Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hijackthis log, obviously

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby Rogue » October 9th, 2007, 8:47 am

Hi Shekb,

Your logs all appear to be clean. How is the PC running?


Let's clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if used inappropriately.


Double click OTMoveIt.exe to launch the program.
  • Click on the CleanUp! button.
  • OTMoveIt will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
  • You will be prompted to allow the clean up procedure, click Yes
  • When finished exit out of OTMoveIt
  • Now delete OTMoveIt.exe

I also recommend you manually remove the folder C:\_OTMoveIt
*=========================*

Flush System Restore
Go to Start > All Programs > Accessories > System Tools > System Restore
Select Create a Restore Point, and then click Ok

Next, go to Start > Run and type in cleanmgr
Select the More Options tab
Choose the option to Clean Up System Restore and select OK.
This will remove all restore points except the new one you just created
*========================*

This is my post for when you are All Clean - which you seem to be.

But to help protect you against further infections, and also to help prevent criminals using your computer to infect other people's computers on the web, I recommend the following: (You may already have some of the items or completed steps)

Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
    1. Change the Download signed ActiveX controls to Prompt
    2. Change the Download unsigned ActiveX controls to Disable
    3. Change the Initialise and script ActiveX controls not marked as safe to Disable
    4. Change the Installation of desktop items to Prompt
    5. Change the Launching programs and files in an IFRAME to Prompt
    6. Change the Navigate sub-frames across different domains to Prompt
    7. When all these settings have been made, click on the OK button.
    8. If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Set up system to ensure a regular update of the Operating System.

Automatically:
  1. On the Desktop, right-click My Computer.
  2. Click Properties.
  3. Click on Automatic Updates
  4. Check the option of choice (I use Automatic (Recommended)). If you use dial-up I would recommend using the
    Notify Me option so that you can download when you can afford the time and bandwidth overheads.
  5. Select the Day/Time of choice
  6. Click Apply
  7. Click OK



Safe Surfing,

Rogue
User avatar
Rogue
MRU Teacher Emeritus
 
Posts: 4782
Joined: November 3rd, 2005, 3:21 pm
Location: Salt Lake City, Utah
Advertisement
Register to Remove

Thanks :)

Unread postby Shekb » October 9th, 2007, 5:17 pm

My computer used to run really really fast (with Windows XP indeed), but it was getting slower by the minute, so I though it had been infected.

I also use AVG Anti-Rootkit that had told me I had a rootkit, and each time I deleted the "rootkit" it came back as soon as I turned my computer off

And Ad-Aware had a problem dealing with an MRU object, I had to reboot to delete it, and when I scanned again, it was right there again.....

Oh, AVG and Spybot detected stuff, so I just went "Gotta make sure there's nothing left"

But hey, thanks !!

And I didn't delete the stuff you told me to delete (Registry values ?) in your other post, I'd like to know what they are, because I just saw something about Meteomedia, which is a weather program, so I dunno what you wanted me to do with this or if it's going to make the program not work

Thanks :D
Shekb
Regular Member
 
Posts: 62
Joined: October 2nd, 2007, 5:51 pm

Unread postby Rogue » October 9th, 2007, 8:02 pm

Hi Shekb,

O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [MétéoIMédia] C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe

Those are not ‘bad’ but I asked those to be removed to help free up some resources.
They will still work you would just need to start the program manually. Don't worry about 'fixing' them

All the other information is quite useful. Do you happen to have the log from AVG Rootkit or recall the file name?

Do you happen to have a log from AVG AntiSpyware?
User avatar
Rogue
MRU Teacher Emeritus
 
Posts: 4782
Joined: November 3rd, 2005, 3:21 pm
Location: Salt Lake City, Utah

Unread postby Shekb » October 9th, 2007, 10:27 pm

Ok, great then, I'm gonna delete these :P

And I will scan probably tonight or tomorrow, so I should have the logs soon
Shekb
Regular Member
 
Posts: 62
Joined: October 2nd, 2007, 5:51 pm

AVG anti-rootikit log

Unread postby Shekb » October 9th, 2007, 10:58 pm

Here's the AVG anti-rootikit log...... if you can call this a log »_»

Rootkit Path Rootkit type
C:\WINDOWS\System32\Drivers\ag409pmc.SYS Hidden driver file

The file name always differs each time I delete it
Shekb
Regular Member
 
Posts: 62
Joined: October 2nd, 2007, 5:51 pm

Glad I scanned with Ad-aware

Unread postby Shekb » October 9th, 2007, 11:37 pm

I just scanned with Ad-Aware and found 2 adware :lol:

Sucks, how come Hijack this didn't see this one coming :?

Anyway, here's the log, I quarantined the 2 objects by the way, and the MRU object that didn't want to go away is now gone, so I guess it must have been one of these 2

Ad-Aware 2007 Build
Log File Created on: 2007-10-09 23:33:34
Using Definitions File: C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\core.aawdef
Computer name: SEB
Name of user performing scan: SYSTEM

System information
===========================
Number of processors: 1
Processor type: AMD Sempron(TM) 2400+
Memory Available: 27%
Total Physical Memory: 267943936 Bytes
Available Physical Memory: 69836800 Bytes
Total Page File Size: 646311936 Bytes
Available On Page File: 202874880 Bytes
Total Virtual Memory: 2147352576 Bytes
Available Virtual Memory: 1991917568 Bytes
OS: Microsoft Windows XP Service Pack 2 (Build 2600)

Ad-Aware 2007 Settings
===========================
Skipping files larger than 1048576 kB
Ignoring infections with lower TAI than: 3


Extended Ad-Aware 2007 Settings
===========================
Unloading known modules during scan
Ignoring spanned files when scanning cab archives
Reanalyzing results after scanning before displaying results
Trying to unload modules prior to removal
Let Windows remove files currently in use at next reboot
Removing quarantined objects after restore
Deactivating Ad-Watch during scans
Writeprotecting system files after repairs
Include info about ignored objects in log file
Including basic settings in log file
Including advanced settings in log file
Including user and computer name in log file
Create and save WebUpdate log file
Dumping details about unhandled exceptions to disk

Databaseinfo
===========================
Version number: 25
Build Number: 0
Build Date and Time: 2007/10/08 02:52:24

Scan Statistics
===========================
Method: Full
Scan tracking cookies.............................: On
Scan ADS filestreams..............................: Off

Item Scanned: 178356
Infections Detected: 29
Infections Ignored: 0

Scan detailed statistics
===========================
Type Critical Total
Process Scan....: 0 0
Registry Scan...: 1 1
Registry PE Scan: 0 0
Hosts File Scan.: 0 0
File Scan.......: 0 0
Folder Scan.....: 0 0
LSP Scan........: 0 0
ADS Scan........: 0 0
Cookie Scan.....: 24 24
File Hash Scan..: 1 1

Infections Found
===========================
Family Id: 725 Name: Tracking Cookie Category: DataMiner TAI:3
Item Id: 600000513 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Sr\Cookies\index.dat ads.adbrite.com ihc_352518 /
Item Id: 600000112 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Sr\Cookies\index.dat live365.com SaneID /
Item Id: 600000179 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Sr\Cookies\index.dat atdmt.com AA002 /
Item Id: 600000142 Value: Browser: Firefox Cookie: C:\Documents and Settings\Sr\Application Data\Mozilla\Firefox\Profiles/glokrcx9.default\cookies.txt estat.com e /
Item Id: 600000476 Value: Browser: Firefox Cookie: C:\Documents and Settings\Sr\Application Data\Mozilla\Firefox\Profiles/glokrcx9.default\cookies.txt statcounter.com session_1647779 /
Item Id: 600000476 Value: Browser: Firefox Cookie: C:\Documents and Settings\Sr\Application Data\Mozilla\Firefox\Profiles/glokrcx9.default\cookies.txt statcounter.com session_1348422 /
Item Id: 600000664 Value: Browser: Firefox Cookie: C:\Documents and Settings\Sr\Application Data\Mozilla\Firefox\Profiles/glokrcx9.default\cookies.txt fileforum.betanews.com __utma /
Item Id: 600000664 Value: Browser: Firefox Cookie: C:\Documents and Settings\Sr\Application Data\Mozilla\Firefox\Profiles/glokrcx9.default\cookies.txt fileforum.betanews.com __utmz /
Item Id: 600000212 Value: Browser: Firefox Cookie: C:\Documents and Settings\Sr\Application Data\Mozilla\Firefox\Profiles/glokrcx9.default\cookies.txt msnportal.112.2o7.net s_vi /
Item Id: 600000513 Value: Browser: Firefox Cookie: C:\Documents and Settings\Sr\Application Data\Mozilla\Firefox\Profiles/glokrcx9.default\cookies.txt adbrite.com Apache /
Item Id: 600000513 Value: Browser: Firefox Cookie: C:\Documents and Settings\Sr\Application Data\Mozilla\Firefox\Profiles/glokrcx9.default\cookies.txt adbrite.com b /
Item Id: 600000513 Value: Browser: Firefox Cookie: C:\Documents and Settings\Sr\Application Data\Mozilla\Firefox\Profiles/glokrcx9.default\cookies.txt adbrite.com fq /
Item Id: 600000073 Value: Browser: Firefox Cookie: C:\Documents and Settings\Sr\Application Data\Mozilla\Firefox\Profiles/glokrcx9.default\cookies.txt adopt.specificclick.net LO /
Item Id: 600000073 Value: Browser: Firefox Cookie: C:\Documents and Settings\Sr\Application Data\Mozilla\Firefox\Profiles/glokrcx9.default\cookies.txt adopt.specificclick.net UI /
Item Id: 600000179 Value: Browser: Firefox Cookie: C:\Documents and Settings\Sr\Application Data\Mozilla\Firefox\Profiles/glokrcx9.default\cookies.txt atdmt.com AA002 /
Item Id: 600000332 Value: Browser: Firefox Cookie: C:\Documents and Settings\Sr\Application Data\Mozilla\Firefox\Profiles/glokrcx9.default\cookies.txt edge.ru4.com ru4.1320 /
Item Id: 600000332 Value: Browser: Firefox Cookie: C:\Documents and Settings\Sr\Application Data\Mozilla\Firefox\Profiles/glokrcx9.default\cookies.txt edge.ru4.com ru4.uid /
Item Id: 600000112 Value: Browser: Firefox Cookie: C:\Documents and Settings\Sr\Application Data\Mozilla\Firefox\Profiles/glokrcx9.default\cookies.txt live365.com SaneID /
Item Id: 600000083 Value: Browser: Firefox Cookie: C:\Documents and Settings\Sr\Application Data\Mozilla\Firefox\Profiles/glokrcx9.default\cookies.txt realmedia.com NXCLICK2 /
Item Id: 600000083 Value: Browser: Firefox Cookie: C:\Documents and Settings\Sr\Application Data\Mozilla\Firefox\Profiles/glokrcx9.default\cookies.txt realmedia.com RMFL /
Item Id: 600000083 Value: Browser: Firefox Cookie: C:\Documents and Settings\Sr\Application Data\Mozilla\Firefox\Profiles/glokrcx9.default\cookies.txt realmedia.com RMID /
Item Id: 600000415 Value: Browser: Firefox Cookie: C:\Documents and Settings\Sr\Application Data\Mozilla\Firefox\Profiles/glokrcx9.default\cookies.txt revsci.net 01AIS /
Item Id: 600000415 Value: Browser: Firefox Cookie: C:\Documents and Settings\Sr\Application Data\Mozilla\Firefox\Profiles/glokrcx9.default\cookies.txt revsci.net 01IS /
Item Id: 600000304 Value: Browser: Firefox Cookie: C:\Documents and Settings\Sr\Application Data\Mozilla\Firefox\Profiles/glokrcx9.default\cookies.txt tremor.adbureau.net GUID /
Family Id: 1259 Name: Adware.Adssite Category: Adware TAI:5
Item Id: 59932 Value: File: C:\System Volume Information\_restore{EFA64F0E-B634-485E-8FD8-5E6178FA34F2}\RP61\A0006234.dll
Item Id: 300033882 Value: Root: HKLM Path: software\microsoft\windows\currentversion\uninstall\rightonadz
Family Id: 9999 Name: MRU Object Category: MRU Object TAI:0
Item Id: 1 Value: MRU Path: C:\Documents and Settings\Sr\Recent Count: 23
Item Id: 2 Value: MRU Registry Key: S-1-5-21-3022743026-1178394210-3232184841-1005\Software\Microsoft\Search Assistant\ACMru\5603 Count: 1
Item Id: 3 Value: MRU Registry Key: S-1-5-21-3022743026-1178394210-3232184841-1005\Software\Microsoft\Internet Explorer\TypedURLs Count: 3

Items Ignored During Scan
===========================


Listing of running processes
===========================
C:\WINDOWS\SYSTEM32\SMSS.EXE
c:\windows\system32\smss.exe

c:\windows\system32\ntdll.dll

C:\WINDOWS\SYSTEM32\CSRSS.EXE
c:\windows\system32\csrss.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\csrsrv.dll

c:\windows\system32\basesrv.dll

c:\windows\system32\winsrv.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\sxs.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\version.dll

C:\WINDOWS\SYSTEM32\WINLOGON.EXE
c:\windows\system32\winlogon.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\authz.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\nddeapi.dll

c:\windows\system32\profmap.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\psapi.dll

c:\windows\system32\regapi.dll

c:\windows\system32\secur32.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\version.dll

c:\windows\system32\winsta.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\imm32.dll

c:\windows\system32\msgina.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\odbc32.dll

c:\windows\system32\comdlg32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\odbcint.dll

c:\windows\system32\shsvcs.dll

c:\windows\system32\sfc.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\ole32.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\winscard.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\sxs.dll

c:\windows\system32\winmm.dll

c:\windows\system32\syncor11.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\cscdll.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\wlnotify.dll

c:\windows\system32\winspool.drv

c:\windows\system32\mpr.dll

c:\windows\system32\wgalogon.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\cscui.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\wdmaud.drv

c:\windows\system32\msacm32.drv

c:\windows\system32\msacm32.dll

c:\windows\system32\midimap.dll

C:\WINDOWS\SYSTEM32\SERVICES.EXE
c:\windows\system32\services.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\scesrv.dll

c:\windows\system32\authz.dll

c:\windows\system32\umpnpmgr.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\ncobjapi.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acadproc.dll

c:\windows\system32\imm32.dll

c:\windows\system32\secur32.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\version.dll

c:\windows\system32\eventlog.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\psapi.dll

c:\windows\system32\wtsapi32.dll

C:\WINDOWS\SYSTEM32\LSASS.EXE
c:\windows\system32\lsass.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\lsasrv.dll

c:\windows\system32\mpr.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\secur32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\samsrv.dll

c:\windows\system32\cryptdll.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\syncor11.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\msprivs.dll

c:\windows\system32\kerberos.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\netlogon.dll

c:\windows\system32\w32time.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\schannel.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\wdigest.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\scecli.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\ipsecsvc.dll

c:\windows\system32\authz.dll

c:\windows\system32\oakley.dll

c:\windows\system32\winipsec.dll

c:\windows\system32\pstorsvc.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\psbase.dll

c:\windows\system32\dssenh.dll

c:\windows\system32\xpsp2res.dll

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\syncor11.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\rpcss.dll

c:\windows\system32\secur32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\termsrv.dll

c:\windows\system32\icaapi.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\authz.dll

c:\windows\system32\mstlsapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\atl.dll

c:\windows\system32\regapi.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\rdpwsx.dll

c:\windows\system32\winspool.drv

c:\windows\system32\apphelp.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\syncor11.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\rpcss.dll

c:\windows\system32\secur32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\msi.dll

C:\PROGRAM FILES\WINDOWS DEFENDER\MSMPENG.EXE
c:\program files\windows defender\msmpeng.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll

c:\windows\system32\msvcrt.dll

c:\program files\windows defender\mpsvc.dll

c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\version.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\program files\windows defender\mpclient.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\secur32.dll

c:\windows\system32\netapi32.dll

c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{b27b585a-8dd8-45c0-a367-a9e06b3faad2}\mpengine.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\psapi.dll

c:\windows\system32\iphlpapi.dll

c:\program files\windows defender\mprtplug.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\syncor11.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\shsvcs.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\dhcpcsvc.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\secur32.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\wzcsvc.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\wmi.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\esent.dll

c:\windows\system32\atl.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\rastls.dll

c:\windows\system32\cryptui.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\mprapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\schannel.dll

c:\windows\system32\winscard.dll

c:\windows\system32\raschap.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\schedsvc.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\msidle.dll

c:\windows\system32\audiosrv.dll

c:\windows\system32\wkssvc.dll

c:\windows\system32\cryptsvc.dll

c:\windows\system32\certcli.dll

c:\windows\system32\es.dll

c:\windows\system32\ersvc.dll

c:\windows\system32\dmserver.dll

c:\windows\system32\srvsvc.dll

c:\windows\system32\hidserv.dll

c:\windows\system32\hid.dll

c:\windows\pchealth\helpctr\binaries\pchsvc.dll

c:\windows\system32\netman.dll

c:\windows\system32\netshell.dll

c:\windows\system32\credui.dll

c:\windows\system32\wzcsapi.dll

c:\windows\system32\sens.dll

c:\windows\system32\seclogon.dll

c:\windows\system32\wuauserv.dll

c:\windows\system32\wbem\wmisvc.dll

c:\windows\system32\vssapi.dll

c:\windows\system32\wuaueng.dll

c:\windows\system32\winspool.drv

c:\windows\system32\winhttp.dll

c:\windows\system32\cabinet.dll

c:\windows\system32\mspatcha.dll

c:\windows\system32\w32time.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\trkwks.dll

c:\windows\system32\srsvc.dll

c:\windows\system32\powrprof.dll

c:\windows\system32\browser.dll

c:\windows\system32\ipnathlp.dll

c:\windows\system32\authz.dll

c:\windows\system32\sfc.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\wscsvc.dll

c:\windows\system32\msi.dll

c:\windows\system32\wbem\wbemcomn.dll

c:\windows\system32\wbem\wbemcore.dll

c:\windows\system32\wbem\esscli.dll

c:\windows\system32\wbem\fastprox.dll

c:\windows\system32\sxs.dll

c:\windows\system32\comsvcs.dll

c:\windows\system32\colbact.dll

c:\windows\system32\mtxclu.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\clusapi.dll

c:\windows\system32\resutils.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\wbem\wmiutils.dll

c:\windows\system32\wbem\repdrvfs.dll

c:\windows\system32\wbem\wmiprvsd.dll

c:\windows\system32\ncobjapi.dll

c:\windows\system32\wbem\wbemess.dll

c:\windows\system32\wbem\ncprov.dll

c:\windows\system32\netrap.dll

c:\windows\system32\msxml3.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\upnp.dll

c:\windows\system32\ssdpapi.dll

c:\windows\system32\netcfgx.dll

c:\windows\system32\rasmans.dll

c:\windows\system32\winipsec.dll

c:\windows\system32\tapisrv.dll

c:\windows\system32\psapi.dll

c:\windows\system32\rastapi.dll

c:\windows\system32\unimdm.tsp

c:\windows\system32\uniplat.dll

c:\windows\system32\kmddsp.tsp

c:\windows\system32\ndptsp.tsp

c:\windows\system32\ipconf.tsp

c:\windows\system32\h323.tsp

c:\windows\system32\urlmon.dll

c:\windows\system32\hidphone.tsp

c:\windows\system32\rasppp.dll

c:\windows\system32\ntlsapi.dll

c:\windows\system32\kerberos.dll

c:\windows\system32\cryptdll.dll

c:\windows\system32\rasdlg.dll

c:\windows\system32\wbem\wbemsvc.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\syncor11.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\dnsrslvr.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\syncor11.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\lmhsvc.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\webclnt.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\secur32.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\regsvc.dll

c:\windows\system32\ssdpsrv.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\httpapi.dll

c:\windows\system32\winhttp.dll

C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AAWSERVICE.EXE
c:\program files\lavasoft\ad-aware 2007\aawservice.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\program files\lavasoft\ad-aware 2007\ceapi.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\program files\lavasoft\ad-aware 2007\pkarchive84cb.dll

c:\windows\system32\shell32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\ole32.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\psapi.dll

c:\windows\system32\version.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\program files\lavasoft\ad-aware 2007\update.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\userenv.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
c:\windows\system32\spoolsv.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\syncor11.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\spoolss.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\localspl.dll

c:\windows\system32\secur32.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\winspool.drv

c:\windows\system32\netapi32.dll

c:\windows\system32\cnbjmon.dll

c:\windows\system32\pjlmon.dll

c:\windows\system32\tcpmon.dll

c:\windows\system32\usbmon.dll

c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\win32spl.dll

c:\windows\system32\netrap.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\inetpp.dll

c:\windows\system32\xpsp2res.dll

C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\GUARD.EXE
c:\program files\grisoft\avg anti-spyware 7.5\guard.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\program files\grisoft\avg anti-spyware 7.5\engine.dll

c:\windows\system32\shfolder.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\psapi.dll

c:\windows\system32\version.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\syncor11.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

C:\PROGRA~1\GRISOFT\AVG7\AVGAMSVR.EXE
c:\progra~1\grisoft\avg7\avgamsvr.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\version.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\progra~1\grisoft\avg7\avgklib.dll

c:\windows\system32\shfolder.dll

c:\windows\system32\msvcp71.dll

c:\windows\system32\msvcr71.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\imm32.dll

c:\progra~1\grisoft\avg7\avglog.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\program files\grisoft\avg7\avgcfg.dll

c:\windows\system32\shell32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\psapi.dll

c:\windows\system32\wbem\wbemprox.dll

c:\windows\system32\wbem\wbemcomn.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\wbem\wbemsvc.dll

c:\windows\system32\wbem\fastprox.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\secur32.dll

c:\program files\grisoft\avg7\avglng.dll

c:\program files\grisoft\avg7\avgamint.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\program files\grisoft\avg7\avgamsps.dll

c:\windows\system32\iphlpapi.dll

C:\PROGRA~1\GRISOFT\AVG7\AVGUPSVC.EXE
c:\progra~1\grisoft\avg7\avgupsvc.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\version.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\msvcr71.dll

c:\windows\system32\imm32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\secur32.dll

C:\PROGRA~1\GRISOFT\AVG7\AVGEMC.EXE
c:\progra~1\grisoft\avg7\avgemc.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\version.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\progra~1\grisoft\avg7\libsasl.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\msvcr71.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\msvcp71.dll

c:\windows\system32\shfolder.dll

c:\windows\system32\shell32.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\progra~1\grisoft\avg7\avglog.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\program files\grisoft\avg7\avgcfg.dll

c:\program files\grisoft\avg7\avgklib.dll

c:\program files\grisoft\avg7\avglng.dll

c:\program files\grisoft\avg7\avgscan.dll

c:\program files\grisoft\avg7\avgunarc.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\winmm.dll

c:\windows\system32\syncor11.dll

c:\windows\system32\schannel.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\secur32.dll

c:\windows\system32\userenv.dll

c:\progra~1\grisoft\avg7\saslcrammd5.dll

c:\progra~1\grisoft\avg7\sasldigestmd5.dll

c:\progra~1\grisoft\avg7\sasllogin.dll

c:\progra~1\grisoft\avg7\saslplain.dll

c:\program files\grisoft\avg7\avgmail.dll

c:\windows\system32\sensapi.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\psapi.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\progra~1\grisoft\avg7\avgemcps.dll

C:\PROGRAM FILES\GOOGLE\COMMON\GOOGLE UPDATER\GOOGLEUPDATERSERVICE.EXE
c:\program files\google\common\google updater\googleupdaterservice.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\shell32.dll

c:\windows\system32\version.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
c:\program files\common files\microsoft shared\vs7debug\mdm.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\ole32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\version.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\psapi.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

C:\PROGRAM FILES\ANALOG DEVICES\SOUNDMAX\SMAGENT.EXE
c:\program files\analog devices\soundmax\smagent.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shell32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

C:\DOCUMENTS AND SETTINGS\SR\MY DOCUMENTS\S-C\VISUAL BOY\PSX\ISOBUSTER\ALCOHOL 120\STARWIND\STARWINDSERVICEAE.EXE
c:\documents and settings\sr\my documents\s-c\visual boy\psx\isobuster\alcohol 120\starwind\starwindserviceae.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\wsnmp32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\version.dll

c:\windows\system32\msxml3.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\syncor11.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\wiaservc.dll

c:\windows\system32\cfgmgr32.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\mscms.dll

c:\windows\system32\winspool.drv

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\actxprxy.dll

c:\windows\system32\sti.dll

C:\WINDOWS\SYSTEM32\ALG.EXE
c:\windows\system32\alg.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\atl.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\syncor11.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

C:\WINDOWS\EXPLORER.EXE
c:\windows\explorer.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\browseui.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\ole32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\shdocvw.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\cryptui.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\syncor11.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\apphelp.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\cscui.dll

c:\windows\system32\cscdll.dll

c:\windows\system32\themeui.dll

c:\windows\system32\secur32.dll

c:\windows\system32\msimg32.dll

c:\windows\system32\xpsp2res.dll

c:\program files\windows media player\wmpband.dll

c:\windows\system32\mpr.dll

c:\windows\system32\samlib.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\linkinfo.dll

c:\windows\system32\ntshrui.dll

c:\windows\system32\atl.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\psapi.dll

c:\windows\system32\netshell.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\credui.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\winsta.dll

c:\windows\system32\webcheck.dll

c:\progra~1\wifd1f~1\mpshhook.dll

c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll

c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll

c:\windows\system32\stobject.dll

c:\windows\system32\batmeter.dll

c:\windows\system32\powrprof.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\wpdshserviceobj.dll

c:\windows\system32\winhttp.dll

c:\windows\system32\msi.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\urlmon.dll

c:\windows\system32\wdmaud.drv

c:\windows\system32\msacm32.drv

c:\windows\system32\midimap.dll

c:\windows\system32\mydocs.dll

c:\windows\system32\portabledevicetypes.dll

c:\windows\system32\portabledeviceapi.dll

c:\windows\system32\mlang.dll

c:\program files\tilt wheel mouse\multi-direction optical mouse\1.3\moudl32b.dll

c:\windows\system32\msctf.dll

c:\windows\system32\drprov.dll

c:\windows\system32\ntlanman.dll

c:\windows\system32\netui0.dll

c:\windows\system32\netui1.dll

c:\windows\system32\netrap.dll

c:\windows\system32\davclnt.dll

c:\windows\system32\browselc.dll

c:\windows\system32\sxs.dll

c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll

c:\windows\system32\mscms.dll

c:\windows\system32\winspool.drv

c:\windows\system32\ntmarta.dll

c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll

c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll

c:\progra~1\spybot~1\sdhelper.dll

c:\windows\system32\olepro32.dll

c:\program files\microsoft office\office10\msohev.dll

C:\PROGRAM FILES\TILT WHEEL MOUSE\MULTI-DIRECTION OPTICAL MOUSE\1.3\MOUSE32B.EXE
c:\program files\tilt wheel mouse\multi-direction optical mouse\1.3\mouse32b.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\ole32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\program files\tilt wheel mouse\multi-direction optical mouse\1.3\moudl32b.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\setupapi.dll

c:\windows\system32\hid.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\msctf.dll

C:\PROGRAM FILES\THOMSON\LYRA JUKEBOX\LYRAHDTRAYAPP\LYRAHD2TRAYAPP.EXE
c:\program files\thomson\lyra jukebox\lyrahdtrayapp\lyrahd2trayapp.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\program files\thomson\lyra jukebox\lyrahdtrayapp\lyrahd2profiler.dll

c:\windows\system32\wmvcore.dll

c:\windows\system32\wmasf.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\ole32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\shlwapi.dll

c:\program files\thomson\lyra jukebox\lyrahdtrayapp\lyradbdll.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\comdlg32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\winspool.drv

c:\windows\system32\imm32.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\riched32.dll

c:\windows\system32\riched20.dll

c:\windows\system32\msctf.dll

C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
c:\windows\system32\atiptaxx.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\version.dll

c:\windows\system32\ole32.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\atrpuixx.enu

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\atipdsxx.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\msctf.dll

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\syncor11.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\w3ssl.dll

c:\windows\system32\strmfilt.dll

c:\windows\system32\secur32.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\httpapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE
c:\program files\quicktime\qttask.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\version.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shell32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\ole32.dll

c:\windows\system32\msctf.dll

C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE
c:\progra~1\grisoft\avg7\avgcc.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\shlwapi.dll

c:\progra~1\grisoft\avg7\avgtmgr.dll

c:\progra~1\grisoft\avg7\avgctrl.dll

c:\progra~1\grisoft\avg7\mfc71.dll

c:\windows\system32\msvcr71.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msvfw32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\msvcp71.dll

c:\windows\system32\version.dll

c:\windows\system32\comdlg32.dll

c:\windows\system32\shfolder.dll

c:\progra~1\grisoft\avg7\avgabout.dll

c:\progra~1\grisoft\avg7\avgtest.dll

c:\progra~1\grisoft\avg7\avgtres.dll

c:\progra~1\grisoft\avg7\avgset.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\syncor11.dll

c:\progra~1\grisoft\avg7\avglog.dll

c:\windows\system32\msctf.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\program files\grisoft\avg7\avgcfg.dll

c:\program files\grisoft\avg7\avgklib.dll

c:\program files\grisoft\avg7\avglng.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\psapi.dll

c:\windows\system32\msctfime.ime

c:\program files\grisoft\avg7\avgf.dll

c:\program files\grisoft\avg7\avgres.dll

c:\program files\grisoft\avg7\avgcckrn.dll

c:\program files\grisoft\avg7\avgvault.dll

c:\program files\grisoft\avg7\avgrep.dll

c:\program files\grisoft\avg7\avgunarc.dll

c:\progra~1\grisoft\avg7\avgemsui.dll

c:\progra~1\grisoft\avg7\avgemcps.dll

C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\psapi.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\program files\grisoft\avg anti-spyware 7.5\engine.dll

c:\windows\system32\shfolder.dll

c:\windows\system32\winmm.dll

c:\windows\system32\msimg32.dll

c:\windows\system32\comdlg32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\version.dll

c:\windows\system32\imm32.dll

c:\windows\system32\syncor11.dll

c:\windows\system32\msctf.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\uxtheme.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\cscui.dll

c:\windows\system32\cscdll.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\linkinfo.dll

c:\windows\system32\ntshrui.dll

c:\windows\system32\atl.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\program files\tilt wheel mouse\multi-direction optical mouse\1.3\moudl32b.dll

C:\PROGRAM FILES\WINDOWS DEFENDER\MSASCUI.EXE
c:\program files\windows defender\msascui.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll

c:\windows\system32\msvcrt.dll

c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\program files\windows defender\mpclient.dll

c:\windows\system32\userenv.dll

c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\oleacc.dll

c:\windows\system32\msvcp60.dll

c:\program files\windows defender\msmpres.dll

c:\program files\windows defender\mprtmon.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\winhttp.dll

c:\windows\system32\urlmon.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\version.dll

c:\windows\system32\imm32.dll

c:\windows\system32\msftedit.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\uxtheme.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\secur32.dll

c:\windows\system32\msctf.dll

c:\program files\tilt wheel mouse\multi-direction optical mouse\1.3\moudl32b.dll

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
c:\program files\common files\real\update_ob\realsched.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\version.dll

c:\windows\system32\imm32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\xpsp2res.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\msctf.dll

C:\PROGRAM FILES\JAVA\JRE1.6.0_03\BIN\JUSCHED.EXE
c:\program files\java\jre1.6.0_03\bin\jusched.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\wininet.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\ole32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

C:\PROGRAM FILES\WINDOWS LIVE\MESSENGER\MSNMSGR.EXE
c:\program files\windows live\messenger\msnmsgr.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msimg32.dll

c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll

c:\program files\windows live\messenger\msncore.dll

c:\windows\system32\urlmon.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\oleacc.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\version.dll

c:\windows\system32\winmm.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\msacm32.dll

c:\program files\windows live\messenger\msidcrl40.dll

c:\windows\system32\sensapi.dll

c:\windows\system32\psapi.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\program files\windows live\messenger\contactsux.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\cryptnet.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\winhttp.dll

c:\windows\system32\userenv.dll

c:\windows\system32\secur32.dll

c:\windows\system32\syncor11.dll

c:\windows\system32\msctf.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\inetcomm.dll

c:\windows\system32\msoert2.dll

c:\windows\system32\inetres.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\mlang.dll

c:\program files\windows live\messenger\msgslang.8.5.1288.0816.dll

c:\program files\windows live\messenger\msgsres.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\es.dll

c:\program files\windows live\messenger\lcapi.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\dsound.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\msdmo.dll

c:\program files\windows live\messenger\lcres.dll

c:\program files\windows live\messenger\rtmpltfm.dll

c:\windows\system32\wdmaud.drv

c:\windows\system32\msacm32.drv

c:\windows\system32\midimap.dll

c:\windows\system32\devenum.dll

c:\windows\system32\quartz.dll

c:\windows\system32\ddraw.dll

c:\windows\system32\dciman32.dll

c:\windows\system32\d3dim700.dll

c:\windows\system32\dpnhupnp.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\schannel.dll

c:\windows\system32\msxml3.dll

c:\windows\system32\sxs.dll

c:\program files\windows live\messenger\msgswcam.dll

c:\windows\system32\sirenacm.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\rasadhlp.dll

c:\program files\windows live\messenger\lmcdata.dll

c:\program files\windows live\messenger\contact.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\dssenh.dll

c:\windows\system32\mprapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\atl.dll

c:\windows\system32\samlib.dll

c:\windows\system32\riched20.dll

c:\windows\system32\msimtf.dll

c:\windows\system32\ieframe.dll

c:\program files\windows live\messenger\dfsr.dll

c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll

c:\windows\system32\esent.dll

c:\windows\system32\wmvcore.dll

c:\windows\system32\wmasf.dll

c:\program files\windows live\messenger\custsat.dll

c:\program files\windows live\messenger\abssm.dll

c:\windows\system32\ksuser.dll

c:\windows\system32\wmadm
Shekb
Regular Member
 
Posts: 62
Joined: October 2nd, 2007, 5:51 pm

Unread postby Rogue » October 10th, 2007, 8:58 am

Hi shekb,

I would like a sample of the file that AVG Rootkit finds.

So if you could scan again with AVG Rootkit and locate the file but don't delete it.
Once you know the location and file name

Please download Suspicious File Packer from Safer-Networking.Org
http://www.safer-networking.org/files/sfp.zip and unzip it to your desktop.

Run SFP.exe.
Please copy the following lines into the Step 1: Paste Text window:

File location found by AVG Rootkit C:\WINDOWS\System32\Drivers\__________

Click Continue.
This will create a .cab file on your desktop named requested-files[Date/Time].cab


Now please submit that file to Spykiller by clicking here

  • You will be taken to a new post page (at a different forum).
  • In the topic title put Request by Rogue
  • Put in body of messege the link to our thread here. ( http://www.malwareremoval.com/forum/viewtopic.php?t=24059 )
  • Press the browse button and then navigate to & select the file on desktop. (requested-files[Date/Time].cab)
  • Press Post to upload the file

    It is normal you will not see the file you just posted because only approved members can see them to download them.

    Let me know here when you have posted. .

    *=========================*
    Also to confirm it's not a false positive do the following

    Please run a GMER Rootkit scan:

    Download GMER's application from here:
    http://www.gmer.net/gmer.zip

    Unzip it and start the GMER.exe
    Click the Rootkit tab and click the Scan button.

    Once done, click the Copy button.
    This will copy the results to your clipboard.
    Paste the results in your next reply.

    Warning ! Please, do not select the "Show all" checkbox during the scan.

    If you're having problems with running GMER.exe, try it in safe mode.
    This tools works in safe mode. Other rootkitrevealers don't.
    *=========================*

    Update AVG Anti-Spyware v7.5

    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.

If you are having problems with the updater, you can use this link to manually update AVG AntiSpyware.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.


Scan with AVG Anti-Spyware as follows:
  • Click on the "Scanner" button and choose the "Settings" tab.
  • Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
  • Under "How to Scan?", "Possibly unwanted software", and What to Scan?" leave all the default settings.
  • Under "Reports" select "Do not automatically generate report after every scan" and UNcheck "Only if threats were found".
  • Click the "Scan" tab to return to scanning options.
  • Click "Complete System Scan" to start.
  • When the scan has finished you will be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.
  • Click on "Report" button to view all completed scans.
  • Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt.
  • Save to your desktop. A copy of each report will also be saved in C:\Documents and Settings\Your User Name\Application Data\Grisoft\AVG Antispyware 7.5\Reports
  • Exit AVG Anti-Spyware when done, reboot normally and submit the log report in your next response.

*=========================*

Plase post the following;

GMER log
AVG Antispyware log
New Hijackthis log

Thanks,
Rogue
User avatar
Rogue
MRU Teacher Emeritus
 
Posts: 4782
Joined: November 3rd, 2005, 3:21 pm
Location: Salt Lake City, Utah

Posted the Request by Rogue Topic

Unread postby Shekb » October 10th, 2007, 5:38 pm

I just did what you told me to do, I posted the file you told me to post
http://www.thespykiller.co.uk/index.php ... 25.new#new

I also made the GMER log
Here it is

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-10-10 17:28:14
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.13 ----

SSDT sptd.sys ZwCreateKey
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT sptd.sys ZwOpenKey
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT sptd.sys ZwSetValueKey
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess

---- Kernel code sections - GMER 1.0.13 ----

? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload F979962C 5 Bytes JMP 82B421C8
? System32\Drivers\ajln029i.SYS The system cannot find the file specified.

---- User code sections - GMER 1.0.13 ----

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1260] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes JMP 0054213D C:\Program Files\Windows Live\Messenger\msnmsgr.exe

---- Kernel IAT/EAT - GMER 1.0.13 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F9A7E06C] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F9A7E018] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F9AA09AE] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F9A7E06C] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F9A67AD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F9A67C1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F9A67B9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F9A68748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F9A6861E] sptd.sys
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F9A7D29A] sptd.sys

---- Devices - GMER 1.0.13 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 82BDB1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 82BDB1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 82BDB1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 82BDB1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 82BDB1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 82BDB1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 82BDB1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 82BDB1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 82BDB1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 82BDB1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 82BDB1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 82BDB1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 82BDB1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 82BDB1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 82BDB1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 82BDB1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 82BDB1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 82BDB1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 82BDB1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 82BDB1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 82BDB1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 82BDB1E8

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [FA0AB404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [FA0AB404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [FA0AB404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [FA0AB404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [FA0AB404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [FA0AB404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [FA0AB404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [FA0AB404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [FA0AB404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [FA0AB404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [FA0AB404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [FA0AB404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [FA0AB404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [FA0AB404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [FA0AB404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [FA0AB404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [FA0AB404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [FA0AB404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [FA0AB404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [FA0AB404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [FA0AB404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [FA0AB404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [FA0AB404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [FA0AB404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [FA0AB404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [FA0AB404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [FA0AB404] avg7rsw.sys

Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE FFB921E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE FFB921E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ FFB921E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE FFB921E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION FFB921E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION FFB921E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA FFB921E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA FFB921E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS FFB921E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION FFB921E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION FFB921E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL FFB921E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL FFB921E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL FFB921E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN FFB921E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL FFB921E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP FFB921E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP FFB921E8
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [FA12185A] avgtdi.sys
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CREATE 82B411E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CLOSE 82B411E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 82B411E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82B411E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_POWER 82B411E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 82B411E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_PNP 82B411E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 82B6E1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 82B6E1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 82B6E1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 82B6E1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 82B6E1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 82B6E1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 82B6E1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 82B6E1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 82B6E1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 82B6E1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 82B6E1E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 82B6E1E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 82B6E1E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 82B6E1E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 82B6E1E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 82B6E1E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 82B6E1E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 82B6E1E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 82B6E1E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 82B6E1E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 82B6E1E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 82B6E1E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 82B6E1E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 82B6E1E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 82B6E1E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 82B6E1E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 82B6E1E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 82B6E1E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 82B6E1E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 82B6E1E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 82B6E1E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 82B6E1E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 82B6E1E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 82B6E1E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 82B6E1E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 82B6E1E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 82B6E1E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 82B6E1E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 82B6E1E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 82B6E1E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 82B6E1E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 82B6E1E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 82B6E1E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 82B6E1E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CREATE 82B411E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CLOSE 82B411E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 82B411E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82B411E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_POWER 82B411E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 82B411E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_PNP 82B411E8
Device \Driver\PCI_NTPNP4374 \Device\00000052 IRP_MJ_CREATE [F9A9DB0E] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000052 IRP_MJ_CREATE_NAMED_PIPE [F9A9DB0E] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000052 IRP_MJ_CLOSE [F9A9DB0E] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000052 IRP_MJ_READ [F9A9DB0E] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000052 IRP_MJ_WRITE [F9A9DB0E] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000052 IRP_MJ_QUERY_INFORMATION [F9A9DB0E] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000052 IRP_MJ_SET_INFORMATION [F9A9DB0E] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000052 IRP_MJ_QUERY_EA [F9A9DB0E] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000052 IRP_MJ_SET_EA [F9A9DB0E] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000052 IRP_MJ_FLUSH_BUFFERS [F9A9DB0E] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000052 IRP_MJ_QUERY_VOLUME_INFORMATION [F9A9DB0E] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000052 IRP_MJ_SET_VOLUME_INFORMATION [F9A9DB0E] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000052 IRP_MJ_DIRECTORY_CONTROL [F9A9DB0E] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000052 IRP_MJ_FILE_SYSTEM_CONTROL [F9A9DB0E] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000052 IRP_MJ_DEVICE_CONTROL [F9A9DB0E] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000052 IRP_MJ_INTERNAL_DEVICE_CONTROL [F9A9DB0E] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000052 IRP_MJ_SHUTDOWN [F9A9DB0E] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000052 IRP_MJ_LOCK_CONTROL [F9A9DB0E] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000052 IRP_MJ_CLEANUP [F9A9DB0E] sptd.sys
Device \Driver\PCI_NTPNP4374 \Device\00000052 IRP_
Shekb
Regular Member
 
Posts: 62
Joined: October 2nd, 2007, 5:51 pm

Unread postby Rogue » October 10th, 2007, 8:17 pm

Hi Shekb,

Download Combofix by sUBs! from
http://www.techsupportforum.com/sectool ... mboFix.exe
or
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Save it to your Desktop
Double click combofix.exe and follow the prompts.
When finished, it shall produce a log C:\ComboFix.txt
Post that log in your next reply

Note: Do not mouseclick combofix's window while it's running. That may cause it to stall
*=========================*

Post C:\ComboFix.txt
Also can you post the AVG Antispyware log please

Rogue
User avatar
Rogue
MRU Teacher Emeritus
 
Posts: 4782
Joined: November 3rd, 2005, 3:21 pm
Location: Salt Lake City, Utah

Logs

Unread postby Shekb » October 10th, 2007, 11:08 pm

Here's Combofix's log :)

ComboFix 07-10-11.1 - Sr 2007-10-10 22:56:36.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.29 [GMT -4:00]
Running from: C:\Documents and Settings\Sr\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-09-11 to 2007-10-11 )))))))))))))))))))))))))))))))
.

2007-10-10 22:55 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-10 07:08 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-07 11:25 <DIR> d-------- C:\Program Files\Common Files\Java
2007-10-06 19:17 <DIR> d-------- C:\Program Files\Incomplete
2007-10-02 17:35 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-30 22:10 <DIR> d-------- C:\Program Files\RegCleaner
2007-09-28 19:48 <DIR> d-------- C:\Documents and Settings\Sr\Incomplete
2007-09-28 19:43 <DIR> d-------- C:\Documents and Settings\Sr\.limewire
2007-09-26 16:46 <DIR> d-------- C:\Documents and Settings\Sr\Application Data\Thunderbird
2007-09-26 16:45 <DIR> d-------- C:\Program Files\Mozilla Thunderbird
2007-09-17 18:39 <DIR> d-------- C:\WINDOWS\pss
2007-09-16 17:18 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-09-15 21:45 <DIR> d-------- C:\temp\ext34942
2007-09-15 21:45 <DIR> d-------- C:\temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-10 21:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-10-07 23:29 --------- d-----w C:\Program Files\Windows Live
2007-10-07 21:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-10-07 15:27 --------- d-----w C:\Program Files\Java
2007-10-06 23:53 --------- dc----w C:\Documents and Settings\All Users\Application Data\avg7
2007-10-06 23:40 --------- d-----w C:\Program Files\LimeWire
2007-10-06 23:26 --------- d-----w C:\Documents and Settings\Sr\Application Data\AVG7
2007-10-06 14:19 --------- d-----w C:\Program Files\Microsoft Silverlight
2007-09-29 02:28 --------- d-----w C:\Program Files\Dobermann
2007-09-16 21:18 --------- d-----w C:\Program Files\Common Files\Real
2007-09-13 21:37 --------- d-----w C:\Program Files\Windows Desktop Search
2007-09-05 21:42 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2007-09-05 21:32 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-09-04 02:28 --------- d-----w C:\Program Files\Windows Media Bonus Pack for Windows XP
2007-09-03 23:47 --------- d-----w C:\Program Files\Windows Defender
2007-08-23 14:04 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-23 14:04 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-23 04:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-08-23 03:52 --------- d-----w C:\Program Files\Lavasoft
2007-08-23 03:49 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-08-21 22:29 --------- d-----w C:\Documents and Settings\Sr\Application Data\Grisoft
2007-08-21 22:21 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-08-21 22:21 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-08-21 22:21 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-08-21 22:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-08-21 15:02 691,304,544 ----a-w C:\Documents and Settings\Sr\CD.bin
2007-08-21 03:13 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-08-19 12:21 --------- d-----w C:\Documents and Settings\Sr\Application Data\GTek
2007-08-15 19:04 578,560 ----a-w C:\WINDOWS\WLXPGSS.SCR
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"anvshell"="anvshell.exe" [2003-07-23 23:19 C:\WINDOWS\anvshell.exe]
"LiveNote"="livenote.exe" [2002-07-11 05:31 C:\WINDOWS\livenote.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-19 21:34]
"nwiz"="nwiz.exe" [2005-09-19 21:35 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-09-19 21:34]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 18:15]
"MOUSE32B"="C:\Program Files\Tilt Wheel Mouse\MULTI-DIRECTION OPTICAL MOUSE\1.3\Mouse32B.exe" [2004-11-25 12:24]
"LyraHD2TrayApp"="C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe" [2005-04-18 16:35]
"SchedulingAgent"="mstinit.exe" [2004-08-04 00:56 C:\WINDOWS\system32\mstinit.exe]
"AtiPTA"="atiptaxx.exe" [2001-09-26 22:39 C:\WINDOWS\system32\atiptaxx.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-13 16:46]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-16 17:16]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-08-16 16:19]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"SchedulingAgent"=mstask.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-05-30 22:19:31]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe

R1 ANVOSDNT;ASUS Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\anvosdnt.sys
R3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
S1 ANVIOCTL;ANVIOCTL;C:\WINDOWS\system32\DRIVERS\anvioctl.sys

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-08-17 19:58:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-10-10 23:07:04 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
"2007-10-11 02:40:46 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-10-11 02:37:47 C:\WINDOWS\Tasks\wlmail.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-10 23:02:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-10 23:04:56
.
--- E O F ---
Shekb
Regular Member
 
Posts: 62
Joined: October 2nd, 2007, 5:51 pm

AVG's anti-spyware log

Unread postby Shekb » October 10th, 2007, 11:12 pm

Sorry for the double post, but I know that if I post more than 1 log at a time, it will be too big for one post and it won't all be shown :(

Nothing wrong anyway, and it was Ad-Aware from Lavasoft that had found stuff

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:56:09 PM 10/10/2007

+ Scan result:



:mozilla.126:C:\Documents and Settings\Sr\Application Data\Mozilla\Firefox\Profiles\glokrcx9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.137:C:\Documents and Settings\Sr\Application Data\Mozilla\Firefox\Profiles\glokrcx9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.138:C:\Documents and Settings\Sr\Application Data\Mozilla\Firefox\Profiles\glokrcx9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.139:C:\Documents and Settings\Sr\Application Data\Mozilla\Firefox\Profiles\glokrcx9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Sr\Cookies\sr@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.214:C:\Documents and Settings\Sr\Application Data\Mozilla\Firefox\Profiles\glokrcx9.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.215:C:\Documents and Settings\Sr\Application Data\Mozilla\Firefox\Profiles\glokrcx9.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.216:C:\Documents and Settings\Sr\Application Data\Mozilla\Firefox\Profiles\glokrcx9.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.217:C:\Documents and Settings\Sr\Application Data\Mozilla\Firefox\Profiles\glokrcx9.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Sr\Cookies\sr@rotator.its.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.145:C:\Documents and Settings\Sr\Application Data\Mozilla\Firefox\Profiles\glokrcx9.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Sr\Cookies\sr@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Sr\Cookies\sr@atdmt[3].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.11:C:\Documents and Settings\Sr\Application Data\Mozilla\Firefox\Profiles\glokrcx9.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.26:C:\Documents and Settings\Sr\Application Data\Mozilla\Firefox\Profiles\glokrcx9.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.37:C:\Documents and Settings\Sr\Application Data\Mozilla\Firefox\Profiles\glokrcx9.default\cookies.txt -> TrackingCookie.Estat : Cleaned.
:mozilla.234:C:\Documents and Settings\Sr\Application Data\Mozilla\Firefox\Profiles\glokrcx9.default\cookies.txt -> TrackingCookie.Live : Cleaned.
:mozilla.235:C:\Documents and Settings\Sr\Application Data\Mozilla\Firefox\Profiles\glokrcx9.default\cookies.txt -> TrackingCookie.Live : Cleaned.
:mozilla.236:C:\Documents and Settings\Sr\Application Data\Mozilla\Firefox\Profiles\glokrcx9.default\cookies.txt -> TrackingCookie.Live : Cleaned.
:mozilla.237:C:\Documents and Settings\Sr\Application Data\Mozilla\Firefox\Profiles\glokrcx9.default\cookies.txt -> TrackingCookie.Live : Cleaned.
:mozilla.10:C:\Documents and Settings\Sr\Application Data\Mozilla\Firefox\Profiles\glokrcx9.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.32:C:\Documents and Settings\Sr\Application Data\Mozilla\Firefox\Profiles\glokrcx9.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.7:C:\Documents and Settings\Sr\Application Data\Mozilla\Firefox\Profiles\glokrcx9.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.209:C:\Documents and Settings\Sr\Application Data\Mozilla\Firefox\Profiles\glokrcx9.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.210:C:\Documents and Settings\Sr\Application Data\Mozilla\Firefox\Profiles\glokrcx9.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.211:C:\Documents and Settings\Sr\Application Data\Mozilla\Firefox\Profiles\glokrcx9.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Sr\Cookies\sr@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.212:C:\Documents and Settings\Sr\Application Data\Mozilla\Firefox\Profiles\glokrcx9.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.213:C:\Documents and Settings\Sr\Application Data\Mozilla\Firefox\Profiles\glokrcx9.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Sr\Cookies\sr@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.149:C:\Documents and Settings\Sr\Application Data\Mozilla\Firefox\Profiles\glokrcx9.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.150:C:\Documents and Settings\Sr\Application Data\Mozilla\Firefox\Profiles\glokrcx9.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Sr\Cookies\sr@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.78:C:\Documents and Settings\Sr\Application Data\Mozilla\Firefox\Profiles\glokrcx9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.79:C:\Documents and Settings\Sr\Application Data\Mozilla\Firefox\Profiles\glokrcx9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.33:C:\Documents and Settings\Sr\Application Data\Mozilla\Firefox\Profiles\glokrcx9.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.34:C:\Documents and Settings\Sr\Application Data\Mozilla\Firefox\Profiles\glokrcx9.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Sr\Cookies\sr@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.


::Report end
Shekb
Regular Member
 
Posts: 62
Joined: October 2nd, 2007, 5:51 pm

Unread postby Rogue » October 11th, 2007, 9:24 am

Hi Shekb,

Nothing wrong anyway, and it was Ad-Aware from Lavasoft that had found stuff

AdAware found these two items. One was in system restore and was removed when we cleaned the restore points. The other is a registry entry and AdAware should have removed it.

Family Id: 1259 Name: Adware.Adssite Category: Adware TAI:5
Item Id: 59932 Value: File: C:\System Volume Information\_restore{EFA64F0E-B634-485E-8FD8-5E6178FA34F2}\RP61\A0006234.dll

Item Id: 300033882 Value: Root: HKLM Path: software\microsoft\windows\currentversion\uninstall\rightonadz


Is AVG Rootkit still finding a file?
According to GMER the last was not present. This was also confirmed by the download to Spykiller.
ComboFix did not report any new file being created that was similar.
User avatar
Rogue
MRU Teacher Emeritus
 
Posts: 4782
Joined: November 3rd, 2005, 3:21 pm
Location: Salt Lake City, Utah

Yup, AVG still seeing it

Unread postby Shekb » October 11th, 2007, 4:48 pm

AVG Anti-Rootkit is still seeing something, under another name

And I recall seeing Gmer have the same file (The one from yesterday, not today, it changes every time :shock: )

Here's today's file

C:\WINDOWS\System32\Drivers\agzdh3a9.SYS ,Hidden driver file
Shekb
Regular Member
 
Posts: 62
Joined: October 2nd, 2007, 5:51 pm

Unread postby Rogue » October 11th, 2007, 7:56 pm

Hi Shekb,

It is most likely renaming on reboot.
We need to get a sample. Scan again with AVG AntiRootkit or GMER to determine file name.
Do not allow AVG AR to delete the file if used.
Do not restart the PC. You may disconnect from the internet by unplugging your modem or router
Once file name is determined.
Do the following.
You will need to put the file path in behind each entry; Collect::, FileLook::, and Rootkit:: as in the example

Open Notepad and copy/paste the text in the quotebox below into it:
http://www.malwareremoval.com/forum/viewtopic.php?t=24059

Collect:: C:\WINDOWS\System32\Drivers\agzdh3a9.SYS

FileLook:: C:\WINDOWS\System32\Drivers\agzdh3a9.SYS

Rootkit:: C:\WINDOWS\System32\Drivers\agzdh3a9.SYS

Save this as CFScript.txt
Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.
*=========================*

This will collect a sample and send to some people for a look see
Have a look at the files properties
Delete the file and keep it in a backup folder

On your desktop will be a zip file named Collect(some other text). If you could upload the file to the Spykiller post you had previously and then let me know once that is done.
http://www.thespykiller.co.uk/index.php?topic=5025


Post Combofix.txt Do not post Combofix1.txt which we also be present
Lets hope we get a sample this way.

Thanks,

Rogue

[edit] Shekb could you also navigate to C:\WINDOWS\System32 and see if the same file name is there also. It may have an addtional number on the end and let me know. May have found some information on it....fingers crossed[/edit]
User avatar
Rogue
MRU Teacher Emeritus
 
Posts: 4782
Joined: November 3rd, 2005, 3:21 pm
Location: Salt Lake City, Utah

Unread postby Shekb » October 13th, 2007, 9:10 am

It seems I can't see the file in system 32

Here's the HJT log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:06:24 AM, on 10/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Documents and Settings\Sr\My Documents\S-C\Visual Boy\PSX\IsoBuster\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tilt Wheel Mouse\MULTI-DIRECTION OPTICAL MOUSE\1.3\Mouse32B.exe
C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.20.6.254:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MOUSE32B] C:\Program Files\Tilt Wheel Mouse\MULTI-DIRECTION OPTICAL MOUSE\1.3\Mouse32B.exe
O4 - HKLM\..\Run: [LyraHD2TrayApp] "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe"
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /firstlogon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by7fd.bay7.hotmail.msn.com/resou ... nPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/A ... tPkMSN.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/A ... gWXMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.5.0_02) -
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Documents and Settings\Sr\My Documents\S-C\Visual Boy\PSX\IsoBuster\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 11480 bytes
Shekb
Regular Member
 
Posts: 62
Joined: October 2nd, 2007, 5:51 pm
Advertisement
Register to Remove

PreviousNext

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 481 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware