|
|||||||
| Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
 |
|
|
Topic Tools |
|
#1
February 12th, 2009, 05:13 AM
|
|||
|
|||
Infected with kd Crypt worm
My computer was acting up - again. I ran Ad-Aware and an infection showed up called, kd Crypt Worm. I ran Malwarebytes and that was clean. I restarted the computer after running these programs and had to restart the computer at an earlier version to restart. The other day Zone Alarm alerted me that Win32 was attempting to come in and I allowed it. Now I find out that Crypt attaches itself to Win32. Please let me know what steps I need to take to clear this matter up. I'm afraid to turn the computer off at this point.
 Thank you.I ran Ad-Aware again, the infection is still there. My firewall alerted me again that a program wanted access to my system folder, as well as Earthlink, my email program. I have not heard from anyone yet, I accidently clicked on the "reply" button ... thanks for listening! 2/12/09 2:00 pm est: Just tried using the Trend Micro Housecall to scan. JAVA has been disabled on my computer! Tried reinstalling and Crypt is trying to get in the computer further on WIN32 - ZoneAlarm firewall alerted me. JAVA is disabled and who knows what else. Last edited by rainie; February 12th, 2009 at 08:01 PM. Reason: UPDATE 
|
|
#2
February 13th, 2009, 05:36 AM
|
||||
|
||||
|
Hello rainie,
Let's see what all is there. Be sure to not allow your security software to interfere while doing these steps though, even if it pops up with some alarm. On that note, To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Download RSIT (random's system information tool) from here to your desktop, then click on the RSIT.exe to start the scan. If necessary allow it to locate or download a copy of HijackThis as needed. Once the scan completes a textbox will open - copy/paste those contents here for review please. The log can also be found at C:\rsit\log.txt. RSIT will also create a second log, info.txt, which will be minimized to your taskbar. Post that here as well please (it will also be stored at C:\rsit\info.txt). You can break logs into parts and use separate posts here when replying and posting the log files, if needed.
|
|
#3
February 13th, 2009, 05:54 AM
|
|||
|
|||
|
Hi Jintan,
Following is the RSIT scan, (part 1) Logfile of random's system information tool 1.05 (written by random/random) Run by Owner at 2009-02-12 23:52:18 Microsoft Windows XP Professional Service Pack 3 System drive C: has 126 GB (67%) free of 186 GB Total RAM: 894 MB (58% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:52:20 PM, on 2/12/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\WINDOWS\system32\java.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\zHotkey.exe C:\Program Files\Digital Media Reader\shwiconem.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\EarthLink TotalAccess\FastLane2\IPMon32.exe C:\Program Files\EarthLink TotalAccess\FastLane2\IPClient.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Quicken\bagent.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\BigFix\BigFix.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\EarthLink TotalAccess\TaskPanl.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\EarthLink TotalAccess\MailClnt.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Owner\Desktop\RSIT.exe
|
|
#4
February 13th, 2009, 05:55 AM
|
|||
|
|||
|
Part 2:
C:\Program Files\Trend Micro\HijackThis\Owner.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/mor...on/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/mor...on/search.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\Bank Of America\Toolbar\ElnkPub.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\Bank Of America\Toolbar\ProtctIE.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\Bank Of America\Toolbar\uninsttb.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Dogpile Toolbar - {5E92F538-B50B-46c5-9C5F-C6EECED3F6C6} - C:\Program Files\DogpileToolbar\insptbar.dll O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\Bank Of America\Toolbar\Toolbar.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [CHotkey] zHotkey.exe O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\EarthLink TotalAccess\FastLane2\IPMon32.exe" O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\EarthLink TotalAccess\FastLane2\IPClient.exe" -l O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [EPSON Stylus Photo R260 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIB NA.EXE /FU "C:\WINDOWS\TEMP\E_S1A1.tmp" /EF "HKCU" O4 - HKCU\..\Run: [CommCtr] C:\PROGRA~1\NET2PH~1\CommCtr.exe -auto O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [QuickenScheduledUpdates] C:\Program Files\Quicken\bagent.exe O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Dogpile Cursor Search - C:\Documents and Settings\All Users\Application Data\Infospace\DogpileToolbar\contextsearch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\Bank Of America\Toolbar\SearchUI.dll/search.html O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: Dialpad Webphone - https://www.dialpad.com/md/update/cham.cab O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab O16 - DPF: {11A02365-2859-4598-A9D5-4FDE99D67723} (PQIEBrowserConnector Class) - http://www.pqprintcenter.com/plugin/...tquick1611.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1138458442937 O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://cam.xango.com//activex/AMC.cab O16 - DPF: {A526A2C7-723E-4081-BF70-A7A9913E8C4A} (LogData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} (OCXDownloadChecker Control) - http://palmvidserver.dyndns.org:4000...ecker_8000.cab O16 - DPF: {CA11EB7C-1C85-4577-8A49-9E28EFB30184} (UMediaPlayer Class) - http://www.umediaserver.net/bin/UMediaControl4.cab O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} (DownloadFile Control) - http://palmvidserver.dyndns.org:4000...dFile_8000.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://freetrial.webex.com/client/T...ex/ieatgpc.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326 O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} (Plaxo Auto-Import Utility) - https://www.plaxo.com/activex/plx_upldr-2k-xp.cab O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks Premier\HelpAsyncPluggableProtocol.dll O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS. exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 12491 bytes
|
|
#5
February 13th, 2009, 05:58 AM
|
|||
|
|||
|
Part 3:
End of file - 12491 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{512ACF1B-64D9-4928-B382-A80556F28DB4}] ElnkPubBHO Class - C:\Program Files\Bank Of America\Toolbar\ElnkPub.dll [2008-11-17 255472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{9579D574-D4D8-4335-9560-FE8641A013BD}] ElnkProtectionBHO Class - C:\Program Files\Bank Of America\Toolbar\ProtctIE.dll [2008-11-17 415216] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{E713904C-DF05-4C79-BBAD-02DB923253BE}] ElnkLegacyUninstBHO Class - C:\Program Files\Bank Of America\Toolbar\uninsttb.dll [2008-11-17 280048] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {5E92F538-B50B-46c5-9C5F-C6EECED3F6C6} - Dogpile Toolbar - C:\Program Files\DogpileToolbar\insptbar.dll [2005-10-14 441344] {C7768536-96F8-4001-B1A2-90EE21279187} - EarthLink Toolbar - C:\Program Files\Bank Of America\Toolbar\Toolbar.dll [2008-11-17 873968] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run] "ehTray"=C:\WINDOWS\ehome\ehtray.exe [2004-08-10 59392] "CHotkey"=C:\WINDOWS\zHotkey.exe [2004-05-17 543232] "ShowWnd"=C:\WINDOWS\ShowWnd.exe [2003-09-19 36864] "SunKistEM"=C:\Program Files\Digital Media Reader\shwiconem.exe [2004-11-15 135168] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.ex e [2001-07-09 155648] "Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-14 212992] "RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768] "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-12-01 77824] "Reminder"=C:\WINDOWS\Creator\Remind_XP.exe [2005-03-09 966656] "IPInSightMonitor 01"=C:\Program Files\EarthLink TotalAccess\FastLane2\IPMon32.exe [2005-08-10 122880] "IPInSightLAN 01"=C:\Program Files\EarthLink TotalAccess\FastLane2\IPClient.exe [2005-08-10 380928] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672] "nmctxth"=C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [2008-05-16 648504] "AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-10-01 111936] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600] "Intuit SyncManager"=C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [2008-09-09 623880] "ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-10-09 981904] [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run] "EPSON Stylus Photo R260 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3 \E_FATIBNA.EXE [2006-05-19 139264] "CommCtr"=C:\PROGRA~1\NET2PH~1\CommCtr.exe [2006-05-24 2383872] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] "QuickenScheduledUpdates"=C:\Program Files\Quicken\bagent.exe [2008-10-27 87328] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-03-17 339968] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-02-16 49152] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TotalRecorderScheduler] C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe [2008-11-18 133640] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk] C:\PROGRA~1\Google\GOOGLE~1\GOOGLE~1.EXE -systray -startup [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2004-11-04 258048] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk] C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2004-11-04 53248] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk] C:\PROGRA~1\COMMON~1\Intuit\QUICKB~1\QBUpdate\qbup date.exe [2008-09-11 984352] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "gusvc"=2 C:\Documents and Settings\All Users\Start Menu\Programs\Startup BigFix.lnk - C:\Program Files\BigFix\BigFix.exe QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2005-03-14 61440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\AVG Anti-Spyware Guard] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\AVG Anti-Spyware Guard] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\vsmon]
|
|
#6
February 13th, 2009, 05:58 AM
|
|||
|
|||
|
Part 4:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\R oyale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale. theme [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:TaskPanl" "C:\Program Files\DialpadChameleon\dpchamu.exe"="C:\Program Files\DialpadChameleon\dpchamu.exe:*:Enabled  ialp adChameleon""C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL" "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL" "C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL" "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Pro gram Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enable d:Yahoo! Messenger" "C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo ! FT Server" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax" "C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:Turbo Tax Update Manager" "C:\Program Files\Net2Phone CommCenter\CommCtr.exe"="C:\Program Files\Net2Phone CommCenter\CommCtr.exe:*:Enabled:Net2Phone CommCenter Client GUI Module" "C:\Program Files\v8000\DMMultiView\MultiView.exe"="C:\Program Files\v8000\DMMultiView\MultiView.exe:*:Enabled:Mu ltiView" "C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax" "C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:Turbo Tax Update Manager" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\Intuit\QuickBooks Premier\QBDBMgrN.exe"="C:\Program Files\Intuit\QuickBooks Premier\QBDBMgrN.exe:*:Enabled:QuickBooks 2009 Data Manager" "C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe"="C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet isabl ed:Intuit Update Shared Downloads Server""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pur e Networks Platform Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL" "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL" "C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{5e434adc-ee78-11dd-86e4-0013d30220f1}] shell\AutoRun\command - K:\setupSNK.exe ======List of files/folders created in the last 1 months====== 2009-02-12 14:32:26 ----A---- C:\Program Files\HJTInstall.exe 2009-02-12 14:28:02 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2009-02-11 08:46:01 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$ 2009-02-09 18:03:22 ----D---- C:\Program Files\MSECache 2009-02-09 10:17:37 ----D---- C:\Program Files\Jetcast 2009-02-09 10:16:29 ----A---- C:\Program Files\en-jetcast-player.exe 2009-01-29 20:17:19 ----D---- C:\ef98217ea4b8b3a7f296f81576fe2c59 2009-01-14 22:52:25 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$ ======List of files/folders modified in the last 1 months====== 2009-02-12 23:52:20 ----D---- C:\WINDOWS\Prefetch 2009-02-12 23:52:07 ----D---- C:\WINDOWS\Temp 2009-02-12 23:47:32 ----D---- C:\WINDOWS\Internet Logs 2009-02-12 23:35:32 ----A---- C:\rollback.ini 2009-02-12 23:08:41 ----A---- C:\WINDOWS\win.ini 2009-02-12 23:08:31 ----A---- C:\WINDOWS\ModemLog_SoftV92 Data Fax Modem with SmartCP.txt 2009-02-12 23:08:09 ----D---- C:\WINDOWS\Registration 2009-02-12 23:07:57 ----D---- C:\WINDOWS 2009-02-12 23:06:30 ----D---- C:\WINDOWS\system32 2009-02-12 14:32:27 ----RD---- C:\Program Files 2009-02-12 14:29:35 ----D---- C:\Program Files\SpywareBlaster 2009-02-12 13:55:43 ----D---- C:\WINDOWS\system32\CatRoot2 2009-02-11 17:13:00 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-02-11 17:05:52 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-02-11 12:22:33 ----SHD---- C:\WINDOWS\Installer 2009-02-11 12:22:13 ----SHD---- C:\Config.Msi 2009-02-11 09:11:50 ----D---- C:\WINDOWS\system32\ZoneLabs 2009-02-11 08:46:04 ----HD---- C:\WINDOWS\inf 2009-02-11 08:45:57 ----HD---- C:\WINDOWS\$hf_mig$ 2009-02-11 08:45:55 ----A---- C:\WINDOWS\imsins.BAK 2009-02-11 08:45:43 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-02-11 08:45:40 ----D---- C:\Program Files\Internet Explorer 2009-02-11 08:45:26 ----D---- C:\WINDOWS\ie7updates 2009-02-09 18:03:57 ----RSD---- C:\WINDOWS\Fonts 2009-02-09 18:03:48 ----D---- C:\Program Files\Microsoft Office 2009-02-09 18:03:45 ----D---- C:\Program Files\Common Files\Microsoft Shared 2009-02-03 20:08:02 ----D---- C:\Program Files\Common Files\AnswerWorks 5.0 2009-02-03 20:06:03 ----D---- C:\Documents and Settings\All Users\Application Data\Intuit 2009-02-03 20:06:00 ----RSD---- C:\WINDOWS\assembly 2009-02-03 20:05:59 ----D---- C:\WINDOWS\WinSxS 2009-02-03 20:05:41 ----D---- C:\Program Files\Common Files\Intuit 2009-02-03 19:57:22 ----D---- C:\Program Files\TurboTax 2009-02-03 18:21:12 ----A---- C:\WINDOWS\system32\MRT.exe 2009-01-31 13:40:31 ----D---- C:\Program Files\Sixty Second Tax Savings Organizer 2009-01-31 13:38:26 ----D---- C:\Program Files\hboss 2009-01-29 22:35:55 ----D---- C:\WINDOWS\Debug 2009-01-29 21:19:25 ----D---- C:\WINDOWS\SxsCaPendDel 2009-01-29 20:44:31 ----D---- C:\WINDOWS\Microsoft.NET 2009-01-29 20:28:23 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-01-29 20:19:48 ----D---- C:\WINDOWS\system32\XPSViewer 2009-01-29 20:19:41 ----D---- C:\WINDOWS\system32\en-US 2009-01-24 09:48:16 ----D---- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10 2009-01-17 22:27:25 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-01-17 22:27:22 ----D---- C:\WINDOWS\system32\drivers 2009-01-17 16:09:05 ----D---- C:\Program Files\trend micro 2009-01-16 21:35:14 ----A---- C:\WINDOWS\system32\mshtml.dll
|
|
#7
February 13th, 2009, 05:59 AM
|
|||
|
|||
|
part 5:
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2005-11-24 44288] R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2004-11-10 24832] R1 KLIF;KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [2008-09-18 148496] R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-10-09 353680] R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059] R2 pnarp;Pure Networks Device Discovery Driver; C:\WINDOWS\system32\DRIVERS\pnarp.sys [2008-05-16 23992] R2 purendis;Pure Networks Wireless Driver; C:\WINDOWS\system32\DRIVERS\purendis.sys [2008-05-16 25272] R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-12-01 2300928] R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-03-14 1032192] R3 ATIAVPCI;ATI Unified AVStream service; C:\WINDOWS\system32\DRIVERS\atinavrr.sys [2007-11-07 707968] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464] R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-10-04 51120] R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-10-04 16496] R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-10-04 21744] R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-06-17 1041536] R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2004-06-17 220032] R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-04-13 70144] R3 SunkFilt;Alcor Micro Corp Reader; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys [] R3 TotRec7;Total Recorder WDM audio driver; C:\WINDOWS\system32\drivers\TotRec7.sys [2008-11-18 127496] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-06-17 685056] S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592] S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-13 42752] S3 ADSFilter;ADSFilter - (Aluria Filter Driver); C:\WINDOWS\system32\DRIVERS\ADSFilter.sys [] S3 BW2NDIS5;BW2NDIS5; C:\WINDOWS\System32\Drivers\BW2NDIS5.sys [2004-11-01 17536] S3 catchme;catchme; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys [] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-02-29 20240] S3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2008-02-29 63120] S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344] S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880] S3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2008-02-29 79120] S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008] S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 mxnic;Macronix MX987xx Family Fast Ethernet NT Driver; C:\WINDOWS\system32\DRIVERS\mxnic.sys [2001-08-17 19968] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408] S3 Ser2pl;Prolific Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2003-07-16 43264] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [] S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-10 611664] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-03-14 352256] R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888] R2 EarthLinkMonitor;EarthLink Monitor Service; C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe [2005-01-26 65604] R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2004-09-28 195584] R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2004-08-10 102912] R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE [2006-04-18 102400] R2 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2008-10-10 13088] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984] R2 LinksysUpdater;Linksys Updater; C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-06-26 204800] R2 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2008-05-16 648504] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728] R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2005-05-19 172032] R2 QBCFMonitorService;QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [2008-09-10 24576] R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872] S2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-10-09 2405776] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\Presen tationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 QBFCService;Intuit QuickBooks FCS; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS. exe [2008-08-08 61440] S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF-----------------
|
|
#8
February 13th, 2009, 05:21 PM
|
||||
|
||||
|
You didn't post the second log yet, but so far no infection showing in this view. If I am associating that alert name correctly it would be a hidden winlogon function, so let's run a scan other than those you have used so far.
To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Download Malwarebytes' Anti-Malware from Here or Here. Double Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform quick scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.
|
|
#9
February 13th, 2009, 10:18 PM
|
|||
|
|||
|
Here is the 2nd log, sorry I forgot to send it before:
info.txt logfile of random's system information tool 1.05 2009-01-04 23:12:10 ======Uninstall list====== Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07} Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F} Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_acti veX.exe Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001} Adobe® Photoshop® Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61} Amazing Windows XP Screen Saver 1.2-->C:\WINDOWS\unins001.exe AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly AnswerWorks 5.0 English Runtime-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}\setup.exe" -l0x9 -uninst -removeonly Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959} CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" Coupon Printer for Windows-->"C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml" EarthLink Software-->"C:\Program Files\EarthLink TotalAccess\uninstll.exe" /W EarthLink Toolbar-->C:\Program Files\Bank Of America\Toolbar\uninst_tb.exe GolfLogix Course Manager 3.0-->"C:\Program Files\GolfLogix\CourseManager\unins000.exe" HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spunin st.exe" iPod for Windows 2006-06-28-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BD57EA4D-026E-4F08-9B93-080E282B81FE} iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371} Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF} Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020} Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060} Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Linksys EasyLink Advisor-->"C:\Program Files\InstallShield Installation Information\{284BD984-6E5C-4586-80A8-14D85E233497}\setup.exe" -runfromtemp -l0x0409 -removeonly Linksys EasyLink Advisor-->MsiExec.exe /I{284BD984-6E5C-4586-80A8-14D85E233497} Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Upd ates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Upda tes\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28} Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783} Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spunin st.exe" Microsoft Office 2003 Primary Interop Assemblies-->MsiExec.exe /X{91490409-6000-11D3-8CFE-0150048383C9} Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9} Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Microsoft Visual Studio 2005 Tools for Office Runtime-->MsiExec.exe /X{388E4B09-3E71-4649-8921-F44A3A2954A7} MobileMe Control Panel-->MsiExec.exe /I{2604C0F9-BFD3-4BA0-9EB5-22537C648F03} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC} MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} Net2Phone CommCenter-->C:\PROGRA~1\NET2PH~1\UNWISE.EXE /U C:\PROGRA~1\NET2PH~1\INSTALL.LOG PL-2303 USB-to-Serial-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Setup.exe" -l0x9 Installed Quicken 2008-->MsiExec.exe /X{3B0F52AC-EF5C-4831-B221-06C782E41280} QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4} Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\sp uninst.exe" Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\ spuninst.exe" Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spunin st.exe" Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spunin st.exe" Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spunin st.exe" Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spunin st.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spunin st.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spunin st.exe" Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spunin st.exe" Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spunin st.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spunin st.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spunin st.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spunin st.exe" Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spunin st.exe" Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spunin st.exe" Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spunin st.exe" Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spunin st.exe" Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spunin st.exe" Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spunin st.exe" Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spunin st.exe" Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spunin st.exe" Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spunin st.exe" Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spunin st.exe" Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spunin st.exe" Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spunin st.exe" Total Recorder 7.1-->"C:\Program Files\HighCriteria\TotalRecorder\setup.exe" U TurboTax Deluxe 2007-->C:\Program Files\TurboTax\Deluxe 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2007\Uninstall.log" -NoGui Unreal Streaming Media Player v 5.0-->MsiExec.exe /I{DB099DFB-C7A3-4A4F-AB24-C8ADCC94ABE6} Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spunin st.exe" Update for Windows XP (KB953356)-->"C:\WINDOWS\$NtUninstallKB953356$\spuninst\spunin st.exe" Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spunin st.exe" Visual Studio 2005 Tools for Office Second Edition Runtime-->c:\Program Files\Common Files\Microsoft Shared\VSTO\8.0\Microsoft Visual Studio 2005 Tools for Office Runtime\install.exe Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.ex e" Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spu ninst.exe" ======Security center information====== AV: Authentium Antivirus FW: Authentium Firewall (disabled) System event log Computer Name: BUSINESS Event Code: 7036 Message: The SSDP Discovery Service service entered the running state. Record Number: 61414 Source Name: Service Control Manager Time Written: 20081115064746.000000-300 Event Type: information User: Computer Name: BUSINESS Event Code: 7035 Message: The Remote Access Connection Manager service was successfully sent a start control. Record Number: 61413 Source Name: Service Control Manager Time Written: 20081115064746.000000-300 Event Type: information User: NT AUTHORITY\SYSTEM Computer Name: BUSINESS Event Code: 7036 Message: The Telephony service entered the running state. Record Number: 61412 Source Name: Service Control Manager Time Written: 20081115064746.000000-300 Event Type: information User: Computer Name: BUSINESS Event Code: 7036 Message: The Wireless Zero Configuration service entered the stopped state. Record Number: 61411 Source Name: Service Control Manager Time Written: 20081115064746.000000-300 Event Type: information User: Computer Name: BUSINESS Event Code: 7035 Message: The SSDP Discovery Service service was successfully sent a start control. Record Number: 61410 Source Name: Service Control Manager Time Written: 20081115064745.000000-300 Event Type: information User: NT AUTHORITY\SYSTEM Application event log Computer Name: BUSINESS Event Code: 1001 Message: Detection of product '{CD1CD48D-7B18-4254-B43D-AEAB704AB063}', feature 'MailBox' failed during request for component '{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}' Record Number: 158311 Source Name: MsiInstaller Time Written: 20081228183749.000000-300 Event Type: warning User: BUSINESS\Owner Computer Name: BUSINESS Event Code: 1004 Message: Detection of product '{CD1CD48D-7B18-4254-B43D-AEAB704AB063}', feature 'MailBox', component '{5CC2D105-DDDD-4EC4-8B74-750194E57B99}' failed. The resource 'HKEY_CURRENT_USER\Software\InstallShield\UpdateSe rvice\' does not exist. Record Number: 158310 Source Name: MsiInstaller Time Written: 20081228183749.000000-300 Event Type: warning User: BUSINESS\Owner Computer Name: BUSINESS Event Code: 1001 Message: Detection of product '{CD1CD48D-7B18-4254-B43D-AEAB704AB063}', feature 'MailBox' failed during request for component '{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}' Record Number: 158309 Source Name: MsiInstaller Time Written: 20081228183748.000000-300 Event Type: warning User: BUSINESS\Owner Computer Name: BUSINESS Event Code: 1004 Message: Detection of product '{CD1CD48D-7B18-4254-B43D-AEAB704AB063}', feature 'MailBox', component '{5CC2D105-DDDD-4EC4-8B74-750194E57B99}' failed. The resource 'HKEY_CURRENT_USER\Software\InstallShield\UpdateSe rvice\' does not exist. Record Number: 158308 Source Name: MsiInstaller Time Written: 20081228183748.000000-300 Event Type: warning User: BUSINESS\Owner Computer Name: BUSINESS Event Code: 1001 Message: Detection of product '{CD1CD48D-7B18-4254-B43D-AEAB704AB063}', feature 'MailBox' failed during request for component '{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}' Record Number: 158307 Source Name: MsiInstaller Time Written: 20081228183748.000000-300 Event Type: warning User: BUSINESS\Owner ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemR oot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\PROGRA~1\MICROS~2\Office;C:\Program Files\QuickTime\QTSystem\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 0, AuthenticAMD "PROCESSOR_REVISION"=2f00 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;. WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip -----------------EOF-----------------
|
|
#10
February 14th, 2009, 01:19 AM
|
|||
|
|||
|
Here is the scan from MalwareBytes: (FYI - I ran this scan prior to my post, it was clean then and is clean now. AdAware (Lavasoft) has identified the Crypt worm.
Malwarebytes' Anti-Malware 1.34 Database version: 1760 Windows 5.1.2600 Service Pack 3 2/13/2009 7:16:23 PM mbam-log-2009-02-13 (19-16-23).txt Scan type: Quick Scan Objects scanned: 75743 Time elapsed: 4 minute(s), 55 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
|
|
#11
February 14th, 2009, 01:39 AM
|
||||
|
||||
|
Starting to sound like a Zone Alarm problem and not actually malware involvement here, and without an actual file being located even more so. Let's check against a current online scan as one other scan method.
To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Then Go here and run the Kaspersky online scan, and post back the log it creates. To use the scan, accept the agreement and make sure you allow the ActiveX object to download and install (check the "yellow bar" at the top if needed to allow this). Once the Database download is completed, under Scan in the left column click My Computer to start the scan. This may take a very long time, so allow the scan to run and perhaps find something else to do. When the scan completes click View Scan Report. Then click Save Report As, and using the dropdown box save the report as "Files of Type: -> Text file (.txt)" to a location where you can find it again. Use any name you wish for the log. Then locate that log and copy/paste those contents back here please. The scan requires a good bit of database downloading and can take quite a while to complete.
|
|
#12
February 14th, 2009, 06:10 AM
|
|||
|
|||
|
Hi Jintan,
(I had to post this in several parts) I hope this is helpful from Ad-Aware (Lavasoft) On 2/11 and 2/12 Ad-Aware identified the Crypt worm. I don't know how to retrieve those log files. However, I scanned again today and I have provided the logfile below, however, while checking through the logfile, I did find the following: c:\windows\system32\cryptdll.dll c:\windows\system32\crypt32.dll (found this 21 times) c:\windows\system32\cryptsvc.dll c:\windows\system32\cryptui.dll Ad-Aware Build Log File Created on: 2009-02-13 20:23:02 Using Definitions File: C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\core.aawdef Computer name: BUSINESS Name of user performing scan: SYSTEM System information =========================== Number of processors: 1 Processor type: AMD Athlon(tm) 64 Processor 3500+ Memory Available: 26% Total Physical Memory: 937934848 Bytes Available Physical Memory: 242905088 Bytes Total Page File Size: 2270027776 Bytes Available On Page File: 1528840192 Bytes Total Virtual Memory: 2147352576 Bytes Available Virtual Memory: 1788829696 Bytes OS: Microsoft Windows XP Service Pack 3 (Build 2600) Ad-Aware Settings =========================== Skipping files larger than 1048576 kB Ignoring infections with lower TAI than: 3 Extended Ad-Aware Settings =========================== Unloading known modules during scan Ignoring spanned files when scanning cab archives Reanalyzing results after scanning before displaying results Trying to unload modules prior to removal Let Windows remove files currently in use at next reboot Removing quarantined objects after restore Deactivating Ad-Watch during scans Writeprotecting system files after repairs Include info about ignored objects in log file Including basic settings in log file Including advanced settings in log file Including user and computer name in log file Create and save WebUpdate log file Databaseinfo =========================== Version number: 146 Build Number: 8 Build Date and Time: 2009/02/09 10:37:07 Scan Statistics =========================== Method: Full Scan tracking cookies.............................: On Scan ADS filestreams..............................: Off Item Scanned: 265362 Infections Detected: 0 Infections Ignored: 7 Scan detailed statistics =========================== Type Critical Total Process Scan....: 0 0 Registry Scan...: 0 0 Registry PE Scan: 0 0 Hosts File Scan.: 0 0 File Scan.......: 0 0 Folder Scan.....: 0 0 LSP Scan........: 0 0 ADS Scan........: 0 0 Cookie Scan.....: 0 0 File Hash Scan..: 0 0 Infections Found =========================== Items Ignored During Scan =========================== Family Id: 311 Name: Dogpile Toolbar Category: Malware TAI:3 Item Id: 110108 Value: File: C:\Program Files\DogpileToolbar\insptbar.dll Item Id: 18763 Value: Root: HKCR Path: clsid\{5e92f538-b50b-46c5-9c5f-c6eeced3f6c6} Item Id: 18764 Value: Root: HKCR Path: clsid\{dca9f79b-903a-456d-847d-43a2efe0476b} Item Id: 18765 Value: Root: HKCR Path: typelib\{55a59ffc-65f0-4995-93ba-d03eaa16443d} Item Id: 18771 Value: Root: HKLM Path: software\microsoft\internet explorer\explorer bars\{5e92f538-b50b-46c5-9c5f-c6eeced3f6c6} Item Id: 1000000000 Value: Root: HKLM Path (x64): SOFTWARE\Classes\CLSID\{5E92F538-B50B-46c5-9C5F-C6EECED3F6C6} Item Id: 1000000000 Value: Root: HKLM Path (x64): SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} Item Id: 1000000000 Value: Root: HKLM Path (x64): SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{5E92F538-B50B-46c5-9C5F-C6EECED3F6C6} Item Id: 1000000000 Value: Root: HKU Path (x64): .DEFAULT\Software\Microsoft\Windows\CurrentVersion \Ext\Stats\{5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} Item Id: 1000000000 Value: Root: HKU Path (x64): S-1-5-21-1234803897-1624999815-2299881945-1006\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} Item Id: 110106 Value: File: C:\Program Files\gettbar.exe Item Id: 18766 Value: Root: HKU Path: S-1-5-21-1234803897-1624999815-2299881945-1006\software\infospace Item Id: 18772 Value: Root: HKLM Path: software\microsoft\windows\currentversion\uninstal l\dogpile toolbar Item Id: 56759 Value: Folder: C:\Program Files\dogpiletoolbar Family Id: 9999 Name: MRU Object Category: MRU Object TAI:0 Item Id: 1 Value: MRU Path: C:\Documents and Settings\Owner\Recent Count: 187 Item Id: 2 Value: MRU Registry Key: S-1-5-21-1234803897-1624999815-2299881945-1006\Software\Microsoft\Search Assistant\ACMru\5603 Count: 9 Listing of running processes =========================== C:\WINDOWS\SYSTEM32\SMSS.EXE c:\windows\system32\smss.exe c:\windows\system32\ntdll.dll C:\WINDOWS\SYSTEM32\CSRSS.EXE c:\windows\system32\csrss.exe c:\windows\system32\ntdll.dll c:\windows\system32\csrsrv.dll c:\windows\system32\basesrv.dll c:\windows\system32\winsrv.dll c:\windows\system32\gdi32.dll c:\windows\system32\kernel32.dll c:\windows\system32\user32.dll c:\windows\system32\lpk.dll c:\windows\system32\usp10.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\secur32.dll c:\windows\system32\sxs.dll c:\windows\system32\apphelp.dll c:\windows\system32\version.dll C:\WINDOWS\SYSTEM32\WINLOGON.EXE c:\windows\system32\winlogon.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\secur32.dll c:\windows\system32\authz.dll c:\windows\system32\msvcrt.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\nddeapi.dll c:\windows\system32\profmap.dll c:\windows\system32\netapi32.dll c:\windows\system32\userenv.dll c:\windows\system32\psapi.dll c:\windows\system32\regapi.dll c:\windows\system32\setupapi.dll c:\windows\system32\version.dll c:\windows\system32\winsta.dll c:\windows\system32\wintrust.dll c:\windows\system32\imagehlp.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\imm32.dll c:\windows\system32\lpk.dll c:\windows\system32\usp10.dll c:\windows\system32\msgina.dll c:\windows\system32\comctl32.dll c:\windows\system32\odbc32.dll c:\windows\system32\comdlg32.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll c:\windows\system32\odbcint.dll c:\windows\system32\shsvcs.dll c:\windows\system32\sfc.dll c:\windows\system32\sfc_os.dll c:\windows\system32\ole32.dll c:\windows\system32\apphelp.dll c:\windows\system32\msctfime.ime c:\windows\system32\sxs.dll c:\windows\system32\winscard.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\uxtheme.dll c:\windows\system32\winmm.dll c:\windows\system32\ati2evxx.dll c:\windows\system32\rsaenh.dll c:\windows\system32\cscdll.dll c:\windows\system32\dimsntfy.dll c:\windows\system32\wlnotify.dll c:\windows\system32\mpr.dll c:\windows\system32\winspool.drv c:\windows\system32\wgalogon.dll c:\windows\system32\oleaut32.dll c:\windows\system32\ntmarta.dll c:\windows\system32\samlib.dll c:\windows\system32\wldap32.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\msv1_0.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\cscui.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\drprov.dll c:\windows\system32\ntlanman.dll c:\windows\system32\netui0.dll c:\windows\system32\netui1.dll c:\windows\system32\netrap.dll c:\windows\system32\davclnt.dll c:\windows\system32\mprui.dll c:\windows\system32\netui2.dll c:\windows\system32\netmsg.dll c:\windows\system32\wdmaud.drv c:\windows\system32\msacm32.drv c:\windows\system32\msacm32.dll c:\windows\system32\midimap.dll c:\windows\system32\wbem\wbemprox.dll c:\windows\system32\wbem\wbemcomn.dll c:\windows\system32\wbem\wbemsvc.dll c:\windows\system32\wbem\fastprox.dll c:\windows\system32\msvcp60.dll c:\windows\system32\ntdsapi.dll c:\windows\system32\dnsapi.dll c:\windows\system32\msxml3.dll C:\WINDOWS\SYSTEM32\SERVICES.EXE c:\windows\system32\services.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\secur32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\ncobjapi.dll c:\windows\system32\msvcp60.dll c:\windows\system32\scesrv.dll c:\windows\system32\authz.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\userenv.dll c:\windows\system32\umpnpmgr.dll c:\windows\system32\winsta.dll c:\windows\system32\netapi32.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acadproc.dll c:\windows\system32\imm32.dll c:\windows\system32\lpk.dll c:\windows\system32\usp10.dll c:\windows\system32\apphelp.dll c:\windows\system32\version.dll c:\windows\system32\eventlog.dll c:\windows\system32\psapi.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\wtsapi32.dll C:\WINDOWS\SYSTEM32\LSASS.EXE c:\windows\system32\lsass.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\secur32.dll c:\windows\system32\lsasrv.dll c:\windows\system32\mpr.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\msasn1.dll c:\windows\system32\msvcrt.dll c:\windows\system32\netapi32.dll c:\windows\system32\ntdsapi.dll c:\windows\system32\dnsapi.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\wldap32.dll c:\windows\system32\samlib.dll c:\windows\system32\samsrv.dll c:\windows\system32\cryptdll.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\winmm.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\msacm32.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\userenv.dll c:\windows\system32\uxtheme.dll c:\windows\system32\imm32.dll c:\windows\system32\lpk.dll c:\windows\system32\usp10.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\msprivs.dll c:\windows\system32\kerberos.dll c:\windows\system32\msv1_0.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\netlogon.dll c:\windows\system32\w32time.dll c:\windows\system32\msvcp60.dll c:\windows\system32\schannel.dll c:\windows\system32\crypt32.dll c:\windows\system32\wdigest.dll c:\windows\system32\rsaenh.dll c:\windows\system32\scecli.dll c:\windows\system32\setupapi.dll c:\windows\system32\ipsecsvc.dll c:\windows\system32\authz.dll c:\windows\system32\oakley.dll c:\windows\system32\winipsec.dll c:\windows\system32\pstorsvc.dll c:\windows\system32\mswsock.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll c:\windows\system32\psbase.dll c:\windows\system32\dssenh.dll C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE c:\windows\system32\ati2evxx.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\secur32.dll c:\windows\system32\imm32.dll c:\windows\system32\lpk.dll c:\windows\system32\usp10.dll c:\windows\system32\msctfime.ime c:\windows\system32\msvcrt.dll c:\windows\system32\ole32.dll c:\windows\system32\ati2edxx.dll c:\windows\system32\uxtheme.dll C:\WINDOWS\SYSTEM32\SVCHOST.EXE c:\windows\system32\svchost.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\secur32.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\winmm.dll c:\windows\system32\ole32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\oleaut32.dll c:\windows\system32\msacm32.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\userenv.dll c:\windows\system32\uxtheme.dll c:\windows\system32\imm32.dll
|
|
#13
February 14th, 2009, 06:11 AM
|
|||
|
|||
|
Part 2:
c:\windows\system32\lpk.dll c:\windows\system32\usp10.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\ntmarta.dll c:\windows\system32\samlib.dll c:\windows\system32\wldap32.dll c:\windows\system32\rpcss.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\apphelp.dll c:\windows\system32\termsrv.dll c:\windows\system32\icaapi.dll c:\windows\system32\setupapi.dll c:\windows\system32\wintrust.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imagehlp.dll c:\windows\system32\authz.dll c:\windows\system32\mstlsapi.dll c:\windows\system32\activeds.dll c:\windows\system32\adsldpc.dll c:\windows\system32\netapi32.dll c:\windows\system32\atl.dll c:\windows\system32\regapi.dll c:\windows\system32\rsaenh.dll c:\windows\system32\msi.dll c:\windows\system32\mscoree.dll c:\windows\microsoft.net\framework\v2.0.50727\fusi on.dll c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a 1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll c:\windows\microsoft.net\framework\v2.0.50727\msco rwks.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\winsta.dll c:\windows\system32\msv1_0.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\svchost.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\secur32.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\winmm.dll c:\windows\system32\ole32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\oleaut32.dll c:\windows\system32\msacm32.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\userenv.dll c:\windows\system32\uxtheme.dll c:\windows\system32\imm32.dll c:\windows\system32\lpk.dll c:\windows\system32\usp10.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\rpcss.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\rsaenh.dll c:\windows\system32\mswsock.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll c:\windows\system32\dnsapi.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\winrnr.dll c:\windows\system32\wldap32.dll c:\program files\bonjour\mdnsnsp.dll c:\windows\system32\rasadhlp.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\msi.dll c:\windows\system32\mscoree.dll c:\windows\microsoft.net\framework\v2.0.50727\fusi on.dll c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a 1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll c:\windows\microsoft.net\framework\v2.0.50727\msco rwks.dll c:\windows\system32\svchost.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\secur32.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\winmm.dll c:\windows\system32\ole32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\oleaut32.dll c:\windows\system32\msacm32.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\userenv.dll c:\windows\system32\uxtheme.dll c:\windows\system32\imm32.dll c:\windows\system32\lpk.dll c:\windows\system32\usp10.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\ntmarta.dll c:\windows\system32\samlib.dll c:\windows\system32\wldap32.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\shsvcs.dll c:\windows\system32\winsta.dll c:\windows\system32\netapi32.dll c:\windows\system32\dhcpcsvc.dll c:\windows\system32\dnsapi.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\mswsock.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll c:\windows\system32\rsaenh.dll c:\windows\system32\wzcsvc.dll c:\windows\system32\rtutils.dll c:\windows\system32\wmi.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\eapolqec.dll c:\windows\system32\atl.dll c:\windows\system32\qutil.dll c:\windows\system32\msvcp60.dll c:\windows\system32\dot3api.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\esent.dll c:\windows\system32\cryptsvc.dll c:\windows\system32\certcli.dll c:\windows\system32\cryptui.dll c:\windows\system32\wininet.dll c:\windows\system32\normaliz.dll c:\windows\system32\iertutil.dll c:\windows\system32\wintrust.dll c:\windows\system32\imagehlp.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\mprapi.dll c:\windows\system32\activeds.dll c:\windows\system32\adsldpc.dll c:\windows\system32\setupapi.dll c:\windows\system32\rasapi32.dll c:\windows\system32\rasman.dll c:\windows\system32\tapi32.dll c:\windows\system32\msv1_0.dll c:\windows\system32\schedsvc.dll c:\windows\system32\ntdsapi.dll c:\windows\system32\msidle.dll c:\windows\system32\audiosrv.dll c:\windows\system32\wkssvc.dll c:\windows\system32\dmserver.dll c:\windows\system32\ersvc.dll c:\windows\system32\hidserv.dll c:\windows\system32\hid.dll c:\windows\pchealth\helpctr\binaries\pchsvc.dll c:\windows\system32\es.dll c:\windows\system32\srvsvc.dll c:\windows\system32\netman.dll c:\windows\system32\netshell.dll c:\windows\system32\credui.dll c:\windows\system32\dot3dlg.dll c:\windows\system32\onex.dll c:\windows\system32\eappcfg.dll c:\windows\system32\eappprxy.dll c:\windows\system32\wzcsapi.dll c:\windows\system32\winspool.drv c:\windows\system32\seclogon.dll c:\windows\system32\srsvc.dll c:\windows\system32\powrprof.dll c:\windows\system32\sens.dll c:\windows\system32\sxs.dll c:\windows\system32\trkwks.dll c:\windows\system32\wuauserv.dll c:\windows\system32\wbem\wmisvc.dll c:\windows\system32\vssapi.dll c:\windows\system32\wuaueng.dll c:\windows\system32\winhttp.dll c:\windows\system32\cabinet.dll c:\windows\system32\mspatcha.dll c:\windows\system32\w32time.dll c:\windows\system32\winrnr.dll c:\program files\bonjour\mdnsnsp.dll c:\windows\system32\comsvcs.dll c:\windows\system32\colbact.dll c:\windows\system32\mtxclu.dll c:\windows\system32\wsock32.dll c:\windows\system32\clusapi.dll c:\windows\system32\resutils.dll c:\windows\system32\sfc.dll c:\windows\system32\sfc_os.dll c:\windows\system32\ipnathlp.dll c:\windows\system32\authz.dll c:\windows\system32\browser.dll c:\windows\system32\wscsvc.dll c:\windows\system32\msi.dll c:\windows\system32\wbem\wbemcomn.dll c:\windows\system32\wbem\wbemcore.dll c:\windows\system32\wbem\esscli.dll c:\windows\system32\wbem\fastprox.dll c:\windows\system32\wbem\wbemsvc.dll c:\windows\system32\wbem\wmiutils.dll c:\windows\system32\wbem\repdrvfs.dll c:\windows\system32\wbem\wmiprvsd.dll c:\windows\system32\ncobjapi.dll c:\windows\system32\wbem\wbemess.dll c:\windows\system32\upnp.dll c:\windows\system32\ssdpapi.dll c:\windows\system32\netcfgx.dll c:\windows\system32\rasmans.dll c:\windows\system32\winipsec.dll c:\windows\system32\wbem\ncprov.dll c:\windows\system32\tapisrv.dll c:\windows\system32\psapi.dll c:\windows\system32\rastapi.dll c:\windows\system32\unimdm.tsp c:\windows\system32\uniplat.dll c:\windows\system32\unimdmat.dll c:\windows\system32\modemui.dll c:\windows\system32\kmddsp.tsp c:\windows\system32\ndptsp.tsp c:\windows\system32\ipconf.tsp c:\windows\system32\h323.tsp c:\windows\system32\hidphone.tsp c:\windows\system32\rasppp.dll c:\windows\system32\ntlsapi.dll c:\windows\system32\kerberos.dll c:\windows\system32\cryptdll.dll c:\windows\system32\rasqec.dll c:\windows\system32\raschap.dll c:\windows\system32\rastls.dll c:\windows\system32\schannel.dll c:\windows\system32\winscard.dll c:\windows\system32\rasadhlp.dll c:\windows\system32\rasdlg.dll c:\windows\system32\msxml3.dll c:\windows\system32\urlmon.dll c:\windows\system32\apphelp.dll c:\windows\system32\wups.dll c:\windows\system32\advpack.dll c:\windows\system32\dssenh.dll c:\windows\system32\catsrvut.dll c:\windows\system32\catsrv.dll c:\windows\system32\mfcsubs.dll c:\windows\system32\mpr.dll c:\windows\system32\wuapi.dll c:\windows\system32\wbem\wbemprox.dll c:\windows\system32\svchost.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\secur32.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\winmm.dll c:\windows\system32\ole32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\oleaut32.dll c:\windows\system32\msacm32.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll
|
|
#14
February 14th, 2009, 06:12 AM
|
|||
|
|||
|
Part 3:
c:\windows\system32\shlwapi.dll c:\windows\system32\userenv.dll c:\windows\system32\uxtheme.dll c:\windows\system32\imm32.dll c:\windows\system32\lpk.dll c:\windows\system32\usp10.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\dnsrslvr.dll c:\windows\system32\dnsapi.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\rsaenh.dll c:\windows\system32\mswsock.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll c:\windows\system32\svchost.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\secur32.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\winmm.dll c:\windows\system32\ole32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\oleaut32.dll c:\windows\system32\msacm32.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\userenv.dll c:\windows\system32\uxtheme.dll c:\windows\system32\imm32.dll c:\windows\system32\lpk.dll c:\windows\system32\usp10.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\ntmarta.dll c:\windows\system32\samlib.dll c:\windows\system32\wldap32.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\lmhsvc.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\mswsock.dll c:\windows\system32\dnsapi.dll c:\program files\bonjour\mdnsnsp.dll c:\windows\system32\rasadhlp.dll c:\windows\system32\webclnt.dll c:\windows\system32\wininet.dll c:\windows\system32\normaliz.dll c:\windows\system32\iertutil.dll c:\windows\system32\regsvc.dll c:\windows\system32\ssdpsrv.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\wshtcpip.dll c:\windows\system32\rsaenh.dll c:\windows\system32\httpapi.dll c:\windows\system32\winhttp.dll C:\PROGRAM FILES\LAVASOFT\AD-AWARE\AAWSERVICE.EXE c:\program files\lavasoft\ad-aware\aawservice.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\program files\lavasoft\ad-aware\ceapi.dll c:\windows\system32\wininet.dll c:\windows\system32\msvcrt.dll c:\windows\system32\shlwapi.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\secur32.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\windows\system32\normaliz.dll c:\windows\system32\iertutil.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\program files\lavasoft\ad-aware\pkarchive85u.dll c:\windows\system32\shell32.dll c:\windows\system32\ole32.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\wldap32.dll c:\windows\system32\psapi.dll c:\windows\system32\version.dll c:\windows\system32\userenv.dll c:\windows\system32\imm32.dll c:\windows\system32\lpk.dll c:\windows\system32\usp10.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\rsaenh.dll C:\WINDOWS\SYSTEM32\SPOOLSV.EXE c:\windows\system32\spoolsv.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\secur32.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\winmm.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\msacm32.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\userenv.dll c:\windows\system32\uxtheme.dll c:\windows\system32\imm32.dll c:\windows\system32\lpk.dll c:\windows\system32\usp10.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\spoolss.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\dnsapi.dll c:\windows\system32\rasadhlp.dll c:\windows\system32\localspl.dll c:\windows\system32\sfc_os.dll c:\windows\system32\wintrust.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imagehlp.dll c:\windows\system32\winspool.drv c:\windows\system32\netapi32.dll c:\windows\system32\cnbjmon.dll c:\windows\system32\e_flbbna.dll c:\windows\system32\hpzlnt07.dll c:\windows\system32\hpzlnt12.dll c:\windows\system32\bimmonnt.dll c:\windows\biimg.dll c:\windows\system32\mdimon.dll c:\windows\system32\msi.dll c:\windows\system32\pjlmon.dll c:\windows\system32\tcpmon.dll c:\windows\system32\usbmon.dll c:\windows\system32\spool\prtprocs\w32x86\mdippr.d ll c:\windows\system32\spool\prtprocs\w32x86\filterpi pelineprintproc.dll c:\windows\system32\spool\prtprocs\w32x86\bimpront .dll c:\windows\system32\mswsock.dll c:\windows\system32\winrnr.dll c:\windows\system32\wldap32.dll c:\program files\bonjour\mdnsnsp.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\win32spl.dll c:\windows\system32\netrap.dll c:\windows\system32\ntdsapi.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\inetpp.dll c:\windows\system32\xpsp2res.dll C:\PROGRAM FILES\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\wsock32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\secur32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\ws2help.dll c:\windows\system32\setupapi.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\windows\system32\imm32.dll c:\windows\system32\lpk.dll c:\windows\system32\usp10.dll c:\windows\system32\ntmarta.dll c:\windows\system32\ole32.dll c:\windows\system32\samlib.dll c:\windows\system32\wldap32.dll c:\windows\system32\mswsock.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll c:\windows\system32\wintrust.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imagehlp.dll C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE c:\program files\bonjour\mdnsresponder.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\secur32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\ws2help.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\imm32.dll c:\windows\system32\lpk.dll c:\windows\system32\usp10.dll c:\windows\system32\rsaenh.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\mswsock.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll c:\windows\system32\mprapi.dll c:\windows\system32\activeds.dll c:\windows\system32\adsldpc.dll c:\windows\system32\netapi32.dll c:\windows\system32\wldap32.dll c:\windows\system32\atl.dll c:\windows\system32\rtutils.dll c:\windows\system32\samlib.dll c:\windows\system32\setupapi.dll C:\PROGRAM FILES\EARTHLINK TOTALACCESS\WENGINE\WMONITOR.EXE c:\program files\earthlink totalaccess\wengine\wmonitor.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\secur32.dll c:\windows\system32\ole32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\oleaut32.dll c:\windows\system32\imm32.dll c:\windows\system32\lpk.dll c:\windows\system32\usp10.dll c:\windows\system32\uxtheme.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\version.dll c:\program files\earthlink totalaccess\wengine\wruntime.dll c:\windows\system32\icmp.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\setupapi.dll c:\windows\system32\shlwapi.dll c:\windows\system32\wsock32.dll c:\windows\system32\shell32.dll c:\windows\system32\wininet.dll c:\windows\system32\normaliz.dll c:\windows\system32\iertutil.dll c:\windows\system32\lz32.dll c:\windows\system32\msvcp60.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\rasapi32.dll c:\windows\system32\rasman.dll c:\windows\system32\netapi32.dll c:\windows\system32\tapi32.dll c:\windows\system32\rtutils.dll c:\windows\system32\winmm.dll c:\windows\system32\msxml3.dll C:\WINDOWS\EHOME\EHRECVR.EXE c:\windows\ehome\ehrecvr.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\atl.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\secur32.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\imm32.dll c:\windows\system32\lpk.dll c:\windows\system32\usp10.dll c:\windows\system32\uxtheme.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\ntmarta.dll c:\windows\system32\samlib.dll c:\windows\system32\wldap32.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\version.dll c:\windows\system32\sbe.dll c:\windows\system32\winmm.dll c:\windows\system32\msvidctl.dll c:\windows\system32\quartz.dll
|
|
#15
February 14th, 2009, 06:14 AM
|
|||
|
|||
|
Part 4:
c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\devenum.dll c:\windows\system32\setupapi.dll c:\windows\system32\wintrust.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imagehlp.dll c:\windows\system32\msdmo.dll c:\windows\system32\ksproxy.ax c:\windows\system32\ksuser.dll c:\windows\system32\wdmaud.drv c:\windows\system32\msacm32.drv c:\windows\system32\msacm32.dll c:\windows\system32\midimap.dll c:\windows\system32\dsound.dll c:\windows\system32\kstvtune.ax c:\windows\system32\vidcap.ax c:\windows\system32\atinpprr.ax c:\windows\system32\kswdmcap.ax c:\windows\system32\mfc42.dll c:\windows\system32\ksxbar.ax c:\windows\system32\encapi.dll c:\windows\system32\mpg2splt.ax c:\windows\system32\vbicodec.ax c:\windows\system32\encdec.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\drmclien.dll c:\windows\system32\wmvcore.dll c:\windows\system32\wmasf.dll c:\windows\system32\mlang.dll c:\windows\system32\qasf.dll c:\windows\system32\wmvdmoe2.dll c:\windows\system32\wmvdmod.dll c:\windows\system32\wmvds32.ax c:\windows\system32\wmv8ds32.ax c:\windows\system32\wmvadve.dll c:\windows\system32\wmvadvd.dll c:\windows\system32\wmspdmoe.dll c:\windows\system32\wmadmoe.dll c:\windows\system32\wmadmod.dll c:\windows\system32\msadds32.ax c:\windows\system32\sbeio.dll c:\windows\ehome\ehproxy.dll C:\WINDOWS\EHOME\EHSCHED.EXE c:\windows\ehome\ehsched.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\atl.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\secur32.dll c:\windows\system32\ole32.dll c:\windows\system32\oleaut32.dll c:\windows\system32\imm32.dll c:\windows\system32\lpk.dll c:\windows\system32\usp10.dll c:\windows\system32\uxtheme.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\version.dll c:\windows\system32\msi.dll c:\windows\ehome\ehproxy.dll c:\windows\system32\sxs.dll c:\windows\system32\tapi3.dll c:\windows\system32\wininet.dll c:\windows\system32\shlwapi.dll c:\windows\system32\normaliz.dll c:\windows\system32\iertutil.dll c:\windows\system32\winmm.dll c:\windows\system32\rtutils.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll c:\windows\system32\confmsp.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\mswsock.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll c:\windows\system32\termmgr.dll c:\windows\system32\h323msp.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\msasn1.dll C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\EPSON\EPW!3 SSRP\E_S30RP1.EXE c:\documents and settings\all users\application data\epson\epw!3 ssrp\e_s30rp1.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\advapi32.dll c:\windows\system32\secur32.dll c:\windows\system32\rpcns4.dll c:\windows\system32\winspool.drv c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\imm32.dll c:\windows\system32\lpk.dll c:\windows\system32\usp10.dll C:\PROGRAM FILES\COMMON FILES\INTUIT\UPDATE SERVICE\INTUITUPDATESERVICE.EXE c:\program files\common files\intuit\update service\intuitupdateservice.exe c:\windows\system32\ntdll.dll c:\windows\system32\mscoree.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\secur32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\imm32.dll c:\windows\system32\lpk.dll c:\windows\system32\usp10.dll c:\windows\microsoft.net\framework\v2.0.50727\msco rwks.dll c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a 1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll c:\windows\system32\shell32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\assembly\nativeimages_v2.0.50727_32\msc orlib\6d667f19d687361886990f3ca0f49816\mscorlib.ni .dll c:\windows\system32\ole32.dll c:\windows\system32\rsaenh.dll c:\windows\microsoft.net\framework\v2.0.50727\msco rjit.dll c:\windows\assembly\nativeimages_v2.0.50727_32\sys tem\80978a322d7dd39f0a71be1251ae395a\system.ni.dll c:\windows\assembly\nativeimages_v2.0.50727_32\sys tem.serviceproce#\ea3366939280c1715f1c620e33ee3c8a \system.serviceprocess.ni.dll c:\windows\assembly\gac_msil\intuit.spc.esd.wincli ent.application.updateservice\1.0.0.0__540d4816ead 86321\intuit.spc.esd.winclient.application.updates ervice.dll c:\windows\assembly\gac_msil\intuit.spc.esd.wincli ent.application.updateservice.plugincontract\1.0.0 .0__540d4816ead86321\intuit.spc.esd.winclient.appl ication.updateservice.plugincontract.dll c:\windows\system32\shfolder.dll c:\windows\system32\version.dll c:\windows\assembly\gac_msil\intuit.spc.esd.wincli ent.application.updateserviceplugin\2.1.72.0__540d 4816ead86321\intuit.spc.esd.winclient.application. updateserviceplugin.dll c:\windows\assembly\gac_msil\intuit.spc.esd.client .common\2.1.72.0__540d4816ead86321\intuit.spc.esd. client.common.dll c:\windows\assembly\gac_msil\intuit.spc.esd.core\2 .0.145.0__540d4816ead86321\intuit.spc.esd.core.dll c:\windows\assembly\gac_msil\intuit.spc.esd.wincli ent.ipc.remoting.updateserviceworker\2.1.72.0__540 d4816ead86321\intuit.spc.esd.winclient.ipc.remotin g.updateserviceworker.dll c:\windows\assembly\gac_msil\intuit.spc.foundation s.primary.logging\3.1.2.2__540d4816ead86321\intuit .spc.foundations.primary.logging.dll c:\windows\assembly\gac_msil\intuit.spc.foundation s.portability\3.1.2.2__540d4816ead86321\intuit.spc .foundations.portability.dll c:\windows\assembly\gac_msil\intuit.spc.foundation s.primary.exceptionhandling\3.1.2.2__540d4816ead86 321\intuit.spc.foundations.primary.exceptionhandli ng.dll c:\windows\assembly\gac_msil\intuit.spc.foundation s.primary.config\3.1.2.2__540d4816ead86321\intuit. spc.foundations.primary.config.dll c:\windows\assembly\gac_msil\system\2.0.0.0__b77a5 c561934e089\system.dll c:\windows\assembly\gac_msil\system.configuration\ 2.0.0.0__b03f5f7f11d50a3a\system.configuration.dll c:\windows\assembly\gac_msil\system.xml\2.0.0.0__b 77a5c561934e089\system.xml.dll c:\windows\microsoft.net\framework\v2.0.50727\dias ymreader.dll c:\windows\assembly\gac_msil\intuit.spc.esd.wincli ent.api.net\2.1.72.0__540d4816ead86321\intuit.spc. esd.winclient.api.net.dll c:\windows\assembly\gac_msil\intuit.spc.esd.client .dataaccess\2.1.72.0__540d4816ead86321\intuit.spc. esd.client.dataaccess.dll c:\windows\assembly\gac_msil\intuit.spc.esd.client .businesslogic\2.1.72.0__540d4816ead86321\intuit.s pc.esd.client.businesslogic.dll c:\windows\assembly\gac_32\system.data.sqlite\1.0. 56.0__28c9bcd4dddc48a1\system.data.sqlite.dll c:\windows\assembly\gac_32\system.data\2.0.0.0__b7 7a5c561934e089\system.data.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\assembly\gac_32\system.transactions\2.0 .0.0__b77a5c561934e089\system.transactions.dll c:\windows\assembly\gac_msil\intuit.spc.map.report er\4.0.95.0__7ce6deabcb36a8ea\intuit.spc.map.repor ter.dll c:\windows\assembly\gac_32\system.enterpriseservic es\2.0.0.0__b03f5f7f11d50a3a\system.enterpriseserv ices.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\mswsock.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll c:\windows\assembly\gac_msil\system.runtime.remoti ng\2.0.0.0__b77a5c561934e089\system.runtime.remoti ng.dll c:\windows\assembly\gac_msil\intuit.spc.map.window sfirewallutilities\4.0.95.0__7ce6deabcb36a8ea\intu it.spc.map.windowsfirewallutilities.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\oleaut32.dll c:\windows\assembly\gac_msil\system.serviceprocess \2.0.0.0__b03f5f7f11d50a3a\system.serviceprocess.d ll C:\PROGRAM FILES\JAVA\JRE6\BIN\JQS.EXE c:\program files\java\jre6\bin\jqs.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\secur32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\ws2help.dll c:\windows\system32\ole32.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\program files\java\jre6\bin\msvcr71.dll c:\windows\system32\imm32.dll c:\windows\system32\lpk.dll c:\windows\system32\usp10.dll c:\windows\system32\psapi.dll c:\windows\system32\pdh.dll c:\windows\system32\comdlg32.dll c:\windows\system32\comctl32.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\odbc32.dll c:\windows\system32\odbcbcp.dll c:\windows\system32\version.dll c:\windows\system32\oleaut32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll c:\windows\system32\odbcint.dll c:\windows\system32\mswsock.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll c:\windows\system32\perfos.dll c:\windows\system32\perfdisk.dll C:\PROGRAM FILES\LINKSYS\LINKSYS UPDATER\BIN\LINKSYSUPDATER.EXE c:\program files\linksys\linksys updater\bin\linksysupdater.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\wsock32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\secur32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\ws2help.dll c:\windows\system32\shlwapi.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\windows\system32\imm32.dll c:\windows\system32\lpk.dll c:\windows\system32\usp10.dll c:\windows\system32\psapi.dll c:\windows\system32\mswsock.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll c:\windows\system32\apphelp.dll C:\WINDOWS\SYSTEM32\HPZIPM12.EXE c:\windows\system32\hpzipm12.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\wsock32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\secur32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\ws2help.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\imm32.dll c:\windows\system32\lpk.dll c:\windows\system32\usp10.dll c:\windows\system32\ntmarta.dll c:\windows\system32\ole32.dll c:\windows\system32\samlib.dll c:\windows\system32\wldap32.dll c:\windows\system32\uxtheme.dll C:\PROGRAM FILES\COMMON FILES\NEW BOUNDARY\PRISMXL\PRISMXL.SYS c:\program files\common files\new boundary\prismxl\prismxl.sys c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\winspool.drv c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\secur32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\ole32.dll c:\windows\system32\imm32.dll c:\windows\system32\lpk.dll c:\windows\system32\usp10.dll c:\windows\system32\uxtheme.dll C:\PROGRAM FILES\COMMON FILES\INTUIT\QUICKBOOKS\QBCFMONITORSERVICE.EXE c:\program files\common files\intuit\quickbooks\qbcfmonitorservice.exe c:\windows\system32\ntdll.dll c:\windows\system32\mscoree.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\secur32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\imm32.dll c:\windows\system32\lpk.dll c:\windows\system32\usp10.dll c:\windows\microsoft.net\framework\v2.0.50727\msco rwks.dll c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a 1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll c:\windows\system32\shell32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\assembly\nativeimages_v2.0.50727_32\msc orlib\6d667f19d687361886990f3ca0f49816\mscorlib.ni .dll c:\windows\system32\ole32.dll c:\windows\system32\rsaenh.dll c:\windows\assembly\nativeimages_v2.0.50727_32\sys tem\80978a322d7dd39f0a71be1251ae395a\system.ni.dll c:\windows\assembly\nativeimages_v2.0.50727_32\sys tem.serviceproce#\ea3366939280c1715f1c620e33ee3c8a \system.serviceprocess.ni.dll c:\windows\microsoft.net\framework\v2.0.50727\msco rjit.dll c:\program files\common files\intuit\quickbooks\cfscan.dll c:\windows\system32\shfolder.dll c:\program files\common files\intuit\quickbooks\qbdbportfinder.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\program files\common files\intuit\quickbooks\stlport_r50.dll c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a 1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll c:\windows\system32\mswsock.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll C:\WINDOWS\SYSTEM32\JAVA.EXE c:\windows\system32\java.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\secur32.dll c:\program files\java\jre6\bin\msvcr71.dll c:\program files\java\jre6\bin\client\jvm.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\winmm.dll c:\windows\system32\imm32.dll c:\windows\system32\lpk.dll c:\windows\system32\usp10.dll c:\program files\java\jre6\bin\hpi.dll c:\windows\system32\psapi.dll c:\program files\java\jre6\bin\verify.dll c:\program files\java\jre6\bin\java.dll c:\program files\java\jre6\bin\zip.dll c:\windows\system32\shell32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\shlwapi.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll c:\program files\java\jre6\bin\awt.dll c:\windows\system32\winspool.drv c:\windows\system32\ole32.dll c:\windows\system32\uxtheme.dll c:\program files\java\jre6\bin\fontmanager.dll c:\program files\linksys\linksys updater\lib\wrapper.dll c:\program files\java\jre6\bin\net.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\mswsock.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll c:\windows\system32\apphelp.dll c:\windows\system32\version.dll c:\windows\system32\rsaenh.dll c:\windows\system32\dnsapi.dll c:\windows\system32\winrnr.dll c:\windows\system32\wldap32.dll c:\program files\bonjour\mdnsnsp.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\rasadhlp.dll c:\program files\java\jre6\bin\sunmscapi.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE c:\windows\system32\ati2evxx.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\secur32.dll c:\windows\system32\imm32.dll c:\windows\system32\lpk.dll c:\windows\system32\usp10.dll c:\windows\system32\uxtheme.dll c:\windows\system32\msvcrt.dll c:\windows\system32\msctfime.ime c:\windows\system32\ole32.dll c:\windows\system32\ati2edxx.dll c:\windows\system32\msctf.dll C:\WINDOWS\SYSTEM32\SVCHOST.EXE c:\windows\system32\svchost.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\secur32.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\user32.dll c:\windows\system32\gdi32.dll c:\windows\system32\winmm.dll c:\windows\system32\ole32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\oleaut32.dll c:\windows\system32\msacm32.dll c:\windows\system32\version.dll c:\windows\system32\shell32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\userenv.dll c:\windows\system32\uxtheme.dll c:\windows\system32\imm32.dll c:\windows\system32\lpk.dll c:\windows\system32\usp10.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll c:\windows\system32\comctl32.dll c:\windows\system32\wiaservc.dll c:\windows\system32\cfgmgr32.dll c:\windows\system32\setupapi.dll c:\windows\system32\mscms.dll c:\windows\system32\winspool.drv c:\windows\system32\winsta.dll c:\windows\system32\netapi32.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\wintrust.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\imagehlp.dll c:\windows\system32\hpgwiamd.dll c:\windows\system32\actxprxy.dll c:\windows\system32\sti.dll C:\WINDOWS\EXPLORER.EXE c:\windows\explorer.exe c:\windows\system32\ntdll.dll c:\windows\system32\kernel32.dll c:\windows\system32\advapi32.dll c:\windows\system32\rpcrt4.dll c:\windows\system32\secur32.dll c:\windows\system32\browseui.dll c:\windows\system32\gdi32.dll c:\windows\system32\user32.dll c:\windows\system32\msvcrt.dll c:\windows\system32\ole32.dll c:\windows\system32\shlwapi.dll c:\windows\system32\oleaut32.dll c:\windows\system32\shdocvw.dll c:\windows\system32\crypt32.dll c:\windows\system32\msasn1.dll c:\windows\system32\cryptui.dll c:\windows\system32\netapi32.dll c:\windows\system32\version.dll c:\windows\system32\wininet.dll c:\windows\system32\normaliz.dll c:\windows\system32\iertutil.dll c:\windows\system32\wintrust.dll c:\windows\system32\imagehlp.dll c:\windows\system32\wldap32.dll c:\windows\system32\shell32.dll c:\windows\system32\uxtheme.dll c:\windows\system32\shimeng.dll c:\windows\apppatch\acgenral.dll c:\windows\system32\winmm.dll c:\windows\system32\msacm32.dll c:\windows\system32\userenv.dll c:\windows\system32\imm32.dll
|
|
| Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
Similar Topics
|
||||
| Topic | Topic Starter | Forum | Replies | Last Post |
| How to De-Crypt Infected Files from Virus | leachim | Malware Removal | 3 | May 31st, 2014 11:04 PM |
| Crypt trojan and Taquito worm problem | cuzza_fin | Malware Removal | 1 | September 30th, 2009 02:49 AM |
| Infected with R/Crypt.ULPM.Gen Trojan (Logs inside) | PossibleOne | Malware Removal | 47 | September 4th, 2008 03:36 AM |
| Help, infected with a worm. | gehjl | Malware Removal | 8 | May 2nd, 2008 05:18 AM |
| Infected with a worm? | museltof | Windows ME | 5 | September 12th, 2003 05:17 AM |
All times are GMT +1. The time now is 12:23 AM.