Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92366 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Computer takeover


  • This topic is locked This topic is locked
16 replies to this topic

#1 mesa215

mesa215

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts
  • Interests:Reading Books<br />Writing Poetry<br />Music

Posted 07 November 2009 - 09:53 PM

I do not know what is wrong with my computer. I went to run a scan with my pctools antivirus and it just disappeared of my scrin the middle of scanning. I tried to reopen it I gota message telling me that the exe file was corrupt and I needed to redownload. Everytime I redownload I get the same problem. I have tried to install other virus software as well and I keep getting the same problem. It seems that whatever is in my computer attaches itself to antivirus and spyware programs so they won't work. I also have a paid version of spyware detector and it ias doing the same thing. Computer is real slow and the internet explorer keeps shutting down with an error saying it has encountered a problem and needs to close. What should I do. Should I run a hijackthis scan and send you the log? I would really appreciate your help. Thanks for your time.

    Advertisements

Register to Remove


#2 Raktor

Raktor

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,114 posts

Posted 08 November 2009 - 05:57 AM

Posted Image

Hi, welcome to the WTT Forums. My username is Raktor, and I would be glad to help you with your malware issues. I'd be grateful if you would note the following:

  • Absence of symptoms does not always mean the computer is clean
  • Please do not run any scans or fixes without my direction.
  • Finally, stay with this topic until I give you the final 'All clear' post.

1) exeHelper
Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

2) DDS
Posted Image
Please download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop.

3) RR
Please download RootRepeal.zip.
Save it to your Desktop. Alternate download links here or here.
Please print these instructions, you will not have an Internet connection!
If you have a 3rd party "unzipping" program...use it to open the zipped file...then skip to Step 5. Otherwise...
  • Right click on RootRepeal.zip and select "Extract All"....
  • Click Next on the "Welcome to the Compressed (zipped) Folders Extraction Wizard."
  • Click on the Browse...button, then click on Desktop, then click OK.
  • Once done, check (tick) the Show extracted files box and click Finish.
  • Before running RootRepeal:
    • Disconnect from the Internet as your system will be unprotected while using this tool.
      Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.
  • Open the RootRepeal folder and double-click on RootRepeal.exe to launch it.
  • When the program opens, click the Report tab at the bottom, then click the Scan button.
  • In the Select Scan, dialog which asks What do you want to include in the scan?, check ALL the boxes.
    Posted Image
  • Click OK.
  • In the Select Drives, dialog Please select drives to scan: select all drives showing, then click OK.
    The scan can take some time to finish. Do not use the computer while the scan is running.
    When the scan has completed, a list of files will be generated in the RootRepeal window.
  • Click on the Save Report button and save it as "rootrepeal.txt" to your desktop.
  • Close and exit RootRepeal
  • Double-click on the file rootrepeal.txt... Notepad will open... copy/paste the file contents in your next reply.

Make sure to enable your anti-virus, Firewall and any other security programs you disabled.
Note: If RootRepeal cannot complete a scan and results in a crash report, try repeating the scan in "safe mode".

4) What You Will Need To Post:
  • exeHelper log
  • DDS logs
  • RR log

Posted Image
Graduate from the WTT Malware Classroom
If you feel I have helped you, please consider a donation. Posted Image
Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

#3 mesa215

mesa215

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts
  • Interests:Reading Books<br />Writing Poetry<br />Music

Posted 08 November 2009 - 11:22 PM

Thank you for helping. Unfortunately I had already ran other scans before I came to this site. I hope it didn't cause any problems. I downloaded everything. I ran the scans and here are the results:

DDS

DDS (Ver_09-10-26.01) - NTFSx86
Run by Sara & Yashe at 22:54:39.07 on Sun 11/08/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1493 [GMT -5:00]

AV: PC Tools AntiVirus 6.1.0.25 *On-access scanning enabled* (Updated) {832E7172-E406-4bb2-8B19-6D29F2C93A98}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Max Spyware Detector\MaxWatchDogService.exe
C:\Program Files\Digiarty\WinX DVD Author 5.5\NMSAccessU.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PRISMSVC.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Sara & Yashe\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://money.aol.com/?icid=AIMPro
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [CTSysVol] "c:\program files\creative\sound blaster live! 24-bit\surround mixer\CTSysVol.exe" /r
mRun: [P17Helper] "Rundll32" P17.dll,P17Helper
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [SoundMAXPnP] "c:\program files\analog devices\core\smax4pnp.exe"
mRun: [Microsoft Works Update Detection] "c:\program files\common files\microsoft shared\works shared\WkUFind.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [PCTAVApp] "c:\program files\pc tools antivirus\PCTAV.exe" /MONITORSCAN
mRun: [SDActiveMonitor] c:\program files\max spyware detector\MaxSDTray.exe "-AUTO"
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1255881411109
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: PRISMAPI.DLL - PRISMAPI.DLL
STS: PtleucosCnb.Ptleucos: {462db222-f475-4480-b981-6546c5e019da} - c:\windows\system32\ptleucos.dll

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-11-7 206256]
R2 MaxWatchDogService;MaxWatchDogService;c:\program files\max spyware detector\MaxWatchDogService.exe [2009-11-7 426928]
R2 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [2009-10-18 61526]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R3 SDActMon;SDActMon;c:\program files\max spyware detector\SDActMon.sys [2009-11-7 30128]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 gupdate1ca5829d41396fc;Google Update Service (gupdate1ca5829d41396fc);c:\program files\google\update\GoogleUpdate.exe [2009-10-28 133104]
S3 getPlusHelper;getPlus® Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2004-8-10 14336]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

=============== Created Last 30 ================

2009-11-08 23:06:34 0 d-----w- c:\program files\MSXML 4.0
2009-11-08 04:41:54 0 d-----w- c:\docume~1\sara&y~1\applic~1\PC Tools
2009-11-08 04:40:50 0 d-----w- c:\program files\Max Spyware Detector
2009-11-08 04:40:28 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-11-08 04:40:28 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-11-08 04:40:28 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-08 04:40:17 0 d-----w- c:\program files\common files\PC Tools
2009-11-08 04:40:16 28560 ----a-w- c:\windows\system32\drivers\AVHook.sys
2009-11-08 04:40:16 21904 ----a-w- c:\windows\system32\drivers\AVRec.sys
2009-11-08 04:40:16 21904 ----a-w- c:\windows\system32\drivers\AVFilter.sys
2009-11-08 04:40:00 0 d-----w- c:\program files\PC Tools AntiVirus
2009-11-08 04:26:32 0 d-sha-r- C:\cmdcons
2009-11-08 04:25:49 77312 ----a-w- c:\windows\MBR.exe
2009-11-08 04:25:49 267264 ----a-w- c:\windows\PEV.exe
2009-11-08 04:25:49 161792 ----a-w- c:\windows\SWREG.exe
2009-11-08 04:12:35 0 d-----w- c:\docume~1\sara&y~1\applic~1\Malwarebytes
2009-11-08 04:12:30 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-08 03:47:05 0 d-----w- c:\docume~1\alluse~1\applic~1\SITEguard
2009-11-08 03:46:11 0 d-----w- c:\program files\common files\iS3
2009-11-08 03:44:45 0 d-----w- c:\program files\Trend Micro
2009-11-08 03:30:17 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-08 03:30:17 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-11-08 02:24:01 0 d-----w- c:\program files\Ask.com
2009-11-08 02:23:40 0 d-----w- c:\program files\MSSOAP
2009-11-08 02:23:22 0 d-----w- c:\docume~1\sara&y~1\applic~1\Webroot
2009-11-08 02:19:21 164 ----a-w- c:\windows\install.dat
2009-11-07 09:53:33 0 d-----w- c:\program files\common files\xing shared
2009-11-07 09:53:13 0 d-----w- c:\program files\common files\Real
2009-11-07 07:49:10 0 d-----w- c:\docume~1\sara&y~1\applic~1\Spam Monitor
2009-11-07 07:43:43 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2009-11-07 00:18:53 0 ----a-r- c:\windows\win32k.sys
2009-11-05 02:54:20 0 d-----w- c:\docume~1\sara&y~1\applic~1\AIMPro
2009-11-05 02:40:05 0 d-----w- c:\program files\common files\Nullsoft
2009-11-05 02:39:56 0 d-----w- c:\program files\AIM
2009-11-02 20:39:43 0 d-----w- c:\docume~1\alluse~1\applic~1\Vantage
2009-11-02 20:39:33 0 d-----w- c:\docume~1\sara&y~1\applic~1\Vantage
2009-11-02 20:39:29 0 d-----w- c:\program files\Vantage Technologies
2009-10-31 16:52:32 0 d-----w- c:\docume~1\sara&y~1\applic~1\Alawar
2009-10-31 05:11:34 0 d-----w- c:\docume~1\sara&y~1\applic~1\GTM_Bodie
2009-10-28 23:54:00 0 d-----w- c:\program files\Zylom Games
2009-10-28 23:54:00 0 d-----w- c:\docume~1\alluse~1\applic~1\Zylom
2009-10-28 23:42:38 0 d-----w- c:\docume~1\alluse~1\applic~1\HipSoft
2009-10-28 09:44:22 0 d-----w- c:\windows\system32\appmgmt
2009-10-28 08:42:53 0 d-----w- c:\docume~1\alluse~1\applic~1\Princess Isabella
2009-10-28 08:40:05 0 d-----w- C:\GameHouse Games
2009-10-28 08:39:14 0 d-----w- c:\program files\RealArcade
2009-10-28 07:00:22 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-10-27 16:27:46 0 d-----w- c:\program files\common files\HP
2009-10-27 16:25:51 0 d-----w- c:\program files\common files\Hewlett-Packard
2009-10-27 16:25:16 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2009-10-27 16:25:11 51120 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2009-10-27 16:24:46 21744 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2009-10-27 16:24:04 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2009-10-27 16:24:04 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2009-10-27 16:24:04 61440 ----a-w- c:\windows\system32\HPZinw12.exe
2009-10-27 16:24:04 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2009-10-27 16:24:04 278584 ----a-w- c:\windows\system32\HPZidr12.dll
2009-10-27 16:24:04 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2009-10-27 16:24:02 306688 ----a-w- c:\windows\IsUninst.exe
2009-10-26 22:09:12 0 d-----w- c:\program files\Digiarty
2009-10-26 21:04:36 0 d-----w- c:\docume~1\sara&y~1\applic~1\IObit
2009-10-26 21:04:35 0 d-----w- c:\program files\IObit
2009-10-25 01:18:57 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2009-10-25 01:18:18 0 d-----w- c:\temp\MTGOInstall
2009-10-25 01:18:18 0 d-----w- C:\Temp
2009-10-25 01:11:06 0 d-----w- c:\docume~1\sara&y~1\applic~1\Wizards of the Coast
2009-10-25 01:10:53 0 d-----w- c:\program files\Wizards of the Coast
2009-10-25 00:58:22 0 d-----w- c:\docume~1\alluse~1\applic~1\Trymedia
2009-10-25 00:51:22 0 d-----w- c:\docume~1\sara&y~1\applic~1\MagicBall4
2009-10-25 00:50:15 0 d-----w- c:\program files\ReflexiveArcade
2009-10-19 05:44:44 1089593 -c----w- c:\windows\system32\dllcache\ntprint.cat
2009-10-19 01:20:15 0 d-----w- c:\windows\system32\XPSViewer
2009-10-19 01:19:36 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-19 01:19:36 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-19 01:19:36 117760 ------w- c:\windows\system32\prntvpt.dll
2009-10-19 01:19:35 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-10-19 01:19:35 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-10-19 01:19:35 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-10-19 01:19:35 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-10-19 01:19:34 0 d-----w- C:\a77d5422197f8a293a93ceaf97fafe2f
2009-10-19 01:14:15 501912 ----a-w- c:\windows\system32\PICSDK2.dll
2009-10-19 01:14:15 31053 ----a-w- c:\windows\system32\EPPICPattern131.dat
2009-10-19 01:14:15 27417 ----a-w- c:\windows\system32\EPPICPattern121.dat
2009-10-19 01:14:15 108704 ----a-w- c:\windows\system32\PICEntry.dll
2009-10-19 00:35:58 0 d-----w- C:\EPSONREG
2009-10-19 00:34:22 11776 ----a-w- c:\windows\system32\drivers\afc.sys
2009-10-19 00:32:02 264886 ----a-w- c:\windows\EPSTPLOG.BAK
2009-10-19 00:31:25 44 ----a-w- c:\windows\EPCX4800.ini
2009-10-19 00:30:42 0 d-----w- c:\program files\EPSON
2009-10-19 00:30:34 79679 ----a-w- c:\windows\system32\E_FLMADA.DLL
2009-10-19 00:30:34 64000 ----a-w- c:\windows\system32\E_FBCBADA.DLL
2009-10-19 00:30:34 34304 ----a-w- c:\windows\system32\E_FBCHADA.DLL
2009-10-19 00:29:48 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-10-19 00:29:48 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-10-19 00:29:33 22016 ----a-w- c:\windows\system32\esccmd.dll
2009-10-19 00:29:32 46080 ----a-w- c:\windows\system32\escimgd.dll
2009-10-19 00:29:32 29696 ----a-w- c:\windows\system32\escwiad.dll
2009-10-19 00:29:30 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-10-19 00:29:30 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-10-18 23:56:17 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-10-18 23:56:17 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2009-10-18 20:00:08 929 ----a-w- c:\windows\system32\drivers\ativcaxx.vp
2009-10-18 20:00:08 6684672 ----a-w- c:\windows\system32\atioglx1.dll
2009-10-18 20:00:08 6005 ----a-w- c:\windows\system32\atifglpf.xml
2009-10-18 20:00:08 58560 ----a-w- c:\windows\system32\drivers\ativckxx.vp
2009-10-18 20:00:08 40960 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-10-18 20:00:08 27232 ----a-w- c:\windows\system32\drivers\ativvpxx.vp
2009-10-18 20:00:08 151552 ----a-w- c:\windows\system32\atikvmag.dll
2009-10-18 20:00:08 114630 ----a-w- c:\windows\system32\atiicdxx.dat
2009-10-18 20:00:08 1114674 ----a-w- c:\windows\system32\drivers\ativcaxx.cpa
2009-10-18 20:00:00 5 ----a-w- c:\windows\system32\drivers\DELL_DIM_4700.MRK
2009-10-18 20:00:00 5 ----a-w- c:\windows\system32\drivers\1028_DELL_DIM_4700.MRK
2009-10-18 19:57:50 0 d-----w- c:\program files\Dell
2009-10-18 19:57:10 0 d-----w- c:\docume~1\alluse~1\applic~1\Prism
2009-10-18 19:57:08 61526 ----a-w- c:\windows\system32\PRISMSVC.exe
2009-10-18 19:57:08 49152 ----a-w- c:\windows\system32\StopSrvr.exe
2009-10-18 19:57:08 450646 ----a-w- c:\windows\system32\PRISMAPI.dll
2009-10-18 19:57:08 381014 ----a-w- c:\windows\system32\PRISMSVR.exe
2009-10-18 19:57:08 0 d-----w- c:\program files\Dell Wireless
2009-10-18 19:57:05 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-10-18 19:57:05 1396827 ----a-w- c:\windows\system32\PRISME5.dll
2009-10-18 19:53:43 588 ----a-w- c:\windows\system32\settingsbkup.sfm
2009-10-18 19:53:43 588 ----a-w- c:\windows\system32\settings.sfm
2009-10-18 19:30:33 62976 -c----w- c:\windows\system32\dllcache\cdrom.sys
2009-10-18 19:30:32 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll
2009-10-18 19:30:32 465920 ------w- c:\windows\system32\imapi2fs.dll
2009-10-18 19:30:32 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll
2009-10-18 19:30:32 317952 ------w- c:\windows\system32\imapi2.dll
2009-10-18 18:48:27 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2009-10-18 18:26:36 0 d-----w- c:\program files\Essentials Codec Pack
2009-10-18 18:21:21 0 d-----w- c:\program files\VideoLAN
2009-10-18 17:54:58 0 d-----w- c:\docume~1\sara&y~1\applic~1\LimeWire
2009-10-18 17:54:40 0 d-----w- c:\program files\LimeWire
2009-10-18 17:51:35 0 d-----w- c:\program files\Microsoft
2009-10-18 17:50:35 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-10-18 17:50:35 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-18 17:45:30 0 d-----w- c:\windows\system32\Adobe
2009-10-18 16:16:20 376 ----a-w- c:\windows\ODBC.INI
2009-10-18 16:16:15 28040 ----a-w- c:\windows\system32\mdimon.dll
2009-10-18 16:15:23 0 d-----w- c:\program files\Microsoft ActiveSync
2009-10-18 16:13:32 0 d-----w- c:\windows\SHELLNEW
2009-10-18 16:04:42 0 d-----w- c:\program files\Microsoft Picture It! 9
2009-10-18 15:59:23 0 d-----w- c:\program files\Microsoft Works Suite 2004
2009-10-18 15:50:27 0 d-sh--w- c:\documents and settings\sara & yashe\IECompatCache
2009-10-18 15:49:58 0 d-sh--w- c:\documents and settings\sara & yashe\PrivacIE
2009-10-18 15:38:58 331776 ------w- c:\windows\system32\CTMEDENG.DLL
2009-10-18 15:38:57 24576 ----a-w- c:\windows\system32\CTMERes.DLL
2009-10-18 15:38:57 139264 ----a-w- c:\windows\system32\Video.skn
2009-10-18 15:38:20 692 ----a-w- c:\windows\system32\USBAudio.cpl.manifest
2009-10-18 15:38:20 45390 ----a-w- c:\windows\system32\usbaudio.chm
2009-10-18 15:38:20 176128 ----a-w- c:\windows\system32\USBAudio.cpl
2009-10-18 15:38:20 135168 ----a-w- c:\windows\system32\USBAudio.crl
2009-10-18 15:37:29 0 d-----w- c:\program files\Creative
2009-10-18 15:12:11 0 d-----w- c:\windows\system32\scripting
2009-10-18 15:12:10 0 d-----w- c:\windows\system32\en
2009-10-18 15:12:10 0 d-----w- c:\windows\system32\bits
2009-10-18 15:12:10 0 d-----w- c:\windows\l2schemas
2009-10-18 15:08:56 0 d-----w- c:\windows\network diagnostic
2009-10-18 12:45:00 0 d-----w- c:\windows\system32\ReinstallBackups
2009-10-18 12:42:08 520192 ------w- c:\windows\system32\ati2sgag.exe
2009-10-18 12:41:29 0 d-----w- c:\program files\ATI Technologies
2009-10-18 12:36:10 1902 ------w- c:\windows\system32\SetupBD.din
2009-10-18 12:35:20 5110 ----a-w- c:\windows\system32\e100b325.din
2009-10-18 12:35:20 24064 ----a-w- c:\windows\system32\IntelNic.dll
2009-10-18 12:35:20 154112 -c--a-w- c:\windows\system32\dllcache\e100b325.sys
2009-10-18 12:35:20 154112 ----a-w- c:\windows\system32\drivers\e100b325.sys
2009-10-18 12:35:20 12288 ----a-w- c:\windows\system32\e100bmsg.dll
2009-10-18 12:35:20 118784 ----a-w- c:\windows\system32\Prounstl.exe
2009-10-18 12:35:20 0 d-----w- C:\drvrtmp
2009-10-18 12:30:09 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2009-10-18 12:30:07 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2009-10-18 12:30:05 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2009-10-18 12:28:56 65536 ----a-w- c:\windows\system32\Audio3d.dll
2009-10-18 12:28:56 0 d-----w- c:\windows\VirtualEar
2009-10-18 12:28:55 991232 ----a-w- c:\windows\system32\virtear.dll
2009-10-18 12:28:53 0 d-----w- c:\program files\Analog Devices
2009-10-18 12:28:52 49152 ----a-w- c:\windows\system32\DSndUp.exe
2009-10-18 12:28:52 45056 ----a-w- c:\windows\system32\CleanUp.exe
2009-10-18 12:28:14 260352 ----a-w- c:\windows\system32\drivers\smwdm.sys
2009-10-18 12:28:12 732928 ----a-w- c:\windows\system32\drivers\senfilt.sys
2009-10-18 12:28:12 23040 ----a-w- c:\windows\system32\PostProc.dll
2009-10-18 12:28:11 311296 ----a-w- c:\windows\system32\Edcrypt.dll
2009-10-18 12:28:10 765952 ----a-w- c:\windows\system\crlds3d.dll
2009-10-18 12:26:38 446464 ----a-r- c:\windows\system32\hhactivex.dll
2009-10-18 12:26:38 176128 ----a-w- c:\windows\system32\RcdScan.dll
2009-10-18 12:26:37 645616 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2009-10-18 12:26:37 414944 ----a-w- c:\windows\system32\COMCT332.OCX
2009-10-18 12:26:37 328480 ----a-w- c:\windows\system32\ssa3d30.ocx
2009-10-18 12:26:35 7348 ----a-w- c:\windows\system32\Odbcjet.cnt
2009-10-18 12:26:35 171967 ----a-w- c:\windows\system32\Odbcjet.hlp
2009-10-18 12:26:29 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2009-10-18 12:26:21 13632 ------w- c:\windows\system32\drivers\omci.sys
2009-10-18 08:30:51 0 d-sh--w- c:\documents and settings\sara & yashe\IETldCache
2009-10-18 08:25:06 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-10-18 08:25:05 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-10-18 08:25:04 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-10-18 08:25:04 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-18 08:25:04 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-10-18 08:25:03 11069440 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-10-18 08:24:55 0 d-----w- c:\windows\ie8updates
2009-10-18 08:24:42 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-10-18 08:21:50 0 dc-h--w- c:\windows\ie8
2009-10-18 06:41:07 0 d-----w- c:\windows\ServicePackFiles
2009-10-18 04:22:55 11868 ------w- c:\windows\system32\drivers\mdmxsdk.sys
2009-10-18 04:22:45 1041536 ------w- c:\windows\system32\drivers\hsfdpsp2.sys
2009-10-18 04:22:44 685056 ------w- c:\windows\system32\drivers\hsfcxts2.sys
2009-10-18 04:22:44 220032 ------w- c:\windows\system32\drivers\hsfbs2s2.sys
2009-10-18 04:22:26 129045 ------w- c:\windows\system32\drivers\cxthsfs2.cty
2009-10-18 04:02:44 0 d-sh--w- c:\documents and settings\sara & yashe\UserData
2009-10-18 03:39:47 499712 ----a-w- c:\windows\system32\CheckDll.dll
2009-10-18 03:31:07 123 ----a-w- c:\windows\system\SysSD.dll
2009-10-18 03:29:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-10-18 03:29:09 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-10-18 03:28:09 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-10-18 03:28:08 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-10-18 03:28:07 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-10-18 03:28:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-10-18 03:27:50 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-10-18 03:27:04 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-10-18 03:27:04 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-10-18 03:26:15 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-10-18 03:26:15 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-10-18 03:26:15 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-10-18 03:26:15 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-10-18 03:26:15 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-10-18 03:26:15 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-10-18 03:26:14 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-10-18 03:26:14 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-10-18 03:26:14 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-10-18 03:26:14 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-10-18 03:26:13 2189184 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-10-18 03:26:13 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-10-18 03:25:36 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-10-18 03:21:42 0 d-----w- c:\windows\system32\PreInstall
2009-10-18 03:18:03 0 d-----w- c:\windows\RegisteredPackages
2009-10-18 03:16:25 46592 ------w- c:\windows\system32\drivers\irbus.sys
2009-10-18 03:16:25 19200 ------w- c:\windows\system32\drivers\hidir.sys
2009-10-18 03:15:25 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-10-18 03:13:32 0 d-----w- c:\windows\system32\URTTemp
2009-10-18 03:13:12 0 d-----w- c:\program files\RGB
2009-10-18 03:11:25 0 d-----w- c:\program files\DIGStream
2009-10-18 03:11:23 0 d-----w- c:\program files\ESPNMotion
2009-10-18 03:11:21 0 d-----w- c:\program files\GemMaster
2009-10-18 03:11:19 0 d-----w- c:\program files\EnglishOtto
2009-10-18 03:06:45 0 d-----w- c:\windows\system32\SoftwareDistribution
2009-10-18 03:02:17 0 d-s---w- c:\windows\system32\Microsoft
2009-10-18 02:51:48 0 d-sh--w- c:\documents and settings\all users\DRM
2009-10-18 02:51:30 0 d--h--w- c:\program files\WindowsUpdate
2009-10-18 02:50:49 0 d-----w- c:\program files\common files\MSSoap
2009-10-18 02:48:32 0 d-----w- c:\program files\Windows Plus
2009-10-18 02:47:31 0 d-----w- c:\program files\Messenger
2009-10-18 02:47:28 0 d-----w- c:\program files\MSN Gaming Zone
2009-10-18 02:46:59 0 d-----w- c:\program files\Windows NT
2009-10-17 21:39:47 0 d-----w- c:\program files\common files\ODBC
2009-10-17 21:39:44 0 d-----w- c:\program files\common files\SpeechEngines
2009-10-17 21:39:25 0 d-----r- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-11-07 09:53:17 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-11-07 09:53:17 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-10-18 02:49:23 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-09-25 05:48:59 81920 ------w- c:\windows\system32\ieencode.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08:21 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2001-03-30 17:04:42 32768 --sha-r- c:\windows\system32\pcrelayin.dll
2001-03-30 17:04:48 372736 --sha-r- c:\windows\system32\ptleucos.dll

============= FINISH: 22:54:55.59 ===============



exeHelper by Raktor
Build 20091021
Run at 22:51:59 on 11/08/09
Now searching...
Checking for numerical processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/08 22:58
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: mchInjDrv.sys
Image Path: C:\WINDOWS\system32\Drivers\mchInjDrv.sys
Address: 0xBAF19000 Size: 2560 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xAF332000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.ISOImage.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.ISOImage.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\DellDriverDownloadManager.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\DellDriverDownloadManager.exe.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\DellDriverDownloadManager.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\DellDriverDownloadManager.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Core.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Core.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Interop.IWshRuntimeLibrary.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Interop.IWshRuntimeLibrary.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\stdole.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\stdole.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Xceed.Compression.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Sara & Yashe\Local Settings\Apps\2.0\GW3W0RPH.V91\E2Y9437D.3GP\manifests\Xceed.Compression.manifest
Status: Locked to the Windows API!

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "PCTCore.sys" at address 0xba6b2d72

#: 047 Function Name: NtCreateProcess
Status: Hooked by "PCTCore.sys" at address 0xba6939a6

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "PCTCore.sys" at address 0xba693b98

#: 063 Function Name: NtDeleteKey
Status: Hooked by "PCTCore.sys" at address 0xba6b3568

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "PCTCore.sys" at address 0xba6b3820

#: 119 Function Name: NtOpenKey
Status: Hooked by "PCTCore.sys" at address 0xba6b1a80

#: 192 Function Name: NtRenameKey
Status: Hooked by "PCTCore.sys" at address 0xba6b3c8a

#: 247 Function Name: NtSetValueKey
Status: Hooked by "PCTCore.sys" at address 0xba6b3036

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "PCTCore.sys" at address 0xba693656

==EOF==

#4 Raktor

Raktor

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,114 posts

Posted 11 November 2009 - 05:59 AM

Sorry for the delay, I accidentally missed your reply. After the scans you have now completed, are you still experiencing problems?
Posted Image
Graduate from the WTT Malware Classroom
If you feel I have helped you, please consider a donation. Posted Image
Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

#5 mesa215

mesa215

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts
  • Interests:Reading Books<br />Writing Poetry<br />Music

Posted 11 November 2009 - 10:27 AM

Yes, The computer is extremely slow and I have to keep running my spyware detector because I keep getting a message that I need to download a virus software which I know not to download. my spyware detector quarentines it but it seems to come back. What else can I do?

#6 Raktor

Raktor

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,114 posts

Posted 11 November 2009 - 09:46 PM

Download Combofix from any of the links below.

Link 1
Link 2


==================================

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

Posted Image
Graduate from the WTT Malware Classroom
If you feel I have helped you, please consider a donation. Posted Image
Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

#7 mesa215

mesa215

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts
  • Interests:Reading Books<br />Writing Poetry<br />Music

Posted 12 November 2009 - 04:20 AM

I ran ComboFix. Here is the log:

ComboFix 09-11-11.02 - Sara & Yashe 11/12/2009 5:01.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1457 [GMT -5:00]
Running from: c:\documents and settings\Sara & Yashe\Desktop\ComboFix.exe
AV: PC Tools AntiVirus 6.1.0.25 *On-access scanning enabled* (Updated) {832E7172-E406-4bb2-8B19-6D29F2C93A98}
.

((((((((((((((((((((((((( Files Created from 2009-10-12 to 2009-11-12 )))))))))))))))))))))))))))))))
.

2009-11-12 02:03 . 2009-11-12 02:03 -------- d-----w- c:\program files\Conduit
2009-11-12 02:03 . 2009-11-12 02:03 -------- d-----w- c:\documents and settings\Sara & Yashe\Local Settings\Application Data\Conduit
2009-11-12 02:03 . 2009-11-12 02:04 -------- d-----w- c:\documents and settings\Sara & Yashe\Local Settings\Application Data\IObitCom
2009-11-12 02:02 . 2009-11-12 02:03 -------- d-----w- c:\program files\IObitCom
2009-11-12 02:02 . 2009-11-04 21:49 635664 ----a-w- c:\documents and settings\Sara & Yashe\Application Data\IObit\Common\TB_Helper.exe
2009-11-12 01:51 . 2004-08-10 11:00 57398 -c--a-w- c:\windows\system32\dllcache\imjpdadm.exe
2009-11-12 01:51 . 2004-08-10 11:00 45109 -c--a-w- c:\windows\system32\dllcache\imjpuex.exe
2009-11-12 01:51 . 2004-08-10 11:00 6656 -c--a-w- c:\windows\system32\dllcache\c_is2022.dll
2009-11-12 01:51 . 2004-08-10 11:00 6656 ----a-w- c:\windows\system32\c_is2022.dll
2009-11-12 01:49 . 2001-08-18 03:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2009-11-12 01:49 . 2001-08-18 03:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2009-11-12 01:49 . 2001-08-18 03:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2009-11-12 01:49 . 2001-08-18 03:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2009-11-12 01:49 . 2001-08-17 19:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2009-11-12 01:49 . 2001-08-17 19:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2009-11-12 01:49 . 2001-08-17 19:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2009-11-12 01:49 . 2001-08-17 19:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2009-11-12 01:49 . 2001-08-17 19:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2009-11-12 01:49 . 2001-08-17 19:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2009-11-12 01:49 . 2008-04-14 01:09 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2009-11-12 01:49 . 2008-04-14 01:09 6144 ----a-w- c:\windows\system32\kbd106.dll
2009-11-11 22:13 . 2009-11-11 22:13 -------- d-----w- c:\documents and settings\Nani\Local Settings\Application Data\Temp
2009-11-09 03:55 . 2009-11-09 03:55 0 ----a-w- c:\documents and settings\Sara & Yashe\settings.dat
2009-11-08 23:06 . 2009-11-08 23:06 -------- d-----w- c:\program files\MSXML 4.0
2009-11-08 04:41 . 2009-11-08 04:41 -------- d-----w- c:\documents and settings\Sara & Yashe\Application Data\PC Tools
2009-11-08 04:40 . 2009-11-12 07:04 -------- d-----w- c:\program files\Max Spyware Detector
2009-11-08 04:40 . 2009-08-24 19:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-08 04:40 . 2009-08-19 16:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-11-08 04:40 . 2009-11-08 04:40 -------- d-----w- c:\program files\Common Files\PC Tools
2009-11-08 04:40 . 2009-02-10 15:13 21904 ----a-w- c:\windows\system32\drivers\AVRec.sys
2009-11-08 04:40 . 2009-02-10 15:13 28560 ----a-w- c:\windows\system32\drivers\AVHook.sys
2009-11-08 04:40 . 2009-02-10 15:13 21904 ----a-w- c:\windows\system32\drivers\AVFilter.sys
2009-11-08 04:40 . 2009-11-12 10:02 -------- d-----w- c:\program files\PC Tools AntiVirus
2009-11-08 04:12 . 2009-11-08 04:12 -------- d-----w- c:\documents and settings\Sara & Yashe\Application Data\Malwarebytes
2009-11-08 04:12 . 2009-11-08 04:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-08 03:47 . 2009-11-08 03:47 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-11-08 03:46 . 2009-11-08 03:46 -------- d-----w- c:\program files\Common Files\iS3
2009-11-08 03:44 . 2009-11-08 03:44 -------- d-----w- c:\program files\Trend Micro
2009-11-08 03:30 . 2009-11-08 03:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-08 03:30 . 2009-11-08 03:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-08 02:28 . 2009-11-08 02:30 -------- d-----w- c:\documents and settings\Sara & Yashe\Local Settings\Application Data\AskToolbar
2009-11-08 02:24 . 2009-11-08 02:24 -------- d-----w- c:\program files\Ask.com
2009-11-08 02:23 . 2009-11-08 02:23 -------- d-----w- c:\program files\MSSOAP
2009-11-08 02:23 . 2009-11-08 04:01 -------- d-----w- c:\documents and settings\Sara & Yashe\Application Data\Webroot
2009-11-08 02:19 . 2009-11-08 02:19 164 ----a-w- c:\windows\install.dat
2009-11-08 00:04 . 2009-11-08 00:04 -------- d-----w- c:\program files\NOS
2009-11-07 09:53 . 2009-11-07 09:53 -------- d-----w- c:\program files\Common Files\xing shared
2009-11-07 09:53 . 2009-11-07 09:53 -------- d-----w- c:\program files\Common Files\Real
2009-11-07 09:53 . 2009-11-07 09:53 -------- d-----w- c:\program files\Real
2009-11-07 08:20 . 2009-11-07 08:20 -------- d-----w- c:\documents and settings\LocalService\Application Data\PCToolsFirewallPlus
2009-11-07 08:20 . 2009-11-07 08:20 -------- d-----w- c:\documents and settings\LocalService\Application Data\Spam Monitor
2009-11-07 07:49 . 2009-11-07 07:49 -------- d-----w- c:\documents and settings\Sara & Yashe\Application Data\Spam Monitor
2009-11-07 07:48 . 2009-11-07 07:48 -------- d-----w- c:\documents and settings\Sara & Yashe\Local Settings\Application Data\Threat Expert
2009-11-07 07:43 . 2009-11-08 04:41 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-11-07 00:18 . 2009-11-08 04:02 0 ----a-r- c:\windows\win32k.sys
2009-11-06 23:33 . 2009-11-06 23:33 64744 ----a-w- c:\documents and settings\Nani\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-06 23:21 . 2009-11-06 23:21 -------- d-----w- c:\documents and settings\Nani\Local Settings\Application Data\Adobe
2009-11-06 15:23 . 2009-11-06 15:23 -------- d-----w- c:\documents and settings\Nani\Application Data\acccore
2009-11-06 15:23 . 2009-11-06 15:23 -------- d-----w- c:\documents and settings\Nani\Application Data\AIMPro
2009-11-05 21:28 . 2009-11-05 21:28 -------- d-----w- c:\documents and settings\Sara & Yashe\Local Settings\Application Data\Identities
2009-11-05 02:54 . 2009-11-05 02:54 -------- d-----w- c:\documents and settings\Sara & Yashe\Application Data\acccore
2009-11-05 02:54 . 2009-11-05 02:54 -------- d-----w- c:\documents and settings\Sara & Yashe\Application Data\AIMPro
2009-11-05 02:40 . 2009-11-05 02:40 -------- d-----w- c:\program files\Common Files\Nullsoft
2009-11-05 02:39 . 2009-11-05 02:39 -------- d-----w- c:\program files\AIM
2009-11-05 02:39 . 2009-11-05 02:39 -------- d-----w- c:\documents and settings\Sara & Yashe\Application Data\AIM
2009-11-04 02:47 . 2009-11-05 15:19 152576 ----a-w- c:\documents and settings\Sara & Yashe\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-02 20:39 . 2009-11-02 20:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Vantage
2009-11-02 20:39 . 2009-11-02 20:39 -------- d-----w- c:\documents and settings\Sara & Yashe\Application Data\Vantage
2009-11-02 20:39 . 2009-11-02 20:39 -------- d-----w- c:\program files\Vantage Technologies
2009-11-02 02:56 . 2009-11-08 16:18 -------- d-----w- c:\documents and settings\Nani\Application Data\vlc
2009-11-02 02:52 . 2009-11-02 02:52 -------- d-sh--w- c:\documents and settings\Nani\PrivacIE
2009-10-31 16:52 . 2009-10-31 16:52 -------- d-----w- c:\documents and settings\Sara & Yashe\Application Data\Alawar
2009-10-31 05:11 . 2009-10-31 05:12 -------- d-----w- c:\documents and settings\Sara & Yashe\Application Data\GTM_Bodie
2009-10-29 00:08 . 2009-11-01 03:08 -------- d-----w- c:\documents and settings\Sara & Yashe\Local Settings\Application Data\Temp
2009-10-29 00:08 . 2009-10-29 00:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-10-28 23:54 . 2009-10-28 23:54 -------- d-----w- c:\program files\Zylom Games
2009-10-28 23:54 . 2009-10-28 23:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Zylom
2009-10-28 23:54 . 2009-07-02 15:19 102400 ----a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
2009-10-28 23:54 . 2004-12-20 16:17 147456 ----a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylomgamesplayer.dll
2009-10-28 23:53 . 2009-10-28 23:53 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-10-28 23:53 . 2009-11-01 18:05 -------- d-----w- c:\documents and settings\Sara & Yashe\Local Settings\Application Data\Google
2009-10-28 23:42 . 2009-10-28 23:42 -------- d-----w- c:\documents and settings\All Users\Application Data\HipSoft
2009-10-28 23:41 . 2009-11-01 18:05 -------- d-----w- c:\program files\Google
2009-10-28 08:42 . 2009-10-28 08:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Princess Isabella
2009-10-28 08:40 . 2009-11-08 02:16 -------- d-----w- C:\GameHouse Games
2009-10-28 08:39 . 2009-11-08 02:16 -------- d-----w- c:\program files\RealArcade
2009-10-28 07:00 . 2009-10-28 07:00 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-10-27 16:27 . 2009-10-27 16:27 -------- d-----w- c:\program files\Common Files\HP
2009-10-27 16:25 . 2009-10-27 16:25 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-10-27 16:25 . 2004-12-14 16:07 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2009-10-27 16:25 . 2004-12-14 16:07 51120 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2009-10-27 16:24 . 2004-12-14 16:07 21744 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2009-10-27 16:24 . 2004-09-29 16:15 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2009-10-27 16:24 . 2004-09-29 16:14 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2009-10-27 16:24 . 2004-09-29 16:12 278584 ----a-w- c:\windows\system32\HPZidr12.dll
2009-10-27 16:24 . 2004-09-29 16:09 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2009-10-27 16:24 . 2004-09-29 16:09 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2009-10-27 16:24 . 2004-09-29 16:08 61440 ----a-w- c:\windows\system32\HPZinw12.exe
2009-10-27 16:24 . 1998-10-29 20:45 306688 ----a-w- c:\windows\IsUninst.exe
2009-10-26 22:09 . 2009-10-26 22:09 -------- d-----w- c:\program files\Digiarty
2009-10-26 21:04 . 2009-11-12 02:02 -------- d-----w- c:\documents and settings\Sara & Yashe\Application Data\IObit
2009-10-26 21:04 . 2009-10-26 21:29 -------- d-----w- c:\program files\IObit
2009-10-25 01:18 . 2005-05-26 19:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2009-10-25 01:18 . 2009-10-25 01:18 -------- d-----w- c:\temp\MTGOInstall
2009-10-25 01:18 . 2009-10-25 01:18 -------- d-----w- C:\Temp
2009-10-25 01:11 . 2009-10-25 01:57 -------- d-----w- c:\documents and settings\Sara & Yashe\Application Data\Wizards of the Coast
2009-10-25 01:10 . 2009-10-25 01:10 -------- d-----w- c:\program files\Wizards of the Coast
2009-10-25 00:58 . 2009-10-25 00:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2009-10-25 00:51 . 2009-10-25 00:52 -------- d-----w- c:\documents and settings\Sara & Yashe\Application Data\MagicBall4
2009-10-25 00:50 . 2009-10-25 00:50 -------- d-----w- c:\program files\ReflexiveArcade
2009-10-19 01:20 . 2009-10-19 01:20 -------- d-----w- c:\windows\system32\XPSViewer
2009-10-19 01:20 . 2009-10-19 01:20 -------- d-----w- c:\program files\MSBuild
2009-10-19 01:20 . 2009-10-19 01:20 -------- d-----w- c:\program files\Reference Assemblies
2009-10-19 01:19 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-19 01:19 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-10-19 01:19 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-19 01:19 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-10-19 01:19 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-10-19 01:19 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-10-19 01:19 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-10-19 01:19 . 2009-10-19 01:19 -------- d-----w- C:\a77d5422197f8a293a93ceaf97fafe2f
2009-10-19 01:14 . 2006-10-20 04:10 501912 ----a-w- c:\windows\system32\PICSDK2.dll
2009-10-19 01:14 . 2006-10-20 04:10 108704 ----a-w- c:\windows\system32\PICEntry.dll
2009-10-19 01:14 . 2004-03-03 10:10 31053 ----a-w- c:\windows\system32\EPPICPattern131.dat
2009-10-19 01:14 . 2004-03-03 10:10 27417 ----a-w- c:\windows\system32\EPPICPattern121.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-07 09:53 . 2009-07-31 12:47 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-11-07 09:53 . 2009-07-31 12:47 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-11-07 06:55 . 2009-11-02 02:49 -------- d-----w- c:\documents and settings\Nani\Application Data\PC Tools
2009-10-19 00:33 . 2009-10-19 00:33 -------- d-----w- c:\program files\ArcSoft
2009-10-18 15:15 . 2009-10-18 02:51 87747 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-18 02:53 . 2009-10-18 02:53 -------- d-----w- c:\program files\microsoft frontpage
2009-10-18 02:49 . 2009-10-18 02:49 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-18 02:48 . 2009-10-18 02:48 -------- d-----w- c:\program files\Windows Plus
2009-09-25 05:48 . 2009-09-25 05:48 81920 ------w- c:\windows\system32\ieencode.dll
2009-09-11 14:18 . 2004-08-10 11:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-10 11:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2006-03-04 03:33 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-10 11:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-14 13:21 . 2004-08-10 11:00 1850624 ----a-w- c:\windows\system32\win32k.sys
2001-03-30 17:04 . 2001-03-30 17:04 32768 --sha-r- c:\windows\system32\pcrelayin.dll
2001-03-30 17:04 . 2001-03-30 17:04 372736 --sha-r- c:\windows\system32\ptleucos.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{31c7d459-9cc3-44f2-9dca-fc11795309b4}"= "c:\program files\IObitCom\tbIObi.dll" [2009-10-01 2166296]

[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]
2009-10-01 22:29 2166296 ----a-w- c:\program files\IObitCom\tbIObi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-02-09 20:06 764296 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296]
"{31c7d459-9cc3-44f2-9dca-fc11795309b4}"= "c:\program files\IObitCom\tbIObi.dll" [2009-10-01 2166296]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296]
"{31C7D459-9CC3-44F2-9DCA-FC11795309B4}"= "c:\program files\IObitCom\tbIObi.dll" [2009-10-01 2166296]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064]
"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 50688]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-07 198160]
"PCTAVApp"="c:\program files\PC Tools AntiVirus\PCTAV.exe" [2009-04-16 1505168]
"SDActiveMonitor"="c:\program files\Max Spyware Detector\MaxSDTray.exe" [2009-10-10 800688]
"P17Helper"="P17.dll" - c:\windows\system32\P17.dll [2004-06-10 60928]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{462DB222-F475-4480-B981-6546C5E019DA}"= "c:\windows\system32\ptleucos.dll" [2001-03-30 372736]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL]
2005-12-23 00:08 450646 ----a-w- c:\windows\system32\PRISMAPI.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=winaux.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCTAVSvc]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Vantage Technologies\\CorrectEnglish\\CorrectEnglish.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/7/2009 11:40 PM 206256]
R2 MaxWatchDogService;MaxWatchDogService;c:\program files\Max Spyware Detector\MaxWatchDogService.exe [11/7/2009 11:40 PM 426928]
R2 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [10/18/2009 2:57 PM 61526]
R3 SDActMon;SDActMon;c:\program files\Max Spyware Detector\SDActMon.sys [11/7/2009 11:40 PM 30128]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 gupdate1ca5829d41396fc;Google Update Service (gupdate1ca5829d41396fc);c:\program files\Google\Update\GoogleUpdate.exe [10/28/2009 6:53 PM 133104]
S3 getPlusHelper;getPlus® Helper;c:\windows\System32\svchost.exe -k getPlusHelper [8/10/2004 6:00 AM 14336]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
*Deregistered* - mchInjDrv
*Deregistered* - PROCEXP113

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2009-11-12 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-10-26 20:35]

2009-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-28 23:53]

2009-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-28 23:53]

2009-11-12 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-02-09 20:06]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
.
- - - - ORPHANS REMOVED - - - -

Notify-SDNotify - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-12 05:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3944)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\ptleucos.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\pcrelayin.dll
.
Completion time: 2009-11-12 5:16
ComboFix-quarantined-files.txt 2009-11-12 10:16
ComboFix2.txt 2009-11-08 04:35

Pre-Run: 65,236,541,440 bytes free
Post-Run: 65,267,036,160 bytes free

- - End Of File - - EE2E193ADCE6BA2132BAD5CF7C13F831

#8 Raktor

Raktor

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,114 posts

Posted 12 November 2009 - 04:27 AM

Please go to Add/Remove programs, and remove any programs made by IOBit. Then..

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

http://forums.whatth...er_t108163.html
Collect::
c:\windows\system32\ptleucos.dll

Registry::
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{462DB222-F475-4480-B981-6546C5E019DA}"= -


Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Posted Image
Graduate from the WTT Malware Classroom
If you feel I have helped you, please consider a donation. Posted Image
Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

#9 mesa215

mesa215

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts
  • Interests:Reading Books<br />Writing Poetry<br />Music

Posted 13 November 2009 - 02:13 AM

I deleted Iobit programs and disabled virus and spyware programs. I saved the text above and ran ComboFix. ComboFix deleted some files and then uploaded something for further anylsis. Here is the log:

ComboFix 09-11-13.04 - Sara & Yashe 11/13/2009 2:54.3.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1618 [GMT -5:00]
Running from: c:\documents and settings\Sara & Yashe\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Sara & Yashe\Desktop\CFScript.txt
AV: PC Tools AntiVirus 6.1.0.25 *On-access scanning disabled* (Updated) {832E7172-E406-4bb2-8B19-6D29F2C93A98}

file zipped: c:\windows\system32\ptleucos.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ptleucos.dll

.
((((((((((((((((((((((((( Files Created from 2009-10-13 to 2009-11-13 )))))))))))))))))))))))))))))))
.

2009-11-12 18:33 . 2009-11-12 18:33 -------- d-----w- c:\documents and settings\Nani\Local Settings\Application Data\Conduit
2009-11-12 18:33 . 2009-11-12 18:33 -------- d-----w- c:\documents and settings\Nani\Local Settings\Application Data\IObitCom
2009-11-12 02:03 . 2009-11-12 02:03 -------- d-----w- c:\program files\Conduit
2009-11-12 02:03 . 2009-11-12 02:03 -------- d-----w- c:\documents and settings\Sara & Yashe\Local Settings\Application Data\Conduit
2009-11-12 02:02 . 2009-11-04 21:49 635664 ----a-w- c:\documents and settings\Sara & Yashe\Application Data\IObit\Common\TB_Helper.exe
2009-11-12 01:51 . 2004-08-10 11:00 57398 -c--a-w- c:\windows\system32\dllcache\imjpdadm.exe
2009-11-12 01:51 . 2004-08-10 11:00 45109 -c--a-w- c:\windows\system32\dllcache\imjpuex.exe
2009-11-12 01:51 . 2004-08-10 11:00 6656 -c--a-w- c:\windows\system32\dllcache\c_is2022.dll
2009-11-12 01:51 . 2004-08-10 11:00 6656 ----a-w- c:\windows\system32\c_is2022.dll
2009-11-12 01:49 . 2001-08-18 03:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2009-11-12 01:49 . 2001-08-18 03:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2009-11-12 01:49 . 2001-08-18 03:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2009-11-12 01:49 . 2001-08-18 03:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2009-11-12 01:49 . 2001-08-17 19:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2009-11-12 01:49 . 2001-08-17 19:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2009-11-12 01:49 . 2001-08-17 19:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2009-11-12 01:49 . 2001-08-17 19:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2009-11-12 01:49 . 2001-08-17 19:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2009-11-12 01:49 . 2001-08-17 19:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2009-11-12 01:49 . 2008-04-14 01:09 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2009-11-12 01:49 . 2008-04-14 01:09 6144 ----a-w- c:\windows\system32\kbd106.dll
2009-11-11 22:13 . 2009-11-11 22:13 -------- d-----w- c:\documents and settings\Nani\Local Settings\Application Data\Temp
2009-11-09 03:55 . 2009-11-09 03:55 0 ----a-w- c:\documents and settings\Sara & Yashe\settings.dat
2009-11-08 23:06 . 2009-11-08 23:06 -------- d-----w- c:\program files\MSXML 4.0
2009-11-08 04:41 . 2009-11-08 04:41 -------- d-----w- c:\documents and settings\Sara & Yashe\Application Data\PC Tools
2009-11-08 04:40 . 2009-11-12 19:26 -------- d-----w- c:\program files\Max Spyware Detector
2009-11-08 04:40 . 2009-08-24 19:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-08 04:40 . 2009-08-19 16:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-11-08 04:40 . 2009-11-08 04:40 -------- d-----w- c:\program files\Common Files\PC Tools
2009-11-08 04:40 . 2009-02-10 15:13 21904 ----a-w- c:\windows\system32\drivers\AVRec.sys
2009-11-08 04:40 . 2009-02-10 15:13 28560 ----a-w- c:\windows\system32\drivers\AVHook.sys
2009-11-08 04:40 . 2009-02-10 15:13 21904 ----a-w- c:\windows\system32\drivers\AVFilter.sys
2009-11-08 04:40 . 2009-11-13 07:38 -------- d-----w- c:\program files\PC Tools AntiVirus
2009-11-08 04:12 . 2009-11-08 04:12 -------- d-----w- c:\documents and settings\Sara & Yashe\Application Data\Malwarebytes
2009-11-08 04:12 . 2009-11-08 04:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-08 03:47 . 2009-11-08 03:47 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-11-08 03:46 . 2009-11-08 03:46 -------- d-----w- c:\program files\Common Files\iS3
2009-11-08 03:44 . 2009-11-08 03:44 -------- d-----w- c:\program files\Trend Micro
2009-11-08 03:30 . 2009-11-08 03:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-08 03:30 . 2009-11-08 03:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-08 02:28 . 2009-11-08 02:30 -------- d-----w- c:\documents and settings\Sara & Yashe\Local Settings\Application Data\AskToolbar
2009-11-08 02:24 . 2009-11-08 02:24 -------- d-----w- c:\program files\Ask.com
2009-11-08 02:23 . 2009-11-08 02:23 -------- d-----w- c:\program files\MSSOAP
2009-11-08 02:23 . 2009-11-08 04:01 -------- d-----w- c:\documents and settings\Sara & Yashe\Application Data\Webroot
2009-11-08 02:19 . 2009-11-08 02:19 164 ----a-w- c:\windows\install.dat
2009-11-08 00:04 . 2009-11-08 00:04 -------- d-----w- c:\program files\NOS
2009-11-07 09:53 . 2009-11-07 09:53 -------- d-----w- c:\program files\Common Files\xing shared
2009-11-07 09:53 . 2009-11-07 09:53 -------- d-----w- c:\program files\Common Files\Real
2009-11-07 09:53 . 2009-11-07 09:53 -------- d-----w- c:\program files\Real
2009-11-07 08:20 . 2009-11-07 08:20 -------- d-----w- c:\documents and settings\LocalService\Application Data\PCToolsFirewallPlus
2009-11-07 08:20 . 2009-11-07 08:20 -------- d-----w- c:\documents and settings\LocalService\Application Data\Spam Monitor
2009-11-07 07:49 . 2009-11-07 07:49 -------- d-----w- c:\documents and settings\Sara & Yashe\Application Data\Spam Monitor
2009-11-07 07:48 . 2009-11-07 07:48 -------- d-----w- c:\documents and settings\Sara & Yashe\Local Settings\Application Data\Threat Expert
2009-11-07 07:43 . 2009-11-08 04:41 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-11-07 00:18 . 2009-11-08 04:02 0 ----a-r- c:\windows\win32k.sys
2009-11-06 23:33 . 2009-11-06 23:33 64744 ----a-w- c:\documents and settings\Nani\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-06 23:21 . 2009-11-06 23:21 -------- d-----w- c:\documents and settings\Nani\Local Settings\Application Data\Adobe
2009-11-06 15:23 . 2009-11-06 15:23 -------- d-----w- c:\documents and settings\Nani\Application Data\acccore
2009-11-06 15:23 . 2009-11-06 15:23 -------- d-----w- c:\documents and settings\Nani\Application Data\AIMPro
2009-11-05 21:28 . 2009-11-05 21:28 -------- d-----w- c:\documents and settings\Sara & Yashe\Local Settings\Application Data\Identities
2009-11-05 02:54 . 2009-11-05 02:54 -------- d-----w- c:\documents and settings\Sara & Yashe\Application Data\acccore
2009-11-05 02:54 . 2009-11-05 02:54 -------- d-----w- c:\documents and settings\Sara & Yashe\Application Data\AIMPro
2009-11-05 02:40 . 2009-11-05 02:40 -------- d-----w- c:\program files\Common Files\Nullsoft
2009-11-05 02:39 . 2009-11-05 02:39 -------- d-----w- c:\program files\AIM
2009-11-05 02:39 . 2009-11-05 02:39 -------- d-----w- c:\documents and settings\Sara & Yashe\Application Data\AIM
2009-11-04 02:47 . 2009-11-05 15:19 152576 ----a-w- c:\documents and settings\Sara & Yashe\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-02 20:39 . 2009-11-02 20:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Vantage
2009-11-02 20:39 . 2009-11-02 20:39 -------- d-----w- c:\documents and settings\Sara & Yashe\Application Data\Vantage
2009-11-02 20:39 . 2009-11-02 20:39 -------- d-----w- c:\program files\Vantage Technologies
2009-11-02 02:56 . 2009-11-08 16:18 -------- d-----w- c:\documents and settings\Nani\Application Data\vlc
2009-11-02 02:52 . 2009-11-02 02:52 -------- d-sh--w- c:\documents and settings\Nani\PrivacIE
2009-10-31 16:52 . 2009-10-31 16:52 -------- d-----w- c:\documents and settings\Sara & Yashe\Application Data\Alawar
2009-10-31 05:11 . 2009-10-31 05:12 -------- d-----w- c:\documents and settings\Sara & Yashe\Application Data\GTM_Bodie
2009-10-29 00:08 . 2009-11-01 03:08 -------- d-----w- c:\documents and settings\Sara & Yashe\Local Settings\Application Data\Temp
2009-10-29 00:08 . 2009-10-29 00:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-10-28 23:54 . 2009-10-28 23:54 -------- d-----w- c:\program files\Zylom Games
2009-10-28 23:54 . 2009-10-28 23:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Zylom
2009-10-28 23:54 . 2009-07-02 15:19 102400 ----a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
2009-10-28 23:54 . 2004-12-20 16:17 147456 ----a-w- c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylomgamesplayer.dll
2009-10-28 23:53 . 2009-10-28 23:53 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-10-28 23:53 . 2009-11-01 18:05 -------- d-----w- c:\documents and settings\Sara & Yashe\Local Settings\Application Data\Google
2009-10-28 23:42 . 2009-10-28 23:42 -------- d-----w- c:\documents and settings\All Users\Application Data\HipSoft
2009-10-28 23:41 . 2009-11-01 18:05 -------- d-----w- c:\program files\Google
2009-10-28 08:42 . 2009-10-28 08:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Princess Isabella
2009-10-28 08:40 . 2009-11-08 02:16 -------- d-----w- C:\GameHouse Games
2009-10-28 08:39 . 2009-11-08 02:16 -------- d-----w- c:\program files\RealArcade
2009-10-28 07:00 . 2009-10-28 07:00 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-10-27 16:27 . 2009-10-27 16:27 -------- d-----w- c:\program files\Common Files\HP
2009-10-27 16:25 . 2009-10-27 16:25 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-10-27 16:25 . 2004-12-14 16:07 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2009-10-27 16:25 . 2004-12-14 16:07 51120 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2009-10-27 16:24 . 2004-12-14 16:07 21744 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2009-10-27 16:24 . 2004-09-29 16:15 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2009-10-27 16:24 . 2004-09-29 16:14 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2009-10-27 16:24 . 2004-09-29 16:12 278584 ----a-w- c:\windows\system32\HPZidr12.dll
2009-10-27 16:24 . 2004-09-29 16:09 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2009-10-27 16:24 . 2004-09-29 16:09 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2009-10-27 16:24 . 2004-09-29 16:08 61440 ----a-w- c:\windows\system32\HPZinw12.exe
2009-10-27 16:24 . 1998-10-29 20:45 306688 ----a-w- c:\windows\IsUninst.exe
2009-10-26 22:09 . 2009-10-26 22:09 -------- d-----w- c:\program files\Digiarty
2009-10-26 21:04 . 2009-11-12 02:02 -------- d-----w- c:\documents and settings\Sara & Yashe\Application Data\IObit
2009-10-26 21:04 . 2009-10-26 21:29 -------- d-----w- c:\program files\IObit
2009-10-25 01:18 . 2005-05-26 19:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2009-10-25 01:18 . 2009-10-25 01:18 -------- d-----w- c:\temp\MTGOInstall
2009-10-25 01:18 . 2009-10-25 01:18 -------- d-----w- C:\Temp
2009-10-25 01:11 . 2009-10-25 01:57 -------- d-----w- c:\documents and settings\Sara & Yashe\Application Data\Wizards of the Coast
2009-10-25 01:10 . 2009-10-25 01:10 -------- d-----w- c:\program files\Wizards of the Coast
2009-10-25 00:58 . 2009-10-25 00:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2009-10-25 00:51 . 2009-10-25 00:52 -------- d-----w- c:\documents and settings\Sara & Yashe\Application Data\MagicBall4
2009-10-25 00:50 . 2009-10-25 00:50 -------- d-----w- c:\program files\ReflexiveArcade
2009-10-19 01:20 . 2009-10-19 01:20 -------- d-----w- c:\windows\system32\XPSViewer
2009-10-19 01:20 . 2009-10-19 01:20 -------- d-----w- c:\program files\MSBuild
2009-10-19 01:20 . 2009-10-19 01:20 -------- d-----w- c:\program files\Reference Assemblies
2009-10-19 01:19 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-19 01:19 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-10-19 01:19 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-19 01:19 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-10-19 01:19 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-10-19 01:19 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-10-19 01:19 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-10-19 01:19 . 2009-10-19 01:19 -------- d-----w- C:\a77d5422197f8a293a93ceaf97fafe2f
2009-10-19 01:14 . 2006-10-20 04:10 501912 ----a-w- c:\windows\system32\PICSDK2.dll
2009-10-19 01:14 . 2006-10-20 04:10 108704 ----a-w- c:\windows\system32\PICEntry.dll
2009-10-19 01:14 . 2004-03-03 10:10 31053 ----a-w- c:\windows\system32\EPPICPattern131.dat
2009-10-19 01:14 . 2004-03-03 10:10 27417 ----a-w- c:\windows\system32\EPPICPattern121.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-07 09:53 . 2009-07-31 12:47 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-11-07 09:53 . 2009-07-31 12:47 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-11-07 06:55 . 2009-11-02 02:49 -------- d-----w- c:\documents and settings\Nani\Application Data\PC Tools
2009-10-19 00:33 . 2009-10-19 00:33 -------- d-----w- c:\program files\ArcSoft
2009-10-18 15:15 . 2009-10-18 02:51 87747 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-18 02:53 . 2009-10-18 02:53 -------- d-----w- c:\program files\microsoft frontpage
2009-10-18 02:49 . 2009-10-18 02:49 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-18 02:48 . 2009-10-18 02:48 -------- d-----w- c:\program files\Windows Plus
2009-09-25 05:48 . 2009-09-25 05:48 81920 ------w- c:\windows\system32\ieencode.dll
2009-09-11 14:18 . 2004-08-10 11:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-10 11:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2006-03-04 03:33 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-10 11:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2001-03-30 17:04 . 2001-03-30 17:04 32768 --sha-r- c:\windows\system32\pcrelayin.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-02-09 20:06 764296 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064]
"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 50688]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-07 198160]
"PCTAVApp"="c:\program files\PC Tools AntiVirus\PCTAV.exe" [2009-04-16 1505168]
"SDActiveMonitor"="c:\program files\Max Spyware Detector\MaxSDTray.exe" [2009-10-10 800688]
"P17Helper"="P17.dll" - c:\windows\system32\P17.dll [2004-06-10 60928]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL]
2005-12-23 00:08 450646 ----a-w- c:\windows\system32\PRISMAPI.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=winaux.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCTAVSvc]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Vantage Technologies\\CorrectEnglish\\CorrectEnglish.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/7/2009 11:40 PM 206256]
R2 MaxWatchDogService;MaxWatchDogService;c:\program files\Max Spyware Detector\MaxWatchDogService.exe [11/7/2009 11:40 PM 426928]
R2 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [10/18/2009 2:57 PM 61526]
R3 SDActMon;SDActMon;c:\program files\Max Spyware Detector\SDActMon.sys [11/7/2009 11:40 PM 30128]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 gupdate1ca5829d41396fc;Google Update Service (gupdate1ca5829d41396fc);c:\program files\Google\Update\GoogleUpdate.exe [10/28/2009 6:53 PM 133104]
S3 getPlusHelper;getPlus® Helper;c:\windows\System32\svchost.exe -k getPlusHelper [8/10/2004 6:00 AM 14336]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
*Deregistered* - mchInjDrv
*Deregistered* - PROCEXP113

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2009-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-28 23:53]

2009-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-28 23:53]

2009-11-13 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-02-09 20:06]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-13 03:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-11-13 03:06
ComboFix-quarantined-files.txt 2009-11-13 08:06
ComboFix2.txt 2009-11-12 10:16
ComboFix3.txt 2009-11-08 04:35

Pre-Run: 65,053,515,776 bytes free
Post-Run: 65,239,519,232 bytes free

- - End Of File - - 9A8555144C3B5142D87860D847A43A9A
Upload was successful

#10 Raktor

Raktor

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,114 posts

Posted 13 November 2009 - 06:49 AM

1) MBAM
Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

2) ESET
You can use either Internet Explorer or Mozilla FireFox for this scan.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

3) What You Will Need To Post:
  • MBAM log
  • ESET log
  • How your PC is performing now

Posted Image
Graduate from the WTT Malware Classroom
If you feel I have helped you, please consider a donation. Posted Image
Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

    Advertisements

Register to Remove


#11 mesa215

mesa215

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts
  • Interests:Reading Books<br />Writing Poetry<br />Music

Posted 14 November 2009 - 12:11 AM

I installed and ran MBAM. I allowed it to update. I ran the scan and removed all. I then rebooted the computer as asked. Here is the log: Malwarebytes' Anti-Malware 1.41 Database version: 3168 Windows 5.1.2600 Service Pack 3 11/14/2009 12:07:49 AM mbam-log-2009-11-14 (00-07-49).txt Scan type: Quick Scan Objects scanned: 118462 Time elapsed: 11 minute(s), 33 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\win32k.sys (Trojan.Dropper) -> Quarantined and deleted successfully. __________________________________________________________________________ I then installed ESET and set it to scan archives. I did not remove anything. I checked the potentially unwanted applications, unsafe applications, and enabled AntiStealth Tech. Here is the log: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=bfa243a1861f3c419c46b91d8650fac9 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2009-11-14 06:48:58 # local_time=2009-11-14 01:48:58 (-0500, Eastern Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=2561 16777189 100 85 0 19170405 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=54246 # found=5 # cleaned=0 # scan_time=2250 C:\Program Files\Max Spyware Detector\LiveUpdate.exe a variant of Win32/MaxPCsecure application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\msa.exe.vir a variant of Win32/Kryptik.AXQ trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\eventlog.dll.vir Win32/Sirefef.A trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{ED174C6A-51AE-4E79-B174-D92052E90A13}\RP79\A0021672.exe a variant of Win32/Kryptik.AXQ trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{ED174C6A-51AE-4E79-B174-D92052E90A13}\RP79\A0021673.dll Win32/Sirefef.A trojan 00000000000000000000000000000000 I _______________________________________________________________ I have just finished doing the scans. I am unsure how the computer is running overall. I do know that it took a long time for my "my computer" folder to open so I could retrieve the ESET log file.

Edited by mesa215, 14 November 2009 - 01:43 AM.


#12 Raktor

Raktor

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,114 posts

Posted 14 November 2009 - 02:20 AM

Please delete the folder C:\Program Files\Max Spyware Detector.

For a bit of a speed up....

1) TFC
Please download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should reboot your machine, if not, manually reboot to ensure a complete clean

2) chkdsk
  • Close any open windows.
  • Go to the Start Menu, Run, type in cmd.exe and press enter
  • In the command window that appears, type chkdsk /r, and press enter
  • Agree to any prompts - then reboot the computer.
  • chkdsk should run as you boot the machine up - this will check the harddrive for damaged sectors and attempt to repair them.

3) Defrag
  • Close any open windows.
  • Go to the Start Menu, Progams, Accessories, System Tools, Defrag
  • Defrag all drives in the Disk Defragmenter

Reboot, then let me know the performance. :)
Posted Image
Graduate from the WTT Malware Classroom
If you feel I have helped you, please consider a donation. Posted Image
Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

#13 mesa215

mesa215

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts
  • Interests:Reading Books<br />Writing Poetry<br />Music

Posted 14 November 2009 - 03:12 PM

I ran TFC, checkdisk, and defragged the computer. The start up is still a little slow. The music still pops up on its own though. Is there anything else?

#14 Raktor

Raktor

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,114 posts

Posted 14 November 2009 - 07:18 PM

Run a new DDS scan for me, so I can see what's running on startup and currently; we'll see if there's anything we can get rid of.
Posted Image
Graduate from the WTT Malware Classroom
If you feel I have helped you, please consider a donation. Posted Image
Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

#15 mesa215

mesa215

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts
  • Interests:Reading Books<br />Writing Poetry<br />Music

Posted 16 November 2009 - 07:35 AM

I ran the DDS and here is the log: DDS (Ver_09-10-26.01) - NTFSx86 Run by Sara & Yashe at 8:31:05.22 on Mon 11/16/2009 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1454 [GMT -5:00] AV: PC Tools AntiVirus 6.1.0.25 *On-access scanning enabled* (Updated) {832E7172-E406-4bb2-8B19-6D29F2C93A98} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\system32\svchost -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Max Spyware Detector\MaxWatchDogService.exe C:\Program Files\Max Spyware Detector\MaxActMon.exe C:\Program Files\Digiarty\WinX DVD Author 5.5\NMSAccessU.exe C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\PRISMSVC.EXE C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\PRISMSVR.EXE C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\PC Tools AntiVirus\PCTAV.exe C:\Program Files\Max Spyware Detector\MaxSDTray.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Sara & Yashe\Desktop\dds.scr C:\WINDOWS\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll BHO: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll TB: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe" mRun: [CTSysVol] "c:\program files\creative\sound blaster live! 24-bit\surround mixer\CTSysVol.exe" /r mRun: [P17Helper] "Rundll32" P17.dll,P17Helper mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume mRun: [SoundMAXPnP] "c:\program files\analog devices\core\smax4pnp.exe" mRun: [Microsoft Works Update Detection] "c:\program files\common files\microsoft shared\works shared\WkUFind.exe" mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [PCTAVApp] "c:\program files\pc tools antivirus\PCTAV.exe" /MONITORSCAN mRun: [SDActiveMonitor] c:\program files\max spyware detector\MaxSDTray.exe "-AUTO" mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1255881411109 DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Notify: PRISMAPI.DLL - PRISMAPI.DLL ============= SERVICES / DRIVERS =============== R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-11-7 206256] R2 MaxWatchDogService;MaxWatchDogService;c:\program files\max spyware detector\MaxWatchDogService.exe [2009-11-7 426928] R2 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [2009-10-18 61526] R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512] R3 SDActMon;SDActMon;c:\program files\max spyware detector\SDActMon.sys [2009-11-7 30128] S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?] S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?] S2 gupdate1ca5829d41396fc;Google Update Service (gupdate1ca5829d41396fc);c:\program files\google\update\GoogleUpdate.exe [2009-10-28 133104] S3 getPlusHelper;getPlus® Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2004-8-10 14336] S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?] =============== Created Last 30 ================ 2009-11-14 05:17:45 0 d-----w- c:\program files\ESET 2009-11-14 04:48:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-14 04:48:35 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-14 04:48:35 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-13 07:52:38 0 d-----w- C:\ComboFix 2009-11-12 09:59:58 98816 ----a-w- c:\windows\sed.exe 2009-11-12 01:49:09 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll 2009-11-12 01:49:09 8192 ----a-w- c:\windows\system32\kbdkor.dll 2009-11-12 01:49:08 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll 2009-11-12 01:49:08 8704 ----a-w- c:\windows\system32\kbdjpn.dll 2009-11-12 01:49:08 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll 2009-11-12 01:49:08 6144 ----a-w- c:\windows\system32\kbd101c.dll 2009-11-12 01:49:08 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll 2009-11-12 01:49:08 5632 ----a-w- c:\windows\system32\kbd103.dll 2009-11-12 01:49:04 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll 2009-11-12 01:49:04 6144 ----a-w- c:\windows\system32\kbd101b.dll 2009-11-12 01:49:03 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll 2009-11-12 01:49:03 6144 ----a-w- c:\windows\system32\kbd106.dll 2009-11-09 03:55:59 0 ----a-w- c:\documents and settings\sara & yashe\settings.dat 2009-11-08 23:06:34 0 d-----w- c:\program files\MSXML 4.0 2009-11-08 04:41:54 0 d-----w- c:\docume~1\sara&y~1\applic~1\PC Tools 2009-11-08 04:40:50 0 d-----w- c:\program files\Max Spyware Detector 2009-11-08 04:40:28 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2009-11-08 04:40:28 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat 2009-11-08 04:40:28 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2009-11-08 04:40:17 0 d-----w- c:\program files\common files\PC Tools 2009-11-08 04:40:16 28560 ----a-w- c:\windows\system32\drivers\AVHook.sys 2009-11-08 04:40:16 21904 ----a-w- c:\windows\system32\drivers\AVRec.sys 2009-11-08 04:40:16 21904 ----a-w- c:\windows\system32\drivers\AVFilter.sys 2009-11-08 04:40:00 0 d-----w- c:\program files\PC Tools AntiVirus 2009-11-08 04:26:32 0 d-sha-r- C:\cmdcons 2009-11-08 04:25:49 77312 ----a-w- c:\windows\MBR.exe 2009-11-08 04:25:49 260608 ----a-w- c:\windows\PEV.exe 2009-11-08 04:25:49 161792 ----a-w- c:\windows\SWREG.exe 2009-11-08 04:12:35 0 d-----w- c:\docume~1\sara&y~1\applic~1\Malwarebytes 2009-11-08 04:12:30 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-11-08 03:47:05 0 d-----w- c:\docume~1\alluse~1\applic~1\SITEguard 2009-11-08 03:46:11 0 d-----w- c:\program files\common files\iS3 2009-11-08 03:44:45 0 d-----w- c:\program files\Trend Micro 2009-11-08 03:30:17 0 d-----w- c:\program files\Spybot - Search & Destroy 2009-11-08 03:30:17 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2009-11-08 02:24:01 0 d-----w- c:\program files\Ask.com 2009-11-08 02:23:40 0 d-----w- c:\program files\MSSOAP 2009-11-08 02:23:22 0 d-----w- c:\docume~1\sara&y~1\applic~1\Webroot 2009-11-08 02:19:21 164 ----a-w- c:\windows\install.dat 2009-11-07 09:53:33 0 d-----w- c:\program files\common files\xing shared 2009-11-07 09:53:13 0 d-----w- c:\program files\common files\Real 2009-11-07 07:49:10 0 d-----w- c:\docume~1\sara&y~1\applic~1\Spam Monitor 2009-11-07 07:43:43 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools 2009-11-05 02:54:20 0 d-----w- c:\docume~1\sara&y~1\applic~1\AIMPro 2009-11-05 02:40:05 0 d-----w- c:\program files\common files\Nullsoft 2009-11-05 02:39:56 0 d-----w- c:\program files\AIM 2009-11-02 20:39:43 0 d-----w- c:\docume~1\alluse~1\applic~1\Vantage 2009-11-02 20:39:33 0 d-----w- c:\docume~1\sara&y~1\applic~1\Vantage 2009-11-02 20:39:29 0 d-----w- c:\program files\Vantage Technologies 2009-10-31 16:52:32 0 d-----w- c:\docume~1\sara&y~1\applic~1\Alawar 2009-10-31 05:11:34 0 d-----w- c:\docume~1\sara&y~1\applic~1\GTM_Bodie 2009-10-28 23:54:00 0 d-----w- c:\program files\Zylom Games 2009-10-28 23:54:00 0 d-----w- c:\docume~1\alluse~1\applic~1\Zylom 2009-10-28 23:42:38 0 d-----w- c:\docume~1\alluse~1\applic~1\HipSoft 2009-10-28 09:44:22 0 d-----w- c:\windows\system32\appmgmt 2009-10-28 08:42:53 0 d-----w- c:\docume~1\alluse~1\applic~1\Princess Isabella 2009-10-28 08:40:05 0 d-----w- C:\GameHouse Games 2009-10-28 08:39:14 0 d-----w- c:\program files\RealArcade 2009-10-28 07:00:22 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2 2009-10-27 16:27:46 0 d-----w- c:\program files\common files\HP 2009-10-27 16:25:51 0 d-----w- c:\program files\common files\Hewlett-Packard 2009-10-27 16:25:16 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys 2009-10-27 16:25:11 51120 ----a-r- c:\windows\system32\drivers\HPZid412.sys 2009-10-27 16:24:46 21744 ----a-r- c:\windows\system32\drivers\HPZius12.sys 2009-10-27 16:24:04 94208 ----a-w- c:\windows\system32\HPZipt12.dll 2009-10-27 16:24:04 69632 ----a-w- c:\windows\system32\HPZipm12.exe 2009-10-27 16:24:04 61440 ----a-w- c:\windows\system32\HPZinw12.exe 2009-10-27 16:24:04 57344 ----a-w- c:\windows\system32\HPZisn12.dll 2009-10-27 16:24:04 278584 ----a-w- c:\windows\system32\HPZidr12.dll 2009-10-27 16:24:04 204800 ----a-w- c:\windows\system32\HPZipr12.dll 2009-10-27 16:24:02 306688 ----a-w- c:\windows\IsUninst.exe 2009-10-26 22:09:12 0 d-----w- c:\program files\Digiarty 2009-10-26 21:04:36 0 d-----w- c:\docume~1\sara&y~1\applic~1\IObit 2009-10-26 21:04:35 0 d-----w- c:\program files\IObit 2009-10-25 01:18:57 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll 2009-10-25 01:18:18 0 d-----w- c:\temp\MTGOInstall 2009-10-25 01:18:18 0 d-----w- C:\Temp 2009-10-25 01:11:06 0 d-----w- c:\docume~1\sara&y~1\applic~1\Wizards of the Coast 2009-10-25 01:10:53 0 d-----w- c:\program files\Wizards of the Coast 2009-10-25 00:58:22 0 d-----w- c:\docume~1\alluse~1\applic~1\Trymedia 2009-10-25 00:51:22 0 d-----w- c:\docume~1\sara&y~1\applic~1\MagicBall4 2009-10-25 00:50:15 0 d-----w- c:\program files\ReflexiveArcade 2009-10-19 05:44:44 1089593 -c----w- c:\windows\system32\dllcache\ntprint.cat 2009-10-19 01:20:15 0 d-----w- c:\windows\system32\XPSViewer 2009-10-19 01:19:36 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-10-19 01:19:36 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-10-19 01:19:36 117760 ------w- c:\windows\system32\prntvpt.dll 2009-10-19 01:19:35 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-10-19 01:19:35 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-10-19 01:19:35 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-10-19 01:19:35 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-10-19 01:19:34 0 d-----w- C:\a77d5422197f8a293a93ceaf97fafe2f 2009-10-19 01:14:15 501912 ----a-w- c:\windows\system32\PICSDK2.dll 2009-10-19 01:14:15 31053 ----a-w- c:\windows\system32\EPPICPattern131.dat 2009-10-19 01:14:15 27417 ----a-w- c:\windows\system32\EPPICPattern121.dat 2009-10-19 01:14:15 108704 ----a-w- c:\windows\system32\PICEntry.dll 2009-10-19 00:35:58 0 d-----w- C:\EPSONREG 2009-10-19 00:34:22 11776 ----a-w- c:\windows\system32\drivers\afc.sys 2009-10-19 00:32:02 264886 ----a-w- c:\windows\EPSTPLOG.BAK 2009-10-19 00:31:25 44 ----a-w- c:\windows\EPCX4800.ini 2009-10-19 00:30:42 0 d-----w- c:\program files\EPSON 2009-10-19 00:30:34 79679 ----a-w- c:\windows\system32\E_FLMADA.DLL 2009-10-19 00:30:34 64000 ----a-w- c:\windows\system32\E_FBCBADA.DLL 2009-10-19 00:30:34 34304 ----a-w- c:\windows\system32\E_FBCHADA.DLL 2009-10-19 00:29:48 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys 2009-10-19 00:29:48 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys 2009-10-19 00:29:33 22016 ----a-w- c:\windows\system32\esccmd.dll 2009-10-19 00:29:32 46080 ----a-w- c:\windows\system32\escimgd.dll 2009-10-19 00:29:32 29696 ----a-w- c:\windows\system32\escwiad.dll 2009-10-19 00:29:30 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2009-10-19 00:29:30 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2009-10-18 23:56:17 274288 ----a-w- c:\windows\system32\mucltui.dll 2009-10-18 23:56:17 16736 ----a-w- c:\windows\system32\mucltui.dll.mui 2009-10-18 20:00:08 929 ----a-w- c:\windows\system32\drivers\ativcaxx.vp 2009-10-18 20:00:08 6684672 ----a-w- c:\windows\system32\atioglx1.dll 2009-10-18 20:00:08 6005 ----a-w- c:\windows\system32\atifglpf.xml 2009-10-18 20:00:08 58560 ----a-w- c:\windows\system32\drivers\ativckxx.vp 2009-10-18 20:00:08 40960 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2009-10-18 20:00:08 27232 ----a-w- c:\windows\system32\drivers\ativvpxx.vp 2009-10-18 20:00:08 151552 ----a-w- c:\windows\system32\atikvmag.dll 2009-10-18 20:00:08 114630 ----a-w- c:\windows\system32\atiicdxx.dat 2009-10-18 20:00:08 1114674 ----a-w- c:\windows\system32\drivers\ativcaxx.cpa 2009-10-18 20:00:00 5 ----a-w- c:\windows\system32\drivers\DELL_DIM_4700.MRK 2009-10-18 20:00:00 5 ----a-w- c:\windows\system32\drivers\1028_DELL_DIM_4700.MRK 2009-10-18 19:57:50 0 d-----w- c:\program files\Dell 2009-10-18 19:57:10 0 d-----w- c:\docume~1\alluse~1\applic~1\Prism 2009-10-18 19:57:08 61526 ----a-w- c:\windows\system32\PRISMSVC.exe 2009-10-18 19:57:08 49152 ----a-w- c:\windows\system32\StopSrvr.exe 2009-10-18 19:57:08 450646 ----a-w- c:\windows\system32\PRISMAPI.dll 2009-10-18 19:57:08 381014 ----a-w- c:\windows\system32\PRISMSVR.exe 2009-10-18 19:57:08 0 d-----w- c:\program files\Dell Wireless 2009-10-18 19:57:05 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys 2009-10-18 19:57:05 1396827 ----a-w- c:\windows\system32\PRISME5.dll 2009-10-18 19:53:43 588 ----a-w- c:\windows\system32\settingsbkup.sfm 2009-10-18 19:53:43 588 ----a-w- c:\windows\system32\settings.sfm 2009-10-18 19:30:33 62976 -c----w- c:\windows\system32\dllcache\cdrom.sys 2009-10-18 19:30:32 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll 2009-10-18 19:30:32 465920 ------w- c:\windows\system32\imapi2fs.dll 2009-10-18 19:30:32 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll 2009-10-18 19:30:32 317952 ------w- c:\windows\system32\imapi2.dll 2009-10-18 18:48:27 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys 2009-10-18 18:26:36 0 d-----w- c:\program files\Essentials Codec Pack 2009-10-18 18:21:21 0 d-----w- c:\program files\VideoLAN 2009-10-18 17:54:58 0 d-----w- c:\docume~1\sara&y~1\applic~1\LimeWire 2009-10-18 17:54:40 0 d-----w- c:\program files\LimeWire 2009-10-18 17:51:35 0 d-----w- c:\program files\Microsoft 2009-10-18 17:50:35 73728 ----a-w- c:\windows\system32\javacpl.cpl 2009-10-18 17:50:35 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-10-18 17:45:30 0 d-----w- c:\windows\system32\Adobe 2009-10-18 16:16:20 376 ----a-w- c:\windows\ODBC.INI 2009-10-18 16:16:15 28040 ----a-w- c:\windows\system32\mdimon.dll 2009-10-18 16:15:23 0 d-----w- c:\program files\Microsoft ActiveSync 2009-10-18 16:13:32 0 d-----w- c:\windows\SHELLNEW 2009-10-18 16:04:42 0 d-----w- c:\program files\Microsoft Picture It! 9 2009-10-18 15:59:23 0 d-----w- c:\program files\Microsoft Works Suite 2004 2009-10-18 15:50:27 0 d-sh--w- c:\documents and settings\sara & yashe\IECompatCache 2009-10-18 15:49:58 0 d-sh--w- c:\documents and settings\sara & yashe\PrivacIE 2009-10-18 15:38:58 331776 ------w- c:\windows\system32\CTMEDENG.DLL 2009-10-18 15:38:57 24576 ----a-w- c:\windows\system32\CTMERes.DLL 2009-10-18 15:38:57 139264 ----a-w- c:\windows\system32\Video.skn 2009-10-18 15:38:20 692 ----a-w- c:\windows\system32\USBAudio.cpl.manifest 2009-10-18 15:38:20 45390 ----a-w- c:\windows\system32\usbaudio.chm 2009-10-18 15:38:20 176128 ----a-w- c:\windows\system32\USBAudio.cpl 2009-10-18 15:38:20 135168 ----a-w- c:\windows\system32\USBAudio.crl 2009-10-18 15:37:29 0 d-----w- c:\program files\Creative 2009-10-18 15:12:11 0 d-----w- c:\windows\system32\scripting 2009-10-18 15:12:10 0 d-----w- c:\windows\system32\en 2009-10-18 15:12:10 0 d-----w- c:\windows\system32\bits 2009-10-18 15:12:10 0 d-----w- c:\windows\l2schemas 2009-10-18 15:08:56 0 d-----w- c:\windows\network diagnostic 2009-10-18 12:45:00 0 d-----w- c:\windows\system32\ReinstallBackups 2009-10-18 12:42:08 520192 ------w- c:\windows\system32\ati2sgag.exe 2009-10-18 12:41:29 0 d-----w- c:\program files\ATI Technologies 2009-10-18 12:36:10 1902 ------w- c:\windows\system32\SetupBD.din 2009-10-18 12:35:20 5110 ----a-w- c:\windows\system32\e100b325.din 2009-10-18 12:35:20 24064 ----a-w- c:\windows\system32\IntelNic.dll 2009-10-18 12:35:20 154112 -c--a-w- c:\windows\system32\dllcache\e100b325.sys 2009-10-18 12:35:20 154112 ----a-w- c:\windows\system32\drivers\e100b325.sys 2009-10-18 12:35:20 12288 ----a-w- c:\windows\system32\e100bmsg.dll 2009-10-18 12:35:20 118784 ----a-w- c:\windows\system32\Prounstl.exe 2009-10-18 12:35:20 0 d-----w- C:\drvrtmp 2009-10-18 12:30:09 6272 ----a-w- c:\windows\system32\drivers\splitter.sys 2009-10-18 12:30:07 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys 2009-10-18 12:30:05 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys 2009-10-18 12:28:56 65536 ----a-w- c:\windows\system32\Audio3d.dll 2009-10-18 12:28:56 0 d-----w- c:\windows\VirtualEar 2009-10-18 12:28:55 991232 ----a-w- c:\windows\system32\virtear.dll 2009-10-18 12:28:53 0 d-----w- c:\program files\Analog Devices 2009-10-18 12:28:52 49152 ----a-w- c:\windows\system32\DSndUp.exe 2009-10-18 12:28:52 45056 ----a-w- c:\windows\system32\CleanUp.exe 2009-10-18 12:28:14 260352 ----a-w- c:\windows\system32\drivers\smwdm.sys 2009-10-18 12:28:12 732928 ----a-w- c:\windows\system32\drivers\senfilt.sys 2009-10-18 12:28:12 23040 ----a-w- c:\windows\system32\PostProc.dll 2009-10-18 12:28:11 311296 ----a-w- c:\windows\system32\Edcrypt.dll 2009-10-18 12:28:10 765952 ----a-w- c:\windows\system\crlds3d.dll 2009-10-18 12:26:38 446464 ----a-r- c:\windows\system32\hhactivex.dll 2009-10-18 12:26:38 176128 ----a-w- c:\windows\system32\RcdScan.dll 2009-10-18 12:26:37 645616 ----a-w- c:\windows\system32\MSCOMCT2.OCX 2009-10-18 12:26:37 414944 ----a-w- c:\windows\system32\COMCT332.OCX 2009-10-18 12:26:37 328480 ----a-w- c:\windows\system32\ssa3d30.ocx 2009-10-18 12:26:35 7348 ----a-w- c:\windows\system32\Odbcjet.cnt 2009-10-18 12:26:35 171967 ----a-w- c:\windows\system32\Odbcjet.hlp 2009-10-18 12:26:29 89360 ----a-w- c:\windows\system32\VB5DB.DLL 2009-10-18 12:26:21 13632 ------w- c:\windows\system32\drivers\omci.sys 2009-10-18 08:30:51 0 d-sh--w- c:\documents and settings\sara & yashe\IETldCache 2009-10-18 08:25:06 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-10-18 08:25:05 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2009-10-18 08:25:04 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2009-10-18 08:25:04 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-10-18 08:25:04 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2009-10-18 08:25:03 11069440 -c----w- c:\windows\system32\dllcache\ieframe.dll 2009-10-18 08:24:55 0 d-----w- c:\windows\ie8updates 2009-10-18 08:24:42 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll 2009-10-18 08:21:50 0 dc-h--w- c:\windows\ie8 2009-10-18 06:41:07 0 d-----w- c:\windows\ServicePackFiles 2009-10-18 04:22:55 11868 ------w- c:\windows\system32\drivers\mdmxsdk.sys 2009-10-18 04:18:23 73216 ------w- c:\windows\system32\drivers\atintuxx.sys 2009-10-18 04:02:44 0 d-sh--w- c:\documents and settings\sara & yashe\UserData 2009-10-18 03:39:47 499712 ----a-w- c:\windows\system32\CheckDll.dll 2009-10-18 03:31:07 123 ----a-w- c:\windows\system\SysSD.dll 2009-10-18 03:29:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2009-10-18 03:29:09 272128 ------w- c:\windows\system32\drivers\bthport.sys 2009-10-18 03:28:09 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys 2009-10-18 03:28:08 333952 -c----w- c:\windows\system32\dllcache\srv.sys 2009-10-18 03:28:07 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-10-18 03:28:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll 2009-10-18 03:27:50 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll 2009-10-18 03:27:04 2560 ------w- c:\windows\system32\xpsp4res.dll 2009-10-18 03:27:04 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe 2009-10-18 03:26:15 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll 2009-10-18 03:26:15 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll 2009-10-18 03:26:15 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll 2009-10-18 03:26:15 284160 -c----w- c:\windows\system32\dllcache\pdh.dll 2009-10-18 03:26:15 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe 2009-10-18 03:26:15 110592 -c----w- c:\windows\system32\dllcache\services.exe 2009-10-18 03:26:14 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll 2009-10-18 03:26:14 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll 2009-10-18 03:26:14 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll 2009-10-18 03:26:14 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-10-18 03:26:13 2189184 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2009-10-18 03:26:13 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2009-10-18 03:25:36 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2009-10-18 03:21:42 0 d-----w- c:\windows\system32\PreInstall 2009-10-18 03:18:03 0 d-----w- c:\windows\RegisteredPackages 2009-10-18 03:16:25 46592 ------w- c:\windows\system32\drivers\irbus.sys 2009-10-18 03:16:25 19200 ------w- c:\windows\system32\drivers\hidir.sys 2009-10-18 03:15:25 26144 ----a-w- c:\windows\system32\spupdsvc.exe 2009-10-18 03:13:32 0 d-----w- c:\windows\system32\URTTemp 2009-10-18 03:13:12 0 d-----w- c:\program files\RGB 2009-10-18 03:11:25 0 d-----w- c:\program files\DIGStream 2009-10-18 03:11:23 0 d-----w- c:\program files\ESPNMotion 2009-10-18 03:11:21 0 d-----w- c:\program files\GemMaster 2009-10-18 03:11:19 0 d-----w- c:\program files\EnglishOtto 2009-10-18 03:06:45 0 d-----w- c:\windows\system32\SoftwareDistribution 2009-10-18 03:02:17 0 d-s---w- c:\windows\system32\Microsoft 2009-10-18 02:51:48 0 d-sh--w- c:\documents and settings\all users\DRM 2009-10-18 02:51:30 0 d--h--w- c:\program files\WindowsUpdate 2009-10-18 02:50:49 0 d-----w- c:\program files\common files\MSSoap 2009-10-18 02:48:32 0 d-----w- c:\program files\Windows Plus 2009-10-18 02:47:31 0 d-----w- c:\program files\Messenger 2009-10-18 02:47:28 0 d-----w- c:\program files\MSN Gaming Zone 2009-10-18 02:46:59 0 d-----w- c:\program files\Windows NT 2009-10-17 21:39:47 0 d-----w- c:\program files\common files\ODBC 2009-10-17 21:39:44 0 d-----w- c:\program files\common files\SpeechEngines 2009-10-17 21:39:25 0 d-----r- c:\documents and settings\all users\Documents ==================== Find3M ==================== 2009-11-07 09:53:17 499712 ----a-w- c:\windows\system32\msvcp71.dll 2009-11-07 09:53:17 348160 ----a-w- c:\windows\system32\msvcr71.dll 2009-10-18 02:49:23 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2009-09-25 05:48:59 81920 ------w- c:\windows\system32\ieencode.dll 2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 08:08:21 916480 ------w- c:\windows\system32\wininet.dll 2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll 2001-03-30 17:04:42 32768 --sha-r- c:\windows\system32\pcrelayin.dll ============= FINISH: 8:31:30.76 ===============

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users