Unknown Virus - Free Antivirus Forum

Unknown Virus

BullGuard Antivirus Forum > Bullguard zone > BullGuard Trial users > Unknown Virus

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

Atryom
New Member

Date Joined Jan 2008
Total Posts : 12

Posted 5-21-2008 12:45 (GMT +2)

Explorer.exe will randomly shut down, firefox, internet explorer, and other random programs will not load. I cannot access my systeem settings, there apparently aren't the right permissions on my computer. (This is my home computer)

I've run the bullguard antivirus software, combofix, and hijackthis.

When I ran the bullguard software, it found and fixed over 4,500 problems.

Combofix, it tells me that it cannot find c:\windows\rededit.exe and cannot continue.

When running hijackthis, it will randomly freeze, then a window will pop up and tell me that hijackthis has encountered an error, and must be closed.

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 12823

Posted 5-21-2008 4:52 (GMT +2)

Hello

Let´s see if you can use this scannner ->

Download Deckard's System Scanner http://www.techsupportforum.com/sectools/Deckard/dss.exe
to your Desktop. Note: You must be logged onto an account with administrator privileges.

Making sure dss.exe is directly on your desktop, go to Start - Run, and copy/paste the following (then press OK):

"%userprofile%\desktop\dss.exe" /config

When the DSS Configuration display opens click the "Check All" button. Next, Under Main Log, uncheck the following:

System Restore
Temp Cleanup
Process Modules

Then under Options, place a check next to the following:

Backup Registry Hives

Don't make any other changes at this time. Then click the "Scan!" button to start the scan.

Once the scan has completed a textbox will appear - copy/paste those contents back here (main.txt).

(The log can also be found in the C:\Deckard\System Scanner folder)

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

Atryom
New Member

Date Joined Jan 2008
Total Posts : 12

Posted 5-21-2008 7:47 (GMT +2)

Deckard's System Scanner v20071014.68
Run by Owner on 2008-05-21 01:38:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.

Total Physical Memory: 510 MiB (512 MiB recommended).

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-21 01:39:57
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Owner\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: {4f2bb9a4-6d41-383a-6b14-00da80f0ed37} - {73de0f08-ad00-41b6-a383-14d64a9bb2f4} - C:\WINDOWS\system32\jsmoouho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {8A290466-39BD-419B-93DB-0E9599506654} - C:\WINDOWS\system32\vtUnlJaX.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {EA9D7EB3-3410-4EE7-BDEC-23B4FA8F4A19} - C:\WINDOWS\system32\ljJCTmlI.dll
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [BM1be58b12] Rundll32.exe "C:\WINDOWS\system32\hmeeiyqj.dll",s
O4 - HKCU\..\Policies\Explorer\Run: [NTSpool] NTSpool.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Instapp.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: vtUnlJaX - C:\WINDOWS\system32\vtUnlJaX.dll
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\WINDOWS\system32\alg.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
O23 - Service: BGRaSvc - BullGuard - C:\Program Files\BullGuard Ltd\BullGuard\support\bgrasvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MySQL - Unknown owner - C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 5531 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - DefaultIcon - unable to read value

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 BgLiveSvc (BullGuard LiveUpdate) - "c:\program files\bullguard ltd\bullguard\bullguardupdate.exe" <Not Verified; BullGuard Ltd.; BullGuard>
R2 ScsiAccess - c:\windows\system32\scsiaccess.exe

S2 MySQL - "c:\program files\mysql\mysql server 5.0\bin\mysqld-nt" --defaults-file="c:\program files\mysql\mysql server 5.0\my.ini" mysql (file missing)
S2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>
S3 BGRaSvc - "c:\program files\bullguard ltd\bullguard\support\bgrasvc.exe" <Not Verified; BullGuard; BullGuard Internet Security>
S3 WLSetupSvc (Windows Live Setup Service) - "c:\program files\windows live\installer\wlsetupsvc.exe" <Not Verified; Microsoft Corporation; Windows Live installer>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-05-14 18:20:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2008-04-21 and 2008-05-21 -----------------------------

2008-05-21 01:38:36 118272 --a------ C:\WINDOWS\system32\jsmoouho.dll
2008-05-21 01:35:33 109056 --a------ C:\WINDOWS\system32\hmeeiyqj.dll
2008-05-20 18:56:52 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-05-20 18:49:46 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-20 18:49:45 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-05-20 18:31:36 388608 --a------ C:\WINDOWS\system32\CF15601.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 15:19:03 0 d-------- C:\Program Files\SpywareBlaster
2008-05-20 15:16:01 388608 --a------ C:\WINDOWS\system32\CF10051.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 15:14:51 388608 --a------ C:\WINDOWS\system32\CF9826.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 15:14:38 0 d-------- C:\327882R2FWJFW
2008-05-20 01:49:35 0 d-------- C:\Documents and Settings\All Users\Application Data\BullGuard
2008-05-20 01:49:33 0 d-------- C:\Documents and Settings\Owner\Application Data\BullGuard
2008-05-20 01:47:05 0 d-------- C:\Program Files\BullGuard Ltd
2008-05-20 00:45:25 2560 --a------ C:\WINDOWS\system32\baynceau.exe
2008-05-20 00:42:25 94208 --a------ C:\WINDOWS\system32\hqqdjgvr.dll
2008-05-20 00:36:25 117760 --a------ C:\WINDOWS\system32\empreokv.dll
2008-05-20 00:33:25 109056 --a------ C:\WINDOWS\system32\unlpjajq.dll
2008-05-18 15:47:23 0 d-------- C:\Program Files\Trend Micro
2008-05-18 11:22:45 95232 --a------ C:\WINDOWS\system32\fxvqskec.dll
2008-05-18 11:19:47 2048 --a------ C:\WINDOWS\system32\dysbribn.exe
2008-05-18 11:13:52 118784 --a------ C:\WINDOWS\system32\idshsqdp.dll
2008-05-18 11:13:45 109568 --a------ C:\WINDOWS\system32\kcrshwnl.dll
2008-05-17 23:13:47 0 d-------- C:\Program Files\Spcron
2008-05-17 23:09:48 894916 --ahs---- C:\WINDOWS\system32\IlmTCJjl.ini2
2008-05-17 23:09:45 374784 --a------ C:\WINDOWS\system32\ljJCTmlI.dll
2008-05-17 23:08:40 0 d-------- C:\Program Files\Svconr
2008-05-17 23:04:47 0 d-------- C:\WINDOWS\system32\dFrnx18
2008-05-17 23:04:42 28672 --a------ C:\WINDOWS\system32\vtUnlJaX.dll
2008-05-17 23:04:36 40960 --a------ C:\Documents and Settings\Owner\services.exe
2008-05-16 02:03:57 0 d-------- C:\Program Files\winvi
2008-05-16 02:03:48 0 d-------- C:\Temp
2008-05-16 02:03:43 28672 --a------ C:\WINDOWS\system32\ddcCsTNF.dll
2008-05-16 02:03:02 39936 --a------ C:\WINDOWS\17PHolmes1001186(2).exe
2008-05-16 01:25:59 0 d-------- C:\Memorex Vault
2008-05-12 09:43:38 68096 --a------ C:\WINDOWS\b155.exe
2008-05-12 06:19:42 73728 --a------ C:\WINDOWS\b156.exe
2008-04-30 01:50:52 0 d-------- C:\Documents and Settings\Owner\WINDOWS
2008-04-30 01:46:45 0 d-------- C:\Program Files\7-Zip
2008-04-30 01:40:37 0 d-------- C:\Program Files\Elaborate Bytes
2008-04-30 01:28:14 48640 --a------ C:\WINDOWS\system32\rar.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-04-30 00:20:01 0 d-------- C:\Program Files\LimeWire
2008-04-29 12:41:57 0 d-------- C:\Program Files\CCleaner
2008-04-21 16:47:31 0 d-------- C:\Documents and Settings\Owner\dwhelper

-- Find3M Report ---------------------------------------------------------------

2008-05-21 01:36:11 15360 --a------ C:\WINDOWS\TASKMAN.EXE <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-21 01:36:10 32256 --a------ C:\WINDOWS\system32\wupdmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-21 01:36:05 14848 --a------ C:\WINDOWS\system32\tsdiscon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-21 01:36:04 16896 --a------ C:\WINDOWS\system32\tftp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-21 01:36:03 15360 --a------ C:\WINDOWS\system32\taskman.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-21 01:36:03 105984 --a------ C:\WINDOWS\system32\sysocmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-21 01:35:57 25600 --a------ C:\WINDOWS\system32\routemon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-21 01:35:56 3584 --a------ C:\WINDOWS\system32\regedt32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-21 01:35:54 22016 --a------ C:\WINDOWS\system32\qwinsta.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-21 01:35:53 16896 --a------ C:\WINDOWS\system32\qappsrv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-21 01:35:52 49152 --a------ C:\WINDOWS\system32\powercfg.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-21 01:35:51 17920 --a------ C:\WINDOWS\system32\ping.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-21 01:35:51 40448 --a------ C:\WINDOWS\system32\osuninst.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-21 01:35:48 124928 --a------ C:\WINDOWS\system32\net1.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-21 01:35:48 42496 --a------ C:\WINDOWS\system32\net.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-21 01:35:47 53760 --a------ C:\WINDOWS\system32\narrator.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-21 01:35:44 45568 --a------ C:\WINDOWS\system32\mshta.exe <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2008-05-21 01:35:42 143360 --a------ C:\WINDOWS\system32\mobsync.exe <Not Verified; Microsoft Corporation; Microsoft Synchronization Manager>
2008-05-21 01:35:42 72704 --a------ C:\WINDOWS\system32\magnify.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-21 01:35:39 29696 --a------ C:\WINDOWS\system32\lights.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-21 01:35:37 446464 --a------ C:\WINDOWS\system32\igfxcfg.exe <Not Verified; Intel Corporation; Intel(R) Common User Interface>
2008-05-21 01:35:35 20992 --a------ C:\WINDOWS\system32\fontview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-21 01:35:32 1298432 --a------ C:\WINDOWS\system32\dxdiag.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-21 01:35:31 17920 --a------ C:\WINDOWS\system32\dvdupgrd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-21 01:35:30 18432 --a------ C:\WINDOWS\system32\dpnsvr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-21 01:35:30 10752 --a------ C:\WINDOWS\system32\doskey.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-21 01:35:29 15872 --a------ C:\WINDOWS\system32\dmremote.exe <Not Verified; Microsoft Corp.; Logical Disk Manager for Windows NT>
2008-05-21 01:35:28 82432 --a------ C:\WINDOWS\system32\dfrgfat.exe <Not Verified; Microsoft Corp. and Executive Software International, Inc.; Windows Disk Defragmenter>
2008-05-20 18:49:01 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-20 18:20:47 69120 --a------ C:\WINDOWS\system32\notepad.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:56:45 0 d-------- C:\Program Files\Windows NT
2008-05-20 17:56:43 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-20 17:56:42 0 d-------- C:\Program Files\Winamp
2008-05-20 17:56:41 0 d-------- C:\Program Files\Palm
2008-05-20 17:55:21 25600 --a------ C:\WINDOWS\twunk_32.exe <Not Verified; Twain Working Group; Twain Thunker>
2008-05-20 17:55:21 30720 --a------ C:\WINDOWS\system32\xcopy.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:55:20 5632 --a------ C:\WINDOWS\system32\write.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:55:20 32256 --a------ C:\WINDOWS\system32\wpnpinst.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:55:20 17408 --a------ C:\WINDOWS\system32\wpdshextautoplay.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:55:20 32256 --a------ C:\WINDOWS\system32\wpabaln.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:55:19 11776 --a------ C:\WINDOWS\system32\winmsd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:55:19 8192 --a------ C:\WINDOWS\system32\winhlp32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:55:19 65536 --a------ C:\WINDOWS\system32\wextract.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:55:18 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:55:17 289792 --a------ C:\WINDOWS\system32\vssvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:55:17 98304 --a------ C:\WINDOWS\system32\verifier.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:55:17 8704 --a------ C:\WINDOWS\system32\uwdf.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:55:17 50176 --a------ C:\WINDOWS\system32\utilman.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:55:16 18432 --a------ C:\WINDOWS\system32\ups.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:55:15 16896 --a------ C:\WINDOWS\system32\upnpcont.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:55:15 4096 --a------ C:\WINDOWS\system32\unlodctr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:55:15 16896 --a------ C:\WINDOWS\system32\tsshutdn.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:55:15 16384 --a------ C:\WINDOWS\system32\tskill.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:55:15 44544 --a------ C:\WINDOWS\system32\tscupgrd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:55:15 14848 --a------ C:\WINDOWS\system32\tscon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:55:15 31744 --a------ C:\WINDOWS\system32\tracert6.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:55:14 12288 --a------ C:\WINDOWS\system32\tracert.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:55:14 75776 --a------ C:\WINDOWS\system32\telnet.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:55:14 19456 --a------ C:\WINDOWS\system32\tcpsvcs.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:55:14 12288 --a------ C:\WINDOWS\system32\tcmsetup.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:55:14 3072 --a------ C:\WINDOWS\system32\systray.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:55:13 51200 --a------ C:\WINDOWS\system32\syncapp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:55:09 9216 --a------ C:\WINDOWS\system32\subst.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:55:09 14848 --a------ C:\WINDOWS\system32\stimon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:55:09 679936 --a------ C:\WINDOWS\system32\sstext3d.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:55:08 14336 --a------ C:\WINDOWS\system32\ssstars.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:55:08 610304 --a------ C:\WINDOWS\system32\sspipes.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:55:08 18944 --a------ C:\WINDOWS\system32\ssmyst.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:55:08 47104 --a------ C:\WINDOWS\system32\ssmypics.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:55:08 20992 --a------ C:\WINDOWS\system32\ssmarque.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:55:08 393216 --a------ C:\WINDOWS\system32\ssflwbox.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:55:07 19968 --a------ C:\WINDOWS\system32\ssbezier.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:55:03 11776 --a------ C:\WINDOWS\system32\spnpinst.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:55:03 56832 --a------ C:\WINDOWS\system32\sol.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:55:03 131584 --a------ C:\WINDOWS\system32\sndrec32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:55:02 89600 --a------ C:\WINDOWS\system32\smlogsvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:55:02 8192 --a------ C:\WINDOWS\system32\smbinst.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:55:02 26112 --a------ C:\WINDOWS\system32\skeys.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:55:02 70144 --a------ C:\WINDOWS\system32\sigverif.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:55:02 19456 --a------ C:\WINDOWS\system32\shutdown.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:55:02 77824 --a------ C:\WINDOWS\system32\shrpubw.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:55:02 42496 --a------ C:\WINDOWS\system32\shmgrate.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:55:02 14848 --a------ C:\WINDOWS\system32\shadow.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:55:01 9728 --a------ C:\WINDOWS\system32\sfc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:55:01 23040 --a------ C:\WINDOWS\system32\setup.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:55:01 140800 --a------ C:\WINDOWS\system32\sessmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:55:01 95744 --a------ C:\WINDOWS\system32\scardsvr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:55:00 31232 --a------ C:\WINDOWS\system32\sc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:55:00 15872 --a------ C:\WINDOWS\system32\rwinsta.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:55:00 77312 --a------ C:\WINDOWS\system32\rtcshare.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:55:00 132608 --a------ C:\WINDOWS\system32\rsvp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:55:00 24576 --a------ C:\WINDOWS\system32\rsmsink.exe <Not Verified; Microsoft Corporation; Microsoft® Windows Whistler® Operating System>
2008-05-20 17:54:59 49152 --a------ C:\WINDOWS\system32\rsm.exe <Not Verified; Microsoft Corp; Microsoft(R) Windows (R) 2000 Operating System>
2008-05-20 17:54:59 14848 --a------ C:\WINDOWS\system32\rsh.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:59 19968 --a------ C:\WINDOWS\system32\route.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:58 4608 --a------ C:\WINDOWS\system32\regwiz.exe <Not Verified; Microsoft; RegWizExe>
2008-05-20 17:54:58 33792 --a------ C:\WINDOWS\system32\regini.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:58 50176 --a------ C:\WINDOWS\system32\reg.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:58 7168 --a------ C:\WINDOWS\system32\recover.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:57 62464 --a------ C:\WINDOWS\system32\rdpclip.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:57 21504 --a------ C:\WINDOWS\system32\rcp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:57 56832 --a------ C:\WINDOWS\system32\rasphone.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:57 11264 --a------ C:\WINDOWS\system32\rasdial.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:57 11776 --a------ C:\WINDOWS\system32\rasautou.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:57 20480 --a------ C:\WINDOWS\system32\qprocess.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:56 9216 --a------ C:\WINDOWS\system32\proxycfg.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:56 50176 --a------ C:\WINDOWS\system32\proquota.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:56 109568 --a------ C:\WINDOWS\system32\progman.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:56 9216 --a------ C:\WINDOWS\system32\print.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:56 84480 --a------ C:\WINDOWS\system32\pintool.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:55 33280 --a------ C:\WINDOWS\system32\ping6.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:55 15872 --a------ C:\WINDOWS\system32\perfmon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:55 15360 --a------ C:\WINDOWS\system32\pentnt.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:55 21504 --a------ C:\WINDOWS\system32\pathping.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:55 58368 --a------ C:\WINDOWS\system32\packager.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:54 215552 --a------ C:\WINDOWS\system32\osk.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:54 31744 --a------ C:\WINDOWS\system32\ntsd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:53 76800 --a------ C:\WINDOWS\system32\nslookup.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:53 36864 --a------ C:\WINDOWS\system32\netstat.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:53 86016 --a------ C:\WINDOWS\system32\netsh.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:53 331776 --a------ C:\WINDOWS\system32\netsetup.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:53 111104 --a------ C:\WINDOWS\system32\netdde.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:52 4096 --a------ C:\WINDOWS\system32\nddeapir.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:52 20480 --a------ C:\WINDOWS\system32\nbtstat.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:51 600576 --a------ C:\WINDOWS\system32\mstsc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:51 12288 --a------ C:\WINDOWS\system32\mstinit.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:51 6656 --a------ C:\WINDOWS\system32\msswchx.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:51 20992 --a------ C:\WINDOWS\system32\msg.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:50 6144 --a------ C:\WINDOWS\system32\msdtc.exe <Not Verified; Microsoft Corporation; Microsoft Distributed Transaction Coordinator>
2008-05-20 17:54:50 22016 --a------ C:\WINDOWS\system32\mpnotify.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:50 123392 --a------ C:\WINDOWS\system32\mplay32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:50 8192 --a------ C:\WINDOWS\system32\mountvol.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:49 32768 --a------ C:\WINDOWS\system32\mnmsrvc.exe <Not Verified; Microsoft Corporation; Windows® NetMeeting®>
2008-05-20 17:54:49 51712 --a------ C:\WINDOWS\system32\migpwd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:48 85504 --a------ C:\WINDOWS\system32\makecab.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:48 8192 --a------ C:\WINDOWS\system32\lpr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:48 6144 --a------ C:\WINDOWS\system32\lpq.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:48 15360 --a------ C:\WINDOWS\system32\logoff.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:48 100864 --a------ C:\WINDOWS\system32\logagent.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:47 5120 --a------ C:\WINDOWS\system32\lodctr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:47 75264 --a------ C:\WINDOWS\system32\locator.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:47 25088 --a------ C:\WINDOWS\system32\lnkstub.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:47 9728 --a------ C:\WINDOWS\system32\label.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:46 23552 --a------ C:\WINDOWS\system32\ipxroute.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:46 44032 --a------ C:\WINDOWS\system32\ipsec6.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:46 55808 --a------ C:\WINDOWS\system32\ipconfig.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:45 114688 --a------ C:\WINDOWS\system32\igfxzoom.exe <Not Verified; Intel Corporation; Intel(R) Common User Interface>
2008-05-20 17:54:45 94208 --a------ C:\WINDOWS\system32\igfxext.exe <Not Verified; Intel Corporation; Intel(R) Common User Interface>
2008-05-20 17:54:44 114688 --a------ C:\WINDOWS\system32\ialmudlg.exe <Not Verified; Intel(r) Corporation; Uninstset Installation Utility>
2008-05-20 17:54:44 7680 --a------ C:\WINDOWS\system32\hostname.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:44 14848 --a------ C:\WINDOWS\system32\help.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:43 39424 --a------ C:\WINDOWS\system32\grpconv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:43 42496 --a------ C:\WINDOWS\system32\ftp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:43 56320 --a------ C:\WINDOWS\system32\fsutil.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:43 55296 --a------ C:\WINDOWS\system32\freecell.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:43 23040 --a------ C:\WINDOWS\system32\fltmc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:42 3072 --a------ C:\WINDOWS\system32\fixmapi.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:42 158208 --a------ C:\WINDOWS\system32\findstr.exe
2008-05-20 17:54:42 9216 --a------ C:\WINDOWS\system32\find.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:42 14848 --a------ C:\WINDOWS\system32\fc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:42 45568 --a------ C:\WINDOWS\system32\extrac32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:42 8704 --a------ C:\WINDOWS\system32\eventvwr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:42 193024 --a------ C:\WINDOWS\system32\eudcedit.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:42 39424 --a------ C:\WINDOWS\system32\esentutl.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:41 55296 --a------ C:\WINDOWS\system32\dvdplay.exe <Not Verified; ; dvdplay Application>
2008-05-20 17:54:41 249856 --a------ C:\WINDOWS\system32\drmupgds.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:40 83456 --a------ C:\WINDOWS\system32\dpvsetup.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:40 30208 --a------ C:\WINDOWS\system32\dplaysvr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:54:39 224768 --a------ C:\WINDOWS\system32\dmadmin.exe <Not Verified; Microsoft Corp., Veritas Software; Logical Disk Manager for Windows NT>
2008-05-20 17:54:39 4608 --a------ C:\WINDOWS\system32\dllhst3g.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:53:47 17920 --a------ C:\WINDOWS\system32\diskperf.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:53:47 163840 --a------ C:\WINDOWS\system32\diskpart.exe <Not Verified; Microsoft Corporation; Microsoft Corporation Diskpart Application>
2008-05-20 17:53:47 85504 --a------ C:\WINDOWS\system32\diantz.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:53:47 30208 --a------ C:\WINDOWS\system32\ddeshare.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:53:46 5120 --a------ C:\WINDOWS\system32\dcomcnfg.exe <Not Verified; Microsoft Corporation; COM Services>
2008-05-20 17:53:46 13824 --a------ C:\WINDOWS\system32\convert.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:53:46 8192 --a------ C:\WINDOWS\system32\control.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:53:46 17408 --a------ C:\WINDOWS\system32\compact.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:53:45 15872 --a------ C:\WINDOWS\system32\comp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:53:45 63488 --a------ C:\WINDOWS\system32\cmstp.exe <Not Verified; Microsoft Corporation; Microsoft(R) Connection Manager>
2008-05-20 17:53:45 39936 --a------ C:\WINDOWS\system32\cmmon32.exe <Not Verified; Microsoft Corporation; Microsoft(R) Connection Manager>
2008-05-20 17:53:45 47104 --a------ C:\WINDOWS\system32\cmdl32.exe <Not Verified; Microsoft Corporation; Microsoft(R) Connection Manager>
2008-05-20 17:53:45 33280 --a------ C:\WINDOWS\system32\clipsrv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:53:45 102912 --a------ C:\WINDOWS\system32\clipbrd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:53:45 64000 --a------ C:\WINDOWS\system32\cleanmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:53:45 7680 --a------ C:\WINDOWS\system32\ckcnv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:53:45 5632 --a------ C:\WINDOWS\system32\cisvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:53:45 8192 --a------ C:\WINDOWS\system32\cidaemon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:53:44 11264 --a------ C:\WINDOWS\system32\chkntfs.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:53:44 11776 --a------ C:\WINDOWS\system32\chkdsk.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:53:44 80384 --a------ C:\WINDOWS\system32\charmap.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:53:44 18432 --a------ C:\WINDOWS\system32\cacls.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:53:44 5120 --a------ C:\WINDOWS\system32\bootvrfy.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:53:44 4608 --a------ C:\WINDOWS\system32\bootok.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:53:44 71680 --a------ C:\WINDOWS\system32\blastcln.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:53:44 14336 --a------ C:\WINDOWS\system32\auditusr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:53:44 76800 --a------ C:\WINDOWS\system32\attrib.exe
2008-05-20 17:53:44 11264 --a------ C:\WINDOWS\system32\atmadm.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:53:44 25088 --a------ C:\WINDOWS\system32\at.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:53:43 189952 --a------ C:\WINDOWS\system32\WISPTIS.EXE <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:53:43 19456 --a------ C:\WINDOWS\system32\arp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:53:43 142848 --a------ C:\WINDOWS\system32\alg.exe
2008-05-20 17:53:41 118784 --a------ C:\WINDOWS\system32\Prounstl.exe <Not Verified; Intel Corporation; Intel(R) PRO Adapter>
2008-05-20 17:53:40 61440 --a------ C:\WINDOWS\system32\HPZinw12.exe <Not Verified; HP; HP Dot4Net Windows>
2008-05-20 17:53:40 49152 --a------ C:\WINDOWS\system32\DSndUp.exe <Not Verified; Analog Devices Inc.; adi DSndUp>
2008-05-20 17:53:40 45056 --a------ C:\WINDOWS\system32\CleanUp.exe <Not Verified; adi; adi CleanUp>
2008-05-20 17:53:35 10752 --a------ C:\WINDOWS\hh.exe <Not Verified; Microsoft Corporation; HTML Help>
2008-05-20 17:36:32 57856 --a------ C:\WINDOWS\system32\spoolsv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:35:47 1033216 --a------ C:\WINDOWS\explorer.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 17:35:42 13824 --a------ C:\WINDOWS\system32\wscntfy.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 15:30:06 12800 --a------ C:\WINDOWS\system32\mrinfo.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 15:28:42 69632 --a------ C:\WINDOWS\system32\HPZipm12.exe <Not Verified; HP; HP PML>
2008-05-20 04:23:48 37376 --a------ C:\WINDOWS\system32\defrag.exe <Not Verified; Microsoft Corp. and Executive Software International, Inc.; Windows Disk Defragmenter>
2008-05-20 02:57:51 135680 --a------ C:\WINDOWS\system32\taskmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 02:57:47 138752 --a------ C:\WINDOWS\system32\sndvol32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 02:57:40 35840 --a------ C:\WINDOWS\system32\rcimlby.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 02:57:32 78848 --a------ C:\WINDOWS\system32\msiexec.exe <Not Verified; Microsoft Corporation; Windows Installer - Unicode>
2008-05-20 02:57:06 79360 --a------ C:\WINDOWS\system32\rdshost.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 02:56:49 126976 --a------ C:\WINDOWS\system32\mshearts.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 02:56:47 347136 --a------ C:\WINDOWS\system32\tourstart.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 02:56:29 180224 --a------ C:\WINDOWS\system32\dwwin.exe <Not Verified; Microsoft Corporation; Microsoft Application Error Reporting>
2008-05-20 02:56:28 10752 --a------ C:\WINDOWS\system32\dumprep.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 02:56:21 45568 --a------ C:\WINDOWS\system32\drwtsn32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 02:56:18 388608 --a------ C:\WINDOWS\system32\cmd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 02:55:20 114688 --a------ C:\WINDOWS\system32\igfxpers.exe <Not Verified; Intel Corporation; Intel(R) Common User Interface>
2008-05-20 02:55:19 94208 --a------ C:\WINDOWS\system32\igfxtray.exe <Not Verified; Intel Corporation; Intel(R) Common User Interface>
2008-05-20 02:54:11 146432 --a------ C:\WINDOWS\system32\WudfHost.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 02:54:00 150016 --a------ C:\WINDOWS\system32\imapi.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 02:53:08 770048 --a------ C:\WINDOWS\system32\NTSpool.exe
2008-05-20 02:52:56 119808 --a------ C:\WINDOWS\system32\winmine.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 02:52:50 343040 --a------ C:\WINDOWS\system32\mspaint.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 02:52:47 114688 --a------ C:\WINDOWS\system32\calc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 02:52:31 28672 --a------ C:\WINDOWS\system32\verclsid.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 02:52:04 24576 --a------ C:\WINDOWS\system32\userinit.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 02:51:48 514560 --a------ C:\WINDOWS\system32\logonui.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 02:51:19 419840 --a------ C:\WINDOWS\system32\ntvdm.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 02:44:18 220672 --a------ C:\WINDOWS\system32\logon.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-20 02:18:09 98304 --a------ C:\WINDOWS\system32\cscript.exe <Not Verified; Microsoft Corporation; Microsoft (r) Windows Script Host>
2008-05-20 02:18:05 159744 --a------ C:\WINDOWS\system32\igfxsrvc.exe <Not Verified; Intel Corporation; Intel(R) Common User Interface>
2008-05-20 02:00:11 183808 --a------ C:\WINDOWS\system32\accwiz.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-18 16:28:05 0 d-------- C:\Program Files\DivX
2008-05-17 23:34:38 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-16 02:50:33 1626 --a------ C:\WINDOWS\mozver.dat
2008-05-16 02:44:26 0 d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2008-05-08 11:15:10 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-25 02:11:38 0 d-------- C:\Program Files\VstPlugins
2008-04-25 02:06:55 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-04-15 02:13:57 0 d-------- C:\Documents and Settings\Owner\Application Data\FrostWire
2008-04-10 21:15:27 0 d-------- C:\Documents and Settings\Owner\Application Data\Google
2008-04-10 21:14:54 0 d-------- C:\Program Files\Google
2008-04-08 21:39:48 0 d-------- C:\Program Files\Audacity
2008-03-28 16:13:20 0 d-------- C:\Documents and Settings\Owner\Application Data\Arcsoft
2008-03-28 15:53:30 0 d-------- C:\Documents and Settings\Owner\Application Data\Leadertech
2008-03-28 15:49:43 0 d-------- C:\Program Files\Documents To Go
2008-03-28 15:49:43 0 d-------- C:\Program Files\Common Files\DataViz
2008-03-28 15:46:56 0 d-------- C:\Documents and Settings\Owner\Application Data\HotSync
2008-03-27 00:24:42 0 d-------- C:\Program Files\CamStudio
2008-03-26 02:17:44 0 d-------- C:\Program Files\IrfanView

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

-- Hosts -----------------------------------------------------------------------

127.0.0.1 dl2.teenpassage.com
127.0.0.1 ntkrnlpa.info

-- End of Deckard's System Scanner: finished at 2008-05-21 01:41:15 ------------

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 12823

Posted 5-21-2008 12:03 (GMT +2)

Please download:

http://swandog46.geekstogo.com/avenger2/avenger.zip

Right click on the Avenger.zip folder and select "Extract to Avenger...

You will now have an Avenger folder on your desktop.

Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing Ctrl+C

Quote:

Comment:
Custom Avenger script for Bullguard user Atryom

Files to delete:
C:\WINDOWS\system32\jsmoouho.dll
C:\WINDOWS\system32\hmeeiyqj.dll

C:\WINDOWS\system32\baynceau.exe

C:\WINDOWS\system32\hqqdjgvr.dll
C:\WINDOWS\system32\empreokv.dll
C:\WINDOWS\system32\unlpjajq.dll
C:\WINDOWS\system32\fxvqskec.dll
C:\WINDOWS\system32\dysbribn.exe
C:\WINDOWS\system32\idshsqdp.dll
C:\WINDOWS\system32\kcrshwnl.dll

C:\WINDOWS\system32\IlmTCJjl.ini2
C:\WINDOWS\system32\ljJCTmlI.dll

C:\WINDOWS\system32\vtUnlJaX.dll
C:\Documents and Settings\Owner\services.exe

C:\WINDOWS\system32\ddcCsTNF.dll
C:\WINDOWS\17PHolmes1001186(2).exe
C:\WINDOWS\b155.exe
C:\WINDOWS\b156.exe

Drivers to unload:

Viewpoint Manager Service

Folders to delete:
C:\Program Files\LimeWire

C:\Documents and Settings\Owner\Application Data\FrostWire

C:\Program Files\Viewpoint

Make sure the Scan for rootkits is checked ...

& the Automatically disable any rootkits found is NOT checked ...

Click on Execute

Answer "Yes" twice when prompted.

After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt

PPlease copy/paste the content of C:\avenger.txt into your reply along with a fresh HJT log

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

Atryom
New Member

Date Joined Jan 2008
Total Posts : 12

Posted 5-21-2008 4:33 (GMT +2)

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\system32\jsmoouho.dll" deleted successfully.
File "C:\WINDOWS\system32\hmeeiyqj.dll" deleted successfully.
File "C:\WINDOWS\system32\baynceau.exe" deleted successfully.
File "C:\WINDOWS\system32\hqqdjgvr.dll" deleted successfully.
File "C:\WINDOWS\system32\empreokv.dll" deleted successfully.
File "C:\WINDOWS\system32\unlpjajq.dll" deleted successfully.
File "C:\WINDOWS\system32\fxvqskec.dll" deleted successfully.
File "C:\WINDOWS\system32\dysbribn.exe" deleted successfully.
File "C:\WINDOWS\system32\idshsqdp.dll" deleted successfully.
File "C:\WINDOWS\system32\kcrshwnl.dll" deleted successfully.
File "C:\WINDOWS\system32\IlmTCJjl.ini2" deleted successfully.
File "C:\WINDOWS\system32\ljJCTmlI.dll" deleted successfully.
File "C:\WINDOWS\system32\vtUnlJaX.dll" deleted successfully.
File "C:\Documents and Settings\Owner\services.exe" deleted successfully.
File "C:\WINDOWS\system32\ddcCsTNF.dll" deleted successfully.
File "C:\WINDOWS\17PHolmes1001186(2).exe" deleted successfully.
File "C:\WINDOWS\b155.exe" deleted successfully.
File "C:\WINDOWS\b156.exe" deleted successfully.
Driver "Viewpoint Manager Service" deleted successfully.
Folder "C:\Program Files\LimeWire" deleted successfully.
Folder "C:\Documents and Settings\Owner\Application Data\FrostWire" deleted successfully.
Folder "C:\Program Files\Viewpoint" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 12823

Posted 5-22-2008 3:54 (GMT +2)

Go to Start->Run and copy/paste ComboFix /snapshot and hit OK. It should run Combofix and give you a new log ....post the log here, along with new hijackthis log and tell how things are running now ?

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

Atryom
New Member

Date Joined Jan 2008
Total Posts : 12

Posted 6-4-2008 10:07 (GMT +2)

When trying to run combofix, this is the error I recieve.

http://img142.imageshack.us/img142/3316/errorbv4.png

For HijackThis, this is the log:

Logfile of HijackThis v1.99.1
Scan saved at 4:00:12 PM, on 6/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\Owner\lsass.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: {4f2bb9a4-6d41-383a-6b14-00da80f0ed37} - {73de0f08-ad00-41b6-a383-14d64a9bb2f4} - C:\WINDOWS\system32\jsmoouho.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {8A290466-39BD-419B-93DB-0E9599506654} - C:\WINDOWS\system32\vtUnlJaX.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A284EA2D-3599-4945-B73E-42CE76CA8D26} - C:\WINDOWS\system32\ljJCTmlI.dll (file missing)
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [BM1be58b12] Rundll32.exe "C:\WINDOWS\system32\hmeeiyqj.dll",s
O4 - HKLM\..\Run: [18d6b88e] rundll32.exe "C:\WINDOWS\system32\pabacilx.dll",b
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\Owner\lsass.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Instapp.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: vtUnlJaX - vtUnlJaX.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
O23 - Service: BGRaSvc - BullGuard - C:\Program Files\BullGuard Ltd\BullGuard\support\bgrasvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 12823

Posted 6-5-2008 8:39 (GMT +2)

Ok.

Go to http://www.sarc.com/avcenter/FixSirc.com

Download the Fixsirc.com file to a convenient location, such as your download folder or the Windows desktop. If you are on a network, the removal tool should be applied on all computers, including the server.
To check the authenticity of the digital signature, refer the section The digital signature.
Close all programs before running the tool, including any antivirus scanners.

Reboot, and see if You can run combofix ?

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

Atryom
New Member

Date Joined Jan 2008
Total Posts : 12

Posted 6-12-2008 7:04 (GMT +2)

When I ran FixSirc.exe it said there was no Win32.Sircam.Worm@mm infection.

Then I tried running Combofix again, same problem as before.

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 12823

Posted 6-12-2008 7:27 (GMT +2)

Ok.

Download regallow.exe from here and save it to your desktop:

regallow.exe

Confirm that the file regallow.exe now resides on your desktop, double click on the regallow.exe program. When the program launches, click on the Enable Registry Tools button. When it says the tools are enabled, click on the OK button to exit the program.

Reboot, and see if you can run combofix now

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

Atryom
New Member

Date Joined Jan 2008
Total Posts : 12

Posted 6-12-2008 8:32 (GMT +2)

This is the error that I receive. By the way, I really appreciate your help.

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 12823

Posted 6-14-2008 6:33 (GMT +2)

Looks like your profile are corrupted. Try this ->

Log on as the Administrator or as a user with administrator credentials.
2. Click Start, and then click Control Panel.
3. Click User Accounts.
4. Click the Advanced tab, and then click Advanced.
5. In the left pane, click the Users folder.
6. On the Action menu, click New User.
7. Enter the appropriate user information, and then click Create.

You should be able to run combofix now

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

Atryom
New Member

Date Joined Jan 2008
Total Posts : 12

Posted 6-15-2008 8:33 (GMT +2)

Tells me it cannot find C:\WINDOWS\system32\rundll32.exe

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 12823

Posted 6-17-2008 6:55 (GMT +2)

Looks like you have some corrupted or missing system files, I´ll therefore suggest you run this ->

Go to the Run box on the Start Menu and type in:

sfc /scannow

This command will immediately initiate the Windows File Protection service to scan all protected files and verify their integrity, replacing any files with which it finds a problem.

Reboot and tell how things re running now

Do NOT post your problem in someone elses thread.