Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Chinese Navigation and my Pc crashes

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby Susan528 » November 1st, 2006, 4:00 pm

Killbox did not work. Can you manually delete the following?

Please set your system to show all files; please see here if you're unsure how to do this.

Reboot into Safe Mode: please see here if you are not sure how to do this.

Using Windows Explorer, locate the following files/folders, and delete them:
C:\Documents and Settings\All Users\Application Data\Logidolseekstyle\<=folder
C:\Documents and Settings\Tariq\Application Data\bold byte mode\<=folder
C:\Documents and Settings\Tariq\Desktop\requested-files[2006-10-31_17_42].cab<=file
C:\Program Files\107up.exe<=file

Exit Explorer, and reboot as normal afterwards.
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA
Advertisement
Register to Remove

Unread postby pokhim » November 1st, 2006, 6:10 pm

the chinese wirting in my address bar along with a button that says chinese naviagtion have reappered. i have just done what you said. i will scan with kasp and post a log aswell as hjt log. anything else you can suggest to get rid of this chinese navigation?
pokhim
Regular Member
 
Posts: 32
Joined: October 30th, 2006, 2:01 pm

Unread postby Susan528 » November 2nd, 2006, 8:48 am

Please go ahead and post another hijackthis log.

It would help to keep the pc disconnected from the Internet meanwhile.

Do you have another pc that you can connect to the Net and check for instructions?
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

Unread postby pokhim » November 2nd, 2006, 5:14 pm

i think i got it fixed, i managed to run hjt and delete a few entries that i thought were part of the chinese navigation and i havnt had any problems since.
pokhim
Regular Member
 
Posts: 32
Joined: October 30th, 2006, 2:01 pm

Unread postby Susan528 » November 3rd, 2006, 9:16 am

Hello pokhim,

I am glad that you have fixed your problem.


I just want to post the following in case this infection should crop up again.
Evidently it can be very difficult to get rid of at times.

Try to stay disconnected from the Internet as much as possible. Please reply quickly.


Install the MVPS host file. This may help prevent infections generating other infections while connected to the Internet.

http://www.mvps.org/winhelp2002/hosts.htm

Download the following:
Killbox
Gmer
SREng
Combofix

STEP 1.
======
Download this file - combofix.exe DO NOT RUN IT YET.

Download Pocket Killbox from http://www.downloads.subratam.org/KillBox.zip and unzip it; save it to your Desktop. DO NOT RUN IT YET.

Download Gmer from here:
http://www.gmer.net/gmer.zipDO NOT RUN IT YET.

Please download SREng
http://www.kztechs.com/sreng/sreng2.zipDO NOT RUN IT YET.

STEP 2.
======
SREng
Extract it to Desktop and double click SREng.exe to run it
Select: Smart Scan and click on the [Scan] button

When finished, click on the Save Reports button and save the log to Desktop

Please post the SREng log in your next reply.


STEP 3.
======
GMER
  • Disconnect from internet and close running programs.
  • There is a small chance this app may crash your computer so save any work you have open.
  • Double click gmer.exe
  • Let the gmer.sys driver load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run scan...say Ok.
  • If no warning....
  • Click "rootkit" tab and click "scan"
  • Once done click "copy"
  • Open Notepad and hit "ctrl+v" to paste log.
  • Reconnect to internet and post log in your next reply please.

STEP 4.
======
Combofix
  1. Double click combofix.exe & follow the prompts.
  2. When finished, it shall produce a log for you. Post that log in your next reply

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

On your next reply, please include gmer log, combofix log, and the SREng log.

STEP 5.
======
Run the regfix everytime you to connect to the net. This is to be performed until such time you have finished the disinfection.


Go to start-->run

and type this in:
notepad

Paste this into the box:

Code: Select all
REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWindowsUpdate"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=dword:00000000
"NoWindowsUpdate"=dword:00000000


Then click on the FILE menu and select save as
Save the file as regfix.reg. Save the file to the desktop.
IMPORTANT: make sure to save the file as "all types" and NOT as a text file
**

Now double click on regfix.reg and insert it into the registry.

Please post the gmer log, combofix log, and the SREng log in your reply.
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

Unread postby pokhim » November 5th, 2006, 12:40 pm

Internet explorer keeps asking me to log into the network thats used in my house. it wants a username and password and everytime i click a link it asks me! heres what you requested.


GMER 1.0.12.11879 - http://www.gmer.net
Rootkit scan 2006-11-05 16:28:50
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT sptd.sys ZwCreateKey
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT sptd.sys ZwOpenKey
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT \??\C:\WINDOWS\system32\drivers\paraudio.sys ZwSetValueKey

---- Kernel code sections - GMER 1.0.12 ----

.text ntoskrnl.exe!_abnormal_termination + 240 804E274C 4 Bytes
.text ntoskrnl.exe!_abnormal_termination + 360 804E27C4 4 Bytes
.text ntoskrnl.exe!_abnormal_termination + 368 804E27CC 4 Bytes
.text ntoskrnl.exe!_abnormal_termination + 552 804E2884 4 Bytes
.text ntoskrnl.exe!_abnormal_termination + 716 804E2928 4 Bytes
.text ...
.text ntdll.dll!NtClose 7C90D586 5 Bytes JMP 7203394A
.text ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 72033AD5
.text ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 720339B9
.text ntdll.dll!NtCreateSection 7C90D793 5 Bytes JMP 72033968

