Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Security Toolbar 7.1 ?


  • This topic is locked This topic is locked
27 replies to this topic

#1 troubledone

troubledone

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 18 November 2007 - 07:29 AM

Hello, I believe I have the Security Toolbar 7.1 infecting my PC. I have tried numerous programs for it's removal and none have been successful. Any help would be greatly aprreciated!

    Advertisements

Register to Remove


#2 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 18 November 2007 - 09:14 AM

Hi! Welcome to the WTT forums.
My name is Scotty. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research.
Please be patient.


Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Double click on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
  • Click Save to save the log file and then the log will open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.




Please make a uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in a reply.
You too could train to help others- Join the Classroom

Posted Image


Posted Image

Posted Image

#3 troubledone

troubledone

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 18 November 2007 - 09:25 AM

Thank you Scotty

Here is the HJT log


Logfile of HijackThis v1.99.1
Scan saved at 9:25:30 AM, on 11/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Fonts\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Steve\Application Data\WinTouch\WinTouch.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Steve\Application Data\?dobe\?hkntfs.exe
C:\WINDOWS\ASEMBL~1\javaw.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\dvmawskw.dll
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [5C5C626467606469] 04040A0C0F080C.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKLM\..\Run: [84b66be0] rundll32.exe "C:\WINDOWS\system32\mgwssaxa.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Steve\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\Steve\Application Data\Microsoft\Windows\rayiou.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [Ltho] "C:\WINDOWS\ASEMBL~1\javaw.exe" -vt ndrv
O4 - HKCU\..\Run: [Gjcvogc] "C:\Documents and Settings\Steve\Application Data\?dobe\?hkntfs.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Filter: text/html - (no CLSID) - (no file)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

#4 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 18 November 2007 - 09:44 AM

Hi

Rename HijackThis
There is a possibility an infection which is hiding part of the HijackThis log because it's called hijackthis.exe.
Using Windows Explore by right-clicking the Start button and left clicking Explore navigate to: C:\Program Files\HijackThis\HijackThis.exe

Right-click on HijackThis.exe & select Rename to hello.exe and post back a new Hijackthis log.


Remember to include the Uninstall list I asked for in my first reply. :thumbup:
You too could train to help others- Join the Classroom

Posted Image


Posted Image

Posted Image

#5 troubledone

troubledone

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 18 November 2007 - 11:08 AM

hope this is correct

Uninstall list:


Ad-Aware SE Personal
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player ActiveX
Adobe Photoshop CS
Adobe Reader 7.0.5
AIM 6.0
AOL Instant Messenger
AOL Toolbar 2.0
ArcSoft PhotoImpression 5
AVG Anti-Spyware 7.5
Bodog Poker Version 2.8.2.8
Greetings Workshop
Hijackthis 1.99.1
HijackThis 1.99.1
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Format SDK (KB910998)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
iPod for Windows 2006-03-23
iTunes
J2SE Runtime Environment 5.0 Update 5
Java™ SE Runtime Environment 6 Update 1
Microsoft Encarta Encyclopedia Standard 2002
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2002
Microsoft Money 2002 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional
Microsoft Picture It! Photo 2002
Microsoft Word 2002
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
PokerStars
QuickTime
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB943460)
Shockwave
SimCity 3000
Sonic 3D
Sonic 3D Blast Documentation
Spybot - Search & Destroy 1.4
SUPERAntiSpyware Free Edition
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinPoker 6 Shareware
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Music Engine
Yahoo! Toolbar


New HJT list:

Logfile of HijackThis v1.99.1
Scan saved at 12:07:04 PM, on 11/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system324040A0C0F080C.exe
C:\WINDOWS\mrofinu1188.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Steve\Application Data\WinTouch\WinTouch.exe
C:\Documents and Settings\Steve\Application Data\Microsoft\Windows\rayiou.exe
C:\Program Files\Insider\Insider.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\help.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1B9DF033-3B12-4343-BE3E-E1249CB77561} - C:\WINDOWS\system32\vtstu.dll
O2 - BHO: {89ce0564-707b-cf9b-7474-87f4db49e9a2} - {2a9e94bd-4f78-4747-b9fc-b7074650ec98} - C:\WINDOWS\system32\mntvofue.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\dvmawskw.dll
O2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - C:\WINDOWS\system32\nnnonnk.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\dvmawskw.dll
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [5C5C626467606469] 04040A0C0F080C.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKLM\..\Run: [84b66be0] rundll32.exe "C:\WINDOWS\system32\mgwssaxa.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Steve\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\Steve\Application Data\Microsoft\Windows\rayiou.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: dvmawskw - C:\WINDOWS\SYSTEM32\dvmawskw.dll
O20 - Winlogon Notify: nnnonnk - C:\WINDOWS\SYSTEM32\nnnonnk.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe



Thanks for your patience!

#6 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 18 November 2007 - 01:26 PM

Hi


Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.


Download and Save ComboFix
  • Download this file from below:

    Here
  • Save it to your Desktop.
  • Disconnect from the Internet, than disable your anti-virus and any real-time anti-spyware monitors that are running.
  • Then double click combofix.exe & follow the prompts.
  • When finished, it shall produce a log for you. Post that log in your next reply with a new HijackThis log.
Note 1: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Note 2:Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.
You too could train to help others- Join the Classroom

Posted Image


Posted Image

Posted Image

#7 troubledone

troubledone

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 18 November 2007 - 02:24 PM

Scotty,

here is the Vundofix and the new HFT logs. I will run combofix next:


VundoFix V6.6.2

Checking Java version...

Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.

Scan started at 2:31:04 PM 11/18/2007

Listing files found while scanning....

C:\windows\system32\dvmawskw.dll
C:\windows\system32\dvmawskw.dllbox
C:\windows\system32\lppagrqk.dll
C:\windows\system32\utstv.ini
C:\windows\system32\utstv.ini2
C:\windows\system32\vtstu.dll

Beginning removal...

Beginning removal...

Attempting to delete C:\windows\system32\dvmawskw.dll
C:\windows\system32\dvmawskw.dll Has been deleted!

Attempting to delete C:\windows\system32\dvmawskw.dllbox
C:\windows\system32\dvmawskw.dllbox Has been deleted!

Attempting to delete C:\windows\system32\lppagrqk.dll
C:\windows\system32\lppagrqk.dll Has been deleted!

Attempting to delete C:\windows\system32\utstv.ini
C:\windows\system32\utstv.ini Has been deleted!

Attempting to delete C:\windows\system32\utstv.ini2
C:\windows\system32\utstv.ini2 Has been deleted!

Attempting to delete C:\windows\system32\vtstu.dll
C:\windows\system32\vtstu.dll Has been deleted!

Performing Repairs to the registry.
Done!

Logfile of HijackThis v1.99.1
Scan saved at 3:17:54 PM, on 11/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system324040A0C0F080C.exe
C:\WINDOWS\mrofinu1188.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Steve\Application Data\WinTouch\WinTouch.exe
C:\Documents and Settings\Steve\Application Data\Microsoft\Windows\rayiou.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Insider\Insider.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\help.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {048E9DDA-B90C-4C0B-B6CE-E2BACFC0CDC7} - C:\WINDOWS\system32\vtstu.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0A26F70D-51C1-4D2F-A25D-B37C38DB5E0A} - C:\WINDOWS\system32\pmkjk.dll
O2 - BHO: {89ce0564-707b-cf9b-7474-87f4db49e9a2} - {2a9e94bd-4f78-4747-b9fc-b7074650ec98} - C:\WINDOWS\system32\mntvofue.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - C:\WINDOWS\system32\nnnonnk.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [5C5C626467606469] 04040A0C0F080C.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKLM\..\Run: [84b66be0] rundll32.exe "C:\WINDOWS\system32\mgwssaxa.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Steve\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\Steve\Application Data\Microsoft\Windows\rayiou.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: nnnonnk - C:\WINDOWS\SYSTEM32\nnnonnk.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

#8 troubledone

troubledone

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 18 November 2007 - 03:12 PM

Scotty,

The Combofix log:

ComboFix 07-11-08.1 - Steve 2007-11-18 15:30:39.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.50 [GMT -5:00]Running from: C:\Documents and Settings\Steve\Desktop\ComboFix.exe
* Created a new restore point
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Steve\Application Data\DOBE~1
C:\Documents and Settings\Steve\Application Data\macromedia\Flash Player\#SharedObjects\KRDJKKX8\www.broadcaster.com
C:\Documents and Settings\Steve\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Steve\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\Steve\Application Data\WinTouch\wintouch.cfg
C:\Documents and Settings\Steve\Application Data\WinTouch\WinTouch.exe
C:\Documents and Settings\Steve\Application Data\WinTouch\WTUninstaller.exe
C:\Documents and Settings\Steve\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Steve\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Steve\Favorites\Online Security Guide.lnk
C:\Program Files\icroso~1.net
C:\Program Files\Insider
C:\Program Files\Insider\Insider.exe
C:\Program Files\Insider\UnInstall.exe
C:\Program Files\outlook
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fse
C:\WINDOWS\b103.exe
C:\WINDOWS\b111.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\b138.exe
C:\WINDOWS\b147.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\system32\f1
C:\WINDOWS\system32\fccdbaa.dll
C:\WINDOWS\system32\h2
C:\WINDOWS\system32\h2\jumper83122.exe
C:\WINDOWS\system32\kjkmp.ini
C:\WINDOWS\system32\kjkmp.ini2
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pmkjk.dll
C:\WINDOWS\system32\q8
C:\WINDOWS\system32\r2
C:\WINDOWS\system32\r2\revdrive33b.exe
C:\WINDOWS\system32\svvwa.ini
C:\WINDOWS\system32\svvwa.ini2
C:\WINDOWS\system32\wapiit32.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE


((((((((((((((((((((((((( Files Created from 2007-10-18 to 2007-11-18 )))))))))))))))))))))))))))))))
.

2007-11-18 15:27 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-18 14:31 <DIR> d-------- C:\VundoFix Backups
2007-11-18 07:49 36,352 --a------ C:\WINDOWS\system32\hggdcyx.dll
2007-11-17 21:30 <DIR> d-------- C:\Documents and Settings\Steve\Application Data\Grisoft
2007-11-17 21:29 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-17 20:42 82,496 --a------ C:\WINDOWS\system32\mntvofue.dll
2007-11-17 20:39 85,056 --a------ C:\WINDOWS\system32\mgwssaxa.dll
2007-11-17 20:38 71,232 --a------ C:\WINDOWS\system32\eojuqsjc.exe
2007-11-17 01:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-17 01:04 36,352 --a------ C:\WINDOWS\system32\tuvttqp.dll
2007-11-16 17:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-16 17:25 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-16 17:25 <DIR> d-------- C:\Documents and Settings\Steve\Application Data\SUPERAntiSpyware.com
2007-11-16 17:24 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-16 16:27 396 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-16 16:25 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-16 16:25 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-16 16:25 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-16 16:25 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-16 16:25 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-16 12:09 <DIR> d-------- C:\WINDOWS\mkok
2007-11-16 12:09 <DIR> d-------- C:\Program Files\Common Files\mkok
2007-11-16 11:30 36,352 --a------ C:\WINDOWS\system32\hggghgh.dll
2007-11-15 23:24 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-15 23:19 <DIR> d-------- C:\Documents and Settings\Steve\Application Data\Lavasoft
2007-11-15 21:25 85,056 --a------ C:\WINDOWS\system32\fbenvpnt.dll
2007-11-15 21:22 71,232 --a------ C:\WINDOWS\system32\fbqkkynr.exe
2007-11-15 15:19 36,352 --a------ C:\WINDOWS\system32\xxyxvsp.dll
2007-11-15 13:57 <DIR> d-------- C:\Program Files\GameHouse
2007-11-15 10:09 79,936 --a------ C:\WINDOWS\system32\xnnksbof.dll
2007-11-14 21:51 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-14 21:48 36,352 --a------ C:\WINDOWS\system32\hgdbxwx.dll
2007-11-14 21:48 36,352 --a------ C:\WINDOWS\system32\cbayvus.dll
2007-11-14 21:29 <DIR> d-------- C:\WINDOWS\system32\909096989B9498
2007-11-14 21:29 120 --a------ C:\n.bat
2007-11-14 21:29 0 --a------ C:\Documents and Settings\Steve\x.dat
2007-11-14 21:28 124,416 --a------ C:\WINDOWS\system32\04040A0C0F080C.exe
2007-11-14 21:28 35,840 --a------ C:\WINDOWS\mrofinu1000106.exe
2007-11-14 21:28 519 --a------ C:\Documents and Settings\Steve\z.dat
2007-11-14 21:28 0 --a------ C:\z.dat
2007-11-14 21:28 0 --a------ C:\x.dat
2007-11-14 21:27 <DIR> d-------- C:\WINDOWS\system32\rMa18yy
2007-11-14 21:27 <DIR> d-------- C:\Temp\abW9
2007-11-14 21:27 36,352 --a------ C:\WINDOWS\system32\nnnonnk.dll
2007-11-07 14:54 <DIR> d-------- C:\Document
2007-11-06 15:07 6,058,496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-11-06 15:07 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-11-06 15:07 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-11-06 15:07 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-11-06 15:07 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-11-06 15:07 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-11-06 15:07 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-11-06 15:07 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-16 22:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-16 03:16 --------- d-----w C:\Program Files\Google
2007-11-15 02:51 278,546 ----a-w C:\WINDOWS\Fonts\Setup.exe
2007-11-15 02:28 --------- d-----w C:\Program Files\Microsoft Encarta
2007-11-15 02:26 278,545 --sh--w C:\WINDOWS\Fonts\svchost.exe
2007-11-07 20:44 62,016 -c--a-w C:\Documents and Settings\Steve\Application Data\GDIPFONTCACHEV1.DAT
2007-11-07 01:18 --------- d-----w C:\Program Files\PokerStars
2007-10-13 12:32 --------- d-----w C:\Program Files\Adssite Advanced Toolbar
2007-10-12 03:29 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2007-10-12 03:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Macrovision
2007-10-12 03:28 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-12 03:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-12 02:53 --------- d-----w C:\Documents and Settings\Steve\Application Data\Adssite Advanced Toolbar
2007-09-27 21:41 --------- d-----w C:\Documents and Settings\Steve\Application Data\AdobeUM
2007-05-13 12:16 374 -c--a-w C:\Documents and Settings\Steve\Application Data\internaldb6334.dat
2007-05-13 11:42 18,432 -c--a-w C:\Documents and Settings\Steve\Application Data\internaldb41.dat
2007-05-13 11:41 538 -c--a-w C:\Documents and Settings\Steve\Application Data\internaldb8467.dat
2006-04-14 23:06:18 1,056 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{048E9DDA-B90C-4C0B-B6CE-E2BACFC0CDC7}]
C:\WINDOWS\system32\vtstu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2a9e94bd-4f78-4747-b9fc-b7074650ec98}]
2007-11-17 20:42 82496 --a------ C:\WINDOWS\system32\mntvofue.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}]
2007-11-14 21:27 36352 --a------ C:\WINDOWS\system32\nnnonnk.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Host Process"="C:\WINDOWS\Fonts\svchost.exe" [2007-11-14 21:26]
"5C5C626467606469"="04040A0C0F080C.exe" [2007-11-02 17:39 C:\WINDOWS\system32\04040A0C0F080C.exe]
"84b66be0"="C:\WINDOWS\system32\mgwssaxa.dll" [2007-11-17 20:39]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-08-09 15:41]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-08-18 13:49]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2006-11-07 10:29]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"DelayShred"="C:\Program Files\McAfee\McAfee Shared Components\Shredder 5\SHRED32.EXE" /q C:\DOCUME~1\Steve\LOCALS~1\TEMPOR~1\Content.IE5\CLEBS5IB\YAHOO_~1.SH! C:\DOCUME~1\Steve\LOCALS~1\TEMPOR~1\Content.IE5\G5MR0TMF\INDEX_~1.SH! C:\DOCUME~1\Steve\LOCALS~1\TEMPOR~1\Content.IE5\CLEBS5IB\INDEX_~1.SH! C:\DOCUME~1\Steve\LOCALS~1\TEMPOR~1\Content.IE5\1Z735DKE\YAHOO_~1.SH! C:\DOCUME~1\Steve\LOCALS~1\TEMPOR~1\Content.IE5\7UO37T0L\AIMTOD~1.SH! C:\DOCUME~1\Steve\LOCALS~1\TEMPOR~1\Content.IE5\7UO37T0L\YAHOO_~1.SH! C:\DOCUME~1\Steve\LOCALS~1\TEMPOR~1\Content.IE5\UTZWTCJU\EBED21~1.SH! C:\DOCUME~1\Steve\LOCALS~1\TEMPOR~1\Content.IE5\CLEBS5IB\F91B31~1.SH! C:\DOCUME~1\Steve\LOCALS~1\TEMPOR~1\Content.IE5\6DCV25EX\060A9C~1.SH! C:\DOCUME~1\Steve\LOCALS~1\TEMPOR~1\Content.IE5\8TCR4FOZ\AE8F31~1.SH! C:\DOCUME~1\Steve\LOCALS~1\TEMPOR~1\Content.IE5\8DYFKLMN\AIMTOD~1.SH! C:\DOCUME~1\Steve\LOCALS~1\TEMPOR~1\Content.IE5\0VQ9S5UJ\TN67E3~1.SH! C:\DOCUME~1\Steve\LOCALS~1\TEMPOR~1\Content.IE5\CXYZG52N\393254~1.SH! C:\DOCUME~1\Steve\LOCALS~1\TEMPOR~1\Content.IE5\UPLM3MHK\FDEE8D~1.SH! C:\DOCUME~1\Steve\LOCALS~1\TEMPOR~1\Content.IE5\4JD36M7X\560615~1.SH! C:\DOCUME~1\Steve\LOCALS~1\TEMPOR~1\Content.IE5\UPLM3MHK\2C9BE8~1.SH! C:\DOCUME~1\Steve\LOCALS~1\TEMPOR~1\Content.IE5\VL3C1RBC\AIM_UA~1.SH! C:\DOCUME~1\Steve\LOCALS~1\TEMPOR~1\Content.IE5\VL3C1RBC\AIMTOD~1.SH! C:\DOCUME~1\Steve\LOCALS~1\TEMPOR~1\Content.IE5\M0H33E9V\AIM_UA~1.SH! C:\DOCUME~1\Steve\LOCALS~1\TEMPOR~1\Content.IE5\ZTOWXBVT\AIMTOD~1.SH! C:\DOCUME~1\Steve\LOCALS~1\TEMPOR~1\Content.IE5\ZTOWXBVT\AIM_UA~1.SH! C:\DOCUME~1\Steve\LOCALS~1\TEMPOR~1\Content.IE5\9K7WCYAJ\AIM_UA~1.SH! C:\DOCUME~1\Steve\LOCALS~1\TEMPOR~1\Content.IE5\UM4PU4SM\AIM_UA~1.SH! C:\DOCUME~1\Steve\LOCALS~1\TEMPOR~1\Content.IE5\E0YWIJ59\AIM_UA~1.SH!

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-11 22:28:17]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 01:05:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 03:01:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}"= C:\WINDOWS\system32\nnnonnk.dll [2007-11-14 21:27 36352]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnonnk]
nnnonnk.dll 2007-11-14 21:27 36352 C:\WINDOWS\system32\nnnonnk.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmkjk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Steve^Start Menu^Programs^Startup^Greetings Workshop Reminders.lnk]
path=C:\Documents and Settings\Steve\Start Menu\Programs\Startup\Greetings Workshop Reminders.lnk
backup=C:\WINDOWS\pss\Greetings Workshop Reminders.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ymetray]
"C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload


.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-18 15:42:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-18 15:51:32 - machine was rebooted
.
--- E O F ---

#9 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 18 November 2007 - 05:23 PM

Hello


Open Notepad - it must be Notepad, not Wordpad.
Copy the text below in the code box by highlighting all the text with your mouse and pressing Ctrl+C

File::
C:\WINDOWS\system32\hggdcyx.dll
C:\WINDOWS\system32\mntvofue.dll
C:\WINDOWS\system32\mgwssaxa.dll
C:\WINDOWS\system32\eojuqsjc.exe
C:\WINDOWS\system32\tuvttqp.dll
C:\WINDOWS\system32\VCCLSID.exe
C:\WINDOWS\system32\SrchSTS.exe
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\dumphive.exe
C:\WINDOWS\system32\WS2Fix.exe
C:\WINDOWS\system32\hggghgh.dll
C:\WINDOWS\system32\fbenvpnt.dll
C:\WINDOWS\system32\fbqkkynr.exe
C:\WINDOWS\system32\xxyxvsp.dll
C:\WINDOWS\system32\xnnksbof.dll
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\hgdbxwx.dll
C:\WINDOWS\system32\cbayvus.dll
C:\WINDOWS\system324040A0C0F080C.exe
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\system32\nnnonnk.dll
C:\WINDOWS\Fonts\Setup.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\system32\pmkjk.dll

Folder:: 
C:\VundoFix 
C:\VundoFix Backups
C:\Program Files\GameHouse
C:\n.bat
C:\Documents and Settings\Steve\x.dat
C:\Documents and Settings\Steve\z.dat
C:\z.dat
C:\x.dat
C:\WINDOWS\system32\rMa18yy
C:\Temp\abW9
C:\Program Files\Adssite Advanced Toolbar
C:\Documents and Settings\Steve\Application Data\Adssite Advanced Toolbar

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{048E9DDA-B90C-4C0B-B6CE-E2BACFC0CDC7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2a9e94bd-4f78-4747-b9fc-b7074650ec98}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Host Process"=-
"5C5C626467606469"=-
"84b66be0"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnonnk] 

DirLook::
C:\WINDOWS\mkok
C:\Program Files\Common Files\mkok
C:\WINDOWS\system32\909096989B9498
C:\Document

Go to the Notepad window and click Edit > Paste
Then click File > Save
Name the file "CFScript.txt" (excluding the quotes)
Save the file to your Desktop

Posted Image


Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Then

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back in your next reply with a new HijackThis log.

You too could train to help others- Join the Classroom

Posted Image


Posted Image

Posted Image

#10 troubledone

troubledone

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 18 November 2007 - 06:24 PM

Scotty, When I try dragging the CFScript file into Combofix, the program prepares to rum then a message pops up that says the current dat and that this version of ComboFix has expired and to download an updated version. It then uninstalls ComboFix. When i download and install Combofix again and try dragging the CFscript file into it the same thing happens. Thanks for your patience

    Advertisements

Register to Remove


#11 troubledone

troubledone

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 18 November 2007 - 07:05 PM

Sorry...got it to work. Here is the log:


ComboFix 07-11-08.3 - Steve 2007-11-18 19:37:59.2 - NTFSx86
Running from: C:\Documents and Settings\Steve\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Steve\Desktop\CFScript.txt

FILE
C:\WINDOWS\Fonts\Setup.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\system32\cbayvus.dll
C:\WINDOWS\system32\dumphive.exe
C:\WINDOWS\system32\eojuqsjc.exe
C:\WINDOWS\system32\fbenvpnt.dll
C:\WINDOWS\system32\fbqkkynr.exe
C:\WINDOWS\system32\hgdbxwx.dll
C:\WINDOWS\system32\hggdcyx.dll
C:\WINDOWS\system32\hggghgh.dll
C:\WINDOWS\system32\mgwssaxa.dll
C:\WINDOWS\system32\mntvofue.dll
C:\WINDOWS\system32\nnnonnk.dll
C:\WINDOWS\system32\pmkjk.dll
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\SrchSTS.exe
C:\WINDOWS\system32\tuvttqp.dll
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\VCCLSID.exe
C:\WINDOWS\system32\WS2Fix.exe
C:\WINDOWS\system32\xnnksbof.dll
C:\WINDOWS\system32\xxyxvsp.dll
C:\WINDOWS\system324040A0C0F080C.exe
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Steve\Application Data\Adssite Advanced Toolbar
C:\Documents and Settings\Steve\Application Data\Adssite Advanced Toolbar\advertbuttons.xml
C:\Documents and Settings\Steve\Application Data\Adssite Advanced Toolbar\selected.xml
C:\Documents and Settings\Steve\x.dat\
C:\Documents and Settings\Steve\z.dat\
C:\n.bat\
C:\Program Files\Adssite Advanced Toolbar
C:\Program Files\GameHouse
C:\Program Files\GameHouse\TextTwist\gh_link.gif
C:\Program Files\GameHouse\TextTwist\INSTALL.LOG
C:\Program Files\GameHouse\TextTwist\loading.png
C:\Program Files\GameHouse\TextTwist\longtree.bin
C:\Program Files\GameHouse\TextTwist\readme.txt
C:\Program Files\GameHouse\TextTwist\TextTwist.dll
C:\Program Files\GameHouse\TextTwist\TextTwist.exe
C:\Program Files\GameHouse\TextTwist\UNWISE.EXE
C:\Temp\abW9
C:\Temp\abW9\tPho.log
C:\WINDOWS\Fonts\Setup.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\system32\adeeg.ini
C:\WINDOWS\system32\adeeg.ini2
C:\WINDOWS\system32\cbayvus.dll
C:\WINDOWS\system32\dumphive.exe
C:\WINDOWS\system32\eojuqsjc.exe
C:\WINDOWS\system32\fbenvpnt.dll
C:\WINDOWS\system32\fbqkkynr.exe
C:\WINDOWS\system32\geeda.dll
C:\WINDOWS\system32\hgdbxwx.dll
C:\WINDOWS\system32\hggdcyx.dll
C:\WINDOWS\system32\hggghgh.dll
C:\WINDOWS\system32\mgwssaxa.dll
C:\WINDOWS\system32\mntvofue.dll
C:\WINDOWS\system32\nnnonnk.dll
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\rMa18yy
C:\WINDOWS\system32\rMa18yy\rMa18yy2328.exe
C:\WINDOWS\system32\SrchSTS.exe
C:\WINDOWS\system32\tuvttqp.dll
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\VCCLSID.exe
C:\WINDOWS\system32\WS2Fix.exe
C:\WINDOWS\system32\xnnksbof.dll
C:\WINDOWS\system32\xxyxvsp.dll
C:\x.dat\
C:\z.dat\

.
((((((((((((((((((((((((( Files Created from 2007-10-19 to 2007-11-19 )))))))))))))))))))))))))))))))
.

2007-11-18 15:27 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-17 21:30 <DIR> d-------- C:\Documents and Settings\Steve\Application Data\Grisoft
2007-11-17 21:29 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-17 01:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-16 17:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-16 17:25 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-16 17:25 <DIR> d-------- C:\Documents and Settings\Steve\Application Data\SUPERAntiSpyware.com
2007-11-16 17:24 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-16 16:27 396 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-16 12:09 <DIR> d-------- C:\WINDOWS\mkok
2007-11-16 12:09 <DIR> d-------- C:\Program Files\Common Files\mkok
2007-11-15 23:24 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-15 23:19 <DIR> d-------- C:\Documents and Settings\Steve\Application Data\Lavasoft
2007-11-14 21:29 <DIR> d-------- C:\WINDOWS\system32\909096989B9498
2007-11-14 21:29 120 --a------ C:\n.bat
2007-11-14 21:29 0 --a------ C:\Documents and Settings\Steve\x.dat
2007-11-14 21:28 124,416 --a------ C:\WINDOWS\system32\04040A0C0F080C.exe
2007-11-14 21:28 519 --a------ C:\Documents and Settings\Steve\z.dat
2007-11-14 21:28 0 --a------ C:\z.dat
2007-11-14 21:28 0 --a------ C:\x.dat
2007-11-07 14:54 <DIR> d-------- C:\Document
2007-11-06 15:07 6,058,496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-11-06 15:07 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-11-06 15:07 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-11-06 15:07 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-11-06 15:07 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-11-06 15:07 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-11-06 15:07 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-11-06 15:07 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-16 22:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-16 03:16 --------- d-----w C:\Program Files\Google
2007-11-15 02:28 --------- d-----w C:\Program Files\Microsoft Encarta
2007-11-07 20:44 62,016 -c--a-w C:\Documents and Settings\Steve\Application Data\GDIPFONTCACHEV1.DAT
2007-11-07 01:18 --------- d-----w C:\Program Files\PokerStars
2007-10-12 03:29 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2007-10-12 03:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Macrovision
2007-10-12 03:28 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-12 03:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-27 21:41 --------- d-----w C:\Documents and Settings\Steve\Application Data\AdobeUM
2007-05-13 12:16 374 -c--a-w C:\Documents and Settings\Steve\Application Data\internaldb6334.dat
2007-05-13 11:42 18,432 -c--a-w C:\Documents and Settings\Steve\Application Data\internaldb41.dat
2007-05-13 11:41 538 -c--a-w C:\Documents and Settings\Steve\Application Data\internaldb8467.dat
2006-04-14 23:06:18 1,056 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Document ----

2007-11-07 18:10 2186 --a------ C:\Document\Grade2\GRADE2W.INI
2007-11-07 18:10 14898 --a------ C:\Document\Grade2\CLASSES\NEWMZKJL.G2C
2007-11-07 18:09 10376 --a------ C:\Document\Grade2\BACKUPS\NEWMZKJL.G2B
2007-11-07 15:05 307 --a------ C:\Document\Grade2\RESERVE\subject.dat
2007-11-07 15:05 2965 --a------ C:\Document\Grade2\Template\DEFAULT.G2C
2007-11-07 15:05 175 --a------ C:\Document\Grade2\RESERVE\period2.dat
2007-11-07 15:05 175 --a------ C:\Document\Grade2\RESERVE\period1.dat
2007-11-07 15:05 168 --a------ C:\Document\Grade2\RESERVE\lgbp.dat
2007-11-07 15:05 163 --a------ C:\Document\Grade2\RESERVE\geninfo.dat
2007-11-07 15:05 155 --a------ C:\Document\Grade2\RESERVE\interval.dat
2007-11-07 15:05 1075 --a------ C:\Document\Grade2\RESERVE\gbwiz.ini
2007-11-07 15:05 101 --a------ C:\Document\Grade2\RESERVE\category.dat
2007-11-07 14:54 72748 --a------ C:\Document\Grade2\unins000.exe
2007-11-07 14:54 11051 --a------ C:\Document\Grade2\unins000.dat
2003-03-20 15:19 661504 --a------ C:\Document\Grade2\GRADE2W.EXE
2003-03-17 12:08 1529358 --a------ C:\Document\Grade2\Help\pdf\g2Manual.pdf
2003-03-11 10:21 2042 --a------ C:\Document\Grade2\Reports\Grades\CATLOOP.G2H
2003-03-10 15:36 1483 --a------ C:\Document\Grade2\Reports\Student\XSDITEMS.G2H
2003-03-10 15:29 1193 --a------ C:\Document\Grade2\Reports\Student\STREP.G2H
2003-03-10 15:28 1364 --a------ C:\Document\Grade2\Reports\Student\STPOBJS.G2H
2003-03-10 15:02 1436 --a------ C:\Document\Grade2\Reports\Student\SSPROG.G2H
2003-03-10 14:08 1265 --a------ C:\Document\Grade2\Reports\Multisub\MSSPROG.G2H
2003-03-10 14:05 1135 --a------ C:\Document\Grade2\Reports\Class\SDISSUM.G2H
2003-03-10 13:27 2089 --a------ C:\Document\Grade2\Reports\Student\SCHLRCQ.G2H
2003-03-10 13:25 2203 --a------ C:\Document\Grade2\Reports\Student\SCHLRC.G2H
2003-03-10 13:23 2060 --a------ C:\Document\Grade2\Reports\Student\SCHLRCR.G2H
2003-03-10 13:01 1267 --a------ C:\Document\Grade2\Reports\Multisub\CSUBQTRS.G2H
2003-03-10 12:32 1337 --a------ C:\Document\Grade2\Reports\Multisub\CSUBFIN.G2H
2003-03-10 10:52 1133 --a------ C:\Document\Grade2\Reports\Grades\BLANKGS.G2H
2003-03-10 10:51 1400 --a------ C:\Document\Grade2\Reports\Grades\BLANK.G2H
2003-03-10 10:37 1238 --a------ C:\Document\Grade2\Reports\Attend\BLANKATT.G2H
2003-03-10 10:21 1522 --a------ C:\Document\Grade2\Reports\Class\HTML#.G2H
2003-03-10 10:20 1612 --a------ C:\Document\Grade2\Reports\Class\CPGRADES.G2H
2003-03-10 08:30 1684 --a------ C:\Document\Grade2\Reports\Class\CPERSUM.G2H
2003-03-06 16:21 1160 --a------ C:\Document\Grade2\Reports\Student\CTREPGW.G2H
2003-03-06 16:03 1363 --a------ C:\Document\Grade2\Reports\Class\CFINALQ7.G2H
2003-03-06 16:00 1430 --a------ C:\Document\Grade2\Reports\Grades\PASSIGN.G2H
2003-03-06 15:42 1421 --a------ C:\Document\Grade2\Reports\Class\CFINALSW.G2H
2003-03-06 15:41 1381 --a------ C:\Document\Grade2\Reports\Class\CFINLQ4.G2H
2003-03-06 15:19 1394 --a------ C:\Document\Grade2\Reports\Class\CFINALQ4.G2H
2003-03-06 15:15 1481 --a------ C:\Document\Grade2\Reports\Grades\APGRDSI.G2H
2003-03-06 15:10 1591 --a------ C:\Document\Grade2\Reports\Grades\ALLPGRDS.G2H
2003-03-06 15:00 1363 --a------ C:\Document\Grade2\Reports\Class\CFINAL.G2H
2003-03-06 14:59 1324 --a------ C:\Document\Grade2\Reports\Class\CFINALQ.G2H
2003-03-04 08:09 1294 --a------ C:\Document\Grade2\Reports\Grades\CLCOLAVG.G2H
2003-02-25 15:22 1424 --a------ C:\Document\Grade2\Reports\Grades\SGRADES2.G2H
2003-02-25 15:20 1214 --a------ C:\Document\Grade2\Reports\Multisub\SUBPROG2.G2H
2003-02-25 15:20 1211 --a------ C:\Document\Grade2\Reports\Multisub\SUBPROG.G2H
2003-02-25 15:19 1534 --a------ C:\Document\Grade2\Reports\Class\CPERSUML.G2H
2003-02-25 15:19 1259 --a------ C:\Document\Grade2\Reports\Class\CLRANKP2.G2H
2003-02-25 15:17 1802 --a------ C:\Document\Grade2\Reports\Attend\ATTSUM.G2H
2003-02-20 13:48 1489 --a------ C:\Document\Grade2\Reports\SGRADES.G2H
2003-02-12 09:22 2688 --a------ C:\Document\Grade2\README.txt
2003-01-28 12:10 4284041 --a------ C:\Document\Grade2\gbwiz.exe
2003-01-28 11:20 1501 --a------ C:\Document\Grade2\Reports\Student\PROGCAT.G2H
2003-01-15 12:26 202857 --a------ C:\Document\Grade2\Help\pdf\QuickCard.pdf
2002-12-20 14:42 145 --a------ C:\Document\Grade2\Help\Web\index.htm
2002-12-20 12:39 2434 --a------ C:\Document\Grade2\Reports\MENU\APRNTDF5.G2H
2002-12-20 12:10 129 --a------ C:\Document\Grade2\homepage.htm
2002-12-19 13:34 2273 --a------ C:\Document\Grade2\Reports\Student\SPROGLT.G2H
2002-12-19 13:08 1802 --a------ C:\Document\Grade2\Reports\Student\CSUBGR.G2H
2002-12-19 12:37 1415 --a------ C:\Document\Grade2\Reports\Multisub\STGRDSU.G2H
2002-12-18 09:38 1363 --a------ C:\Document\Grade2\License.txt
2002-12-11 14:08 2395 --a------ C:\Document\Grade2\Template\6P100023.G2C
2002-12-11 14:08 2252 --a------ C:\Document\Grade2\Template\9P100019.G2C
2002-10-03 14:29 1622 --a------ C:\Document\Grade2\Reports\Student\CATPROG.G2H
2002-10-03 12:57 1042 --a------ C:\Document\Grade2\Reports\Multisub\WEEKLY.G2H
2002-10-03 12:55 1099 --a------ C:\Document\Grade2\Reports\Student\SPSUMREP.G2H
2002-10-03 12:53 1451 --a------ C:\Document\Grade2\Reports\Grades\SGRADES3.G2H
2002-10-03 12:51 919 --a------ C:\Document\Grade2\Reports\Student\STINDIV.G2H
2002-10-03 12:50 1667 --a------ C:\Document\Grade2\Reports\Student\STINFREP.G2H
2002-10-03 12:41 1654 --a------ C:\Document\Grade2\Reports\Student\FPROG.G2H
2002-10-03 12:40 2065 --a------ C:\Document\Grade2\Reports\Student\SCHRGP.G2H
2002-10-03 12:16 1574 --a------ C:\Document\Grade2\Reports\Student\CCAIND.G2H
2002-10-03 12:15 2257 --a------ C:\Document\Grade2\Reports\Student\DSTPROG.G2H
2002-10-03 12:13 1145 --a------ C:\Document\Grade2\Reports\Student\CCATMIS.G2H
2002-10-01 11:06 2182 --a------ C:\Document\Grade2\Reports\Student\SPROG.G2H
2002-10-01 11:02 1384 --a------ C:\Document\Grade2\Reports\Student\STSOBJ.G2H
2002-10-01 11:00 1447 --a------ C:\Document\Grade2\Reports\Multisub\STMISS.G2H
2002-10-01 11:00 1381 --a------ C:\Document\Grade2\Reports\Student\STIOBJ.G2H
2002-10-01 10:59 1246 --a------ C:\Document\Grade2\Reports\Student\SDISCP.G2H
2002-10-01 10:58 1789 --a------ C:\Document\Grade2\Reports\Attend\PATTSUM.G2H
2002-10-01 09:54 1594 --a------ C:\Document\Grade2\Reports\Attend\SPATSUM.G2H
2002-09-10 14:59 1751 --a------ C:\Document\Grade2\Reports\Class\SUBTEACH.G2H
2002-09-10 14:58 3643 --a------ C:\Document\Grade2\Reports\Grades\GRDBK20.G2H
2002-09-10 14:58 1681 --a------ C:\Document\Grade2\Reports\Grades\TPGRADES.G2H
2002-09-10 14:58 1657 --a------ C:\Document\Grade2\Reports\Student\TPCATGR.G2H
2002-09-10 14:58 1459 --a------ C:\Document\Grade2\Reports\Student\CLASSMIS.G2H
2002-09-10 14:58 1250 --a------ C:\Document\Grade2\Reports\Class\SEMGRQ.G2H
2002-09-10 14:58 1219 --a------ C:\Document\Grade2\Reports\Class\SEMGRSW.G2H
2002-05-29 16:25 165360 --a------ C:\Document\Grade2\G2REPW.EXE
2002-05-28 16:11 43158 --a------ C:\Document\Grade2\Help\lgbp.jpg
2002-05-28 16:10 80948 --a------ C:\Document\Grade2\Help\chooser.jpg
2002-05-16 13:49 1252 --a------ C:\Document\Grade2\Reports\Attend\TODAY.G2H
2002-05-16 11:49 1489 --a------ C:\Document\Grade2\Reports\Grades\COLUMN.G2H
2002-05-16 09:26 1936 --a------ C:\Document\Grade2\Reports\Class\CSSTATS.G2H
2002-05-16 09:25 1333 --a------ C:\Document\Grade2\Reports\Class\CSOBJS.G2H
2002-05-16 09:24 2048 --a------ C:\Document\Grade2\Reports\Class\CLSMAS.G2H
2002-05-16 09:22 1211 --a------ C:\Document\Grade2\Reports\Class\CLROST.G2H
2002-05-16 09:20 1343 --a------ C:\Document\Grade2\Reports\Class\CLRANKP.G2H
2002-05-16 09:19 1286 --a------ C:\Document\Grade2\Reports\Class\CLRANK.G2H
2002-05-16 09:06 1946 --a------ C:\Document\Grade2\Reports\Class\CPSTATS.G2H
2002-05-16 09:05 1333 --a------ C:\Document\Grade2\Reports\Class\CPOBJS.G2H
2002-05-16 09:04 2050 --a------ C:\Document\Grade2\Reports\Class\CLPMAS.G2H
2002-05-16 08:40 1949 --a------ C:\Document\Grade2\Reports\Class\CISTATS.G2H
2002-05-16 08:21 1340 --a------ C:\Document\Grade2\Reports\Class\CIOBJS.G2H
2002-05-16 08:20 2039 --a------ C:\Document\Grade2\Reports\Class\CLIMAS.G2H
2002-05-16 08:18 1634 --a------ C:\Document\Grade2\Reports\Class\CATGRDS.G2H
2002-05-08 14:45 2270 --a------ C:\Document\Grade2\Reports\Grades\CATRSHT2.G2H
2002-02-26 17:26 27896 --a------ C:\Document\Grade2\Help\Sub.htm
2002-02-26 17:13 46608 --a------ C:\Document\Grade2\Help\Multi.htm
2002-02-26 17:04 27547 --a------ C:\Document\Grade2\Help\Single.htm
2002-02-22 15:33 22155 --a------ C:\Document\Grade2\Help\Points.htm
2002-02-22 15:19 21978 --a------ C:\Document\Grade2\Help\Percents.htm
2002-02-22 14:18 25642 --a------ C:\Document\Grade2\Help\Letters.htm
2002-02-22 13:19 40237 --a------ C:\Document\Grade2\Help\background.jpg
2000-07-06 08:31 1720 --a------ C:\Document\Grade2\Reports\Multisub\MSSPROGG.G2H
2000-07-06 07:14 2110 --a------ C:\Document\Grade2\Reports\Student\Pschrecr.g2h
2000-06-29 08:12 2465 --a------ C:\Document\Grade2\Reports\Class\CISTATSM.G2H
2000-06-20 07:49 919 --a------ C:\Document\Grade2\Reports\Class\ELIGIBIL.G2H
2000-06-19 11:56 2243 --a------ C:\Document\Grade2\Reports\Class\CSSTATSM.G2H
2000-06-19 11:43 2368 --a------ C:\Document\Grade2\Reports\Class\CPSTATSM.G2H
2000-06-05 17:25 1987 --a------ C:\Document\Grade2\Reports\Grades\BSCORE1.G2H
2000-06-05 17:25 1958 --a------ C:\Document\Grade2\Reports\Grades\BSCORE3.G2H
2000-06-05 17:25 1169 --a------ C:\Document\Grade2\Reports\Class\CPRDSUM.G2H
2000-05-30 09:21 1771 --a------ C:\Document\Grade2\Reports\Grades\ASCORE2.G2H
2000-05-30 09:13 916 --a------ C:\Document\Grade2\Reports\Attend\CFGATT.G2H
2000-05-26 10:24 1183 --a------ C:\Document\Grade2\Reports\Class\clranki.g2h
2000-05-26 10:23 1241 --a------ C:\Document\Grade2\Reports\Class\Clrostp.g2h
2000-05-26 09:06 1181 --a------ C:\Document\Grade2\Reports\Grades\Clgrdsi.g2h
2000-05-25 11:14 2290 --a------ C:\Document\Grade2\Reports\Grades\CATRSHT1.G2H
2000-05-18 07:46 1112 --a------ C:\Document\Grade2\Reports\Attend\CUAREP2.G2H
2000-05-17 11:36 1867 --a------ C:\Document\Grade2\Reports\Grades\ASCORE3.G2H
2000-05-17 08:54 1754 --a------ C:\Document\Grade2\Reports\Grades\ASCORE1.G2H
1998-06-11 07:55 2899 --a------ C:\Document\Grade2\Template\Samples\TRIMEST.G2C
1998-06-11 07:40 2630 --a------ C:\Document\Grade2\Template\Samples\QUARTER.G2C
1998-06-11 07:36 2795 --a------ C:\Document\Grade2\Template\Samples\SIXWKS.G2C
1996-11-15 06:52 50848 --a------ C:\Document\Grade2\GSWDLL16.DLL
1996-11-15 06:52 419376 --a------ C:\Document\Grade2\GSW16.EXE
1996-11-06 06:52 195200 --a------ C:\Document\Grade2\GSWAG16.DLL
1996-03-11 11:03 112736 --a------ C:\Document\Grade2\VIC.DLL
1994-04-20 08:48 157472 --a------ C:\Document\Grade2\BWCC.DLL
1993-05-01 13:00 15360 --a------ C:\Document\Grade2\G2WLIB.DLL
1993-03-15 11:03 75816 --a------ C:\Document\Grade2\Template\Samples\AHISTORY.G2C
1993-03-15 11:03 64093 --a------ C:\Document\Grade2\Template\Samples\SECOND.G2C
1993-03-15 11:03 5171 --a------ C:\Document\Grade2\Template\Samples\VBASKET.G2C
1993-03-15 11:03 186480 --a------ C:\Document\Grade2\Template\Samples\LECTURE.G2C

---- Directory of C:\Program Files\Common Files\mkok ----

2007-11-16 17:20 1536 --a------ C:\Program Files\Common Files\mkok\mkokh
2007-11-16 12:10 0 --a------ C:\Program Files\Common Files\mkok\mkokl.lck
2007-11-16 12:09 0 --a------ C:\Program Files\Common Files\mkok\mkokm.lck
2007-11-16 12:09 0 --a------ C:\Program Files\Common Files\mkok\mkoka.lck

---- Directory of C:\WINDOWS\mkok ----

2007-11-16 12:13 4423 --a------ C:\WINDOWS\mkok\mkok.dat
2002-07-26 17:02 153088 --a------ C:\WINDOWS\mkok\wu

---- Directory of C:\WINDOWS\system32\909096989B9498 ----

2007-11-18 16:48 58 --a------ C:\WINDOWS\system32\909096989B9498\A4A4AAACAFA8AC


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-08-09 15:41]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-08-18 13:49]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2006-11-07 10:29]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"DelayShred"="C:\Program Files\McAfee\McAfee Shared Components\Shredder 5\SHRED32.EXE" /q C:\DOCUME~1\Steve\LOCALS~1\TEMPOR~1\Content.IE5\CLEBS5IB\YAHOO_~1.SH! C:\DOCUME~1\Steve\LOCALS~1\TEMPOR~1\Content.IE5\G5MR0TMF\INDEX_~1.SH! C:\DOCUME~1\Steve\LOCALS~1\TEMPOR~1\Content.IE5\CLEBS5IB\INDEX_~1.SH! C:\DOCUME~1\Steve\LOCALS~1\TEMPOR~1\Content.IE5\1Z735DKE\YAHOO_~1.SH! C:\DOCUME~1\Steve\LOCALS~1\TEMPOR~1\Content.IE5\7UO37T0L\AIMTOD~1.SH! C:\DOCUME~1\Steve\LOCALS~1\TEMPOR~1\Content.IE5\7UO37T0L\YAHOO_~1.SH! C:\DOCUME~1\Steve\LOCALS~1\TEMPOR~1\Content.IE5\UTZWTCJU\EBED21~1.SH! C:\DOCUME~1\Steve\LOCALS~1\TEMPOR~1\Content.IE5\CLEBS5IB\F91B31~1.SH! C:\DOCUME~1\Steve\LOCALS~1\TEMPOR~1\Content.IE5\6DCV25EX\060A9C~1.SH! C:\DOCUME~1\Steve\LOCALS~1\TEMPOR~1\Content.IE5\8TCR4FOZ\AE8F31~1.SH! C:\DOCUME~1\Steve\LOCALS~1\TEMPOR~1\Content.IE5\8DYFKLMN\AIMTOD~1.SH! C:\DOCUME~1\Steve\LOCALS~1\TEMPOR~1\Content.IE5\0VQ9S5UJ\TN67E3~1.SH! C:\DOCUME~1\Steve\LOCALS~1\TEMPOR~1\Content.IE5\CXYZG52N\393254~1.SH! C:\DOCUME~1\Steve\LOCALS~1\TEMPOR~1\Content.IE5\UPLM3MHK\FDEE8D~1.SH! C:\DOCUME~1\Steve\LOCALS~1\TEMPOR~1\Content.IE5\4JD36M7X\560615~1.SH! C:\DOCUME~1\Steve\LOCALS~1\TEMPOR~1\Content.IE5\UPLM3MHK\2C9BE8~1.SH! C:\DOCUME~1\Steve\LOCALS~1\TEMPOR~1\Content.IE5\VL3C1RBC\AIM_UA~1.SH! C:\DOCUME~1\Steve\LOCALS~1\TEMPOR~1\Content.IE5\VL3C1RBC\AIMTOD~1.SH! C:\DOCUME~1\Steve\LOCALS~1\TEMPOR~1\Content.IE5\M0H33E9V\AIM_UA~1.SH! C:\DOCUME~1\Steve\LOCALS~1\TEMPOR~1\Content.IE5\ZTOWXBVT\AIMTOD~1.SH! C:\DOCUME~1\Steve\LOCALS~1\TEMPOR~1\Content.IE5\ZTOWXBVT\AIM_UA~1.SH! C:\DOCUME~1\Steve\LOCALS~1\TEMPOR~1\Content.IE5\9K7WCYAJ\AIM_UA~1.SH! C:\DOCUME~1\Steve\LOCALS~1\TEMPOR~1\Content.IE5\UM4PU4SM\AIM_UA~1.SH! C:\DOCUME~1\Steve\LOCALS~1\TEMPOR~1\Content.IE5\E0YWIJ59\AIM_UA~1.SH!

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-11 22:28:17]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 01:05:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 03:01:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\geeda.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Steve^Start Menu^Programs^Startup^Greetings Workshop Reminders.lnk]
path=C:\Documents and Settings\Steve\Start Menu\Programs\Startup\Greetings Workshop Reminders.lnk
backup=C:\WINDOWS\pss\Greetings Workshop Reminders.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ymetray]
"C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload

R3 pc22nd5;Toshiba PCX2200 USB Cable Modem networking driver (NDIS);C:\WINDOWS\system32\DRIVERS\pc22nd5.sys
R3 pc22unic;Toshiba PCX2200 USB Cable Modem WDM driver;C:\WINDOWS\system32\DRIVERS\pc22unic.sys

.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-18 19:48:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-18 19:58:16 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-18 15:51
.
--- E O F ---

#12 troubledone

troubledone

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 18 November 2007 - 08:04 PM

here you go Scotty



SDFix: Version 1.114

Run by Steve on Sun 11/18/2007 at 08:30 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\X.DAT - Deleted
C:\Z.DAT - Deleted
C:\DOCUME~1\STEVE\APPLIC~1\MICROS~1\WINDOWS\RAYIOU.EXE - Deleted
C:\Documents and Settings\Steve\x.dat - Deleted
C:\Documents and Settings\Steve\z.dat - Deleted
C:\WINDOWS\mrofinu1188.exe.tmp - Deleted
C:\n.bat - Deleted


Folder C:\WINDOWS\Fonts\' - Removed

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-18 20:48:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Fri 14 Apr 2006 1,056 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Sun 4 Sep 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 28 Feb 2007 27,648 ...H. --- "C:\Documents and Settings\Steve\My Documents\~WRL1144.tmp"
Sun 25 Feb 2007 24,576 ...H. --- "C:\Documents and Settings\Steve\My Documents\~WRL2981.tmp"
Fri 12 Nov 2004 37,376 ...H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe"
Wed 31 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8361ae28fcfac79271825a6b2935fdb6\BIT36.tmp"
Mon 4 Dec 2006 183,808 ...H. --- "C:\Documents and Settings\Steve\Application Data\Microsoft\Word\~WRL0005.tmp"
Sun 1 Jan 2006 31,232 ...H. --- "C:\Documents and Settings\Steve\Application Data\Microsoft\Word\~WRL2143.tmp"

Finished!


Logfile of HijackThis v1.99.1
Scan saved at 8:57:18 PM, on 11/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Hijackthis\help.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

#13 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 19 November 2007 - 04:34 AM

Hello

Combofix has not been updated and should not be used anymore. We will have to go oldschool. :P

Go to http://www.virustota.../en/indexf.html
Copy the following line into the white textbox:
C:\Program Files\Common Files\mkok\mkokl.lck
Click Send.
Please post the results of this scan to this thread.

Do the same for these files
C:\WINDOWS\mkok\mkok.dat

C:\Documents and Settings\Steve\Application Data\internaldb6334.dat

C:\WINDOWS\system324040A0C0F080C.exe
You too could train to help others- Join the Classroom

Posted Image


Posted Image

Posted Image

#14 troubledone

troubledone

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 19 November 2007 - 08:51 PM

Scotty, 1st line: 0 bytes size received / Se ha recibido un archivo vacio

#15 troubledone

troubledone

    New Member

  • Authentic Member
  • Pip
  • 17 posts

Posted 19 November 2007 - 09:06 PM

Scotty, 2nd file: File mkok.dat received on 11.20.2007 03:52:10 (CET) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 0/32 (0%) Loading server information... Your file is queued in position: 5. Estimated start time is between 51 and 73 seconds. Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result AhnLab-V3 2007.11.20.0 2007.11.20 - AntiVir 7.6.0.34 2007.11.19 - Authentium 4.93.8 2007.11.19 - Avast 4.7.1074.0 2007.11.19 - AVG 7.5.0.503 2007.11.19 - BitDefender 7.2 2007.11.20 - CAT-QuickHeal 9.00 2007.11.19 - ClamAV 0.91.2 2007.11.20 - DrWeb 4.44.0.09170 2007.11.19 - eSafe 7.0.15.0 2007.11.14 - eTrust-Vet 31.3.5308 2007.11.19 - Ewido 4.0 2007.11.19 - FileAdvisor 1 2007.11.20 - Fortinet 3.11.0.0 2007.11.20 - F-Prot 4.4.2.54 2007.11.19 - F-Secure 6.70.13030.0 2007.11.20 - Ikarus T3.1.1.12 2007.11.20 - Kaspersky 7.0.0.125 2007.11.20 - McAfee 5166 2007.11.19 - Microsoft 1.3007 2007.11.20 - NOD32v2 2670 2007.11.19 - Norman 5.80.02 2007.11.19 - Panda 9.0.0.4 2007.11.20 - Prevx1 V2 2007.11.20 - Rising 20.19.00.00 2007.11.19 - Sophos 4.23.0 2007.11.19 - Sunbelt 2.2.907.0 2007.11.20 - Symantec 10 2007.11.20 - TheHacker 6.2.9.134 2007.11.19 - VBA32 3.12.2.5 2007.11.19 - VirusBuster 4.3.26:9 2007.11.19 - Webwasher-Gateway 6.0.1 2007.11.20 - Additional information File size: 4423 bytes MD5: 9107561e75ba781ec401bf21e19bf106 SHA1: 374ae3043d6e465961b14063275c798446b32534

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users