-09-09 13:37 -------- d-----w- c:\documents and settings\aactech\Application Data\agi 2009-09-08 14:22 . 2009-09-08 14:22 0 ----a-w- c:\documents and settings\aactech\settings.dat 2009-09-07 22:21 . 2009-09-07 23:12 320 ----a-w- c:\windows\system32\drivers\sfi.dat 2009-09-07 20:09 . 2009-09-09 23:10 -------- d-----w- c:\program files\COMODO 2009-09-07 19:46 . 2009-07-28 23:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-08-26 15:20 . 2009-09-11 04:36 -------- d-----w- c:\documents and settings\aactech\Application Data\skypePM 2009-08-26 15:19 . 2009-09-11 05:26 -------- d-----w- c:\documents and settings\aactech\Application Data\Skype 2009-08-26 07:26 . 2009-08-26 07:26 -------- d-----w- c:\documents and settings\aactech\Local Settings\Application Data\Mozilla 2009-08-26 07:25 . 2009-08-26 07:25 -------- d-----w- c:\documents and settings\aactech\Application Data\Apple Computer 2009-08-26 07:12 . 2009-09-02 18:31 -------- d-----w- c:\documents and settings\aactech\Local Settings\Application Data\Adobe 2009-08-26 07:11 . 2009-08-26 07:11 -------- d-----w- c:\documents and settings\aactech\Application Data\Malwarebytes 2009-08-22 08:01 . 2009-08-22 08:01 -------- d-----w- c:\program files\Common Files\Skype 2009-08-13 10:01 . 2009-08-13 10:01 -------- d-----w- c:\windows\ServicePackFiles . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-09 22:12 . 2008-02-04 00:47 -------- d-----w- c:\program files\Java 2009-09-09 22:08 . 2008-04-17 21:33 -------- d-----w- c:\program files\VideoLAN 2009-09-09 22:08 . 2008-06-08 21:57 -------- d-----r- c:\program files\Skype 2009-09-09 22:07 . 2008-02-08 00:00 -------- d-----w- c:\program files\OpenOffice.org 2.3 2009-09-09 22:04 . 2008-02-04 00:10 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-09 22:03 . 2008-03-13 21:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-09-09 21:57 . 2009-09-09 21:57 0 ----a-w- c:\windows\system32\REN1E.tmp 2009-09-09 21:57 . 2009-09-09 21:57 0 ----a-w- c:\windows\system32\REN1D.tmp 2009-09-09 21:57 . 2009-09-09 21:57 0 ----a-w- c:\windows\system32\REN1C.tmp 2009-09-07 18:33 . 2008-10-21 04:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-07 14:41 . 2008-06-08 21:58 -------- d-----w- c:\documents and settings\Saira\Application Data\Skype 2009-09-07 07:03 . 2008-06-08 21:59 -------- d-----w- c:\documents and settings\Saira\Application Data\skypePM 2009-09-07 06:09 . 2008-02-09 06:37 -------- d-----w- c:\documents and settings\Saira\Application Data\OpenOffice.org2 2009-08-29 17:00 . 2008-02-04 00:26 72360 ----a-w- c:\documents and settings\Saira\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-26 07:25 . 2008-04-04 18:12 72360 ----a-w- c:\documents and settings\aactech\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-22 08:01 . 2008-06-08 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2009-08-05 09:11 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-03 20:36 . 2008-10-21 04:14 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-03 20:36 . 2008-10-21 04:14 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-19 01:54 . 2008-02-07 05:39 -------- d-----w- c:\documents and settings\Saira\Application Data\NetSarang 2009-07-19 01:48 . 2008-12-01 17:20 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-07-19 01:39 . 2009-07-18 21:03 -------- d-----w- c:\program files\Astonsoft 2009-07-18 22:05 . 2008-06-28 01:05 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-07-18 01:57 . 2009-07-18 01:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2009-07-18 01:57 . 2008-06-20 06:35 -------- d-----w- c:\program files\Norton Security Scan 2009-07-18 01:02 . 2009-07-18 01:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-07-18 01:02 . 2009-07-18 01:02 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller 2009-07-17 18:55 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 09:18 . 2004-08-04 12:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll 2009-06-26 16:18 . 2004-08-04 12:00 659456 ------w- c:\windows\system32\wininet.dll 2009-06-26 16:18 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-06-25 18:36 . 2004-08-04 12:00 95744 ----a-w- c:\windows\system32\mqsec.dll 2009-06-25 18:36 . 2004-08-04 12:00 661504 ----a-w- c:\windows\system32\mqqm.dll 2009-06-25 18:36 . 2004-08-04 12:00 517120 ----a-w- c:\windows\system32\mqsnap.dll 2009-06-25 18:36 . 2004-08-04 12:00 48640 ----a-w- c:\windows\system32\mqupgrd.dll 2009-06-25 18:36 . 2004-08-04 12:00 471552 ----a-w- c:\windows\system32\mqutil.dll 2009-06-25 18:36 . 2004-08-04 12:00 47104 ----a-w- c:\windows\system32\mqdscli.dll 2009-06-25 18:36 . 2004-08-04 12:00 225280 ----a-w- c:\windows\system32\mqoa.dll 2009-06-25 18:36 . 2004-08-04 12:00 186880 ----a-w- c:\windows\system32\mqtrig.dll 2009-06-25 18:36 . 2004-08-04 12:00 177152 ----a-w- c:\windows\system32\mqrt.dll 2009-06-25 18:36 . 2004-08-04 12:00 16896 ----a-w- c:\windows\system32\mqise.dll 2009-06-25 18:36 . 2004-08-04 12:00 138240 ----a-w- c:\windows\system32\mqad.dll 2009-06-25 18:36 . 2004-08-04 12:00 123392 ----a-w- c:\windows\system32\mqrtdep.dll 2009-06-25 08:17 . 2004-08-04 12:00 729600 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:17 . 2004-08-04 12:00 59392 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:17 . 2004-08-04 12:00 56320 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:17 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-25 08:17 . 2004-08-04 12:00 168448 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:17 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-22 11:49 . 2004-08-04 12:00 19968 ----a-w- c:\windows\system32\mqbkup.exe 2009-06-22 11:49 . 2004-08-04 12:00 117248 ----a-w- c:\windows\system32\mqtgsvc.exe 2009-06-22 11:49 . 2004-08-04 12:00 4608 ----a-w- c:\windows\system32\mqsvc.exe 2009-06-22 11:48 . 2004-08-04 12:00 91776 ----a-w- c:\windows\system32\drivers\mqac.sys 2009-06-22 11:35 . 2004-08-04 12:00 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-06-16 14:55 . 2004-08-04 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:55 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2007-11-13 19:47 . 2007-11-13 19:47 217 ----a-w- c:\program files\setup.ini 2002-03-11 09:06 . 2002-03-11 09:06 1822520 ----a-w- c:\program files\instmsiw.exe 2002-03-11 08:45 . 2002-03-11 08:45 1708856 ----a-w- c:\program files\instmsia.exe . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . --- c:\program files\instmsia.exe --- Company: Microsoft Corporation File Description: Installer for the Windows Installer File Version: 2.0.2600.2 Product Name: Windows Installer Copyright: Copyright © Microsoft Corp. 2000 Original Filename: Msi.dll,MsiHnd.dll,MsiExec.exe File size: 1708856 Created time: 2002-03-11 08:45 Modified time: 2002-03-11 08:45 MD5: 43F7305C2E5DD4A8F3C5ABEB2FFE4833 SHA1: 03BDA624AB7F0D7CB9ADA41A960C35C0152F98FD --- c:\program files\instmsiw.exe --- Company: Microsoft Corporation File Description: Installer for the Windows Installer File Version: 2.0.2600.2 Product Name: Windows Installer - Unicode Copyright: Copyright © Microsoft Corp. 2000 Original Filename: Msi.dll,MsiHnd.dll,MsiExec.exe File size: 1822520 Created time: 2002-03-11 09:06 Modified time: 2002-03-11 09:06 MD5: 61A5FB191AE2AE876DB31DCCE75E4183 SHA1: 751669C38B666C7435B2A65A5C6FE40435D59AAA ---- Directory of c:\documents and settings\aactech\Application Data\agi ---- 2009-09-09 13:37 . 2009-09-09 13:37 0 ----a-w- c:\documents and settings\aactech\Application Data\agi\logs\pyagcore.log ((((((((((((((((((((((((((((( SnapShot@2009-09-09_13.37.13 ))))))))))))))))))))))))))))))))))))))))) . + 2009-09-09 22:13 . 2009-09-09 22:12 149280 c:\windows\system32\javaws.exe + 2009-09-09 22:13 . 2009-09-09 22:12 145184 c:\windows\system32\javaw.exe + 2009-09-09 22:13 . 2009-09-09 22:12 145184 c:\windows\system32\java.exe + 2009-09-09 22:12 . 2009-09-09 22:12 1757696 c:\windows\Installer\509b0.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-31 4670704] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-08-04 1032192] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-31 138008] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-01 385024] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-20 185896] "Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-09 149280] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-25 282624] c:\documents and settings\Saira\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2009-3-31 25214] Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\WLTRYSVC.EXE"= "c:\\Program Files\\AGI\\common\\win32\\pythonservice.exe"= "c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"= "c:\\WINDOWS\\system32\\taskmgr.exe"= "c:\\WINDOWS\\system32\\BCMWLTRY.EXE"= "c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"= "c:\\WINDOWS\\system32\\spoolsv.exe"= "c:\\WINDOWS\\system32\\WLTRAY.EXE"= "c:\\Program Files\\WIDCOMM\\Bluetooth Software\\bin\\btwdins.exe"= "c:\\WINDOWS\\system32\\wbem\\wmiadap.exe"= "c:\\WINDOWS\\system32\\verclsid.exe"= "c:\\Program Files\\AGI\\Python25\\pythonw.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R2 AGWinService;AG Windows Service;c:\program files\AGI\common\win32\pythonservice.exe [11/14/2008 7:31 PM 10240] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe --> c:\program files\Spyware Doctor\pctsAuxs.exe [?] . . ------- Supplementary Scan ------- . mStart Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = hxxp://personalfirewall.comodo.com/download_firewall.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\aactech\Application Data\Mozilla\Firefox\Profiles\l8e0znt5.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-11 23:11 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL] "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(848) c:\windows\System32\BCMLogon.dll - - - - - - - > 'explorer.exe'(2444) c:\program files\WIDCOMM\Bluetooth Software\btkeyind.dll c:\program files\Dell\QuickSet\dadkeyb.dll c:\windows\system32\hccutils.DLL . Completion time: 2009-09-12 23:13 ComboFix-quarantined-files.txt 2009-09-12 06:13 ComboFix2.txt 2009-09-09 13:38 ComboFix3.txt 2009-07-14 02:13 Pre-Run: 3,270,668,288 bytes free Post-Run: 3,595,403,264 bytes free 245 --- E O F --- 2009-09-09 06:33

jpshortstuff View Member Profile	Sep 13 2009, 07:45 AM Post #14
SuperHelper Group: Classroom Teacher Posts: 5,620 Joined: 28-April 07 From: UK Member No.: 69,799 Operating System: Windows XP (Professional), Windows Vista (Home Business), Windows 7 (Ultimate), Ubuntu Linux	Hi, Excellent, that's more like it Click Start >> Run, and then type ComboFix /u and hit enter. You can now delete any other tools I had you download and use, unless you wish to keep them. Now that your system appears to be clean, there's just a few steps I'd like you to take to prevent any future infections. Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (using Internet Explorer) and download and install all critical updates on a regular basis. Make sure you update your Anti-Virus software regularly, new viruses are being developed all the time. Some more programs that it would be useful to have [OPTIONAL but RECOMMENDED]: Download Spybot Search and Destroy 1.5 from here Check for Updates/ Immunize and run a Full System Scan on a regular basis. SpywareBlaster is another real-time scanner that prevents most spyware from even being installed. Freely available: Download SpywareBlaster Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program. Also, please read this great article by Tony Klein: So How Did I Get Infected In First Place Glad we could be of assistance. Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved. Stay Clean! jpshortstuff

sam.omar View Member Profile	Sep 14 2009, 12:00 AM Post #15
New Member Group: Authentic Member Posts: 9 Joined: 7-September 09 Member No.: 87,782 Operating System: windows xp	Dear jpshortstuff!! I did the ComboFix uninstall. I am totally satisfied with the help you provided. My computer is doing well. I have made a note of all the things I should be doing to keep my system free of viruses. Thanks for all the help. You resolved my problem. I really appreciate your help.

jpshortstuff View Member Profile	Sep 14 2009, 03:38 AM Post #16
SuperHelper Group: Classroom Teacher Posts: 5,620 Joined: 28-April 07 From: UK Member No.: 69,799 Operating System: Windows XP (Professional), Windows Vista (Home Business), Windows 7 (Ultimate), Ubuntu Linux	Glad we could help you

jpshortstuff View Member Profile	Sep 14 2009, 03:38 AM Post #17
SuperHelper Group: Classroom Teacher Posts: 5,620 Joined: 28-April 07 From: UK Member No.: 69,799 Operating System: Windows XP (Professional), Windows Vista (Home Business), Windows 7 (Ultimate), Ubuntu Linux	Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

« Next Oldest · Infections Removal · Next Newest »

2 Pages

1 2 >

Closed Topic

Start new topic

Similar Topics

Similar Topics

Similar Topics

		Topic Title	Replies	Topic Starter	Views	Last Action
		Microsoft Windows™ Need Windows 7 Advice	7	Jimbo1	118	20 minutes ago Last post by: Jimbo1
		Infections Removal [Resolved] Something big.	5	ajones	105	Today, 02:10 AM Last post by: oldman960
		Infections Removal Fake XP antivirus	0	poporacer	19	Yesterday, 10:03 PM Last post by: poporacer
		Microsoft Windows™ Windows 8....Rumor or truth?	3	MobileMania	51	Yesterday, 07:35 PM Last post by: Doug

Display Mode: Switch to: Standard · Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Time is now: 19th March 2010 - 09:28 AM

Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk.
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
Memory Forums | Auto Repair Forum
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy

Powered By IP.Board © 2010 IPS, Inc.