Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with WinSoftBlue/Trojan


  • This topic is locked This topic is locked
18 replies to this topic

#1 PandaMeatExpress

PandaMeatExpress

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 08 June 2009 - 10:20 AM

Here is a HJT log.

Attached Files



BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:10:07 PM

Posted 08 June 2009 - 10:46 AM

Please don't post your logs as doc or attach it to the thread. Copy and paste it in the thread instead..

* Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.
  • Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

In case you can't run mbam, rename it as promo.exe
This because this malware uses a list of programs that are allowed to run. Everything else is blocked.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 PandaMeatExpress

PandaMeatExpress
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 08 June 2009 - 12:02 PM

Here is the log from MBAM.

------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.37
Database version: 2246
Windows 5.1.2600 Service Pack 2

6/8/2009 12:54:57 PM
mbam-log-2009-06-08 (12-54-57).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|)
Objects scanned: 181126
Time elapsed: 59 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f10587e9-0e47-4cbe-84ae-7dd20b8684bb} (Trojan.BHO) -> Delete on reboot.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

---------------------------------------------------------------

... And here is the log from HJT.

----------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:57:35 AM, on 6/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - (no file)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)
O2 - BHO: (no name) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - (no file)
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [setup2.exe] C:\WINDOWS\system32\setup2.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [setup2.exe] C:\WINDOWS\system32\setup2.exe (User 'Default user')
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} -
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} -
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5209 bytes

Thank you very much...

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:10:07 PM

Posted 08 June 2009 - 12:10 PM

Hi,

I see you are running Teatimer.
I suggest you to disable it because it can interfere with the changes you'll make on your system.
When everything is done and your log is clean again, you can enable it again.
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
How to disable TeaTimer <== click me for instructions.

After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.
Then run ResetTeaTimer.exe.
This will only take a few seconds.


Then, * Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - (no file)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)
O2 - BHO: (no name) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - (no file)
O4 - HKUS\S-1-5-18\..\Run: [setup2.exe] C:\WINDOWS\system32\setup2.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [setup2.exe] C:\WINDOWS\system32\setup2.exe (User 'Default user')
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} -
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} -


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Let me know in your next reply how things are now.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 PandaMeatExpress

PandaMeatExpress
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 08 June 2009 - 05:52 PM

I fixed the entries in HJT, but nothing seems to have changed... I can still run applications and the Internet, but the background is still black and says "Warning! Your system infected", and changing it from the Display Properties screen seems to have no effect.

Here is a new HJT log...

-------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:48:31 PM, on 6/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 4608 bytes

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:10:07 PM

Posted 09 June 2009 - 12:35 AM

Hi,

It certainly won't help if you install extra Antivirus on top, because they cause extra issues.

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix in your next reply.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.


Extra note: The combofix tutorial recommends to disable your Antivirus, in your case McAfee. For McAfee, I rather recommend to temporary uninstall it, because Mcafee causes a lot of problems with Combofix after reboot, this because McAfee enables again after reboot. So please temporary uninstall McAfee first, then reboot and then scan with Combofix.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 PandaMeatExpress

PandaMeatExpress
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 09 June 2009 - 03:21 AM

Oh, sorry about that, I've managed to fix the desktop and everything using SmitFraudFix... However, MBAM consistently reports a registry value as being infected... When I try to remove it, MBAM requests a restart, but then the computer does not restart, and the registry value is present in the next scan. I've tried removing the registry value using regedit but it won't let me delete or rename it.

For the most part everything is safe, but this registry value won't go away. Now what should I do?

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:10:07 PM

Posted 09 June 2009 - 03:38 AM

Hi,

It would be great if you posted the log from MalwareBytes.
Also, I assume that your teatimer is still disabled? Because i know it interferes with registry keys deletion. McAfee has a similar option as well.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 PandaMeatExpress

PandaMeatExpress
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 09 June 2009 - 09:38 AM

Here's the log from MBAM:

--------------------------------------------------

Malwarebytes' Anti-Malware 1.37
Database version: 2252
Windows 5.1.2600 Service Pack 2

6/9/2009 10:39:19 AM
mbam-log-2009-06-09 (10-39-10).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|)
Objects scanned: 182640
Time elapsed: 1 hour(s), 11 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f10587e9-0e47-4cbe-84ae-7dd20b8684bb} (Trojan.BHO) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:10:07 PM

Posted 09 June 2009 - 09:42 AM

Can you also post the log from Combofix I asked? This because that log may show more info of what may still be present (and probably responsible for reloading or locking that key)
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 PandaMeatExpress

PandaMeatExpress
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 09 June 2009 - 10:23 AM

Here's the log from ComboFix:

-----------------------------------------------

ComboFix 09-06-08.05 - Administrator 06/09/2009 11:04.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.209 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090608-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\101z7hacktoo9156.ocx
c:\windows\10245spazbot79a.ocx
c:\windows\10293szy155.bin
c:\windows\103755rzj9ab.dll
c:\windows\10523virzs596.exe
c:\windows\105589pambotz54.bin
c:\windows\105z1worm59d.cpl
c:\windows\10885spy2az9.bin
c:\windows\10909hac5zo9l547.bin
c:\windows\10b9bz9kdoo52483.dll
c:\windows\10f3zow9loader5772.ocx
c:\windows\10ffs5zal15009.exe
c:\windows\11073t5ojzf89.ocx
c:\windows\114z2not-a-5irus90b.ocx
c:\windows\1152st5zl794.dll
c:\windows\11808z5rus945.dll
c:\windows\11905wzrm37a.bin
c:\windows\11z45spambot5f9.cpl
c:\windows\1215zteal959.cpl
c:\windows\12179spambotz5.dll
c:\windows\122e9ddwaze2550.exe
c:\windows\12552wormz5c9.exe
c:\windows\128z9s595c0.ocx
c:\windows\1295do9nloade5158z.bin
c:\windows\12eazdd5are920.bin
c:\windows\12z345ot-a-v9rus419.exe
c:\windows\13101v5ru9zef.dll
c:\windows\13395spaz9o51a2.exe
c:\windows\133z9w5rm218.dll
c:\windows\136429ac5tool2zc.dll
c:\windows\1365ad9warz3196.bin
c:\windows\13bvi529z.exe
c:\windows\13e29pzwa5e23.bin
c:\windows\1408959ruz586.exe
c:\windows\14573not-a-viruz69a.dll
c:\windows\14580hacktzol6e9.dll
c:\windows\14589not-a-zirus57b9.bin
c:\windows\1459szar5e292.ocx
c:\windows\14657zo9m5f3.cpl
c:\windows\15076szambot9a2.exe
c:\windows\153349rzj5f6.cpl
c:\windows\155z6spam5ot779.ocx
c:\windows\15688tzoj5289.ocx
c:\windows\156cv9r2958z.ocx
c:\windows\156ddownl5azer2319.exe
c:\windows\156zddwar510459.ocx
c:\windows\15722zot-a-9i5us692.dll
c:\windows\15795not-a-viru52cz.dll
c:\windows\1580h9cztool4ac.cpl
c:\windows\1582zhack5ool689.exe
c:\windows\1587backdzor9098.bin
c:\windows\15899zorm194.exe
c:\windows\15bcthrea953z04.cpl
c:\windows\16168spy9z05.dll
c:\windows\161cbackd5z92539.exe
c:\windows\16309wor5924z.ocx
c:\windows\163139rzj135.ocx
c:\windows\16479dd5aze560.cpl
c:\windows\165dspa9se19z1.exe
c:\windows\16605not-9-5irus6c2z.dll
c:\windows\166599pyz145.cpl
c:\windows\16858notza9virus558.dll
c:\windows\16859hreat273z0.ocx
c:\windows\169z2worm654.ocx
c:\windows\16z37not-a-virus9175.cpl
c:\windows\172245ot-a-v9rus52z.ocx
c:\windows\17226ziru9415.bin
c:\windows\17250zirus59c.exe
c:\windows\173445ot-a9virusfez.dll
c:\windows\174615py5z79.dll
c:\windows\176fs5e9z2771.bin
c:\windows\17791s5yzf6.exe
c:\windows\17953sp5zb9t225.dll
c:\windows\17ccthze9587.dll
c:\windows\1807vi9u55f5z.ocx
c:\windows\18144worz795.bin
c:\windows\18260ha5kto9l60z.ocx
c:\windows\182t5oj69z.dll
c:\windows\1831backd5zr97.dll
c:\windows\1845threa51z793.ocx
c:\windows\1859downloader2z8.dll
c:\windows\185athz9f1906.dll
c:\windows\18942wz5m9db.bin
c:\windows\1895stealz456.ocx
c:\windows\18992not-z-vir5s596.exe
c:\windows\189z9sp570d9.bin
c:\windows\18df5pyw9rz567.bin
c:\windows\18z15ot-a-vir9s22f.cpl
c:\windows\19069nzt-a-9irus56b5.bin
c:\windows\190azdwar513019.exe
c:\windows\19324vz5us7e3.dll
c:\windows\1958959ruszf.bin
c:\windows\19599wzrm68b.exe
c:\windows\198zspars52905.bin
c:\windows\19958noz-a-vir5s9d.ocx
c:\windows\19959tz9j2d8.exe
c:\windows\19986t5oz219.cpl
c:\windows\19z5stea5560.exe
c:\windows\1a01vi985z.cpl
c:\windows\1a30thi5f1692z.ocx
c:\windows\1b1as9eal754z.ocx
c:\windows\1b5dt9reat23246z.cpl
c:\windows\1bz0spywa59134.dll
c:\windows\1c75baczdoo5409.dll
c:\windows\1c8edowzl9ad5r953.cpl
c:\windows\1d255par9e2z46.bin
c:\windows\1dazsteal27995.dll
c:\windows\1ezback9oor5756.dll
c:\windows\1f0295azse429.exe
c:\windows\1f9cd5wnloadzr4119.dll
c:\windows\1z25down9oader644.exe
c:\windows\1z343viru9755.bin
c:\windows\1z3925rojcc.ocx
c:\windows\1z491s59mbot457.bin
c:\windows\1z50959rm267.cpl
c:\windows\1z515spy95.ocx
c:\windows\1z66spar5e1923.cpl
c:\windows\1z8025o9m9d.exe
c:\windows\1ze9thi9f2355.bin
c:\windows\1zf3spyw5re994.ocx
c:\windows\2065d9wzl5ader2350.cpl
c:\windows\206655pz3569.dll
c:\windows\206dbackd9or159z.exe
c:\windows\206zthrea931574.cpl
c:\windows\20741v5rus797z.bin
c:\windows\20907zirus653.ocx
c:\windows\20z65hac9tool121.dll
c:\windows\210eaddwarz5339.exe
c:\windows\21199wzr5212.cpl
c:\windows\211z4spam5ot1c9.cpl
c:\windows\2122sp5m9ot34z.dll
c:\windows\21326vi9z5414.bin
c:\windows\21507wor979bz.bin
c:\windows\21539hackzo5l693.bin
c:\windows\215535ackt9oz5a2.ocx
c:\windows\21599zdw5re425.bin
c:\windows\217989acktzol358.cpl
c:\windows\21801hzcktool19f5.exe
c:\windows\22332not-z-vir597b3.exe
c:\windows\22452wormz9.dll
c:\windows\22539roj4z55.dll
c:\windows\2258895zktooldb.dll
c:\windows\225z6spyfc9.ocx
c:\windows\22751not5a9virus3z.bin
c:\windows\22760not-a-vi9us4z75.ocx
c:\windows\22819p5mboz2ca.bin
c:\windows\22819spam9ot562z.exe
c:\windows\229059azktoo5726.exe
c:\windows\22939spy56z5.exe
c:\windows\22e6t5zef25659.exe
c:\windows\230985acztool768.exe
c:\windows\231z695rus3ed.bin
c:\windows\23261zroj6d59.exe
c:\windows\23335spyz59.dll
c:\windows\233fz5arse2990.dll
c:\windows\23495szy991.bin
c:\windows\24095zr9j1d7.cpl
c:\windows\24934hacktozl15d5.dll
c:\windows\24c3down9oader5z95.exe
c:\windows\24z27w95m4d2.dll
c:\windows\250909ackt5ozd4.bin
c:\windows\25104not-a-vzru5269.bin
c:\windows\25119not-a-95rusz49.cpl
c:\windows\2519sparze1281.exe
c:\windows\25257hackzoo953c.exe
c:\windows\2530z9py48.cpl
c:\windows\254589rojzcf.cpl
c:\windows\254z45ot-a9virus4e8.exe
c:\windows\25575t9ojzb5.cpl
c:\windows\25597spam9zt1e9.dll
c:\windows\25827not-9-zir5s55b.cpl
c:\windows\25881tzo9b6.cpl
c:\windows\25937worm97z5.ocx
c:\windows\25971worm9z4.cpl
c:\windows\25fzthief2359.cpl
c:\windows\25z0worm9e8.exe
c:\windows\25z27wor9153.cpl
c:\windows\26066h5ckzoo9551.exe
c:\windows\26202s9y58dz.cpl
c:\windows\26298not-a-v9r5sz28.cpl
c:\windows\2650zw9rm204.bin
c:\windows\266ethie9z085.bin
c:\windows\26de9ddw5re125z.bin
c:\windows\270345zrus3a9.dll
c:\windows\270z8wor9205.ocx
c:\windows\27191not-azv5rus298.bin
c:\windows\27198s5am9ot1c8z.exe
c:\windows\27205hac9tooz1f2.exe
c:\windows\27309h5ck9zol62c.bin
c:\windows\27354woz57d9.ocx
c:\windows\274bs9arsez1315.dll
c:\windows\27507spamzot5e39.cpl
c:\windows\275215pyzeb9.dll
c:\windows\2759t9oj7e3z.ocx
c:\windows\27629pa5boz4dd.cpl
c:\windows\278455irus9ze.ocx
c:\windows\27960not-z9virus555.ocx
c:\windows\28002s59752z.ocx
c:\windows\282219ot-a5virzs1fe.exe
c:\windows\28345t5oj20z9.exe
c:\windows\28375hazktool659.dll
c:\windows\28389vi9us5z5.ocx
c:\windows\28398hacktozl29c5.dll
c:\windows\28590spzmbot915.cpl
c:\windows\2869doznl5ader1919.cpl
c:\windows\28852noz-a-vir9sb7.ocx
c:\windows\28979tzo519f.cpl
c:\windows\289zworm5925.exe
c:\windows\28b159wnloadzr1260.exe
c:\windows\28f2b9ckdozr32585.bin
c:\windows\29144zot-9-vi5us669.cpl
c:\windows\29322worm529z.ocx
c:\windows\2934z9roj45d.cpl
c:\windows\2941zir5930.dll
c:\windows\29471viruz5579.dll
c:\windows\295079ot-z-vi5us2e5.cpl
c:\windows\29579wo5mzb5.dll
c:\windows\29598not-z-v9rus41.dll
c:\windows\296es5azse1374.ocx
c:\windows\29705virzs575.exe
c:\windows\2977159t-a-virzs522.dll
c:\windows\29799vzrus1ec5.exe
c:\windows\29840spamb5tza9.exe
c:\windows\29862n9t-az5irus412.cpl
c:\windows\299425acktool76z.bin
c:\windows\29951s5y2zc.cpl
c:\windows\29954szy25.cpl
c:\windows\29a0zteal5316.dll
c:\windows\29b5z5arse847.ocx
c:\windows\29d4s5eal123z.dll
c:\windows\29d8zh5ef175.exe
c:\windows\29ecazdw9re5765.bin
c:\windows\2a589parsez750.ocx
c:\windows\2a5cspywarez987.cpl
c:\windows\2b78ba9z5oor2023.cpl
c:\windows\2bbaspyw9re25z95.dll
c:\windows\2bf2sz9al12445.dll
c:\windows\2c07ste5l29z4.bin
c:\windows\2c37thi5fz509.ocx
c:\windows\2d259irz50.dll
c:\windows\2d31s5arsez5589.dll
c:\windows\2d5ethizf2790.ocx
c:\windows\2dacsz59se1206.exe
c:\windows\2dd0dow9loazer351.exe
c:\windows\2dz059eal2163.ocx
c:\windows\2dzdst5al1299.cpl
c:\windows\2dzst5a92856.exe
c:\windows\2e74add5are14z79.dll
c:\windows\2e99s5ywaze1284.exe
c:\windows\2ea5zpyw9re203.cpl
c:\windows\2f5zbackdoor9255.ocx
c:\windows\2f9d9d5ware1z06.cpl
c:\windows\2z0185py295.exe
c:\windows\2z25sp594.exe
c:\windows\2z8bs9ywar53194.cpl
c:\windows\2z987spambot445.ocx
c:\windows\30070vzr5s7409.cpl
c:\windows\30075p9waze1225.bin
c:\windows\30380nzt-5-vir9s346.bin
c:\windows\30454wozm1159.exe
c:\windows\30523spy259z.dll
c:\windows\3057495oj1cz.dll
c:\windows\31053woz9711.exe
c:\windows\313539iruz655.dll
c:\windows\314z5wo9m454.bin
c:\windows\3151wozm7c59.exe
c:\windows\3162ha5zt9ol1c0.cpl
c:\windows\31794worm55fz.cpl
c:\windows\317z5s591b0.cpl
c:\windows\31895pamboz30.cpl
c:\windows\31z995reat2253.ocx
c:\windows\32139szy6f5.exe
c:\windows\3225thzeat99042.bin
c:\windows\3252zpambo59f8.ocx
c:\windows\32563spy329z.cpl
c:\windows\3258wzr9359.cpl
c:\windows\3276z5py259.cpl
c:\windows\331zbackd5o91785.exe
c:\windows\3403troj9z5.cpl
c:\windows\3451z9y5b9.bin
c:\windows\348095y7ez.bin
c:\windows\34965ot-a-virus6zd.cpl
c:\windows\3514sz5ware17929.exe
c:\windows\35443tz9j284.ocx
c:\windows\3555t9iez1771.dll
c:\windows\3591ha5ktoozb39.dll
c:\windows\35a4backdozr9479.cpl
c:\windows\35a6downlzade93015.cpl
c:\windows\35a7thz9f523.cpl
c:\windows\35detzief259.dll
c:\windows\35zs9ambot4b5.bin
c:\windows\3635back9oor271z.dll
c:\windows\365eazdwa9e5630.ocx
c:\windows\3779hacktoo95dbz.exe
c:\windows\3809spy3z5.ocx
c:\windows\3882wor956z.cpl
c:\windows\3889z5reat7056.bin
c:\windows\3896do9n5oader2z23.exe
c:\windows\3899azdwar51865.cpl
c:\windows\38a4sze9l1517.bin
c:\windows\38aat9zef1445.bin
c:\windows\38z59p5ware695.bin
c:\windows\38z6vi59708.cpl
c:\windows\390z0virus2c15.cpl
c:\windows\392spar5e123z.dll
c:\windows\3935spywz952061.bin
c:\windows\39438wozm3995.exe
c:\windows\39496hzcktool4fe5.bin
c:\windows\3997zpy9are285.ocx
c:\windows\399athr5zt13198.exe
c:\windows\39z90spambo546e.ocx
c:\windows\3bddthz5at228449.cpl
c:\windows\3c69sz9rse5129.exe
c:\windows\3c86downloazer96755.bin
c:\windows\3c985hrezt8959.cpl
c:\windows\3cads9zrse9545.bin
c:\windows\3dd89a5zdoor1335.cpl
c:\windows\3e79spyw5rz1325.bin
c:\windows\3f09zhreat94578.ocx
c:\windows\3f4bspy5ar9271z.ocx
c:\windows\3f67spzrs95174.bin
c:\windows\3f6fz5r2996.cpl
c:\windows\3z10backd9or18285.bin
c:\windows\3z2245roj1a9.bin
c:\windows\3z2bspa5s9131.cpl
c:\windows\3z9e5ownloa9er682.cpl
c:\windows\3z9esteal5264.dll
c:\windows\3zefthief5599.dll
c:\windows\3zf5vir9220.cpl
c:\windows\40089pywzr51299.bin
c:\windows\4025spambzt299.bin
c:\windows\406f9hreat292z5.dll
c:\windows\4092sp5zse1520.dll
c:\windows\4199ste5l1z36.cpl
c:\windows\41be9hzef27435.ocx
c:\windows\424fthr9at19z495.bin
c:\windows\43bcthi5z4389.exe
c:\windows\43dz95ief305.dll
c:\windows\4440do9nload5r11z4.ocx
c:\windows\44595ir2z94.ocx
c:\windows\44abspa59e2261z.dll
c:\windows\44azvi92058.ocx
c:\windows\45059ddzare2221.ocx
c:\windows\4519zir2690.exe
c:\windows\45539roj569z.bin
c:\windows\455fbackzoo59598.exe
c:\windows\457addw59z1668.dll
c:\windows\4594trzj93a.ocx
c:\windows\459bbackdo5r227z.bin
c:\windows\45a7zte5l9725.ocx
c:\windows\45acspy5are971z.ocx
c:\windows\45dzthr5at16976.exe
c:\windows\4601szy7d95.bin
c:\windows\4684viruz49e5.dll
c:\windows\468not-z-v95us35d.exe
c:\windows\46z5vi9252.dll
c:\windows\4775z9arse193.dll
c:\windows\4788ziru52d9.bin
c:\windows\47b59ownloadzr2359.cpl
c:\windows\47cbackdoor1955z.bin
c:\windows\47f5dzwnlo5der9287.exe
c:\windows\47thze95274.dll
c:\windows\4845vi5u978z.exe
c:\windows\48c3thre59151z8.ocx
c:\windows\4931downlo9d5r143z.exe
c:\windows\49385ot-a-virzs964.exe
c:\windows\494cspyware9541z.ocx
c:\windows\4971vir1z55.dll
c:\windows\4985pambot79z.exe
c:\windows\4a6zspar9e500.ocx
c:\windows\4b179o5nlzader3179.bin
c:\windows\4c499teal1z545.bin
c:\windows\4c6aa5dwar94z0.cpl
c:\windows\4c74spywzr95255.bin
c:\windows\4ca9backd5o9z62.ocx
c:\windows\4cd7z9d5are2965.cpl
c:\windows\4d51s95az2522.exe
c:\windows\4d75addwarz2928.ocx
c:\windows\4d95zi92698.cpl
c:\windows\4d985pa9sz448.dll
c:\windows\4f96dow5lzade93173.dll
c:\windows\4fc5zte9l1429.cpl
c:\windows\4z3sp9r5e650.dll
c:\windows\4z95thief1902.cpl
c:\windows\500a9hreat570z.exe
c:\windows\50172no9-a-zirus62f.cpl
c:\windows\502319irusz16.dll
c:\windows\50310t9oj66cz.cpl
c:\windows\50493worm6dz.ocx
c:\windows\50514hacktozl692.exe
c:\windows\50695hreat1z8299.dll
c:\windows\5099wzrm757.cpl
c:\windows\50dbthzeat99575.exe
c:\windows\50z79spy322.bin
c:\windows\5109not-a-virusz579.ocx
c:\windows\5173n5t-a-viz9s220.exe
c:\windows\51809zy7f0.ocx
c:\windows\51aspyware9995z.dll
c:\windows\51za5hreat9891.ocx
c:\windows\52009zea52261.cpl
c:\windows\52182spzmbot7b9.dll
c:\windows\52299viruz649.dll
c:\windows\5255thizf1699.dll
c:\windows\52621z9oj5a5.dll
c:\windows\5271steal9z95.exe
c:\windows\52a69zr1637.bin
c:\windows\52b5zow9loader2646.exe
c:\windows\52d29ownloaze51740.bin
c:\windows\52f6za5kdoor30159.cpl
c:\windows\536bdozn9o5der2640.ocx
c:\windows\5391backdoor9z05.exe
c:\windows\5399zo5-a-vir9s28e.exe
c:\windows\53adstzal1937.cpl
c:\windows\53c5z95al12.cpl
c:\windows\53z6not-a-vir59715.dll
c:\windows\5419a5dwarz2931.dll
c:\windows\54365v9rusz4c.bin
c:\windows\54540s9y137z.bin
c:\windows\5483zpy3559.dll
c:\windows\548cstezl2195.cpl
c:\windows\54e9spywarz125.exe
c:\windows\54zdspy9are946.dll
c:\windows\55246vizus3a49.ocx
c:\windows\5535viz9929.bin
c:\windows\55587wzrm99e.ocx
c:\windows\5585sz9ware624.ocx
c:\windows\5588thiez9180.ocx
c:\windows\5594addware3z4.dll
c:\windows\559backdzo52094.dll
c:\windows\55a09zea51102.exe
c:\windows\55c1spywarez5295.dll
c:\windows\55d0spa5se90z.dll
c:\windows\55ef9pywaze366.cpl
c:\windows\55z2spar5e1399.bin
c:\windows\55z6vir28909.bin
c:\windows\55zspyware3239.dll
c:\windows\56149ir5s67z.cpl
c:\windows\5617not9a-zirus359.bin
c:\windows\563czpars519959.dll
c:\windows\56z2thi5f2090.cpl
c:\windows\56z5s9eal1157.dll
c:\windows\576viz9340.cpl
c:\windows\578bs9eal5z5.dll
c:\windows\5793thr9at526z9.bin
c:\windows\5799thief13z4.exe
c:\windows\579zn5t-a-v9rus53.bin
c:\windows\57c5backdoorz5289.cpl
c:\windows\57e9virz8799.ocx
c:\windows\57fathrza91056.bin
c:\windows\582c9ownloadez103.dll
c:\windows\58355t9oj32z.cpl
c:\windows\5835vir2z619.dll
c:\windows\58395pyware3945z.dll
c:\windows\5850sz9ware2650.cpl
c:\windows\585zaddware967.dll
c:\windows\586zworm195.dll
c:\windows\588zsp93a0.ocx
c:\windows\58d2spa5se2z94.dll
c:\windows\5905noz9a-virus68b.bin
c:\windows\59064szy49d.ocx
c:\windows\5908s95al43z.bin
c:\windows\5909t5rezt26293.ocx
c:\windows\59178wzr97b3.ocx
c:\windows\5930h5ckto9l21z.exe
c:\windows\5936zro933b.dll
c:\windows\5959thie5752z.exe
c:\windows\59760v9rus7z8.bin
c:\windows\597caddwar924z7.ocx
c:\windows\5983thzeat1480.cpl
c:\windows\59a3a5dware9z9.cpl
c:\windows\59abth5eaz59799.exe
c:\windows\59azs9eal3026.cpl
c:\windows\59c9spywarez935.bin
c:\windows\59d2th5ez39.ocx
c:\windows\59dfaddwa9e54z.cpl
c:\windows\59z7spy5are2365.dll
c:\windows\59z90worm340.bin
c:\windows\59zdsparse458.cpl
c:\windows\5a19s9a5se201z.dll
c:\windows\5a57backdoorz89.cpl
c:\windows\5a5dvir9179z.cpl
c:\windows\5a96s9yware1z24.bin
c:\windows\5aa39hreat1z152.ocx
c:\windows\5acfdownloadzr509.exe
c:\windows\5adaszar5e1099.bin
c:\windows\5az5sp95are2239.ocx
c:\windows\5c65bac5zoor6339.cpl
c:\windows\5caasparze32549.exe
c:\windows\5cz69p5ware2949.dll
c:\windows\5d55za9kdoor320.exe
c:\windows\5d5dzp9rse3126.bin
c:\windows\5e09addwarez109.ocx
c:\windows\5e37t9reat1z631.cpl
c:\windows\5e53threat256z99.cpl
c:\windows\5e96downlozder392.bin
c:\windows\5e9a5ackdoorz24.dll
c:\windows\5ea8backzoo93275.exe
c:\windows\5eczthief359.dll
c:\windows\5ed4st9az2301.bin
c:\windows\5f84down9oader56z4.bin
c:\windows\5fd7stz9l2559.dll
c:\windows\5z003spy7e9.dll
c:\windows\5z1cba9kdo5r2006.exe
c:\windows\5z20wo9m605.bin
c:\windows\5z245orm9b0.ocx
c:\windows\5z3069orm5fb.ocx
c:\windows\5z57down9oa5er1267.bin
c:\windows\5z595hief1095.bin
c:\windows\5z95h9cktool567.ocx
c:\windows\6069downlozder2579.ocx
c:\windows\60zd59r3180.exe
c:\windows\6105thief987z.bin
c:\windows\61cfzack9o5r1599.ocx
c:\windows\61z5wormc9.dll
c:\windows\62165ddwarez99.bin
c:\windows\629aaddwarz26755.exe
c:\windows\62z5th9ef2959.bin
c:\windows\62z5troj9ee.cpl
c:\windows\63305ownloaz9r3231.bin
c:\windows\6410not-a-virus95z.ocx
c:\windows\6429zir8185.cpl
c:\windows\6469zh5ef2944.exe
c:\windows\6490spambot5fz5.ocx
c:\windows\650ed5wnload9r11z9.dll
c:\windows\6514dzwnloader19299.exe
c:\windows\653bspy5are193z.cpl
c:\windows\6551spyzar9831.exe
c:\windows\65539zy3f.exe
c:\windows\655dadzware493.dll
c:\windows\6579vzr5317.dll
c:\windows\6583t59ef2z0.dll
c:\windows\6590spy7fz.ocx
c:\windows\6597ste5l4z8.dll
c:\windows\659z9ownloader2533.dll
c:\windows\65efvir9z9.cpl
c:\windows\6606down9oade524z6.bin
c:\windows\6709downloade52136z.bin
c:\windows\6739downlo5derz535.exe
c:\windows\67c9threat257z7.ocx
c:\windows\67eethre9t15955z.exe
c:\windows\67z9dow9l5ader52.bin
c:\windows\6852spzware9038.cpl
c:\windows\68adv9r5608z.bin
c:\windows\69315ir5z9.bin
c:\windows\6933spar5e372z.dll
c:\windows\6948szarse1552.cpl
c:\windows\695adownlzader3004.dll
c:\windows\695t5r9at4993z.exe
c:\windows\6961thief85z.ocx
c:\windows\697atzi5f1182.dll
c:\windows\6a59steal865z.bin
c:\windows\6a9c9hzef5525.exe
c:\windows\6az2s9arse3151.exe
c:\windows\6b69za9kdo5r585.ocx
c:\windows\6b95steal5789z.dll
c:\windows\6d93ba9kdooz2511.ocx
c:\windows\6da9thi5fz875.bin
c:\windows\6dzdt9r5at26440.cpl
c:\windows\6e2dsparsez955.bin
c:\windows\6f9v5z1909.ocx
c:\windows\6ffe5h9eaz16087.bin
c:\windows\6z8cs9ar5e2401.dll
c:\windows\700f9par5e125z.exe
c:\windows\7035spyware2999z.bin
c:\windows\705za59ware1696.dll
c:\windows\7104not-a-vir95zc7.ocx
c:\windows\71405hief3953z.dll
c:\windows\719azir1285.cpl
c:\windows\72035teal195z.exe
c:\windows\7218downzoader5916.bin
c:\windows\725fsp9wzre1617.bin
c:\windows\728th9eaz28055.exe
c:\windows\7296thr9z524358.ocx
c:\windows\730b9hrea5194z4.cpl
c:\windows\735zb9ckdoor1615.ocx
c:\windows\7390stea9215z.cpl
c:\windows\7395backdoo51z39.exe
c:\windows\746cadz5are9299.dll
c:\windows\74ebspywzre5913.ocx
c:\windows\75125ot-a-vz9us1b4.ocx
c:\windows\751e9ownlzader2862.cpl
c:\windows\7520vi9z59.ocx
c:\windows\7560thrz9t30282.bin
c:\windows\759zthr9at14268.exe
c:\windows\75dbbazkdoo926055.cpl
c:\windows\7611tr9jz57.exe
c:\windows\7642not-a9v5rusbez.cpl
c:\windows\766daddwaz92955.cpl
c:\windows\77e5stea955z.dll
c:\windows\77e95ir1z57.dll
c:\windows\77f1vir15z9.dll
c:\windows\78159tzal758.cpl
c:\windows\787dspywa5e1299z.ocx
c:\windows\7980szambo563f.bin
c:\windows\798t5reaz4192.bin
c:\windows\7998tzief5313.exe
c:\windows\79bcth9ez531380.bin
c:\windows\79fa5ackd9zr2180.cpl
c:\windows\79ff5pywar9z78.ocx
c:\windows\79z0v5rus2db.exe
c:\windows\79z1t59j4e7.dll
c:\windows\7abdbackdo9r2075z.exe
c:\windows\7b5bz59al2794.dll
c:\windows\7b5dzir9993.ocx
c:\windows\7b7fzp95are3008.exe
c:\windows\7b96thizf5681.cpl
c:\windows\7bthr5zt9483.exe
c:\windows\7cd2thrz598065.exe
c:\windows\7d1zspy9are5863.cpl
c:\windows\7d69downloadez2485.ocx
c:\windows\7dd6spazs9525.exe
c:\windows\7e97dow5loazer132.bin
c:\windows\7e9ezpar5e9529.bin
c:\windows\7f45thre9t24599z.dll
c:\windows\7fzes9eal6015.exe
c:\windows\7fzfv5r900.dll
c:\windows\7z09thief1965.cpl
c:\windows\7zf5vi9645.ocx
c:\windows\8095troj61z.dll
c:\windows\8121spy559z.bin
c:\windows\8172sz9mbot567.bin
c:\windows\8228not-a5viruz394.exe
c:\windows\8437not-a-vz5us79.cpl
c:\windows\8500hackt95lzb.exe
c:\windows\8509t5oj7abz.exe
c:\windows\85299zrus2ef5.bin
c:\windows\8571vir9zf6.ocx
c:\windows\8589wo5m1e7z.bin
c:\windows\871szyw5re1495.dll
c:\windows\8945pyz55.ocx
c:\windows\8965pzware2558.ocx
c:\windows\8999worz6b5.bin
c:\windows\9010tzr5at31315.bin
c:\windows\9027hacztool350.cpl
c:\windows\905z1spy114.dll
c:\windows\91151ha5ztool128.exe
c:\windows\9117no9za-viru52ce.ocx
c:\windows\9117spamboz545.ocx
c:\windows\912zhack9ool450.ocx
c:\windows\9154spy495z.exe
c:\windows\9159zrus591.exe
c:\windows\91z0backd5or2965.exe
c:\windows\92142tro51z0.bin
c:\windows\92305not-z-virusb6.exe
c:\windows\9238thzeat30975.exe
c:\windows\92bcbackdoo529z6.cpl
c:\windows\9348spzmbo595b.cpl
c:\windows\93e2v5z427.ocx
c:\windows\93z5teal2489.ocx
c:\windows\94115hackt5zl58b.cpl
c:\windows\9457bzckdoor3142.ocx
c:\windows\9457w5rm5z5.bin
c:\windows\946znot-a-9irus548.bin
c:\windows\94701worm52ez.cpl
c:\windows\94942vz5us37.cpl
c:\windows\95310zacktool5f4.dll
c:\windows\9552threatz5330.dll
c:\windows\9555spywarz2474.exe
c:\windows\956backdo5z675.dll
c:\windows\95d1downzoade5934.bin
c:\windows\95z64spam5ot497.ocx
c:\windows\95znot-a-5irus297.ocx
c:\windows\9631spa5se290z.ocx
c:\windows\96fathreaz4395.dll
c:\windows\96z52spy555.dll
c:\windows\97059zcktool252.bin
c:\windows\97241spyz59.ocx
c:\windows\986zteal30985.exe
c:\windows\98z48not-a5virus9b.bin
c:\windows\9913zhacktool159.ocx
c:\windows\9915not-a-5zrus5c3.ocx
c:\windows\99535teaz2228.ocx
c:\windows\99639spy549z.dll
c:\windows\9979zpa5bot520.dll
c:\windows\9981hazk5ool399.cpl
c:\windows\9986vir1z595.dll
c:\windows\99z9hac9tool6c5.cpl
c:\windows\9a5bszeal1866.exe
c:\windows\9a7spy5are2z54.dll
c:\windows\9b3cdown5ozder1976.cpl
c:\windows\9b6backdz5r402.ocx
c:\windows\9c6fzackdoor2475.exe
c:\windows\9czespywar53062.exe
c:\windows\9e9zthreat205795.dll
c:\windows\9z635irus371.bin
c:\windows\9z79worm6425.cpl
c:\windows\a5ezackdoor9472.cpl
c:\windows\a75zir1199.bin
c:\windows\a94bzckdoor8695.cpl
c:\windows\b19t5rezt3130.bin
c:\windows\b75vi986z.bin
c:\windows\bd5thie9354z.cpl
c:\windows\bzv5r1978.dll
c:\windows\c08azdwar9559.cpl
c:\windows\c16st9zl17665.dll
c:\windows\c9ftzief7295.bin
c:\windows\e92a5dware1z8.ocx
c:\windows\ec55parse1592z.exe
c:\windows\f1zbac95oor542.exe
c:\windows\f2dthie5z099.ocx
c:\windows\f6495zeat31650.cpl
c:\windows\f99vir539z.exe
c:\windows\ffddow5lo9der243z.exe
c:\windows\IE4 Error Log.txt
c:\windows\patch.exe
c:\windows\system32\10039worm45cz.dll
c:\windows\system32\1029dowzloader1563.ocx
c:\windows\system32\10578hacktoo94za.bin
c:\windows\system32\10590viru921z.cpl
c:\windows\system32\105965ormzc8.bin
c:\windows\system32\1095thi9515z2.cpl
c:\windows\system32\10a5s9eal3z06.ocx
c:\windows\system32\10z57virus4459.cpl
c:\windows\system32\1102downl9ader9z5.exe
c:\windows\system32\11182tz592e1.bin
c:\windows\system32\11285n5tza-virus92e.bin
c:\windows\system32\1149159y4zf.bin
c:\windows\system32\11596tro57z9.exe
c:\windows\system32\1169659oj1e3z.cpl
c:\windows\system32\1172zvir5s3759.ocx
c:\windows\system32\11781ha5ktoz97d2.cpl
c:\windows\system32\11bdt5ie911z1.exe
c:\windows\system32\12117vi95sz34.bin
c:\windows\system32\12389zir5s23c.ocx
c:\windows\system32\1239addwa5z1215.cpl
c:\windows\system32\12513zroj99f.ocx
c:\windows\system32\12593not-azv5rus269.ocx
c:\windows\system32\12593spam5oz474.ocx
c:\windows\system32\12731zir9s5cf.cpl
c:\windows\system32\12800w5zm9e3.exe
c:\windows\system32\128zvir5429.exe
c:\windows\system32\1296vizus7795.exe
c:\windows\system32\12z909roj335.dll
c:\windows\system32\1300595oz664.cpl
c:\windows\system32\1319zhackto5l38f9.dll
c:\windows\system32\1325v5rus962z.ocx
c:\windows\system32\132975irus7z9.dll
c:\windows\system32\13455haczto9l1f5.bin
c:\windows\system32\13534t5z9515.ocx
c:\windows\system32\1372z9o5-a-virus504.cpl
c:\windows\system32\13803wor945z.bin
c:\windows\system32\138znot-5-virus394.exe
c:\windows\system32\14165i9274z.cpl
c:\windows\system32\14259s9ambot55z.exe
c:\windows\system32\14461s5azb9t77b.cpl
c:\windows\system32\14821s5amboz9e5.dll
c:\windows\system32\1487zspy25b9.ocx
c:\windows\system32\14926troj39z5.ocx
c:\windows\system32\1495zack9ool2ab.bin
c:\windows\system32\14995hazktool9125.dll
c:\windows\system32\14b9thrz596217.bin
c:\windows\system32\14z6thie91159.exe
c:\windows\system32\15085h9cktool3ez5.cpl
c:\windows\system32\152309zy6c9.bin
c:\windows\system32\15291h9cktooz60.bin
c:\windows\system32\15404sp91e5z.exe
c:\windows\system32\15408hacktz9l61d.dll
c:\windows\system32\15431spy5z89.ocx
c:\windows\system32\1545ztro929f.ocx
c:\windows\system32\155dvir79z9.exe
c:\windows\system32\156159wnloaderz425.exe
c:\windows\system32\156275acktoolza9.ocx
c:\windows\system32\15699v9ru52ze.bin
c:\windows\system32\156dvir32z59.bin
c:\windows\system32\15866tr955z0.dll
c:\windows\system32\15894hazktool312.bin
c:\windows\system32\15937hacktozl75.exe
c:\windows\system32\15954spyz9f.exe
c:\windows\system32\15985worm60z5.exe
c:\windows\system32\159eaddware2576z.dll
c:\windows\system32\15c0vi932z.bin
c:\windows\system32\15z55worm795.dll
c:\windows\system32\160ft5reat3z496.ocx
c:\windows\system32\16392zacktoo5176.bin
c:\windows\system32\1653s9ealz850.dll
c:\windows\system32\16694s9amboz5105.dll
c:\windows\system32\16835trzj4d39.bin
c:\windows\system32\1698z9ief5599.ocx
c:\windows\system32\16d9t5zeat25984.ocx
c:\windows\system32\1759spywzre659.dll
c:\windows\system32\1767bac95ooz680.bin
c:\windows\system32\177z595ambot658.cpl
c:\windows\system32\178zvi92517.cpl
c:\windows\system32\17c2s9ywzre757.bin
c:\windows\system32\17z37t59j36b.cpl
c:\windows\system32\18091sz546b.exe
c:\windows\system32\1818vi9zs542.cpl
c:\windows\system32\18299w5rm9z2.ocx
c:\windows\system32\18928zot-a-virus451.bin
c:\windows\system32\1897ba5kdoor2515z.dll
c:\windows\system32\19504hzcktoo946.exe
c:\windows\system32\19506vizus693.exe
c:\windows\system32\19554s9y3d9z.ocx
c:\windows\system32\19855vir9z2ba.ocx
c:\windows\system32\19909ir745z.exe
c:\windows\system32\19935szambot159.cpl
c:\windows\system32\1998459oj5z9.ocx
c:\windows\system32\19a8th5ef495z.dll
c:\windows\system32\19baadzwar5962.ocx
c:\windows\system32\19dzbackdoor150.ocx
c:\windows\system32\19z0wo95313.dll
c:\windows\system32\19z215irus753.exe
c:\windows\system32\19z305acktool373.bin
c:\windows\system32\1a16t9zeat7650.exe
c:\windows\system32\1a30zackd5or2699.dll
c:\windows\system32\1a325dzware2799.bin
c:\windows\system32\1a5cszy9are2758.cpl
c:\windows\system32\1b89backzoor14525.dll
c:\windows\system32\1bc7tzreat5293.bin
c:\windows\system32\1c95thizf145.dll
c:\windows\system32\1ca8s9ywarz533.dll
c:\windows\system32\1ca9zhreat4925.ocx
c:\windows\system32\1d05threa929z995.ocx
c:\windows\system32\1d09tzreat96759.ocx
c:\windows\system32\1d5e95arse7z0.ocx
c:\windows\system32\1d98doz5loader401.dll
c:\windows\system32\1dddo5nl9ader22z7.ocx
c:\windows\system32\1e17szyware9653.exe
c:\windows\system32\1f4a5hr9az5610.cpl
c:\windows\system32\1z074h9c5tool519.dll
c:\windows\system32\1z4535py689.dll
c:\windows\system32\1z788spa59ot430.cpl
c:\windows\system32\1z93ad9ware1652.dll
c:\windows\system32\1z9ds5eal1909.cpl
c:\windows\system32\2009th5ez151.dll
c:\windows\system32\200z79ot-5-virus352.dll
c:\windows\system32\201ft9reat5z921.ocx
c:\windows\system32\201z9ir559.ocx
c:\windows\system32\2035a9dzare2307.exe
c:\windows\system32\2044zvi9us755.cpl
c:\windows\system32\2050s9ambot462z.exe
c:\windows\system32\20575troj9z3.bin
c:\windows\system32\2058znot-a-vir5s6189.bin
c:\windows\system32\20739t5zj67.ocx
c:\windows\system32\2094zvi5us4cc.ocx
c:\windows\system32\20996zot9a-vir5s205.bin
c:\windows\system32\20z85w9rm167.dll
c:\windows\system32\20z95sp5mb9tdf.bin
c:\windows\system32\21256not-a95irzs39f.bin
c:\windows\system32\2152z9ackt5ol375.bin
c:\windows\system32\216559roj6z7.cpl
c:\windows\system32\21913ha5ktozl2c.cpl
c:\windows\system32\22265w9rmzdd.ocx
c:\windows\system32\22454hackzool7459.dll
c:\windows\system32\22494vir5z52f.ocx
c:\windows\system32\22577w5rz9e2.dll
c:\windows\system32\2258thi9z968.exe
c:\windows\system32\22919spam9otze65.bin
c:\windows\system32\22955vizus398.cpl
c:\windows\system32\22c5back59or156z.dll
c:\windows\system32\22z19tr5j795.dll
c:\windows\system32\22z50spamb95651.cpl
c:\windows\system32\23095spambot6eaz.ocx
c:\windows\system32\23267vi9zs235.cpl
c:\windows\system32\232z9spambo5690.cpl
c:\windows\system32\2339zhief5156.dll
c:\windows\system32\238z95roj69c.exe
c:\windows\system32\239zth5ef396.dll
c:\windows\system32\23bfvi957z.dll
c:\windows\system32\23c09iz5955.cpl
c:\windows\system32\24545parse97z.bin
c:\windows\system32\24554s9zmbot5885.exe
c:\windows\system32\2469ztro5149.exe
c:\windows\system32\2473t9reaz16056.exe
c:\windows\system32\248z6hackt9ol50e5.ocx
c:\windows\system32\2503znot-a-viru9cf.ocx
c:\windows\system32\25061vi5u93z.exe
c:\windows\system32\2509zsp9mbot34c.dll
c:\windows\system32\25175spyz965.dll
c:\windows\system32\25354spyz495.exe
c:\windows\system32\25370zpy5f95.ocx
c:\windows\system32\25455tz9j69b.bin
c:\windows\system32\2550spzmbot5d9.ocx
c:\windows\system32\255downzoader2959.ocx
c:\windows\system32\25852spambzt95b.exe
c:\windows\system32\2591zpywa5e561.bin
c:\windows\system32\2595zvirus5915.exe
c:\windows\system32\25bbac9doorz1785.bin
c:\windows\system32\25c7thi9z1469.cpl
c:\windows\system32\25z45worm149.bin
c:\windows\system32\260czh9ef2955.cpl
c:\windows\system32\263fd5wnloadez9674.ocx
c:\windows\system32\26425zrm3e9.ocx
c:\windows\system32\26509worz735.dll
c:\windows\system32\26568spamboz559.bin
c:\windows\system32\2675ackzoor295.dll
c:\windows\system32\26980notza-vir5s43d.bin
c:\windows\system32\269th9eat23z5.cpl
c:\windows\system32\27023hackz9ol6e15.dll
c:\windows\system32\27155spambot189z.dll
c:\windows\system32\27219vir9s6z5.ocx
c:\windows\system32\27542w9zm5.exe
c:\windows\system32\27723not5a9virzs782.dll
c:\windows\system32\2784n5t-a-vi9zs4f1.exe
c:\windows\system32\279675z9m61d.exe
c:\windows\system32\27esparse3z559.cpl
c:\windows\system32\28550viruz3369.exe
c:\windows\system32\285555orm5f9z.exe
c:\windows\system32\28651worz396.cpl
c:\windows\system32\28789not-azvirus357.dll
c:\windows\system32\2891zwor5748.exe
c:\windows\system32\28959spy365z.dll
c:\windows\system32\28z94t59j116.dll
c:\windows\system32\29258not-a-zir5976.exe
c:\windows\system32\29318not-a-vizus1db5.cpl
c:\windows\system32\29458ha9ktozl2bc.ocx
c:\windows\system32\294z5virus6a9.ocx
c:\windows\system32\29528sz91bf.dll
c:\windows\system32\29565spyz52.ocx
c:\windows\system32\29723spam5otz549.cpl
c:\windows\system32\29874spy5z.ocx
c:\windows\system32\299645ozm59.ocx
c:\windows\system32\29991not-a-virus55z.dll
c:\windows\system32\299zt5reat13404.dll
c:\windows\system32\29b2spy5are1921z.bin
c:\windows\system32\29c8threat3850z.bin
c:\windows\system32\29dzspy5are18329.ocx
c:\windows\system32\29z1ba5kdoor2147.exe
c:\windows\system32\2b22zir5769.cpl
c:\windows\system32\2b769tza51414.dll
c:\windows\system32\2bb8a95wzre2518.cpl
c:\windows\system32\2bbbb9ckdo5r38z.ocx
c:\windows\system32\2bz6addw5re10099.dll
c:\windows\system32\2c25thr59z5829.exe
c:\windows\system32\2d9z5pyware2525.ocx
c:\windows\system32\2f75do5nl9ader7z7.bin
c:\windows\system32\2f925tz9l2664.exe
c:\windows\system32\2z261s5y639.cpl
c:\windows\system32\3005a5d9aze1551.dll
c:\windows\system32\303499otza5virus349.cpl
c:\windows\system32\30596not-a-9irusz57.cpl
c:\windows\system32\30694v9zus527.dll
c:\windows\system32\30915pambot1z6.exe
c:\windows\system32\31065spa9zo59d.cpl
c:\windows\system32\3116threz596013.cpl
c:\windows\system32\314caddwz952378.dll
c:\windows\system32\318609ot-a-vzrus5935.bin
c:\windows\system32\319365py597z.dll
c:\windows\system32\31z16not-a9vi5us687.dll
c:\windows\system32\3245zparse1944.exe
c:\windows\system32\32509spy591z.bin
c:\windows\system32\32549woz92e5.bin
c:\windows\system32\32695zpy5c7.ocx
c:\windows\system32\327z5v9rus75e.exe
c:\windows\system32\32z9addware30225.dll
c:\windows\system32\3348thi9f5z4.exe
c:\windows\system32\3395h9cktoo5250z.bin
c:\windows\system32\33z0st59l1531.exe
c:\windows\system32\3459spazse2768.cpl
c:\windows\system32\3471dowzlo9der3265.ocx
c:\windows\system32\355esparse97z5.dll
c:\windows\system32\357729iruz162.cpl
c:\windows\system32\3595sparse2880z.cpl
c:\windows\system32\35e6spywarz2965.exe
c:\windows\system32\368cspywa9e351z.exe
c:\windows\system32\37a2thr5zt86349.cpl
c:\windows\system32\37dds5arse9144z.cpl
c:\windows\system32\37z5sparse9538.ocx
c:\windows\system32\3925tzoj5f.bin
c:\windows\system32\3976backdzo59245.dll
c:\windows\system32\3981worz1535.ocx
c:\windows\system32\399cb5c9zoor1524.dll
c:\windows\system32\39f4s5arsz752.exe
c:\windows\system32\39ffspyware1z35.bin
c:\windows\system32\3a07z5dw9re1942.dll
c:\windows\system32\3aa5b5ckdo9z867.exe
c:\windows\system32\3ac89dd5are285z.cpl
c:\windows\system32\3b5d5py9are15z1.dll
c:\windows\system32\3b85downzoa9er573.bin
c:\windows\system32\3b95bazk5oor454.dll
c:\windows\system32\3c86spyzare3598.bin
c:\windows\system32\3d15az9ware217.exe
c:\windows\system32\3d80spywa5z9630.ocx
c:\windows\system32\3db3spyw9re5z1.exe
c:\windows\system32\3dea59arsez203.bin
c:\windows\system32\3e375pazse9082.ocx
c:\windows\system32\3ec05hzeat11939.dll
c:\windows\system32\3ee5sp9ware1712z.ocx
c:\windows\system32\3eed9zre5t20789.exe
c:\windows\system32\3f5zspyw9re3162.cpl
c:\windows\system32\3z95spy315.dll
c:\windows\system32\4015szarse2096.bin
c:\windows\system32\404Fix.exe
c:\windows\system32\4097spamzot653.bin
c:\windows\system32\4155py59z.exe
c:\windows\system32\415f9tezl463.dll
c:\windows\system32\42755pa9botzb7.bin
c:\windows\system32\4282spzwar526209.cpl
c:\windows\system32\4283thr95z24489.bin
c:\windows\system32\4295vir53z.bin
c:\windows\system32\42cadd59re2349z.ocx
c:\windows\system32\431e9ownloadzr2658.dll
c:\windows\system32\43z9sparse9758.dll
c:\windows\system32\45069zarse577.dll
c:\windows\system32\453cs5y9are2z02.bin
c:\windows\system32\459azpywa5e1509.bin
c:\windows\system32\45b95zr9788.exe
c:\windows\system32\46c1thi9z9965.ocx
c:\windows\system32\470spz5959.ocx
c:\windows\system32\47a2sp5rse9z5.bin
c:\windows\system32\47zdspars95055.cpl
c:\windows\system32\486d5t9alz992.bin
c:\windows\system32\4893n5t-a-vzrus9c0.exe
c:\windows\system32\489fthzeat74405.bin
c:\windows\system32\48f0zddware5849.cpl
c:\windows\system32\4926thi9fz525.dll
c:\windows\system32\4955worm16dz.cpl
c:\windows\system32\4983not-a-vi9us5dz.dll
c:\windows\system32\49c4vz52823.cpl
c:\windows\system32\49z95py5f49.cpl
c:\windows\system32\4b045ackdzor1941.ocx
c:\windows\system32\4b1czd9ware2529.ocx
c:\windows\system32\4bzcthie957.ocx
c:\windows\system32\4c55thiez1839.cpl
c:\windows\system32\4ce3a9dwzre579.dll
c:\windows\system32\4ce5spars91582z.dll
c:\windows\system32\4d20zownl5ad9r509.bin
c:\windows\system32\4e059parz5418.ocx
c:\windows\system32\4f5ath9zat9070.ocx
c:\windows\system32\4fd3baczdo5r1695.dll
c:\windows\system32\4z395py19.dll
c:\windows\system32\4z40backdoo92581.cpl
c:\windows\system32\500z7worm6f9.bin
c:\windows\system32\50155hackzo9l45f.dll
c:\windows\system32\50163virusz93.exe
c:\windows\system32\50839s9ambot60z.ocx
c:\windows\system32\50891spy2ze.dll
c:\windows\system32\50a95zi9f1602.exe
c:\windows\system32\50z2bac9door5090.bin
c:\windows\system32\510z99pambot762.bin
c:\windows\system32\5159t9zef175.cpl
c:\windows\system32\51697spy52z.ocx
c:\windows\system32\51811hack9ozl5f1.exe
c:\windows\system32\51845zi9us412.dll
c:\windows\system32\5193zhack9ool743.dll
c:\windows\system32\5198hacktzol5dc.dll
c:\windows\system32\51dzaddwa5e9926.cpl
c:\windows\system32\52359hiez3085.cpl
c:\windows\system32\524a5dwaze892.ocx
c:\windows\system32\52568sp9f4z.dll
c:\windows\system32\5265b9ckdoorz565.bin
c:\windows\system32\5267w9rz55a.bin
c:\windows\system32\528z99roj98.dll
c:\windows\system32\5293worz7a35.bin
c:\windows\system32\52z09troj2ca.ocx
c:\windows\system32\5356szeal11369.ocx
c:\windows\system32\5384sza5bo92b4.exe
c:\windows\system32\53899zroj329.cpl
c:\windows\system32\539169rojz55.exe
c:\windows\system32\539cthreat9z695.ocx
c:\windows\system32\53c1doznlo9der2502.exe
c:\windows\system32\53d0z5d9are121.cpl
c:\windows\system32\542d9pzrse1534.bin
c:\windows\system32\5445t9ief26z4.exe
c:\windows\system32\5458tzreat29343.bin
c:\windows\system32\54745wor96z7.bin
c:\windows\system32\549dthreatz3658.bin
c:\windows\system32\54e9thzef13259.ocx
c:\windows\system32\55095zrm637.cpl
c:\windows\system32\5517zteal27999.cpl
c:\windows\system32\551es59rse322z.exe
c:\windows\system32\5532zdd9are3169.ocx
c:\windows\system32\5563szea97995.bin
c:\windows\system32\5599v9z2593.bin
c:\windows\system32\559cthreaz10897.exe
c:\windows\system32\55b6down9ozder394.dll
c:\windows\system32\55e0addwar92534z.bin
c:\windows\system32\55f5thief891z.dll
c:\windows\system32\55z8t9oj225.cpl
c:\windows\system32\5646bac9doo525z9.exe
c:\windows\system32\56765zoj695.dll
c:\windows\system32\569629pambot130z.ocx
c:\windows\system32\56ed5wn9oader25z9.exe
c:\windows\system32\5705backdooz2192.bin
c:\windows\system32\573aspyware9141z.ocx
c:\windows\system32\573zir9s795.ocx
c:\windows\system32\57z95ackdoor3258.cpl
c:\windows\system32\58201wor91z5.ocx
c:\windows\system32\5853download9z1515.exe
c:\windows\system32\5861hacztool6249.cpl
c:\windows\system32\58851tro977z.ocx
c:\windows\system32\588c9zreat31855.exe
c:\windows\system32\5895baczdoor2556.ocx
c:\windows\system32\58990spamboz529.bin
c:\windows\system32\5899spazbot18c.cpl
c:\windows\system32\58a9sz59are863.bin
c:\windows\system32\58bc9zwnloader515.dll
c:\windows\system32\58d3addz5re9191.ocx
c:\windows\system32\5906h9cktoozd5.exe
c:\windows\system32\5911threat90z63.dll
c:\windows\system32\5932zvi9us385.bin
c:\windows\system32\59350hazktool415.exe
c:\windows\system32\5940threat15525z.ocx
c:\windows\system32\59443zpy2c59.ocx
c:\windows\system32\5951vir32z9.ocx
c:\windows\system32\59534spz904.dll
c:\windows\system32\5957spazse2559.exe
c:\windows\system32\5958trojzd19.exe
c:\windows\system32\597spywzre1881.dll
c:\windows\system32\5980back9oor14z9.exe
c:\windows\system32\5994b5ckdoorz075.exe
c:\windows\system32\5999spyw9re7z55.dll
c:\windows\system32\599z9spambot32a.exe
c:\windows\system32\59b1spywar5738z.ocx
c:\windows\system32\59bdbackd9oz5534.dll
c:\windows\system32\59ebvzr1563.exe
c:\windows\system32\59z45py96a.bin
c:\windows\system32\59z7backdo9r2775.cpl
c:\windows\system32\5a07thi5fz99.dll
c:\windows\system32\5a23thrz9t25854.cpl
c:\windows\system32\5b6edown9oader2z14.ocx
c:\windows\system32\5be9vir5z30.ocx
c:\windows\system32\5btzre9t3439.exe
c:\windows\system32\5cc8threzt50729.bin
c:\windows\system32\5d11b9ckdoor2569z.exe
c:\windows\system32\5d75a9dwaze2059.exe
c:\windows\system32\5d99baczdoor554.bin
c:\windows\system32\5d9azte9l3215.bin
c:\windows\system32\5d9parsez811.dll
c:\windows\system32\5dbad5wnl9adez1947.exe
c:\windows\system32\5df9sparsez97.cpl
c:\windows\system32\5e1bspazse199.bin
c:\windows\system32\5eb5sp9zse23185.cpl
c:\windows\system32\5ebz95r775.ocx
c:\windows\system32\5f3fvz95.bin
c:\windows\system32\5fbe9ddware5z00.exe
c:\windows\system32\5fdz9eal926.dll
c:\windows\system32\5z20hacktoo9541.bin
c:\windows\system32\5z276spa9bot4e6.dll
c:\windows\system32\5z54hacktool39f.bin
c:\windows\system32\5z55hacktoo954b.ocx
c:\windows\system32\5z66backdoor24539.dll
c:\windows\system32\5z6bs5a9se193.ocx
c:\windows\system32\5z74vir9s74.exe
c:\windows\system32\5z79worm614.exe
c:\windows\system32\5z97steal1281.ocx
c:\windows\system32\5zb6b9ckdoor580.exe
c:\windows\system32\5zdc9pyware3013.cpl
c:\windows\system32\6032doznlo5der1919.dll
c:\windows\system32\61165a9ktool6fz.bin
c:\windows\system32\6139st9zl3057.cpl
c:\windows\system32\6149spyware1z435.exe
c:\windows\system32\62695tezl140.cpl
c:\windows\system32\62zfthreat51869.cpl
c:\windows\system32\6308n95za-virus617.exe
c:\windows\system32\632espar9e533z.bin
c:\windows\system32\63zfbackdo5r9069.dll
c:\windows\system32\6439dow9lo5der309z.ocx
c:\windows\system32\644badd9zre5965.ocx
c:\windows\system32\647cvz928645.exe
c:\windows\system32\64bz95yware2484.ocx
c:\windows\system32\64czs95ware128.cpl
c:\windows\system32\64f4downzo5der3903.ocx
c:\windows\system32\6503vzru96b3.dll
c:\windows\system32\6559sparse308z5.exe
c:\windows\system32\6565wo9m555z.dll
c:\windows\system32\6593sparsz236.exe
c:\windows\system32\6599spars93242z.exe
c:\windows\system32\659fspyza9e2545.exe
c:\windows\system32\65c6viz2793.bin
c:\windows\system32\65z3s9eal2050.exe
c:\windows\system32\66029zwnloader3056.ocx
c:\windows\system32\66cath5e9z3836.ocx
c:\windows\system32\682ez5wnloader2979.bin
c:\windows\system32\6889not-5-virz93c2.ocx
c:\windows\system32\68zesp9rse6805.exe
c:\windows\system32\69125orz31.dll
c:\windows\system32\6922st5al18z7.exe
c:\windows\system32\695btzie9919.cpl
c:\windows\system32\6960w9zm51f.ocx
c:\windows\system32\696dza5kdoor109.cpl
c:\windows\system32\6974zhief5466.dll
c:\windows\system32\697zsparse5714.dll
c:\windows\system32\69a5addwzre450.ocx
c:\windows\system32\69azvir1594.exe
c:\windows\system32\69ccthrza515822.dll
c:\windows\system32\69z3ste5l823.exe
c:\windows\system32\6a3cbac5d9or3z86.dll
c:\windows\system32\6b26szars59250.exe
c:\windows\system32\6bb8d9wn5oaderz385.ocx
c:\windows\system32\6c55downloader3109z.ocx
c:\windows\system32\6d9sp5wzre2972.bin
c:\windows\system32\6d9z9ownloa5er3034.exe
c:\windows\system32\6e4zthreat19465.dll
c:\windows\system32\6ez6s9ywar52798.exe
c:\windows\system32\6f8zthie5901.exe
c:\windows\system32\6z25vir11959.exe
c:\windows\system32\6z59backdoo95340.dll
c:\windows\system32\6z76th5ef28539.ocx
c:\windows\system32\6z909irus5c0.bin
c:\windows\system32\6zfbspywa9e752.ocx
c:\windows\system32\7091zownloade51787.bin
c:\windows\system32\7093hackz59l328.exe
c:\windows\system32\7094szarse592.exe
c:\windows\system32\7151zroj9935.exe
c:\windows\system32\7183th95f1834z.bin
c:\windows\system32\71d25h9zat4334.dll
c:\windows\system32\71e95h9eatz791.ocx
c:\windows\system32\7349sp5zcd.bin
c:\windows\system32\73zaspar9e2550.exe
c:\windows\system32\749b9hief65z.cpl
c:\windows\system32\74z2thie5439.exe
c:\windows\system32\74zbs9arse3501.bin
c:\windows\system32\7519s5eaz565.dll
c:\windows\system32\7528z5ie9713.bin
c:\windows\system32\753zddwa5e943.cpl
c:\windows\system32\75579zr2280.dll
c:\windows\system32\7564not5a-z9rus40a.ocx
c:\windows\system32\7582d5wnloa9er46z.exe
c:\windows\system32\758dt95ef14z0.bin
c:\windows\system32\762fzpywa9e2567.dll
c:\windows\system32\765zvir1396.exe
c:\windows\system32\7695spa9boz772.dll
c:\windows\system32\76eab5ckdo9z511.ocx
c:\windows\system32\776espzwar524219.cpl
c:\windows\system32\78z4vi9us6c75.cpl
c:\windows\system32\794vzr59602.dll
c:\windows\system32\7963backdoorz543.exe
c:\windows\system32\7985add9zre2239.exe
c:\windows\system32\7994vir2z725.dll
c:\windows\system32\79cd5p9ware801z.dll
c:\windows\system32\7a3ebaczdoor3895.bin
c:\windows\system32\7aa35parsez92.cpl
c:\windows\system32\7bb1ad5wa9e26z3.exe
c:\windows\system32\7c15thizf2729.exe
c:\windows\system32\7d5ezpars59464.exe
c:\windows\system32\7dd09hizf556.exe
c:\windows\system32\7dfadow9loaz5r1916.exe
c:\windows\system32\7f09sz5rse499.ocx
c:\windows\system32\7fb3threa5z9792.exe
c:\windows\system32\7fc55pazse20799.bin
c:\windows\system32\7z50downloa9e5774.dll
c:\windows\system32\7z75sparse2960.exe
c:\windows\system32\7z92spyware5575.ocx
c:\windows\system32\8025spy95z.dll
c:\windows\system32\8092tro56z9.dll
c:\windows\system32\8528zpy699.dll
c:\windows\system32\852z9pamb5t4ee.cpl
c:\windows\system32\8589hack9zol504.ocx
c:\windows\system32\8590no9-a-ziru53b9.exe
c:\windows\system32\8750szy594.cpl
c:\windows\system32\8753zirus579.dll
c:\windows\system32\88zvi530189.exe
c:\windows\system32\899vir2510z.ocx
c:\windows\system32\89sparsz665.cpl
c:\windows\system32\8e9baz5doo92369.ocx
c:\windows\system32\901725pamzot564.ocx
c:\windows\system32\90228hacktool55z.exe
c:\windows\system32\9057vir1935z.ocx
c:\windows\system32\905threatz658.exe
c:\windows\system32\905zspambot771.cpl
c:\windows\system32\90736wzrm658.exe
c:\windows\system32\90a15zr2185.bin
c:\windows\system32\9140vi9u5z94.dll
c:\windows\system32\92583spambot7e7z.ocx
c:\windows\system32\927325py269z.dll
c:\windows\system32\92z08vir5s1ce.ocx
c:\windows\system32\92z9virus145.ocx
c:\windows\system32\9355t95z59d.bin
c:\windows\system32\9356za5ktool1ba.bin
c:\windows\system32\93854troj564z.dll
c:\windows\system32\93z50t5oj157.bin
c:\windows\system32\940zhacktool295.bin
c:\windows\system32\9412worm7z5.bin
c:\windows\system32\94528vizus54e.ocx
c:\windows\system32\945viz2592.dll
c:\windows\system32\9468hackz9o5459.bin
c:\windows\system32\949zpywar53103.dll
c:\windows\system32\9500stezl1740.bin
c:\windows\system32\9502backdoor2z56.cpl
c:\windows\system32\9520ztroj95.exe
c:\windows\system32\9530spazse5209.cpl
c:\windows\system32\953z7vi5us1a.dll
c:\windows\system32\9545virus295z.dll
c:\windows\system32\9569tz9j5d.exe
c:\windows\system32\95708spambot84z.ocx
c:\windows\system32\9585troj68z.exe
c:\windows\system32\95925troj1az.bin
c:\windows\system32\95a5addwarez893.bin
c:\windows\system32\95dthze5t8766.bin
c:\windows\system32\95z5spam9ot5bd.exe
c:\windows\system32\95z8spyf95.exe
c:\windows\system32\95zt9ief2995.ocx
c:\windows\system32\9617dowzloa5er391.bin
c:\windows\system32\9645spazbot56.exe
c:\windows\system32\965495orm7c2z.exe
c:\windows\system32\9659szambot534.cpl
c:\windows\system32\966355pz5a2.bin
c:\windows\system32\968zvirusf59.ocx
c:\windows\system32\9695zhacktool4a6.exe
c:\windows\system32\9762threat1203z5.exe
c:\windows\system32\9768szeal5539.cpl
c:\windows\system32\97742vzrus4885.ocx
c:\windows\system32\97863troz659.dll
c:\windows\system32\9786th5zf2190.bin
c:\windows\system32\979zsp5ware3175.bin
c:\windows\system32\981ethreatz1550.ocx
c:\windows\system32\98z2w59m502.ocx
c:\windows\system32\9919tro51z7.cpl
c:\windows\system32\9969s5ambot6c1z.cpl
c:\windows\system32\99716notza-5irus8e.ocx
c:\windows\system32\99817worm5ez.exe
c:\windows\system32\99e7z5r388.cpl
c:\windows\system32\9addownloa5ez2530.dll
c:\windows\system32\9b53thizf2605.cpl
c:\windows\system32\9bbevir58z3.dll
c:\windows\system32\9cectzreat24285.dll
c:\windows\system32\9d4z5teal1518.ocx
c:\windows\system32\9d7zackd5or3222.cpl
c:\windows\system32\9de5downlozder659.exe
c:\windows\system32\9dz0downloader1558.exe
c:\windows\system32\9dz8sparse24495.cpl
c:\windows\system32\9z13thief2590.bin
c:\windows\system32\9z7addware935.bin
c:\windows\system32\9z84t5oj6b9.cpl
c:\windows\system32\9z954tro5369.exe
c:\windows\system32\a16downlz5der4249.cpl
c:\windows\system32\a50zte9l1395.dll
c:\windows\system32\a59steaz12775.exe
c:\windows\system32\a6zvir985.bin
c:\windows\system32\a9cdownzo5der135.exe
c:\windows\system32\adzdownl9ader525.bin
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\ba0zhie91552.exe
c:\windows\system32\ba2b9ckdoo52z28.exe
c:\windows\system32\bb6downlza5er13689.cpl
c:\windows\system32\bccd9wn5oader216z.dll
c:\windows\system32\c01ba5kdoo9z640.cpl
c:\windows\system32\c0ct9iez559.cpl
c:\windows\system32\c1z5parse9489.bin
c:\windows\system32\drivers\remove_spyware_button.gif
c:\windows\system32\dumphive.exe
c:\windows\system32\e4z5hief2019.bin
c:\windows\system32\e5cb9ckdooz2315.exe
c:\windows\system32\f2az5ea9453.cpl
c:\windows\system32\f5tzr5at7059.dll
c:\windows\system32\f9zvir12465.ocx
c:\windows\system32\fa5downloade9z361.ocx
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\system32\z0029worm658.exe
c:\windows\system32\z0603hack5oo9193.bin
c:\windows\system32\z07a9t5al1906.ocx
c:\windows\system32\z269stea52837.bin
c:\windows\system32\z2a5backdoor1913.ocx
c:\windows\system32\z34vi51997.exe
c:\windows\system32\z3567virus269.ocx
c:\windows\system32\z3735s9y255.ocx
c:\windows\system32\z47195ot-a-virus2e7.exe
c:\windows\system32\z4739hack9ool3215.ocx
c:\windows\system32\z4954troj367.dll
c:\windows\system32\z5183spambo5597.dll
c:\windows\system32\z539s5y528.cpl
c:\windows\system32\z5489ddware2860.bin
c:\windows\system32\z559hief5.exe
c:\windows\system32\z585troj29b.cpl
c:\windows\system32\z5954spy265.ocx
c:\windows\system32\z5995spambot98f.dll
c:\windows\system32\z5es9arse1574.dll
c:\windows\system32\z6221tr5j941.dll
c:\windows\system32\z652threat18399.cpl
c:\windows\system32\z705spy9b6.cpl
c:\windows\system32\z757spy779.ocx
c:\windows\system32\z804vir9195.exe
c:\windows\system32\z84wo5m19f.dll
c:\windows\system32\z862w5rm291.ocx
c:\windows\system32\z8685v9rus178.bin
c:\windows\system32\z876hacktool4599.exe
c:\windows\system32\z87ds95rse2124.dll
c:\windows\system32\z9265virus79e.dll
c:\windows\system32\z9628hacktool51d9.bin
c:\windows\system32\z993threat75065.ocx
c:\windows\system32\z9d0thi5f2006.dll
c:\windows\system32\z9e4st5al3997.ocx
c:\windows\system32\za185teal15249.ocx
c:\windows\system32\zd25hreat40269.exe
c:\windows\system32\ze9bvi92335.ocx
c:\windows\system32\zf94vir1530.bin
c:\windows\z041159ambot1a1.dll
c:\windows\z075tro9191.ocx
c:\windows\z08caddware1951.dll
c:\windows\z1414s5a9bot27f.exe
c:\windows\z1995hacktool19.exe
c:\windows\z1f4backd9or2549.ocx
c:\windows\z20905py519.bin
c:\windows\z2725sp5499.exe
c:\windows\z29965orm3a3.dll
c:\windows\z299steal27595.ocx
c:\windows\z32eaddwar527159.dll
c:\windows\z3519spy2c5.exe
c:\windows\z35959y691.dll
c:\windows\z3619worm1935.exe
c:\windows\z3b6b5ckdoor25929.cpl
c:\windows\z4176vi5us329.ocx
c:\windows\z4284tr5j1809.exe
c:\windows\z489th5ef30589.ocx
c:\windows\z5186s9y4bd.dll
c:\windows\z519thief5897.exe
c:\windows\z5289not-a-virus19e.bin
c:\windows\z5638tr9j2a5.exe
c:\windows\z579virus6ab.bin
c:\windows\z59749py194.bin
c:\windows\z59spy5e9.dll
c:\windows\z5ffth9eat13315.ocx
c:\windows\z65729py703.cpl
c:\windows\z68daddw5re9541.dll
c:\windows\z6be9ddware5179.dll
c:\windows\z72dba9kdoor5202.exe
c:\windows\z7493spy651.exe
c:\windows\z7495worm759.cpl
c:\windows\z7559spamb9tf0.dll
c:\windows\z7668n9t-a-viru569e.dll
c:\windows\z785thief995.dll
c:\windows\z7935hacktool2ec.bin
c:\windows\z855vir15879.ocx
c:\windows\z877not9a-vir5s543.exe
c:\windows\z91sp5rse323.dll
c:\windows\z958troj5f4.cpl
c:\windows\z9635spy579.dll
c:\windows\z97459acktool79b.bin
c:\windows\z990not-a-v5rus921.cpl
c:\windows\z9983worm65.dll
c:\windows\za56sparse9052.dll
c:\windows\za59addwar520949.dll
c:\windows\zbspars52972.exe
c:\windows\zc39threat28455.ocx
c:\windows\zd55threat16956.bin
c:\windows\zd95s9yware675.bin
c:\windows\zda9spars52609.dll
c:\windows\ze11b9ckdoor55.exe
c:\windows\zf6d59eal3259.dll
c:\windows\zfd9sp95se276.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ICF


