Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91844 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] help slow ie6


  • This topic is locked This topic is locked
17 replies to this topic

#1 the shed

the shed

    New Member

  • New Member
  • Pip
  • 9 posts

Posted 10 May 2008 - 01:59 AM

Hi,this is my 1st post so be gentle.I bought a cd from ebay the other day and when it ran it seamed to have put something in my startup which i cant get rid of since it been on my pc it has slowed my google down to the point where not even my favourites are coming up,i cant explore this site on my pc so i,m using the laptop the beast in question is xarhbopg which i'm sure is causeing my problem,i have a hjt report i'm abit of a newbie so here gos HELP

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:24:45, on 10/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\PROGRA~1\Grisoft\AVG7\avgvv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {1ffea4dc-cf70-912a-aef4-73875329d4eb} - {be4d9235-7837-4fea-a219-07fccd4aeff1} - C:\WINDOWS\system32\sdbnmvsv.dll
O2 - BHO: (no name) - {C9B442DC-069D-40C5-B0EF-8F8637D4D0F2} - C:\WINDOWS\system32\khfEUoPG.dll (file missing)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BM430d4379] Rundll32.exe "C:\WINDOWS\system32\xarhbopg.dll",s
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O20 - Winlogon Notify: jkkIYOiI - jkkIYOiI.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DigiCtrl (kw7v1iboep) - Unknown owner - C:\WINDOWS\system32\nlbwsefq.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
StartupList report, 10/05/2008, 08:34:56
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup]
*No files*

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

AVG7_CC = C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
BM430d4379 = Rundll32.exe "C:\WINDOWS\system32\xarhbopg.dll",s

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

SUPERAntiSpyware = C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{4b218e3e-bc98-4770-93d3-2731b9329278}] *
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\sstext3d.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}
{1ffea4dc-cf70-912a-aef4-73875329d4eb} - C:\WINDOWS\system32\sdbnmvsv.dll - {be4d9235-7837-4fea-a219-07fccd4aeff1}
(no name) - C:\WINDOWS\system32\khfEUoPG.dll (file missing) - {C9B442DC-069D-40C5-B0EF-8F8637D4D0F2}

--------------------------------------------------

Enumerating Task Scheduler jobs:

*No jobs found*

--------------------------------------------------

Enumerating Download Program Files:

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL
CODEBASE = http://go.microsoft....k/?linkid=39204

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
Ati HotKey Poller: %SystemRoot%\System32\Ati2evxx.exe (autostart)
ATI Smart: C:\WINDOWS\system32\ati2sgag.exe (autostart)
ati2mtag: System32\DRIVERS\ati2mtag.sys (manual start)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
AVG7 Alert Manager Server: C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (autostart)
AVG7 Kernel: \SystemRoot\System32\Drivers\avg7core.sys (system)
AVG7 Wrap Driver: \SystemRoot\System32\Drivers\avg7rsw.sys (system)
AVG7 Resident Driver XP: \SystemRoot\System32\Drivers\avg7rsxp.sys (system)
AVG7 Update Service: C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (autostart)
AVG7 Clean Driver: \SystemRoot\System32\Drivers\avgclean.sys (system)
AVG E-mail Scanner: C:\PROGRA~1\Grisoft\AVG7\avgemc.exe (autostart)
AVG Network Redirector: \SystemRoot\System32\Drivers\avgtdi.sys (autostart)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
catchme: \??\C:\DOCUME~1\CHRIS~1.CHR\LOCALS~1\Temp\catchme.sys (manual start)
Closed Caption Decoder: system32\DRIVERS\CCDECODE.sys (manual start)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: C:\WINDOWS\System32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
C-Media WDM Audio Interface: system32\drivers\cmuda.sys (manual start)
COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Creative Service for CDROM Access: C:\WINDOWS\system32\CTsvcCDA.EXE (autostart)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Creative SBLive! Gameport: system32\DRIVERS\ctljystk.sys (manual start)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager Driver: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Creative SB Live! series(WDM): system32\drivers\emu10k1f.sys (manual start)
Creative Interface Manager Driver (WDM): system32\drivers\ctlface.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms: System32\DRIVERS\gagp30kx.sys (system)
Game Port Enumerator: system32\DRIVERS\gameenum.sys (manual start)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
DigiCtrl: C:\WINDOWS\system32\nlbwsefq.exe /service (autostart)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
NABTS/FEC VBI Codec: system32\DRIVERS\NABTSFEC.sys (manual start)
Microsoft TV/Video Connection: system32\DRIVERS\NdisIP.sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Nokia USB Phone Parent: system32\drivers\ccdcmb.sys (manual start)
Nokia USB Generic: system32\drivers\ccdcmbo.sys (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
PCCS Mode Change Filter Driver: system32\DRIVERS\pccsmcfd.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
PCIIde: System32\DRIVERS\pciide.sys (system)
PfModNT: \??\C:\WINDOWS\system32\PfModNT.sys (autostart)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Processor Driver: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: System32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver: System32\DRIVERS\RTL8139.SYS (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
SASDIFSV: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (system)
SASENUM: \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (manual start)
SASKUTIL: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (system)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
ServiceLayer: "C:\Program Files\PC Connectivity Solution\ServiceLayer.exe" (manual start)
Creative SoundFont Manager Driver (WDM): system32\drivers\sfman.sys (manual start)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)
USB PC Camera (SN9C102): system32\DRIVERS\snpstd.sys (manual start)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{B40F616B-8726-4910-A795-E1AA0370A0B0} (manual start)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Telnet: C:\WINDOWS\System32\tlntsvr.exe (manual start)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
upperdev: system32\DRIVERS\usbser_lowerflt.sys (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)
Nokia USB Serial Port: system32\DRIVERS\usbser.sys (manual start)
UsbserFilt: system32\DRIVERS\usbser_lowerfltj.sys (manual start)
USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
Messenger Sharing Folders USN Journal Reader service: "C:\Program Files\Windows Live\Messenger\usnsvc.exe" (manual start)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
ViaIde: System32\DRIVERS\viaide.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
Wdf01000: system32\DRIVERS\Wdf01000.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Windows Live Setup Service: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe" (manual start)
WMDM PMSP Service: C:\WINDOWS\system32\MsPMSPSv.exe (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
World Standard Teletext Codec: system32\DRIVERS\WSTCODEC.SYS (manual start)
Automatic Updates: %systemRoot%\System32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------
have i something bad here?
thanks to whoever can help me

    Advertisements

Register to Remove


#2 bob4

bob4

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,205 posts

Posted 10 May 2008 - 05:12 AM

_________________________________
Welcome to the Forums.

The fixes we will use are specific to your problems and should only be used for this issue on this machine.

Please only use this topic to reply to. Do not start another thread.
If any other issues arise let me know.
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear. So lets do this to the end!

  • Save and quit any work your doing before beginning the fix.
  • All hijackthis logs I ask for should be done in normal mode ( not safe mode)
  • These logs should be done last after you have followed my instructions in the previous post.


Please if you decide to seek help at another forum let us know. There is a shortage of helpers and tying 2 of us up is a waste of time.
If you have any questions about any advice given here please STOP and ask!




______________________________________________
1. Download Combo fix from one of these locations.
* IMPORTANT !!! Place combofix.exe on your Desktop

http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

2. Click start/run and copy and Paste this in exactly using the picture below for reference:

"%userprofile%\desktop\combofix.exe" /killall


Posted Image

3. Combo will begin to run DO NOTHING while this is happeneing.
  • It will kill a few processes and disconnect you from the internet.
  • If by chance it stops prematurly you can re-establish your internet connection by restarting your computer.
  • This needs to be done so the program can work most efficiently for you.
Do not attempt to use the internet or anything else while it's doing its job for you.

If when it's completed you can not get on the internet just reboot the computer

Post the log from comboFix for me located in
c:\comboFix.txt
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

#3 the shed

the shed

    New Member

  • New Member
  • Pip
  • 9 posts

Posted 10 May 2008 - 11:32 AM

Hi again,well did what you advised and heres the combo log you asked for
ComboFix 08-05-09.1 - chris 2008-05-10 18:16:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1118 [GMT 1:00]
Running from: C:\Documents and Settings\chris.CHRIS-LKUOASJQO\desktop\combofix.exe
Command switches used :: /killall
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\GPoUEfhk.ini
C:\WINDOWS\system32\GPoUEfhk.ini2
C:\WINDOWS\system32\sdbnmvsv.dll
C:\WINDOWS\system32\sohnsrjt.ini
C:\WINDOWS\system32\xarhbopg.dll

.
((((((((((((((((((((((((( Files Created from 2008-04-10 to 2008-05-10 )))))))))))))))))))))))))))))))
.

2008-05-10 18:16 . 2008-05-10 18:16 1,024 --ah----- C:\Documents and Settings\Default User.WINDOWS\ntuser.dat.LOG
2008-05-10 08:19 . 2008-05-10 08:19 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-09 10:33 . 2008-05-09 10:33 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-09 10:24 . 2008-05-10 07:37 <DIR> d-------- C:\SDFix
2008-05-09 04:17 . 2008-05-10 08:31 109,858 --a------ C:\WINDOWS\BM430d4379.xml
2008-05-08 16:24 . 2008-05-08 16:24 <DIR> d-------- C:\Program Files\Lonely Cat Games
2008-04-25 22:00 . 2008-04-25 22:00 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\Nokia Multimedia Player
2008-04-25 21:56 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-04-25 21:56 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-04-25 21:55 . 2008-04-25 21:55 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-25 21:55 . 2008-04-25 21:55 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-04-25 21:52 . 2008-04-25 21:57 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\PC Suite
2008-04-25 21:52 . 2008-04-25 22:02 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\Nokia
2008-04-25 21:52 . 2008-04-25 21:52 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Suite
2008-04-25 21:51 . 2008-04-25 21:51 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-04-25 21:51 . 2007-11-29 10:33 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-04-25 21:51 . 2007-11-29 10:39 95,744 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-04-25 21:51 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-04-25 21:51 . 2007-11-29 10:39 19,328 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-04-25 21:51 . 2007-11-29 10:39 16,896 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-04-25 21:51 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-04-25 21:51 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-04-25 21:50 . 2008-05-08 16:58 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Installations
2008-04-25 18:52 . 2007-11-29 10:32 48,128 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-04-24 23:01 . 2008-04-24 23:01 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2008-04-24 23:01 . 2008-04-24 23:01 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\AVS4YOU
2008-04-24 23:01 . 2008-04-24 23:01 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVS4YOU
2008-04-24 23:00 . 2008-04-24 23:01 <DIR> d-------- C:\Program Files\AVS4YOU
2008-04-23 10:33 . 2004-08-04 00:56 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-04-23 10:33 . 2004-08-04 00:56 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-04-19 17:52 . 1996-10-15 18:01 298,496 --a------ C:\WINDOWS\uninst.exe
2008-04-19 17:51 . 2008-04-19 17:51 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\WINDOWS
2008-04-19 17:24 . 2008-05-08 17:00 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-04-18 19:32 . 2008-04-18 19:36 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\Ahead
2008-04-15 17:20 . 2008-04-15 17:20 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Contacts
2008-04-15 17:19 . 2008-04-25 21:52 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-04-14 21:31 . 2008-04-14 21:31 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2008-04-14 21:31 . 2008-04-14 21:30 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-04-14 21:15 . 2008-04-14 21:15 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\LocalLow
2008-04-14 21:15 . 2008-04-14 21:15 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\TVU Networks
2008-04-14 20:17 . 2008-04-14 20:17 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\vlc
2008-04-14 20:06 . 2008-04-14 20:21 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-04-14 20:06 . 2007-02-27 19:36 524,288 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-04-13 21:49 . 2008-04-14 19:45 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\SopCast
2008-04-13 19:44 . 2008-04-13 19:44 376 --a------ C:\WINDOWS\ODBC.INI
2008-04-13 19:43 . 2008-04-13 19:43 <DIR> d-------- C:\WINDOWS\ShellNew
2008-04-13 00:10 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-13 00:10 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-04-13 00:10 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-12 16:47 . 2008-04-17 15:48 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-04-12 16:17 . 2008-04-12 16:17 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\SUPERAntiSpyware.com
2008-04-12 16:17 . 2008-04-12 16:17 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2008-04-12 15:59 . 2008-04-12 15:59 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\scar5
2008-04-12 15:59 . 2008-04-12 15:59 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\scar5
2008-04-12 15:15 . 2008-04-12 15:16 63 --a------ C:\WINDOWS\gvcasinos.ini
2008-04-12 14:50 . 2008-04-12 14:50 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\Lavasoft
2008-04-12 13:17 . 2008-04-12 13:17 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\Any Video Converter
2008-04-12 13:16 . 2008-04-12 13:16 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\DAEMON Tools
2008-04-12 12:33 . 2008-04-12 12:33 <DIR> d-------- C:\Program Files\PowerQuest
2008-04-12 11:36 . 2008-04-12 11:39 36 --a------ C:\WINDOWS\plugSpk.INI
2008-04-12 11:27 . 1998-03-19 01:00 18,432 --a------ C:\WINDOWS\system32\Audiohq.cpl
2008-04-12 11:27 . 1998-03-19 01:00 3,584 --a------ C:\WINDOWS\system32\Ahqcpres.dll
2008-04-12 11:26 . 2008-04-12 11:26 <DIR> d-------- C:\Media
2008-04-12 11:26 . 1999-12-13 01:01 44,032 --a------ C:\WINDOWS\system32\CTSVCCDA.EXE
2008-04-12 11:26 . 1999-11-18 01:00 25,088 --a------ C:\WINDOWS\system32\CTSVCCTL.EXE
2008-04-12 11:24 . 1999-12-17 01:00 6,752 --------- C:\WINDOWS\system32\PfModNT.sys
2008-04-12 11:00 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll
2008-04-12 10:09 . 2008-04-12 10:09 169 --a------ C:\WINDOWS\RtlRack.ini
2008-04-12 10:04 . 2005-06-08 02:31 18,726,912 -ra------ C:\WINDOWS\system32\alsndmgr.cpl
2008-04-12 10:04 . 2005-06-08 02:31 9,389,568 -ra------ C:\WINDOWS\system32\RTLCPL.exe
2008-04-12 10:04 . 2005-06-08 02:31 2,319,680 -ra------ C:\WINDOWS\system32\drivers\alcxwdm.sys
2008-04-12 10:04 . 2005-06-08 02:31 294,912 -ra------ C:\WINDOWS\alcupd.exe
2008-04-12 10:04 . 2005-06-08 02:31 200,704 -ra------ C:\WINDOWS\alcrmv.exe
2008-04-12 10:04 . 2005-06-08 02:31 156,672 -ra------ C:\WINDOWS\system32\RtlCPAPI.dll
2008-04-12 10:04 . 2005-06-08 02:31 141,016 -ra------ C:\WINDOWS\system32\alsndmgr.wav
2008-04-12 10:04 . 2005-06-08 02:31 77,824 -ra------ C:\WINDOWS\soundman.exe
2008-04-12 10:04 . 2005-06-08 02:31 40,960 -ra------ C:\WINDOWS\system32\ChCfg.exe
2008-04-12 10:04 . 2005-06-08 02:31 164 -ra------ C:\WINDOWS\avrack.ini
2008-04-12 07:51 . 2005-04-15 19:58 1,071,088 --------- C:\WINDOWS\system32\MSCOMCTL.OCX
2008-04-12 07:51 . 2004-03-09 16:45 662,288 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
2008-04-12 07:35 . 1999-10-11 02:01 41,984 --a------ C:\WINDOWS\CTREGRUN.EXE
2008-04-12 07:34 . 1998-02-25 03:00 2,259,067 --a------ C:\WINDOWS\system32\DEFAULT.ECW
2008-04-12 07:34 . 1995-01-13 14:10 149,504 --------- C:\WINDOWS\system32\mfcans32.dll
2008-04-12 07:34 . 1995-01-13 14:10 108,032 --------- C:\WINDOWS\system32\mfcuia32.dll
2008-04-12 07:33 . 1999-10-07 02:00 55,808 --a------ C:\WINDOWS\system32\CtMp3.Crl
2008-04-12 07:33 . 2008-04-12 11:28 129 --a------ C:\WINDOWS\SBWIN.INI
2008-04-12 07:32 . 2008-04-12 11:28 <DIR> d-------- C:\Program Files\Creative
2008-04-12 07:32 . 2001-01-31 01:01 307,200 --------- C:\WINDOWS\system32\CtMp3Lib.dll
2008-04-12 07:32 . 2001-01-23 01:05 110,592 --------- C:\WINDOWS\system32\ctmp3io2.dll
2008-04-12 07:32 . 2000-05-30 01:00 12,288 --------- C:\WINDOWS\system32\CTNMSP.crl
2008-04-12 07:32 . 2000-11-20 01:00 6,656 --------- C:\WINDOWS\system32\CTMP3io2.crl
2008-04-12 07:32 . 2008-04-12 10:27 227 --a------ C:\WINDOWS\SYSTEM.I~I
2008-04-12 07:31 . 2008-04-12 07:31 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-04-12 07:31 . 2008-04-12 07:31 <DIR> d-------- C:\WINDOWS\Profiles
2008-04-12 07:31 . 2008-04-12 07:31 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\InterTrust
2008-04-12 07:31 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-04-12 06:23 . 2008-04-12 06:23 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
2008-04-12 06:22 . 2007-07-09 14:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-04-12 06:15 . 2008-04-12 06:15 <DIR> d---s---- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\UserData
2008-04-12 06:10 . 2008-04-12 10:28 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-04-12 06:00 . 2008-04-12 06:00 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\Digital Asphyxia
2008-04-12 06:00 . 2008-04-12 06:00 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Tarma Installer
2008-04-12 06:00 . 2008-04-12 06:00 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Digital Asphyxia
2008-04-12 05:47 . 2008-04-12 05:47 <DIR> dr------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\My Pictures
2008-04-12 05:02 . 2008-04-12 05:02 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\AVG7
2008-04-12 05:02 . 2008-05-10 08:00 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\AVG7
2008-04-12 05:02 . 2008-04-12 05:02 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2008-04-12 05:02 . 2008-04-12 12:16 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7
2008-04-12 05:02 . 2008-04-12 05:02 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-04-10 22:59 . 2008-04-10 22:59 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-04-10 22:53 . 2008-04-10 22:53 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-04-10 22:51 . 2004-08-04 00:56 2,897,920 --------- C:\WINDOWS\system32\xpsp2res.dll
2008-04-10 22:51 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002283_.tmp
2008-04-10 22:50 . 2006-10-08 21:51 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-04-10 22:49 . 2008-04-10 22:49 <DIR> d-------- C:\WINDOWS\EHome
2008-04-10 22:38 . 2008-04-10 22:38 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\ATI
2008-04-10 22:30 . 2008-04-10 22:31 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-04-10 22:30 . 2005-08-05 21:05 516,096 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-04-10 22:29 . 2005-07-11 21:12 524,850 -ra------ C:\WINDOWS\system32\drivers\ativcaxx.cpa
2008-04-10 22:29 . 2005-08-04 07:07 307,200 -ra------ C:\WINDOWS\system32\atiiiexx.dll
2008-04-10 22:29 . 2005-06-10 21:59 95,617 -ra------ C:\WINDOWS\system32\atiicdxx.dat
2008-04-10 22:29 . 2005-06-08 20:45 58,560 -ra------ C:\WINDOWS\system32\drivers\ativckxx.vp
2008-04-10 22:29 . 2005-08-04 07:20 21,712 -ra------ C:\WINDOWS\system32\drivers\ativvpxx.vp
2008-04-10 22:29 . 2005-06-07 08:25 5,496 -ra------ C:\WINDOWS\system32\atifglpf.xml
2008-04-10 22:29 . 2005-07-11 21:12 929 -ra------ C:\WINDOWS\system32\drivers\ativcaxx.vp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-10 04:41 --------- d-----w C:\Program Files\Enigma Software Group
2008-04-26 07:27 --------- d-----w C:\Program Files\Google
2008-04-25 20:51 --------- d-----w C:\Program Files\DIFX
2008-04-24 21:33 --------- d-----w C:\Program Files\AVIConverter
2008-04-23 09:28 --------- d-----w C:\Program Files\Common Files\snpstd
2008-04-17 21:40 --------- d-----w C:\Program Files\BitLord
2008-04-17 14:49 --------- d-----w C:\Program Files\MSN Messenger
2008-04-14 21:04 --------- d-----w C:\Program Files\SopCast
2008-04-14 20:15 --------- d-----w C:\Program Files\TVUPlayer
2008-04-12 15:41 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-04-12 13:50 --------- d-----w C:\Program Files\Lavasoft
2008-04-12 13:44 --------- d-----w C:\Program Files\Evidence Eliminator
2008-04-12 09:04 --------- d-----w C:\Program Files\AvRack
2008-04-12 06:33 --------- d-----w C:\Program Files\Winamp
2008-04-07 17:50 --------- d-----w C:\Program Files\VideoLAN
2008-04-06 18:24 --------- d-----w C:\Program Files\BlazeVideo
2008-04-06 15:05 --------- d-----w C:\Program Files\Any Video Converter
2008-03-29 17:19 --------- d-----w C:\Program Files\Electronic Arts
2008-03-28 22:33 --------- d-----w C:\Program Files\VP3 Codec
2008-03-23 14:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-05 15:03 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll
2008-03-05 15:03 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll
2008-03-05 15:00 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll
2008-03-05 14:56 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 08:59 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C9B442DC-069D-40C5-B0EF-8F8637D4D0F2}]
C:\WINDOWS\system32\khfEUoPG.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE" [2008-04-12 16:41 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 17:02 579584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-12 06:11 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkIYOiI]
jkkIYOiI.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= C:\WINDOWS\system32\ctmp3.acm
"aux"= ctwdm32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk
backup=C:\WINDOWS\pss\ATI CATALYST System Tray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\403e70e5]
C:\WINDOWS\system32\tjrsnhos.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AHQInit]
--a------ 2001-05-10 17:49 102400 C:\Program Files\Creative\SBLive\Program\AHQInit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2005-08-06 01:07 61440 C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioHQ]
--a------ 2001-08-17 17:01 180224 C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM430d4379]
C:\WINDOWS\system32\xarhbopg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-01 22:22 3739648 C:\Program Files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nlbwsefq]
C:\WINDOWS\system32\nlbwsefq.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-04-16 12:53 1079808 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]
--a------ 2003-12-31 17:39 40960 C:\WINDOWS\vsnpstd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
--a------ 2008-01-23 14:47 847872 C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--a------ 2000-05-11 01:00 90112 C:\WINDOWS\Updreg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-02-13 19:29 35328 C:\Program Files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\sopvod.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

S2 kw7v1iboep;DigiCtrl;C:\WINDOWS\system32\nlbwsefq.exe []
S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 15:53]
S3 upperdev;upperdev;C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 10:39]
S3 UsbserFilt;UsbserFilt;C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 10:39]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-10 18:21:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
.
**************************************************************************
.
Completion time: 2008-05-10 18:24:43 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-10 17:24:40
ComboFix2.txt 2007-09-10 09:15:42

Pre-Run: 9,765,261,312 bytes free
Post-Run: 10,154,741,760 bytes free

281 --- E O F --- 2008-04-17 14:55:15
sorry i took long to reply

#4 bob4

bob4

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,205 posts

Posted 10 May 2008 - 05:09 PM

Open HJT

this time click on
Misc tools section

then:
Open uninstall Manager
click on save list.
Post that for me.



________________________________________
Open notepad and copy/paste the text in the quotebox below into it:


Killall::

File:: 
C:\WINDOWS\system32\khfEUoPG.dll
C:\WINDOWS\system32\tjrsnhos.dll
C:\WINDOWS\system32\xarhbopg.dll
C:\WINDOWS\system32\nlbwsefq.exe



Registry:: 
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\403e70e5]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C9B442DC-069D-40C5-B0EF-8F8637D4D0F2}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkIYOiI]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM430d4379]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nlbwsefq]


NOTE: This script was done for this user specifically.
DO NOT ATTEMPT TO USE IT IF YOU ARE NOT THIS USER
YOU WILL HURT THE WORKINGS OF YOUR COMPUTER !!
.

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:ComboFix.txt which I will need in your next reply.




_______________________________________
Download and install CCleaner from here


If you use either the Firefox or Mozilla browsers, the box to uncheck for Cookies is on the Applications tab, under Firefox/Mozilla.

  • Set Cookie Retention.
    Click on the Options block on the left, then choose Cookies.
    Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane.
  • Reset Temp File Removal for Regular Use.
    Click on the Options block on the left. Select the Advanced button.
    Check "Only delete files in Windows Temp folders older than 48 hours".


    Now run the program and click on Run Cleaner
    ( Do not use the Registry function to clean anything with this program. Having anything auto clean your regisrty is risky).


_________________________________

Using Internet Explorer, please do a Kaspersky Online Scan

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure as follows: [list]
  • Scan using the following Anti-Virus database:
  • Extended
  • Scan Options:[list]
  • Scan Archives
  • Scan Mail Bases

  • Click OK & have it scan My Computer
  • Once the scan is complete, it will provide a report if your system is infected. It does not provide an option to clean/disinfect. We only require a report from it.

Click save report as

Posted Image

[*] Click the Save as Text button to save the file to your desktop and post it in your next reply
Posted Image



Turn off the real time scanner of any existing antivirus program while performing the online scan




_____________________________________
I am curious of some files I see. Did you do a repair or reinstall of XP recently ? Maybe a repair shop did some work for you ?



_________________________
In your next reply I would like to see:
  • A new HJT log
  • The report from ComboFix
  • The report from Kasperskys
  • The uninstall list from HJT
  • How do things seem to be running ?

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

#5 the shed

the shed

    New Member

  • New Member
  • Pip
  • 9 posts

Posted 11 May 2008 - 06:29 AM

WOW that took some time to do,hopefully i did the right thing,my IE seams to be working ok and the answer to your question i did have windows repared but not by me as i share this pc with a friend whos more into it than i am

ComboFix 08-05-09.1 - chris 2008-05-10 18:16:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1118 [GMT 1:00]
Running from: C:\Documents and Settings\chris.CHRIS-LKUOASJQO\desktop\combofix.exe
Command switches used :: /killall
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\GPoUEfhk.ini
C:\WINDOWS\system32\GPoUEfhk.ini2
C:\WINDOWS\system32\sdbnmvsv.dll
C:\WINDOWS\system32\sohnsrjt.ini
C:\WINDOWS\system32\xarhbopg.dll

.
((((((((((((((((((((((((( Files Created from 2008-04-10 to 2008-05-10 )))))))))))))))))))))))))))))))
.

2008-05-10 18:16 . 2008-05-10 18:16 1,024 --ah----- C:\Documents and Settings\Default User.WINDOWS\ntuser.dat.LOG
2008-05-10 08:19 . 2008-05-10 08:19 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-09 10:33 . 2008-05-09 10:33 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-09 10:24 . 2008-05-10 07:37 <DIR> d-------- C:\SDFix
2008-05-09 04:17 . 2008-05-10 08:31 109,858 --a------ C:\WINDOWS\BM430d4379.xml
2008-05-08 16:24 . 2008-05-08 16:24 <DIR> d-------- C:\Program Files\Lonely Cat Games
2008-04-25 22:00 . 2008-04-25 22:00 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\Nokia Multimedia Player
2008-04-25 21:56 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-04-25 21:56 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-04-25 21:55 . 2008-04-25 21:55 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-25 21:55 . 2008-04-25 21:55 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-04-25 21:52 . 2008-04-25 21:57 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\PC Suite
2008-04-25 21:52 . 2008-04-25 22:02 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\Nokia
2008-04-25 21:52 . 2008-04-25 21:52 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Suite
2008-04-25 21:51 . 2008-04-25 21:51 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-04-25 21:51 . 2007-11-29 10:33 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-04-25 21:51 . 2007-11-29 10:39 95,744 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-04-25 21:51 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-04-25 21:51 . 2007-11-29 10:39 19,328 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-04-25 21:51 . 2007-11-29 10:39 16,896 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-04-25 21:51 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-04-25 21:51 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-04-25 21:50 . 2008-05-08 16:58 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Installations
2008-04-25 18:52 . 2007-11-29 10:32 48,128 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-04-24 23:01 . 2008-04-24 23:01 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2008-04-24 23:01 . 2008-04-24 23:01 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\AVS4YOU
2008-04-24 23:01 . 2008-04-24 23:01 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVS4YOU
2008-04-24 23:00 . 2008-04-24 23:01 <DIR> d-------- C:\Program Files\AVS4YOU
2008-04-23 10:33 . 2004-08-04 00:56 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-04-23 10:33 . 2004-08-04 00:56 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-04-19 17:52 . 1996-10-15 18:01 298,496 --a------ C:\WINDOWS\uninst.exe
2008-04-19 17:51 . 2008-04-19 17:51 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\WINDOWS
2008-04-19 17:24 . 2008-05-08 17:00 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-04-18 19:32 . 2008-04-18 19:36 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\Ahead
2008-04-15 17:20 . 2008-04-15 17:20 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Contacts
2008-04-15 17:19 . 2008-04-25 21:52 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-04-14 21:31 . 2008-04-14 21:31 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2008-04-14 21:31 . 2008-04-14 21:30 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-04-14 21:15 . 2008-04-14 21:15 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\LocalLow
2008-04-14 21:15 . 2008-04-14 21:15 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\TVU Networks
2008-04-14 20:17 . 2008-04-14 20:17 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\vlc
2008-04-14 20:06 . 2008-04-14 20:21 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-04-14 20:06 . 2007-02-27 19:36 524,288 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-04-13 21:49 . 2008-04-14 19:45 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\SopCast
2008-04-13 19:44 . 2008-04-13 19:44 376 --a------ C:\WINDOWS\ODBC.INI
2008-04-13 19:43 . 2008-04-13 19:43 <DIR> d-------- C:\WINDOWS\ShellNew
2008-04-13 00:10 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-13 00:10 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-04-13 00:10 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-12 16:47 . 2008-04-17 15:48 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-04-12 16:17 . 2008-04-12 16:17 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\SUPERAntiSpyware.com
2008-04-12 16:17 . 2008-04-12 16:17 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2008-04-12 15:59 . 2008-04-12 15:59 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\scar5
2008-04-12 15:59 . 2008-04-12 15:59 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\scar5
2008-04-12 15:15 . 2008-04-12 15:16 63 --a------ C:\WINDOWS\gvcasinos.ini
2008-04-12 14:50 . 2008-04-12 14:50 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\Lavasoft
2008-04-12 13:17 . 2008-04-12 13:17 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\Any Video Converter
2008-04-12 13:16 . 2008-04-12 13:16 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\DAEMON Tools
2008-04-12 12:33 . 2008-04-12 12:33 <DIR> d-------- C:\Program Files\PowerQuest
2008-04-12 11:36 . 2008-04-12 11:39 36 --a------ C:\WINDOWS\plugSpk.INI
2008-04-12 11:27 . 1998-03-19 01:00 18,432 --a------ C:\WINDOWS\system32\Audiohq.cpl
2008-04-12 11:27 . 1998-03-19 01:00 3,584 --a------ C:\WINDOWS\system32\Ahqcpres.dll
2008-04-12 11:26 . 2008-04-12 11:26 <DIR> d-------- C:\Media
2008-04-12 11:26 . 1999-12-13 01:01 44,032 --a------ C:\WINDOWS\system32\CTSVCCDA.EXE
2008-04-12 11:26 . 1999-11-18 01:00 25,088 --a------ C:\WINDOWS\system32\CTSVCCTL.EXE
2008-04-12 11:24 . 1999-12-17 01:00 6,752 --------- C:\WINDOWS\system32\PfModNT.sys
2008-04-12 11:00 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll
2008-04-12 10:09 . 2008-04-12 10:09 169 --a------ C:\WINDOWS\RtlRack.ini
2008-04-12 10:04 . 2005-06-08 02:31 18,726,912 -ra------ C:\WINDOWS\system32\alsndmgr.cpl
2008-04-12 10:04 . 2005-06-08 02:31 9,389,568 -ra------ C:\WINDOWS\system32\RTLCPL.exe
2008-04-12 10:04 . 2005-06-08 02:31 2,319,680 -ra------ C:\WINDOWS\system32\drivers\alcxwdm.sys
2008-04-12 10:04 . 2005-06-08 02:31 294,912 -ra------ C:\WINDOWS\alcupd.exe
2008-04-12 10:04 . 2005-06-08 02:31 200,704 -ra------ C:\WINDOWS\alcrmv.exe
2008-04-12 10:04 . 2005-06-08 02:31 156,672 -ra------ C:\WINDOWS\system32\RtlCPAPI.dll
2008-04-12 10:04 . 2005-06-08 02:31 141,016 -ra------ C:\WINDOWS\system32\alsndmgr.wav
2008-04-12 10:04 . 2005-06-08 02:31 77,824 -ra------ C:\WINDOWS\soundman.exe
2008-04-12 10:04 . 2005-06-08 02:31 40,960 -ra------ C:\WINDOWS\system32\ChCfg.exe
2008-04-12 10:04 . 2005-06-08 02:31 164 -ra------ C:\WINDOWS\avrack.ini
2008-04-12 07:51 . 2005-04-15 19:58 1,071,088 --------- C:\WINDOWS\system32\MSCOMCTL.OCX
2008-04-12 07:51 . 2004-03-09 16:45 662,288 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
2008-04-12 07:35 . 1999-10-11 02:01 41,984 --a------ C:\WINDOWS\CTREGRUN.EXE
2008-04-12 07:34 . 1998-02-25 03:00 2,259,067 --a------ C:\WINDOWS\system32\DEFAULT.ECW
2008-04-12 07:34 . 1995-01-13 14:10 149,504 --------- C:\WINDOWS\system32\mfcans32.dll
2008-04-12 07:34 . 1995-01-13 14:10 108,032 --------- C:\WINDOWS\system32\mfcuia32.dll
2008-04-12 07:33 . 1999-10-07 02:00 55,808 --a------ C:\WINDOWS\system32\CtMp3.Crl
2008-04-12 07:33 . 2008-04-12 11:28 129 --a------ C:\WINDOWS\SBWIN.INI
2008-04-12 07:32 . 2008-04-12 11:28 <DIR> d-------- C:\Program Files\Creative
2008-04-12 07:32 . 2001-01-31 01:01 307,200 --------- C:\WINDOWS\system32\CtMp3Lib.dll
2008-04-12 07:32 . 2001-01-23 01:05 110,592 --------- C:\WINDOWS\system32\ctmp3io2.dll
2008-04-12 07:32 . 2000-05-30 01:00 12,288 --------- C:\WINDOWS\system32\CTNMSP.crl
2008-04-12 07:32 . 2000-11-20 01:00 6,656 --------- C:\WINDOWS\system32\CTMP3io2.crl
2008-04-12 07:32 . 2008-04-12 10:27 227 --a------ C:\WINDOWS\SYSTEM.I~I
2008-04-12 07:31 . 2008-04-12 07:31 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-04-12 07:31 . 2008-04-12 07:31 <DIR> d-------- C:\WINDOWS\Profiles
2008-04-12 07:31 . 2008-04-12 07:31 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\InterTrust
2008-04-12 07:31 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-04-12 06:23 . 2008-04-12 06:23 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
2008-04-12 06:22 . 2007-07-09 14:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-04-12 06:15 . 2008-04-12 06:15 <DIR> d---s---- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\UserData
2008-04-12 06:10 . 2008-04-12 10:28 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-04-12 06:00 . 2008-04-12 06:00 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\Digital Asphyxia
2008-04-12 06:00 . 2008-04-12 06:00 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Tarma Installer
2008-04-12 06:00 . 2008-04-12 06:00 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Digital Asphyxia
2008-04-12 05:47 . 2008-04-12 05:47 <DIR> dr------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\My Pictures
2008-04-12 05:02 . 2008-04-12 05:02 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\AVG7
2008-04-12 05:02 . 2008-05-10 08:00 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\AVG7
2008-04-12 05:02 . 2008-04-12 05:02 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2008-04-12 05:02 . 2008-04-12 12:16 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7
2008-04-12 05:02 . 2008-04-12 05:02 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-04-10 22:59 . 2008-04-10 22:59 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-04-10 22:53 . 2008-04-10 22:53 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-04-10 22:51 . 2004-08-04 00:56 2,897,920 --------- C:\WINDOWS\system32\xpsp2res.dll
2008-04-10 22:51 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002283_.tmp
2008-04-10 22:50 . 2006-10-08 21:51 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-04-10 22:49 . 2008-04-10 22:49 <DIR> d-------- C:\WINDOWS\EHome
2008-04-10 22:38 . 2008-04-10 22:38 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\ATI
2008-04-10 22:30 . 2008-04-10 22:31 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-04-10 22:30 . 2005-08-05 21:05 516,096 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-04-10 22:29 . 2005-07-11 21:12 524,850 -ra------ C:\WINDOWS\system32\drivers\ativcaxx.cpa
2008-04-10 22:29 . 2005-08-04 07:07 307,200 -ra------ C:\WINDOWS\system32\atiiiexx.dll
2008-04-10 22:29 . 2005-06-10 21:59 95,617 -ra------ C:\WINDOWS\system32\atiicdxx.dat
2008-04-10 22:29 . 2005-06-08 20:45 58,560 -ra------ C:\WINDOWS\system32\drivers\ativckxx.vp
2008-04-10 22:29 . 2005-08-04 07:20 21,712 -ra------ C:\WINDOWS\system32\drivers\ativvpxx.vp
2008-04-10 22:29 . 2005-06-07 08:25 5,496 -ra------ C:\WINDOWS\system32\atifglpf.xml
2008-04-10 22:29 . 2005-07-11 21:12 929 -ra------ C:\WINDOWS\system32\drivers\ativcaxx.vp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-10 04:41 --------- d-----w C:\Program Files\Enigma Software Group
2008-04-26 07:27 --------- d-----w C:\Program Files\Google
2008-04-25 20:51 --------- d-----w C:\Program Files\DIFX
2008-04-24 21:33 --------- d-----w C:\Program Files\AVIConverter
2008-04-23 09:28 --------- d-----w C:\Program Files\Common Files\snpstd
2008-04-17 21:40 --------- d-----w C:\Program Files\BitLord
2008-04-17 14:49 --------- d-----w C:\Program Files\MSN Messenger
2008-04-14 21:04 --------- d-----w C:\Program Files\SopCast
2008-04-14 20:15 --------- d-----w C:\Program Files\TVUPlayer
2008-04-12 15:41 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-04-12 13:50 --------- d-----w C:\Program Files\Lavasoft
2008-04-12 13:44 --------- d-----w C:\Program Files\Evidence Eliminator
2008-04-12 09:04 --------- d-----w C:\Program Files\AvRack
2008-04-12 06:33 --------- d-----w C:\Program Files\Winamp
2008-04-07 17:50 --------- d-----w C:\Program Files\VideoLAN
2008-04-06 18:24 --------- d-----w C:\Program Files\BlazeVideo
2008-04-06 15:05 --------- d-----w C:\Program Files\Any Video Converter
2008-03-29 17:19 --------- d-----w C:\Program Files\Electronic Arts
2008-03-28 22:33 --------- d-----w C:\Program Files\VP3 Codec
2008-03-23 14:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-05 15:03 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll
2008-03-05 15:03 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll
2008-03-05 15:00 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll
2008-03-05 14:56 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 08:59 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C9B442DC-069D-40C5-B0EF-8F8637D4D0F2}]
C:\WINDOWS\system32\khfEUoPG.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE" [2008-04-12 16:41 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 17:02 579584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-12 06:11 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkIYOiI]
jkkIYOiI.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= C:\WINDOWS\system32\ctmp3.acm
"aux"= ctwdm32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk
backup=C:\WINDOWS\pss\ATI CATALYST System Tray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\403e70e5]
C:\WINDOWS\system32\tjrsnhos.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AHQInit]
--a------ 2001-05-10 17:49 102400 C:\Program Files\Creative\SBLive\Program\AHQInit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2005-08-06 01:07 61440 C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioHQ]
--a------ 2001-08-17 17:01 180224 C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM430d4379]
C:\WINDOWS\system32\xarhbopg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-01 22:22 3739648 C:\Program Files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nlbwsefq]
C:\WINDOWS\system32\nlbwsefq.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-04-16 12:53 1079808 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]
--a------ 2003-12-31 17:39 40960 C:\WINDOWS\vsnpstd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
--a------ 2008-01-23 14:47 847872 C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--a------ 2000-05-11 01:00 90112 C:\WINDOWS\Updreg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-02-13 19:29 35328 C:\Program Files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\sopvod.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

S2 kw7v1iboep;DigiCtrl;C:\WINDOWS\system32\nlbwsefq.exe []
S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 15:53]
S3 upperdev;upperdev;C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 10:39]
S3 UsbserFilt;UsbserFilt;C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 10:39]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-10 18:21:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
.
**************************************************************************
.
Completion time: 2008-05-10 18:24:43 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-10 17:24:40
ComboFix2.txt 2007-09-10 09:15:42

Pre-Run: 9,765,261,312 bytes free
Post-Run: 10,154,741,760 bytes free

281 --- E O F --- 2008-04-17 14:55:15

Ad-aware 6 Professional
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Flash Player ActiveX
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI HYDRAVISION
AVG 7.5
AVIConverter 2.0
AVS4YOU Software Navigator 1.2
BitLord 1.1
C-Media WDM Audio Driver
Codec Pack - All In 1 6.0.3.0
Evidence Eliminator
Google Talk (remove only)
HijackThis 2.0.2
K-Lite Codec Pack 3.8.0 Basic
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office XP Professional with FrontPage
Microsoft Visual C++ 2005 Redistributable
MSVC80_x86
Nero 7 Ultra Edition
Nokia Connectivity Cable Driver
Nokia Multimedia Factory
Nokia Multimedia Factory
Nokia PC Suite
Nokia PC Suite
Nokia Video Manager
Nokia Video Manager
PC Connectivity Solution
PowerQuest PartitionMagic 8.0
Realtek AC'97 Audio
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
SopCast 3.0.1
SopCore 1.0.1
Sound Blaster Live!
SpyHunter
TVUPlayer 2.3.6.1
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
USB PC Camera (SN9C102)
VideoLAN VLC media player 0.8.6f
Winamp (remove only)
Windows Driver Package - Nokia Modem (03/05/2008 3.7)
Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Windows Installer 3.1 (KB893803)
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
Y!TunnelBasic 2.5
Yahoo! Messenger

KASPERSKY ONLINE SCANNER REPORT
Sunday, May 11, 2008 12:59:11 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 11/05/2008
Kaspersky Anti-Virus database records: 755482
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan Statistics:
Total number of scanned objects: 78999
Number of viruses found: 15
Number of infected objects: 45
Number of suspicious objects: 2
Duration of the scan process: 01:58:00

Infected Object Name / Virus Name / Last Action
C:\d8fcba42241115be38\msxml4-KB927978-enu.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\017a07ebd161dd5ab4efd6c85108e4b1_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0184f820b049cfbfd6076e6a3f3f2911_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\02419701035d9f80dba1c4bf6e1cc8e5_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\03516f3a77d73881c3b876044498edfe_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\03823dfa0d58837694e4373a60eda4cd_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\052ff99b7849577de55f3d4f106cfa7e_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\06145d895de445d0fe4e9c02cc2f9f8b_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\06415502a5a6b46c222676a72162e109_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\07fd198fbcffa708025aebebc4dfa399_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\07fde2a0bc35412ee01f07dc6d1cdc5c_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0833d92be7e864b806e30a6776dd5e1e_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0a3485a5d986d82391c07aa7256d6d07_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0c2748b066785da12672f01b374aadeb_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0cbf7f092df2a1c1b5b59916f2402c49_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0cd7e87c3c0c76070b2c4ab53a277076_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0d52369e9ef8bade42b56f67db7b6d76_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0e1b219ec9019b9f70942bd0c060a394_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0e221da2a8f767701a7f792df9c5f9fc_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0e957b34dab4cf6aed43ca7b0c0bf3a1_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0f107a5d2d63d0e4c0268053b540d7ec_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0fa444e6ffe10d61f3246993a8c9ec64_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0fe3f855cb4f73da5ed1ee05455ff263_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\14f9f3cf688fac86d9918006869d381f_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\159a4f6b893099bb51a8a0d9e432dee0_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1665d41d18b2bfb0ceedbf367e2455f1_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\17920561c12c4245a83826ca2f9855e7_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\19f0da2d2e62178976d516d0880f7702_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1a70cc454c3a97c99aa6fd16fc8d0e22_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1a87ee7c9b5697ee2754218c16c67210_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1aebb27cb88436df8a1d88e1cee1cb39_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1b16c49f6520e9c783e8c726b5d739cc_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1c2a931504f9e2bd8cc59713ee4b4eaf_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1d6c530c126565d5efeb4aa8ff479e8d_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1d975311b88d424235ee1cba180c4a64_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1e80cc3eafbe9cced4c86aa38863d27b_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1f38bf68feedd8eade995df816d2ce8f_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\212dfc66fbf028e3da29678a70d367bd_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\21b8a1e093bfc2f4453074887bdb1f99_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\24a7bd7ed7d245b5513f8a98ab3d4666_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\258819243d89a4165d9ccbf71ebcedd9_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2717df0435060eb616e80d5fd4ee21e8_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2779b55fc5fff9e3b3a46f5d459e93a7_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\28ed6160d857d646282ee5f6aa2dc93e_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2b37f34480aa848e602b1093236a7a44_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2b9c104584747c1f4277e487c3ff67db_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2cb9c83d38ff8585373efde0b62fb6d1_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2dc999c4c5a263c6f7d23871be8256fd_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2de74a1db67d57b2f3fbf5cf8a1ea196_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2df6d7ef4e1c720fc7ac9f6888e60713_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2f1820d5c5c5fc07653d1e2cc22e1ce6_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2f9551bf8b999ceca2afd4ebc38b494f_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\30509d05663e03115602b3d76014c0f5_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3078ad78b97ea7f4b12d1bb95fff747f_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\30c5e64658988662e8d43133820ee76d_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3125804bec3653e23b8c31339b68ec2e_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3151ab6a8c493f1ee4c124a23188e053_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\318fb632f01c37ea4badb53f9c4e19c6_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\32ead49ae29b6c38c5cd0598fc2e192f_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\33490904b964c74f613d45f0f8c94674_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\33c1c84e58f973adf05237ccf3c6195f_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\351d434a541bccaf3f17db803114f87a_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3546dcb4a83874852997eb397602dd17_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\35e6415bc661787b7cf11901043f6653_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\37478887b38658dad9c2bb8824dd85c7_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3869cbc4d1602d69f504981b11aaed28_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\39b4b6397de75ad253e3830de59781fc_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3a3fdae985787851b7d84e69b37fa909_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3abb32b21e579b01450c5d464b08fc2d_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3b14339954e7b0c05221fd4a8bcaa95d_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3d93096b9efa3e03516e2b4cee1bbf14_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3de4d3468cf6fd02da0bab39275160a5_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3f831a01000f9176e80b4abf3087af95_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4308220f3a1a8a023a31342f012b8583_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\431401fd3c2caa8a9101a10918fb2cae_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\44cf7b26901a195a472b8643f5129914_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\46970046f7af66754b30a6600546ecb0_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\47b9d893d12b02c8e73c91d9a25844ea_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\488806be9c496ae986ddc61202817afe_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4994a72945fd8ab4e1a045eb0ca2ac90_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\49c634b5799085911c87035c0307cf26_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4ada2e2dd7181f11e79e4f9bc05b906d_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4d6cf34f5012affc93b03c86516c6481_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4fc6e2e31035a8012e8f7450f5d04bf3_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5065fc27cfa0518b26c7badd1140bca3_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\50c12b896213cf4dee003b8c66e27335_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5128949ffc9304c773f416d048f5b083_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\514ccd0b06a13483de793710c05d9c9b_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\515c1a4f17b3ebf69d9fa3faca5a8090_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5167102c841268f34ba503ac88118c93_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\518e5df324a20b287c6c50d7edc6a9a4_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\52238f062f7425f1a6e1fc99840f79ce_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\527215a28d8ef8ee6b5479ff4bc6b417_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\53cc4ea536b9532196fb36af6c4863e9_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\55111ef5548c2e8f1c24f9e12703b953_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\554c36ada0e821febec9a6afc32fd8b1_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\568a168b01b81f23b0dc78a5d6cb895f_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\57f0cee1da6a4dc92d649bffc5e4f54e_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5979f245164390f1989712791ee63273_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5ad09f83078c153f41b007d93af67e42_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5ad9963a76165b45d336763dff4ad9ab_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5c6ffd3edfe5fec561422df72d2cbdcf_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5ce4f3baa1dd6b0d48709ffda5d486ff_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5cf1026e8646e2f8675fd262b997fb8a_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5d1d0fea895db13ee457a641ef8107e5_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5ddb5df50f84a9e1aca940eaf329640a_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5e437834f334f08f5be9611143414b65_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5f4dd959bed3cef332dcdf8c386c2023_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\602969d74fd9dfffee779284fb88da5b_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\61cde335fa798de74850be01aacd49c8_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\641107364c70656a716935bae8fc0b85_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6490f8875ffa8278b0d0ceb5662d7842_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\65e64d4a50a6f159e94c5b70612e7b05_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\66283d2726b391717f66afde4914861d_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\665ef82d3dac50ed7b2cb4048e038117_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6783e864bd26f1806ee688acd31482f9_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\68d0ba50ac80f549aec1266eb70f37fd_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6a2e41da7fc56315ecbc75154bb15495_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6b2cb1eeff3871fc6ec588231b922c0e_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6b50d4de81f975bfdd3da2c241fd043e_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6b9c738cbe9f2e33f690360a28da3d43_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6ba3ee27de9843874bef76519e9f33ab_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6be7c73e4401d104446ebb439e1ddf29_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6c1ee331952833f3f71e9032e5faece5_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6c61f7b20e35d5faef26b116828f619f_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6d93ed3ea51c4be272624bb2215c52c3_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6e38d584f41f82bfa8a43e2ff550aa1d_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6ef627d204183b0449157a78b4398243_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\706d13e35ebe6c91c61746442eaf4b42_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\71241001d9a1d1d8ffa65805a0d72dc9_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7292d58bb32abbd0f99421f8e8fc00d0_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\73191381b967120a75e1f7aa22605ebd_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\73b2c1191d097dedb1c6dcda11570600_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\73b532f4a91c9644583fb33f4246cff6_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7492a813b5c9b4d93dfbf5deaa2c0e1c_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\764eed269fd215dd75c57f807dc432f3_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\76cda77dfe3b211fd2d3ebc86ac4e908_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\771628def7b9f5c46084981ee301fc49_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\78b3c90636f46068e67d2eb41c58ac3d_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\79f9cf0591bd1db836d1e70a684ad9d2_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7abce61bc7454c90a530de0af53a793f_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7b08bcb16c4eaf590b8f09cbdb48f294_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7d962971115dfcd253d1776dbe7486b9_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7e94d2e71cc3381ed43f47550fdd8d0b_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\804b12095253fad9a72fd7cb2a0d92a7_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\809abe0d7e37c248613f131c03258fc6_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\81041c663b5dc905801c7370c93c1d94_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8166e07bbc051f04b153b30b954ccf25_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8172b224cceca35f866a3a4e5f8eea1a_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\82d2e85caaaf86ed3feba84201075fab_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\839ccd3329cf48c756c4a86d023b3f41_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\83a949575d460d85fb16f15197a9e82e_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\857f4a8f83376902a81c34ef139cd2db_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\865776e647ea0cf06ee187c38714bec5_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\868e319ade919a2f9d03adbcd217f365_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\86be45da137f000296b4d54938fa98c3_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8801ca5f0033c418dd2c4daf08149c8f_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\88687e829616ccfb1f80c72eb60a8d3b_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\895e2a17e9b3ea86fd4bb601f906ae64_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\898a44eefcefa3881af6943e3dacfdd0_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\89c096c05a0ef69983e2244e9508a7a9_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8a7ae68539ab8d71f727815a6f35f700_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8b1f1ecbfe970fce388a243965561e57_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8b8bfde7b429c85953b88c0ea8d83f5e_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8cad5e25f609d5bc71542e071f1ea8d8_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8cdb04ac754fe9b3f616e5bb457859d5_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8ce61cd0651023279822dc2c15028f02_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8d2249c9f26194e50f77a1def8909892_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8d7c2c190dfec2531d4cd0abc9ab3177_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8e39fc4174c2313921a7a8ba91f907e7_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8fd617d006ee809cc7b0813623f19a54_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8ffcdd52da52002ff170d0284b0e4d2d_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\90361f0a6e08f284c51ccc6e6d7abc80_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\90592f47a72d3569317bb3fb8529b486_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\906c7f21543213337144eb95ed5698c8_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9122f2730ac02f5352c28f942b55ee75_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\925b2df05d3a320929e8170981823d79_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\93a6c4adbbc2df54249a38abcf05ebc3_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\93ecdc480e82f47ec00ba9c08356e3cd_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\98653f2febe021c6e04078156854e2d3_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\991f307e5fdffc6d43bf960ffcc4edeb_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\996159a796d846a46371737804f0a019_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\99d48b0d699ce81598e1e41dd492fc79_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9aa08b3d7cb64ce93a9bf56d26315bca_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9b2f471fa71c91be2269e8ab1a5cfcc8_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9be16a0a3aac3bacadab5da234bb3665_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9c0a9d225b4f5c62b530eb1462ac723b_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9dcf8a7b180c1fd0c0c54b5027e40fe8_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9e43a57b198644cdd6556dcf72b07e7f_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9e5630c95124a26f1853066793bd7a7e_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9e7aeaddf4e215e1fefe7a2d9bf6ec00_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9ef334f4bb16203379a698bbc7a4b7db_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9f8978e200cafb70eee29f1263a0021b_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a0fc10c059a5a637f51bb8be20874467_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a3b578937194183f75626861679557e6_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a4ca15e2168630e10eeb632ea587a75c_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a4eed796ba1ce0a193a29ab5a0f256ef_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a4f156ab80f5af17d1cabf8643b6a874_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a50632bbc710a01f924004c339180311_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a53d587ab1da3744b1a9cccb151ffb1b_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a8eeca05b05c2e6322c02b8bec73f5a2_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a9a10acc7c136c0a0a99f27c20e20695_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ab2f79b25bd80629d97341fb2b50b05c_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ad503a56e36d220c944c83274dad318d_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ae71bfb2e10f25ff661a010e1422dc84_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\af220ab533478e4366177640991e50cf_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b01f15423a4b167d83ef6d522694d935_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b0e721cf1cb037031dc0a0557217f447_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b2a6d400577448a05724fc95042bce18_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b3bf5a47cf2641a573fd39ff06645fff_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b7662377854e24788c2fd12ec2f35250_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b7ef22eed6651beb42219f36217a8d4e_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ba63b1d810fa4cb310f62d1d58009381_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ba8cbc3a9fe1d9e2670b63cf3722e302_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bbf7fe325e444c6a071fd00c04364c64_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bc08d14b14cc36aee6cc4c332b24e2e6_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bc0a11348578a627071dcb09aebdb487_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bcbe52cbf462b40e0fc49e06dac532f6_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bd1411f12345b2ada670a60b9f8e9ca4_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bd4bd27a806535ce38f23b93afab95fa_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bd60c8f3bd84963a09549ec9ce171c04_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bed763f83f59e29e6b0262eaf4ed2fe8_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c01c1280781a58fbf57b493c4e750d15_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c29763198fadec42d771c2f1c432f720_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c2b963a15712dc95c15384d29cf29b2f_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c2c233f8d9bce5d4bf81fb490748a86a_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c40adf72d6241856628a272d7f3f246c_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c425291d779756bdc499440c878d9337_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c84e1668d2f57f02c9cb0e7eaadd4294_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c85a8006b09d13e252070370441c0017_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c8916ccaadf29015b009123e841aa2a1_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c8a8e4485c7fc86ae72f0e855baff5c5_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c8f1a06d9538fdb52386b36b16d69ffd_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cce1e40f360d3d352aec933033ad9fc0_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cd478a279cd7bfe38d5daba5fdcf23fa_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cfb4a98764903013acbde7f916058310_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cfba95bfdeddaee883124bf96797ffcd_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d2a6ab5e1c6c423926da30b81cbd5bd3_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d35013f1715473bd0d5067018f7f360b_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d4894ab038e779d441a86faca33e322a_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d580d04870926282020734d5d5971cc9_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d59f769dab831be0a4ffa283fd6eed1e_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d5f846525336d6fed031fb0bbca1c7a8_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d60742583020b897f48fee00a23c6c99_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d60dc558b5f00a7a981a21f4398aad9a_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d65c623609150c440791301cb6fe28ff_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d8a142b4d229b11133d8c949260c881b_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d99497895dfb6f9e4646078303520259_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d9e1eb7cf95cb24a0e242401af266d47_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\daf5cced54cc509fbee58e07d53adb09_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\db33bba8be2ef6bf58ae0f28ed7884fd_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\db5911e63f267f85c9cfda90d100d9be_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\db8e99e12e69da8c98b1c937042a32ca_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dbf8ccdd8656615f11ecf5efc320b43c_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dd5f343928122d1deb4da92c5b51013a_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dee19b8c24d4da0e38075042b4b1e8a9_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\df05bda551775535492fede2fb13735c_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e0d0714d4e19b139cb2c9029b766c71c_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e23d9a7de35e57d255f844b30d06f0fc_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e4cf0ae46f75c4fd7aa0c30cd4530bf4_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e57aad2b96111fde7702a6b12b2e267d_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e6a5706c8e88928a5054af451b3a4cd3_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e6eae92c44452a49bab9136627f0400f_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e736e0610ff1cef66f95905f1861eace_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e8788e9b10806460aa61c8e0f2b1eb5c_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e8e5fee29634a10332cee4cf309b3017_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e94cb43138bddadfbc7f24638e9986ea_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e96fefc711c7230f234ff96b379a4809_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ea28c32e2f9488b93559aa2bf49abb7c_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ea48d9c5dfd95e5283c930421f33a80b_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ea97e534247145d7416de9fd9e64a6c3_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\eb90cfcaf64b826b992d49374d701572_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\eb911b5af5338f2ce4a0729515587f43_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ebebc2881951cc5d9547552aa47899bc_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ec727fbd8d26d5d82c109e92308d942d_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ed776666bb0ce5ccc61fa8e2e3530be6_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\eda01595b1453247b361c382104002e4_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\edf00232067a6e0fc4b567bdf624d227_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\eed600bcb2bbd952befe27ab84e3a963_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\efd2e60c5f9d775e326030aa4d77a342_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f070ad4b378f84af2e6159ec8ed72f9f_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f1bf0b79530e4804f221b6f7b0f61112_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f20cb932675b0d304d1bd4840131f8a8_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f38b115be1765cbf7194473a87ffa590_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f3931f60d1026039ed9e190677c5958c_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f3b87eefc5b1ff3ebc81dc34ef1d2b13_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f3f127c2ccb32979679697483df58f03_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f4444e8639bcd912f3fd34e6c21d107d_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f68872d7446f073bd14fceb851515975_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f8b3a3bb52499c056e3d3c27c63e552a_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f8c3a1c9366753e152549f0ac41e52d9_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fa772a431010fe10b70952f89510ef15_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fc027cf8b4e729625f875b3070947d51_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fcf36ae13ca71e5a1581e5c43505cdd3_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fe096716456584883f110149da482d25_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ffbac5e064f5498d73313fa8460d353d_2f974239-8e90-411c-a9af-f0e5d5ebef04 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-5-11-2008( 5-6-47 ).LOG Object is locked skipped
C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Local Settings\History\History.IE5\MSHist012008051120080512\index.dat Object is locked skipped
C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\chris.CHRIS-LKUOASJQO\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\chris.CHRIS-LKUOASJQO\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\chris.CHRIS-LKUOASJQO\UserData\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\billing_chris.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\client_chris.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\network_chris.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{50230C72-B5F1-48C0-997E-C17EA8A184B1}\RP13\A0006184.msi/_AB18C1B2C08CDE35AFB57346A4551D9A/_255311685EC0439E9B51F19CA2877AB9 Infected: Trojan-Downloader.Win32.Zlob.meq skipped
C:\System Volume Information\_restore{50230C72-B5F1-48C0-997E-C17EA8A184B1}\RP13\A0006184.msi/_AB18C1B2C08CDE35AFB57346A4551D9A Infected: Trojan-Downloader.Win32.Zlob.meq skipped
C:\System Volume Information\_restore{50230C72-B5F1-48C0-997E-C17EA8A184B1}\RP13\A0006184.msi Embedded: infected - 2 skipped
C:\System Volume Information\_restore{50230C72-B5F1-48C0-997E-C17EA8A184B1}\RP13\A0006511.exe/data0011 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\System Volume Information\_restore{50230C72-B5F1-48C0-997E-C17EA8A184B1}\RP13\A0006511.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{50230C72-B5F1-48C0-997E-C17EA8A184B1}\RP30\A0008051.com Object is locked skipped
C:\System Volume Information\_restore{50230C72-B5F1-48C0-997E-C17EA8A184B1}\RP30\A0008052.com Object is locked skipped
C:\System Volume Information\_restore{50230C72-B5F1-48C0-997E-C17EA8A184B1}\RP50\A0009424.dll Object is locked skipped
C:\System Volume Information\_restore{50230C72-B5F1-48C0-997E-C17EA8A184B1}\RP50\A0009601.exe Object is locked skipped
C:\System Volume Information\_restore{50230C72-B5F1-48C0-997E-C17EA8A184B1}\RP54\A0009966.dll Object is locked skipped
C:\System Volume Information\_restore{50230C72-B5F1-48C0-997E-C17EA8A184B1}\RP54\A0009987.dll Object is locked skipped
C:\System Volume Information\_restore{50230C72-B5F1-48C0-997E-C17EA8A184B1}\RP55\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{810A6E5D-B79E-448E-9D7B-ACAC7475902D}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
H:\backup\Yahoo-Message-Archive-Decoder-Setup.exe/stream/data0012 Infected: not-a-virus:PSWTool.Win32.Yahoo.c skipped
H:\backup\Yahoo-Message-Archive-Decoder-Setup.exe/stream Infected: not-a-virus:PSWTool.Win32.Yahoo.c skipped
H:\backup\Yahoo-Message-Archive-Decoder-Setup.exe NSIS: infected - 2 skipped
H:\en\WinZix-2.2.0.0-setup-0514.exe/file01 Infected: not-a-virus:FraudTool.Win32.WinZix.b skipped
H:\en\WinZix-2.2.0.0-setup-0514.exe/file02 Infected: not-a-virus:FraudTool.Win32.WinZix.a skipped
H:\en\WinZix-2.2.0.0-setup-0514.exe/file14 Infected: Trojan.Win32.Obfuscated.en skipped
H:\en\WinZix-2.2.0.0-setup-0514.exe Inno: infected - 3 skipped
H:\nokia\samsung unlocker by yaren v1.1.zip/samsung unlocker by yaren v1.1.exe Suspicious: Password-protected-EXE skipped
H:\nokia\samsung unlocker by yaren v1.1.zip ZIP: suspicious - 1 skipped
H:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
H:\System Volume Information\_restore{50230C72-B5F1-48C0-997E-C17EA8A184B1}\RP13\A0005846.exe/file9 Infected: Trojan.Win32.Obfuscated.en skipped
H:\System Volume Information\_restore{50230C72-B5F1-48C0-997E-C17EA8A184B1}\RP13\A0005846.exe Inno: infected - 1 skipped
H:\System Volume Information\_restore{50230C72-B5F1-48C0-997E-C17EA8A184B1}\RP13\A0005861.exe/file14 Infected: Trojan-Clicker.Win32.Small.qs skipped
H:\System Volume Information\_restore{50230C72-B5F1-48C0-997E-C17EA8A184B1}\RP13\A0005861.exe Inno: infected - 1 skipped
H:\System Volume Information\_restore{50230C72-B5F1-48C0-997E-C17EA8A184B1}\RP13\A0005863.exe Infected: not-a-virus:Downloader.Win32.Agent.h skipped
H:\System Volume Information\_restore{50230C72-B5F1-48C0-997E-C17EA8A184B1}\RP13\A0005869.exe/data0000.cab/start.exe/data0000.cab/isys32.exe Infected: Trojan-Downloader.Win32.Agent.cad skipped
H:\System Volume Information\_restore{50230C72-B5F1-48C0-997E-C17EA8A184B1}\RP13\A0005869.exe/data0000.cab/start.exe/data0000.cab Infected: Trojan-Downloader.Win32.Agent.cad skipped
H:\System Volume Information\_restore{50230C72-B5F1-48C0-997E-C17EA8A184B1}\RP13\A0005869.exe/data0000.cab/start.exe Infected: Trojan-Downloader.Win32.Agent.cad skipped
H:\System Volume Information\_restore{50230C72-B5F1-48C0-997E-C17EA8A184B1}\RP13\A0005869.exe/data0000.cab Infected: Trojan-Downloader.Win32.Agent.cad skipped
H:\System Volume Information\_restore{50230C72-B5F1-48C0-997E-C17EA8A184B1}\RP13\A0005869.exe Rsrc-Package: infected - 4 skipped
H:\System Volume Information\_restore{50230C72-B5F1-48C0-997E-C17EA8A184B1}\RP13\A0005893.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
H:\System Volume Information\_restore{50230C72-B5F1-48C0-997E-C17EA8A184B1}\RP13\A0005944.EXE Infected: not-a-virus:FraudTool.Win32.SpywareDetector.d skipped
H:\System Volume Information\_restore{50230C72-B5F1-48C0-997E-C17EA8A184B1}\RP55\change.log Object is locked skipped
K:\downloads\SmartMovie.Converter.v3.40.WinAll.Cracked\Setup.exe/data0000.cab/is152948.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.qon skipped
K:\downloads\SmartMovie.Converter.v3.40.WinAll.Cracked\Setup.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Virtumonde.qon skipped
K:\downloads\SmartMovie.Converter.v3.40.WinAll.Cracked\Setup.exe Rsrc-Package: infected - 2 skipped
K:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
K:\System Volume Information\_restore{50230C72-B5F1-48C0-997E-C17EA8A184B1}\RP54\A0010009.EXE/data0000.cab/JOHNMI~1.EXE Infected: Trojan.Win32.Pakes.cgn skipped
K:\System Volume Information\_restore{50230C72-B5F1-48C0-997E-C17EA8A184B1}\RP54\A0010009.EXE/data0000.cab Infected: Trojan.Win32.Pakes.cgn skipped
K:\System Volume Information\_restore{50230C72-B5F1-48C0-997E-C17EA8A184B1}\RP54\A0010009.EXE Rsrc-Package: infected - 2 skipped
K:\System Volume Information\_restore{50230C72-B5F1-48C0-997E-C17EA8A184B1}\RP55\change.log Object is locked skipped
K:\torrents\3wPlayer-1.0.0.3-setup-0590.exe/file9 Infected: Trojan.Win32.Obfuscated.en skipped
K:\torrents\3wPlayer-1.0.0.3-setup-0590.exe Inno: infected - 1 skipped
K:\torrents\Cyberlink Power DVD Deluxe with Key generator.zip/Cyberlink PowerDVD Deluxe + Keygen/Cyberlink PowerDVD Deluxe v6.0.0.2023.zip/Cyberlink PowerDVD Deluxe v6.0.0.2023/keygen.exe Infected: not-a-virus:AdWare.Win32.WinAD.bt skipped
K:\torrents\Cyberlink Power DVD Deluxe with Key generator.zip/Cyberlink PowerDVD Deluxe + Keygen/Cyberlink PowerDVD Deluxe v6.0.0.2023.zip Infected: not-a-virus:AdWare.Win32.WinAD.bt skipped
K:\torrents\Cyberlink Power DVD Deluxe with Key generator.zip ZIP: infected - 2 skipped
K:\torrents\Illysoft Spy NO More Garanteed Removal\SpyNoMore - Guaranteed Spyware Removal.EXE Infected: not-a-virus:FraudTool.Win32.SpywareDetector.d skipped
K:\torrents\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
K:\torrents\sspsetup1_1866802807.exe/file14 Infected: Trojan-Clicker.Win32.Small.qs skipped
K:\torrents\sspsetup1_1866802807.exe Inno: infected - 1 skipped
K:\torrents\WarezP2P_ADR.exe Infected: not-a-virus:Downloader.Win32.Agent.h skipped
K:\torrents\Winamp 5.35_ Pro + Keygen\winamp533_pro.exe/data0000.cab/start.exe/data0000.cab/isys32.exe Infected: Trojan-Downloader.Win32.Agent.cad skipped
K:\torrents\Winamp 5.35_ Pro + Keygen\winamp533_pro.exe/data0000.cab/start.exe/data0000.cab Infected: Trojan-Downloader.Win32.Agent.cad skipped
K:\torrents\Winamp 5.35_ Pro + Keygen\winamp533_pro.exe/data0000.cab/start.exe Infected: Trojan-Downloader.Win32.Agent.cad skipped
K:\torrents\Winamp 5.35_ Pro + Keygen\winamp533_pro.exe/data0000.cab Infected: Trojan-Downloader.Win32.Agent.cad skipped
K:\torrents\Winamp 5.35_ Pro + Keygen\winamp533_pro.exe Rsrc-Package: infected - 4 skipped

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:06, on 2008-05-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\yahoomessenger.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DigiCtrl (kw7v1iboep) - Unknown owner - C:\WINDOWS\system32\nlbwsefq.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

many thanks

#6 bob4

bob4

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,205 posts

Posted 11 May 2008 - 03:15 PM

I need you to redo combo fix by using notepad as I desribed before.
This shows me you used the combofix /kill all. and it wasn't able to clean some Files I asked to.

C:\Documents and Settings\chris.CHRIS-LKUOASJQO\desktop\combofix.exe



It should have read this.
C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Desktop\CFscript.txt
Command switches used ::CFscript.txt


I'll redo it here. There was alot to do. :pullhair:


________________________________________
Open notepad and copy/paste the text in the quotebox below into it:


Killall::

File::
C:\WINDOWS\system32\khfEUoPG.dll
C:\WINDOWS\system32\tjrsnhos.dll
C:\WINDOWS\system32\xarhbopg.dll
C:\WINDOWS\system32\nlbwsefq.exe



Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\403e70e5]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C9B442DC-069D-40C5-B0EF-8F8637D4D0F2}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkIYOiI]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM430d4379]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nlbwsefq]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C9B442DC-069D-40C5-B0EF-8F8637D4D0F2}]


NOTE: This script was done for this user specifically.
DO NOT ATTEMPT TO USE IT IF YOU ARE NOT THIS USER
YOU WILL HURT THE WORKINGS OF YOUR COMPUTER !!
.

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:ComboFix.txt which I will need in your next reply.

Edited by bob4, 11 May 2008 - 03:15 PM.

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

#7 the shed

the shed

    New Member

  • New Member
  • Pip
  • 9 posts

Posted 11 May 2008 - 09:45 PM

:smack: sorry if i'm driving you mad i think this is what your after?

2007-07-11 20:52 1112339 --a------ C:\Qoobox\Quarantine\C\WINDOWS\pack.epk.vir
2007-07-11 20:52 22 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\nvs2.inf.vir
2007-09-08 18:14 275425 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\qccmwfjmvh_nav.dat.vir
2007-09-10 04:23 801 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\qccmwfjmvh_navps.dat.vir
2007-09-10 04:23 8353 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\qccmwfjmvh.dat.vir
2008-05-09 04:17 99904 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\xarhbopg.dll.vir
2008-05-09 07:20 375593 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\GPoUEfhk.ini2.vir
2008-05-09 07:23 375593 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\GPoUEfhk.ini.vir
2008-05-09 07:25 1507170 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\sohnsrjt.ini.vir
2008-05-10 07:40 21 --a------ C:\Qoobox\Quarantine\C\WINDOWS\pskt.ini.vir
2008-05-12 04:23 162 --a------ C:\Qoobox\Quarantine\catchme.log

ComboFix 08-05-09.1 - chris 2008-05-12 4:21:50.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1132 [GMT 1:00]
Running from: C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\khfEUoPG.dll
C:\WINDOWS\system32\nlbwsefq.exe
C:\WINDOWS\system32\tjrsnhos.dll
C:\WINDOWS\system32\xarhbopg.dll
.

((((((((((((((((((((((((( Files Created from 2008-04-12 to 2008-05-12 )))))))))))))))))))))))))))))))
.

2008-05-12 03:27 . 2008-05-12 03:27 <DIR> d-------- C:\WINDOWS\Sun
2008-05-12 03:27 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-11 05:24 . 2008-05-11 05:24 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-11 05:24 . 2008-05-11 05:24 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-05-10 18:16 . 2008-05-10 18:16 1,024 --ah----- C:\Documents and Settings\Default User.WINDOWS\ntuser.dat.LOG
2008-05-10 08:19 . 2008-05-10 08:19 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-09 10:33 . 2008-05-09 10:33 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-09 10:24 . 2008-05-10 07:37 <DIR> d-------- C:\SDFix
2008-05-09 04:17 . 2008-05-10 08:31 109,858 --a------ C:\WINDOWS\BM430d4379.xml
2008-04-25 22:00 . 2008-04-25 22:00 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\Nokia Multimedia Player
2008-04-25 21:56 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-04-25 21:56 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-04-25 21:55 . 2008-04-25 21:55 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-25 21:55 . 2008-04-25 21:55 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-04-25 21:52 . 2008-04-25 21:57 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\PC Suite
2008-04-25 21:52 . 2008-04-25 22:02 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\Nokia
2008-04-25 21:52 . 2008-04-25 21:52 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Suite
2008-04-25 21:51 . 2008-04-25 21:51 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-04-25 21:51 . 2007-11-29 10:33 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-04-25 21:51 . 2007-11-29 10:39 95,744 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-04-25 21:51 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-04-25 21:51 . 2007-11-29 10:39 19,328 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-04-25 21:51 . 2007-11-29 10:39 16,896 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-04-25 21:51 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-04-25 21:51 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-04-25 21:50 . 2008-05-08 16:58 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Installations
2008-04-25 18:52 . 2007-11-29 10:32 48,128 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-04-24 23:01 . 2008-05-10 19:17 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2008-04-24 23:01 . 2008-04-24 23:01 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\AVS4YOU
2008-04-24 23:01 . 2008-04-24 23:01 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVS4YOU
2008-04-24 23:00 . 2008-05-10 19:17 <DIR> d-------- C:\Program Files\AVS4YOU
2008-04-23 10:33 . 2004-08-04 00:56 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-04-23 10:33 . 2004-08-04 00:56 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-04-19 17:52 . 1996-10-15 18:01 298,496 --a------ C:\WINDOWS\uninst.exe
2008-04-19 17:51 . 2008-04-19 17:51 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\WINDOWS
2008-04-19 17:24 . 2008-05-08 17:00 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-04-18 19:32 . 2008-04-18 19:36 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\Ahead
2008-04-15 17:20 . 2008-04-15 17:20 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Contacts
2008-04-15 17:19 . 2008-04-25 21:52 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-04-14 21:31 . 2008-05-10 19:45 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2008-04-14 21:31 . 2008-05-10 19:44 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-04-14 21:15 . 2008-04-14 21:15 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\LocalLow
2008-04-14 21:15 . 2008-04-14 21:15 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\TVU Networks
2008-04-14 20:17 . 2008-04-14 20:17 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\vlc
2008-04-14 20:06 . 2008-04-14 20:21 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-04-14 20:06 . 2007-02-27 19:36 524,288 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-04-13 21:49 . 2008-04-14 19:45 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\SopCast
2008-04-13 19:44 . 2008-04-13 19:44 376 --a------ C:\WINDOWS\ODBC.INI
2008-04-13 19:43 . 2008-04-13 19:43 <DIR> d-------- C:\WINDOWS\ShellNew
2008-04-13 00:10 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-13 00:10 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-04-13 00:10 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-12 16:47 . 2008-04-17 15:48 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-04-12 16:17 . 2008-04-12 16:17 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\SUPERAntiSpyware.com
2008-04-12 16:17 . 2008-04-12 16:17 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2008-04-12 15:59 . 2008-04-12 15:59 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\scar5
2008-04-12 15:59 . 2008-04-12 15:59 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\scar5
2008-04-12 15:15 . 2008-04-12 15:16 63 --a------ C:\WINDOWS\gvcasinos.ini
2008-04-12 14:50 . 2008-04-12 14:50 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\Lavasoft
2008-04-12 13:17 . 2008-04-12 13:17 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\Any Video Converter
2008-04-12 13:16 . 2008-04-12 13:16 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\DAEMON Tools
2008-04-12 12:33 . 2008-04-12 12:33 <DIR> d-------- C:\Program Files\PowerQuest
2008-04-12 11:36 . 2008-04-12 11:39 36 --a------ C:\WINDOWS\plugSpk.INI
2008-04-12 11:27 . 1998-03-19 01:00 18,432 --a------ C:\WINDOWS\system32\Audiohq.cpl
2008-04-12 11:27 . 1998-03-19 01:00 3,584 --a------ C:\WINDOWS\system32\Ahqcpres.dll
2008-04-12 11:26 . 2008-04-12 11:26 <DIR> d-------- C:\Media
2008-04-12 11:26 . 1999-12-13 01:01 44,032 --a------ C:\WINDOWS\system32\CTSVCCDA.EXE
2008-04-12 11:26 . 1999-11-18 01:00 25,088 --a------ C:\WINDOWS\system32\CTSVCCTL.EXE
2008-04-12 11:24 . 1999-12-17 01:00 6,752 --------- C:\WINDOWS\system32\PfModNT.sys
2008-04-12 11:00 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll
2008-04-12 10:09 . 2008-04-12 10:09 169 --a------ C:\WINDOWS\RtlRack.ini
2008-04-12 10:04 . 2005-06-08 02:31 18,726,912 -ra------ C:\WINDOWS\system32\alsndmgr.cpl
2008-04-12 10:04 . 2005-06-08 02:31 9,389,568 -ra------ C:\WINDOWS\system32\RTLCPL.exe
2008-04-12 10:04 . 2005-06-08 02:31 2,319,680 -ra------ C:\WINDOWS\system32\drivers\alcxwdm.sys
2008-04-12 10:04 . 2005-06-08 02:31 294,912 -ra------ C:\WINDOWS\alcupd.exe
2008-04-12 10:04 . 2005-06-08 02:31 200,704 -ra------ C:\WINDOWS\alcrmv.exe
2008-04-12 10:04 . 2005-06-08 02:31 156,672 -ra------ C:\WINDOWS\system32\RtlCPAPI.dll
2008-04-12 10:04 . 2005-06-08 02:31 141,016 -ra------ C:\WINDOWS\system32\alsndmgr.wav
2008-04-12 10:04 . 2005-06-08 02:31 77,824 -ra------ C:\WINDOWS\soundman.exe
2008-04-12 10:04 . 2005-06-08 02:31 40,960 -ra------ C:\WINDOWS\system32\ChCfg.exe
2008-04-12 10:04 . 2005-06-08 02:31 164 -ra------ C:\WINDOWS\avrack.ini
2008-04-12 07:51 . 2005-04-15 19:58 1,071,088 --------- C:\WINDOWS\system32\MSCOMCTL.OCX
2008-04-12 07:51 . 2004-03-09 16:45 662,288 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
2008-04-12 07:35 . 1999-10-11 02:01 41,984 --a------ C:\WINDOWS\CTREGRUN.EXE
2008-04-12 07:34 . 1998-02-25 03:00 2,259,067 --a------ C:\WINDOWS\system32\DEFAULT.ECW
2008-04-12 07:34 . 1995-01-13 14:10 149,504 --------- C:\WINDOWS\system32\mfcans32.dll
2008-04-12 07:34 . 1995-01-13 14:10 108,032 --------- C:\WINDOWS\system32\mfcuia32.dll
2008-04-12 07:33 . 1999-10-07 02:00 55,808 --a------ C:\WINDOWS\system32\CtMp3.Crl
2008-04-12 07:33 . 2008-04-12 11:28 129 --a------ C:\WINDOWS\SBWIN.INI
2008-04-12 07:32 . 2008-04-12 11:28 <DIR> d-------- C:\Program Files\Creative
2008-04-12 07:32 . 2001-01-31 01:01 307,200 --------- C:\WINDOWS\system32\CtMp3Lib.dll
2008-04-12 07:32 . 2001-01-23 01:05 110,592 --------- C:\WINDOWS\system32\ctmp3io2.dll
2008-04-12 07:32 . 2000-05-30 01:00 12,288 --------- C:\WINDOWS\system32\CTNMSP.crl
2008-04-12 07:32 . 2000-11-20 01:00 6,656 --------- C:\WINDOWS\system32\CTMP3io2.crl
2008-04-12 07:32 . 2008-04-12 10:27 227 --a------ C:\WINDOWS\SYSTEM.I~I
2008-04-12 07:31 . 2008-04-12 07:31 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-04-12 07:31 . 2008-04-12 07:31 <DIR> d-------- C:\WINDOWS\Profiles
2008-04-12 07:31 . 2008-04-12 07:31 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\InterTrust
2008-04-12 07:31 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-04-12 06:23 . 2008-04-12 06:23 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
2008-04-12 06:22 . 2007-07-09 14:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-04-12 06:15 . 2008-04-12 06:15 <DIR> d---s---- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\UserData
2008-04-12 06:10 . 2008-04-12 10:28 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-04-12 06:00 . 2008-04-12 06:00 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\Digital Asphyxia
2008-04-12 06:00 . 2008-04-12 06:00 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Tarma Installer
2008-04-12 06:00 . 2008-04-12 06:00 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Digital Asphyxia
2008-04-12 05:47 . 2008-04-12 05:47 <DIR> dr------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\My Pictures
2008-04-12 05:02 . 2008-04-12 05:02 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\AVG7
2008-04-12 05:02 . 2008-05-11 08:00 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\AVG7
2008-04-12 05:02 . 2008-04-12 05:02 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2008-04-12 05:02 . 2008-04-12 12:16 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7
2008-04-12 05:02 . 2008-04-12 05:02 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-12 02:27 --------- d-----w C:\Program Files\Java
2008-05-10 04:41 --------- d-----w C:\Program Files\Enigma Software Group
2008-04-26 07:27 --------- d-----w C:\Program Files\Google
2008-04-25 20:51 --------- d-----w C:\Program Files\DIFX
2008-04-24 21:33 --------- d-----w C:\Program Files\AVIConverter
2008-04-23 09:28 --------- d-----w C:\Program Files\Common Files\snpstd
2008-04-17 21:40 --------- d-----w C:\Program Files\BitLord
2008-04-17 14:49 --------- d-----w C:\Program Files\MSN Messenger
2008-04-14 21:04 --------- d-----w C:\Program Files\SopCast
2008-04-14 20:15 --------- d-----w C:\Program Files\TVUPlayer
2008-04-12 15:41 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-04-12 13:50 --------- d-----w C:\Program Files\Lavasoft
2008-04-12 13:44 --------- d-----w C:\Program Files\Evidence Eliminator
2008-04-12 09:04 --------- d-----w C:\Program Files\AvRack
2008-04-12 06:33 --------- d-----w C:\Program Files\Winamp
2008-04-10 21:38 --------- d-----w C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\ATI
2008-04-07 17:50 --------- d-----w C:\Program Files\VideoLAN
2008-04-06 18:24 --------- d-----w C:\Program Files\BlazeVideo
2008-04-06 15:05 --------- d-----w C:\Program Files\Any Video Converter
2008-03-29 17:19 --------- d-----w C:\Program Files\Electronic Arts
2008-03-28 22:33 --------- d-----w C:\Program Files\VP3 Codec
2008-03-23 14:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-05 15:03 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll
2008-03-05 15:03 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll
2008-03-05 15:00 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll
2008-03-05 14:56 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 08:59 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((( snapshot@2008-05-10_18.24.31.98 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-10 17:21:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-12 03:25:48 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-02-22 00:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-02-22 00:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-02-22 01:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2005-05-24 11:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 14:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 14:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2002-11-18 13:02:58 40,960 ----a-w C:\WINDOWS\system32\MMAVILNG.exe
+ 2002-11-15 10:11:28 77,824 ----a-w C:\WINDOWS\system32\MMSwitch.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE" [2008-04-12 16:41 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 17:02 579584]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-12 06:11 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= C:\WINDOWS\system32\ctmp3.acm
"aux"= ctwdm32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk
backup=C:\WINDOWS\pss\ATI CATALYST System Tray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AHQInit]
--a------ 2001-05-10 17:49 102400 C:\Program Files\Creative\SBLive\Program\AHQInit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2005-08-06 01:07 61440 C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioHQ]
--a------ 2001-08-17 17:01 180224 C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-01 22:22 3739648 C:\Program Files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-04-16 12:53 1079808 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]
--a------ 2003-12-31 17:39 40960 C:\WINDOWS\vsnpstd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
--a------ 2008-01-23 14:47 847872 C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--a------ 2000-05-11 01:00 90112 C:\WINDOWS\Updreg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-02-13 19:29 35328 C:\Program Files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\sopvod.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

S2 kw7v1iboep;DigiCtrl;C:\WINDOWS\system32\nlbwsefq.exe []
S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 15:53]
S3 upperdev;upperdev;C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 10:39]
S3 UsbserFilt;UsbserFilt;C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 10:39]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-12 04:26:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
.
**************************************************************************
.
Completion time: 2008-05-12 4:29:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-12 03:29:39
ComboFix2.txt 2008-05-11 04:10:23
ComboFix3.txt 2008-05-10 17:24:44
ComboFix4.txt 2007-09-10 09:15:42

Pre-Run: 10,002,128,896 bytes free
Post-Run: 10,027,171,840 bytes free

272 --- E O F --- 2008-04-17 14:55:15

#8 bob4

bob4

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,205 posts

Posted 12 May 2008 - 05:40 AM

Your Kasperskys scan has shown me what I had been suspicious of.
Bittorent files and any other Peer to peer programs for that matter.

A majority of infected computers have some sort of file sharing program and is where many get infected.
It's not the program so much as it is the garbage that gets downloaded with them. Please do not use this program untll I have you all clean.
I would give some thought to not using such
a program as it leaves you wide open for infections such as this one and much worse. Many people have had to reformat computers because of infections.
If you need software pay for it. B)




_____________________________
Submit a file to Jotti
Please go here : http://virusscan.jotti.org/
On top of the page there is a field to add the filepath, copy and paste these filepaths: 1 at a time.


C:\WINDOWS\system32\nlbwsefq.exe


Then hit Submit
The scan will take a while before the result comes up so please be patient.
Then copy the result and post it here in this thread.

If Jotti's service load is too high, you can use the following scanner instead:
http://www.virustota...l/index_en.html





________________________________________
Open notepad and copy/paste the text in the quotebox below into it:

File:: 
H:\backup\Yahoo-Message-Archive-Decoder-Setup.exe
H:\en\WinZix-2.2.0.0-setup-0514.exe
K:\downloads\SmartMovie.Converter.v3.40.WinAll.Cracked\Setup.exe
K:\torrents\3wPlayer-1.0.0.3-setup-0590.exe
K:\torrents\Cyberlink Power DVD Deluxe with Key generator.zip
K:\torrents\sspsetup1_1866802807.exe
K:\torrents\WarezP2P_ADR.exe
K:\torrents\sspsetup1_1866802807.exe
K:\torrents\3wPlayer-1.0.0.3-setup-0590.exe
H:\en\WinZix-2.2.0.0-setup-0514.exe
Folder:: 
K:\torrents\Winamp 5.35_ Pro + Keygen
K:\torrents\Illysoft Spy NO More Garanteed Removal
K:\torrents\SmitfraudFix
K:\torrents\Cyberlink Power DVD Deluxe with Key generator.zip


NOTE: This script was done for this user specifically.
DO NOT ATTEMPT TO USE IT IF YOU ARE NOT THIS USER
YOU WILL HURT THE WORKINGS OF YOUR COMPUTER !!
.

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:ComboFix.txt which I will need in your next reply.




_________________________
In your next reply I would like to see:
  • A new HJT log combo Fix
  • The report from Jottis/Virus total

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

#9 the shed

the shed

    New Member

  • New Member
  • Pip
  • 9 posts

Posted 12 May 2008 - 11:24 PM

Ah i see, :angry: downloading software,words will be said when a certain someone comes back from holiday. ok,went to follow your what to do next both those virus scans came up with this error C:\WINDOWS\system32\nlbwsefq.exe The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file i checked my firewall and it seam ok there also try to find C:\WINDOWS\system32\nlbwsefq.exe but came up with nothing i didnt do the rest so i'll wait for your advice many thanks

#10 bob4

bob4

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,205 posts

Posted 13 May 2008 - 04:59 AM

I still need the combo fix log.

Also do this now.


___________________________________
Search for and remove
Now I want you to search for and delete the following file if present. If you need help finding it
Click start /search/ all files and folders/ look for More advanced options. once in there select the first 3 boxes.
Please just remove the files/folders I listed in BOLD

C:\WINDOWS\system32\nlbwsefq.exe
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

    Advertisements

Register to Remove


#11 the shed

the shed

    New Member

  • New Member
  • Pip
  • 9 posts

Posted 13 May 2008 - 03:32 PM

:pullhair: right,i've done what you've said but there is no way that this file comes up no matter how much i search for it

C:\WINDOWS\system32\nlbwsefq.exe
followed to the letter but all it says no file found :pullhair: so,heres the latest combo fix you asked for and a new hjt log to


2003-06-05 21:13 53248 --a------ C:\Qoobox\Quarantine\K\torrents\SmitfraudFix\Process.exe.vir
2004-07-31 18:50 51200 --a------ C:\Qoobox\Quarantine\K\torrents\SmitfraudFix\dumphive.exe.vir
2005-01-13 21:41 24576 --a------ C:\Qoobox\Quarantine\K\torrents\SmitfraudFix\Reboot.exe.vir
2006-01-09 10:36 40960 --a------ C:\Qoobox\Quarantine\K\torrents\SmitfraudFix\swsc.exe.vir
2006-03-07 22:45 16384 --a------ C:\Qoobox\Quarantine\K\torrents\SmitfraudFix\restart.exe.vir
2006-04-27 17:49 288417 --a------ C:\Qoobox\Quarantine\K\torrents\SmitfraudFix\SrchSTS.exe.vir
2006-05-08 14:23 251904 --a------ C:\Qoobox\Quarantine\K\torrents\WarezP2P_ADR.exe.vir
2006-05-12 22:36 8771760 --a------ C:\Qoobox\Quarantine\K\torrents\sspsetup1_1866802807.exe.vir
2006-05-28 07:32 29323094 --a------ C:\Qoobox\Quarantine\K\torrents\Cyberlink Power DVD Deluxe with Key generator.zip.vir
2006-06-02 17:06 428042 --a------ C:\Qoobox\Quarantine\H\backup\Yahoo-Message-Archive-Decoder-Setup.exe.vir
2006-08-29 19:43 135168 --a------ C:\Qoobox\Quarantine\K\torrents\SmitfraudFix\swreg.exe.vir
2006-09-15 00:34 167936 --a------ C:\Qoobox\Quarantine\K\torrents\SmitfraudFix\unzip.exe.vir
2006-12-01 06:20 79360 --a------ C:\Qoobox\Quarantine\K\torrents\SmitfraudFix\swxcacls.exe.vir
2007-03-28 18:38 77824 --a------ C:\Qoobox\Quarantine\K\torrents\SmitfraudFix\HostsChk.exe.vir
2007-05-05 20:21 60 --a------ C:\Qoobox\Quarantine\K\torrents\Illysoft Spy NO More Garanteed Removal\===Welcome to TrialApplications.com===.URL.vir
2007-05-05 20:26 6145392 --a------ C:\Qoobox\Quarantine\K\torrents\Illysoft Spy NO More Garanteed Removal\SpyNoMore - Guaranteed Spyware Removal.EXE.vir
2007-06-09 21:04 82432 --a------ C:\Qoobox\Quarantine\K\torrents\SmitfraudFix\GenericRenosFix.exe.vir
2007-07-06 12:57 1078196 --a------ C:\Qoobox\Quarantine\K\torrents\3wPlayer-1.0.0.3-setup-0590.exe.vir
2007-07-11 20:52 1112339 --a------ C:\Qoobox\Quarantine\C\WINDOWS\pack.epk.vir
2007-07-11 20:52 22 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\nvs2.inf.vir
2007-07-29 15:12 250 --a------ C:\Qoobox\Quarantine\K\torrents\Winamp 5.35_ Pro + Keygen\Winamp 5.35_ Pro + Keygen.sfv.vir
2007-07-29 15:12 300 --a------ C:\Qoobox\Quarantine\K\torrents\Winamp 5.35_ Pro + Keygen\Winamp 5.35_ Pro + Keygen.md5.vir
2007-07-29 15:12 419328 --a------ C:\Qoobox\Quarantine\K\torrents\Winamp 5.35_ Pro + Keygen\KeyMaker.exe.vir
2007-07-29 15:12 6987776 --a------ C:\Qoobox\Quarantine\K\torrents\Winamp 5.35_ Pro + Keygen\winamp533_pro.exe.vir
2007-08-21 08:00 1536 --a------ C:\Qoobox\Quarantine\K\torrents\SmitfraudFix\exit.exe.vir
2007-08-26 01:13 1299578 --a------ C:\Qoobox\Quarantine\K\torrents\SmitfraudFix\SmitfraudFix.cmd.vir
2007-09-08 18:14 275425 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\qccmwfjmvh_nav.dat.vir
2007-09-10 04:23 801 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\qccmwfjmvh_navps.dat.vir
2007-09-10 04:23 8353 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\qccmwfjmvh.dat.vir
2007-10-06 08:36 1092891 --a------ C:\Qoobox\Quarantine\H\en\WinZix-2.2.0.0-setup-0514.exe.vir
2008-05-08 16:03 202240 --a------ C:\Qoobox\Quarantine\K\downloads\SmartMovie.Converter.v3.40.WinAll.Cracked\Setup.exe.vir
2008-05-09 04:17 99904 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\xarhbopg.dll.vir
2008-05-09 07:20 375593 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\GPoUEfhk.ini2.vir
2008-05-09 07:23 375593 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\GPoUEfhk.ini.vir
2008-05-09 07:25 1507170 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\sohnsrjt.ini.vir
2008-05-10 07:40 21 --a------ C:\Qoobox\Quarantine\C\WINDOWS\pskt.ini.vir
2008-05-13 22:18 216 --a------ C:\Qoobox\Quarantine\catchme.log

Scan saved at 22:25, on 2008-05-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.co...?BundleId=19588
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DigiCtrl (kw7v1iboep) - Unknown owner - C:\WINDOWS\system32\nlbwsefq.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 4741 bytes

#12 bob4

bob4

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,205 posts

Posted 14 May 2008 - 04:34 AM

It looks as if your ComboFix log has gotten cut off. Please navigate to C://Combofix.txt and repost that for me.
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

#13 the shed

the shed

    New Member

  • New Member
  • Pip
  • 9 posts

Posted 15 May 2008 - 12:32 AM

Is this the one?


ComboFix 08-05-09.1 - chris 2008-05-13 22:17:18.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1056 [GMT 1:00]
Running from: C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
H:\backup\Yahoo-Message-Archive-Decoder-Setup.exe
H:\en\WinZix-2.2.0.0-setup-0514.exe
K:\downloads\SmartMovie.Converter.v3.40.WinAll.Cracked\Setup.exe
K:\torrents\3wPlayer-1.0.0.3-setup-0590.exe
K:\torrents\Cyberlink Power DVD Deluxe with Key generator.zip
K:\torrents\sspsetup1_1866802807.exe
K:\torrents\WarezP2P_ADR.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

H:\backup\Yahoo-Message-Archive-Decoder-Setup.exe
H:\en\WinZix-2.2.0.0-setup-0514.exe
K:\downloads\SmartMovie.Converter.v3.40.WinAll.Cracked\Setup.exe
K:\torrents\3wPlayer-1.0.0.3-setup-0590.exe
K:\torrents\Cyberlink Power DVD Deluxe with Key generator.zip
K:\torrents\Cyberlink Power DVD Deluxe with Key generator.zip\
K:\torrents\Illysoft Spy NO More Garanteed Removal
K:\torrents\Illysoft Spy NO More Garanteed Removal\===Welcome to TrialApplications.com===.URL
K:\torrents\Illysoft Spy NO More Garanteed Removal\SpyNoMore - Guaranteed Spyware Removal.EXE
K:\torrents\SmitfraudFix
K:\torrents\SmitfraudFix\dumphive.exe
K:\torrents\SmitfraudFix\exit.exe
K:\torrents\SmitfraudFix\GenericRenosFix.exe
K:\torrents\SmitfraudFix\HostsChk.exe
K:\torrents\SmitfraudFix\Process.exe
K:\torrents\SmitfraudFix\Reboot.exe
K:\torrents\SmitfraudFix\restart.exe
K:\torrents\SmitfraudFix\SmitfraudFix.cmd
K:\torrents\SmitfraudFix\SrchSTS.exe
K:\torrents\SmitfraudFix\swreg.exe
K:\torrents\SmitfraudFix\swsc.exe
K:\torrents\SmitfraudFix\swxcacls.exe
K:\torrents\SmitfraudFix\unzip.exe
K:\torrents\sspsetup1_1866802807.exe
K:\torrents\WarezP2P_ADR.exe
K:\torrents\Winamp 5.35_ Pro + Keygen
K:\torrents\Winamp 5.35_ Pro + Keygen\KeyMaker.exe
K:\torrents\Winamp 5.35_ Pro + Keygen\Winamp 5.35_ Pro + Keygen.md5
K:\torrents\Winamp 5.35_ Pro + Keygen\Winamp 5.35_ Pro + Keygen.sfv
K:\torrents\Winamp 5.35_ Pro + Keygen\winamp533_pro.exe

.
((((((((((((((((((((((((( Files Created from 2008-04-13 to 2008-05-13 )))))))))))))))))))))))))))))))
.

2008-05-12 03:27 . 2008-05-12 03:27 <DIR> d-------- C:\WINDOWS\Sun
2008-05-12 03:27 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-11 05:24 . 2008-05-11 05:24 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-11 05:24 . 2008-05-11 05:24 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-05-10 18:16 . 2008-05-10 18:16 1,024 --ah----- C:\Documents and Settings\Default User.WINDOWS\ntuser.dat.LOG
2008-05-10 08:19 . 2008-05-10 08:19 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-09 10:33 . 2008-05-09 10:33 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-09 10:24 . 2008-05-10 07:37 <DIR> d-------- C:\SDFix
2008-05-09 04:17 . 2008-05-10 08:31 109,858 --a------ C:\WINDOWS\BM430d4379.xml
2008-04-25 22:00 . 2008-04-25 22:00 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\Nokia Multimedia Player
2008-04-25 21:56 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-04-25 21:56 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-04-25 21:55 . 2008-04-25 21:55 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-25 21:55 . 2008-04-25 21:55 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-04-25 21:52 . 2008-04-25 21:57 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\PC Suite
2008-04-25 21:52 . 2008-04-25 22:02 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\Nokia
2008-04-25 21:52 . 2008-04-25 21:52 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Suite
2008-04-25 21:51 . 2008-04-25 21:51 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-04-25 21:51 . 2007-11-29 10:33 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-04-25 21:51 . 2007-11-29 10:39 95,744 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-04-25 21:51 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-04-25 21:51 . 2007-11-29 10:39 19,328 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-04-25 21:51 . 2007-11-29 10:39 16,896 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-04-25 21:51 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-04-25 21:51 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-04-25 21:50 . 2008-05-08 16:58 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Installations
2008-04-25 18:52 . 2007-11-29 10:32 48,128 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-04-24 23:01 . 2008-05-10 19:17 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2008-04-24 23:01 . 2008-04-24 23:01 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\AVS4YOU
2008-04-24 23:01 . 2008-04-24 23:01 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVS4YOU
2008-04-24 23:00 . 2008-05-10 19:17 <DIR> d-------- C:\Program Files\AVS4YOU
2008-04-23 10:33 . 2004-08-04 00:56 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-04-23 10:33 . 2004-08-04 00:56 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-04-19 17:52 . 1996-10-15 18:01 298,496 --a------ C:\WINDOWS\uninst.exe
2008-04-19 17:51 . 2008-04-19 17:51 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\WINDOWS
2008-04-19 17:24 . 2008-05-08 17:00 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-04-18 19:32 . 2008-04-18 19:36 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\Ahead
2008-04-15 17:20 . 2008-04-15 17:20 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Contacts
2008-04-15 17:19 . 2008-04-25 21:52 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-04-14 21:31 . 2008-05-10 19:45 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2008-04-14 21:31 . 2008-05-10 19:44 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-04-14 21:15 . 2008-04-14 21:15 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\LocalLow
2008-04-14 21:15 . 2008-04-14 21:15 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\TVU Networks
2008-04-14 20:17 . 2008-04-14 20:17 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\vlc
2008-04-14 20:06 . 2008-04-14 20:21 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-04-14 20:06 . 2007-02-27 19:36 524,288 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-04-13 21:49 . 2008-04-14 19:45 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\SopCast
2008-04-13 19:44 . 2008-04-13 19:44 376 --a------ C:\WINDOWS\ODBC.INI
2008-04-13 19:43 . 2008-04-13 19:43 <DIR> d-------- C:\WINDOWS\ShellNew
2008-04-13 00:10 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-13 00:10 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-04-13 00:10 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-13 07:00 --------- d-----w C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\AVG7
2008-05-12 02:27 --------- d-----w C:\Program Files\Java
2008-05-10 04:41 --------- d-----w C:\Program Files\Enigma Software Group
2008-04-26 07:27 --------- d-----w C:\Program Files\Google
2008-04-25 20:51 --------- d-----w C:\Program Files\DIFX
2008-04-24 21:33 --------- d-----w C:\Program Files\AVIConverter
2008-04-23 09:28 --------- d-----w C:\Program Files\Common Files\snpstd
2008-04-17 21:40 --------- d-----w C:\Program Files\BitLord
2008-04-17 14:49 --------- d-----w C:\Program Files\MSN Messenger
2008-04-17 14:48 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-04-14 21:04 --------- d-----w C:\Program Files\SopCast
2008-04-14 20:15 --------- d-----w C:\Program Files\TVUPlayer
2008-04-12 15:41 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-04-12 15:17 --------- d-----w C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\SUPERAntiSpyware.com
2008-04-12 15:17 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2008-04-12 14:59 --------- d-----w C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\scar5
2008-04-12 14:59 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\scar5
2008-04-12 13:50 --------- d-----w C:\Program Files\Lavasoft
2008-04-12 13:50 --------- d-----w C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\Lavasoft
2008-04-12 13:44 --------- d-----w C:\Program Files\Evidence Eliminator
2008-04-12 12:17 --------- d-----w C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\Any Video Converter
2008-04-12 12:16 --------- d-----w C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\DAEMON Tools
2008-04-12 11:33 --------- d-----w C:\Program Files\PowerQuest
2008-04-12 11:16 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7
2008-04-12 10:28 --------- d-----w C:\Program Files\Creative
2008-04-12 09:04 --------- d-----w C:\Program Files\AvRack
2008-04-12 06:33 --------- d-----w C:\Program Files\Winamp
2008-04-12 06:31 --------- d-----w C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\InterTrust
2008-04-12 05:23 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
2008-04-12 05:00 --------- d-----w C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\Digital Asphyxia
2008-04-12 05:00 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Tarma Installer
2008-04-12 05:00 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Digital Asphyxia
2008-04-12 04:02 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-04-12 04:02 --------- d-----w C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\AVG7
2008-04-12 04:02 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2008-04-10 21:38 --------- d-----w C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\ATI
2008-04-07 17:50 --------- d-----w C:\Program Files\VideoLAN
2008-04-06 18:24 --------- d-----w C:\Program Files\BlazeVideo
2008-04-06 15:05 --------- d-----w C:\Program Files\Any Video Converter
2008-03-29 17:19 --------- d-----w C:\Program Files\Electronic Arts
2008-03-28 22:33 --------- d-----w C:\Program Files\VP3 Codec
2008-03-23 14:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-05 15:03 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll
2008-03-05 15:03 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll
2008-03-05 15:00 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll
2008-03-05 14:56 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll
2008-03-05 14:56 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 08:59 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((( snapshot@2008-05-10_18.24.31.98 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-10 17:21:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-12 03:25:48 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-02-22 00:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-02-22 00:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-02-22 01:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2005-05-24 11:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 14:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 14:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2002-11-18 13:02:58 40,960 ----a-w C:\WINDOWS\system32\MMAVILNG.exe
+ 2002-11-15 10:11:28 77,824 ----a-w C:\WINDOWS\system32\MMSwitch.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE" [2008-04-12 16:41 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 17:02 579584]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-12 06:11 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= C:\WINDOWS\system32\ctmp3.acm
"aux"= ctwdm32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk
backup=C:\WINDOWS\pss\ATI CATALYST System Tray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AHQInit]
--a------ 2001-05-10 17:49 102400 C:\Program Files\Creative\SBLive\Program\AHQInit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2005-08-06 01:07 61440 C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioHQ]
--a------ 2001-08-17 17:01 180224 C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-01 22:22 3739648 C:\Program Files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-04-16 12:53 1079808 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]
--a------ 2003-12-31 17:39 40960 C:\WINDOWS\vsnpstd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
--a------ 2008-01-23 14:47 847872 C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--a------ 2000-05-11 01:00 90112 C:\WINDOWS\Updreg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-02-13 19:29 35328 C:\Program Files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\sopvod.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

S2 kw7v1iboep;DigiCtrl;C:\WINDOWS\system32\nlbwsefq.exe []
S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 15:53]
S3 upperdev;upperdev;C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 10:39]
S3 UsbserFilt;UsbserFilt;C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 10:39]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-13 22:18:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-13 22:19:11
ComboFix-quarantined-files.txt 2008-05-13 21:18:57
ComboFix2.txt 2008-05-12 03:29:43
ComboFix3.txt 2008-05-11 04:10:23
ComboFix4.txt 2008-05-10 17:24:44
ComboFix5.txt 2007-09-10 09:15:42

Pre-Run: 9,960,173,568 bytes free
Post-Run: 9,925,980,160 bytes free

257 --- E O F --- 2008-04-17 14:55:15

#14 bob4

bob4

    MalwareTeam Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,205 posts

Posted 15 May 2008 - 05:15 AM

That's the one. :thumbup:

We need to do this just 1 more time.





____________________________
Open Notepad, copy and paste the following text (in bold) into the new Notepad window.


sc stop kw7v1iboep

sc delete kw7v1iboep



Save it to your Desktop, as type "all files", as fixservice.bat


It should now look like this icon now.
Posted Image
Now double click this file, won't see much happen.
A quick flash is about all.
Then you may delete the file we just made.


***************************

Use quotes if there is a space in the name

sc delete "net mon"




________________________________________
Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\nlbwsefq.exe 

Driver:: 
kw7v1iboep


NOTE: This script was done for this user specifically.
DO NOT ATTEMPT TO USE IT IF YOU ARE NOT THIS USER
YOU WILL HURT THE WORKINGS OF YOUR COMPUTER !!
.

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:ComboFix.txt which I will need in your next reply.





_________________________
In your next reply I would like to see:
  • A new HJT log
  • The report from ComboFix
  • How are things running ?

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

#15 the shed

the shed

    New Member

  • New Member
  • Pip
  • 9 posts

Posted 16 May 2008 - 12:41 AM

Hi,yer things seam to be running much better(i hope) heres the logs
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:30, on 2008-05-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.co...?BundleId=19588
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 4435 bytes

ComboFix 08-05-09.1 - chris 2008-05-16 7:26:02.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1136 [GMT 1:00]
Running from: C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Desktop\CFScript.txt.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\nlbwsefq.exe
.

((((((((((((((((((((((((( Files Created from 2008-04-16 to 2008-05-16 )))))))))))))))))))))))))))))))
.

2008-05-12 03:27 . 2008-05-12 03:27 <DIR> d-------- C:\WINDOWS\Sun
2008-05-12 03:27 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-11 05:24 . 2008-05-11 05:24 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-11 05:24 . 2008-05-11 05:24 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-05-10 18:16 . 2008-05-10 18:16 1,024 --ah----- C:\Documents and Settings\Default User.WINDOWS\ntuser.dat.LOG
2008-05-10 08:19 . 2008-05-10 08:19 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-09 10:33 . 2008-05-09 10:33 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-09 10:24 . 2008-05-10 07:37 <DIR> d-------- C:\SDFix
2008-05-09 04:17 . 2008-05-10 08:31 109,858 --a------ C:\WINDOWS\BM430d4379.xml
2008-04-25 22:00 . 2008-04-25 22:00 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\Nokia Multimedia Player
2008-04-25 21:56 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-04-25 21:56 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-04-25 21:55 . 2008-04-25 21:55 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-25 21:55 . 2008-04-25 21:55 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-04-25 21:52 . 2008-04-25 21:57 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\PC Suite
2008-04-25 21:52 . 2008-04-25 22:02 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\Nokia
2008-04-25 21:52 . 2008-04-25 21:52 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Suite
2008-04-25 21:51 . 2008-04-25 21:51 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-04-25 21:51 . 2007-11-29 10:33 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-04-25 21:51 . 2007-11-29 10:39 95,744 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-04-25 21:51 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-04-25 21:51 . 2007-11-29 10:39 19,328 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-04-25 21:51 . 2007-11-29 10:39 16,896 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-04-25 21:51 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-04-25 21:51 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-04-25 21:50 . 2008-05-08 16:58 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Installations
2008-04-25 18:52 . 2007-11-29 10:32 48,128 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-04-24 23:01 . 2008-05-10 19:17 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2008-04-24 23:01 . 2008-04-24 23:01 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\AVS4YOU
2008-04-24 23:01 . 2008-04-24 23:01 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVS4YOU
2008-04-24 23:00 . 2008-05-10 19:17 <DIR> d-------- C:\Program Files\AVS4YOU
2008-04-23 10:33 . 2004-08-04 00:56 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-04-23 10:33 . 2004-08-04 00:56 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-04-19 17:52 . 1996-10-15 18:01 298,496 --a------ C:\WINDOWS\uninst.exe
2008-04-19 17:51 . 2008-04-19 17:51 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\WINDOWS
2008-04-19 17:24 . 2008-05-08 17:00 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-04-18 19:32 . 2008-04-18 19:36 <DIR> d-------- C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\Ahead

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-15 07:00 --------- d-----w C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\AVG7
2008-05-12 02:27 --------- d-----w C:\Program Files\Java
2008-05-10 18:45 --------- d-----w C:\Program Files\Codec Pack - All In 1
2008-05-10 18:44 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-05-10 04:41 --------- d-----w C:\Program Files\Enigma Software Group
2008-04-26 07:27 --------- d-----w C:\Program Files\Google
2008-04-25 20:51 --------- d-----w C:\Program Files\DIFX
2008-04-24 21:33 --------- d-----w C:\Program Files\AVIConverter
2008-04-23 09:28 --------- d-----w C:\Program Files\Common Files\snpstd
2008-04-17 21:40 --------- d-----w C:\Program Files\BitLord
2008-04-17 14:49 --------- d-----w C:\Program Files\MSN Messenger
2008-04-17 14:48 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-04-14 21:04 --------- d-----w C:\Program Files\SopCast
2008-04-14 20:15 --------- d-----w C:\Program Files\TVUPlayer
2008-04-14 20:15 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\TVU Networks
2008-04-14 19:21 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-04-14 19:17 --------- d-----w C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\vlc
2008-04-14 18:45 --------- d-----w C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\SopCast
2008-04-12 15:41 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-04-12 15:17 --------- d-----w C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\SUPERAntiSpyware.com
2008-04-12 15:17 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2008-04-12 14:59 --------- d-----w C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\scar5
2008-04-12 14:59 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\scar5
2008-04-12 13:50 --------- d-----w C:\Program Files\Lavasoft
2008-04-12 13:50 --------- d-----w C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\Lavasoft
2008-04-12 13:44 --------- d-----w C:\Program Files\Evidence Eliminator
2008-04-12 12:17 --------- d-----w C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\Any Video Converter
2008-04-12 12:16 --------- d-----w C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\DAEMON Tools
2008-04-12 11:33 --------- d-----w C:\Program Files\PowerQuest
2008-04-12 11:16 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7
2008-04-12 10:28 --------- d-----w C:\Program Files\Creative
2008-04-12 09:04 --------- d-----w C:\Program Files\AvRack
2008-04-12 06:33 --------- d-----w C:\Program Files\Winamp
2008-04-12 06:31 --------- d-----w C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\InterTrust
2008-04-12 05:23 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
2008-04-12 05:00 --------- d-----w C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\Digital Asphyxia
2008-04-12 05:00 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Tarma Installer
2008-04-12 05:00 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Digital Asphyxia
2008-04-12 04:02 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-04-12 04:02 --------- d-----w C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\AVG7
2008-04-12 04:02 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2008-04-10 21:38 --------- d-----w C:\Documents and Settings\chris.CHRIS-LKUOASJQO\Application Data\ATI
2008-04-07 17:50 --------- d-----w C:\Program Files\VideoLAN
2008-04-06 18:24 --------- d-----w C:\Program Files\BlazeVideo
2008-04-06 15:05 --------- d-----w C:\Program Files\Any Video Converter
2008-03-29 17:19 --------- d-----w C:\Program Files\Electronic Arts
2008-03-28 22:33 --------- d-----w C:\Program Files\VP3 Codec
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-23 14:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-05 15:03 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll
2008-03-05 15:03 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll
2008-03-05 15:00 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll
2008-03-05 14:56 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll
2008-03-05 14:56 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 08:59 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((( snapshot@2008-05-10_18.24.31.98 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-23 04:56:21 554,008 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\dao360.dll
+ 2007-12-10 12:41:11 518,944 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexch40.dll
+ 2007-12-10 12:41:11 326,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexcl40.dll
+ 2007-12-10 12:41:11 1,516,568 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjet40.dll
+ 2007-12-10 12:41:11 355,112 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjetol1.dll
+ 2008-03-27 07:39:13 151,583 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjint40.dll
+ 2007-12-10 12:41:12 60,192 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjter40.dll
+ 2007-12-10 12:41:12 248,608 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjtes40.dll
+ 2007-12-10 12:41:12 219,936 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msltus40.dll
+ 2007-12-10 12:41:12 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mspbde40.dll
+ 2007-12-10 12:41:13 432,928 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd2x40.dll
+ 2007-12-10 12:41:13 322,336 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd3x40.dll
+ 2007-12-10 12:41:13 559,904 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrepl40.dll
+ 2007-12-10 12:41:13 264,992 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mstext40.dll
+ 2007-12-10 12:41:13 838,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswdat10.dll
+ 2007-12-10 12:41:14 621,344 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswstr10.dll
+ 2007-12-10 12:41:14 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msxbde40.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\updspapi.dll
- 2008-05-10 17:21:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-16 06:02:59 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-17 14:55:14 167,936 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2008-05-16 05:47:00 167,936 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
- 2008-04-17 14:55:14 2,560 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2008-05-16 05:47:00 2,560 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2008-04-17 14:55:14 81,920 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2008-05-16 05:47:00 81,920 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
- 2008-04-17 14:55:13 34,304 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2008-05-16 05:47:00 34,304 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2008-04-17 14:55:14 8,192 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2008-05-16 05:47:00 8,192 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2008-04-17 14:55:14 3,584 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2008-05-16 05:47:00 3,584 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2008-04-17 14:55:14 114,688 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2008-05-16 05:47:00 114,688 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2008-04-17 14:55:14 16,384 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2008-05-16 05:47:00 16,384 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2008-04-17 14:55:14 30,720 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2008-05-16 05:47:00 30,720 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2008-04-17 14:55:14 22,528 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2008-05-16 05:47:00 22,528 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2008-04-17 14:55:13 45,056 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2008-05-16 05:47:00 45,056 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2008-04-17 14:55:13 90,112 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2008-05-16 05:47:00 90,112 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2008-03-25 04:50:25 554,008 -c----w C:\WINDOWS\system32\dllcache\dao360.dll
+ 2008-03-25 04:50:28 518,944 -c----w C:\WINDOWS\system32\dllcache\msexch40.dll
+ 2008-03-25 04:50:30 326,432 -c----w C:\WINDOWS\system32\dllcache\msexcl40.dll
+ 2008-03-25 04:50:34 1,516,568 -c----w C:\WINDOWS\system32\dllcache\msjet40.dll
+ 2008-03-25 04:50:40 355,112 -c----w C:\WINDOWS\system32\dllcache\msjetol1.dll
+ 2008-03-27 08:12:54 151,583 -c----w C:\WINDOWS\system32\dllcache\msjint40.dll
+ 2008-03-25 04:50:42 60,192 -c----w C:\WINDOWS\system32\dllcache\msjter40.dll
+ 2008-03-25 04:50:42 248,608 -c----w C:\WINDOWS\system32\dllcache\msjtes40.dll
+ 2008-03-25 04:50:44 219,936 -c----w C:\WINDOWS\system32\dllcache\msltus40.dll
+ 2008-03-25 04:50:45 355,104 -c----w C:\WINDOWS\system32\dllcache\mspbde40.dll
+ 2008-03-25 04:50:47 432,928 -c----w C:\WINDOWS\system32\dllcache\msrd2x40.dll
+ 2008-03-25 04:50:49 322,336 -c----w C:\WINDOWS\system32\dllcache\msrd3x40.dll
+ 2008-03-25 04:50:52 559,904 -c----w C:\WINDOWS\system32\dllcache\msrepl40.dll
+ 2008-03-25 04:50:55 264,992 -c----w C:\WINDOWS\system32\dllcache\mstext40.dll
+ 2008-03-25 04:50:57 838,432 -c----w C:\WINDOWS\system32\dllcache\mswdat10.dll
+ 2008-03-25 04:50:58 621,344 -c----w C:\WINDOWS\system32\dllcache\mswstr10.dll
+ 2008-03-25 04:50:58 355,104 -c----w C:\WINDOWS\system32\dllcache\msxbde40.dll
+ 2008-02-22 00:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-02-22 00:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-02-22 01:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2005-05-24 11:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 14:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 14:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2002-11-18 13:02:58 40,960 ----a-w C:\WINDOWS\system32\MMAVILNG.exe
+ 2002-11-15 10:11:28 77,824 ----a-w C:\WINDOWS\system32\MMSwitch.dll
- 2008-01-02 09:21:38 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-09 13:35:06 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe
- 2004-08-03 23:56:44 512,029 ----a-w C:\WINDOWS\system32\msexch40.dll
+ 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll
- 2004-08-03 23:56:44 319,517 ----a-w C:\WINDOWS\system32\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll
- 2004-08-03 23:56:44 1,507,356 ----a-w C:\WINDOWS\system32\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll
- 2004-07-17 10:34:48 358,976 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
+ 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
- 2004-08-03 23:56:44 53,279 ----a-w C:\WINDOWS\system32\msjter40.dll
+ 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll
- 2004-08-03 23:56:44 241,693 ----a-w C:\WINDOWS\system32\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll
- 2004-08-03 23:56:44 213,023 ----a-w C:\WINDOWS\system32\msltus40.dll
+ 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
- 2004-08-03 23:56:44 348,189 ----a-w C:\WINDOWS\system32\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\system32\mspbde40.dll
- 2004-08-03 23:56:44 421,919 ----a-w C:\WINDOWS\system32\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\system32\msrd2x40.dll
- 2004-08-03 23:56:44 315,423 ----a-w C:\WINDOWS\system32\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\system32\msrd3x40.dll
- 2004-08-03 23:56:44 552,989 ----a-w C:\WINDOWS\system32\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40.dll
- 2004-08-03 23:56:44 258,077 ----a-w C:\WINDOWS\system32\mstext40.dll
+ 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\system32\mstext40.dll
- 2004-08-03 23:56:46 831,519 ----a-w C:\WINDOWS\system32\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\system32\mswdat10.dll
- 2004-08-03 23:56:46 614,429 ----a-w C:\WINDOWS\system32\mswstr10.dll
+ 2008-03-25 04:50:58 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
- 2004-08-03 23:56:46 348,189 ----a-w C:\WINDOWS\system32\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE" [2008-04-12 16:41 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 17:02 579584]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-12 06:11 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= C:\WINDOWS\system32\ctmp3.acm
"aux"= ctwdm32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk
backup=C:\WINDOWS\pss\ATI CATALYST System Tray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AHQInit]
--a------ 2001-05-10 17:49 102400 C:\Program Files\Creative\SBLive\Program\AHQInit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2005-08-06 01:07 61440 C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioHQ]
--a------ 2001-08-17 17:01 180224 C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-01 22:22 3739648 C:\Program Files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-04-16 12:53 1079808 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]
--a------ 2003-12-31 17:39 40960 C:\WINDOWS\vsnpstd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
--a------ 2008-01-23 14:47 847872 C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--a------ 2000-05-11 01:00 90112 C:\WINDOWS\Updreg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-02-13 19:29 35328 C:\Program Files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\sopvod.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 15:53]
S3 upperdev;upperdev;C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 10:39]
S3 UsbserFilt;UsbserFilt;C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 10:39]

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-16 07:28:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-16 7:28:47
ComboFix-quarantined-files.txt 2008-05-16 06:28:42
ComboFix2.txt 2008-05-13 21:19:12
ComboFix3.txt 2008-05-12 03:29:43
ComboFix4.txt 2008-05-11 04:10:23
ComboFix5.txt 2008-05-10 17:24:44

Pre-Run: 9,669,672,960 bytes free
Post-Run: 9,732,444,160 bytes free

307 --- E O F --- 2008-05-16 05:47:04

i hope this is the end, :woot: if so,wheres that donate button :thumbup:

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users