Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Web hijacking & Program manager disabled

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Web hijacking & Program manager disabled

Unread postby Jay Thompson » March 18th, 2009, 11:39 am

Hi Dan, Gotcha on the protection, first things first. Thanks for all your help.

I did instruction 1 with appwiz, but Gamevance was not listed. there was a gamespy arcade.
I held off on step 2 with combofix. What would you like me to do....
Jay Thompson
Regular Member
 
Posts: 52
Joined: March 9th, 2009, 7:58 pm
Advertisement
Register to Remove

Re: Web hijacking & Program manager disabled

Unread postby dan12 » March 18th, 2009, 1:19 pm

Continue on, I will get it later.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Web hijacking & Program manager disabled

Unread postby Jay Thompson » March 18th, 2009, 3:02 pm

Im at work right now, ill continue a little later today...Thanks again Dan

Jay
Jay Thompson
Regular Member
 
Posts: 52
Joined: March 9th, 2009, 7:58 pm

Re: Web hijacking & Program manager disabled

Unread postby dan12 » March 18th, 2009, 3:07 pm

Thanks for letting me know ;)
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Web hijacking & Program manager disabled

Unread postby Jay Thompson » March 18th, 2009, 3:55 pm

Here is the log of combofix...

ComboFix 09-03-15.01 - Jay 2009-03-18 12:26:27.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.696 [GMT -7:00]
Running from: c:\documents and settings\Jay\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jay\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\docume~1\Jay\LOCALS~1\Temp\DDAC960N.SYS
c:\docume~1\Monique\LOCALS~1\Temp\ntdll64.dll
c:\windows\~tmp.INI:hfhlzx
c:\windows\~tmp.INI:zhpxx
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DDAC960N
-------\Service_DDAC960N


((((((((((((((((((((((((( Files Created from 2009-02-18 to 2009-03-18 )))))))))))))))))))))))))))))))
.

2009-03-17 16:21 . 2009-03-17 16:21 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-17 16:21 . 2009-03-17 16:21 <DIR> d-------- c:\documents and settings\Jay\Application Data\Malwarebytes
2009-03-17 16:21 . 2009-03-17 16:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-17 16:21 . 2009-02-11 10:19 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2009-03-17 16:21 . 2009-02-11 10:19 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2009-03-17 12:46 . 2009-03-17 13:22 <DIR> d-------- C:\Combo-fix

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-17 19:35 --------- d-----w c:\program files\Full Tilt Poker
2009-02-27 02:36 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-30 02:50 --------- d-----w c:\program files\iTunes
2009-01-30 02:50 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-30 02:49 --------- d-----w c:\program files\iPod
2009-01-30 02:10 --------- d-----w c:\program files\Bonjour
2009-01-30 01:41 --------- d-----w c:\program files\QuickTime
2009-01-21 21:44 --------- d-----w c:\program files\GameSpy Arcade
2009-01-21 21:37 --------- d-----w c:\program files\Bumper Wars
2008-08-29 23:19 100,888 ----a-w c:\documents and settings\Jay\Application Data\GDIPFONTCACHEV1.DAT
2008-07-22 03:08 100,888 ----a-w c:\documents and settings\Monique\Application Data\GDIPFONTCACHEV1.DAT
2004-07-26 20:22 483 ----a-w c:\program files\Shortcut to Broderbund.lnk
2004-07-26 20:22 473 ----a-w c:\program files\Shortcut to TurboTax.lnk
2007-12-06 22:32 44,360 ----a-w c:\program files\mozilla firefox\plugins\atgpcdec.dll
2007-12-06 22:32 107,928 ----a-w c:\program files\mozilla firefox\plugins\atgpcext.dll
2004-08-04 07:56 50,688 --sh--w c:\windows\twain_32.dll
2004-08-04 07:56 83,456 --sha-w c:\windows\SYSTEM32\olepro32.dll
2004-08-04 07:56 11,776 --sh--w c:\windows\SYSTEM32\regsvr32.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} ----

2008-07-04 14:35 54632 --a------ c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DifXInstall32.exe
2008-04-24 09:25 11168 --a------ c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\gearaspiwdmx86.cat
2008-04-17 14:12 319456 --a------ c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DIFxAPI.dll
2008-04-17 14:12 2761 --a------ c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\GEARAspiWDM.inf
2008-04-17 14:12 15464 --a------ c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86\GEARAspiWDM.sys
2008-04-17 14:12 107368 --a------ c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86\GEARAspi.dll


((((((((((((((((((((((((((((( SnapShot@2009-03-17_13.20.29.59 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-09 18:19:01 96,174 ----a-w c:\windows\SYSTEM32\PERFC009.DAT
+ 2009-03-17 21:07:57 96,378 ----a-w c:\windows\SYSTEM32\PERFC009.DAT
- 2009-03-09 18:19:01 506,162 ----a-w c:\windows\SYSTEM32\PERFH009.DAT
+ 2009-03-17 21:07:57 506,492 ----a-w c:\windows\SYSTEM32\PERFH009.DAT
+ 2009-03-18 19:34:44 16,384 ----atw c:\windows\temp\Perflib_Perfdata_6b4.dat
+ 2009-03-18 19:34:46 16,384 ----atw c:\windows\temp\Perflib_Perfdata_73c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S4F"="c:\program files\S4F\Filter7.exe" [2007-11-20 443008]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-28 185896]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 c:\windows\SYSTEM32\narrator.exe]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
0410C7971CD0C088370D.Xsernum 4CUN7D30Y3S0001
0410C7971CD0C088370D.Xaddr AMERICAN.DUBLIN.CA

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeper.exe" /0
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
"dlmMgr"="c:\program files\Common Files\Adobe\ESD\AdobeDownloadManager.exe" restart=1

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MMTray"=c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"DwlClient"=c:\program files\Common Files\Dell\EUSW\Support.exe
"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"S4F"="c:\program files\S4F\Filter7.exe"
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~2\UPDATE~1\isuspm.exe" -startup
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"IgfxTray"=c:\windows\system32\igfxtray.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"UMonit"=c:\windows\system32\umonit.exe
"Gamevance"=c:\program files\Gamevance\gamevance32.exe
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\iTunes\\iTunesHelper.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 BsStor;InCD Storage Helper Driver;c:\windows\SYSTEM32\DRIVERS\bsstor.sys [2003-03-23 9344]
R2 BsUDF;InCD UDF Driver;c:\windows\SYSTEM32\DRIVERS\bsudf.sys [2003-03-23 445440]
R2 MSSQL$XACTWARE;SQL Server (XACTWARE);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-09-07 29178224]
S3 fixustor;fixustor;c:\windows\SYSTEM32\DRIVERS\fixustor.sys [2007-07-25 6016]
.
Contents of the 'Scheduled Tasks' folder

2009-02-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-07-01 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2005-05-31 02:04]
.
.
------- Supplementary Scan -------
.
IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
LSP: c:\windows\system\wins4f.dll
Trusted Zone: turbotax.com
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Jay\Application Data\Mozilla\Firefox\Profiles\guj6z805.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 8081
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Google\Google Updater\2.4.1399.3742\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJPI150.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-18 12:35:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\~tmp.INI:hfhlzx 68608 bytes executable
c:\windows\~tmp.INI:zhpxx 135157 bytes executable

scan completed successfully
hidden files: 2

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4017286732-3779589640-2630038483-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:13,5f,ce,a1,01,76,15,e5,18,50,4c,df,f5,4a,aa,07,92,db,19,8d,5b,d1,fd,
c3,cc,d8,cc,ef,ff,f8,1d,96,a9,d5,5e,86,55,f1,cc,a1,f7,f7,4a,41,47,29,1e,4f,\
"??"=hex:54,9d,07,ad,00,66,86,de,98,56,c7,22,fc,e1,43,9a
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(720)
c:\windows\system\wins4f.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\SYSTEM32\wdfmgr.exe
c:\windows\SYSTEM32\MsPMSPSv.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-03-18 12:45:41 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-18 19:45:38
ComboFix2.txt 2009-03-17 22:51:43
ComboFix3.txt 2009-03-17 20:21:59

Pre-Run: 13,196,029,952 bytes free
Post-Run: 13,175,824,384 bytes free

201 --- E O F --- 2008-05-16 06:33:53
Jay Thompson
Regular Member
 
Posts: 52
Joined: March 9th, 2009, 7:58 pm

Re: Web hijacking & Program manager disabled

Unread postby dan12 » March 19th, 2009, 5:04 pm

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Code: Select all
Folder::
c:\program files\Gamevance
ADS::
c:\windows\~tmp.INI    


Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


Can you run a quick malwarebytes scan, update it before running.



Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.

Post combo report
kaspersky report
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Web hijacking & Program manager disabled

Unread postby Jay Thompson » March 20th, 2009, 2:00 am

Hey Dan.
I had trouble with kaspersky. First my Mozilla kept closing with out any error report or anything in the middle of the database download. Just disappears. After that "seemed to finish" OK, The scan took about 5 hours and then when I clicked "Save File As", Mozilla closed again and I didnt get a chance to save the log...I did notie there about 140 or objects found some of which were in quarantine folders.

Here atleast is the combofix log for now...
ANy suggestions of what might be wrong, or is there a record somewhere saved by Kaspersy or my system?

ComboFix 09-03-15.01 - Jay 2009-03-19 14:17:01.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.694 [GMT -7:00]
Running from: c:\documents and settings\Jay\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jay\Desktop\CFScript.txt
* Created a new restore point
.
ADS - ~tmp.INI: deleted 1257943 bytes in 359 streams.

((((((((((((((((((((((((( Files Created from 2009-02-19 to 2009-03-19 )))))))))))))))))))))))))))))))
.

2009-03-17 16:21 . 2009-03-17 16:21 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-17 16:21 . 2009-03-17 16:21 <DIR> d-------- c:\documents and settings\Jay\Application Data\Malwarebytes
2009-03-17 16:21 . 2009-03-17 16:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-17 16:21 . 2009-02-11 10:19 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2009-03-17 16:21 . 2009-02-11 10:19 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2009-03-17 12:46 . 2009-03-17 13:22 <DIR> d-------- C:\Combo-fix

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-19 19:55 --------- d-----w c:\program files\Full Tilt Poker
2009-02-27 02:36 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-26 21:26 63,488 ---ha-w c:\windows\SYSTEM32\BITA.tmp
2009-02-16 19:59 2,098 --sh--w c:\windows\SYSTEM32\musowewo.dll
2009-02-16 19:58 2,098 --sh--w c:\windows\SYSTEM32\zopeyero.dll
2009-02-16 07:58 2,098 --sh--w c:\windows\SYSTEM32\libopele.dll
2009-02-15 08:00 2,098 --sh--w c:\windows\SYSTEM32\yugobuku.dll
2009-02-15 07:58 2,098 --sh--w c:\windows\SYSTEM32\lamisefi.dll
2009-02-14 03:24 2,098 --sh--w c:\windows\SYSTEM32\wiliroba.dll
2009-02-14 03:23 2,098 --sh--w c:\windows\SYSTEM32\buhuzopo.dll
2009-02-12 23:47 2,098 --sh--w c:\windows\SYSTEM32\kiyajeru.dll
2009-02-11 21:57 2,098 --sh--w c:\windows\SYSTEM32\gisusuje.dll
2009-02-11 21:56 2,098 --sh--w c:\windows\SYSTEM32\yujukaku.dll
2009-02-10 15:58 2,098 --sh--w c:\windows\SYSTEM32\pinoteye.dll
2009-02-10 15:58 2,098 --sh--w c:\windows\SYSTEM32\lilofati.dll
2009-02-10 03:38 2,098 --sh--w c:\windows\SYSTEM32\pasusowi.dll
2009-02-10 03:37 2,098 --sh--w c:\windows\SYSTEM32\hiwumeku.dll
2009-02-08 20:16 2,098 --sh--w c:\windows\SYSTEM32\duzileru.dll
2009-02-07 21:00 2,098 --sh--w c:\windows\SYSTEM32\pinafadi.dll
2009-02-06 15:48 2,098 --sh--w c:\windows\SYSTEM32\gokisoso.dll
2009-02-06 15:47 2,098 --sh--w c:\windows\SYSTEM32\wehemeru.dll
2009-02-06 00:06 2,098 --sh--w c:\windows\SYSTEM32\buhedina.dll
2009-02-04 15:56 2,098 --sh--w c:\windows\SYSTEM32\werolime.dll
2009-02-03 15:50 2,098 --sh--w c:\windows\SYSTEM32\weziyolo.dll
2009-02-02 15:59 2,098 --sh--w c:\windows\SYSTEM32\monigula.dll
2009-02-01 22:32 2,098 --sh--w c:\windows\SYSTEM32\kolojebe.dll
2009-02-01 07:37 2,098 --sh--w c:\windows\SYSTEM32\nubamiko.dll
2009-01-30 22:26 2,098 --sh--w c:\windows\SYSTEM32\deyogisu.dll
2009-01-30 03:53 2,098 --sh--w c:\windows\SYSTEM32\towefuzu.dll
2009-01-30 02:50 --------- d-----w c:\program files\iTunes
2009-01-30 02:50 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-30 02:49 --------- d-----w c:\program files\iPod
2009-01-30 02:10 --------- d-----w c:\program files\Bonjour
2009-01-30 01:41 --------- d-----w c:\program files\QuickTime
2009-01-29 15:53 2,098 --sh--w c:\windows\SYSTEM32\gakemojo.dll
2009-01-28 16:05 2,098 --sh--w c:\windows\SYSTEM32\rijikoyi.dll
2009-01-28 04:03 2,098 --sh--w c:\windows\SYSTEM32\feyajute.dll
2009-01-27 16:06 2,098 --sh--w c:\windows\SYSTEM32\lenoruta.dll
2009-01-26 04:56 2,098 --sh--w c:\windows\SYSTEM32\hebowugi.dll
2009-01-23 16:05 2,098 --sh--w c:\windows\SYSTEM32\vajoneyo.dll
2009-01-23 03:57 2,098 --sh--w c:\windows\SYSTEM32\miwiyidi.dll
2009-01-22 15:59 2,098 --sh--w c:\windows\SYSTEM32\butazaji.dll
2009-01-21 21:44 --------- d-----w c:\program files\GameSpy Arcade
2009-01-21 21:37 --------- d-----w c:\program files\Bumper Wars
2009-01-21 15:35 2,098 --sh--w c:\windows\SYSTEM32\nijoroze.dll
2009-01-21 01:49 2,098 --sh--w c:\windows\SYSTEM32\zunohuwu.dll
2009-01-19 20:19 2,098 --sh--w c:\windows\SYSTEM32\geligehu.dll
2008-08-29 23:19 100,888 ----a-w c:\documents and settings\Jay\Application Data\GDIPFONTCACHEV1.DAT
2008-07-22 03:08 100,888 ----a-w c:\documents and settings\Monique\Application Data\GDIPFONTCACHEV1.DAT
2004-07-26 20:22 483 ----a-w c:\program files\Shortcut to Broderbund.lnk
2004-07-26 20:22 473 ----a-w c:\program files\Shortcut to TurboTax.lnk
2007-12-06 22:32 44,360 ----a-w c:\program files\mozilla firefox\plugins\atgpcdec.dll
2007-12-06 22:32 107,928 ----a-w c:\program files\mozilla firefox\plugins\atgpcext.dll
2004-08-04 07:56 50,688 --sh--w c:\windows\twain_32.dll
2004-08-04 07:56 83,456 --sha-w c:\windows\SYSTEM32\olepro32.dll
2004-08-04 07:56 11,776 --sh--w c:\windows\SYSTEM32\regsvr32.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-03-17_13.20.29.59 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-09 18:19:01 96,174 ----a-w c:\windows\SYSTEM32\PERFC009.DAT
+ 2009-03-17 21:07:57 96,378 ----a-w c:\windows\SYSTEM32\PERFC009.DAT
- 2009-03-09 18:19:01 506,162 ----a-w c:\windows\SYSTEM32\PERFH009.DAT
+ 2009-03-17 21:07:57 506,492 ----a-w c:\windows\SYSTEM32\PERFH009.DAT
+ 2009-03-19 21:06:29 16,384 ----atw c:\windows\temp\Perflib_Perfdata_694.dat
+ 2009-03-19 21:06:31 16,384 ----atw c:\windows\temp\Perflib_Perfdata_74c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S4F"="c:\program files\S4F\Filter7.exe" [2007-11-20 443008]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-28 185896]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 c:\windows\SYSTEM32\narrator.exe]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
0410C7971CD0C088370D.Xsernum 4CUN7D30Y3S0001
0410C7971CD0C088370D.Xaddr AMERICAN.DUBLIN.CA

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeper.exe" /0
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
"dlmMgr"="c:\program files\Common Files\Adobe\ESD\AdobeDownloadManager.exe" restart=1

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MMTray"=c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"DwlClient"=c:\program files\Common Files\Dell\EUSW\Support.exe
"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"S4F"="c:\program files\S4F\Filter7.exe"
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~2\UPDATE~1\isuspm.exe" -startup
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"IgfxTray"=c:\windows\system32\igfxtray.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"UMonit"=c:\windows\system32\umonit.exe
"Gamevance"=c:\program files\Gamevance\gamevance32.exe
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\iTunes\\iTunesHelper.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 BsStor;InCD Storage Helper Driver;c:\windows\SYSTEM32\DRIVERS\bsstor.sys [2003-03-23 9344]
R2 BsUDF;InCD UDF Driver;c:\windows\SYSTEM32\DRIVERS\bsudf.sys [2003-03-23 445440]
R2 MSSQL$XACTWARE;SQL Server (XACTWARE);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-09-07 29178224]
S3 fixustor;fixustor;c:\windows\SYSTEM32\DRIVERS\fixustor.sys [2007-07-25 6016]
.
Contents of the 'Scheduled Tasks' folder

2009-02-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-07-01 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2005-05-31 02:04]
.
.
------- Supplementary Scan -------
.
IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
LSP: c:\windows\system\wins4f.dll
Trusted Zone: turbotax.com
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Jay\Application Data\Mozilla\Firefox\Profiles\guj6z805.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 8081
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Google\Google Updater\2.4.1399.3742\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJPI150.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-19 14:23:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4017286732-3779589640-2630038483-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:13,5f,ce,a1,01,76,15,e5,18,50,4c,df,f5,4a,aa,07,92,db,19,8d,5b,d1,fd,
c3,cc,d8,cc,ef,ff,f8,1d,96,a9,d5,5e,86,55,f1,cc,a1,f7,f7,4a,41,47,29,1e,4f,\
"??"=hex:54,9d,07,ad,00,66,86,de,98,56,c7,22,fc,e1,43,9a
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(716)
c:\windows\system\wins4f.dll
.
Completion time: 2009-03-19 14:27:47
ComboFix-quarantined-files.txt 2009-03-19 21:26:43
ComboFix2.txt 2009-03-18 19:45:46
ComboFix3.txt 2009-03-17 22:51:43
ComboFix4.txt 2009-03-17 20:21:59

Pre-Run: 13,620,867,072 bytes free
Post-Run: 13,604,851,712 bytes free

205 --- E O F --- 2008-05-16 06:33:53
Jay Thompson
Regular Member
 
Posts: 52
Joined: March 9th, 2009, 7:58 pm

Re: Web hijacking & Program manager disabled

Unread postby Jay Thompson » March 20th, 2009, 4:55 pm

OK, first , please see my prior post for the combofix log.
I finially got the Kaspersky to finish...Here is that log...
Last, I am seeing some of key strokes highjacked at times, like when I logged on here. After some letters it looks like the cursor is backed up one stroke so what I type gets all jumbled...Interesting....Never seen that before....

Thanks Dan...

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, March 20, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, March 20, 2009 15:36:31
Records in database: 1939173
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 138972
Threat name: 18
Infected objects: 536
Suspicious objects: 0
Duration of the scan: 05:09:43


File name / Threat name / Threats count
C:\Documents and Settings\Jay\.housecall6.6\Quarantine\A0323637.exe.bac_a03628 Infected: not-a-virus:FraudTool.Win32.SpyDawn.a 1
C:\Documents and Settings\Jay\.housecall6.6\Quarantine\archive.jar-759a6199-715ef564.zip.bac_a03628 Infected: Trojan.Java.Binny.a 3
C:\Documents and Settings\Jay\.housecall6.6\Quarantine\xkrdk.dll.bac_a03628 Infected: not-a-virus:FraudTool.Win32.WorldSecurityOnline.e 1
C:\Documents and Settings\Monique\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\animan.class-7c13b540-19218906.class Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Monique\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms03011.jar-5b07f5ae-5df8236a.zip Infected: Trojan-Downloader.Java.OpenConnection.ao 1
C:\Documents and Settings\Monique\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms03011.jar-5b07f5ae-5df8236a.zip Infected: Trojan.Java.ClassLoader.au 1
C:\Documents and Settings\Monique\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms03011.jar-5b07f5ae-5df8236a.zip Infected: Trojan-Downloader.Java.Agent.a 1
C:\Documents and Settings\Monique\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\OP.jar-505beb86-4417056b.zip Infected: Trojan-Downloader.Java.OpenStream.ac 1
C:\Qoobox\Quarantine\C\uagxble.exe.vir Infected: Trojan-Downloader.Win32.Agent.bjge 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\dduvppfq.dll.vir Infected: Trojan.Win32.Monder.baux 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\_75f1e42e_.sys.zip Infected: Rootkit.Win32.Agent.hta 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\_UACyyqpardn_.sys.zip Infected: Rootkit.Win32.TDSS.gwh 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\hhs3ijndfd.dll.vir Infected: Trojan-Dropper.Win32.Small.cun 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\nvcilsgl.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.jly 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ruynon.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.jly 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\svoswo.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.jza 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ygimtlrm.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.jza 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1978\A0387095.dll Infected: Trojan.Win32.Monder.baux 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1978\A0387113.dll Infected: Trojan-Dropper.Win32.Small.cun 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1978\A0387139.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.jly 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1978\A0387152.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.jly 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1978\A0387154.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.jza 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1978\A0387178.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.jza 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1979\A0387357.exe Infected: Trojan-Downloader.Win32.Agent.bjge 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1979\A0387507.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1983\A0387700.INI Infected: Trojan-Downloader.Win32.WinShow.ak 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1983\A0387700.INI Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\addcq.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\adddw32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\addez.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\addfj32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\addgc32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\addhg.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\addju.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\addmc32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\addne.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\addqi32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\addqp32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\addru32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\addtg.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\addtr.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\addum.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\addvw.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\addwr32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\addxq32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\addyp.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\apian.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\apiar.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\apiav32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\apibr.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\apika32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\apime32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\apint.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\apioh32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\apipg.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\apiqt.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\apitb.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\apitq32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\apiwr.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\apixf32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\appej.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\appfk32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\appfs32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\apphq32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\appjr32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\appmn.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\appnw32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\appqk32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\appsa.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\apptj32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\appuh32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\appui.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\appuk32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\appvr32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\appwh.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\appyh32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\atlai.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\atlan32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\atlas.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\atlay.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\atlcg.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\atldp32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\atlee32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\atlgc32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\atlhb32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\atlhu.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\atljd.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\atlqd.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\atlqs32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\atlsw32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\atluc32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\atlue.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\atlvk32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\atlwm.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\atlwn32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\atlwq32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\atlwz32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\atlxx.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\crdu32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\crfz.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\crgm.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\crgv32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\crlu32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\crrd32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\cruy.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\crxa.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\d3bi32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\d3dr32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\d3kx32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\d3mf32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\d3wx32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\d3zx32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\iean32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\iefs.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\iehk.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\iehl32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\ieia32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\ieic32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\iejy.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\iekn32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\iemv32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\ieor32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\iepp.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\ierz32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\ietr.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\ieup.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\iewn32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\ieyt32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\iezu32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\ipda32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\ipdx32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\ipfc32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\iphm.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\ipir.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\iplg.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\ipnu32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\ipre32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\iprj.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\ipst.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\iptl32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\ipwi32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\ipzm.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\javaak.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\javabw32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\javacr.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\javacz32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\javadu32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\javaex32.dll.bak Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\javafc32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\javafg32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\javagv.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\javajr32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\javamx32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\javaol32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\javaoz32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\javaps.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\javapv.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\javaqf32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\javaro.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\javauo32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\javavg32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\mfcac.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\mfcbd.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\mfcbl32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\mfcbn.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\mfccm32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\mfccu.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\mfccx32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\mfccy.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\mfcdy.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\mfcfn32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\mfcgn32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\mfcgt.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\mfchq32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\mfckk32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\mfckw.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\mfclc32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\mfcmh32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\mfcoz.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\mfcpl.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\mfcqj.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\mfctt32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\mfcty32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\mfcwp32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\msak32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\msde32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\msdw32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\msfy.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\msid.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\msig32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\msiu32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\msja.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\msmz32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\msnk32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\msnt.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\mspi.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\msqp32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\msqq32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\msqx32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\msru32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\mssa.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\mssm32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\mstb.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\mstp32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\mstu32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\msul32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\msun.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\msuv.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\msvd.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\msvr.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\mswb32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\msyh32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\mszc32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\netbh.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\netbx.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\nethi.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\netjg.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\netjh32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\netkn.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\netls32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\netmd.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\netoj.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\netox.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\netpw.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\netqb32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\netql32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\nettz32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\netub32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\netuo.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\netuu32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\netvm32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\netwy.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\netyi.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\netym32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\ntaj32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\ntbs.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\ntcx.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\ntdw32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\ntet.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\nteu.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\nthd32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\nthv.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\nthz32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\ntip32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\ntla32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\ntqv32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\ntqy32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\ntst.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\ntxe32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\ntxh32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\ntxr32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\ntya.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\ntzv.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\ntzz.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\n_jroudm.dat Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\sdklt.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\sdkml.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\sdkoa32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\sdkoq32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\sdkqr32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\sdkqt.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\sdkry32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\sdkti32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\sdkxn32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\syscp32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\sysdj.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\sysfo32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\sysjj.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\sysly.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\syspp.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\sysqc32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\sysqd.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\sysqr.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\sysqy32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\syssu32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\addcq32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\addeo32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\addfm32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\addhk32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\addnu32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\addqy.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\addto.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\addum.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\adduo32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\adduz32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\addvq.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\addvz32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\addwb.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\addwe32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\addwr.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\addxx.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\apiad.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\apias.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\apibw32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\apiij.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\apiiz32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\apijq32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\apikf32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\apikg.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\apimm32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\apini32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\apioh.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\apiqq32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\apivo.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\apivz32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\apiwf32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\apiwo.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\apiwy.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\appbq.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\appca.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\appdu32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\appep32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\appiy32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\appkv.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\appkx32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\applb.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\appna32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\appol32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\appon.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\appqz.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\atlbt32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\atlce32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\atlex32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\atlyn.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\atlzb32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\atlzu.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\B7DJLPDO\725f[1].exe Infected: Backdoor.Win32.KeyStart.bc 1
C:\WINDOWS\SYSTEM32\crag32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\crbo32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\crca32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\crcp.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\crel.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\crer32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\crev32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\crgx.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\crhb.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\croe32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\croo32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\crqm32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\crqo32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\crqr32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\crsk32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\crww32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\cryp.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\d3kr32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\d3mu32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\d3nd32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\d3pp32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\d3px32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\d3qn.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\d3qt.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\d3qv.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\d3rj.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\d3ur32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\d3zf.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\ieae.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\iecs.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\ieeh.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\iefm32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\ieiy.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\iejz32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\ielp32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\iemi32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\ieoc32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\ieoz.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\ieoz32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\iepk32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\ieqo32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\ierf32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\iesv.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\iexc32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\ipcu32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\ipdg32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\ipew32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\ipfu.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\iphb.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\iphx32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\ipip32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\ipjb32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\ipjf.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\ipjj32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\ipll32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\ipok.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\ippb.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\ippd.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\ipra32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\ipre32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\iprf32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\ipsc.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\ipsk.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\ipxa32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\ipxh32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\javaaz.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\javadk32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\javadt.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\javalk.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\javaoe32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\javaoj32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\javaqi.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\javaqt32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\javasr.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\javatu.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\javavx32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\javavz32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\javayb32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\javazx32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\mfccx32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\mfcds32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\mfcej32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\mfcgf.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\mfcgu.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\mfcjf32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\mfcjh32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\mfclw.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\mfcor32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\mfcpk.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\mfcrj.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\mfcsf32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\mfcsj32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\mfczg32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\mfczx.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\msck.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\msdm.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\mslp.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\mslw.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\msmz.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\mssh.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\msti.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\msud32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\msvh32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\msws.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\msxr32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\msxv32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\mszl32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\netbi32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\netbt.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\netdl32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\netgq32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\netii32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\netjo.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\netks.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\netkv.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\netnx32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\netpl32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\netru32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\nettq32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\nettr32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\nettx.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\netug32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\netup.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\netwm32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\netxj32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\ntba32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\ntbc32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\ntcu32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\ntgb.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\nthj32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\nthy32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\ntjm.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\ntkh32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\ntkt.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\ntlf.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\ntmf32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\ntsg32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\ntyf32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\ntyq32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\ntzb.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\sdkaj32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\sdkar32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\sdkat32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\sdkfg32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\sdkgj.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\sdkkr.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\sdkma.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\sdknc32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\sdkof32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\sdkrg32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\sdkrv.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\sdksf32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\sdksj32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\sdksx32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\sdkul.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\sdkxr.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\sdkxs.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\sdkys32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\sdkyz32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\sysbg.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\sysco32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\sysfe32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\sysfv32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\syshv32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\sysij32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\sysmv32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\sysoe.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\sysoe32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\sysoy.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\sysqc32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\systg32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\sysvh.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\sysxm32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\winba32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\winbr32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\winby32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\winga.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\winhf.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\winhy32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\winjq.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\winjy32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\winki.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\winll32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\winmk.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\winvp32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\winwp32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\winwu.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\winyt.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\SYSTEM32\winyy.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\sysvl32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\sysxy32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\syszg32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\winer.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\winfw.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\winio32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\winjg32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\winjv.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\winos32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\winsc.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\winsv.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\wintc32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\wintr32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\winuh.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\winvg32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\winvh.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\winwc32.dll Infected: Trojan-Downloader.Win32.Agent.bc 1
C:\WINDOWS\winyz.dll Infected: Trojan-Downloader.Win32.Agent.bc 1

The selected area was scanned.
Jay Thompson
Regular Member
 
Posts: 52
Joined: March 9th, 2009, 7:58 pm

Re: Web hijacking & Program manager disabled

Unread postby dan12 » March 20th, 2009, 7:23 pm

Please limit your serving on the net untill we can break the back of this infection as you can see it's mutating.


Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :reg
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


Clearing Java Cache

There's some malware in your Java cache so lets clear it.
  • Press Start
  • Go to Control Panel
  • Click Java
  • Under Temporary Internet Files click Settings...
  • Now click Delete files...
  • Select both options and click OK
  • The temporary files will now be deleted.
  • When done click OK twice and close Control Panel

Delete the content of housecall6.6 quarantine folder.
-----------------------------


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Code: Select all
File::
c:\windows\SYSTEM32\BITA.tmp
c:\windows\SYSTEM32\musowewo.dll
c:\windows\SYSTEM32\zopeyero.dll
c:\windows\SYSTEM32\libopele.dll
c:\windows\SYSTEM32\yugobuku.dll
c:\windows\SYSTEM32\lamisefi.dll
c:\windows\SYSTEM32\wiliroba.dll
c:\windows\SYSTEM32\buhuzopo.dll
c:\windows\SYSTEM32\kiyajeru.dll
c:\windows\SYSTEM32\gisusuje.dll
c:\windows\SYSTEM32\yujukaku.dll
c:\windows\SYSTEM32\pinoteye.dll
c:\windows\SYSTEM32\lilofati.dll
c:\windows\SYSTEM32\pasusowi.dll
c:\windows\SYSTEM32\hiwumeku.dll
c:\windows\SYSTEM32\duzileru.dll
c:\windows\SYSTEM32\pinafadi.dll
c:\windows\SYSTEM32\gokisoso.dll
c:\windows\SYSTEM32\wehemeru.dll
c:\windows\SYSTEM32\buhedina.dll
c:\windows\SYSTEM32\werolime.dll
c:\windows\SYSTEM32\weziyolo.dll
c:\windows\SYSTEM32\monigula.dll
c:\windows\SYSTEM32\kolojebe.dll
c:\windows\SYSTEM32\nubamiko.dll
c:\windows\SYSTEM32\deyogisu.dll
c:\windows\SYSTEM32\towefuzu.dll
c:\windows\SYSTEM32\gakemojo.dll
c:\windows\SYSTEM32\rijikoyi.dll
c:\windows\SYSTEM32\feyajute.dll
c:\windows\SYSTEM32\lenoruta.dll
c:\windows\SYSTEM32\hebowugi.dll
c:\windows\SYSTEM32\vajoneyo.dll
c:\windows\SYSTEM32\miwiyidi.dll
c:\windows\SYSTEM32\butazaji.dll
c:\windows\SYSTEM32\nijoroze.dll
c:\windows\SYSTEM32\zunohuwu.dll
c:\windows\SYSTEM32\geligehu.dll
C:\WINDOWS\addcq.dll
C:\WINDOWS\adddw32.dll
C:\WINDOWS\addez.dll
C:\WINDOWS\addfj32.dll
C:\WINDOWS\addgc32.dll
C:\WINDOWS\addhg.dll
C:\WINDOWS\addju.dll
C:\WINDOWS\addmc32.dll
C:\WINDOWS\addne.dll
C:\WINDOWS\addqi32.dll
C:\WINDOWS\addqp32.dll
C:\WINDOWS\addru32.dll
C:\WINDOWS\addtg.dll
C:\WINDOWS\addtr.dll
C:\WINDOWS\addum.dll
C:\WINDOWS\addvw.dll
C:\WINDOWS\addwr32.dll
C:\WINDOWS\addxq32.dll
C:\WINDOWS\addyp.dll
C:\WINDOWS\apian.dll
C:\WINDOWS\apiar.dll
C:\WINDOWS\apiav32.dll
C:\WINDOWS\apibr.dll
C:\WINDOWS\apika32.dll
C:\WINDOWS\apime32.dll
C:\WINDOWS\apint.dll
C:\WINDOWS\apioh32.dll
C:\WINDOWS\apipg.dll
C:\WINDOWS\apiqt.dll
C:\WINDOWS\apitb.dll
C:\WINDOWS\apitq32.dll
C:\WINDOWS\apiwr.dll
C:\WINDOWS\apixf32.dll
C:\WINDOWS\appej.dll
C:\WINDOWS\appfk32.dll
C:\WINDOWS\appfs32.dll
C:\WINDOWS\apphq32.dll
C:\WINDOWS\appjr32.dll
C:\WINDOWS\appmn.dll
C:\WINDOWS\appnw32.dll
C:\WINDOWS\appqk32.dll
C:\WINDOWS\appsa.dll
C:\WINDOWS\apptj32.dll
C:\WINDOWS\appuh32.dll
C:\WINDOWS\appui.dll
C:\WINDOWS\appuk32.dll
C:\WINDOWS\appvr32.dll
C:\WINDOWS\appwh.dll
C:\WINDOWS\appyh32.dll
C:\WINDOWS\atlai.dll
C:\WINDOWS\atlan32.dll
C:\WINDOWS\atlas.dll
C:\WINDOWS\atlay.dll
C:\WINDOWS\atlcg.dll
C:\WINDOWS\atldp32.dll
C:\WINDOWS\atlee32.dll
C:\WINDOWS\atlgc32.dll
C:\WINDOWS\atlhb32.dll
C:\WINDOWS\atlhu.dll
C:\WINDOWS\atljd.dll
C:\WINDOWS\atlqd.dll
C:\WINDOWS\atlqs32.dll
C:\WINDOWS\atlsw32.dll
C:\WINDOWS\atluc32.dll
C:\WINDOWS\atlue.dll
C:\WINDOWS\atlvk32.dll
C:\WINDOWS\atlwm.dll
C:\WINDOWS\atlwn32.dll
C:\WINDOWS\atlwq32.dll
C:\WINDOWS\atlwz32.dll
C:\WINDOWS\atlxx.dll
C:\WINDOWS\crdu32.dll
C:\WINDOWS\crfz.dll
C:\WINDOWS\crgm.dll
C:\WINDOWS\crgv32.dll
C:\WINDOWS\crlu32.dll
C:\WINDOWS\crrd32.dll
C:\WINDOWS\cruy.dll
C:\WINDOWS\crxa.dll
C:\WINDOWS\d3bi32.dll
C:\WINDOWS\d3dr32.dll
C:\WINDOWS\d3kx32.dll
C:\WINDOWS\d3mf32.dll
C:\WINDOWS\d3wx32.dll
C:\WINDOWS\d3zx32.dll
C:\WINDOWS\iean32.dll
C:\WINDOWS\iefs.dll
C:\WINDOWS\iehk.dll
C:\WINDOWS\iehl32.dll
C:\WINDOWS\ieia32.dll
C:\WINDOWS\ieic32.dll
C:\WINDOWS\iejy.dll
C:\WINDOWS\iekn32.dll
C:\WINDOWS\iemv32.dll
C:\WINDOWS\ieor32.dll
C:\WINDOWS\iepp.dll
C:\WINDOWS\ierz32.dll
C:\WINDOWS\ietr.dll
C:\WINDOWS\ieup.dll
C:\WINDOWS\iewn32.dll
C:\WINDOWS\ieyt32.dll
C:\WINDOWS\iezu32.dll
C:\WINDOWS\ipda32.dll
C:\WINDOWS\ipdx32.dll
C:\WINDOWS\ipfc32.dll
C:\WINDOWS\iphm.dll
C:\WINDOWS\ipir.dll
C:\WINDOWS\iplg.dll
C:\WINDOWS\ipnu32.dll
C:\WINDOWS\ipre32.dll
C:\WINDOWS\iprj.dll
C:\WINDOWS\ipst.dll
C:\WINDOWS\iptl32.dll
C:\WINDOWS\ipwi32.dll
C:\WINDOWS\ipzm.dll
C:\WINDOWS\javaak.dll
C:\WINDOWS\javabw32.dll
C:\WINDOWS\javacr.dll
C:\WINDOWS\javacz32.dll
C:\WINDOWS\javadu32.dll
C:\WINDOWS\javaex32.dll.bak
C:\WINDOWS\javafc32.dll
C:\WINDOWS\javafg32.dll
C:\WINDOWS\javagv.dll
C:\WINDOWS\javajr32.dll
C:\WINDOWS\javamx32.dll
C:\WINDOWS\javaol32.dll
C:\WINDOWS\javaoz32.dll
C:\WINDOWS\javaps.dll
C:\WINDOWS\javapv.dll
C:\WINDOWS\javaqf32.dll
C:\WINDOWS\javaro.dll
C:\WINDOWS\javauo32.dll
C:\WINDOWS\javavg32.dll
C:\WINDOWS\mfcac.dll
C:\WINDOWS\mfcbd.dll
C:\WINDOWS\mfcbl32.dll
C:\WINDOWS\mfcbn.dll
C:\WINDOWS\mfccm32.dll
C:\WINDOWS\mfccu.dll
C:\WINDOWS\mfccx32.dll
C:\WINDOWS\mfccy.dll
C:\WINDOWS\mfcdy.dll
C:\WINDOWS\mfcfn32.dll
C:\WINDOWS\mfcgn32.dll
C:\WINDOWS\mfcgt.dll
C:\WINDOWS\mfchq32.dll
C:\WINDOWS\mfckk32.dll
C:\WINDOWS\mfckw.dll
C:\WINDOWS\mfclc32.dll
C:\WINDOWS\mfcmh32.dll
C:\WINDOWS\mfcoz.dll
C:\WINDOWS\mfcpl.dll
C:\WINDOWS\mfcqj.dll
C:\WINDOWS\mfctt32.dll
C:\WINDOWS\mfcty32.dll
C:\WINDOWS\mfcwp32.dll
C:\WINDOWS\msak32.dll
C:\WINDOWS\msde32.dll
C:\WINDOWS\msdw32.dll
C:\WINDOWS\msfy.dll
C:\WINDOWS\msid.dll
C:\WINDOWS\msig32.dll
C:\WINDOWS\msiu32.dll
C:\WINDOWS\msja.dll
C:\WINDOWS\msmz32.dll
C:\WINDOWS\msnk32.dll
C:\WINDOWS\msnt.dll
C:\WINDOWS\mspi.dll
C:\WINDOWS\msqp32.dll
C:\WINDOWS\msqq32.dll
C:\WINDOWS\msqx32.dll
C:\WINDOWS\msru32.dll
C:\WINDOWS\mssa.dll
C:\WINDOWS\mssm32.dll
C:\WINDOWS\mstb.dll
C:\WINDOWS\mstp32.dll
C:\WINDOWS\mstu32.dll
C:\WINDOWS\msul32.dll
C:\WINDOWS\msun.dll
C:\WINDOWS\msuv.dll
C:\WINDOWS\msvd.dll
C:\WINDOWS\msvr.dll
C:\WINDOWS\mswb32.dll
C:\WINDOWS\msyh32.dll
C:\WINDOWS\mszc32.dll
C:\WINDOWS\netbh.dll
C:\WINDOWS\netbx.dll
C:\WINDOWS\nethi.dll
C:\WINDOWS\netjg.dll
C:\WINDOWS\netjh32.dll
C:\WINDOWS\netkn.dll
C:\WINDOWS\netls32.dll
C:\WINDOWS\netmd.dll
C:\WINDOWS\netoj.dll
C:\WINDOWS\netox.dll
C:\WINDOWS\netpw.dll
C:\WINDOWS\netqb32.dll
C:\WINDOWS\netql32.dll
C:\WINDOWS\nettz32.dll
C:\WINDOWS\netub32.dll
C:\WINDOWS\netuo.dll
C:\WINDOWS\netuu32.dll
C:\WINDOWS\netvm32.dll
C:\WINDOWS\netwy.dll
C:\WINDOWS\netyi.dll
C:\WINDOWS\netym32.dll
C:\WINDOWS\ntaj32.dll
C:\WINDOWS\ntbs.dll
C:\WINDOWS\ntcx.dll
C:\WINDOWS\ntdw32.dll
C:\WINDOWS\ntet.dll
C:\WINDOWS\nteu.dll
C:\WINDOWS\nthd32.dll
C:\WINDOWS\nthv.dll
C:\WINDOWS\nthz32.dll
C:\WINDOWS\ntip32.dll
C:\WINDOWS\ntla32.dll
C:\WINDOWS\ntqv32.dll
C:\WINDOWS\ntqy32.dll
C:\WINDOWS\ntst.dll
C:\WINDOWS\ntxe32.dll
C:\WINDOWS\ntxh32.dll
C:\WINDOWS\ntxr32.dll
C:\WINDOWS\ntya.dll
C:\WINDOWS\ntzv.dll
C:\WINDOWS\ntzz.dll
C:\WINDOWS\n_jroudm.dat
C:\WINDOWS\sdklt.dll
C:\WINDOWS\sdkml.dll
C:\WINDOWS\sdkoa32.dll
C:\WINDOWS\sdkoq32.dll
C:\WINDOWS\sdkqr32.dll
C:\WINDOWS\sdkqt.dll
C:\WINDOWS\sdkry32.dll
C:\WINDOWS\sdkti32.dll
C:\WINDOWS\sdkxn32.dll
C:\WINDOWS\syscp32.dll
C:\WINDOWS\sysdj.dll
C:\WINDOWS\sysfo32.dll
C:\WINDOWS\sysjj.dll
C:\WINDOWS\sysly.dll
C:\WINDOWS\syspp.dll
C:\WINDOWS\sysqc32.dll
C:\WINDOWS\sysqd.dll
C:\WINDOWS\sysqr.dll
C:\WINDOWS\sysqy32.dll
C:\WINDOWS\syssu32.dll
C:\WINDOWS\SYSTEM32\addcq32.dll
C:\WINDOWS\SYSTEM32\addeo32.dll
C:\WINDOWS\SYSTEM32\addfm32.dll
C:\WINDOWS\SYSTEM32\addhk32.dll
C:\WINDOWS\SYSTEM32\addnu32.dll
C:\WINDOWS\SYSTEM32\addqy.dll
C:\WINDOWS\SYSTEM32\addto.dll
C:\WINDOWS\SYSTEM32\addum.dll
C:\WINDOWS\SYSTEM32\adduo32.dll
C:\WINDOWS\SYSTEM32\adduz32.dll
C:\WINDOWS\SYSTEM32\addvq.dll
C:\WINDOWS\SYSTEM32\addvz32.dll
C:\WINDOWS\SYSTEM32\addwb.dll
C:\WINDOWS\SYSTEM32\addwe32.dll
C:\WINDOWS\SYSTEM32\addwr.dll
C:\WINDOWS\SYSTEM32\addxx.dll
C:\WINDOWS\SYSTEM32\apiad.dll
C:\WINDOWS\SYSTEM32\apias.dll
C:\WINDOWS\SYSTEM32\apibw32.dll
C:\WINDOWS\SYSTEM32\apiij.dll
C:\WINDOWS\SYSTEM32\apiiz32.dll
C:\WINDOWS\SYSTEM32\apijq32.dll
C:\WINDOWS\SYSTEM32\apikf32.dll
C:\WINDOWS\SYSTEM32\apikg.dll
C:\WINDOWS\SYSTEM32\apimm32.dll
C:\WINDOWS\SYSTEM32\apini32.dll
C:\WINDOWS\SYSTEM32\apioh.dll
C:\WINDOWS\SYSTEM32\apiqq32.dll
C:\WINDOWS\SYSTEM32\apivo.dll
C:\WINDOWS\SYSTEM32\apivz32.dll
C:\WINDOWS\SYSTEM32\apiwf32.dll
C:\WINDOWS\SYSTEM32\apiwo.dll
C:\WINDOWS\SYSTEM32\apiwy.dll
C:\WINDOWS\SYSTEM32\appbq.dll
C:\WINDOWS\SYSTEM32\appca.dll
C:\WINDOWS\SYSTEM32\appdu32.dll
C:\WINDOWS\SYSTEM32\appep32.dll
C:\WINDOWS\SYSTEM32\appiy32.dll
C:\WINDOWS\SYSTEM32\appkv.dll
C:\WINDOWS\SYSTEM32\appkx32.dll
C:\WINDOWS\SYSTEM32\applb.dll
C:\WINDOWS\SYSTEM32\appna32.dll
C:\WINDOWS\SYSTEM32\appol32.dll
C:\WINDOWS\SYSTEM32\appon.dll
C:\WINDOWS\SYSTEM32\appqz.dll
C:\WINDOWS\SYSTEM32\atlbt32.dll
C:\WINDOWS\SYSTEM32\atlce32.dll
C:\WINDOWS\SYSTEM32\atlex32.dll
C:\WINDOWS\SYSTEM32\atlyn.dll
C:\WINDOWS\SYSTEM32\atlzb32.dll
C:\WINDOWS\SYSTEM32\atlzu.dll
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\B7DJLPDO\725f[1].exe
C:\WINDOWS\SYSTEM32\crag32.dll
C:\WINDOWS\SYSTEM32\crbo32.dll
C:\WINDOWS\SYSTEM32\crca32.dll
C:\WINDOWS\SYSTEM32\crcp.dll
C:\WINDOWS\SYSTEM32\crel.dll
C:\WINDOWS\SYSTEM32\crer32.dll
C:\WINDOWS\SYSTEM32\crev32.dll
C:\WINDOWS\SYSTEM32\crgx.dll
C:\WINDOWS\SYSTEM32\crhb.dll
C:\WINDOWS\SYSTEM32\croe32.dll
C:\WINDOWS\SYSTEM32\croo32.dll
C:\WINDOWS\SYSTEM32\crqm32.dll
C:\WINDOWS\SYSTEM32\crqo32.dll
C:\WINDOWS\SYSTEM32\crqr32.dll
C:\WINDOWS\SYSTEM32\crsk32.dll
C:\WINDOWS\SYSTEM32\crww32.dll
C:\WINDOWS\SYSTEM32\cryp.dll
C:\WINDOWS\SYSTEM32\d3kr32.dll
C:\WINDOWS\SYSTEM32\d3mu32.dll
C:\WINDOWS\SYSTEM32\d3nd32.dll
C:\WINDOWS\SYSTEM32\d3pp32.dll
C:\WINDOWS\SYSTEM32\d3px32.dll
C:\WINDOWS\SYSTEM32\d3qn.dll
C:\WINDOWS\SYSTEM32\d3qt.dll
C:\WINDOWS\SYSTEM32\d3qv.dll
C:\WINDOWS\SYSTEM32\d3rj.dll
C:\WINDOWS\SYSTEM32\d3ur32.dll
C:\WINDOWS\SYSTEM32\d3zf.dll
C:\WINDOWS\SYSTEM32\ieae.dll
C:\WINDOWS\SYSTEM32\iecs.dll
C:\WINDOWS\SYSTEM32\ieeh.dll
C:\WINDOWS\SYSTEM32\iefm32.dll
C:\WINDOWS\SYSTEM32\ieiy.dll
C:\WINDOWS\SYSTEM32\iejz32.dll
C:\WINDOWS\SYSTEM32\ielp32.dll
C:\WINDOWS\SYSTEM32\iemi32.dll
C:\WINDOWS\SYSTEM32\ieoc32.dll
C:\WINDOWS\SYSTEM32\ieoz.dll
C:\WINDOWS\SYSTEM32\ieoz32.dll
C:\WINDOWS\SYSTEM32\iepk32.dll
C:\WINDOWS\SYSTEM32\ieqo32.dll
C:\WINDOWS\SYSTEM32\ierf32.dll
C:\WINDOWS\SYSTEM32\iesv.dll
C:\WINDOWS\SYSTEM32\iexc32.dll
C:\WINDOWS\SYSTEM32\ipcu32.dll
C:\WINDOWS\SYSTEM32\ipdg32.dll
C:\WINDOWS\SYSTEM32\ipew32.dll
C:\WINDOWS\SYSTEM32\ipfu.dll
C:\WINDOWS\SYSTEM32\iphb.dll
C:\WINDOWS\SYSTEM32\iphx32.dll
C:\WINDOWS\SYSTEM32\ipip32.dll
C:\WINDOWS\SYSTEM32\ipjb32.dll
C:\WINDOWS\SYSTEM32\ipjf.dll
C:\WINDOWS\SYSTEM32\ipjj32.dll
C:\WINDOWS\SYSTEM32\ipll32.dll
C:\WINDOWS\SYSTEM32\ipok.dll
C:\WINDOWS\SYSTEM32\ippb.dll
C:\WINDOWS\SYSTEM32\ippd.dll
C:\WINDOWS\SYSTEM32\ipra32.dll
C:\WINDOWS\SYSTEM32\ipre32.dll
C:\WINDOWS\SYSTEM32\iprf32.dll
C:\WINDOWS\SYSTEM32\ipsc.dll
C:\WINDOWS\SYSTEM32\ipsk.dll
C:\WINDOWS\SYSTEM32\ipxa32.dll
C:\WINDOWS\SYSTEM32\ipxh32.dll
C:\WINDOWS\SYSTEM32\javaaz.dll
C:\WINDOWS\SYSTEM32\javadk32.dll
C:\WINDOWS\SYSTEM32\javadt.dll
C:\WINDOWS\SYSTEM32\javalk.dll
C:\WINDOWS\SYSTEM32\javaoe32.dll
C:\WINDOWS\SYSTEM32\javaoj32.dll
C:\WINDOWS\SYSTEM32\javaqi.dll
C:\WINDOWS\SYSTEM32\javaqt32.dll
C:\WINDOWS\SYSTEM32\javasr.dll
C:\WINDOWS\SYSTEM32\javatu.dll
C:\WINDOWS\SYSTEM32\javavx32.dll
C:\WINDOWS\SYSTEM32\javavz32.dll
C:\WINDOWS\SYSTEM32\javayb32.dll
C:\WINDOWS\SYSTEM32\javazx32.dll
C:\WINDOWS\SYSTEM32\mfccx32.dll
C:\WINDOWS\SYSTEM32\mfcds32.dll
C:\WINDOWS\SYSTEM32\mfcej32.dll
C:\WINDOWS\SYSTEM32\mfcgf.dll
C:\WINDOWS\SYSTEM32\mfcgu.dll
C:\WINDOWS\SYSTEM32\mfcjf32.dll
C:\WINDOWS\SYSTEM32\mfcjh32.dll
C:\WINDOWS\SYSTEM32\mfclw.dll
C:\WINDOWS\SYSTEM32\mfcor32.dll
C:\WINDOWS\SYSTEM32\mfcpk.dll
C:\WINDOWS\SYSTEM32\mfcrj.dll
C:\WINDOWS\SYSTEM32\mfcsf32.dll
C:\WINDOWS\SYSTEM32\mfcsj32.dll
C:\WINDOWS\SYSTEM32\mfczg32.dll
C:\WINDOWS\SYSTEM32\mfczx.dll
C:\WINDOWS\SYSTEM32\msck.dll
C:\WINDOWS\SYSTEM32\msdm.dll
C:\WINDOWS\SYSTEM32\mslp.dll
C:\WINDOWS\SYSTEM32\mslw.dll
C:\WINDOWS\SYSTEM32\msmz.dll
C:\WINDOWS\SYSTEM32\mssh.dll
C:\WINDOWS\SYSTEM32\msti.dll
C:\WINDOWS\SYSTEM32\msud32.dll
C:\WINDOWS\SYSTEM32\msvh32.dll
C:\WINDOWS\SYSTEM32\msws.dll
C:\WINDOWS\SYSTEM32\msxr32.dll
C:\WINDOWS\SYSTEM32\msxv32.dll
C:\WINDOWS\SYSTEM32\mszl32.dll
C:\WINDOWS\SYSTEM32\netbi32.dll
C:\WINDOWS\SYSTEM32\netbt.dll
C:\WINDOWS\SYSTEM32\netdl32.dll
C:\WINDOWS\SYSTEM32\netgq32.dll
C:\WINDOWS\SYSTEM32\netii32.dll
C:\WINDOWS\SYSTEM32\netjo.dll
C:\WINDOWS\SYSTEM32\netks.dll
C:\WINDOWS\SYSTEM32\netkv.dll
C:\WINDOWS\SYSTEM32\netnx32.dll
C:\WINDOWS\SYSTEM32\netpl32.dll
C:\WINDOWS\SYSTEM32\netru32.dll
C:\WINDOWS\SYSTEM32\nettq32.dll
C:\WINDOWS\SYSTEM32\nettr32.dll
C:\WINDOWS\SYSTEM32\nettx.dll
C:\WINDOWS\SYSTEM32\netug32.dll
C:\WINDOWS\SYSTEM32\netup.dll
C:\WINDOWS\SYSTEM32\netwm32.dll
C:\WINDOWS\SYSTEM32\netxj32.dll
C:\WINDOWS\SYSTEM32\ntba32.dll
C:\WINDOWS\SYSTEM32\ntbc32.dll
C:\WINDOWS\SYSTEM32\ntcu32.dll
C:\WINDOWS\SYSTEM32\ntgb.dll
C:\WINDOWS\SYSTEM32\nthj32.dll
C:\WINDOWS\SYSTEM32\nthy32.dll
C:\WINDOWS\SYSTEM32\ntjm.dll
C:\WINDOWS\SYSTEM32\ntkh32.dll
C:\WINDOWS\SYSTEM32\ntkt.dll
C:\WINDOWS\SYSTEM32\ntlf.dll
C:\WINDOWS\SYSTEM32\ntmf32.dll
C:\WINDOWS\SYSTEM32\ntsg32.dll
C:\WINDOWS\SYSTEM32\ntyf32.dll
C:\WINDOWS\SYSTEM32\ntyq32.dll
C:\WINDOWS\SYSTEM32\ntzb.dll
C:\WINDOWS\SYSTEM32\sdkaj32.dll
C:\WINDOWS\SYSTEM32\sdkar32.dll
C:\WINDOWS\SYSTEM32\sdkat32.dll
C:\WINDOWS\SYSTEM32\sdkfg32.dll
C:\WINDOWS\SYSTEM32\sdkgj.dll
C:\WINDOWS\SYSTEM32\sdkkr.dll
C:\WINDOWS\SYSTEM32\sdkma.dll
C:\WINDOWS\SYSTEM32\sdknc32.dll
C:\WINDOWS\SYSTEM32\sdkof32.dll
C:\WINDOWS\SYSTEM32\sdkrg32.dll
C:\WINDOWS\SYSTEM32\sdkrv.dll
C:\WINDOWS\SYSTEM32\sdksf32.dll
C:\WINDOWS\SYSTEM32\sdksj32.dll
C:\WINDOWS\SYSTEM32\sdksx32.dll
C:\WINDOWS\SYSTEM32\sdkul.dll
C:\WINDOWS\SYSTEM32\sdkxr.dll
C:\WINDOWS\SYSTEM32\sdkxs.dll
C:\WINDOWS\SYSTEM32\sdkys32.dll
C:\WINDOWS\SYSTEM32\sdkyz32.dll
C:\WINDOWS\SYSTEM32\sysbg.dll
C:\WINDOWS\SYSTEM32\sysco32.dll
C:\WINDOWS\SYSTEM32\sysfe32.dll
C:\WINDOWS\SYSTEM32\sysfv32.dll
C:\WINDOWS\SYSTEM32\syshv32.dll
C:\WINDOWS\SYSTEM32\sysij32.dll
C:\WINDOWS\SYSTEM32\sysmv32.dll
C:\WINDOWS\SYSTEM32\sysoe.dll
C:\WINDOWS\SYSTEM32\sysoe32.dll
C:\WINDOWS\SYSTEM32\sysoy.dll
C:\WINDOWS\SYSTEM32\sysqc32.dll
C:\WINDOWS\SYSTEM32\systg32.dll
C:\WINDOWS\SYSTEM32\sysvh.dll
C:\WINDOWS\SYSTEM32\sysxm32.dll
C:\WINDOWS\SYSTEM32\winba32.dll
C:\WINDOWS\SYSTEM32\winbr32.dll
C:\WINDOWS\SYSTEM32\winby32.dll
C:\WINDOWS\SYSTEM32\winga.dll
C:\WINDOWS\SYSTEM32\winhf.dll
C:\WINDOWS\SYSTEM32\winhy32.dll
C:\WINDOWS\SYSTEM32\winjq.dll
C:\WINDOWS\SYSTEM32\winjy32.dll
C:\WINDOWS\SYSTEM32\winki.dll
C:\WINDOWS\SYSTEM32\winll32.dll
C:\WINDOWS\SYSTEM32\winmk.dll
C:\WINDOWS\SYSTEM32\winvp32.dll
C:\WINDOWS\SYSTEM32\winwp32.dll
C:\WINDOWS\SYSTEM32\winwu.dll
C:\WINDOWS\SYSTEM32\winyt.dll
C:\WINDOWS\SYSTEM32\winyy.dll
C:\WINDOWS\sysvl32.dll
C:\WINDOWS\sysxy32.dll
C:\WINDOWS\syszg32.dll
C:\WINDOWS\winer.dll
C:\WINDOWS\winfw.dll
C:\WINDOWS\winio32.dll
C:\WINDOWS\winjg32.dll
C:\WINDOWS\winjv.dll
C:\WINDOWS\winos32.dll
C:\WINDOWS\winsc.dll
C:\WINDOWS\winsv.dll
C:\WINDOWS\wintc32.dll
C:\WINDOWS\wintr32.dll
C:\WINDOWS\winuh.dll
C:\WINDOWS\winvg32.dll
C:\WINDOWS\winvh.dll
C:\WINDOWS\winwc32.dll
C:\WINDOWS\winyz.dll
Folder::
c:\program files\Gamevance
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Gamevance"=-
Driver::
Gamevance
    


Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Web hijacking & Program manager disabled

Unread postby Jay Thompson » March 21st, 2009, 5:49 am

Hey Dan, here are the logs you requested...

SystemLook v1.0 by jpshortstuff (02.03.09)
Log created at 02:13 on 21/03/2009 by Jay (Administrator - Elevation successful)

========== reg ==========

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"0410C7971CD0C088370D.Xaddr"="AMERICAN.DUBLIN.CA"
"0410C7971CD0C088370D.Xsernum"="4CUN7D30Y3S0001"
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\SaslProfiles]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\SCHANNEL]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\WDigest]


-=End Of File=-

==========================================================

ComboFix 09-03-19.02 - Jay 2009-03-21 2:33:34.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.673 [GMT -7:00]
Running from: c:\documents and settings\Jay\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jay\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\addcq.dll
c:\windows\adddw32.dll
c:\windows\addez.dll
c:\windows\addfj32.dll
c:\windows\addgc32.dll
c:\windows\addhg.dll
c:\windows\addju.dll
c:\windows\addmc32.dll
c:\windows\addne.dll
c:\windows\addqi32.dll
c:\windows\addqp32.dll
c:\windows\addru32.dll
c:\windows\addtg.dll
c:\windows\addtr.dll
c:\windows\addum.dll
c:\windows\addvw.dll
c:\windows\addwr32.dll
c:\windows\addxq32.dll
c:\windows\addyp.dll
c:\windows\apian.dll
c:\windows\apiar.dll
c:\windows\apiav32.dll
c:\windows\apibr.dll
c:\windows\apika32.dll
c:\windows\apime32.dll
c:\windows\apint.dll
c:\windows\apioh32.dll
c:\windows\apipg.dll
c:\windows\apiqt.dll
c:\windows\apitb.dll
c:\windows\apitq32.dll
c:\windows\apiwr.dll
c:\windows\apixf32.dll
c:\windows\appej.dll
c:\windows\appfk32.dll
c:\windows\appfs32.dll
c:\windows\apphq32.dll
c:\windows\appjr32.dll
c:\windows\appmn.dll
c:\windows\appnw32.dll
c:\windows\appqk32.dll
c:\windows\appsa.dll
c:\windows\apptj32.dll
c:\windows\appuh32.dll
c:\windows\appui.dll
c:\windows\appuk32.dll
c:\windows\appvr32.dll
c:\windows\appwh.dll
c:\windows\appyh32.dll
c:\windows\atlai.dll
c:\windows\atlan32.dll
c:\windows\atlas.dll
c:\windows\atlay.dll
c:\windows\atlcg.dll
c:\windows\atldp32.dll
c:\windows\atlee32.dll
c:\windows\atlgc32.dll
c:\windows\atlhb32.dll
c:\windows\atlhu.dll
c:\windows\atljd.dll
c:\windows\atlqd.dll
c:\windows\atlqs32.dll
c:\windows\atlsw32.dll
c:\windows\atluc32.dll
c:\windows\atlue.dll
c:\windows\atlvk32.dll
c:\windows\atlwm.dll
c:\windows\atlwn32.dll
c:\windows\atlwq32.dll
c:\windows\atlwz32.dll
c:\windows\atlxx.dll
c:\windows\crdu32.dll
c:\windows\crfz.dll
c:\windows\crgm.dll
c:\windows\crgv32.dll
c:\windows\crlu32.dll
c:\windows\crrd32.dll
c:\windows\cruy.dll
c:\windows\crxa.dll
c:\windows\d3bi32.dll
c:\windows\d3dr32.dll
c:\windows\d3kx32.dll
c:\windows\d3mf32.dll
c:\windows\d3wx32.dll
c:\windows\d3zx32.dll
c:\windows\iean32.dll
c:\windows\iefs.dll
c:\windows\iehk.dll
c:\windows\iehl32.dll
c:\windows\ieia32.dll
c:\windows\ieic32.dll
c:\windows\iejy.dll
c:\windows\iekn32.dll
c:\windows\iemv32.dll
c:\windows\ieor32.dll
c:\windows\iepp.dll
c:\windows\ierz32.dll
c:\windows\ietr.dll
c:\windows\ieup.dll
c:\windows\iewn32.dll
c:\windows\ieyt32.dll
c:\windows\iezu32.dll
c:\windows\ipda32.dll
c:\windows\ipdx32.dll
c:\windows\ipfc32.dll
c:\windows\iphm.dll
c:\windows\ipir.dll
c:\windows\iplg.dll
c:\windows\ipnu32.dll
c:\windows\ipre32.dll
c:\windows\iprj.dll
c:\windows\ipst.dll
c:\windows\iptl32.dll
c:\windows\ipwi32.dll
c:\windows\ipzm.dll
c:\windows\javaak.dll
c:\windows\javabw32.dll
c:\windows\javacr.dll
c:\windows\javacz32.dll
c:\windows\javadu32.dll
c:\windows\javaex32.dll.bak
c:\windows\javafc32.dll
c:\windows\javafg32.dll
c:\windows\javagv.dll
c:\windows\javajr32.dll
c:\windows\javamx32.dll
c:\windows\javaol32.dll
c:\windows\javaoz32.dll
c:\windows\javaps.dll
c:\windows\javapv.dll
c:\windows\javaqf32.dll
c:\windows\javaro.dll
c:\windows\javauo32.dll
c:\windows\javavg32.dll
c:\windows\mfcac.dll
c:\windows\mfcbd.dll
c:\windows\mfcbl32.dll
c:\windows\mfcbn.dll
c:\windows\mfccm32.dll
c:\windows\mfccu.dll
c:\windows\mfccx32.dll
c:\windows\mfccy.dll
c:\windows\mfcdy.dll
c:\windows\mfcfn32.dll
c:\windows\mfcgn32.dll
c:\windows\mfcgt.dll
c:\windows\mfchq32.dll
c:\windows\mfckk32.dll
c:\windows\mfckw.dll
c:\windows\mfclc32.dll
c:\windows\mfcmh32.dll
c:\windows\mfcoz.dll
c:\windows\mfcpl.dll
c:\windows\mfcqj.dll
c:\windows\mfctt32.dll
c:\windows\mfcty32.dll
c:\windows\mfcwp32.dll
c:\windows\msak32.dll
c:\windows\msde32.dll
c:\windows\msdw32.dll
c:\windows\msfy.dll
c:\windows\msid.dll
c:\windows\msig32.dll
c:\windows\msiu32.dll
c:\windows\msja.dll
c:\windows\msmz32.dll
c:\windows\msnk32.dll
c:\windows\msnt.dll
c:\windows\mspi.dll
c:\windows\msqp32.dll
c:\windows\msqq32.dll
c:\windows\msqx32.dll
c:\windows\msru32.dll
c:\windows\mssa.dll
c:\windows\mssm32.dll
c:\windows\mstb.dll
c:\windows\mstp32.dll
c:\windows\mstu32.dll
c:\windows\msul32.dll
c:\windows\msun.dll
c:\windows\msuv.dll
c:\windows\msvd.dll
c:\windows\msvr.dll
c:\windows\mswb32.dll
c:\windows\msyh32.dll
c:\windows\mszc32.dll
c:\windows\n_jroudm.dat
c:\windows\netbh.dll
c:\windows\netbx.dll
c:\windows\nethi.dll
c:\windows\netjg.dll
c:\windows\netjh32.dll
c:\windows\netkn.dll
c:\windows\netls32.dll
c:\windows\netmd.dll
c:\windows\netoj.dll
c:\windows\netox.dll
c:\windows\netpw.dll
c:\windows\netqb32.dll
c:\windows\netql32.dll
c:\windows\nettz32.dll
c:\windows\netub32.dll
c:\windows\netuo.dll
c:\windows\netuu32.dll
c:\windows\netvm32.dll
c:\windows\netwy.dll
c:\windows\netyi.dll
c:\windows\netym32.dll
c:\windows\ntaj32.dll
c:\windows\ntbs.dll
c:\windows\ntcx.dll
c:\windows\ntdw32.dll
c:\windows\ntet.dll
c:\windows\nteu.dll
c:\windows\nthd32.dll
c:\windows\nthv.dll
c:\windows\nthz32.dll
c:\windows\ntip32.dll
c:\windows\ntla32.dll
c:\windows\ntqv32.dll
c:\windows\ntqy32.dll
c:\windows\ntst.dll
c:\windows\ntxe32.dll
c:\windows\ntxh32.dll
c:\windows\ntxr32.dll
c:\windows\ntya.dll
c:\windows\ntzv.dll
c:\windows\ntzz.dll
c:\windows\sdklt.dll
c:\windows\sdkml.dll
c:\windows\sdkoa32.dll
c:\windows\sdkoq32.dll
c:\windows\sdkqr32.dll
c:\windows\sdkqt.dll
c:\windows\sdkry32.dll
c:\windows\sdkti32.dll
c:\windows\sdkxn32.dll
c:\windows\syscp32.dll
c:\windows\sysdj.dll
c:\windows\sysfo32.dll
c:\windows\sysjj.dll
c:\windows\sysly.dll
c:\windows\syspp.dll
c:\windows\sysqc32.dll
c:\windows\sysqd.dll
c:\windows\sysqr.dll
c:\windows\sysqy32.dll
c:\windows\syssu32.dll
c:\windows\SYSTEM32\addcq32.dll
c:\windows\SYSTEM32\addeo32.dll
c:\windows\SYSTEM32\addfm32.dll
c:\windows\SYSTEM32\addhk32.dll
c:\windows\SYSTEM32\addnu32.dll
c:\windows\SYSTEM32\addqy.dll
c:\windows\SYSTEM32\addto.dll
c:\windows\SYSTEM32\addum.dll
c:\windows\SYSTEM32\adduo32.dll
c:\windows\SYSTEM32\adduz32.dll
c:\windows\SYSTEM32\addvq.dll
c:\windows\SYSTEM32\addvz32.dll
c:\windows\SYSTEM32\addwb.dll
c:\windows\SYSTEM32\addwe32.dll
c:\windows\SYSTEM32\addwr.dll
c:\windows\SYSTEM32\addxx.dll
c:\windows\SYSTEM32\apiad.dll
c:\windows\SYSTEM32\apias.dll
c:\windows\SYSTEM32\apibw32.dll
c:\windows\SYSTEM32\apiij.dll
c:\windows\SYSTEM32\apiiz32.dll
c:\windows\SYSTEM32\apijq32.dll
c:\windows\SYSTEM32\apikf32.dll
c:\windows\SYSTEM32\apikg.dll
c:\windows\SYSTEM32\apimm32.dll
c:\windows\SYSTEM32\apini32.dll
c:\windows\SYSTEM32\apioh.dll
c:\windows\SYSTEM32\apiqq32.dll
c:\windows\SYSTEM32\apivo.dll
c:\windows\SYSTEM32\apivz32.dll
c:\windows\SYSTEM32\apiwf32.dll
c:\windows\SYSTEM32\apiwo.dll
c:\windows\SYSTEM32\apiwy.dll
c:\windows\SYSTEM32\appbq.dll
c:\windows\SYSTEM32\appca.dll
c:\windows\SYSTEM32\appdu32.dll
c:\windows\SYSTEM32\appep32.dll
c:\windows\SYSTEM32\appiy32.dll
c:\windows\SYSTEM32\appkv.dll
c:\windows\SYSTEM32\appkx32.dll
c:\windows\SYSTEM32\applb.dll
c:\windows\SYSTEM32\appna32.dll
c:\windows\SYSTEM32\appol32.dll
c:\windows\SYSTEM32\appon.dll
c:\windows\SYSTEM32\appqz.dll
c:\windows\SYSTEM32\atlbt32.dll
c:\windows\SYSTEM32\atlce32.dll
c:\windows\SYSTEM32\atlex32.dll
c:\windows\SYSTEM32\atlyn.dll
c:\windows\SYSTEM32\atlzb32.dll
c:\windows\SYSTEM32\atlzu.dll
c:\windows\SYSTEM32\BITA.tmp
c:\windows\SYSTEM32\buhedina.dll
c:\windows\SYSTEM32\buhuzopo.dll
c:\windows\SYSTEM32\butazaji.dll
c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\B7DJLPDO\725f[1].exe
c:\windows\SYSTEM32\crag32.dll
c:\windows\SYSTEM32\crbo32.dll
c:\windows\SYSTEM32\crca32.dll
c:\windows\SYSTEM32\crcp.dll
c:\windows\SYSTEM32\crel.dll
c:\windows\SYSTEM32\crer32.dll
c:\windows\SYSTEM32\crev32.dll
c:\windows\SYSTEM32\crgx.dll
c:\windows\SYSTEM32\crhb.dll
c:\windows\SYSTEM32\croe32.dll
c:\windows\SYSTEM32\croo32.dll
c:\windows\SYSTEM32\crqm32.dll
c:\windows\SYSTEM32\crqo32.dll
c:\windows\SYSTEM32\crqr32.dll
c:\windows\SYSTEM32\crsk32.dll
c:\windows\SYSTEM32\crww32.dll
c:\windows\SYSTEM32\cryp.dll
c:\windows\SYSTEM32\d3kr32.dll
c:\windows\SYSTEM32\d3mu32.dll
c:\windows\SYSTEM32\d3nd32.dll
c:\windows\SYSTEM32\d3pp32.dll
c:\windows\SYSTEM32\d3px32.dll
c:\windows\SYSTEM32\d3qn.dll
c:\windows\SYSTEM32\d3qt.dll
c:\windows\SYSTEM32\d3qv.dll
c:\windows\SYSTEM32\d3rj.dll
c:\windows\SYSTEM32\d3ur32.dll
c:\windows\SYSTEM32\d3zf.dll
c:\windows\SYSTEM32\deyogisu.dll
c:\windows\SYSTEM32\duzileru.dll
c:\windows\SYSTEM32\feyajute.dll
c:\windows\SYSTEM32\gakemojo.dll
c:\windows\SYSTEM32\geligehu.dll
c:\windows\SYSTEM32\gisusuje.dll
c:\windows\SYSTEM32\gokisoso.dll
c:\windows\SYSTEM32\hebowugi.dll
c:\windows\SYSTEM32\hiwumeku.dll
c:\windows\SYSTEM32\ieae.dll
c:\windows\SYSTEM32\iecs.dll
c:\windows\SYSTEM32\ieeh.dll
c:\windows\SYSTEM32\iefm32.dll
c:\windows\SYSTEM32\ieiy.dll
c:\windows\SYSTEM32\iejz32.dll
c:\windows\SYSTEM32\ielp32.dll
c:\windows\SYSTEM32\iemi32.dll
c:\windows\SYSTEM32\ieoc32.dll
c:\windows\SYSTEM32\ieoz.dll
c:\windows\SYSTEM32\ieoz32.dll
c:\windows\SYSTEM32\iepk32.dll
c:\windows\SYSTEM32\ieqo32.dll
c:\windows\SYSTEM32\ierf32.dll
c:\windows\SYSTEM32\iesv.dll
c:\windows\SYSTEM32\iexc32.dll
c:\windows\SYSTEM32\ipcu32.dll
c:\windows\SYSTEM32\ipdg32.dll
c:\windows\SYSTEM32\ipew32.dll
c:\windows\SYSTEM32\ipfu.dll
c:\windows\SYSTEM32\iphb.dll
c:\windows\SYSTEM32\iphx32.dll
c:\windows\SYSTEM32\ipip32.dll
c:\windows\SYSTEM32\ipjb32.dll
c:\windows\SYSTEM32\ipjf.dll
c:\windows\SYSTEM32\ipjj32.dll
c:\windows\SYSTEM32\ipll32.dll
c:\windows\SYSTEM32\ipok.dll
c:\windows\SYSTEM32\ippb.dll
c:\windows\SYSTEM32\ippd.dll
c:\windows\SYSTEM32\ipra32.dll
c:\windows\SYSTEM32\ipre32.dll
c:\windows\SYSTEM32\iprf32.dll
c:\windows\SYSTEM32\ipsc.dll
c:\windows\SYSTEM32\ipsk.dll
c:\windows\SYSTEM32\ipxa32.dll
c:\windows\SYSTEM32\ipxh32.dll
c:\windows\SYSTEM32\javaaz.dll
c:\windows\SYSTEM32\javadk32.dll
c:\windows\SYSTEM32\javadt.dll
c:\windows\SYSTEM32\javalk.dll
c:\windows\SYSTEM32\javaoe32.dll
c:\windows\SYSTEM32\javaoj32.dll
c:\windows\SYSTEM32\javaqi.dll
c:\windows\SYSTEM32\javaqt32.dll
c:\windows\SYSTEM32\javasr.dll
c:\windows\SYSTEM32\javatu.dll
c:\windows\SYSTEM32\javavx32.dll
c:\windows\SYSTEM32\javavz32.dll
c:\windows\SYSTEM32\javayb32.dll
c:\windows\SYSTEM32\javazx32.dll
c:\windows\SYSTEM32\kiyajeru.dll
c:\windows\SYSTEM32\kolojebe.dll
c:\windows\SYSTEM32\lamisefi.dll
c:\windows\SYSTEM32\lenoruta.dll
c:\windows\SYSTEM32\libopele.dll
c:\windows\SYSTEM32\lilofati.dll
c:\windows\SYSTEM32\mfccx32.dll
c:\windows\SYSTEM32\mfcds32.dll
c:\windows\SYSTEM32\mfcej32.dll
c:\windows\SYSTEM32\mfcgf.dll
c:\windows\SYSTEM32\mfcgu.dll
c:\windows\SYSTEM32\mfcjf32.dll
c:\windows\SYSTEM32\mfcjh32.dll
c:\windows\SYSTEM32\mfclw.dll
c:\windows\SYSTEM32\mfcor32.dll
c:\windows\SYSTEM32\mfcpk.dll
c:\windows\SYSTEM32\mfcrj.dll
c:\windows\SYSTEM32\mfcsf32.dll
c:\windows\SYSTEM32\mfcsj32.dll
c:\windows\SYSTEM32\mfczg32.dll
c:\windows\SYSTEM32\mfczx.dll
c:\windows\SYSTEM32\miwiyidi.dll
c:\windows\SYSTEM32\monigula.dll
c:\windows\SYSTEM32\msck.dll
c:\windows\SYSTEM32\msdm.dll
c:\windows\SYSTEM32\mslp.dll
c:\windows\SYSTEM32\mslw.dll
c:\windows\SYSTEM32\msmz.dll
c:\windows\SYSTEM32\mssh.dll
c:\windows\SYSTEM32\msti.dll
c:\windows\SYSTEM32\msud32.dll
c:\windows\SYSTEM32\msvh32.dll
c:\windows\SYSTEM32\msws.dll
c:\windows\SYSTEM32\msxr32.dll
c:\windows\SYSTEM32\msxv32.dll
c:\windows\SYSTEM32\mszl32.dll
c:\windows\SYSTEM32\musowewo.dll
c:\windows\SYSTEM32\netbi32.dll
c:\windows\SYSTEM32\netbt.dll
c:\windows\SYSTEM32\netdl32.dll
c:\windows\SYSTEM32\netgq32.dll
c:\windows\SYSTEM32\netii32.dll
c:\windows\SYSTEM32\netjo.dll
c:\windows\SYSTEM32\netks.dll
c:\windows\SYSTEM32\netkv.dll
c:\windows\SYSTEM32\netnx32.dll
c:\windows\SYSTEM32\netpl32.dll
c:\windows\SYSTEM32\netru32.dll
c:\windows\SYSTEM32\nettq32.dll
c:\windows\SYSTEM32\nettr32.dll
c:\windows\SYSTEM32\nettx.dll
c:\windows\SYSTEM32\netug32.dll
c:\windows\SYSTEM32\netup.dll
c:\windows\SYSTEM32\netwm32.dll
c:\windows\SYSTEM32\netxj32.dll
c:\windows\SYSTEM32\nijoroze.dll
c:\windows\SYSTEM32\ntba32.dll
c:\windows\SYSTEM32\ntbc32.dll
c:\windows\SYSTEM32\ntcu32.dll
c:\windows\SYSTEM32\ntgb.dll
c:\windows\SYSTEM32\nthj32.dll
c:\windows\SYSTEM32\nthy32.dll
c:\windows\SYSTEM32\ntjm.dll
c:\windows\SYSTEM32\ntkh32.dll
c:\windows\SYSTEM32\ntkt.dll
c:\windows\SYSTEM32\ntlf.dll
c:\windows\SYSTEM32\ntmf32.dll
c:\windows\SYSTEM32\ntsg32.dll
c:\windows\SYSTEM32\ntyf32.dll
c:\windows\SYSTEM32\ntyq32.dll
c:\windows\SYSTEM32\ntzb.dll
c:\windows\SYSTEM32\nubamiko.dll
c:\windows\SYSTEM32\pasusowi.dll
c:\windows\SYSTEM32\pinafadi.dll
c:\windows\SYSTEM32\pinoteye.dll
c:\windows\SYSTEM32\rijikoyi.dll
c:\windows\SYSTEM32\sdkaj32.dll
c:\windows\SYSTEM32\sdkar32.dll
c:\windows\SYSTEM32\sdkat32.dll
c:\windows\SYSTEM32\sdkfg32.dll
c:\windows\SYSTEM32\sdkgj.dll
c:\windows\SYSTEM32\sdkkr.dll
c:\windows\SYSTEM32\sdkma.dll
c:\windows\SYSTEM32\sdknc32.dll
c:\windows\SYSTEM32\sdkof32.dll
c:\windows\SYSTEM32\sdkrg32.dll
c:\windows\SYSTEM32\sdkrv.dll
c:\windows\SYSTEM32\sdksf32.dll
c:\windows\SYSTEM32\sdksj32.dll
c:\windows\SYSTEM32\sdksx32.dll
c:\windows\SYSTEM32\sdkul.dll
c:\windows\SYSTEM32\sdkxr.dll
c:\windows\SYSTEM32\sdkxs.dll
c:\windows\SYSTEM32\sdkys32.dll
c:\windows\SYSTEM32\sdkyz32.dll
c:\windows\SYSTEM32\sysbg.dll
c:\windows\SYSTEM32\sysco32.dll
c:\windows\SYSTEM32\sysfe32.dll
c:\windows\SYSTEM32\sysfv32.dll
c:\windows\SYSTEM32\syshv32.dll
c:\windows\SYSTEM32\sysij32.dll
c:\windows\SYSTEM32\sysmv32.dll
c:\windows\SYSTEM32\sysoe.dll
c:\windows\SYSTEM32\sysoe32.dll
c:\windows\SYSTEM32\sysoy.dll
c:\windows\SYSTEM32\sysqc32.dll
c:\windows\SYSTEM32\systg32.dll
c:\windows\SYSTEM32\sysvh.dll
c:\windows\SYSTEM32\sysxm32.dll
c:\windows\SYSTEM32\towefuzu.dll
c:\windows\SYSTEM32\vajoneyo.dll
c:\windows\SYSTEM32\wehemeru.dll
c:\windows\SYSTEM32\werolime.dll
c:\windows\SYSTEM32\weziyolo.dll
c:\windows\SYSTEM32\wiliroba.dll
c:\windows\SYSTEM32\winba32.dll
c:\windows\SYSTEM32\winbr32.dll
c:\windows\SYSTEM32\winby32.dll
c:\windows\SYSTEM32\winga.dll
c:\windows\SYSTEM32\winhf.dll
c:\windows\SYSTEM32\winhy32.dll
c:\windows\SYSTEM32\winjq.dll
c:\windows\SYSTEM32\winjy32.dll
c:\windows\SYSTEM32\winki.dll
c:\windows\SYSTEM32\winll32.dll
c:\windows\SYSTEM32\winmk.dll
c:\windows\SYSTEM32\winvp32.dll
c:\windows\SYSTEM32\winwp32.dll
c:\windows\SYSTEM32\winwu.dll
c:\windows\SYSTEM32\winyt.dll
c:\windows\SYSTEM32\winyy.dll
c:\windows\SYSTEM32\yugobuku.dll
c:\windows\SYSTEM32\yujukaku.dll
c:\windows\SYSTEM32\zopeyero.dll
c:\windows\SYSTEM32\zunohuwu.dll
c:\windows\sysvl32.dll
c:\windows\sysxy32.dll
c:\windows\syszg32.dll
c:\windows\winer.dll
c:\windows\winfw.dll
c:\windows\winio32.dll
c:\windows\winjg32.dll
c:\windows\winjv.dll
c:\windows\winos32.dll
c:\windows\winsc.dll
c:\windows\winsv.dll
c:\windows\wintc32.dll
c:\windows\wintr32.dll
c:\windows\winuh.dll
c:\windows\winvg32.dll
c:\windows\winvh.dll
c:\windows\winwc32.dll
c:\windows\winyz.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\addcq.dll
c:\windows\adddw32.dll
c:\windows\addez.dll
c:\windows\addfj32.dll
c:\windows\addgc32.dll
c:\windows\addhg.dll
c:\windows\addju.dll
c:\windows\addmc32.dll
c:\windows\addne.dll
c:\windows\addqi32.dll
c:\windows\addqp32.dll
c:\windows\addru32.dll
c:\windows\addtg.dll
c:\windows\addtr.dll
c:\windows\addum.dll
c:\windows\addvw.dll
c:\windows\addwr32.dll
c:\windows\addxq32.dll
c:\windows\addyp.dll
c:\windows\apian.dll
c:\windows\apiar.dll
c:\windows\apiav32.dll
c:\windows\apibr.dll
c:\windows\apika32.dll
c:\windows\apime32.dll
c:\windows\apint.dll
c:\windows\apioh32.dll
c:\windows\apipg.dll
c:\windows\apiqt.dll
c:\windows\apitb.dll
c:\windows\apitq32.dll
c:\windows\apiwr.dll
c:\windows\apixf32.dll
c:\windows\appej.dll
c:\windows\appfk32.dll
c:\windows\appfs32.dll
c:\windows\apphq32.dll
c:\windows\appjr32.dll
c:\windows\appmn.dll
c:\windows\appnw32.dll
c:\windows\appqk32.dll
c:\windows\appsa.dll
c:\windows\apptj32.dll
c:\windows\appuh32.dll
c:\windows\appui.dll
c:\windows\appuk32.dll
c:\windows\appvr32.dll
c:\windows\appwh.dll
c:\windows\appyh32.dll
c:\windows\atlai.dll
c:\windows\atlan32.dll
c:\windows\atlas.dll
c:\windows\atlay.dll
c:\windows\atlcg.dll
c:\windows\atldp32.dll
c:\windows\atlee32.dll
c:\windows\atlgc32.dll
c:\windows\atlhb32.dll
c:\windows\atlhu.dll
c:\windows\atljd.dll
c:\windows\atlqd.dll
c:\windows\atlqs32.dll
c:\windows\atlsw32.dll
c:\windows\atluc32.dll
c:\windows\atlue.dll
c:\windows\atlvk32.dll
c:\windows\atlwm.dll
c:\windows\atlwn32.dll
c:\windows\atlwq32.dll
c:\windows\atlwz32.dll
c:\windows\atlxx.dll
c:\windows\crdu32.dll
c:\windows\crfz.dll
c:\windows\crgm.dll
c:\windows\crgv32.dll
c:\windows\crlu32.dll
c:\windows\crrd32.dll
c:\windows\cruy.dll
c:\windows\crxa.dll
c:\windows\d3bi32.dll
c:\windows\d3dr32.dll
c:\windows\d3kx32.dll
c:\windows\d3mf32.dll
c:\windows\d3wx32.dll
c:\windows\d3zx32.dll
c:\windows\iean32.dll
c:\windows\iefs.dll
c:\windows\iehk.dll
c:\windows\iehl32.dll
c:\windows\ieia32.dll
c:\windows\ieic32.dll
c:\windows\iejy.dll
c:\windows\iekn32.dll
c:\windows\iemv32.dll
c:\windows\ieor32.dll
c:\windows\iepp.dll
c:\windows\ierz32.dll
c:\windows\ietr.dll
c:\windows\ieup.dll
c:\windows\iewn32.dll
c:\windows\ieyt32.dll
c:\windows\iezu32.dll
c:\windows\ipda32.dll
c:\windows\ipdx32.dll
c:\windows\ipfc32.dll
c:\windows\iphm.dll
c:\windows\ipir.dll
c:\windows\iplg.dll
c:\windows\ipnu32.dll
c:\windows\ipre32.dll
c:\windows\iprj.dll
c:\windows\ipst.dll
c:\windows\iptl32.dll
c:\windows\ipwi32.dll
c:\windows\ipzm.dll
c:\windows\javaak.dll
c:\windows\javabw32.dll
c:\windows\javacr.dll
c:\windows\javacz32.dll
c:\windows\javadu32.dll
c:\windows\javaex32.dll.bak
c:\windows\javafc32.dll
c:\windows\javafg32.dll
c:\windows\javagv.dll
c:\windows\javajr32.dll
c:\windows\javamx32.dll
c:\windows\javaol32.dll
c:\windows\javaoz32.dll
c:\windows\javaps.dll
c:\windows\javapv.dll
c:\windows\javaqf32.dll
c:\windows\javaro.dll
c:\windows\javauo32.dll
c:\windows\javavg32.dll
c:\windows\mfcac.dll
c:\windows\mfcbd.dll
c:\windows\mfcbl32.dll
c:\windows\mfcbn.dll
c:\windows\mfccm32.dll
c:\windows\mfccu.dll
c:\windows\mfccx32.dll
c:\windows\mfccy.dll
c:\windows\mfcdy.dll
c:\windows\mfcfn32.dll
c:\windows\mfcgn32.dll
c:\windows\mfcgt.dll
c:\windows\mfchq32.dll
c:\windows\mfckk32.dll
c:\windows\mfckw.dll
c:\windows\mfclc32.dll
c:\windows\mfcmh32.dll
c:\windows\mfcoz.dll
c:\windows\mfcpl.dll
c:\windows\mfcqj.dll
c:\windows\mfctt32.dll
c:\windows\mfcty32.dll
c:\windows\mfcwp32.dll
c:\windows\msak32.dll
c:\windows\msde32.dll
c:\windows\msdw32.dll
c:\windows\msfy.dll
c:\windows\msid.dll
c:\windows\msig32.dll
c:\windows\msiu32.dll
c:\windows\msja.dll
c:\windows\msmz32.dll
c:\windows\msnk32.dll
c:\windows\msnt.dll
c:\windows\mspi.dll
c:\windows\msqp32.dll
c:\windows\msqq32.dll
c:\windows\msqx32.dll
c:\windows\msru32.dll
c:\windows\mssa.dll
c:\windows\mssm32.dll
c:\windows\mstb.dll
c:\windows\mstp32.dll
c:\windows\mstu32.dll
c:\windows\msul32.dll
c:\windows\msun.dll
c:\windows\msuv.dll
c:\windows\msvd.dll
c:\windows\msvr.dll
c:\windows\mswb32.dll
c:\windows\msyh32.dll
c:\windows\mszc32.dll
c:\windows\n_jroudm.dat
c:\windows\netbh.dll
c:\windows\netbx.dll
c:\windows\nethi.dll
c:\windows\netjg.dll
c:\windows\netjh32.dll
c:\windows\netkn.dll
c:\windows\netls32.dll
c:\windows\netmd.dll
c:\windows\netoj.dll
c:\windows\netox.dll
c:\windows\netpw.dll
c:\windows\netqb32.dll
c:\windows\netql32.dll
c:\windows\nettz32.dll
c:\windows\netub32.dll
c:\windows\netuo.dll
c:\windows\netuu32.dll
c:\windows\netvm32.dll
c:\windows\netwy.dll
c:\windows\netyi.dll
c:\windows\netym32.dll
c:\windows\ntaj32.dll
c:\windows\ntbs.dll
c:\windows\ntcx.dll
c:\windows\ntdw32.dll
c:\windows\ntet.dll
c:\windows\nteu.dll
c:\windows\nthd32.dll
c:\windows\nthv.dll
c:\windows\nthz32.dll
c:\windows\ntip32.dll
c:\windows\ntla32.dll
c:\windows\ntqv32.dll
c:\windows\ntqy32.dll
c:\windows\ntst.dll
c:\windows\ntxe32.dll
c:\windows\ntxh32.dll
c:\windows\ntxr32.dll
c:\windows\ntya.dll
c:\windows\ntzv.dll
c:\windows\ntzz.dll
c:\windows\sdklt.dll
c:\windows\sdkml.dll
c:\windows\sdkoa32.dll
c:\windows\sdkoq32.dll
c:\windows\sdkqr32.dll
c:\windows\sdkqt.dll
c:\windows\sdkry32.dll
c:\windows\sdkti32.dll
c:\windows\sdkxn32.dll
c:\windows\syscp32.dll
c:\windows\sysdj.dll
c:\windows\sysfo32.dll
c:\windows\sysjj.dll
c:\windows\sysly.dll
c:\windows\syspp.dll
c:\windows\sysqc32.dll
c:\windows\sysqd.dll
c:\windows\sysqr.dll
c:\windows\sysqy32.dll
c:\windows\syssu32.dll
c:\windows\SYSTEM32\addcq32.dll
c:\windows\SYSTEM32\addeo32.dll
c:\windows\SYSTEM32\addfm32.dll
c:\windows\SYSTEM32\addhk32.dll
c:\windows\SYSTEM32\addnu32.dll
c:\windows\SYSTEM32\addqy.dll
c:\windows\SYSTEM32\addto.dll
c:\windows\SYSTEM32\addum.dll
c:\windows\SYSTEM32\adduo32.dll
c:\windows\SYSTEM32\adduz32.dll
c:\windows\SYSTEM32\addvq.dll
c:\windows\SYSTEM32\addvz32.dll
c:\windows\SYSTEM32\addwb.dll
c:\windows\SYSTEM32\addwe32.dll
c:\windows\SYSTEM32\addwr.dll
c:\windows\SYSTEM32\addxx.dll
c:\windows\SYSTEM32\apiad.dll
c:\windows\SYSTEM32\apias.dll
c:\windows\SYSTEM32\apibw32.dll
c:\windows\SYSTEM32\apiij.dll
c:\windows\SYSTEM32\apiiz32.dll
c:\windows\SYSTEM32\apijq32.dll
c:\windows\SYSTEM32\apikf32.dll
c:\windows\SYSTEM32\apikg.dll
c:\windows\SYSTEM32\apimm32.dll
c:\windows\SYSTEM32\apini32.dll
c:\windows\SYSTEM32\apioh.dll
c:\windows\SYSTEM32\apiqq32.dll
c:\windows\SYSTEM32\apivo.dll
c:\windows\SYSTEM32\apivz32.dll
c:\windows\SYSTEM32\apiwf32.dll
c:\windows\SYSTEM32\apiwo.dll
c:\windows\SYSTEM32\apiwy.dll
c:\windows\SYSTEM32\appbq.dll
c:\windows\SYSTEM32\appca.dll
c:\windows\SYSTEM32\appdu32.dll
c:\windows\SYSTEM32\appep32.dll
c:\windows\SYSTEM32\appiy32.dll
c:\windows\SYSTEM32\appkv.dll
c:\windows\SYSTEM32\appkx32.dll
c:\windows\SYSTEM32\applb.dll
c:\windows\SYSTEM32\appna32.dll
c:\windows\SYSTEM32\appol32.dll
c:\windows\SYSTEM32\appon.dll
c:\windows\SYSTEM32\appqz.dll
c:\windows\SYSTEM32\atlbt32.dll
c:\windows\SYSTEM32\atlce32.dll
c:\windows\SYSTEM32\atlex32.dll
c:\windows\SYSTEM32\atlyn.dll
c:\windows\SYSTEM32\atlzb32.dll
c:\windows\SYSTEM32\atlzu.dll
c:\windows\SYSTEM32\BITA.tmp
c:\windows\SYSTEM32\buhedina.dll
c:\windows\SYSTEM32\buhuzopo.dll
c:\windows\SYSTEM32\butazaji.dll
c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\B7DJLPDO\725f[1].exe
c:\windows\SYSTEM32\crag32.dll
c:\windows\SYSTEM32\crbo32.dll
c:\windows\SYSTEM32\crca32.dll
c:\windows\SYSTEM32\crcp.dll
c:\windows\SYSTEM32\crel.dll
c:\windows\SYSTEM32\crer32.dll
c:\windows\SYSTEM32\crev32.dll
c:\windows\SYSTEM32\crgx.dll
c:\windows\SYSTEM32\crhb.dll
c:\windows\SYSTEM32\croe32.dll
c:\windows\SYSTEM32\croo32.dll
c:\windows\SYSTEM32\crqm32.dll
c:\windows\SYSTEM32\crqo32.dll
c:\windows\SYSTEM32\crqr32.dll
c:\windows\SYSTEM32\crsk32.dll
c:\windows\SYSTEM32\crww32.dll
c:\windows\SYSTEM32\cryp.dll
c:\windows\SYSTEM32\d3kr32.dll
c:\windows\SYSTEM32\d3mu32.dll
c:\windows\SYSTEM32\d3nd32.dll
c:\windows\SYSTEM32\d3pp32.dll
c:\windows\SYSTEM32\d3px32.dll
c:\windows\SYSTEM32\d3qn.dll
c:\windows\SYSTEM32\d3qt.dll
c:\windows\SYSTEM32\d3qv.dll
c:\windows\SYSTEM32\d3rj.dll
c:\windows\SYSTEM32\d3ur32.dll
c:\windows\SYSTEM32\d3zf.dll
c:\windows\SYSTEM32\deyogisu.dll
c:\windows\SYSTEM32\duzileru.dll
c:\windows\SYSTEM32\feyajute.dll
c:\windows\SYSTEM32\gakemojo.dll
c:\windows\SYSTEM32\geligehu.dll
c:\windows\SYSTEM32\gisusuje.dll
c:\windows\SYSTEM32\gokisoso.dll
c:\windows\SYSTEM32\hebowugi.dll
c:\windows\SYSTEM32\hiwumeku.dll
c:\windows\SYSTEM32\ieae.dll
c:\windows\SYSTEM32\iecs.dll
c:\windows\SYSTEM32\ieeh.dll
c:\windows\SYSTEM32\iefm32.dll
c:\windows\SYSTEM32\ieiy.dll
c:\windows\SYSTEM32\iejz32.dll
c:\windows\SYSTEM32\ielp32.dll
c:\windows\SYSTEM32\iemi32.dll
c:\windows\SYSTEM32\ieoc32.dll
c:\windows\SYSTEM32\ieoz.dll
c:\windows\SYSTEM32\ieoz32.dll
c:\windows\SYSTEM32\iepk32.dll
c:\windows\SYSTEM32\ieqo32.dll
c:\windows\SYSTEM32\ierf32.dll
c:\windows\SYSTEM32\iesv.dll
c:\windows\SYSTEM32\iexc32.dll
c:\windows\SYSTEM32\ipcu32.dll
c:\windows\SYSTEM32\ipdg32.dll
c:\windows\SYSTEM32\ipew32.dll
c:\windows\SYSTEM32\ipfu.dll
c:\windows\SYSTEM32\iphb.dll
c:\windows\SYSTEM32\iphx32.dll
c:\windows\SYSTEM32\ipip32.dll
c:\windows\SYSTEM32\ipjb32.dll
c:\windows\SYSTEM32\ipjf.dll
c:\windows\SYSTEM32\ipjj32.dll
c:\windows\SYSTEM32\ipll32.dll
c:\windows\SYSTEM32\ipok.dll
c:\windows\SYSTEM32\ippb.dll
c:\windows\SYSTEM32\ippd.dll
c:\windows\SYSTEM32\ipra32.dll
c:\windows\SYSTEM32\ipre32.dll
c:\windows\SYSTEM32\iprf32.dll
c:\windows\SYSTEM32\ipsc.dll
c:\windows\SYSTEM32\ipsk.dll
c:\windows\SYSTEM32\ipxa32.dll
c:\windows\SYSTEM32\ipxh32.dll
c:\windows\SYSTEM32\javaaz.dll
c:\windows\SYSTEM32\javadk32.dll
c:\windows\SYSTEM32\javadt.dll
c:\windows\SYSTEM32\javalk.dll
c:\windows\SYSTEM32\javaoe32.dll
c:\windows\SYSTEM32\javaoj32.dll
c:\windows\SYSTEM32\javaqi.dll
c:\windows\SYSTEM32\javaqt32.dll
c:\windows\SYSTEM32\javasr.dll
c:\windows\SYSTEM32\javatu.dll
c:\windows\SYSTEM32\javavx32.dll
c:\windows\SYSTEM32\javavz32.dll
c:\windows\SYSTEM32\javayb32.dll
c:\windows\SYSTEM32\javazx32.dll
c:\windows\SYSTEM32\kiyajeru.dll
c:\windows\SYSTEM32\kolojebe.dll
c:\windows\SYSTEM32\lamisefi.dll
c:\windows\SYSTEM32\lenoruta.dll
c:\windows\SYSTEM32\libopele.dll
c:\windows\SYSTEM32\lilofati.dll
c:\windows\SYSTEM32\mfccx32.dll
c:\windows\SYSTEM32\mfcds32.dll
c:\windows\SYSTEM32\mfcej32.dll
c:\windows\SYSTEM32\mfcgf.dll
c:\windows\SYSTEM32\mfcgu.dll
c:\windows\SYSTEM32\mfcjf32.dll
c:\windows\SYSTEM32\mfcjh32.dll
c:\windows\SYSTEM32\mfclw.dll
c:\windows\SYSTEM32\mfcor32.dll
c:\windows\SYSTEM32\mfcpk.dll
c:\windows\SYSTEM32\mfcrj.dll
c:\windows\SYSTEM32\mfcsf32.dll
c:\windows\SYSTEM32\mfcsj32.dll
c:\windows\SYSTEM32\mfczg32.dll
c:\windows\SYSTEM32\mfczx.dll
c:\windows\SYSTEM32\miwiyidi.dll
c:\windows\SYSTEM32\monigula.dll
c:\windows\SYSTEM32\msck.dll
c:\windows\SYSTEM32\msdm.dll
c:\windows\SYSTEM32\mslp.dll
c:\windows\SYSTEM32\mslw.dll
c:\windows\SYSTEM32\msmz.dll
c:\windows\SYSTEM32\mssh.dll
c:\windows\SYSTEM32\msti.dll
c:\windows\SYSTEM32\msud32.dll
c:\windows\SYSTEM32\msvh32.dll
c:\windows\SYSTEM32\msws.dll
c:\windows\SYSTEM32\msxr32.dll
c:\windows\SYSTEM32\msxv32.dll
c:\windows\SYSTEM32\mszl32.dll
c:\windows\SYSTEM32\musowewo.dll
c:\windows\SYSTEM32\netbi32.dll
c:\windows\SYSTEM32\netbt.dll
c:\windows\SYSTEM32\netdl32.dll
c:\windows\SYSTEM32\netgq32.dll
c:\windows\SYSTEM32\netii32.dll
c:\windows\SYSTEM32\netjo.dll
c:\windows\SYSTEM32\netks.dll
c:\windows\SYSTEM32\netkv.dll
c:\windows\SYSTEM32\netnx32.dll
c:\windows\SYSTEM32\netpl32.dll
c:\windows\SYSTEM32\netru32.dll
c:\windows\SYSTEM32\nettq32.dll
c:\windows\SYSTEM32\nettr32.dll
c:\windows\SYSTEM32\nettx.dll
c:\windows\SYSTEM32\netug32.dll
c:\windows\SYSTEM32\netup.dll
c:\windows\SYSTEM32\netwm32.dll
c:\windows\SYSTEM32\netxj32.dll
c:\windows\SYSTEM32\nijoroze.dll
c:\windows\SYSTEM32\ntba32.dll
c:\windows\SYSTEM32\ntbc32.dll
c:\windows\SYSTEM32\ntcu32.dll
c:\windows\SYSTEM32\ntgb.dll
c:\windows\SYSTEM32\nthj32.dll
c:\windows\SYSTEM32\nthy32.dll
c:\windows\SYSTEM32\ntjm.dll
c:\windows\SYSTEM32\ntkh32.dll
c:\windows\SYSTEM32\ntkt.dll
c:\windows\SYSTEM32\ntlf.dll
c:\windows\SYSTEM32\ntmf32.dll
c:\windows\SYSTEM32\ntsg32.dll
c:\windows\SYSTEM32\ntyf32.dll
c:\windows\SYSTEM32\ntyq32.dll
c:\windows\SYSTEM32\ntzb.dll
c:\windows\SYSTEM32\nubamiko.dll
c:\windows\SYSTEM32\pasusowi.dll
c:\windows\SYSTEM32\pinafadi.dll
c:\windows\SYSTEM32\pinoteye.dll
c:\windows\SYSTEM32\rijikoyi.dll
c:\windows\SYSTEM32\sdkaj32.dll
c:\windows\SYSTEM32\sdkar32.dll
c:\windows\SYSTEM32\sdkat32.dll
c:\windows\SYSTEM32\sdkfg32.dll
c:\windows\SYSTEM32\sdkgj.dll
c:\windows\SYSTEM32\sdkkr.dll
c:\windows\SYSTEM32\sdkma.dll
c:\windows\SYSTEM32\sdknc32.dll
c:\windows\SYSTEM32\sdkof32.dll
c:\windows\SYSTEM32\sdkrg32.dll
c:\windows\SYSTEM32\sdkrv.dll
c:\windows\SYSTEM32\sdksf32.dll
c:\windows\SYSTEM32\sdksj32.dll
c:\windows\SYSTEM32\sdksx32.dll
c:\windows\SYSTEM32\sdkul.dll
c:\windows\SYSTEM32\sdkxr.dll
c:\windows\SYSTEM32\sdkxs.dll
c:\windows\SYSTEM32\sdkys32.dll
c:\windows\SYSTEM32\sdkyz32.dll
c:\windows\SYSTEM32\sysbg.dll
c:\windows\SYSTEM32\sysco32.dll
c:\windows\SYSTEM32\sysfe32.dll
c:\windows\SYSTEM32\sysfv32.dll
c:\windows\SYSTEM32\syshv32.dll
c:\windows\SYSTEM32\sysij32.dll
c:\windows\SYSTEM32\sysmv32.dll
c:\windows\SYSTEM32\sysoe.dll
c:\windows\SYSTEM32\sysoe32.dll
c:\windows\SYSTEM32\sysoy.dll
c:\windows\SYSTEM32\sysqc32.dll
c:\windows\SYSTEM32\systg32.dll
c:\windows\SYSTEM32\sysvh.dll
c:\windows\SYSTEM32\sysxm32.dll
c:\windows\SYSTEM32\towefuzu.dll
c:\windows\SYSTEM32\vajoneyo.dll
c:\windows\SYSTEM32\wehemeru.dll
c:\windows\SYSTEM32\werolime.dll
c:\windows\SYSTEM32\weziyolo.dll
c:\windows\SYSTEM32\wiliroba.dll
c:\windows\SYSTEM32\winba32.dll
c:\windows\SYSTEM32\winbr32.dll
c:\windows\SYSTEM32\winby32.dll
c:\windows\SYSTEM32\winga.dll
c:\windows\SYSTEM32\winhf.dll
c:\windows\SYSTEM32\winhy32.dll
c:\windows\SYSTEM32\winjq.dll
c:\windows\SYSTEM32\winjy32.dll
c:\windows\SYSTEM32\winki.dll
c:\windows\SYSTEM32\winll32.dll
c:\windows\SYSTEM32\winmk.dll
c:\windows\SYSTEM32\winvp32.dll
c:\windows\SYSTEM32\winwp32.dll
c:\windows\SYSTEM32\winwu.dll
c:\windows\SYSTEM32\winyt.dll
c:\windows\SYSTEM32\winyy.dll
c:\windows\SYSTEM32\yugobuku.dll
c:\windows\SYSTEM32\yujukaku.dll
c:\windows\SYSTEM32\zopeyero.dll
c:\windows\SYSTEM32\zunohuwu.dll
c:\windows\sysvl32.dll
c:\windows\sysxy32.dll
c:\windows\syszg32.dll
c:\windows\winer.dll
c:\windows\winfw.dll
c:\windows\winio32.dll
c:\windows\winjg32.dll
c:\windows\winjv.dll
c:\windows\winos32.dll
c:\windows\winsc.dll
c:\windows\winsv.dll
c:\windows\wintc32.dll
c:\windows\wintr32.dll
c:\windows\winuh.dll
c:\windows\winvg32.dll
c:\windows\winvh.dll
c:\windows\winwc32.dll
c:\windows\winyz.dll

.
((((((((((((((((((((((((( Files Created from 2009-02-21 to 2009-03-21 )))))))))))))))))))))))))))))))
.

2009-03-17 16:21 . 2009-03-17 16:21 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-17 16:21 . 2009-03-17 16:21 <DIR> d-------- c:\documents and settings\Jay\Application Data\Malwarebytes
2009-03-17 16:21 . 2009-03-17 16:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-17 16:21 . 2009-02-11 10:19 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2009-03-17 16:21 . 2009-02-11 10:19 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2009-03-17 12:46 . 2009-03-17 13:22 <DIR> d-------- C:\Combo-fix

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-20 15:59 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-03-20 15:28 --------- d-----w c:\program files\NoAdware
2009-03-20 15:20 --------- d-----w c:\program files\Viva Media
2009-03-20 15:19 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-20 15:18 --------- d-----w c:\program files\NoAdware5.0
2009-03-20 15:18 --------- d-----w c:\program files\NoAdware3
2009-03-19 19:55 --------- d-----w c:\program files\Full Tilt Poker
2009-02-27 02:36 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-30 02:50 --------- d-----w c:\program files\iTunes
2009-01-30 02:50 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-30 02:49 --------- d-----w c:\program files\iPod
2009-01-30 02:10 --------- d-----w c:\program files\Bonjour
2009-01-30 01:41 --------- d-----w c:\program files\QuickTime
2009-01-21 21:44 --------- d-----w c:\program files\GameSpy Arcade
2009-01-21 21:37 --------- d-----w c:\program files\Bumper Wars
2008-08-29 23:19 100,888 ----a-w c:\documents and settings\Jay\Application Data\GDIPFONTCACHEV1.DAT
2008-07-22 03:08 100,888 ----a-w c:\documents and settings\Monique\Application Data\GDIPFONTCACHEV1.DAT
2004-07-26 20:22 483 ----a-w c:\program files\Shortcut to Broderbund.lnk
2004-07-26 20:22 473 ----a-w c:\program files\Shortcut to TurboTax.lnk
2007-12-06 22:32 44,360 ----a-w c:\program files\mozilla firefox\plugins\atgpcdec.dll
2007-12-06 22:32 107,928 ----a-w c:\program files\mozilla firefox\plugins\atgpcext.dll
2004-08-04 07:56 50,688 --sh--w c:\windows\twain_32.dll
2004-08-04 07:56 83,456 --sha-w c:\windows\SYSTEM32\olepro32.dll
2004-08-04 07:56 11,776 --sh--w c:\windows\SYSTEM32\regsvr32.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-03-17_13.20.29.59 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-09 18:19:01 96,174 ----a-w c:\windows\SYSTEM32\PERFC009.DAT
+ 2009-03-17 21:07:57 96,378 ----a-w c:\windows\SYSTEM32\PERFC009.DAT
- 2009-03-09 18:19:01 506,162 ----a-w c:\windows\SYSTEM32\PERFH009.DAT
+ 2009-03-17 21:07:57 506,492 ----a-w c:\windows\SYSTEM32\PERFH009.DAT
+ 2009-03-21 08:37:56 16,384 ----atw c:\windows\temp\Perflib_Perfdata_6c8.dat
+ 2009-03-21 08:37:58 16,384 ----atw c:\windows\temp\Perflib_Perfdata_758.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S4F"="c:\program files\S4F\Filter7.exe" [2007-11-20 443008]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-28 185896]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 c:\windows\SYSTEM32\narrator.exe]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
0410C7971CD0C088370D.Xsernum 4CUN7D30Y3S0001
0410C7971CD0C088370D.Xaddr AMERICAN.DUBLIN.CA

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeper.exe" /0
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
"dlmMgr"="c:\program files\Common Files\Adobe\ESD\AdobeDownloadManager.exe" restart=1

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MMTray"=c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"DwlClient"=c:\program files\Common Files\Dell\EUSW\Support.exe
"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"S4F"="c:\program files\S4F\Filter7.exe"
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~2\UPDATE~1\isuspm.exe" -startup
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"IgfxTray"=c:\windows\system32\igfxtray.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"UMonit"=c:\windows\system32\umonit.exe
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\iTunes\\iTunesHelper.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 BsStor;InCD Storage Helper Driver;c:\windows\SYSTEM32\DRIVERS\bsstor.sys [2003-03-23 9344]
R2 BsUDF;InCD UDF Driver;c:\windows\SYSTEM32\DRIVERS\bsudf.sys [2003-03-23 445440]
R2 MSSQL$XACTWARE;SQL Server (XACTWARE);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-09-07 29178224]
S3 fixustor;fixustor;c:\windows\SYSTEM32\DRIVERS\fixustor.sys [2007-07-25 6016]
.
Contents of the 'Scheduled Tasks' folder

2009-03-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-07-01 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2005-05-31 02:04]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Yahoo! Pager - c:\program files\Yahoo!\Messenger\ypager.exe


.
------- Supplementary Scan -------
.
IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
LSP: c:\windows\system\wins4f.dll
Trusted Zone: turbotax.com
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Jay\Application Data\Mozilla\Firefox\Profiles\guj6z805.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 8081
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Google\Google Updater\2.4.1399.3742\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJPI150.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-21 02:40:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4017286732-3779589640-2630038483-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:13,5f,ce,a1,01,76,15,e5,18,50,4c,df,f5,4a,aa,07,92,db,19,8d,5b,d1,fd,
c3,cc,d8,cc,ef,ff,f8,1d,96,a9,d5,5e,86,55,f1,cc,a1,f7,f7,4a,41,47,29,1e,4f,\
"??"=hex:54,9d,07,ad,00,66,86,de,98,56,c7,22,fc,e1,43,9a
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(716)
c:\windows\system\wins4f.dll
.
Completion time: 2009-03-21 2:45:04
ComboFix-quarantined-files.txt 2009-03-21 09:44:00
ComboFix2.txt 2009-03-19 21:27:52
ComboFix3.txt 2009-03-18 19:45:46
ComboFix4.txt 2009-03-17 22:51:43
ComboFix5.txt 2009-03-21 09:32:15

Pre-Run: 14,016,077,824 bytes free
Post-Run: 14,024,261,632 bytes free

1268 --- E O F --- 2008-05-16 06:33:53
Jay Thompson
Regular Member
 
Posts: 52
Joined: March 9th, 2009, 7:58 pm

Re: Web hijacking & Program manager disabled

Unread postby dan12 » March 21st, 2009, 6:02 am

Ok, I will look over the returned logs soon.In the meantime I want you to get some security on this pc before we get hit again.


You aren't running Anti Virus Software

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network.
Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:

1) Antivir PersonalEditionClassic
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.
2) avast! 4 Home Edition
-Anti-virus program for Windows.
-The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition
-Free edition of the AVG anti-virus program for Windows.



There is no sign of a Third Party Firewall installed on your system.
As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

There are several possible reasons for the Firewall not showing.
  1. You are using Windows Firewall. This is not recommended as it will only stop incoming material. It permits all outgoing traffic.
  2. You are using a hardware firewall. It should be complemented with a Third Party Software Firewall
  3. You have a firewall, but you disabled it. Please re-enable it.
  4. You don't have a firewall at all.

If you don't have a third party firewall, please get ONE firewall and install it. Restart the computer for changes to take effect.

Online Armor
Comodo Personal Firewall

Please post back a new HijackThis log after installing the firewall.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Web hijacking & Program manager disabled

Unread postby Jay Thompson » March 21st, 2009, 10:09 pm

OK, I Installed AVG free version, and Online Armor free version.

Here is the HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:06:52 PM, on 3/21/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\S4F\Filter7.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Tall Emu\Online Armor\oahlp.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Jay\Desktop\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [S4F] C:\Program Files\S4F\Filter7.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3256666875
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.c ... pi_416.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D9E74DE-34BF-43FE-AFF9-317895B44F1D}: NameServer = 68.94.156.1,68.94.157.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 6835 bytes
Jay Thompson
Regular Member
 
Posts: 52
Joined: March 9th, 2009, 7:58 pm

Re: Web hijacking & Program manager disabled

Unread postby dan12 » March 22nd, 2009, 4:42 am

That's looking more like :) how are things with the pc?

Remove Poker programs
From your log I can see you've installed poker programs. A lot of poker programs are infected/can infect you with malware.

I would advise you to go to Add/Remove programs and uninstall your poker programs.

Here are links to some poker sites regarded as safe for your reference.

* http://www.pokerstars.net/ - This is a simple play money version.
* http://www.pokerstars.com/ - This is a bigger play money and real money version.


Start > Run, type appwiz.cpl and click OK.

Uninstall the following:

NoAdware5.0
NoAdware3
Full Tilt Poker


Now close Control Panel.

___________


Run HijackThis, select Do a system scan only and place checks against the following entries (if they are still present)


O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

WITH ALL OTHER WINDOWS CLOSED Click on Fix Checked and exit





Please go into the Control Panel, Add/Remove and for now remove ALL versions of JAVA

Then run this tool to help cleanup any left over Java
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please download JavaRa and unzip it to your desktop.
***Please close any instances of Internet Explorer (or other web browser) before continuing!***
  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it back when you reply

    Then look for the following Java folders and if found delete them.
    C:\Program Files\Java
    C:\Program Files\Common Files\Java
    C:\Documents and Settings\All Users\Application Data\Java
    C:\Documents and Settings\All Users\Application Data\Sun\Java
    C:\Documents and Settings\username\Application Data\Java
    C:\Documents and Settings\username\Application Data\Sun\Java

post a fresh HJT log
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: Web hijacking & Program manager disabled

Unread postby Jay Thompson » March 22nd, 2009, 1:58 pm

I will take care of most of this a bit later today, but I did notice that noadware5 and 3 are not listed in my ad/remove programs list, and the only programs in the folders or there abouts are logs, backups and a file called noadware4_022207.na for 5 and noadware3_103107.na for 3. Not sure how to remove them?
Jay Thompson
Regular Member
 
Posts: 52
Joined: March 9th, 2009, 7:58 pm

Re: Web hijacking & Program manager disabled

Unread postby dan12 » March 22nd, 2009, 7:40 pm

Ok, I will deal with them once I've heard back from you regarding java, presently working so will catch you at some point tomorrow.
dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 387 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware