Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Xxyxx.dll is not a valid application
   
BullGuard Antivirus Forum > General Security > Updates and Patches > Xxyxx.dll is not a valid application  
Forum Quick Jump
 
New Topic Post reply to : Xxyxx.dll is not a valid application Printable version of : Xxyxx.dll is not a valid application
[ << Previous Thread | Next Thread >> ]

Aly AH
New Member


Date Joined May 2008
Total Posts : 2
  		   Posted 5-12-2008 5:19 (GMT +2)    Quote: Xxyxx.dll is not a valid applicationAlert an admin about: Xxyxx.dll is not a valid application
Hi
I started getting messages when I connect to internet that I have some deadly virus on my pc. I installed McAfee which found and cleaned 311  Trojans from my pc. Now I start getting message that my C:/Windows/System32/xxyxx.dll is not a valid application . Can anyone help??
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12712
  		   Posted 5-12-2008 6:33 (GMT +2)    Quote: Xxyxx.dll is not a valid applicationAlert an admin about: Xxyxx.dll is not a valid application
Hello cool


Click here - ->>  http://www.bullguard.com/forum/14/Before-posting-a-log_43561.html 
 
 
 After You have run the scan tools -
 
Reboot normally
 
Post Hijackthis log along with SuperAntiSpyware log, , C: combofix TXT  in this topic
 
Please copy and paste your log. DO NOT add it as an attachment
Kindly do not annotate or format the log with color or font changes.


Do NOT post your problem in someone elses thread.

Back to Top
 

Aly AH
New Member


Date Joined May 2008
Total Posts : 2
  		   Posted 5-14-2008 7:45 (GMT +2)    Quote: Xxyxx.dll is not a valid applicationAlert an admin about: Xxyxx.dll is not a valid application
Here's all the logs .

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/14/2008 at 10:35 PM

Application Version : 4.0.1154

Core Rules Database Version : 3460
Trace Rules Database Version: 1451

Scan type : Complete Scan
Total Scan Time : 01:03:39

Memory items scanned : 629
Memory threats detected : 3
Registry items scanned : 7019
Registry threats detected : 20
File items scanned : 36890
File threats detected : 10

Adware.Vundo Variant/Resident
C:\WINDOWS\SYSTEM32\SSQRP.DLL
C:\WINDOWS\SYSTEM32\SSQRP.DLL

Trojan.Unclassified/AffiliateBundle
C:\WINDOWS\SYSTEM32\KHFEC.DLL
C:\WINDOWS\SYSTEM32\KHFEC.DLL
C:\WINDOWS\SYSTEM32\HGDAB.DLL
C:\WINDOWS\SYSTEM32\IIIFE.DLL
C:\WINDOWS\SYSTEM32\QOPOM.DLL

Trojan.Downloader-NewJuan/VM
C:\WINDOWS\SYSTEM32\GOGKYIOU.DLL
C:\WINDOWS\SYSTEM32\GOGKYIOU.DLL

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{446624E1-B767-4443-AA6E-0F355CAFD21B}
HKCR\CLSID\{446624E1-B767-4443-AA6E-0F355CAFD21B}
HKCR\CLSID\{446624E1-B767-4443-AA6E-0F355CAFD21B}\InprocServer32
HKCR\CLSID\{446624E1-B767-4443-AA6E-0F355CAFD21B}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{912D4EAD-0F6C-4202-8456-2A92404A33DF}
HKCR\CLSID\{912D4EAD-0F6C-4202-8456-2A92404A33DF}
HKCR\CLSID\{912D4EAD-0F6C-4202-8456-2A92404A33DF}\InprocServer32
HKCR\CLSID\{912D4EAD-0F6C-4202-8456-2A92404A33DF}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{C0D5FE08-0A7E-4533-ABA7-F5D8E0FF629A}
HKCR\CLSID\{C0D5FE08-0A7E-4533-ABA7-F5D8E0FF629A}
HKCR\CLSID\{C0D5FE08-0A7E-4533-ABA7-F5D8E0FF629A}\InprocServer32
HKCR\CLSID\{C0D5FE08-0A7E-4533-ABA7-F5D8E0FF629A}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{446624E1-B767-4443-AA6E-0F355CAFD21B}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{912D4EAD-0F6C-4202-8456-2A92404A33DF}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{446624E1-B767-4443-AA6E-0F355CAFD21B}
HKCR\CLSID\{446624E1-B767-4443-AA6E-0F355CAFD21B}

Trojan.Unknown Origin
HKLM\SOFTWARE\Microsoft\MSSMGR
HKLM\SOFTWARE\Microsoft\MSSMGR#Data
HKLM\SOFTWARE\Microsoft\MSSMGR#Brnd
HKLM\SOFTWARE\Microsoft\MSSMGR#MSLIST

Trojan.Unclassified/MRT-Fake
C:\WINDOWS\SYSTEM32\DWUCQHUK.DLL
C:\WINDOWS\SYSTEM32\MEKPGKIX.DLL

Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\PRQSS.INI
C:\WINDOWS\SYSTEM32\PRQSS.INI2


--------------------------------------------------------------------------------------------------------------------------------------------------------------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:06:11 PM, on 14-May-08
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Users\aliakber\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: {0827aaae-fc0d-54fa-b224-ac607020a805} - {508a0207-06ca-422b-af45-d0cfeaaa7280} - C:\Windows\system32\gogkyiou.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {912D4EAD-0F6C-4202-8456-2A92404A33DF} - C:\Windows\system32\ssqrp.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\khfec.dll,#1
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?EN (file missing)
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v46/scrabblecubes/scrabblecubes.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1A409216-8B9A-43BE-88C9-EB20BB715EDA}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{654E58D7-E8DE-4C8F-AD88-A05E49FB327C}: NameServer = 61.246.200.28 61.246.200.29
O17 - HKLM\System\CS1\Services\Tcpip\..\{1A409216-8B9A-43BE-88C9-EB20BB715EDA}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{1A409216-8B9A-43BE-88C9-EB20BB715EDA}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 7677 bytes

------------------------------------------------------------------------------------------------------------------------------------------------------



ComboFix 08-05-12.1 - aliakber 2008-05-14 22:50:05.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1256.966.1033.18.441 [GMT 5.5:30]
Running from: C:\Users\aliakber\Downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\fqqyiico.dll
C:\Windows\system32\gnmgtstl.dll
C:\Windows\system32\jjrxwlpo.ini
C:\Windows\system32\x64

.
((((((((((((((((((((((((( Files Created from 2008-04-14 to 2008-05-14 )))))))))))))))))))))))))))))))
.

2008-05-14 21:25 . 2008-05-14 21:25 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-05-14 21:25 . 2008-05-14 21:25 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-05-14 21:24 . 2008-05-14 21:24 <DIR> d-------- C:\Users\aliakber\AppData\Roaming\SUPERAntiSpyware.com
2008-05-14 21:24 . 2008-05-14 21:24 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-14 21:23 . 2008-05-14 21:23 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-14 21:09 . 2008-05-14 21:09 <DIR> d-------- C:\Program Files\CCleaner
2008-05-14 21:07 . 2008-05-14 21:07 2,112 --a------ C:\Windows\System32\kssxrfmn.exe
2008-05-13 23:40 . 2008-05-13 23:41 <DIR> d-------- C:\Users\All Users\McAfee
2008-05-13 23:40 . 2008-05-13 23:41 <DIR> d-------- C:\ProgramData\McAfee
2008-05-13 23:38 . 2008-05-14 20:02 <DIR> d-------- C:\Program Files\McAfee
2008-05-13 23:38 . 2008-05-13 23:38 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-05-13 22:08 . 2008-05-14 20:00 <DIR> d-------- C:\Windows\35C03C043F1F42C2A989A757EE691F65.TMP
2008-05-12 18:29 . 2008-05-12 18:29 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-11 20:24 . 2008-05-14 19:48 <DIR> d-------- C:\QUARANTINE
2008-05-07 07:48 . 2008-05-07 07:48 <DIR> d-------- C:\Program Files\Bonjour
2008-05-01 19:09 . 2008-05-01 19:09 <DIR> d-------- C:\Users\All Users\Knowledge Adventure
2008-05-01 19:09 . 2008-05-01 19:09 <DIR> d-------- C:\ProgramData\Knowledge Adventure
2008-05-01 19:09 . 2008-05-01 19:09 <DIR> d-------- C:\Program Files\JumpStart
2008-05-01 19:09 . 2008-05-01 19:09 <DIR> d-------- C:\Program Files\Common Files\Knowledge Adventure
2008-05-01 19:09 . 2008-05-01 19:09 111 --a------ C:\Windows\ka.ini
2008-04-28 19:08 . 2008-04-28 19:08 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-04-26 17:57 . 2008-05-14 22:46 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 5
2008-04-24 13:55 . 2008-05-14 22:58 54,156 --ah----- C:\Windows\QTFont.qfn
2008-04-24 13:55 . 2008-04-24 13:55 1,409 --a------ C:\Windows\QTFont.for
2008-04-23 22:47 . 2008-04-27 23:39 <DIR> d-------- C:\Program Files\MagicISO
2008-04-14 19:39 . 2008-04-14 19:39 <DIR> d-------- C:\Program Files\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-14 16:42 --------- d-----w C:\Program Files\BitComet
2008-05-14 14:30 --------- d-----w C:\ProgramData\pdf995
2008-05-13 16:13 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-09 16:08 --------- d---a-w C:\ProgramData\TEMP
2008-05-07 16:58 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-05-07 02:36 --------- d-----w C:\ProgramData\FLEXnet
2008-05-07 02:18 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-28 13:38 --------- d-----w C:\Program Files\Common Files\Real
2008-04-28 13:36 --------- d-----w C:\Program Files\Real
2008-04-28 03:08 --------- d-----w C:\ProgramData\Symantec
2008-04-28 03:08 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-22 15:08 --------- d-----w C:\Users\aliakber\AppData\Roaming\JustVoip
2008-04-13 03:56 --------- d-----w C:\Users\aliakber\AppData\Roaming\PeerNetworking
2008-04-12 13:16 --------- d-----w C:\Program Files\Windows Mail
2008-04-11 15:44 16 ----a-w C:\Program Files\pos.pos
2008-04-11 15:43 30 ----a-w C:\Program Files\printer.hp3
2008-04-06 12:00 11,325 ----a-w C:\Program Files\UNINSTAL.LOG
2008-04-06 12:00 --------- d-----w C:\Program Files\PROBLEMS
2008-04-06 12:00 --------- d-----w C:\Program Files\docs
2008-03-31 14:15 --------- d-----w C:\Users\aliakber\AppData\Roaming\Apple Computer
2008-03-31 14:14 --------- d-----w C:\Program Files\iTunes
2008-03-31 14:14 --------- d-----w C:\Program Files\iPod
2008-03-31 14:13 --------- d-----w C:\ProgramData\Apple Computer
2008-03-31 14:12 --------- d-----w C:\Program Files\QuickTime
2008-03-29 11:43 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-21 02:05 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-02-21 02:05 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-02-21 02:05 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-02-21 02:05 120,056 ------w C:\Windows\System32\PxCpyI64.exe
2008-02-21 02:05 118,520 ------w C:\Windows\System32\PxInsI64.exe
2008-02-21 02:05 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-02-21 02:04 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-02-21 02:04 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-02-21 02:04 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-02-21 02:04 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-02-21 02:04 682,496 ----a-w C:\Windows\System32\DivX.dll
2008-02-21 02:04 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-02-21 02:04 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-02-21 02:04 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-02-21 02:04 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-02-21 02:04 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-02-21 02:04 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-02-21 02:04 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-02-21 02:03 156,992 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-02-21 02:03 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
2008-02-17 10:59 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-17 10:50 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-17 10:50 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-17 10:50 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-17 10:50 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-17 10:50 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-17 10:49 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-17 10:49 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-17 10:49 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-17 10:49 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-17 10:49 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-17 10:49 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-17 10:49 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-17 10:42 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-02-14 23:19 944,184 ----a-w C:\Windows\System32\winload.exe
2007-09-07 14:14 174 --sha-w C:\Program Files\desktop.ini
2003-01-04 13:26 1,083,392 ----a-w C:\Program Files\alg.exe
2002-04-24 04:02 211,488 ----a-w C:\Program Files\BWCC32.DLL
2002-04-24 04:02 124,468 ----a-w C:\Program Files\UNINSTAL.EXE
1998-02-08 08:48 232,958 ----a-w C:\Program Files\FIRST.HLP
1996-08-25 20:55 10,064 ----a-w C:\Program Files\GAGA1.FON
2006-05-03 09:06 163,328 --sh--r C:\Windows\System32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\Windows\System32\msfDX.dll
.

------- Sigcheck -------

2008-05-07 22:28 803328 82c4070707d100febc3d25cf00b77a4c C:\Windows\System32\drivers\tcpip.sys
2006-11-02 14:28 802816 d944522b048a5feb7700b5170d3d9423 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16386_none_5f4ed3e0926e99e4\tcpip.sys
2008-01-15 23:44 802816 028061c7f6d2d03068c72e2a27e4228a C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16567_none_5f6577ce925d75a7\tcpip.sys
2008-05-07 22:28 803328 82c4070707d100febc3d25cf00b77a4c C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030a\tcpip.sys
2008-01-15 23:44 804352 43eae40b50fe3e60d194dd9c97ebb1fd C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20689_none_5fdb7555ab898001\tcpip.sys
2008-02-17 16:20 806400 52a8bd6294f7d1443c6184c67ae13af4 C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20752_none_5ff4e4f9ab7777f4\tcpip.sys

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{508a0207-06ca-422b-af45-d0cfeaaa7280}]
C:\Windows\system32\gogkyiou.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{912D4EAD-0F6C-4202-8456-2A92404A33DF}]
C:\Windows\system32\ssqrp.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 18:06 201728]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-07 19:55 1006264]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-20 04:46 411768]
"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [2006-12-07 22:19 55416]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2006-09-11 19:51 180224]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 07:30 204800]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-10-18 09:19 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-10-18 09:18 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-10-18 09:18 133656]
"MSServer"="C:\Windows\system32\khfec.dll" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 19:16 4349952 C:\Windows\RtHDVCpl.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-28 19:06 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=C:\Windows\pss\Bluetooth Manager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^aliakber^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office Groove.lnk]
path=C:\Users\aliakber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Groove.lnk
backup=C:\Windows\pss\Microsoft Office Groove.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^aliakber^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Users\aliakber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
--a------ 2007-01-17 19:16 534648 C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
C:\Users\aliakber\Program Files\BitTorrent_DNA\dna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-09-18 19:46 171464 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop SMS]
--a------ 2007-01-19 18:55 1507328 C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
--a------ 2006-11-02 18:05 125440 C:\Windows\ehome\ehTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-02 02:52 3739648 C:\Users\aliakber\AppData\Roaming\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 02:17 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2007-10-18 09:18 166424 C:\Windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup]
--a------ 2006-11-01 13:36 413696 C:\Program Files\TOSHIBA\Utilities\HWSetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2007-10-18 09:19 141848 C:\Windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JustVoip]
--a------ 2007-03-07 16:23 6985264 C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeNotify]
--a------ 2006-11-06 22:44 34352 C:\Program Files\TOSHIBA\Utilities\KeNotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-01-13 14:10 7766016 C:\Windows\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-01-13 14:10 81920 C:\Windows\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
--a------ 2007-01-13 14:10 90191 C:\Windows\system32\nvsvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2007-10-18 09:18 133656 C:\Windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RediffBOL]
C:\Program Files\rediff.com\messenger\Bol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2007-01-18 19:16 4349952 C:\Windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-01-14 17:20 1232896 C:\Program Files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
--a------ 2007-01-29 17:13 509496 C:\Program Files\Toshiba\SmoothView\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL]
--a------ 2006-11-01 16:38 438272 C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-28 19:06 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi]
--a------ 2007-03-02 19:40 577536 C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]
--a------ 2007-02-19 19:30 571024 C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-11-02 18:06 201728 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{50F01C29-6327-4AC4-BD52-9D1AF1DA79F5}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{682F4D40-2797-4808-9F34-7742775207B2}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{CC92F254-312C-40C0-B5C2-16D8D64354FD}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{64E29795-9046-439B-BD79-94A6A7D8096B}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{DEA87B0E-3C2B-491E-A43F-D0FA45B7F9CD}"= UDP:C:\Program Files\BitTorrent_DNA\dna.exe:BitTorrent DNA
"{EE7F55B8-439F-4AF0-8D8E-AA616B26D9C1}"= TCP:C:\Program Files\BitTorrent_DNA\dna.exe:BitTorrent DNA
"{CABEBF76-95D7-4E3D-9313-6D9E5C7C941F}"= UDP:C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe:JustVoip
"{4195A020-A620-46FE-BD48-368A7639DF35}"= TCP:C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe:JustVoip
"{15760EEB-BED5-477D-9248-1BC8AE4394E2}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{3B5226A5-2BCF-4D88-85BB-1ABCE6504614}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{D86A5A2F-36D7-44FB-BD6F-E7B04D5076F8}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1128DBF4-9536-4EBC-AA11-6BA4F623C5BD}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D5C8F6FE-3607-4E7B-8AB4-A78A81820889}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{B4D966D4-569A-4612-8C17-E08DCEB4D255}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{78B2903D-212E-476F-927C-67EF3331EB35}"= UDP:9541:BitComet 9541 TCP
"{BC5CCEDA-9D3D-44B7-A3BF-4C66FB3B7911}"= TCP:9541:BitComet 9541 UDP
"{7F722E96-BBA9-452F-B93F-8DB9F4B44E8E}"= UDP:C:\Program Files\BitTorrent_DNA\dna.exe:BitTorrent DNA
"{A3453C53-F469-4401-951C-1DF87544243C}"= TCP:C:\Program Files\BitTorrent_DNA\dna.exe:BitTorrent DNA
"{A8E713BC-643E-4082-B16E-4844D88229CF}"= UDP:9541:BitComet 9541 TCP
"{027E3B3F-31BF-4474-B8A8-59C374C7F067}"= TCP:9541:BitComet 9541 UDP
"{E4EEA0E2-50F7-4E51-8A43-FC73EC3420D4}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{E9DC19D7-4313-469A-B705-D8DA16F66BA1}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{8D55379B-C967-4C46-901D-248EC94BFA43}"= UDP:C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe:JustVoip
"{4DD3F88B-7B86-4D43-912D-E515EB706956}"= TCP:C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe:JustVoip
"TCP Query User{1D6CA501-B73B-4082-8335-C7EABFD3267D}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitCometBeta - a BitTorrent Client
"UDP Query User{8D7B3DD0-A28B-4E58-8F4F-A0AC34BB14D8}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitCometBeta - a BitTorrent Client
"TCP Query User{EE2E792D-84B1-40A9-BEFB-059D97835769}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitCometBeta - a BitTorrent Client
"UDP Query User{6C77B7C3-27AA-4F86-BC25-E349E077F6CD}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitCometBeta - a BitTorrent Client

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 LPCFilter;LPC Lower Filter Driver;C:\Windows\system32\DRIVERS\LPCFilter.sys [2006-07-28 21:55]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-02 20:26]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-07-14 04:30]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-10-18 09:05]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 17:20]
R3 tosrfec;Bluetooth ACPI;C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 22:02]
S4 KR10I;KR10I;C:\Windows\system32\drivers\kr10i.sys [2007-01-18 20:10]
S4 KR10N;KR10N;C:\Windows\system32\drivers\kr10n.sys [2007-01-18 20:17]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07551878-e14c-11dc-ba23-806e6f6e6963}]
\shell\Auto\command - D:\sal.xls.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\sal.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5dedbc15-6fa9-11dc-bc96-001b38180396}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-05-14 17:31:23 C:\Windows\Tasks\User_Feed_Synchronization-{B56E9FFB-3A4B-427C-BF46-9348884AC787}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-14 22:57:47
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


disk error: C:\Windows\system32\drivers\
disk error: C:\Users\aliakber\AppData\Local\Temp\
disk error: C:\Windows\TEMP\
disk error: C:\Windows\
disk error: C:\Windows\system32\wbem\
disk error: C:\Program Files\Common Files\
disk error: C:\Users\aliakber\AppData\Roaming\
disk error: C:\
disk error: C:\Program Files\
disk error: C:\Users\aliakber\AppData\Local\
disk error: C:\Users\aliakber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
disk error: C:\Windows\Downloaded Program Files\
disk error: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
disk error: C:\Windows\Fonts\
disk error: C:\Windows\system32\

scan completed successfully
hidden files:

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\agrsmsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\System32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-05-14 23:02:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-14 17:32:06

Pre-Run: 37,894,926,336 bytes free
Post-Run: 37,551,415,296 bytes free

352 --- E O F --- 2008-05-05 18:04:18
Back to Top
 
New Topic Post reply to : Xxyxx.dll is not a valid application Printable version of : Xxyxx.dll is not a valid application
 
Forum Information
Currently it is Friday, August 29, 2008 1:49 PM (GMT +2)
There are a total of 61.594 posts in 15.388 threads.
In the last 3 days there were 20 new threads and 52 reply posts. View Active Threads
Who's Online
This forum has 26261 registered members. Please welcome our newest member, M.M Latt.
23 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Trouble removing Trojan.FakeAlert (6)29-08-2008 11:20:50 (Phil86)
Touch, I missed you so much I had to come back:) (14)29-08-2008 11:12:19 (Touch)
Worm.Win32.netbooster removal (2)29-08-2008 11:08:15 (senseisamurai)
Vundo keeps returning (3)29-08-2008 11:06:19 (Touch)
Unknow virus crashed my WindowsXP (0)29-08-2008 09:57:11 (M.M Latt)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard