There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
Virus & Other Malware Removal
Go to first new post System Check problem
Go to first new post hijack this log ......
Go to first new post Trojan virus
Go to first new post "svchost application error 0x6fe217 ...
Go to first new post Cannot access any google sites - youtube ...
Go to first new post My computer is slowly dying
Go to first new post Trojan Hider
Go to first new post We Got System Checked :-(
Go to first new post Black desktop, missing all shortcuts, fi ...
Go to first new post Extremely unresponsive, massive hang-ups ...
Go to first new post Incredibar Removal - Support Pls!
Go to first new post need help regarding malware/spyware
Go to first new post Somethings Amiss....
Go to first new post Family Cyber Removal
Go to first new post Trojan: Win32/Alureon.FK - hijack this l ...
Tag Cloud
access acer asus batch bios bsod computer crash desktop dns driver drivers error ethernet excel freeze gaming hard drive hardware hdmi internet laptop lcd malware memory monitor motherboard mouse network printer problem ram registry router security slow software sound trojan usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Virus & Other Malware Removal >
B.exe Problem - Please Help (New)

Reply  
Thread Tools
Sumukh's Avatar
Computer Specs
Junior Member with 3 posts.
  
Join Date: Jun 2009
Experience: Beginner
25-Jun-2009, 02:38 AM #1
Smile B.exe Problem - Please Help
here's the Hijack log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:07:04 AM, on 6/25/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
G:\Program Files\Alwil Software\Avast4\ashServ.exe
G:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
G:\Program Files\Bonjour\mDNSResponder.exe
G:\WINDOWS\system32\drivers\CDAC11BA.EXE
G:\Program Files\Java\jre6\bin\jqs.exe
G:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
G:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
G:\WINDOWS\system32\nvsvc32.exe
G:\Program Files\Viewpoint\Common\ViewpointService.exe
G:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
G:\WINDOWS\msb.exe
G:\Program Files\Alwil Software\Avast4\ashWebSv.exe
G:\Program Files\Google\Google Talk\googletalk.exe
G:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
G:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
G:\WINDOWS\system32\RUNDLL32.EXE
G:\WINDOWS\RTHDCPL.EXE
G:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
G:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
G:\Program Files\iTunes\iTunesHelper.exe
G:\Program Files\Java\jre6\bin\jusched.exe
G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
G:\Program Files\Search Settings\SearchSettings.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Messenger\msmsgs.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Documents and Settings\sumukh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
G:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
G:\Program Files\iPod\bin\iPodService.exe
G:\Program Files\uTorrent\uTorrent.exe
G:\WINDOWS\system32\wuauclt.exe
G:\Documents and Settings\sumukh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
G:\Program Files\Windows Media Player\wmplayer.exe
G:\DOCUME~1\sumukh\LOCALS~1\Temp\b.exe
G:\WINDOWS\system32\rundll32.exe
G:\Documents and Settings\sumukh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
G:\Documents and Settings\sumukh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
G:\Documents and Settings\sumukh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
G:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - G:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - G:\Program Files\Search Settings\kb128\SearchSettings.dll
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - G:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - G:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - G:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - G:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - G:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - G:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - G:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - G:\Program Files\Search Settings\kb128\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - G:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - G:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - G:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - G:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - G:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - G:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [googletalk] G:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "G:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "G:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [EPSON Stylus C58 Series] G:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBHS.EXE /FU "G:\WINDOWS\TEMP\E_SD0.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [WinampAgent] "G:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NBKeyScan] "G:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [YSearchProtection] "G:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "G:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] G:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "G:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SearchSettings] G:\Program Files\Search Settings\SearchSettings.exe
O4 - HKCU\..\Run: [MSMSGS] "G:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] G:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [Google Update] "G:\Documents and Settings\sumukh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Search Protection] G:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] G:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Steam] G:\Valve\Condition Zero\Steam.exe -silent
O4 - HKCU\..\Run: [Yahoo! Pager] "G:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Cognac] G:\DOCUME~1\sumukh\LOCALS~1\Temp\b.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = G:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - G:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - G:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Apple Mobile Device - Apple Inc. - G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - G:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - G:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - G:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - G:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - G:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - G:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - G:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - G:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - G:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12681 bytes
Register for free to hide this ad!
Sumukh's Avatar
Computer Specs
Junior Member with 3 posts.
  
Join Date: Jun 2009
Experience: Beginner
25-Jun-2009, 03:21 AM #2
After doing the COMBO FIX thing: the log is :

ComboFix 09-06-23.01 - sumukh 06/25/2009 11:37.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.894.484 [GMT 5.5:30]
Running from: g:\documents and settings\sumukh\My Documents\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090624-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
g:\windows\msa.exe
g:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
g:\windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job

.
((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-06-25 )))))))))))))))))))))))))))))))
.

2009-06-25 06:01 . 2009-06-25 06:01 -------- dc----w- g:\windows\system32\dllcache\cache
2009-06-25 05:36 . 2009-06-25 05:36 -------- d-----w- g:\program files\Trend Micro
2009-06-25 05:03 . 2009-06-25 05:03 -------- d-----w- g:\program files\CCleaner
2009-06-25 03:21 . 2009-06-24 11:14 128516 ----a-w- g:\windows\msb.exe
2009-06-24 14:04 . 2009-06-24 14:04 -------- d-----w- g:\program files\AnalogX
2009-06-22 16:27 . 2009-06-22 16:27 -------- d-----w- g:\documents and settings\mom\Application Data\Search Settings
2009-06-22 16:27 . 2009-06-22 16:27 -------- d-----w- g:\documents and settings\mom\Application Data\Dealio
2009-06-22 14:55 . 2009-06-22 14:55 -------- d-----w- g:\docume~1\sumukh\APPLIC~1\Search Settings
2009-06-22 14:55 . 2009-06-22 14:55 -------- d-----w- g:\docume~1\sumukh\APPLIC~1\Dealio
2009-06-22 13:43 . 2009-06-22 13:43 262144 ----a-w- G:\ntuser.dat
2009-06-21 17:27 . 2009-06-21 17:27 -------- d-----w- g:\documents and settings\sumukh\Local Settings\Application Data\AVNEX_Ltd._(CY)
2009-06-21 17:27 . 2009-06-21 17:27 -------- d-----w- g:\program files\Search Settings
2009-06-21 17:27 . 2009-06-21 17:27 -------- d-----w- g:\program files\Dealio Toolbar
2009-06-21 17:19 . 2009-06-24 13:47 -------- d-----w- g:\program files\AV Music Morpher Gold
2009-06-21 13:42 . 2009-02-05 21:06 51376 ----a-w- g:\windows\system32\drivers\aswTdi.sys
2009-06-21 13:42 . 2009-02-05 21:06 23152 ----a-w- g:\windows\system32\drivers\aswRdr.sys
2009-06-21 13:42 . 2009-02-05 21:05 26944 ----a-w- g:\windows\system32\drivers\aavmker4.sys
2009-06-21 13:42 . 2009-02-05 21:04 97480 ----a-w- g:\windows\system32\AvastSS.scr
2009-06-21 13:42 . 2009-02-05 21:08 93296 ----a-w- g:\windows\system32\drivers\aswmon.sys
2009-06-21 13:42 . 2009-02-05 21:08 94032 ----a-w- g:\windows\system32\drivers\aswmon2.sys
2009-06-21 13:42 . 2009-02-05 21:07 114768 ----a-w- g:\windows\system32\drivers\aswSP.sys
2009-06-21 13:42 . 2009-02-05 21:07 20560 ----a-w- g:\windows\system32\drivers\aswFsBlk.sys
2009-06-21 13:42 . 2009-02-05 21:11 1256296 ----a-w- g:\windows\system32\aswBoot.exe
2009-06-21 13:42 . 2009-06-21 13:42 -------- d-----w- g:\program files\Alwil Software
2009-06-21 13:18 . 2009-06-21 13:18 -------- d--h--r- g:\docume~1\sumukh\APPLIC~1\SecuROM
2009-06-19 14:14 . 2009-06-19 14:14 -------- d-----w- g:\program files\Audacity 1.3 Beta (Unicode)
2009-06-17 06:05 . 2009-06-17 06:05 -------- d-----w- g:\program files\steinberg
2009-06-17 05:20 . 2009-06-17 05:20 -------- d-----w- g:\program files\AudioShell
2009-06-14 13:44 . 2009-06-17 05:59 -------- d-----w- g:\program files\LUXONIX
2009-06-07 09:29 . 2009-06-07 09:29 -------- d-----w- g:\docume~1\sumukh\APPLIC~1\Antares
2009-06-06 15:29 . 2009-06-06 15:29 -------- d-----w- g:\program files\Common Files\Digidesign
2009-06-06 15:29 . 2009-06-06 15:29 -------- d-----w- g:\program files\Antares Audio Technologies
2009-06-06 15:28 . 2003-06-20 07:58 1777664 ----a-w- g:\windows\system32\gdiplus.dll
2009-06-06 02:59 . 2009-06-06 02:59 -------- d-----w- g:\program files\ASIO4ALL v2
2009-06-06 02:59 . 2009-06-17 06:04 -------- d-----w- g:\program files\VstPlugins
2009-06-06 02:58 . 2009-06-06 02:58 -------- d-----w- g:\program files\Outsim
2009-06-06 02:54 . 2009-06-17 05:27 -------- d-----w- g:\program files\Image-Line
2009-06-02 12:26 . 2008-12-17 19:52 57344 ----a-w- g:\windows\system32\ff_vfw.dll
2009-06-02 12:26 . 2008-06-15 04:31 60273 ----a-w- g:\windows\system32\pthreadGC2.dll
2009-06-02 12:26 . 2008-06-15 04:31 258352 ----a-w- g:\windows\system32\unicows.dll
2009-06-02 12:25 . 2009-06-02 12:25 -------- d-----w- g:\program files\Cucusoft
2009-05-28 13:36 . 2000-05-26 08:27 32128 ----a-w- g:\windows\EMINEM.SCR
2009-05-28 13:36 . 1999-01-07 08:36 76816 ----a-w- g:\windows\system\OX16CLS.DLL
2009-05-28 13:36 . 1999-01-04 08:02 199264 ----a-w- g:\windows\system\OX16SYS.DLL
2009-05-28 13:36 . 1999-01-04 08:02 306736 ----a-w- g:\windows\system\OX16LIB.DLL
2009-05-28 13:36 . 1998-11-16 07:04 55200 ----a-w- g:\windows\system\WAVEX16B.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-25 06:00 . 2008-08-02 16:32 -------- d-----w- g:\docume~1\sumukh\APPLIC~1\uTorrent
2009-06-25 04:00 . 2009-02-07 03:36 -------- d-----w- g:\documents and settings\All Users\Application Data\Google Updater
2009-06-24 14:24 . 2008-08-02 16:33 -------- d-----w- g:\docume~1\sumukh\APPLIC~1\Audacity
2009-06-22 13:43 . 2008-08-02 18:37 -------- d-----w- g:\docume~1\sumukh\APPLIC~1\Yahoo!
2009-06-22 13:42 . 2008-08-02 17:14 -------- d-----w- g:\documents and settings\All Users\Application Data\Yahoo!
2009-06-22 13:42 . 2008-08-02 17:10 -------- d-----w- g:\program files\Yahoo!
2009-06-22 13:42 . 2008-10-08 15:00 -------- d-----w- g:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-06-21 14:20 . 2008-12-16 12:18 -------- d-----w- g:\program files\KeenfinderSrch
2009-06-21 13:18 . 2008-08-04 04:16 107888 ----a-w- g:\windows\system32\CmdLineExt.dll
2009-06-21 12:47 . 2008-08-14 14:56 -------- d-----w- g:\program files\Common Files\Wise Installation Wizard
2009-06-21 12:47 . 2008-08-14 15:40 -------- d-----w- g:\program files\AGEIA Technologies
2009-06-21 12:26 . 2008-08-11 14:08 126160 ----a-w- g:\documents and settings\sumukh\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-19 13:55 . 2008-08-02 16:33 -------- d-----w- g:\program files\Audacity 1.3 Beta
2009-05-07 15:44 . 2004-08-04 00:56 344064 ----a-w- g:\windows\system32\localspl.dll
2009-04-29 04:56 . 2004-08-04 00:56 827392 ----a-w- g:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 00:56 78336 ----a-w- g:\windows\system32\ieencode.dll
2009-04-17 09:58 . 2004-08-03 23:17 1846656 ----a-w- g:\windows\system32\win32k.sys
2009-04-15 15:11 . 2004-08-04 00:56 584192 ----a-w- g:\windows\system32\rpcrt4.dll
2009-04-15 14:24 . 2009-01-24 10:34 43520 ----a-w- g:\windows\system32\CmdLineExt03.dll
2009-04-10 03:25 . 2009-02-03 05:06 89084 ---ha-w- g:\windows\system32\mlfcache.dat
.

------- Sigcheck -------

[-] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 g:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\s vchost.exe
[-] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 g:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\s vchost.exe
[7] 2004-08-04 00:56 14336 8F078AE4ED187AAABC0A305146DE6716 g:\windows\system32\svchost.exe
[7] 2004-08-04 00:56 14336 8F078AE4ED187AAABC0A305146DE6716 g:\windows\system32\dllcache\svchost.exe

[7] 2005-03-02 18:19 577024 1800F293BCCC8EDE8A70E12B88D80036 g:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[7] 2007-03-08 15:48 578048 7AA4F6C00405DFC4B70ED4214E7D687B g:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[7] 2004-08-04 00:56 577024 C72661F8552ACE7C5C85E16A3CF505C4 g:\windows\$NtUninstallKB890859$\user32.dll
[7] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 g:\windows\$NtUninstallKB925902$\user32.dll
[-] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B g:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\u ser32.dll
[-] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B g:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\u ser32.dll
[7] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 g:\windows\system32\user32.dll
[7] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 g:\windows\system32\dllcache\user32.dll

[-] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A g:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\w s2_32.dll
[-] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A g:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\w s2_32.dll
[7] 2004-08-04 00:56 82944 2ED0B7F12A60F90092081C50FA0EC2B2 g:\windows\system32\ws2_32.dll
[7] 2004-08-04 00:56 82944 2ED0B7F12A60F90092081C50FA0EC2B2 g:\windows\system32\dllcache\ws2_32.dll

[-] 2008-04-21 06:56 666624 2E7DE1BF9418B071799EB53DE8CC22F5 g:\windows\$hf_mig$\KB950759\SP2QFE\wininet.dll
[-] 2008-04-21 06:44 666112 2B0C24AA747A93A28987B6D65A4A74BC g:\windows\$hf_mig$\KB950759\SP3GDR\wininet.dll
[-] 2008-04-21 06:24 666624 26F240C250E5B4B395CB4B178BA75437 g:\windows\$hf_mig$\KB950759\SP3QFE\wininet.dll
[-] 2008-06-23 16:12 667136 611ACE3F4201E9610AF8452F7C268995 g:\windows\$hf_mig$\KB953838\SP2QFE\wininet.dll
[-] 2008-06-23 15:09 666112 F12FBB673DE9CC802C5DC518FE99AA2F g:\windows\$hf_mig$\KB953838\SP3GDR\wininet.dll
[-] 2008-06-23 14:54 666624 972299B7241EC325D8C7E5638C884925 g:\windows\$hf_mig$\KB953838\SP3QFE\wininet.dll
[-] 2008-06-23 16:01 827904 C66402A06B83B036C195242C0C8CF83C g:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[-] 2008-08-20 05:33 667648 C91E3A6EF094202F6B5CA8960DFCF243 g:\windows\$hf_mig$\KB956390\SP2QFE\wininet.dll
[-] 2008-08-20 05:30 666112 9AF5F25124FBDC36E2B510729CBA2674 g:\windows\$hf_mig$\KB956390\SP3GDR\wininet.dll
[-] 2008-08-20 04:58 666624 94418F53D2612C26DBADC04DAFBC197C g:\windows\$hf_mig$\KB956390\SP3QFE\wininet.dll
[7] 2008-08-26 09:08 827904 77C192FE56A70D7FA0247BA0A6201C32 g:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[7] 2008-10-16 10:20 667648 93C9D0A216498EE14EB9B26119BB95EE g:\windows\$hf_mig$\KB958215\SP2QFE\wininet.dll
[7] 2008-10-16 01:00 666112 1576318BF08D28CC61D1278114AD8D5B g:\windows\$hf_mig$\KB958215\SP3GDR\wininet.dll
[7] 2008-10-16 01:04 667136 E8FCE58A470999350F64C591557F9E42 g:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll
[7] 2008-10-16 20:24 827904 0D5B75171FF51775B630A431B6C667E8 g:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[7] 2008-12-20 23:56 827904 044E0A4E9FE97C0FB9AFE9C89E2A82E6 g:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[7] 2009-03-03 00:17 828416 C8667854873938CA13C986F16B0CD183 g:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[7] 2009-04-29 04:49 828928 62CCA075F44015147B8971DAFFBCFF76 g:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
[7] 2004-08-04 00:56 656384 C0823FC5469663BA63E7DB88F9919D70 g:\windows\$NtUninstallKB958215$\wininet.dll
[7] 2008-10-16 10:37 659456 6F1E4BFD78C4E0D05FF3725D59B72925 g:\windows\ie7\wininet.dll
[7] 2007-08-13 13:24 818688 A4A0FC92358F39538A6494C42EF99FE9 g:\windows\ie7updates\KB953838-IE7\wininet.dll
[7] 2007-08-13 13:24 818688 A4A0FC92358F39538A6494C42EF99FE9 g:\windows\ie7updates\KB956390-IE7\wininet.dll
[7] 2008-08-26 07:24 826368 EF8EBA98145BFA44E80D17A3B3453300 g:\windows\ie7updates\KB958215-IE7\wininet.dll
[7] 2008-10-16 20:38 826368 6741EAF7B7F110E803A6E38F6E5FA6B0 g:\windows\ie7updates\KB961260-IE7\wininet.dll
[7] 2008-12-20 23:15 826368 A82935D32D0672E8FF4E91AE398E901C g:\windows\ie7updates\KB963027-IE7\wininet.dll
[7] 2009-03-03 00:18 826368 28775945CCD53DEE280EF58DEA1A94C4 g:\windows\ie7updates\KB969897-IE7\wininet.dll
[-] 2008-06-23 16:57 826368 8C13D4A7479FA0A026EDA8ABCE82C0ED g:\windows\SoftwareDistribution\Download\13d5d266d7681d26b42f8dff88cadc20\S P2GDR\wininet.dll
[-] 2008-06-23 16:01 827904 C66402A06B83B036C195242C0C8CF83C g:\windows\SoftwareDistribution\Download\13d5d266d7681d26b42f8dff88cadc20\S P2QFE\wininet.dll
[7] 2008-08-26 07:24 826368 EF8EBA98145BFA44E80D17A3B3453300 g:\windows\SoftwareDistribution\Download\5d9d48823dca01f9929a959c29f5edc4\S P2GDR\wininet.dll
[7] 2008-08-26 09:08 827904 77C192FE56A70D7FA0247BA0A6201C32 g:\windows\SoftwareDistribution\Download\5d9d48823dca01f9929a959c29f5edc4\S P2QFE\wininet.dll
[7] 2008-10-16 20:38 826368 6741EAF7B7F110E803A6E38F6E5FA6B0 g:\windows\SoftwareDistribution\Download\c74979a750f473b6d9d8ef0bba9b356c\S P2GDR\wininet.dll
[7] 2008-10-16 20:24 827904 0D5B75171FF51775B630A431B6C667E8 g:\windows\SoftwareDistribution\Download\c74979a750f473b6d9d8ef0bba9b356c\S P2QFE\wininet.dll
[-] 2008-04-14 00:12 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD g:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\w ininet.dll
[-] 2008-04-14 00:12 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD g:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\w ininet.dll
[7] 2009-04-29 04:56 827392 8E2D471157B0DF329D8D0EA5D83B0DDB g:\windows\system32\wininet.dll
[7] 2009-04-29 04:56 827392 8E2D471157B0DF329D8D0EA5D83B0DDB g:\windows\system32\dllcache\wininet.dll

[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 g:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D g:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E g:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2004-08-03 23:14 359040 9F4B36614A0FC234525BA224957DE55C g:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 g:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\t cpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 g:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\t cpip.sys
[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 g:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 g:\windows\system32\drivers\tcpip.sys

[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E g:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\w inlogon.exe
[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E g:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\w inlogon.exe
[7] 2004-08-04 00:56 502272 01C3346C241652F43AED8E2149881BFE g:\windows\system32\winlogon.exe
[7] 2004-08-04 00:56 502272 01C3346C241652F43AED8E2149881BFE g:\windows\system32\dllcache\winlogon.exe

[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D g:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\n dis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D g:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\n dis.sys
[7] 2004-08-03 23:14 182912 558635D3AF1C7546D26067D5D9B6959E g:\windows\system32\dllcache\ndis.sys
[7] 2004-08-03 23:14 182912 558635D3AF1C7546D26067D5D9B6959E g:\windows\system32\drivers\ndis.sys

[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 g:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\i p6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 g:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\i p6fw.sys
[7] 2004-08-03 23:00 29056 4448006B6BC60E6C027932CFC38D6855 g:\windows\system32\dllcache\ip6fw.sys
[7] 2004-08-03 23:00 29056 4448006B6BC60E6C027932CFC38D6855 g:\windows\system32\drivers\ip6fw.sys

[7] 2005-03-02 00:36 2056832 D8ABA3EAB509627E707A3B14F00FBB6B g:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[7] 2009-02-06 09:49 2062976 9D832AF3FD1917DB0E1E8B2F000A2E3A g:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[7] 2009-02-07 13:32 2066048 5BA7F2141BC6DB06100D0E5A732C617A g:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A g:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 09:18 2062976 63EC865DFF6CCFC7BEF94B5C50297CAD g:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[7] 2008-08-14 09:33 2066048 4AC58F03EB94A72809949D757FC39D80 g:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[7] 2008-08-14 10:09 2066048 A25E9B86EFFB2AF33BF51E676B68BFB0 g:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 09:22 2015744 DC097A896A03B8277457D228FD12D4E6 g:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2004-08-04 01:05 2015232 FB142B7007CA2EEA76966C6C5CC12150 g:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[7] 2009-02-06 16:49 2057728 3006410E24772CC6953F0B5C01BEB35F g:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2008-04-13 18:31 2065792 109F8E3E3C82E337BB71B6BC9B895D61 g:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\n tkrnlpa.exe
[-] 2008-04-13 18:31 2065792 109F8E3E3C82E337BB71B6BC9B895D61 g:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\n tkrnlpa.exe
[7] 2009-02-06 16:49 2015744 B238AB60093BABFE76AEC8F34B4D399D g:\windows\system32\ntkrnlpa.exe
[7] 2009-02-06 16:49 2057728 3006410E24772CC6953F0B5C01BEB35F g:\windows\system32\dllcache\ntkrnlpa.exe

[7] 2005-03-02 01:04 2179456 28187802B7C368C0D3AEF7D4C382AABB g:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[7] 2009-02-06 10:32 2186112 6A936E9D7BADAF3CAAEED1E1966EC1B0 g:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B g:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-07 14:05 2189184 EFE8EACE83EAAD5849A7A548FB75B584 g:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 09:57 2185984 CE69DBD54221F2D40E49FF6DB77C6507 g:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[7] 2008-08-14 10:11 2189184 EEAF32F8E15A24F62BECB1BD403BB5C5 g:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[7] 2008-08-14 10:41 2189184 31914172342BFF330063F343AC6958FE g:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 09:58 2136064 DD31AB4B91C2605601A3C108AF57A0C9 g:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2004-08-03 23:18 2148352 626309040459C3915997EF98EC1C8D40 g:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[7] 2009-02-06 17:24 2180480 FACEBB0CA3154F77009CDFEE78A00BBB g:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2008-04-13 19:27 2188928 0C89243C7C3EE199B96FCC16990E0679 g:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\n toskrnl.exe
[-] 2008-04-13 19:27 2188928 0C89243C7C3EE199B96FCC16990E0679 g:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\n toskrnl.exe
[7] 2009-02-06 17:22 2136064 16B5EBE97F243441264A8F8694C2F2AA g:\windows\system32\ntoskrnl.exe
[7] 2009-02-06 17:24 2180480 FACEBB0CA3154F77009CDFEE78A00BBB g:\windows\system32\dllcache\ntoskrnl.exe

[7] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 g:\windows\explorer.exe
[7] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 g:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[7] 2004-08-04 00:56 1032192 A0732187050030AE399B241436565E64 g:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 g:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\e xplorer.exe
[-] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 g:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\e xplorer.exe
[7] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 g:\windows\system32\dllcache\explorer.exe

[7] 2009-02-06 10:22 110592 4712531AB7A01B7EE059853CA17D39BD g:\windows\$hf_mig$\KB956572\SP2QFE\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 g:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[7] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 g:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[7] 2004-08-04 00:56 108032 C6CE6EEC82F187615D1002BB3BB50ED4 g:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 g:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\s ervices.exe
[-] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 g:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\s ervices.exe
[7] 2009-02-06 17:14 110592 37561F8D4160D62DA86D24AE41FAE8DE g:\windows\system32\services.exe
[7] 2009-02-06 17:14 110592 37561F8D4160D62DA86D24AE41FAE8DE g:\windows\system32\dllcache\services.exe

[-] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 g:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\l sass.exe
[-] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 g:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\l sass.exe
[7] 2004-08-04 00:56 13312 84885F9B82F4D55C6146EBF6065D75D2 g:\windows\system32\lsass.exe
[7] 2004-08-04 00:56 13312 84885F9B82F4D55C6146EBF6065D75D2 g:\windows\system32\dllcache\lsass.exe

[-] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 g:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\c tfmon.exe
[-] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 g:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\c tfmon.exe
[7] 2004-08-04 00:56 15360 24232996A38C0B0CF151C2140AE29FC8 g:\windows\system32\ctfmon.exe
[7] 2004-08-04 00:56 15360 24232996A38C0B0CF151C2140AE29FC8 g:\windows\system32\dllcache\ctfmon.exe

[7] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 g:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[7] 2004-08-04 00:56 57856 7435B108B935E42EA92CA94F59C8E717 g:\windows\$NtUninstallKB896423$\spoolsv.exe
[-] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B g:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\s poolsv.exe
[-] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B g:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\s poolsv.exe
[7] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F g:\windows\system32\spoolsv.exe
[7] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F g:\windows\system32\dllcache\spoolsv.exe

[-] 2008-04-14 00:12 111104 ED7262E52C31CF1625B65039102BC16C g:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\w uauclt.exe
[-] 2008-04-14 00:12 111104 ED7262E52C31CF1625B65039102BC16C g:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\w uauclt.exe
[7] 2008-10-16 08:39 51224 E654B78D2F1D791B30D0ED9A8195EC22 g:\windows\system32\wuauclt.exe
[7] 2008-10-16 08:39 51224 E654B78D2F1D791B30D0ED9A8195EC22 g:\windows\system32\dllcache\wuauclt.exe

[-] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 g:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\u serinit.exe
[-] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 g:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\u serinit.exe
[7] 2004-08-04 00:56 24576 39B1FFB03C2296323832ACBAE50D2AFF g:\windows\system32\userinit.exe
[7] 2004-08-04 00:56 24576 39B1FFB03C2296323832ACBAE50D2AFF g:\windows\system32\dllcache\userinit.exe

[-] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F g:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\t ermsrv.dll
[-] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F g:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\t ermsrv.dll
[7] 2004-08-04 00:56 295424 B60C877D16D9C880B952FDA04ADF16E6 g:\windows\system32\termsrv.dll
[7] 2004-08-04 00:56 295424 B60C877D16D9C880B952FDA04ADF16E6 g:\windows\system32\dllcache\termsrv.dll

[7] 2009-03-21 13:54 989184 80202858D245FF07DAA1739C57A3E19B g:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 g:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[7] 2009-03-21 13:59 991744 DA11D9D6ECBDF0F93436A4B7C13F7BEC g:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[7] 2004-08-04 00:56 983552 888190E31455FAD793312F8D087146EB g:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D g:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\k ernel32.dll
[-] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D g:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\k ernel32.dll
[7] 2009-03-21 14:18 986112 B6ACAED7588295129791E0E6A2B0FADE g:\windows\system32\kernel32.dll
[7] 2009-03-21 14:18 986112 B6ACAED7588295129791E0E6A2B0FADE g:\windows\system32\dllcache\kernel32.dll

[-] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 g:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\p owrprof.dll
[-] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 g:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\p owrprof.dll
[7] 2004-08-04 00:56 17408 1B5F6923ABB450692E9FE0672C897AED g:\windows\system32\powrprof.dll
[7] 2004-08-04 00:56 17408 1B5F6923ABB450692E9FE0672C897AED g:\windows\system32\dllcache\powrprof.dll

[-] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F g:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\i mm32.dll
[-] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F g:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\i mm32.dll
[7] 2004-08-04 00:56 110080 87CA7CE6469577F059297B9D6556D66D g:\windows\system32\imm32.dll
[7] 2004-08-04 00:56 110080 87CA7CE6469577F059297B9D6556D66D g:\windows\system32\dllcache\imm32.dll

[-] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 g:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\s fcfiles.dll
[-] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 g:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\s fcfiles.dll
[7] 2004-08-04 00:56 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 g:\windows\system32\sfcfiles.dll
[7] 2004-08-04 00:56 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 g:\windows\system32\dllcache\sfcfiles.dll

[-] 2008-04-14 00:11 167936 D8849F77C0B66226335A59D26CB4EDC6 g:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\a ppmgmts.dll
[-] 2008-04-14 00:11 167936 D8849F77C0B66226335A59D26CB4EDC6 g:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\a ppmgmts.dll
[7] 2004-08-04 00:56 167936 9C3C12975C97119412802B181FBEEFFE g:\windows\system32\appmgmts.dll
[7] 2004-08-04 00:56 167936 9C3C12975C97119412802B181FBEEFFE g:\windows\system32\dllcache\appmgmts.dll

[-] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 g:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\k bdclass.sys
[-] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 g:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\k bdclass.sys
[7] 2004-08-03 22:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 g:\windows\system32\drivers\kbdclass.sys
.
Sumukh's Avatar
Computer Specs
Junior Member with 3 posts.
  
Join Date: Jun 2009
Experience: Beginner
25-Jun-2009, 03:21 AM #3
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}]
2009-04-09 14:39 688128 ----a-w- g:\program files\Dealio Toolbar\DealioToolbarIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="g:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ctfmon.exe"="g:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"updateMgr"="g:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"Google Update"="g:\documents and settings\sumukh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-20 133104]
"Search Protection"="g:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"YSearchProtection"="g:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Steam"="g:\valve\Condition Zero\Steam.exe" [2003-11-11 1081344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="g:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
"googletalk"="g:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Symantec PIF AlertEng"="g:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"YSearchProtection"="g:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"NvMediaCenter"="g:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"RemoteControl"="g:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="g:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ISUSPM Startup"="g:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"ISUSScheduler"="g:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"QuickTime Task"="g:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="g:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"SunJavaUpdateSched"="g:\program files\Java\jre6\bin\jusched.exe" [2008-12-12 136600]
"avast!"="g:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SearchSettings"="g:\program files\Search Settings\SearchSettings.exe" [2009-04-09 970240]
"nwiz"="nwiz.exe" - g:\windows\system32\nwiz.exe [2007-10-04 1626112]
"SkyTel"="SkyTel.EXE" - g:\windows\SkyTel.exe [2007-08-03 1826816]
"RTHDCPL"="RTHDCPL.EXE" - g:\windows\RTHDCPL.exe [2007-09-27 16844800]

g:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - g:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"g:\\Program Files\\uTorrent\\uTorrent.exe"=
"g:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"g:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"g:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"g:\\Tally\\tally9.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"g:\\Valve\\Condition Zero\\czero.exe"=
"g:\\Valve\\Condition Zero\\hlds.exe"=
"g:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"g:\\Program Files\\iTunes\\iTunes.exe"=
"g:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"g:\\Valve\\Condition Zero\\hltv.exe"=

R1 aswSP;avast! Self Protection;g:\windows\system32\drivers\aswSP.sys [6/21/2009 7:12 PM 114768]
R2 aswFsBlk;aswFsBlk;g:\windows\system32\drivers\aswFsBlk.sys [6/21/2009 7:12 PM 20560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;g:\program files\Viewpoint\Common\ViewpointService.exe [10/26/2008 12:34 PM 24652]
.
Contents of the 'Scheduled Tasks' folder

2009-06-23 g:\windows\Tasks\AppleSoftwareUpdate.job
- g:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 07:04]

2009-06-25 g:\windows\Tasks\Google Software Updater.job
- g:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-12 04:13]

2009-06-24 g:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-688789844-725345543-1003.job
- g:\documents and settings\sumukh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-20 15:07]

2009-06-25 g:\windows\Tasks\WGASetup.job
- g:\windows\system32\KB905474\wgasetup.exe [2009-04-22 16:48]
.
- - - - ORPHANS REMOVED - - - -

BHO-{74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - g:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
HKLM-Run-WinampAgent - g:\program files\Winamp\winampa.exe
HKLM-Run-NBKeyScan - g:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-25 11:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2736)
g:\windows\system32\browselc.dll
g:\program files\Microsoft Office\OFFICE11\msohev.dll
g:\progra~1\AUDIOS~1\AUDIOS~1.DLL
g:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
.
Completion time: 2009-06-25 11:46
ComboFix-quarantined-files.txt 2009-06-25 06:16

Pre-Run: 27,865,874,432 bytes free
Post-Run: 27,974,410,240 bytes free

364 --- E O F --- 2009-06-11 11:08
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply

Tags
b.exe help removal

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.
Thread Tools



Facebook Facebook Twitter Twitter TechGuy.tv TechGuy.tv Mobile TSG Mobile
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 03:49 PM.
Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved.

 Powered by Cermak Technologies, Inc.