---- User code sections - GMER 1.0.12 ----

.text C:\Documents and Settings\Tariq\Desktop\gmer.exe[2076] ADVAPI32.dll!CryptDestroyKey 77DEA544 7 Bytes JMP 10001A9F C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Documents and Settings\Tariq\Desktop\gmer.exe[2076] ADVAPI32.dll!CryptDeriveKey 77DEA685 7 Bytes JMP 1000191D C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Documents and Settings\Tariq\Desktop\gmer.exe[2076] ADVAPI32.dll!CryptDecrypt 77DEA7B1 7 Bytes JMP 10001A18 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Documents and Settings\Tariq\Desktop\gmer.exe[2076] ADVAPI32.dll!CryptImportKey 77DEA879 7 Bytes JMP 10001978 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Documents and Settings\Tariq\Desktop\gmer.exe[2076] ADVAPI32.dll!CryptEncrypt 77DF1558 7 Bytes JMP 100019AC C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Documents and Settings\Tariq\Desktop\gmer.exe[2076] ADVAPI32.dll!CryptGenKey 77E114B1 7 Bytes JMP 100018EF C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Documents and Settings\Tariq\Desktop\gmer.exe[2076] ADVAPI32.dll!CryptGetUserKey 77E11789 7 Bytes JMP 1000194E C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Documents and Settings\Tariq\Desktop\gmer.exe[2076] WS2_32.dll!connect 71AB406A 5 Bytes JMP 100014CE C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Documents and Settings\Tariq\Desktop\gmer.exe[2076] WS2_32.dll!send 71AB428A 5 Bytes JMP 10001580 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Documents and Settings\Tariq\Desktop\gmer.exe[2076] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 10001783 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Documents and Settings\Tariq\Desktop\gmer.exe[2076] WS2_32.dll!recv 71AB615A 5 Bytes JMP 10001616 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Documents and Settings\Tariq\Desktop\gmer.exe[2076] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 100016AC C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Documents and Settings\Tariq\Desktop\gmer.exe[2076] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 1000185B C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\WINDOWS\system32\ctfmon.exe[2216] ADVAPI32.dll!CryptDestroyKey 77DEA544 7 Bytes JMP 10001A9F C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\WINDOWS\system32\ctfmon.exe[2216] ADVAPI32.dll!CryptDeriveKey 77DEA685 7 Bytes JMP 1000191D C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\WINDOWS\system32\ctfmon.exe[2216] ADVAPI32.dll!CryptDecrypt 77DEA7B1 7 Bytes JMP 10001A18 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\WINDOWS\system32\ctfmon.exe[2216] ADVAPI32.dll!CryptImportKey 77DEA879 7 Bytes JMP 10001978 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\WINDOWS\system32\ctfmon.exe[2216] ADVAPI32.dll!CryptEncrypt 77DF1558 7 Bytes JMP 100019AC C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\WINDOWS\system32\ctfmon.exe[2216] ADVAPI32.dll!CryptGenKey 77E114B1 7 Bytes JMP 100018EF C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\WINDOWS\system32\ctfmon.exe[2216] ADVAPI32.dll!CryptGetUserKey 77E11789 7 Bytes JMP 1000194E C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\WINDOWS\system32\ctfmon.exe[2216] WS2_32.dll!connect 71AB406A 5 Bytes JMP 100014CE C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\WINDOWS\system32\ctfmon.exe[2216] WS2_32.dll!send 71AB428A 5 Bytes JMP 10001580 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\WINDOWS\system32\ctfmon.exe[2216] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 10001783 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\WINDOWS\system32\ctfmon.exe[2216] WS2_32.dll!recv 71AB615A 5 Bytes JMP 10001616 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\WINDOWS\system32\ctfmon.exe[2216] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 100016AC C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\WINDOWS\system32\ctfmon.exe[2216] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 1000185B C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATI9EA.EXE[2824] ADVAPI32.dll!CryptDestroyKey 77DEA544 7 Bytes JMP 10001A9F C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATI9EA.EXE[2824] ADVAPI32.dll!CryptDeriveKey 77DEA685 7 Bytes JMP 1000191D C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATI9EA.EXE[2824] ADVAPI32.dll!CryptDecrypt 77DEA7B1 7 Bytes JMP 10001A18 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATI9EA.EXE[2824] ADVAPI32.dll!CryptImportKey 77DEA879 7 Bytes JMP 10001978 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATI9EA.EXE[2824] ADVAPI32.dll!CryptEncrypt 77DF1558 7 Bytes JMP 100019AC C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATI9EA.EXE[2824] ADVAPI32.dll!CryptGenKey 77E114B1 7 Bytes JMP 100018EF C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATI9EA.EXE[2824] ADVAPI32.dll!CryptGetUserKey 77E11789 7 Bytes JMP 1000194E C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATI9EA.EXE[2824] WS2_32.dll!connect 71AB406A 5 Bytes JMP 100014CE C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATI9EA.EXE[2824] WS2_32.dll!send 71AB428A 5 Bytes JMP 10001580 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATI9EA.EXE[2824] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 10001783 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATI9EA.EXE[2824] WS2_32.dll!recv 71AB615A 5 Bytes JMP 10001616 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATI9EA.EXE[2824] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 100016AC C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATI9EA.EXE[2824] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 1000185B C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\D-Link\AirPlus G\AirGCFG.exe[2836] ADVAPI32.dll!CryptDestroyKey 77DEA544 7 Bytes JMP 00B51A9F C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\D-Link\AirPlus G\AirGCFG.exe[2836] ADVAPI32.dll!CryptDeriveKey 77DEA685 7 Bytes JMP 00B5191D C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\D-Link\AirPlus G\AirGCFG.exe[2836] ADVAPI32.dll!CryptDecrypt 77DEA7B1 7 Bytes JMP 00B51A18 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\D-Link\AirPlus G\AirGCFG.exe[2836] ADVAPI32.dll!CryptImportKey 77DEA879 7 Bytes JMP 00B51978 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\D-Link\AirPlus G\AirGCFG.exe[2836] ADVAPI32.dll!CryptEncrypt 77DF1558 7 Bytes JMP 00B519AC C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\D-Link\AirPlus G\AirGCFG.exe[2836] ADVAPI32.dll!CryptGenKey 77E114B1 7 Bytes JMP 00B518EF C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\D-Link\AirPlus G\AirGCFG.exe[2836] ADVAPI32.dll!CryptGetUserKey 77E11789 7 Bytes JMP 00B5194E C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\D-Link\AirPlus G\AirGCFG.exe[2836] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00B514CE C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\D-Link\AirPlus G\AirGCFG.exe[2836] WS2_32.dll!send 71AB428A 5 Bytes JMP 00B51580 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\D-Link\AirPlus G\AirGCFG.exe[2836] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 00B51783 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\D-Link\AirPlus G\AirGCFG.exe[2836] WS2_32.dll!recv 71AB615A 5 Bytes JMP 00B51616 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\D-Link\AirPlus G\AirGCFG.exe[2836] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00B516AC C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\D-Link\AirPlus G\AirGCFG.exe[2836] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00B5185B C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe[2844] ADVAPI32.dll!CryptDestroyKey 77DEA544 7 Bytes JMP 10001A9F C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe[2844] ADVAPI32.dll!CryptDeriveKey 77DEA685 7 Bytes JMP 1000191D C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe[2844] ADVAPI32.dll!CryptDecrypt 77DEA7B1 7 Bytes JMP 10001A18 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe[2844] ADVAPI32.dll!CryptImportKey 77DEA879 7 Bytes JMP 10001978 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe[2844] ADVAPI32.dll!CryptEncrypt 77DF1558 7 Bytes JMP 100019AC C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe[2844] ADVAPI32.dll!CryptGenKey 77E114B1 7 Bytes JMP 100018EF C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe[2844] ADVAPI32.dll!CryptGetUserKey 77E11789 7 Bytes JMP 1000194E C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe[2844] WS2_32.dll!connect 71AB406A 5 Bytes JMP 100014CE C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe[2844] WS2_32.dll!send 71AB428A 5 Bytes JMP 10001580 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe[2844] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 10001783 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe[2844] WS2_32.dll!recv 71AB615A 5 Bytes JMP 10001616 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe[2844] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 100016AC C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe[2844] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 1000185B C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe[2856] ADVAPI32.dll!CryptDestroyKey 77DEA544 7 Bytes JMP 10001A9F C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe[2856] ADVAPI32.dll!CryptDeriveKey 77DEA685 7 Bytes JMP 1000191D C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe[2856] ADVAPI32.dll!CryptDecrypt 77DEA7B1 7 Bytes JMP 10001A18 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe[2856] ADVAPI32.dll!CryptImportKey 77DEA879 7 Bytes JMP 10001978 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe[2856] ADVAPI32.dll!CryptEncrypt 77DF1558 7 Bytes JMP 100019AC C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe[2856] ADVAPI32.dll!CryptGenKey 77E114B1 7 Bytes JMP 100018EF C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe[2856] ADVAPI32.dll!CryptGetUserKey 77E11789 7 Bytes JMP 1000194E C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe[2856] WS2_32.dll!connect 71AB406A 5 Bytes JMP 100014CE C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe[2856] WS2_32.dll!send 71AB428A 5 Bytes JMP 10001580 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe[2856] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 10001783 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe[2856] WS2_32.dll!recv 71AB615A 5 Bytes JMP 10001616 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe[2856] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 100016AC C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe[2856] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 1000185B C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2876] ADVAPI32.dll!CryptDestroyKey 77DEA544 7 Bytes JMP 10001A9F C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2876] ADVAPI32.dll!CryptDeriveKey 77DEA685 7 Bytes JMP 1000191D C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2876] ADVAPI32.dll!CryptDecrypt 77DEA7B1 7 Bytes JMP 10001A18 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2876] ADVAPI32.dll!CryptImportKey 77DEA879 7 Bytes JMP 10001978 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2876] ADVAPI32.dll!CryptEncrypt 77DF1558 7 Bytes JMP 100019AC C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2876] ADVAPI32.dll!CryptGenKey 77E114B1 7 Bytes JMP 100018EF C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2876] ADVAPI32.dll!CryptGetUserKey 77E11789 7 Bytes JMP 1000194E C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2876] WS2_32.dll!connect 71AB406A 5 Bytes JMP 100014CE C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2876] WS2_32.dll!send 71AB428A 5 Bytes JMP 10001580 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2876] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 10001783 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2876] WS2_32.dll!recv 71AB615A 5 Bytes JMP 10001616 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2876] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 100016AC C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2876] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 1000185B C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2988] ADVAPI32.dll!CryptDestroyKey 77DEA544 7 Bytes JMP 10001A9F C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2988] ADVAPI32.dll!CryptDeriveKey 77DEA685 7 Bytes JMP 1000191D C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2988] ADVAPI32.dll!CryptDecrypt 77DEA7B1 7 Bytes JMP 10001A18 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2988] ADVAPI32.dll!CryptImportKey 77DEA879 7 Bytes JMP 10001978 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2988] ADVAPI32.dll!CryptEncrypt 77DF1558 7 Bytes JMP 100019AC C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2988] ADVAPI32.dll!CryptGenKey 77E114B1 7 Bytes JMP 100018EF C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2988] ADVAPI32.dll!CryptGetUserKey 77E11789 7 Bytes JMP 1000194E C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2988] WS2_32.dll!connect 71AB406A 5 Bytes JMP 100014CE C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2988] WS2_32.dll!send 71AB428A 5 Bytes JMP 10001580 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2988] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 10001783 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2988] WS2_32.dll!recv 71AB615A 5 Bytes JMP 10001616 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2988] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 100016AC C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2988] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 1000185B C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\WINDOWS\vsnpstd.exe[3052] ADVAPI32.dll!CryptDestroyKey 77DEA544 7 Bytes JMP 10001A9F C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\WINDOWS\vsnpstd.exe[3052] ADVAPI32.dll!CryptDeriveKey 77DEA685 7 Bytes JMP 1000191D C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\WINDOWS\vsnpstd.exe[3052] ADVAPI32.dll!CryptDecrypt 77DEA7B1 7 Bytes JMP 10001A18 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\WINDOWS\vsnpstd.exe[3052] ADVAPI32.dll!CryptImportKey 77DEA879 7 Bytes JMP 10001978 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\WINDOWS\vsnpstd.exe[3052] ADVAPI32.dll!CryptEncrypt 77DF1558 7 Bytes JMP 100019AC C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\WINDOWS\vsnpstd.exe[3052] ADVAPI32.dll!CryptGenKey 77E114B1 7 Bytes JMP 100018EF C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\WINDOWS\vsnpstd.exe[3052] ADVAPI32.dll!CryptGetUserKey 77E11789 7 Bytes JMP 1000194E C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\WINDOWS\vsnpstd.exe[3052] WS2_32.dll!connect 71AB406A 5 Bytes JMP 100014CE C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\WINDOWS\vsnpstd.exe[3052] WS2_32.dll!send 71AB428A 5 Bytes JMP 10001580 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\WINDOWS\vsnpstd.exe[3052] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 10001783 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\WINDOWS\vsnpstd.exe[3052] WS2_32.dll!recv 71AB615A 5 Bytes JMP 10001616 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\WINDOWS\vsnpstd.exe[3052] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 100016AC C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\WINDOWS\vsnpstd.exe[3052] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 1000185B C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[3092] ADVAPI32.dll!CryptDestroyKey 77DEA544 7 Bytes JMP 10001A9F C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[3092] ADVAPI32.dll!CryptDeriveKey 77DEA685 7 Bytes JMP 1000191D C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[3092] ADVAPI32.dll!CryptDecrypt 77DEA7B1 7 Bytes JMP 10001A18 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[3092] ADVAPI32.dll!CryptImportKey 77DEA879 7 Bytes JMP 10001978 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[3092] ADVAPI32.dll!CryptEncrypt 77DF1558 7 Bytes JMP 100019AC C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[3092] ADVAPI32.dll!CryptGenKey 77E114B1 7 Bytes JMP 100018EF C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[3092] ADVAPI32.dll!CryptGetUserKey 77E11789 7 Bytes JMP 1000194E C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[3092] WS2_32.dll!connect 71AB406A 5 Bytes JMP 100014CE C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[3092] WS2_32.dll!send 71AB428A 5 Bytes JMP 10001580 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[3092] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 10001783 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[3092] WS2_32.dll!recv 71AB615A 5 Bytes JMP 10001616 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[3092] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 100016AC C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[3092] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 1000185B C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[3204] ADVAPI32.dll!CryptDestroyKey 77DEA544 7 Bytes JMP 10001A9F C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[3204] ADVAPI32.dll!CryptDeriveKey 77DEA685 7 Bytes JMP 1000191D C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[3204] ADVAPI32.dll!CryptDecrypt 77DEA7B1 7 Bytes JMP 10001A18 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[3204] ADVAPI32.dll!CryptImportKey 77DEA879 7 Bytes JMP 10001978 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[3204] ADVAPI32.dll!CryptEncrypt 77DF1558 7 Bytes JMP 100019AC C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[3204] ADVAPI32.dll!CryptGenKey 77E114B1 7 Bytes JMP 100018EF C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[3204] ADVAPI32.dll!CryptGetUserKey 77E11789 7 Bytes JMP 1000194E C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[3204] WS2_32.dll!connect 71AB406A 5 Bytes JMP 100014CE C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[3204] WS2_32.dll!send 71AB428A 5 Bytes JMP 10001580 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[3204] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 10001783 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[3204] WS2_32.dll!recv 71AB615A 5 Bytes JMP 10001616 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[3204] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 100016AC C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[3204] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 1000185B C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\QuickTime\qttask.exe[3228] ADVAPI32.dll!CryptDestroyKey 77DEA544 7 Bytes JMP 10001A9F C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\QuickTime\qttask.exe[3228] ADVAPI32.dll!CryptDeriveKey 77DEA685 7 Bytes JMP 1000191D C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\QuickTime\qttask.exe[3228] ADVAPI32.dll!CryptDecrypt 77DEA7B1 7 Bytes JMP 10001A18 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\QuickTime\qttask.exe[3228] ADVAPI32.dll!CryptImportKey 77DEA879 7 Bytes JMP 10001978 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\QuickTime\qttask.exe[3228] ADVAPI32.dll!CryptEncrypt 77DF1558 7 Bytes JMP 100019AC C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\QuickTime\qttask.exe[3228] ADVAPI32.dll!CryptGenKey 77E114B1 7 Bytes JMP 100018EF C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\QuickTime\qttask.exe[3228] ADVAPI32.dll!CryptGetUserKey 77E11789 7 Bytes JMP 1000194E C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\QuickTime\qttask.exe[3228] WS2_32.dll!connect 71AB406A 5 Bytes JMP 100014CE C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\QuickTime\qttask.exe[3228] WS2_32.dll!send 71AB428A 5 Bytes JMP 10001580 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\QuickTime\qttask.exe[3228] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 10001783 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\QuickTime\qttask.exe[3228] WS2_32.dll!recv 71AB615A 5 Bytes JMP 10001616 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\QuickTime\qttask.exe[3228] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 100016AC C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\QuickTime\qttask.exe[3228] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 1000185B C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[3272] ADVAPI32.dll!CryptDestroyKey 77DEA544 7 Bytes JMP 010C1A9F C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[3272] ADVAPI32.dll!CryptDeriveKey 77DEA685 7 Bytes JMP 010C191D C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[3272] ADVAPI32.dll!CryptDecrypt 77DEA7B1 7 Bytes JMP 010C1A18 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[3272] ADVAPI32.dll!CryptImportKey 77DEA879 7 Bytes JMP 010C1978 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[3272] ADVAPI32.dll!CryptEncrypt 77DF1558 7 Bytes JMP 010C19AC C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[3272] ADVAPI32.dll!CryptGenKey 77E114B1 7 Bytes JMP 010C18EF C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[3272] ADVAPI32.dll!CryptGetUserKey 77E11789 7 Bytes JMP 010C194E C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[3272] WS2_32.dll!connect 71AB406A 5 Bytes JMP 010C14CE C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[3272] WS2_32.dll!send 71AB428A 5 Bytes JMP 010C1580 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[3272] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 010C1783 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[3272] WS2_32.dll!recv 71AB615A 5 Bytes JMP 010C1616 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[3272] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 010C16AC C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[3272] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 010C185B C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Common Files\System\Update.exe[3292] ADVAPI32.dll!CryptDestroyKey 77DEA544 7 Bytes JMP 10001A9F C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Common Files\System\Update.exe[3292] ADVAPI32.dll!CryptDeriveKey 77DEA685 7 Bytes JMP 1000191D C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Common Files\System\Update.exe[3292] ADVAPI32.dll!CryptDecrypt 77DEA7B1 7 Bytes JMP 10001A18 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Common Files\System\Update.exe[3292] ADVAPI32.dll!CryptImportKey 77DEA879 7 Bytes JMP 10001978 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Common Files\System\Update.exe[3292] ADVAPI32.dll!CryptEncrypt 77DF1558 7 Bytes JMP 100019AC C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Common Files\System\Update.exe[3292] ADVAPI32.dll!CryptGenKey 77E114B1 7 Bytes JMP 100018EF C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Common Files\System\Update.exe[3292] ADVAPI32.dll!CryptGetUserKey 77E11789 7 Bytes JMP 1000194E C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Common Files\System\Update.exe[3292] WS2_32.dll!connect 71AB406A 5 Bytes JMP 100014CE C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Common Files\System\Update.exe[3292] WS2_32.dll!send 71AB428A 5 Bytes JMP 10001580 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Common Files\System\Update.exe[3292] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 10001783 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Common Files\System\Update.exe[3292] WS2_32.dll!recv 71AB615A 5 Bytes JMP 10001616 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Common Files\System\Update.exe[3292] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 100016AC C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Common Files\System\Update.exe[3292] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 1000185B C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.EXE[3344] ADVAPI32.dll!CryptDestroyKey 77DEA544 7 Bytes JMP 010F1A9F C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.EXE[3344] ADVAPI32.dll!CryptDeriveKey 77DEA685 7 Bytes JMP 010F191D C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.EXE[3344] ADVAPI32.dll!CryptDecrypt 77DEA7B1 7 Bytes JMP 010F1A18 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.EXE[3344] ADVAPI32.dll!CryptImportKey 77DEA879 7 Bytes JMP 010F1978 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.EXE[3344] ADVAPI32.dll!CryptEncrypt 77DF1558 7 Bytes JMP 010F19AC C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.EXE[3344] ADVAPI32.dll!CryptGenKey 77E114B1 7 Bytes JMP 010F18EF C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.EXE[3344] ADVAPI32.dll!CryptGetUserKey 77E11789 7 Bytes JMP 010F194E C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.EXE[3344] WS2_32.dll!connect 71AB406A 5 Bytes JMP 010F14CE C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.EXE[3344] WS2_32.dll!send 71AB428A 5 Bytes JMP 010F1580 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.EXE[3344] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 010F1783 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.EXE[3344] WS2_32.dll!recv 71AB615A 5 Bytes JMP 010F1616 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.EXE[3344] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 010F16AC C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.EXE[3344] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 010F185B C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\iISystem Wiper\SystemWiper.exe[3372] ADVAPI32.dll!CryptDestroyKey 77DEA544 7 Bytes JMP 10001A9F C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\iISystem Wiper\SystemWiper.exe[3372] ADVAPI32.dll!CryptDeriveKey 77DEA685 7 Bytes JMP 1000191D C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\iISystem Wiper\SystemWiper.exe[3372] ADVAPI32.dll!CryptDecrypt 77DEA7B1 7 Bytes JMP 10001A18 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\iISystem Wiper\SystemWiper.exe[3372] ADVAPI32.dll!CryptImportKey 77DEA879 7 Bytes JMP 10001978 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\iISystem Wiper\SystemWiper.exe[3372] ADVAPI32.dll!CryptEncrypt 77DF1558 7 Bytes JMP 100019AC C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\iISystem Wiper\SystemWiper.exe[3372] ADVAPI32.dll!CryptGenKey 77E114B1 7 Bytes JMP 100018EF C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\iISystem Wiper\SystemWiper.exe[3372] ADVAPI32.dll!CryptGetUserKey 77E11789 7 Bytes JMP 1000194E C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\iISystem Wiper\SystemWiper.exe[3372] WS2_32.dll!connect 71AB406A 5 Bytes JMP 100014CE C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\iISystem Wiper\SystemWiper.exe[3372] WS2_32.dll!send 71AB428A 5 Bytes JMP 10001580 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\iISystem Wiper\SystemWiper.exe[3372] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 10001783 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\iISystem Wiper\SystemWiper.exe[3372] WS2_32.dll!recv 71AB615A 5 Bytes JMP 10001616 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\iISystem Wiper\SystemWiper.exe[3372] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 100016AC C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\iISystem Wiper\SystemWiper.exe[3372] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 1000185B C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\MagicKey.exe[3444] ADVAPI32.dll!CryptDestroyKey 77DEA544 7 Bytes JMP 00DE1A9F C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\MagicKey.exe[3444] ADVAPI32.dll!CryptDeriveKey 77DEA685 7 Bytes JMP 00DE191D C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\MagicKey.exe[3444] ADVAPI32.dll!CryptDecrypt 77DEA7B1 7 Bytes JMP 00DE1A18 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\MagicKey.exe[3444] ADVAPI32.dll!CryptImportKey 77DEA879 7 Bytes JMP 00DE1978 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\MagicKey.exe[3444] ADVAPI32.dll!CryptEncrypt 77DF1558 7 Bytes JMP 00DE19AC C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\MagicKey.exe[3444] ADVAPI32.dll!CryptGenKey 77E114B1 7 Bytes JMP 00DE18EF C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\MagicKey.exe[3444] ADVAPI32.dll!CryptGetUserKey 77E11789 7 Bytes JMP 00DE194E C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\MagicKey.exe[3444] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00DE14CE C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\MagicKey.exe[3444] WS2_32.dll!send 71AB428A 5 Bytes JMP 00DE1580 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\MagicKey.exe[3444] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 00DE1783 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\MagicKey.exe[3444] WS2_32.dll!recv 71AB615A 5 Bytes JMP 00DE1616 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\MagicKey.exe[3444] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00DE16AC C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\MagicKey.exe[3444] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00DE185B C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Belkin Wireless\Belkin Wireless Mouse\MouseAp.exe[3460] ADVAPI32.dll!CryptDestroyKey 77DEA544 7 Bytes JMP 10001A9F C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Belkin Wireless\Belkin Wireless Mouse\MouseAp.exe[3460] ADVAPI32.dll!CryptDeriveKey 77DEA685 7 Bytes JMP 1000191D C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Belkin Wireless\Belkin Wireless Mouse\MouseAp.exe[3460] ADVAPI32.dll!CryptDecrypt 77DEA7B1 7 Bytes JMP 10001A18 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Belkin Wireless\Belkin Wireless Mouse\MouseAp.exe[3460] ADVAPI32.dll!CryptImportKey 77DEA879 7 Bytes JMP 10001978 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Belkin Wireless\Belkin Wireless Mouse\MouseAp.exe[3460] ADVAPI32.dll!CryptEncrypt 77DF1558 7 Bytes JMP 100019AC C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Belkin Wireless\Belkin Wireless Mouse\MouseAp.exe[3460] ADVAPI32.dll!CryptGenKey 77E114B1 7 Bytes JMP 100018EF C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Belkin Wireless\Belkin Wireless Mouse\MouseAp.exe[3460] ADVAPI32.dll!CryptGetUserKey 77E11789 7 Bytes JMP 1000194E C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Belkin Wireless\Belkin Wireless Mouse\MouseAp.exe[3460] WS2_32.dll!connect 71AB406A 5 Bytes JMP 100014CE C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Belkin Wireless\Belkin Wireless Mouse\MouseAp.exe[3460] WS2_32.dll!send 71AB428A 5 Bytes JMP 10001580 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Belkin Wireless\Belkin Wireless Mouse\MouseAp.exe[3460] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 10001783 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Belkin Wireless\Belkin Wireless Mouse\MouseAp.exe[3460] WS2_32.dll!recv 71AB615A 5 Bytes JMP 10001616 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Belkin Wireless\Belkin Wireless Mouse\MouseAp.exe[3460] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 100016AC C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Belkin Wireless\Belkin Wireless Mouse\MouseAp.exe[3460] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 1000185B C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\WINDOWS\system32\rundll32.exe[3884] ADVAPI32.dll!CryptDestroyKey 77DEA544 7 Bytes JMP 00BD1A9F C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\WINDOWS\system32\rundll32.exe[3884] ADVAPI32.dll!CryptDeriveKey 77DEA685 7 Bytes JMP 00BD191D C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\WINDOWS\system32\rundll32.exe[3884] ADVAPI32.dll!CryptDecrypt 77DEA7B1 7 Bytes JMP 00BD1A18 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\WINDOWS\system32\rundll32.exe[3884] ADVAPI32.dll!CryptImportKey 77DEA879 7 Bytes JMP 00BD1978 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\WINDOWS\system32\rundll32.exe[3884] ADVAPI32.dll!CryptEncrypt 77DF1558 7 Bytes JMP 00BD19AC C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\WINDOWS\system32\rundll32.exe[3884] ADVAPI32.dll!CryptGenKey 77E114B1 7 Bytes JMP 00BD18EF C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\WINDOWS\system32\rundll32.exe[3884] ADVAPI32.dll!CryptGetUserKey 77E11789 7 Bytes JMP 00BD194E C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\WINDOWS\system32\rundll32.exe[3884] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00BD14CE C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\WINDOWS\system32\rundll32.exe[3884] WS2_32.dll!send 71AB428A 5 Bytes JMP 00BD1580 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\WINDOWS\system32\rundll32.exe[3884] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 00BD1783 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\WINDOWS\system32\rundll32.exe[3884] WS2_32.dll!recv 71AB615A 5 Bytes JMP 00BD1616 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\WINDOWS\system32\rundll32.exe[3884] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00BD16AC C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\WINDOWS\system32\rundll32.exe[3884] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00BD185B C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[3948] ADVAPI32.dll!CryptDestroyKey 77DEA544 7 Bytes JMP 10001A9F C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[3948] ADVAPI32.dll!CryptDeriveKey 77DEA685 7 Bytes JMP 1000191D C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[3948] ADVAPI32.dll!CryptDecrypt 77DEA7B1 7 Bytes JMP 10001A18 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[3948] ADVAPI32.dll!CryptImportKey 77DEA879 7 Bytes JMP 10001978 C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[3948] ADVAPI32.dll!CryptEncrypt 77DF1558 7 Bytes JMP 100019AC C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[3948] ADVAPI32.dll
pokhim
Regular Member
 
Posts: 32
Joined: October 30th, 2006, 2:01 pm

Unread postby pokhim » November 5th, 2006, 12:40 pm

2006-11-05,15:17:41

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600)
- Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ATI Launchpad><> [N/A]
<ATI Remote Control><C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.EXE> [ATI Technologies Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<EPSON Stylus CX6600 Series (Copy 2)><C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE /P35 "EPSON Stylus CX6600 Series (Copy 2)" /O5 "LPT1:" /M "Stylus CX6600"> [(Verified)SEIKO EPSON CORPORATION]
<EPSON Stylus CX6600 Series><C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600"> [(Verified)SEIKO EPSON CORPORATION]
<D-Link AirPlus G><C:\Program Files\D-Link\AirPlus G\AirGCFG.exe> [D-Link]
<AVG7_CC><C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP> [GRISOFT, s.r.o.]
<AVG7_EMC><C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe> [GRISOFT, s.r.o.]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<UserFaultCheck><%systemroot%\system32\dumprep 0 -u> [N/A]
<Google Desktop Search><"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup> [Google]
<snpstd><C:\WINDOWS\vsnpstd.exe> [(Verified)]
<Windows Defender><"C:\Program Files\Windows Defender\MSASCui.exe" -hide> [(Verified)Microsoft Corporation]
<SunJavaUpdateSched><C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe> [Sun Microsystems, Inc.]
<QuickTime Task><"C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Computer, Inc.]
<iTunesHelper><"C:\Program Files\iTunes\iTunesHelper.exe"> [(Verified)Apple Computer, Inc.]
<NWEReboot><> [N/A]
<System><C:\Program Files\Common Files\System\Update.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL> [Google]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}><C:\PROGRA~1\WIFD1F~1\MpShHook.dll> [(Verified)Microsoft Corporation]

==================================
Startup Folders
[Enable Belkin Wireless Keyboard Driver]
<C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Enable Belkin Wireless Keyboard Driver.lnk --> C:\PROGRA~1\BELKIN~1\BELKIN~1\MagicKey.exe [N/A]><N>
[Enable Belkin Wireless Mouse Driver]
<C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Enable Belkin Wireless Mouse Driver.lnk --> C:\PROGRA~1\BELKIN~1\BELKIN~2\MouseAp.exe []><N>
[EPSON Status Monitor 3 Environment Check 2]
<C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk --> C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [SEIKO EPSON CORPORATION]><N>
[Adobe Gamma.lnk.disa]
<C:\Documents and Settings\Tariq\Start Menu\Programs\Startup\Adobe Gamma.lnk.disabled --> C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><N>

==================================
Services
[Adobe LM Service / Adobe LM Service]
<"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Application Management / AppMgmt]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[ASP.NET State Service / aspnet_state]
<C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Ati HotKey Poller / Ati HotKey Poller]
<C:\WINDOWS\system32\Ati2evxx.exe><N/A>
[ATI Smart / ATI Smart]
<C:\WINDOWS\system32\ati2sgag.exe><>
[AVG7 Alert Manager Server / Avg7Alrt]
<C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe><GRISOFT, s.r.o.>
[AVG7 Update Service / Avg7UpdSvc]
<C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe><GRISOFT, s.r.o.>
[BrSplService / Brother XP spl Service]
<C:\WINDOWS\system32\brsvc01a.exe><brother Industries Ltd>
[EPSON Printer Status Agent2 / EPSONStatusAgent2]
<C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe><SEIKO EPSON CORPORATION>
[InstallDriver Table Manager / IDriverT]
<"C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"><Macrovision Corporation>
[iPod Service / iPod Service]
<"C:\Program Files\iPod\bin\iPodService.exe"><Apple Computer, Inc.>
[NT Data Provider / MouTALS]
<C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE C:\WINDOWS\SYSTEM32\WBEM\EBCDNH08.DLL,Export 1087><Microsoft Corporation>
[Microsoft authenticate service / MsaSvc]
<C:\WINDOWS\system32\msasvc.exe><N/A>
[Sandra Data Service / SandraDataSrv]
<C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe><SiSoftware>
[Sandra Service / SandraTheSrv]
<C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe><SiSoftware>
[Office Backup Engine / Trial]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\qrljqg98.dll><Microsoft Corporation>
[WMDM PMSP Service / WMDM PMSP Service]
<C:\WINDOWS\system32\MsPMSPSv.exe><Microsoft Corporation>
[X10 Device Network Service / x10nets]
<><N/A>

==================================
Drivers
[ANIO Service / ANIO]
<\??\C:\WINDOWS\system32\ANIO.SYS><Alpha Networks Inc.>
[ASNDIS5 Protocol Driver / ASNDIS5]
<\??\C:\WINDOWS\system32\ASNDIS5.SYS><Printing Communications Assoc., Inc. (PCAUSA)>
[ati2mtag / ati2mtag]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[ATI WDM Rage Theater Video / atinrvxx]
<system32\DRIVERS\atinrvxx.sys><ATI Technologies Inc.>
[ATI WDM TV Tuner / ATITUNEP]
<system32\DRIVERS\atintuxx.sys><ATI Technologies Inc.>
[ATI WDM Rage Theater Audio / ativraxx]
<system32\DRIVERS\atinraxx.sys><ATI Technologies Inc.>
[ATI WDM TV Audio Crossbar / ATIXSAudio]
<system32\DRIVERS\atinxsxx.sys><ATI Technologies Inc.>
[AVG7 Kernel / Avg7Core]
<\SystemRoot\System32\Drivers\avg7core.sys><GRISOFT, s.r.o.>
[AVG7 Wrap Driver / Avg7RsW]
<\SystemRoot\System32\Drivers\avg7rsw.sys><GRISOFT, s.r.o.>
[AVG7 Rezident Driver / Avg7RsXP]
<\SystemRoot\System32\Drivers\avg7rsxp.sys><GRISOFT, s.r.o.>
[AVG Network Redirector / AvgTdi]
<\??\C:\WINDOWS\System32\Drivers\avgtdi.sys><GRISOFT, s.r.o.>
[dtscsi / dtscsi]
<\SystemRoot\System32\Drivers\dtscsi.sys><N/A>
[GEAR CDRom Filter / GEARAspiWDM]
<SYSTEM32\DRIVERS\GEARAspiWDM.sys><GEAR Software Inc.>
[Keyboard Filter Driver / kbfilter]
<C:\WINDOWS\SYSTEM32\DRIVERS\kbfilter.SYS><WayTech Development, Inc.>
[ATI WDM Specialized MVD Codec / MVDCODEC]
<system32\DRIVERS\atinmdxx.sys><ATI Technologies Inc.>
[Service for NVIDIA(R) nForce(TM) Audio Enumerator / nvax]
<system32\drivers\nvax.sys><NVIDIA Corporation>
[NVIDIA nForce MCP Networking Controller Driver / NVENET]
<system32\DRIVERS\NVENET.sys><NVIDIA Corporation>
[Service for NVIDIA(R) nForce(TM) Audio / nvnforce]
<system32\drivers\nvapu.sys><NVIDIA Corporation>
[NVIDIA nForce AGP Bus Filter / nv_agp]
<\SystemRoot\system32\DRIVERS\nv_agp.sys><NVIDIA Corporation>
[paraudio / paraudio]
<\??\C:\WINDOWS\system32\drivers\paraudio.sys><Microsoft Corporation>
[PfModNT / PfModNT]
<\??\C:\WINDOWS\system32\drivers\PfModNT.sys><N/A>
[Direct Parallel Link Driver / Ptilink]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[ASUS Wireless Driver / RT2400]
<system32\DRIVERS\RT2400.sys><Ralink Technology Inc.>
[DWL-G122(rev.B) USB Wireless LAN Driver / rt2500usb]
<system32\DRIVERS\rt2500usb.sys><Ralink Technology Inc.>
[SANDRA / SANDRA]
<\??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\Sandra.sys><SiSoftware>
[Sony Ericsson Device 046 Driver driver (WDM) / SE2Ebus]
<system32\DRIVERS\SE2Ebus.sys><MCCI>
[Sony Ericsson Device 046 USB WMC Modem Filter / SE2Emdfl]
<system32\DRIVERS\SE2Emdfl.sys><MCCI>
[Sony Ericsson Device 046 USB WMC Modem Driver / SE2Emdm]
<system32\DRIVERS\SE2Emdm.sys><MCCI>
[Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM) / SE2Emgmt]
<system32\DRIVERS\SE2Emgmt.sys><MCCI>
[Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS) / se2End5]
<system32\DRIVERS\se2End5.sys><MCCI>
[Sony Ericsson Device 046 USB WMC OBEX Interface / SE2Eobex]
<system32\DRIVERS\SE2Eobex.sys><MCCI>
[Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM) / se2Eunic]
<system32\DRIVERS\se2Eunic.sys><MCCI>
[Secdrv / Secdrv]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[Silicon Image SiI 3112 SATARaid Controller / si3112r]
<\SystemRoot\system32\drivers\si3112r.sys><Silicon Image, Inc>
[TRUST 120 SPACEC@M / snpstd]
<system32\DRIVERS\snpstd.sys><>
[sptd / sptd]
<\SystemRoot\System32\Drivers\sptd.sys><N/A>
[TCP/IP Protocol Driver / Tcpip]
<system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[ATI WDM Teletext Decoder / TTDec]
<system32\DRIVERS\ATINTTXX.sys><ATI Technologies Inc.>
[IEEE 802.11g Wireless Cardbus/PCI Adapter HW51 / W8335XP]
<system32\DRIVERS\Mrv8000c.sys><Marvell Semiconductor, Inc>

==================================
Browser Add-ons
[MSNToolBandBHO]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll, Microsoft Corporation>
[EpsonToolBandKicker Class]
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} <C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll, N/A>
[&ATI TV]
{44226DFF-747E-4edc-B30C-78752E50CD0C} <C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL, ATI Technologies Inc.>
[]
{e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[EPSON Web-To-Page]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} <C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll, N/A>
[MSN]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll, Microsoft Corporation>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[CKAVWebScan Object]
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[Shockwave ActiveX Control]
{166B1BCA-3F9C-11CF-8075-444553540000} <C:\WINDOWS\system32\Macromed\Director\SwDir.dll, Macromedia, Inc.>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft® Corporation>
[MSN Photo Upload Tool]
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft® Corporation>
[Facebook Photo Uploader Control]
{5F8469B4-B055-49DD-83F7-62B522420ECC} <C:\WINDOWS\Downloaded Program Files\FacebookPhotoUploader.ocx, The Facebook>
[MUWebControl Class]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
[Java Plug-in 1.5.0_04]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll, Sun Microsystems, Inc.>
[MsnMessengerSetupDownloadControl Class]
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} <C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx, Microsoft Corporation>
[Java Plug-in 1.5.0_04]
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[Hotmail Attachments Control]
{F04A8AE2-A59D-11D2-8792-00C04F8EF29D} <C:\WINDOWS\Downloaded Program Files\HMAtchmt.ocx, Microsoft Corporation>
[Microsoft Outlook 8.0 Object Library]
{0006F033-0000-0000-C000-000000000046} <, N/A>
[Microsoft Outlook]
{0006F03A-0000-0000-C000-000000000046} <, N/A>
[Google Script Object]
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[CKAVWebScan Object]
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[&Google]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[QuickTime Object]
{4063BE15-3B08-470D-A0D5-B37161CFFD69} <C:\Program Files\QuickTime\QTPlugin.ocx, Apple Computer, Inc.>
[&ATI TV]
{44226DFF-747E-4EDC-B30C-78752E50CD0C} <C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL, ATI Technologies Inc.>
[Facebook Photo Uploader Control]
{5F8469B4-B055-49DD-83F7-62B522420ECC} <C:\WINDOWS\Downloaded Program Files\FacebookPhotoUploader.ocx, The Facebook>
[CKAVReportCtrl Object]
{6117669B-8C2D-41FA-A6D9-9E484B999CF0} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[MUWebControl Class]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
[Microsoft Web Browser]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[MSN]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll, Microsoft Corporation>
[MSNToolBandBHO]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll, Microsoft Corporation>
[Adobe Acrobat Control for ActiveX]
{CA8A9780-280D-11CF-A24D-444553540000} <C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\ActiveX\pdf.ocx, Adobe Systems Incorporated>
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[EpsonToolBandKicker Class]
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} <C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll, N/A>
[EPSON Web-To-Page]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} <C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll, N/A>
[]
{F06608C7-1874-4EEA-B3B2-DF99EBB144B8} <"C:\PROGRA~1\MSNMES~1\msgsc.dll", N/A>
[&Google Search]
<res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html, N/A>
[&Translate English Word]
<res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html, N/A>
[Backward Links]
<res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html, N/A>
[Cached Snapshot of Page]
<res://c:\program files\google\GoogleToolbar2.dll/cmcache.html, N/A>
[Similar Pages]
<res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html, N/A>
[Translate Page into English]
<res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html, N/A>

==================================
Running Processes
[PID: 484][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1060][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1096][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1144][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1156][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1304][C:\WINDOWS\system32\Ati2evxx.exe] [N/A, N/A]
[PID: 1316][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1404][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1552][C:\Program Files\Windows Defender\MsMpEng.exe] [Microsoft Corporation, 1.1.1347.0]
[PID: 1592][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1664][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1700][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 192][C:\WINDOWS\system32\brsvc01a.exe] [brother Industries Ltd, 1, 0, 0, 4]
[PID: 260][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\E_FLM9EA.DLL] [SEIKO EPSON CORPORATION, 5, 4, 0, 0]
[C:\WINDOWS\system32\E_FLM9EE.DLL] [SEIKO EPSON CORPORATION, 5, 1, 0, 0]
[C:\WINDOWS\system32\E_SL2346.DLL] [SEIKO EPSON CORPORATION, 2, 15, 0, 0]
[C:\WINDOWS\system32\OLFMNT40.DLL] [Microsoft Corporation, 9.0.98.0105]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\BRPP2KA.DLL] [Brother Industries ,Ltd , 1.10]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\olfpnt40.dll] [Microsoft Corporation, 9.0.98.0105]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FUIC9EA.DLL] [SEIKO EPSON Corporation, 0. 3. 0, 133]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FMAI9EA.DLL] [SEIKO EPSON Corporation, 0. 3. 3. 18]
[PID: 268][C:\WINDOWS\system32\brss01a.exe] [brother Industries Ltd, 1.004]
[C:\WINDOWS\system32\spool\PRTPROCS\W32X86\brpp2ka.dll] [Brother Industries ,Ltd , 1.10]
[PID: 564][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll] [N/A, N/A]
[C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll] [N/A, N/A]
[C:\PROGRA~1\CNNIC\Cdn\iesrch.dll] [CNNIC, 2, 2, 0, 0]
[PID: 884][C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe] [GRISOFT, s.r.o., 7,1,0,365]
[C:\PROGRA~1\Grisoft\AVGFRE~1\avglog.dll] [GRISOFT, s.r.o., 7,1,0,349]
[C:\Program Files\Grisoft\AVG Free\avgcfg.dll] [GRISOFT, s.r.o., 7,1,0,404]
[C:\Program Files\Grisoft\AVG Free\avgklib.dll] [GRISOFT, s.r.o., 7,1,0,321]
[C:\Program Files\Grisoft\AVG Free\avglng.dll] [GRISOFT, s.r.o., 7,1,0,400]
[PID: 912][C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe] [GRISOFT, s.r.o., 7,1,0,349]
[PID: 964][C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe] [SEIKO EPSON CORPORATION, 1, 2, 0, 0]
[C:\WINDOWS\system32\EBAPI2.DLL] [SEIKO EPSON CORPORATION, 1, 1, 0, 0]
[C:\Program Files\Common Files\EPSON\EBAPI\EBPLPT.DLL] [SEIKO EPSON CORPORATION, 2, 14, 0, 0]
[PID: 420][C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE] [Microsoft Corporation, 5.00.2134.1]
[PID: 1344][C:\WINDOWS\system32\msasvc.exe] [N/A, N/A]
[PID: 1532][C:\WINDOWS\system32\tcpsvcs.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1788][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\escwiad.dll] [SEIKO EPSON CORP., 1.05]
[C:\WINDOWS\system32\dsnpstd.dll] [, 1, 1, 0, 0]
[PID: 1192][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 1964][C:\WINDOWS\system32\MsPMSPSv.exe] [Microsoft Corporation, 7.00.00.1954]
[PID: 1644][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2824][C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE] [SEIKO EPSON CORPORATION, 3.00]
[C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll] [N/A, N/A]
[PID: 2836][C:\Program Files\D-Link\AirPlus G\AirGCFG.exe] [D-Link, 3, 2, 0, 40308]
[C:\WINDOWS\system32\wlanapi.dll] [Alpha Networks Inc., 1, 2, 27, 40302]
[C:\WINDOWS\system32\ANIOApi.dll] [Alpha Networks Inc., 2, 0, 0, 40127]
[C:\WINDOWS\system32\AQCKGen.dll] [Alpha Networks Inc., 1, 0, 0, 30603]
[C:\WINDOWS\system32\WlanApp.dll] [Alpha Networks Inc., 1, 0, 3, 31230]
[C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll] [N/A, N/A]
[PID: 2844][C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe] [GRISOFT, s.r.o., 7,1,0,406]
[C:\PROGRA~1\Grisoft\AVGFRE~1\AvgTMgr.dll] [GRISOFT, s.r.o., 7,1,0,400]
[C:\PROGRA~1\Grisoft\AVGFRE~1\AvgCtrl.dll] [GRISOFT, s.r.o., 7,1,0,405]
[C:\PROGRA~1\Grisoft\AVGFRE~1\AvgAbout.dll] [GRISOFT, s.r.o., 7,1,0,409]
[C:\PROGRA~1\Grisoft\AVGFRE~1\AvgTest.dll] [GRISOFT, s.r.o., 7,1,0,400]
[C:\PROGRA~1\Grisoft\AVGFRE~1\AvgTRes.dll] [GRISOFT, s.r.o., 7,1,0,402]
[C:\PROGRA~1\Grisoft\AVGFRE~1\AvgSet.dll] [N/A, N/A]
[C:\PROGRA~1\Grisoft\AVGFRE~1\avglog.dll] [GRISOFT, s.r.o., 7,1,0,349]
[C:\Program Files\Grisoft\AVG Free\avgcfg.dll] [GRISOFT, s.r.o., 7,1,0,404]
[C:\Program Files\Grisoft\AVG Free\avgklib.dll] [GRISOFT, s.r.o., 7,1,0,321]
[C:\Program Files\Grisoft\AVG Free\avglng.dll] [GRISOFT, s.r.o., 7,1,0,400]
[C:\Program Files\Grisoft\AVG Free\avgf.dll] [N/A, N/A]
[C:\Program Files\Grisoft\AVG Free\AVGRES.DLL] [N/A, N/A]
[C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll] [N/A, N/A]
[C:\Program Files\Grisoft\AVG Free\avgcckrn.dll] [GRISOFT, s.r.o., 7,1,0,400]
[C:\Program Files\Grisoft\AVG Free\avgvault.dll] [GRISOFT, s.r.o., 7,1,0,285]
[C:\Program Files\Grisoft\AVG Free\avgscan.dll] [GRISOFT, s.r.o., 7,1,0,406]
[C:\Program Files\Grisoft\AVG Free\avgunarc.dll] [GRISOFT, s.r.o., 7,1,0,407]
[C:\Program Files\Grisoft\AVG Free\avgrep.dll] [GRISOFT, s.r.o., 7,1,0,311]
[C:\PROGRA~1\Grisoft\AVGFRE~1\avgemsui.dll] [GRISOFT, s.r.o., 7,1,0,400]
[C:\PROGRA~1\Grisoft\AVGFRE~1\avgemcps.dll] [GRISOFT, s.r.o., 7, 0, 0, 238]
[PID: 2856][C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe] [GRISOFT, s.r.o., 7,1,0,400]
[C:\PROGRA~1\Grisoft\AVGFRE~1\libsasl.dll] [GRISOFT, s.r.o., 7,1,0,285]
[C:\Program Files\Grisoft\AVG Free\avgcfg.dll] [GRISOFT, s.r.o., 7,1,0,404]
[C:\Program Files\Grisoft\AVG Free\avgklib.dll] [GRISOFT, s.r.o., 7,1,0,321]
[C:\PROGRA~1\Grisoft\AVGFRE~1\avglog.dll] [GRISOFT, s.r.o., 7,1,0,349]
[C:\Program Files\Grisoft\AVG Free\avglng.dll] [GRISOFT, s.r.o., 7,1,0,400]
[C:\Program Files\Grisoft\AVG Free\avgscan.dll] [GRISOFT, s.r.o., 7,1,0,406]
[C:\Program Files\Grisoft\AVG Free\avgunarc.dll] [GRISOFT, s.r.o., 7,1,0,407]
[C:\PROGRA~1\Grisoft\AVGFRE~1\saslcrammd5.dll] [GRISOFT, s.r.o., 7,1,0,285]
[C:\PROGRA~1\Grisoft\AVGFRE~1\sasldigestmd5.dll] [GRISOFT, s.r.o., 7,1,0,285]
[C:\PROGRA~1\Grisoft\AVGFRE~1\sasllogin.dll] [GRISOFT, s.r.o., 7,1,0,285]
[C:\PROGRA~1\Grisoft\AVGFRE~1\saslplain.dll] [GRISOFT, s.r.o., 7,1,0,300]
[C:\Program Files\Grisoft\AVG Free\avgmail.dll] [GRISOFT, s.r.o., 7,1,0,400]
[C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll] [N/A, N/A]
[C:\PROGRA~1\Grisoft\AVGFRE~1\avgemcps.dll] [GRISOFT, s.r.o., 7, 0, 0, 238]
[PID: 2876][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3292]
[C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll] [N/A, N/A]
[PID: 2988][C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe] [Google, 4.2006.1008.2039]
[C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll] [Google, 4.2006.1008.2039]
[C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll] [N/A, N/A]
[PID: 3052][C:\WINDOWS\vsnpstd.exe] [, 1, 0, 0, 4]
[C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll] [N/A, N/A]
[PID: 3092][C:\Program Files\Windows Defender\MSASCui.exe] [Microsoft Corporation, 1.1.1347.0]
[C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll] [N/A, N/A]
[PID: 3176][C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe] [Sun Microsystems, Inc., 5.0.40.5]
[PID: 3204][C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe] [Google, 4.2006.1008.2039]
[C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll] [Google, 4.2006.1008.2039]
[C:\Program Files\Google\Google Desktop Search\GoogleDesktopHyper.dll] [Google, 4.2006.1008.2039]
[C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL] [Google, 4.2006.1008.2039]
[C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll] [Google, 4.2006.1008.2039]
[C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll] [N/A, N/A]
[C:\Program Files\Google\Google Desktop Search\gzlib.dll] [N/A, N/A]
[PID: 3228][C:\Program Files\QuickTime\qttask.exe] [Apple Computer, Inc., 7.1.3]
[C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll] [N/A, N/A]
[PID: 3272][C:\Program Files\iTunes\iTunesHelper.exe] [Apple Computer, Inc., 7.0.0.70]
[C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL] [Apple Computer, Inc., 7.0.0.70]
[C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL] [Apple Computer, Inc., 7.0.0.70]
[C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll] [N/A, N/A]
[PID: 3292][C:\Program Files\Common Files\System\Update.exe] [N/A, N/A]
[C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll] [N/A, N/A]
[PID: 3344][C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.EXE] [ATI Technologies Inc., 2.0.0.4]
[C:\Program Files\ATI Multimedia\atisserv.dll] [ATI Technologies Inc., 8.6.002]
[C:\Program Files\ATI Multimedia\RemCtrl\rwenu.rsc] [ATI Technologies Inc., 2.0.0.3]
[C:\PROGRAM FILES\ATI MULTIMEDIA\REMCTRL\PLUG-INS\GEMSTARRMTPGN.DLL] [ATI Technologies Inc., 2.0.1]
[C:\PROGRAM FILES\ATI MULTIMEDIA\REMCTRL\PLUG-INS\MLRMTPGN.DLL] [ATI Technologies Inc., 2.0.0]
[C:\PROGRAM FILES\ATI MULTIMEDIA\REMCTRL\PLUG-INS\POWERPOINT.DLL] [ATI Technologies Inc., 2.0.2]
[C:\PROGRAM FILES\ATI MULTIMEDIA\REMCTRL\PLUG-INS\WINAMP.DLL] [ATI Technologies Inc., 2.0.0]
[C:\Program Files\ATI Multimedia\RemCtrl\x10net.dll] [X10, 2, 0, 0, 40]
[C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll] [N/A, N/A]
[C:\WINDOWS\system32\ATIRWRF.DLL] [ATI Technologies Inc., 2,0,0,0]
[PID: 3372][C:\Program Files\iISystem Wiper\SystemWiper.exe] [iISoftware, 1, 0, 0, 1]
[C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll] [N/A, N/A]
[PID: 3444][C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\MagicKey.exe] [N/A, N/A]
[C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\WDAccess.dll] [N/A, N/A]
[C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\WTMenu.dll] [N/A, N/A]
[C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\WTInter.dll] [N/A, N/A]
[C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\MediaCtl.dll] [N/A, N/A]
[C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\WTSystem.dll] [N/A, N/A]
[C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll] [N/A, N/A]
[PID: 3460][C:\Program Files\Belkin Wireless\Belkin Wireless Mouse\MouseAp.exe] [, 1, 0, 0, 1]
[C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll] [N/A, N/A]
[PID: 3632][C:\Program Files\iPod\bin\iPodService.exe] [Apple Computer, Inc., 7.0.0.70]
[C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL] [Apple Computer, Inc., 7.0.0.70]
[C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL] [Apple Computer, Inc., 7.0.0.70]
[PID: 3884][C:\WINDOWS\system32\rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\ATIMUL~1\RemCtrl\x10net.dll] [X10, 2, 0, 0, 40]
[C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll] [N/A, N/A]
[PID: 3948][C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe] [Google, 4.2006.1008.2039]
[C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll] [Google, 4.2006.1008.2039]
[C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll] [Google, 4.2006.1008.2039]
[C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll] [N/A, N/A]
[PID: 4084][C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\OSD.EXE] [WayTech Development, Inc., 2, 0, 0, 0]
[C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\WTBTNRES.dll] [N/A, N/A]
[C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll] [N/A, N/A]
[PID: 2216][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll] [N/A, N/A]
[PID: 3440][C:\Program Files\Microsoft Office\Office\WINWORD.EXE] [Microsoft Corporation, 9.0.4527]
[C:\Program Files\Grisoft\AVG Free\avgoff2k.dll] [GRISOFT, s.r.o., 7,1,0,321]
[C:\Program Files\Grisoft\AVG Free\avgcfg.dll] [GRISOFT, s.r.o., 7,1,0,404]
[C:\Program Files\Grisoft\AVG Free\avgklib.dll] [GRISOFT, s.r.o., 7,1,0,321]
[C:\Program Files\Grisoft\AVG Free\avgscan.dll] [GRISOFT, s.r.o., 7,1,0,406]
[C:\Program Files\Grisoft\AVG Free\avgunarc.dll] [GRISOFT, s.r.o., 7,1,0,407]
[C:\Program Files\Grisoft\AVG Free\avgcore.dll] [GRISOFT, s.r.o., 7,1,0,407]
[C:\Program Files\Google\Google Desktop Search\GoogleDesktopOffice.dll] [Google, 4.2006.1008.2039]
[C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll] [Google, 4.2006.1008.2039]
[C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll] [Google, 4.2006.1008.2039]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FUIC9EA.DLL] [SEIKO EPSON Corporation, 0. 3. 0, 133]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FMAI9EA.DLL] [SEIKO EPSON Corporation, 0. 3. 3. 18]
[C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll] [N/A, N/A]
[PID: 1864][C:\Documents and Settings\Tariq\Desktop\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]
[C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll] [N/A, N/A]

==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1 localhost

==================================
pokhim
Regular Member
 
Posts: 32
Joined: October 30th, 2006, 2:01 pm

Unread postby pokhim » November 5th, 2006, 12:41 pm

Tariq - 06-11-05 16:30:23.79 Service Pack 2
ComboFix 06.10.31W - Running from: "C:\Documents and Settings\Tariq\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll


((((((((((((((((((((((((((((((( Files Created from 2006-10-05 to 2006-11-05 ))))))))))))))))))))))))))))))))))


2006-11-05 15:18 80 --a------ C:\WINDOWS\gmer_uninstall.cmd
2006-11-05 14:56 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2006-11-05 13:25 3,584 --a------ C:\WINDOWS\system32\msasvc.exe
2006-11-05 13:20 2,048 --a------ C:\system.exe
2006-11-01 19:17 163,444 --a------ C:\WINDOWS\~tmp5370.exe
2006-11-01 19:14 4,633,912 --a------ C:\WindowsXP-KB918899-x86-CHS.exe
2006-11-01 19:14 163,444 --a------ C:\WINDOWS\~tmp2826.exe
2006-11-01 19:13 163,444 --a------ C:\WINDOWS\~tmp6679.exe
2006-11-01 19:05 163,444 --a------ C:\WINDOWS\~tmp9516.exe
2006-11-01 19:05 163,444 --a------ C:\WINDOWS\~tmp8591.exe
2006-10-30 16:26 90,800 -ra------ C:\WINDOWS\system32\drivers\se2Eunic.sys
2006-10-30 16:26 4,128 -ra------ C:\WINDOWS\system32\drivers\se2Ecr.sys
2006-10-30 16:26 18,704 -ra------ C:\WINDOWS\system32\drivers\se2End5.sys
2006-10-30 16:24 86,560 -ra------ C:\WINDOWS\system32\drivers\SE2Eobex.sys
2006-10-30 16:03 97,184 -ra------ C:\WINDOWS\system32\drivers\SE2Emdm.sys
2006-10-30 16:03 9,360 -ra------ C:\WINDOWS\system32\drivers\SE2Emdfl.sys
2006-10-28 15:18 173,056 --a------ C:\WINDOWS\~tmp7461.exe
2006-10-28 15:15 173,056 --a------ C:\WINDOWS\~tmp1223.exe
2006-10-28 15:14 173,056 --a------ C:\WINDOWS\~tmp2536.exe
2006-10-27 15:09 6,049,280 --------- C:\WINDOWS\system32\ieframe.dll
2006-10-27 15:09 50,688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-10-27 15:09 458,752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-10-27 15:09 180,736 --------- C:\WINDOWS\system32\ieui.dll
2006-10-27 02:44 13,312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-10-24 19:00 159,671 --a------ C:\WINDOWS\~tmp9759.exe
2006-10-24 18:59 159,671 --a------ C:\WINDOWS\~tmp5080.exe
2006-10-24 18:58 159,671 --a------ C:\WINDOWS\~tmp3666.exe
2006-10-17 13:05 206,336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 12:58 61,952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 12:58 12,288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 12:57 266,752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 12:27 380,928 --------- C:\WINDOWS\system32\ieapfltr.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-05 15:02 -------- d-------- C:\Program Files\SP2 Connection Patcher
2006-11-05 15:01 -------- d-------- C:\Program Files\Internet Explorer
2006-11-05 14:46 -------- d-------- C:\Documents and Settings\Tariq\Application Data\ATI MMC
2006-11-04 14:26 -------- d-------- C:\Documents and Settings\Tariq\Application Data\AdobeUM
2006-11-04 14:18 -------- d-------- C:\Program Files\William Hill Poker
2006-11-01 21:55 3072 --ahs---- C:\Documents and Settings\Tariq\Application Data\Thumbs.db
2006-11-01 19:17 163444 --a------ C:\WINDOWS\~tmp5370.exe
2006-11-01 19:14 163444 --a------ C:\WINDOWS\~tmp2826.exe
2006-11-01 19:14 -------- d-a------ C:\Program Files\Common Files
2006-11-01 19:13 163444 --a------ C:\WINDOWS\~tmp6679.exe
2006-11-01 19:13 -------- d-------- C:\Program Files\baidu
2006-11-01 19:12 467673 --a------ C:\Program Files\tshz093.exe
2006-11-01 19:12 -------- d-------- C:\Program Files\CNNIC
2006-11-01 19:11 -------- d-------- C:\Program Files\coolsign
2006-11-01 19:11 -------- d-------- C:\Program Files\Common Files\System
2006-11-01 19:10 60851 --a------ C:\Program Files\kw_wl_lyric_020.exe
2006-11-01 19:05 163444 --a------ C:\WINDOWS\~tmp9516.exe
2006-11-01 19:05 163444 --a------ C:\WINDOWS\~tmp8591.exe
2006-10-28 15:18 173056 --a------ C:\WINDOWS\~tmp7461.exe
2006-10-28 15:15 173056 --a------ C:\WINDOWS\~tmp1223.exe
2006-10-28 15:14 173056 --a------ C:\WINDOWS\~tmp2536.exe
2006-10-27 15:09 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-10-27 15:09 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-10-27 15:09 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-10-27 02:44 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-10-27 02:44 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-10-27 02:44 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-10-27 02:44 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-10-27 02:44 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-10-27 02:44 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-10-27 02:44 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-10-27 02:44 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-10-27 02:42 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-10-24 19:00 159671 --a------ C:\WINDOWS\~tmp9759.exe
2006-10-24 18:59 159671 --a------ C:\WINDOWS\~tmp5080.exe
2006-10-24 18:58 159671 --a------ C:\WINDOWS\~tmp3666.exe
2006-10-17 19:14 -------- d-------- C:\Program Files\BitComet
2006-10-17 13:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 13:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 13:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 13:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 13:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 12:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 12:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 12:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-15 01:48 -------- d-------- C:\Documents and Settings\Tariq\Application Data\X10 Commander
2006-10-14 12:11 -------- d-------- C:\Program Files\TVAnts
2006-09-28 16:39 778656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-09-23 12:04 -------- d-------- C:\Program Files\iTunes
2006-09-23 12:04 -------- d-------- C:\Program Files\iPod
2006-09-23 11:57 -------- d-------- C:\Program Files\QuickTime
2006-09-23 11:55 -------- d-------- C:\Program Files\Apple Software Update
2006-09-22 20:05 -------- d-------- C:\Program Files\Java
2006-09-21 20:12 -------- d-------- C:\Program Files\BidSlayer
2006-09-16 10:22 -------- d-------- C:\Program Files\TVUPlayer
2006-09-12 19:21 -------- d-------- C:\Program Files\Disc2Phone
2006-09-07 18:35 869 --a------ C:\Documents and Settings\Tariq\Application Data\AdobeDLM.log
2006-09-07 18:35 0 --a------ C:\Documents and Settings\Tariq\Application Data\dm.ini
2006-09-07 18:35 -------- d-------- C:\Program Files\Adobe
2006-09-07 18:32 -------- d-------- C:\Program Files\Common Files\Adobe
2006-09-07 18:32 -------- d-------- C:\Documents and Settings\Tariq\Application Data\Adobe
2006-09-06 17:43 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ATI Launchpad"=""
"ATI Remote Control"="C:\\Program Files\\ATI Multimedia\\RemCtrl\\ATIRW.EXE"
"iIWiper"="C:\\Program Files\\iISystem Wiper\\SystemWiper.exe m"
"EPSON Stylus CX6600 Series (Copy 2)"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATI9EA.EXE /P35 \"EPSON Stylus CX6600 Series (Copy 2)\" /M \"Stylus CX6600\" /EF \"HKCU\""
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"SP2 Connection Patcher"="\"C:\\Program Files\\SP2 Connection Patcher\\SP2ConnPatcher.exe\" -n=200"
"BidSlayer"=""
"Free Download Manager"="C:\\Program Files\\Free Download Manager\\fdm.exe -autorun"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"EPSON Stylus CX6600 Series (Copy 2)"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATI9EA.EXE /P35 \"EPSON Stylus CX6600 Series (Copy 2)\" /O5 \"LPT1:\" /M \"Stylus CX6600\""
"EPSON Stylus CX6600 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATI9EA.EXE /P26 \"EPSON Stylus CX6600 Series\" /O6 \"USB001\" /M \"Stylus CX6600\""
"D-Link AirPlus G"="C:\\Program Files\\D-Link\\AirPlus G\\AirGCFG.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"snpstd"="C:\\WINDOWS\\vsnpstd.exe"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_04\\bin\\jusched.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"NWEReboot"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,00,04,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f4,01,00,00,bd,00,00,00,78,00,00,00,6e,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWindowsUpdate"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=dword:00000000
"NoWindowsUpdate"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Error Nuker"="C:\\Program Files\\Error Nuker\\bin\\ErrorNuker.exe autostart"
"PCSuiteTrayApplication"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\TRAYAP~1.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Seek Style Junk Comp"="C:\\Documents and Settings\\All Users\\Application Data\\Logidolseekstyle\\Sect Curb.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_04\\bin\\jusched.exe"
"snpstd"="C:\\WINDOWS\\vsnpstd.exe"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"gcasServ"="\"C:\\Program Files\\Microsoft AntiSpyware\\gcasServ.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"ANIWZCS2Service"="C:\\Program Files\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe"
"nForce Tray Options"="sstray.exe /r"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
p2psvc REG_MULTI_SZ p2psvc\0p2pimsvc\0p2pgasvc\0PNRPSvc\0\0

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
Trial


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\XoftSpy.job

Completion time: 06-11-05 16:33:12.15
C:\ComboFix.txt ... 06-11-05 16:33
C:\ComboFix1doc.txt ... 06-10-30 23:36
C:\ComboFix2.txt ... 06-10-30 23:09
pokhim
Regular Member
 
Posts: 32
Joined: October 30th, 2006, 2:01 pm

Unread postby Susan528 » November 5th, 2006, 9:41 pm

Thank you for the GMER log.

C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll

It is showing the contemptible Trojan Torpig, which can allow an attacker to gain control of the system, log keystrokes, steal passwords, access personal data, send malevolent outgoing traffic, and close the security warning messages displayed by some anti-virus and security programs.

Would advise for you to disconnect this PC from the Internet, and then go to a known clean computer and change any passwords or security information held on the infected computer. In particular, check whatever relates to online banking financial transactions, shopping, credit cards, or sensitive personal information. It is also wise to contact your financial institutions to apprise them of your situation.

Will do our best to clean the computer of any infections seen on the log. However, because of the nature of this Trojan, cannot offer a total guarantee that there are no remnants left in the system, or that the computer will be trustworthy.

Many security experts believe that once infected with this type of Trojan, the best course of action is to reformat and reinstall the Operating System. Making this decision is based on what the computer is used for, and what information can be accessed from it.
================
Do not use this system for any transactions until you are clean.

Here are a couple of links which may provide you with additional valuable information:
When should I re-format? How should I reinstall?
http://www.dslreports.com/faq/10063

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
http://www.dslreports.com/faq/10451


If You do any online banking, ebay/paypal purchases, any other sensitive online transactions...:

You are strongly advised to do the following immediately:

1. Disconnect infected computer from the internet and from any networked computers until the computer can be cleaned.

2. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

3. From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passords and transaction information.
===============
Knowing the above and how you use this computer, let us know if you wish to proceed or if you plan to format and reinstall.
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

Unread postby pokhim » November 6th, 2006, 5:16 am

well thanks alot! i've managed to change all my details and passwords etc. i'm using a comp at uni at the mo. what ever yyou think is the best course of action. i think i will re format my harddrive. do you have any tips on doing this? e.g should i be backing up all the software aswell as music and movies?
pokhim
Regular Member
 
Posts: 32
Joined: October 30th, 2006, 2:01 pm

Unread postby Susan528 » November 6th, 2006, 8:36 am

Formatting will wipe out everything on your computer. If you back-up files first, the files could possibly be infected so you should scan them first to try to make sure they are clean. There are recommendations below.

If you have access to free computer support from your manufacturer, I would recommend using it. They may also have a website which will include documentation for your model of computer.

Microsoft has provided following link that may help with locating manufacturer computer support.

http://support.microsoft.com/common/int ... s;oemphone

If you are unable to find information, Wng_z3r0, a teacher here and very respected member at other forums, has created a wonderful tutorial which can be found here:
http://spyware-free.us/tutorials/reformat/

Please let us know if we can be of further assistance and I know Wng_z3r0 would be glad to help if you have any questions pertaining to his tutorial.

Additional recommendations:
If you decide to go this route, start the format, and make sure you are not connected to the Internet (unplug dial-up, DSL, cable, wireless ) when you install the Operating System. After the OS is on board, install an Antivirus program and a Firewall (if you have a CD for them), reboot, then connect to the Internet, and install Service Pack 2.

If you do not have a CD, and need to download an AntiVirus program and a Firewall from the Internet, let that be the first step so that the system is protected right after the Operating System is installed.

There are free AntiVirus programs you can download:

Grisoft’s AVG Anti-virus Free Edition: http://free.grisoft.com/freeweb.php

avast! 4 Home: http://www.avast.com/eng/avast_4_home.html

AntiVir Personal Edition: http://www.free-av.com/


Some free Firewall choices are:

ZoneAlarm:
http://www.zonelabs.com/store/content/cata...lid=dbtopnav_za

Sunbelt Kerio:
http://www.sunbelt-software.com/Kerio.cfm

OutPost:
http://www.agnitum.com/products/outpostfree/download.php


Then, make sure that the AntiVirus program installed in your system is always kept up to date!

Last, install whatever other programs you wish after the computer has protection.

If data was backed up prior to the format, before placing that data back into a clean hard drive, have it scanned with AntiVirus programs. Use more than one program, since AntiVirus scanners use databases that are not identical, and one may find malware that another does not. If the data is reported as clean after running a few virus scans (IMO would use three or more), it should be safe to place it in the clean hard drive.

====
Some of the best suggestions and programs to remain malware free are contained in the following:
Tony Klein’s article 'How Did I Get Infected In The First Place'
http://castlecops.com/postlite7736-.html
Take a look at what the article has to offer and select the programs that suit your needs.

Also, the following is an excellent program that you may want to run on a regular basis:

AdAware SE:
http://www.majorgeeks.com/download506.html

Every so often, also perform an online virus scan.
AntiVirus scanners use databases which are not identical, and one may find malware that another does not.

Some online scanners:
TrendMicro HouseCall:
http://uk.trendmicro-europe.com/consumer/h...call_launch.php

Panda ActiveScan:
http://www.pandasoftware.com/products/activescan.htm

Kaspersky Online Scanner (using Internet Explorer):
http://www.kaspersky.com/virusscanner

BitDefender:
http://www.bitdefender.com/scan8/

If you have any questions or comments, do not hesitate to post back.
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

Unread postby pokhim » November 6th, 2006, 12:01 pm

So i actually went and bought a new hard drive because i needed more memory and so that i can fix this problem.

i just installed windows on the new one. should i install a antivirus and firewall and then connect my old hard drive and drag over my music and videos and a few pieces of software. Then format the old hard drive (the one with the virus on it).
pokhim
Regular Member
 
Posts: 32
Joined: October 30th, 2006, 2:01 pm

Unread postby Susan528 » November 6th, 2006, 12:41 pm

i just installed windows on the new one. should i install a antivirus and firewall and then connect my old hard drive and drag over my music and videos and a few pieces of software. Then format the old hard drive (the one with the virus on it).


The point about the antivirus and firewall is that you need it installed before you dare connect to the Internet. You will eventually need to connect to the Internet and obtain Microsoft's latest security updates for Windows and other Microsoft applications. So you might as well install it but before you drag over a few music and videos and software, you should scan those files in case they might be infected.
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

Unread postby pokhim » November 7th, 2006, 7:34 am

right i think i have the idea.

i made a mistake so now i think the trojan is on both hard drives.
i am going to..

1. follow the tutorial for one of my hard drives.
2. transfer my data over to the formated hard drive while staying disconnected from the internet.
3. the format that hard drive.
4. do you think this is the best way of doing it?
5. i dont have any access to manufactors because i built the pc myself.
pokhim
Regular Member
 
Posts: 32
Joined: October 30th, 2006, 2:01 pm

Unread postby Susan528 » November 7th, 2006, 3:42 pm

How is it going? How much data you have to transfer?
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: Vanilla-krypton and 35 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware