Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93112 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Dns Hijacker

Started by skorpion_1978 , Sep 10 2007 12:39 PM

  • Please log in to reply
5 replies to this topic

#1 skorpion_1978

skorpion_1978

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 10 September 2007 - 12:39 PM

When using browser Google, and clicking on one or other of the items on the results list, I am railroaded into viewing suggestions by sestat, hrena and similar - they are all clones of each other - about totally unrelated subjects. I use Ad-Aware, Spybot, and AVG , but none finds sestat and co, or identifies them as potential threats. Can you help me to eradicate them, please? My most recent HJL is below:

Logfile of HijackThis v1.99.1
Scan saved at 20:24:28, on 10.9.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\OnLine Brojac v.7.0\onlinebrojac.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\ScanPanel\ScnPanel.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\Hijackthis\HijackThis.exe

----------------------------------------------------------

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.net.hr/
O1 - Hosts file is located at: C:\WINDOWS\System32\drivers\etc\hosts
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [OnLineBrojac] C:\Program Files\OnLine Brojac v.7.0\onlinebrojac.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ScanPanel.lnk = C:\ScanPanel\ScnPanel.exe
O8 - Extra context menu item: I&zvoz u Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Istraživanje - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Skype\Plugin Manager\Skype4COM.dll
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Can somebody help me what should I check and fix of listed items?

Thanks.

    Advertisements

Register to Remove

#2 jwbirdsong

jwbirdsong

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts

Posted 10 September 2007 - 07:03 PM

Download Combofix to your desktop.
Doubleclick combofix.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply .

#3 skorpion_1978

skorpion_1978

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 11 September 2007 - 11:14 AM

This is my Combofix log:


ComboFix 07-09-10.6 - "Goranov" 2007-09-11 18:41:41.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.385.1033.18.158 [GMT 2:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\ALLUSE~1\APPLIC~1\pdfdoc2.dll
C:\WINDOWS\system32\26198265978256.exe
C:\WINDOWS\system32\29158153268263.exe
C:\WINDOWS\system32\29260281658227.exe
C:\WINDOWS\system32\kdszm.exe


((((((((((((((((((((((((( Files Created from 2007-08-11 to 2007-09-11 )))))))))))))))))))))))))))))))
.

2007-09-11 18:30 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-09 21:08 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
2007-09-09 17:37 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2007-09-09 17:33 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2007-09-09 16:04 <DIR> d-------- C:\Program Files\CCleaner
2007-09-09 15:19 <DIR> d-------- C:\DOCUME~1\Goranov\APPLIC~1\Lavasoft
2007-09-09 15:13 <DIR> d-------- C:\DOCUME~1\Goranov\APPLIC~1\Hot Keyboard
2007-09-05 18:50 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-05 18:42 <DIR> d-------- C:\HJT
2007-09-03 16:54 <DIR> d-------- C:\Program Files\WebSite X5 Evolution
2007-08-24 21:44 <DIR> d-------- C:\DOCUME~1\Goranov\APPLIC~1\OrgPlus7
2007-08-24 21:42 47,024 --a------ C:\WINDOWS\system32\msxml4a.dll
2007-08-24 21:42 <DIR> d-------- C:\Program Files\HumanConcepts
2007-08-24 21:42 <DIR> d-------- C:\Program Files\Common Files\HumanConcepts
2007-08-21 22:23 <DIR> d-------- C:\Program Files\uTorrent
2007-08-21 22:23 <DIR> d-------- C:\DOCUME~1\Goranov\APPLIC~1\uTorrent
2007-08-19 17:29 <DIR> d-------- C:\Program Files\MSXML 4.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-11 18:43 --------- d-------- C:\DOCUME~1\Goranov\APPLIC~1\Skype
2007-09-06 23:01 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-02 15:35 --------- d-------- C:\Program Files\OnLine Brojac v.7.0
2007-08-21 22:04 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
2007-08-19 21:42 --------- d-------- C:\Program Files\MSN Messenger
2007-08-10 19:08 --------- d-------- C:\DOCUME~1\Goranov\APPLIC~1\AlcaTech
2007-08-10 19:08 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AlcaTech
2007-07-18 15:52 94528 --a------ C:\WINDOWS\system32\drivers\mmrtkrnl.sys
2007-06-13 12:23 1033216 --a------ C:\WINDOWS\explorer.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2002-10-11 19:26]
"CARPService"="carpserv.exe" [2001-12-23 13:02 C:\WINDOWS\system32\carpserv.exe]
"OnLineBrojac"="C:\Program Files\OnLine Brojac v.7.0\onlinebrojac.exe" [2004-11-01 13:13]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe" [2006-05-03 03:56]
"RemoteControl"="C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe" [2003-10-31 20:42]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 18:38]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-06-28 21:15]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:07]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-11-06 11:09]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
ScanPanel.lnk - C:\ScanPanel\ScnPanel.exe [2007-02-22 18:15:36]

C:\DOCUME~1\Goranov\STARTM~1\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

R2 StreamDispatcher;StreamDispatcher;C:\WINDOWS\system32\DRIVERS\strmdisp.sys
R3 HCW848NT;Hauppauge Win/TV;C:\WINDOWS\system32\DRIVERS\hcw848nt.sys
S3 UnlockerDriver4;UnlockerDriver4 Driver;\??\C:\Program Files\Unlocker\UnlockerDriver4.sys
S3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;"C:\Program Files\MSN Messenger\usnsvc.exe"

.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-11 18:48:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-11 18:51:01 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-11 18:50
.
--- E O F--

And this is Combofix quarantined files log:

2007-03-12 20:03	  1024	--a------	C:\Qoobox\Quarantine\C\DOCUME~1\ALLUSE~1\APPLIC~1\pdfdoc2.dll.vir
2007-06-13 12:23	  71169	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\kdszm.exe.vir
2007-07-08 21:23	  15399	--a------	C:\Qoobox\Quarantine\C\ComboFix\FProps.vbs.vir
2007-07-15 02:14	  28018	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\29158153268263.exe.vir
2007-07-15 02:14	  28018	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\29260281658227.exe.vir
2007-07-15 02:14	  8451	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\26198265978256.exe.vir
2007-09-11 18:45	  29506	--a------	C:\Qoobox\Quarantine\Registry_backups\winlogon.reg.cf


Folder PATH listing
Volume serial number is 4430-B971
C:\QOOBOX\QUARANTINE
+---C
|   +---ComboFix
|   |	   FProps.vbs.vir
|   |	   
|   +---DOCUME~1
|   |   \---ALLUSE~1
|   |	   \---APPLIC~1
|   |			   pdfdoc2.dll.vir
|   |			   
|   \---WINDOWS
|	   \---system32
|			   26198265978256.exe.vir
|			   29158153268263.exe.vir
|			   29260281658227.exe.vir
|			   kdszm.exe.vir
|			   
\---Registry_backups
		winlogon.reg.cf

#4 jwbirdsong

jwbirdsong

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts

Posted 12 September 2007 - 09:10 AM

Open notepad and copy/paste the text in the quotebox below into it:

http://forums.whatth...ker_t83133.html

Suspect::
C:\WINDOWS\system32\windrv.sys


Save this as CFScript.txt


Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you at C:ComboFix.txt. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis.

Ensure you are connected to the internet and click OK on the message box. A browser will open. Simply follow the instructions to copy/paste/send the requested file.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report and the Combofix log

#5 skorpion_1978

skorpion_1978

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 12 September 2007 - 12:44 PM

I scanned my PC with Combofix as you suggested and the problem with the railroading to hrena.com, aicse.com etc seams to be resolved. I got no longer redirected to those stupid pages and my browser is functionig OK as it was before infection.

Thanks for the help jwbirdsong!

This is my today's combofix log as you asked me to post it.


ComboFix 07-09-10.6 - "Goranov" 2007-09-12 18:24:20.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.385.1033.18.262 [GMT 2:00]
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-08-12 to 2007-09-12 )))))))))))))))))))))))))))))))
.

2007-09-12 17:52 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-12 17:52 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-12 17:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-12 17:50 <DIR> d-------- C:\Program Files\BillP Studios
2007-09-12 17:50 <DIR> d-------- C:\DOCUME~1\Goranov\APPLIC~1\WinPatrol
2007-09-12 17:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-12 17:07 <DIR> d-------- C:\Program Files\Azureus
2007-09-12 17:07 <DIR> d-------- C:\DOCUME~1\Goranov\APPLIC~1\Azureus
2007-09-12 17:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
2007-09-12 16:45 <DIR> d-------- C:\DOCUME~1\Goranov\APPLIC~1\IE7pro
2007-09-11 23:03 1,156 --a------ C:\WINDOWS\mozver.dat
2007-09-11 21:17 0 --a------ C:\WINDOWS\nsreg.dat
2007-09-11 19:39 <DIR> d-------- C:\Program Files\ALCATech
2007-09-11 18:30 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-09 21:08 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
2007-09-09 17:37 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2007-09-09 17:33 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2007-09-09 16:04 <DIR> d-------- C:\Program Files\CCleaner
2007-09-09 15:19 <DIR> d-------- C:\DOCUME~1\Goranov\APPLIC~1\Lavasoft
2007-09-09 15:13 <DIR> d-------- C:\DOCUME~1\Goranov\APPLIC~1\Hot Keyboard
2007-09-05 18:50 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-05 18:42 <DIR> d-------- C:\HJT
2007-09-03 16:54 <DIR> d-------- C:\Program Files\WebSite X5 Evolution
2007-08-24 21:44 <DIR> d-------- C:\DOCUME~1\Goranov\APPLIC~1\OrgPlus7
2007-08-24 21:42 47,024 --a------ C:\WINDOWS\system32\msxml4a.dll
2007-08-24 21:42 <DIR> d-------- C:\Program Files\HumanConcepts
2007-08-24 21:42 <DIR> d-------- C:\Program Files\Common Files\HumanConcepts
2007-08-21 22:23 <DIR> d-------- C:\Program Files\uTorrent
2007-08-21 22:23 <DIR> d-------- C:\DOCUME~1\Goranov\APPLIC~1\uTorrent
2007-08-19 17:29 <DIR> d-------- C:\Program Files\MSXML 4.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-12 18:26 --------- d-------- C:\DOCUME~1\Goranov\APPLIC~1\Skype
2007-09-12 17:21 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-02 15:35 --------- d-------- C:\Program Files\OnLine Brojac v.7.0
2007-08-21 22:04 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
2007-08-19 21:42 --------- d-------- C:\Program Files\MSN Messenger
2007-08-10 19:08 --------- d-------- C:\DOCUME~1\Goranov\APPLIC~1\AlcaTech
2007-08-10 19:08 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AlcaTech
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-18 15:52 94528 --a------ C:\WINDOWS\system32\drivers\mmrtkrnl.sys
2007-07-18 15:52 70144 --a------ C:\WINDOWS\system32\mmrtkrnl.exe
2007-07-18 15:52 177664 --a------ C:\WINDOWS\system32\mmrtkrnl.dll
2007-06-28 21:15 298104 --a------ C:\WINDOWS\system32\imon.dll
2007-06-26 08:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 15:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 12:23 1033216 --a------ C:\WINDOWS\explorer.exe
.

((((((((((((((((((((((((((((( snapshot_2007-09-11_184954.70 )))))))))))))))))))))))))))))))))))))))))
.
-c--a-w 31,864 2006-10-17 11:34:20 C:\WINDOWS\ie7\spuninst\iecustom.dll
-c--a-w 66,048 2006-10-17 11:31:10 C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
-c--a-w 213,216 2006-09-06 15:43:16 C:\WINDOWS\ie7\spuninst\spuninst.exe
-c--a-w 371,424 2006-09-06 15:43:18 C:\WINDOWS\ie7\spuninst\updspapi.dll
----a-r 1,038,336 2007-09-12 15:53:21 C:\WINDOWS\Installer\{E31C348B-63A9-4CBF-8D7F-D932ABB63244}\Icon0E6AB9FC.exe
----a-r 178,688 2007-09-12 15:53:21 C:\WINDOWS\Installer\{E31C348B-63A9-4CBF-8D7F-D932ABB63244}\Icon0E6AB9FC1.exe
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\SoftwareDistribution\Download\16665ed3c40ea6a0c9841eec5f15a718\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\SoftwareDistribution\Download\16665ed3c40ea6a0c9841eec5f15a718\spuninst.exe
----a-w 765,952 2007-07-12 23:31:54 C:\WINDOWS\SoftwareDistribution\Download\16665ed3c40ea6a0c9841eec5f15a718\sp2gdr\vgx.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\SoftwareDistribution\Download\16665ed3c40ea6a0c9841eec5f15a718\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\SoftwareDistribution\Download\16665ed3c40ea6a0c9841eec5f15a718\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\SoftwareDistribution\Download\16665ed3c40ea6a0c9841eec5f15a718\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\SoftwareDistribution\Download\7df990f29ea1581f1010ec45815309f4\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\SoftwareDistribution\Download\7df990f29ea1581f1010ec45815309f4\spuninst.exe
------w 123,904 2006-10-17 11:00:50 C:\WINDOWS\SoftwareDistribution\Download\7df990f29ea1581f1010ec45815309f4\backup\sp2gdr\advpack.dll
------w 131,584 2006-10-17 11:33:40 C:\WINDOWS\SoftwareDistribution\Download\7df990f29ea1581f1010ec45815309f4\backup\sp2gdr\extmgr.dll
------w 54,784 2006-10-17 11:00:56 C:\WINDOWS\SoftwareDistribution\Download\7df990f29ea1581f1010ec45815309f4\backup\sp2gdr\ie4uinit.exe
------w 152,064 2006-10-17 11:01:20 C:\WINDOWS\SoftwareDistribution\Download\7df990f29ea1581f1010ec45815309f4\backup\sp2gdr\ieakeng.dll
------w 229,376 2006-10-17 11:01:34 C:\WINDOWS\SoftwareDistribution\Download\7df990f29ea1581f1010ec45815309f4\backup\sp2gdr\ieaksie.dll
------w 161,792 2006-10-17 10:23:08 C:\WINDOWS\SoftwareDistribution\Download\7df990f29ea1581f1010ec45815309f4\backup\sp2gdr\ieakui.dll
------w 382,976 2006-10-17 11:01:22 C:\WINDOWS\SoftwareDistribution\Download\7df990f29ea1581f1010ec45815309f4\backup\sp2gdr\iedkcs32.dll
------w 43,008 2006-10-17 11:00:58 C:\WINDOWS\SoftwareDistribution\Download\7df990f29ea1581f1010ec45815309f4\backup\sp2gdr\iernonce.dll
------w 622,080 2006-10-17 11:04:40 C:\WINDOWS\SoftwareDistribution\Download\7df990f29ea1581f1010ec45815309f4\backup\sp2gdr\iexplore.exe
------w 27,136 2006-10-17 11:33:40 C:\WINDOWS\SoftwareDistribution\Download\7df990f29ea1581f1010ec45815309f4\backup\sp2gdr\jsproxy.dll
------w 3,577,856 2006-10-17 11:33:42 C:\WINDOWS\SoftwareDistribution\Download\7df990f29ea1581f1010ec45815309f4\backup\sp2gdr\mshtml.dll
------w 475,648 2006-10-17 11:33:40 C:\WINDOWS\SoftwareDistribution\Download\7df990f29ea1581f1010ec45815309f4\backup\sp2gdr\mshtmled.dll
------w 192,000 2006-10-17 11:05:10 C:\WINDOWS\SoftwareDistribution\Download\7df990f29ea1581f1010ec45815309f4\backup\sp2gdr\msrating.dll
------w 670,720 2006-10-17 11:33:40 C:\WINDOWS\SoftwareDistribution\Download\7df990f29ea1581f1010ec45815309f4\backup\sp2gdr\mstime.dll
------w 101,376 2006-10-17 11:04:46 C:\WINDOWS\SoftwareDistribution\Download\7df990f29ea1581f1010ec45815309f4\backup\sp2gdr\occache.dll
------w 105,984 2006-10-17 11:05:22 C:\WINDOWS\SoftwareDistribution\Download\7df990f29ea1581f1010ec45815309f4\backup\sp2gdr\url.dll
------w 1,162,240 2006-10-17 11:33:40 C:\WINDOWS\SoftwareDistribution\Download\7df990f29ea1581f1010ec45815309f4\backup\sp2gdr\urlmon.dll
------w 231,424 2006-10-17 11:33:40 C:\WINDOWS\SoftwareDistribution\Download\7df990f29ea1581f1010ec45815309f4\backup\sp2gdr\webcheck.dll
------w 818,688 2006-10-17 11:33:40 C:\WINDOWS\SoftwareDistribution\Download\7df990f29ea1581f1010ec45815309f4\backup\sp2gdr\wininet.dll
------w 124,928 2007-06-27 14:39:42 C:\WINDOWS\SoftwareDistribution\Download\7df990f29ea1581f1010ec45815309f4\backup\sp2qfe\advpack.dll
------w 132,608 2007-06-27 14:39:42 C:\WINDOWS\SoftwareDistribution\Download\7df990f29ea1581f1010ec45815309f4\backup\sp2qfe\extmgr.dll
------w 63,488 2007-06-27 09:16:27 C:\WINDOWS\SoftwareDistribution\Download\7df990f29ea1581f1010ec45815309f4\backup\sp2qfe\ie4uinit.exe
------w 153,088 2007-06-27 14:39:42 C:\WINDOWS\SoftwareDistribution\Download\7df990f29ea1581f1010ec45815309f4\backup\sp2qfe\ieakeng.dll
------w 230,400 2007-06-27 14:39:43 C:\WINDOWS\SoftwareDistribution\Download\7df990f29ea1581f1010ec45815309f4\backup\sp2qfe\ieaksie.dll
------w 161,792 2007-06-27 07:07:01 C:\WINDOWS\SoftwareDistribution\Download\7df990f29ea1581f1010ec45815309f4\backup\sp2qfe\ieakui.dll
------w 384,512 2007-06-27 14:39:44 C:\WINDOWS\SoftwareDistribution\Download\7df990f29ea1581f1010ec45815309f4\backup\sp2qfe\iedkcs32.dll
------w 6,059,008 2007-06-27 14:39:51 C:\WINDOWS\SoftwareDistribution\Download\7df990f29ea1581f1010ec45815309f4\backup\sp2qfe\ieframe.dll
------w 44,544 2007-06-27 14:39:51 C:\WINDOWS\SoftwareDistribution\Download\7df990f29ea1581f1010ec45815309f4\backup\sp2qfe\iernonce.dll
------w 267,776 2007-06-27 14:39:52 C:\WINDOWS\SoftwareDistribution\Download\7df990f29ea1581f1010ec45815309f4\backup\sp2qfe\iertutil.dll
------w 13,824 2007-06-27 09:16:27 C:\WINDOWS\SoftwareDistribution\Download\7df990f29ea1581f1010ec45815309f4\backup\sp2qfe\ieudinit.exe
------w 625,152 2007-06-27 09:16:52 C:\WINDOWS\SoftwareDistribution\Download\7df990f29ea1581f1010ec45815309f4\backup\sp2qfe\iexplore.exe
------w 27,648 2007-06-27 14:39:54 C:\WINDOWS\SoftwareDistribution\Download\7df990f29ea1581f1010ec45815309f4\backup\sp2qfe\jsproxy.dll
------w 459,264 2007-06-27 14:39:55 C:\WINDOWS\SoftwareDistribution\Download\7df990f29ea1581f1010ec45815309f4\backup\sp2qfe\msfeeds.dll
------w 52,224 2007-06-27 14:39:55 C:\WINDOWS\SoftwareDistribution\Download\7df990f29ea1581f1010ec45815309f4\backup\sp2qfe\msfeedsbs.dll
------w 477,696 2007-06-27 14:40:00 C:\WINDOWS\SoftwareDistribution\Download\7df990f29ea1581f1010ec45815309f4\backup\sp2qfe\mshtmled.dll
------w 193,024 2007-06-27 14:40:01 C:\WINDOWS\SoftwareDistribution\Download\7df990f29ea1581f1010ec45815309f4\backup\sp2qfe\msrating.dll
------w 671,232 2007-06-27 14:40:01 C:\WINDOWS\SoftwareDistribution\Download\7df990f29ea1581f1010ec45815309f4\backup\sp2qfe\mstime.dll
------w 102,400 2007-06-27 14:40:01 C:\WINDOWS\SoftwareDistribution\Download\7df990f29ea1581f1010ec45815309f4\backup\sp2qfe\occache.dll
------w 105,984 2007-06-27 14:40:01 C:\WINDOWS\SoftwareDistribution\Download\7df990f29ea1581f1010ec45815309f4\backup\sp2qfe\url.dll
------w 1,154,048 2007-06-27 14:40:02 C:\WINDOWS\SoftwareDistribution\Download\7df990f29ea1581f1010ec45815309f4\backup\sp2qfe\urlmon.dll
------w 232,960 2007-06-27 14:40:02 C:\WINDOWS\SoftwareDistribution\Download\7df990f29ea1581f1010ec45815309f4\backup\sp2qfe\webcheck.dll
------w 824,320 2007-06-27 14:40:03 C:\WINDOWS\SoftwareDistribution\Download\7df990f29ea1581f1010ec45815309f4\backup\sp2qfe\wininet.dll
------w 2,455,488 2007-04-17 09:28:12 C:\WINDOWS\SoftwareDistribution\Download\7df990f29ea1581f1010ec45815309f4\sp2gdr\ieapfltr.dat
------w 383,488 2007-06-27 14:34:51 C:\WINDOWS\SoftwareDistribution\Download\7df990f29ea1581f1010ec45815309f4\sp2gdr\ieapfltr.dll
------w 6,058,496 2007-06-27 14:34:55 C:\WINDOWS\SoftwareDistribution\Download\7df990f29ea1581f1010ec45815309f4\sp2gdr\ieframe.dll
------w 267,776 2007-06-27 14:34:55 C:\WINDOWS\SoftwareDistribution\Download\7df990f29ea1581f1010ec45815309f4\sp2gdr\iertutil.dll
------w 13,824 2007-06-27 08:27:05 C:\WINDOWS\SoftwareDistribution\Download\7df990f29ea1581f1010ec45815309f4\sp2gdr\ieudinit.exe
------w 459,264 2007-06-27 14:34:56 C:\WINDOWS\SoftwareDistribution\Download\7df990f29ea1581f1010ec45815309f4\sp2gdr\msfeeds.dll
------w 52,224 2007-06-27 14:34:56 C:\WINDOWS\SoftwareDistribution\Download\7df990f29ea1581f1010ec45815309f4\sp2gdr\msfeedsbs.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\SoftwareDistribution\Download\7df990f29ea1581f1010ec45815309f4\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\SoftwareDistribution\Download\7df990f29ea1581f1010ec45815309f4\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\SoftwareDistribution\Download\7df990f29ea1581f1010ec45815309f4\update\updspapi.dll
----a-w 71,680 2006-10-17 11:01:08 C:\WINDOWS\system32\admparse.dll
----a-w 123,904 2006-10-17 11:00:50 C:\WINDOWS\system32\advpack.dll
----a-w 1,022,976 2006-09-23 11:12:50 C:\WINDOWS\system32\browseui.dll
----a-w 17,408 2006-10-17 11:03:56 C:\WINDOWS\system32\corpol.dll
----a-w 346,624 2006-10-17 10:58:06 C:\WINDOWS\system32\dxtmsft.dll
----a-w 214,528 2006-10-17 10:57:50 C:\WINDOWS\system32\dxtrans.dll
----a-w 131,584 2006-10-17 11:33:40 C:\WINDOWS\system32\extmgr.dll
------w 61,952 2006-10-17 10:58:20 C:\WINDOWS\system32\icardie.dll
----a-w 54,784 2006-10-17 11:00:56 C:\WINDOWS\system32\ie4uinit.exe
----a-w 152,064 2006-10-17 11:01:20 C:\WINDOWS\system32\ieakeng.dll
----a-w 229,376 2006-10-17 11:01:34 C:\WINDOWS\system32\ieaksie.dll
----a-w 161,792 2006-10-17 10:23:08 C:\WINDOWS\system32\ieakui.dll
------w 2,451,824 2006-09-05 22:01:26 C:\WINDOWS\system32\ieapfltr.dat
------w 380,928 2006-10-17 10:27:56 C:\WINDOWS\system32\ieapfltr.dll
----a-w 382,976 2006-10-17 11:01:22 C:\WINDOWS\system32\iedkcs32.dll
----a-w 78,336 2006-10-17 11:06:00 C:\WINDOWS\system32\ieencode.dll
------w 6,049,280 2006-10-17 11:33:42 C:\WINDOWS\system32\ieframe.dll
----a-w 191,488 2006-10-17 11:33:40 C:\WINDOWS\system32\iepeers.dll
----a-w 43,008 2006-10-17 11:00:58 C:\WINDOWS\system32\iernonce.dll
------w 266,752 2006-10-17 10:57:20 C:\WINDOWS\system32\iertutil.dll
----a-w 55,296 2006-10-17 11:01:06 C:\WINDOWS\system32\iesetup.dll
----a-w 13,312 2006-10-17 11:01:00 C:\WINDOWS\system32\ieudinit.exe
------w 180,736 2006-10-17 11:33:40 C:\WINDOWS\system32\ieui.dll
----a-w 36,352 2006-10-17 10:57:58 C:\WINDOWS\system32\imgutil.dll
----a-w 92,672 2006-10-17 11:00:54 C:\WINDOWS\system32\inseng.dll
----a-w 491,520 2006-10-17 11:00:00 C:\WINDOWS\system32\jscript.dll
----a-w 27,136 2006-10-17 11:33:40 C:\WINDOWS\system32\jsproxy.dll
----a-w 40,960 2006-10-17 11:05:10 C:\WINDOWS\system32\licmgr10.dll
----a-w 7,680 2007-04-13 13:19:52 C:\WINDOWS\system32\lsdelete.exe
------w 458,752 2006-10-17 11:33:40 C:\WINDOWS\system32\msfeeds.dll
------w 50,688 2006-10-17 11:33:40 C:\WINDOWS\system32\msfeedsbs.dll
------w 12,288 2006-10-17 10:58:32 C:\WINDOWS\system32\msfeedssync.exe
----a-w 45,568 2006-10-17 10:56:10 C:\WINDOWS\system32\mshta.exe
----a-w 3,577,856 2006-10-17 11:33:42 C:\WINDOWS\system32\mshtml.dll
----a-w 475,648 2006-10-17 11:33:40 C:\WINDOWS\system32\mshtmled.dll
----a-w 48,128 2006-10-17 10:28:56 C:\WINDOWS\system32\mshtmler.dll
----a-w 156,160 2006-10-17 11:33:40 C:\WINDOWS\system32\msls31.dll
----a-w 192,000 2006-10-17 11:05:10 C:\WINDOWS\system32\msrating.dll
----a-w 670,720 2006-10-17 11:33:40 C:\WINDOWS\system32\mstime.dll
----a-w 101,376 2006-10-17 11:04:46 C:\WINDOWS\system32\occache.dll
----a-w 44,544 2006-10-17 10:58:08 C:\WINDOWS\system32\pngfilt.dll
----a-w 1,497,088 2006-09-23 11:12:50 C:\WINDOWS\system32\shdocvw.dll
----a-w 474,112 2006-09-23 11:12:50 C:\WINDOWS\system32\shlwapi.dll
----a-w 22,752 2006-09-06 15:43:16 C:\WINDOWS\system32\spupdsvc.exe
----a-w 105,984 2006-10-17 11:05:22 C:\WINDOWS\system32\url.dll
----a-w 1,162,240 2006-10-17 11:33:40 C:\WINDOWS\system32\urlmon.dll
----a-w 413,696 2006-10-17 11:33:40 C:\WINDOWS\system32\vbscript.dll
----a-w 231,424 2006-10-17 11:33:40 C:\WINDOWS\system32\webcheck.dll
------w 206,336 2006-10-17 11:05:58 C:\WINDOWS\system32\WinFXDocObj.exe
----a-w 818,688 2006-10-17 11:33:40 C:\WINDOWS\system32\wininet.dll
-c--a-w 71,680 2006-10-17 11:01:08 C:\WINDOWS\system32\dllcache\admparse.dll
-c--a-w 123,904 2006-10-17 11:00:50 C:\WINDOWS\system32\dllcache\advpack.dll
-c--a-w 1,022,976 2006-09-23 11:12:50 C:\WINDOWS\system32\dllcache\browseui.dll
-c--a-w 17,408 2006-10-17 11:03:56 C:\WINDOWS\system32\dllcache\corpol.dll
-c--a-w 33,792 2006-10-17 11:33:40 C:\WINDOWS\system32\dllcache\custsat.dll
-c--a-w 346,624 2006-10-17 10:58:06 C:\WINDOWS\system32\dllcache\dxtmsft.dll
-c--a-w 214,528 2006-10-17 10:57:50 C:\WINDOWS\system32\dllcache\dxtrans.dll
-c--a-w 131,584 2006-10-17 11:33:40 C:\WINDOWS\system32\dllcache\extmgr.dll
-c--a-w 60,416 2006-10-17 10:44:36 C:\WINDOWS\system32\dllcache\hmmapi.dll
-c--a-w 54,784 2006-10-17 11:00:56 C:\WINDOWS\system32\dllcache\ie4uinit.exe
-c--a-w 152,064 2006-10-17 11:01:20 C:\WINDOWS\system32\dllcache\ieakeng.dll
-c--a-w 229,376 2006-10-17 11:01:34 C:\WINDOWS\system32\dllcache\ieaksie.dll
-c--a-w 161,792 2006-10-17 10:23:08 C:\WINDOWS\system32\dllcache\ieakui.dll
-c--a-w 382,976 2006-10-17 11:01:22 C:\WINDOWS\system32\dllcache\iedkcs32.dll
-c--a-w 69,120 2006-10-17 11:04:50 C:\WINDOWS\system32\dllcache\iedw.exe
-c--a-w 78,336 2006-10-17 11:06:00 C:\WINDOWS\system32\dllcache\ieencode.dll
-c--a-w 191,488 2006-10-17 11:33:40 C:\WINDOWS\system32\dllcache\iepeers.dll
-c--a-w 43,008 2006-10-17 11:00:58 C:\WINDOWS\system32\dllcache\iernonce.dll
-c--a-w 55,296 2006-10-17 11:01:06 C:\WINDOWS\system32\dllcache\iesetup.dll
-c--a-w 622,080 2006-10-17 11:04:40 C:\WINDOWS\system32\dllcache\iexplore.exe
-c--a-w 36,352 2006-10-17 10:57:58 C:\WINDOWS\system32\dllcache\imgutil.dll
-c--a-w 92,672 2006-10-17 11:00:54 C:\WINDOWS\system32\dllcache\inseng.dll
-c--a-w 491,520 2006-10-17 11:00:00 C:\WINDOWS\system32\dllcache\jscript.dll
-c--a-w 27,136 2006-10-17 11:33:40 C:\WINDOWS\system32\dllcache\jsproxy.dll
-c--a-w 40,960 2006-10-17 11:05:10 C:\WINDOWS\system32\dllcache\licmgr10.dll
-c--a-w 45,568 2006-10-17 10:56:10 C:\WINDOWS\system32\dllcache\mshta.exe
-c--a-w 3,577,856 2006-10-17 11:33:42 C:\WINDOWS\system32\dllcache\mshtml.dll
-c--a-w 475,648 2006-10-17 11:33:40 C:\WINDOWS\system32\dllcache\mshtmled.dll
-c--a-w 48,128 2006-10-17 10:28:56 C:\WINDOWS\system32\dllcache\mshtmler.dll
-c--a-w 156,160 2006-10-17 11:33:40 C:\WINDOWS\system32\dllcache\msls31.dll
-c--a-w 192,000 2006-10-17 11:05:10 C:\WINDOWS\system32\dllcache\msrating.dll
-c--a-w 670,720 2006-10-17 11:33:40 C:\WINDOWS\system32\dllcache\mstime.dll
-c--a-w 101,376 2006-10-17 11:04:46 C:\WINDOWS\system32\dllcache\occache.dll
-c--a-w 44,544 2006-10-17 10:58:08 C:\WINDOWS\system32\dllcache\pngfilt.dll
-c--a-w 1,497,088 2006-09-23 11:12:50 C:\WINDOWS\system32\dllcache\shdocvw.dll
-c--a-w 474,112 2006-09-23 11:12:50 C:\WINDOWS\system32\dllcache\shlwapi.dll
-c--a-w 105,984 2006-10-17 11:05:22 C:\WINDOWS\system32\dllcache\url.dll
-c--a-w 1,162,240 2006-10-17 11:33:40 C:\WINDOWS\system32\dllcache\urlmon.dll
-c--a-w 413,696 2006-10-17 11:33:40 C:\WINDOWS\system32\dllcache\vbscript.dll
-c--a-w 231,424 2006-10-17 11:33:40 C:\WINDOWS\system32\dllcache\webcheck.dll
-c--a-w 818,688 2006-10-17 11:33:40 C:\WINDOWS\system32\dllcache\wininet.dll
----a-w 6,272 2007-06-04 13:14:56 C:\WINDOWS\system32\drivers\AWRTPD.sys
----a-w 8,320 2007-06-04 13:17:02 C:\WINDOWS\system32\drivers\AWRTRD.sys
----a-w 9,344 2007-06-04 13:18:48 C:\WINDOWS\system32\drivers\NSDriver.sys
----a-w 2,115,816 2007-06-11 11:34:00 C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
----a-w 190,696 2007-06-11 11:34:00 C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
.
-c--a-w 31,864 2006-10-17 12:34:20 C:\WINDOWS\ie7\spuninst\iecustom.dll
-c--a-w 66,048 2006-10-17 12:31:10 C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
-c--a-w 213,216 2006-09-06 16:43:16 C:\WINDOWS\ie7\spuninst\spuninst.exe
-c--a-w 371,424 2006-09-06 16:43:18 C:\WINDOWS\ie7\spuninst\updspapi.dll
----a-w 71,680 2006-10-17 12:01:08 C:\WINDOWS\system32\admparse.dll
----a-w 124,928 2007-06-27 14:34:51 C:\WINDOWS\system32\advpack.dll
----a-w 1,022,976 2006-09-23 12:12:50 C:\WINDOWS\system32\browseui.dll
----a-w 17,408 2007-01-08 18:01:14 C:\WINDOWS\system32\corpol.dll
----a-w 346,624 2006-10-17 11:58:06 C:\WINDOWS\system32\dxtmsft.dll
----a-w 214,528 2006-10-17 11:57:50 C:\WINDOWS\system32\dxtrans.dll
----a-w 132,608 2007-06-27 14:34:51 C:\WINDOWS\system32\extmgr.dll
------w 61,952 2006-10-17 11:58:20 C:\WINDOWS\system32\icardie.dll
----a-w 63,488 2007-06-27 08:27:04 C:\WINDOWS\system32\ie4uinit.exe
----a-w 153,088 2007-06-27 14:34:51 C:\WINDOWS\system32\ieakeng.dll
----a-w 230,400 2007-06-27 14:34:51 C:\WINDOWS\system32\ieaksie.dll
----a-w 161,792 2007-06-27 07:00:33 C:\WINDOWS\system32\ieakui.dll
----a-w 2,455,488 2007-04-17 09:28:12 C:\WINDOWS\system32\ieapfltr.dat
----a-w 383,488 2007-06-27 14:34:51 C:\WINDOWS\system32\ieapfltr.dll
----a-w 384,512 2007-06-27 14:34:51 C:\WINDOWS\system32\iedkcs32.dll
----a-w 78,336 2006-10-17 12:06:00 C:\WINDOWS\system32\ieencode.dll
----a-w 6,058,496 2007-06-27 14:34:55 C:\WINDOWS\system32\ieframe.dll
----a-w 191,488 2006-10-17 12:33:40 C:\WINDOWS\system32\iepeers.dll
----a-w 44,544 2007-06-27 14:34:55 C:\WINDOWS\system32\iernonce.dll
----a-w 267,776 2007-06-27 14:34:55 C:\WINDOWS\system32\iertutil.dll
----a-w 55,296 2006-10-17 12:01:06 C:\WINDOWS\system32\iesetup.dll
----a-w 13,824 2007-06-27 08:27:05 C:\WINDOWS\system32\ieudinit.exe
------w 180,736 2006-10-17 12:33:40 C:\WINDOWS\system32\ieui.dll
----a-w 36,352 2006-10-17 11:57:58 C:\WINDOWS\system32\imgutil.dll
----a-w 92,672 2006-10-17 12:00:54 C:\WINDOWS\system32\inseng.dll
----a-w 491,520 2006-10-17 12:00:00 C:\WINDOWS\system32\jscript.dll
----a-w 27,648 2007-06-27 14:34:56 C:\WINDOWS\system32\jsproxy.dll
----a-w 40,960 2006-10-17 12:05:10 C:\WINDOWS\system32\licmgr10.dll
----a-w 459,264 2007-06-27 14:34:56 C:\WINDOWS\system32\msfeeds.dll
----a-w 52,224 2007-06-27 14:34:56 C:\WINDOWS\system32\msfeedsbs.dll
------w 12,288 2006-10-17 11:58:32 C:\WINDOWS\system32\msfeedssync.exe
----a-w 45,568 2006-10-17 11:56:10 C:\WINDOWS\system32\mshta.exe
----a-w 3,583,488 2007-07-19 06:59:59 C:\WINDOWS\system32\mshtml.dll
----a-w 477,696 2007-06-27 14:34:57 C:\WINDOWS\system32\mshtmled.dll
----a-w 48,128 2006-10-17 11:28:56 C:\WINDOWS\system32\mshtmler.dll
----a-w 156,160 2006-10-17 12:33:40 C:\WINDOWS\system32\msls31.dll
----a-w 193,024 2007-06-27 14:34:58 C:\WINDOWS\system32\msrating.dll
----a-w 671,232 2007-06-27 14:34:58 C:\WINDOWS\system32\mstime.dll
----a-w 102,400 2007-06-27 14:34:58 C:\WINDOWS\system32\occache.dll
----a-w 44,544 2006-10-17 11:58:08 C:\WINDOWS\system32\pngfilt.dll
----a-w 1,497,088 2006-09-23 12:12:50 C:\WINDOWS\system32\shdocvw.dll
----a-w 474,112 2006-09-23 12:12:50 C:\WINDOWS\system32\shlwapi.dll
----a-w 22,752 2005-06-28 08:21:34 C:\WINDOWS\system32\spupdsvc.exe
----a-w 105,984 2007-06-27 14:34:58 C:\WINDOWS\system32\url.dll
----a-w 1,152,000 2007-06-27 14:34:58 C:\WINDOWS\system32\urlmon.dll
----a-w 413,696 2006-10-17 12:33:40 C:\WINDOWS\system32\vbscript.dll
----a-w 232,960 2007-06-27 14:34:59 C:\WINDOWS\system32\webcheck.dll
------w 206,336 2006-10-17 12:05:58 C:\WINDOWS\system32\WinFXDocObj.exe
----a-w 823,808 2007-06-27 14:34:59 C:\WINDOWS\system32\wininet.dll
-c--a-w 71,680 2006-10-17 12:01:08 C:\WINDOWS\system32\dllcache\admparse.dll
-c--a-w 124,928 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\advpack.dll
-c--a-w 1,022,976 2006-09-23 12:12:50 C:\WINDOWS\system32\dllcache\browseui.dll
-c--a-w 17,408 2007-01-08 18:01:14 C:\WINDOWS\system32\dllcache\corpol.dll
-c--a-w 33,792 2006-10-17 12:33:40 C:\WINDOWS\system32\dllcache\custsat.dll
-c--a-w 346,624 2006-10-17 11:58:06 C:\WINDOWS\system32\dllcache\dxtmsft.dll
-c--a-w 214,528 2006-10-17 11:57:50 C:\WINDOWS\system32\dllcache\dxtrans.dll
-c--a-w 132,608 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\extmgr.dll
-c--a-w 60,416 2006-10-17 11:44:36 C:\WINDOWS\system32\dllcache\hmmapi.dll
-c--a-w 63,488 2007-06-27 08:27:04 C:\WINDOWS\system32\dllcache\ie4uinit.exe
-c--a-w 153,088 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\ieakeng.dll
-c--a-w 230,400 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\ieaksie.dll
-c--a-w 161,792 2007-06-27 07:00:33 C:\WINDOWS\system32\dllcache\ieakui.dll
-c--a-w 384,512 2007-06-27 14:34:51 C:\WINDOWS\system32\dllcache\iedkcs32.dll
-c--a-w 69,120 2006-10-17 12:04:50 C:\WINDOWS\system32\dllcache\iedw.exe
-c--a-w 78,336 2006-10-17 12:06:00 C:\WINDOWS\system32\dllcache\ieencode.dll
-c--a-w 191,488 2006-10-17 12:33:40 C:\WINDOWS\system32\dllcache\iepeers.dll
-c--a-w 44,544 2007-06-27 14:34:55 C:\WINDOWS\system32\dllcache\iernonce.dll
-c--a-w 55,296 2006-10-17 12:01:06 C:\WINDOWS\system32\dllcache\iesetup.dll
-c--a-w 625,152 2007-06-27 08:27:30 C:\WINDOWS\system32\dllcache\iexplore.exe
-c--a-w 36,352 2006-10-17 11:57:58 C:\WINDOWS\system32\dllcache\imgutil.dll
-c--a-w 92,672 2006-10-17 12:00:54 C:\WINDOWS\system32\dllcache\inseng.dll
-c--a-w 491,520 2006-10-17 12:00:00 C:\WINDOWS\system32\dllcache\jscript.dll
-c--a-w 27,648 2007-06-27 14:34:56 C:\WINDOWS\system32\dllcache\jsproxy.dll
-c--a-w 40,960 2006-10-17 12:05:10 C:\WINDOWS\system32\dllcache\licmgr10.dll
-c--a-w 45,568 2006-10-17 11:56:10 C:\WINDOWS\system32\dllcache\mshta.exe
-c--a-w 3,583,488 2007-07-19 06:59:59 C:\WINDOWS\system32\dllcache\mshtml.dll
-c--a-w 477,696 2007-06-27 14:34:57 C:\WINDOWS\system32\dllcache\mshtmled.dll
-c--a-w 48,128 2006-10-17 11:28:56 C:\WINDOWS\system32\dllcache\mshtmler.dll
-c--a-w 156,160 2006-10-17 12:33:40 C:\WINDOWS\system32\dllcache\msls31.dll
-c--a-w 193,024 2007-06-27 14:34:58 C:\WINDOWS\system32\dllcache\msrating.dll
-c--a-w 671,232 2007-06-27 14:34:58 C:\WINDOWS\system32\dllcache\mstime.dll
-c--a-w 102,400 2007-06-27 14:34:58 C:\WINDOWS\system32\dllcache\occache.dll
-c--a-w 44,544 2006-10-17 11:58:08 C:\WINDOWS\system32\dllcache\pngfilt.dll
-c--a-w 1,497,088 2006-09-23 12:12:50 C:\WINDOWS\system32\dllcache\shdocvw.dll
-c--a-w 474,112 2006-09-23 12:12:50 C:\WINDOWS\system32\dllcache\shlwapi.dll
-c--a-w 105,984 2007-06-27 14:34:58 C:\WINDOWS\system32\dllcache\url.dll
-c--a-w 1,152,000 2007-06-27 14:34:58 C:\WINDOWS\system32\dllcache\urlmon.dll
-c--a-w 413,696 2006-10-17 12:33:40 C:\WINDOWS\system32\dllcache\vbscript.dll
-c--a-w 232,960 2007-06-27 14:34:59 C:\WINDOWS\system32\dllcache\webcheck.dll
-c--a-w 823,808 2007-06-27 14:34:59 C:\WINDOWS\system32\dllcache\wininet.dll
----a-w 2,111,096 2006-11-09 14:20:40 C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2002-10-11 19:26]
"CARPService"="carpserv.exe" [2001-12-23 13:02 C:\WINDOWS\system32\carpserv.exe]
"OnLineBrojac"="C:\Program Files\OnLine Brojac v.7.0\onlinebrojac.exe" [2004-11-01 13:13]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe" [2006-05-03 03:56]
"RemoteControl"="C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe" [2003-10-31 20:42]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 18:38]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-06-28 21:15]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-04 03:07]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-09-07 18:13]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:07]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-11-06 11:09]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
ScanPanel.lnk - C:\ScanPanel\ScnPanel.exe [2007-02-22 18:15:36]

C:\DOCUME~1\Goranov\STARTM~1\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]

R2 StreamDispatcher;StreamDispatcher;C:\WINDOWS\system32\DRIVERS\strmdisp.sys
R3 HCW848NT;Hauppauge Win/TV;C:\WINDOWS\system32\DRIVERS\hcw848nt.sys
R3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;"C:\Program Files\MSN Messenger\usnsvc.exe"
S3 UnlockerDriver4;UnlockerDriver4 Driver;\??\C:\Program Files\Unlocker\UnlockerDriver4.sys

*Newly Created Service* - AAWSERVICE
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-12 18:26:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-12 18:28:22
C:\ComboFix-quarantined-files.txt ... 2007-09-12 18:28
.
--- E O F ---

Edited by skorpion_1978, 12 September 2007 - 12:47 PM.

#6 jwbirdsong

jwbirdsong

    Authentic Member

  • Authentic Member
  • PipPip
  • 31 posts

Posted 14 September 2007 - 03:26 PM

Good job your log is clean.

You can delete the combofix, c:\Qoobox folder/files now..

I suggest you keep the ATF cleaner and make it part of your weekly maintenance routine

First, let's clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.

You also NEED to update your Java...follow guidelines HERE

To reduce the potential for spyware infection in the future, I strongly recommend installing SpywareBlaster and SpyWareGuard and IE/Spyad.

SpywareBlaster and SpywareGuard are by JavaCool and both are free programs. SpywareBlaster will prevent spyware from being installed and consumes no system resources. SpywareGuard offers realtime protection from spyware installation attempts.

IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It is free.

More info and download is available at links in the following article by TonyKlein

Make SURE to read How Did I Get Infected in the First Place??

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·