((((((((((((((((((((((((( Files Created from 2009-05-09 to 2009-06-09 )))))))))))))))))))))))))))))))
.

2009-06-09 06:23 . 2009-06-09 06:21 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-09 06:18 . 2009-06-09 06:18 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-08 17:22 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-06-08 17:22 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-06-08 17:22 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-06-08 17:22 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-06-08 17:22 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-06-08 17:22 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-06-08 17:22 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-06-08 17:22 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-06-08 17:22 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-06-07 23:53 . 2009-06-07 23:58 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-07 23:52 . 2009-06-07 23:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-06-07 23:51 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-07 23:51 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-07 23:51 . 2009-06-07 23:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-07 23:51 . 2009-06-08 02:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-29 02:43 . 2009-05-29 02:43 9482 ----a-w- c:\windows\22095szy5.bin
2009-05-29 02:36 . 2009-05-29 02:36 8980 ----a-w- c:\windows\system32\294z2spy5.bin
2009-05-25 01:55 . 2009-05-25 01:55 -------- d-----w- c:\windows\system32\AppData
2009-05-25 01:54 . 2004-12-07 14:11 258352 ----a-w- c:\windows\system32\unicows.dll
2009-05-25 01:54 . 2002-03-01 21:58 50688 ----a-w- c:\windows\system32\wbhelp2.dll
2009-05-25 01:54 . 2002-03-01 21:58 28160 ----a-w- c:\windows\system32\anim.dll
2009-05-25 01:54 . 1999-11-22 19:50 4608 ----a-w- c:\windows\system32\W95INF32.DLL
2009-05-25 01:54 . 1999-11-22 19:50 2272 ----a-w- c:\windows\system32\W95INF16.DLL
2009-05-25 01:54 . 2009-05-25 03:02 -------- d-----w- c:\program files\Advanced Windows Optimizer
2009-05-25 01:49 . 2009-05-25 01:49 -------- d-----w- c:\program files\MSXML 6.0
2009-05-23 21:35 . 2002-05-07 18:34 716800 ------w- c:\windows\NuNInst.exe
2009-05-23 21:35 . 2002-05-10 05:26 333184 ------w- c:\windows\system32\drivers\bsudf.sys
2009-05-23 21:35 . 2002-05-01 16:05 9088 ------w- c:\windows\system32\drivers\bsstor.sys
2009-05-20 23:13 . 2009-05-20 23:13 45056 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{DB457427-E7B9-4252-9217-0DC5FADE980F}\MapleStory.exe1_83D03B8C8487464D9F1CC2E365A2A7F6.exe
2009-05-20 23:13 . 2009-05-20 23:13 45056 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{DB457427-E7B9-4252-9217-0DC5FADE980F}\MapleStory.exe_83D03B8C8487464D9F1CC2E365A2A7F6.exe
2009-05-20 23:13 . 2009-05-20 23:13 10134 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{DB457427-E7B9-4252-9217-0DC5FADE980F}\ARPPRODUCTICON.exe
2009-05-20 02:34 . 2009-05-20 02:34 -------- d--h--w- c:\windows\PIF
2009-05-17 07:06 . 2009-05-17 07:06 53586 ----a-w- c:\documents and settings\Administrator\Application Data\yoclient\native\OpenAL32.dll
2009-05-17 07:06 . 2009-05-17 07:06 153600 ----a-w- c:\documents and settings\Administrator\Application Data\yoclient\native\lwjgl.dll
2009-05-17 07:02 . 2009-05-17 07:02 -------- d-----w- c:\program files\Three Rings Design

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-09 14:56 . 2009-02-05 01:36 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-06-09 06:21 . 2004-07-27 17:30 -------- d-----w- c:\program files\Java
2009-05-30 17:02 . 2005-03-05 02:59 -------- d-----w- c:\program files\Common Files\Motive
2009-05-27 11:14 . 2007-11-16 22:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3
2009-05-23 21:35 . 2004-08-05 19:51 -------- d-----w- c:\program files\ahead
2009-05-20 22:58 . 2009-02-27 22:22 -------- d-----w- c:\program files\Perfect World Entertainment
2009-05-20 02:47 . 2009-03-28 05:14 -------- d-----w- c:\program files\7-Zip
2009-05-20 02:42 . 2009-05-09 16:50 -------- d-----w- c:\program files\Quest4Bush
2009-05-20 02:41 . 2008-10-18 02:57 -------- d-----w- c:\program files\Pando Networks
2009-05-20 02:40 . 2006-12-09 21:09 -------- d-----w- c:\program files\DivX
2009-05-17 07:06 . 2007-09-25 19:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\yoclient
2009-05-15 05:59 . 2004-09-17 23:34 32360 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-30 07:32 . 2007-11-04 02:55 -------- d-----w- c:\program files\MSECache
2009-04-19 15:11 . 2009-02-05 03:59 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-04-10 04:12 . 2009-04-10 04:12 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 20:32 . 2005-03-07 15:52 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2008-12-02 04:20 . 2008-12-02 03:39 56 --sh--r- c:\windows\system32\AC55B83E0B.sys
2008-12-03 05:59 . 2008-12-02 03:39 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-26 90112]
"Samsung Common SM"="c:\windows\Samsung\ComSMMgr\ssmmgr.exe" [2005-07-03 372736]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2002-10-23 86016]
"IPInSightMonitor 02"="c:\program files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" [2003-06-11 122880]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-09 148888]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-11-07 19968]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Hawking HWU54G Utility.lnk]
backup=c:\windows\pss\Hawking HWU54G Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SmartUI.lnk]
backup=c:\windows\pss\SmartUI.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDefender Antiphishing Helper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopUpInspector

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"XCOMM"=2 (0x2)
"VSSERV"=2 (0x2)
"scan"=3 (0x3)
"LIVESRV"=2 (0x2)
"CAISafe"=2 (0x2)
"VETMSGNT"=2 (0x2)
"iPodService"=3 (0x3)
"Brother XP spl Service"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"IndexSearch"=c:\program files\Scansoft\PaperPort\IndexSearch.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"PaperPort PTD"=c:\program files\Scansoft\PaperPort\pptd40nt.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_12\bin\jusched.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"= c:\\Program Files\\Yahoo!\\Messenger\\YPAGER.EXE
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= c:\\Program Files\\Yahoo!\\Messenger\\yserver.exe
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\Smith Micro Shared\\Directory\\SMIPTray.exe"=
"c:\\Program Files\\SBC Self Support Tool\\SmartBridge\\MotiveSB.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\CA\\eTrust EZ Armor\\eTrust EZ Antivirus\\VetMsg.exe"=
"c:\\Program Files\\CA\\eTrust EZ Armor\\eTrust EZ Antivirus\\iSafe.exe"=
"c:\\Program Files\\CA\\eTrust EZ Armor\\eTrust EZ Antivirus\\iSafInst.exe"=
"c:\\Program Files\\CA\\eTrust EZ Armor\\eTrust EZ Antivirus\\autodown.exe"=
"c:\\Program Files\\CA\\eTrust EZ Armor\\eTrust EZ Antivirus\\cafix.exe"=
"c:\\Program Files\\CA\\eTrust EZ Armor\\eTrust EZ Antivirus\\CAVTray.exe"=
"c:\\Python24\\pythonw.exe"=
"c:\\Program Files\\Yahoo!\\browser\\ybrowser.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\system32\\svchost.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Nexon\\MapleStory\\MapleStory.exe"=
"c:\\Program Files\\LittleFighter2\\LF2_v2.0\\lf2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57425:TCP"= 57425:TCP:Pando Media Booster
"57425:UDP"= 57425:UDP:Pando Media Booster

R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [5/23/2009 5:35 PM 9088]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6/8/2009 1:22 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/8/2009 1:22 PM 20560]
R2 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [5/23/2009 5:35 PM 333184]
S0 ndisrd;ndisrd; [x]
S2 DV2020WDM;DV2020WDM Video Camera;c:\windows\system32\drivers\DV2020.sys [11/27/2005 5:47 PM 24419]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2/12/2005 5:53 PM 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\brserwdm.sys [2/12/2005 5:52 PM 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2/12/2005 5:53 PM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2/12/2005 5:52 PM 10368]
S3 DCamUSBNW802;D-Link USB Digital Video Camera;c:\windows\system32\drivers\pcam.sys [9/25/2001 9:25 AM 161080]
S3 dump_wmimmc;dump_wmimmc;\??\c:\nexon\Mabinogi\GameGuard\dump_wmimmc.sys --> c:\nexon\Mabinogi\GameGuard\dump_wmimmc.sys [?]
S3 WLAN(WLAN);802.11b+g USB Wireless LAN Adapter Driver(WLAN);c:\windows\system32\drivers\ZD1211U.sys [2/24/2005 4:41 PM 273408]
S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver;c:\windows\system32\ZDBRGSYS.sys [8/7/2005 4:54 PM 19200]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 8:13 PM 24652]

--- Other Services/Drivers In Memory ---

*Deregistered* - IPVNMon
.
Contents of the 'Scheduled Tasks' folder

2009-05-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-06-09 c:\windows\Tasks\HP Usg Daily FY04.job
- c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped06.exe [2004-06-07 04:53]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
HKLM-Run-PopUpInspector.exe - (no file)
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: Stop popups from this web page
Trusted Zone: aol.com\*.aimexpress
Trusted Zone: aol.com\aimexpress
Trusted Zone: yahoo.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la7y8t2c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-09 11:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-746137067-1202660629-839522115-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}\iexplore]
@DACL=(02 0000)
"Type"=dword:00000003
"Count"=dword:00000010
"Time"=hex:d7,07,0c,00,05,00,0e,00,02,00,24,00,0f,00,51,02
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-06-09 11:23 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-09 15:23

Pre-Run: 3,975,913,472 bytes free
Post-Run: 3,988,082,688 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

Current=4 Default=4 Failed=3 LastKnownGood=1 Sets=1,2,3,4
1676 --- E O F --- 2009-02-07 03:21

#12 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:10:07 PM

Posted 09 June 2009 - 10:37 AM

Hi,

Almost done...

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::
c:\windows\22095szy5.bin
c:\windows\system32\294z2spy5.bin
REGLOCKDEL::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f10587e9-0e47-4cbe-84ae-7dd20b8684bb}]
[HKEY_USERS\S-1-5-21-746137067-1202660629-839522115-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}\iexplore]
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\svchost.exe"=-


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Edited by miekiemoes, 09 June 2009 - 10:37 AM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 PandaMeatExpress

PandaMeatExpress
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 09 June 2009 - 10:55 AM

Ran the script like you said with ComboFix, here's the log:

-------------------------------------------------------------------------

ComboFix 09-06-08.05 - Administrator 06/09/2009 11:44.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.124 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090608-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\22095szy5.bin"
"c:\windows\system32\294z2spy5.bin"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\22095szy5.bin
c:\windows\system32\294z2spy5.bin

.
((((((((((((((((((((((((( Files Created from 2009-05-09 to 2009-06-09 )))))))))))))))))))))))))))))))
.

2009-06-09 06:23 . 2009-06-09 06:21 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-09 06:18 . 2009-06-09 06:18 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-08 17:22 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-06-08 17:22 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-06-08 17:22 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-06-08 17:22 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-06-08 17:22 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-06-08 17:22 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-06-08 17:22 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-06-08 17:22 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-06-08 17:22 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-06-07 23:53 . 2009-06-07 23:58 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-07 23:52 . 2009-06-07 23:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-06-07 23:51 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-07 23:51 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-07 23:51 . 2009-06-07 23:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-07 23:51 . 2009-06-08 02:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-25 01:55 . 2009-05-25 01:55 -------- d-----w- c:\windows\system32\AppData
2009-05-25 01:54 . 2004-12-07 14:11 258352 ----a-w- c:\windows\system32\unicows.dll
2009-05-25 01:54 . 2002-03-01 21:58 50688 ----a-w- c:\windows\system32\wbhelp2.dll
2009-05-25 01:54 . 2002-03-01 21:58 28160 ----a-w- c:\windows\system32\anim.dll
2009-05-25 01:54 . 1999-11-22 19:50 4608 ----a-w- c:\windows\system32\W95INF32.DLL
2009-05-25 01:54 . 1999-11-22 19:50 2272 ----a-w- c:\windows\system32\W95INF16.DLL
2009-05-25 01:54 . 2009-05-25 03:02 -------- d-----w- c:\program files\Advanced Windows Optimizer
2009-05-25 01:49 . 2009-05-25 01:49 -------- d-----w- c:\program files\MSXML 6.0
2009-05-23 21:35 . 2002-05-07 18:34 716800 ------w- c:\windows\NuNInst.exe
2009-05-23 21:35 . 2002-05-10 05:26 333184 ------w- c:\windows\system32\drivers\bsudf.sys
2009-05-23 21:35 . 2002-05-01 16:05 9088 ------w- c:\windows\system32\drivers\bsstor.sys
2009-05-20 23:13 . 2009-05-20 23:13 45056 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{DB457427-E7B9-4252-9217-0DC5FADE980F}\MapleStory.exe1_83D03B8C8487464D9F1CC2E365A2A7F6.exe
2009-05-20 23:13 . 2009-05-20 23:13 45056 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{DB457427-E7B9-4252-9217-0DC5FADE980F}\MapleStory.exe_83D03B8C8487464D9F1CC2E365A2A7F6.exe
2009-05-20 23:13 . 2009-05-20 23:13 10134 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{DB457427-E7B9-4252-9217-0DC5FADE980F}\ARPPRODUCTICON.exe
2009-05-20 02:34 . 2009-05-20 02:34 -------- d--h--w- c:\windows\PIF
2009-05-17 07:06 . 2009-05-17 07:06 53586 ----a-w- c:\documents and settings\Administrator\Application Data\yoclient\native\OpenAL32.dll
2009-05-17 07:06 . 2009-05-17 07:06 153600 ----a-w- c:\documents and settings\Administrator\Application Data\yoclient\native\lwjgl.dll
2009-05-17 07:02 . 2009-05-17 07:02 -------- d-----w- c:\program files\Three Rings Design

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-09 14:56 . 2009-02-05 01:36 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-06-09 06:21 . 2004-07-27 17:30 -------- d-----w- c:\program files\Java
2009-05-30 17:02 . 2005-03-05 02:59 -------- d-----w- c:\program files\Common Files\Motive
2009-05-27 11:14 . 2007-11-16 22:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3
2009-05-23 21:35 . 2004-08-05 19:51 -------- d-----w- c:\program files\ahead
2009-05-20 22:58 . 2009-02-27 22:22 -------- d-----w- c:\program files\Perfect World Entertainment
2009-05-20 02:47 . 2009-03-28 05:14 -------- d-----w- c:\program files\7-Zip
2009-05-20 02:42 . 2009-05-09 16:50 -------- d-----w- c:\program files\Quest4Bush
2009-05-20 02:41 . 2008-10-18 02:57 -------- d-----w- c:\program files\Pando Networks
2009-05-20 02:40 . 2006-12-09 21:09 -------- d-----w- c:\program files\DivX
2009-05-17 07:06 . 2007-09-25 19:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\yoclient
2009-05-15 05:59 . 2004-09-17 23:34 32360 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-30 07:32 . 2007-11-04 02:55 -------- d-----w- c:\program files\MSECache
2009-04-19 15:11 . 2009-02-05 03:59 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-04-10 04:12 . 2009-04-10 04:12 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 20:32 . 2005-03-07 15:52 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2008-12-02 04:20 . 2008-12-02 03:39 56 --sh--r- c:\windows\system32\AC55B83E0B.sys
2008-12-03 05:59 . 2008-12-02 03:39 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-26 90112]
"Samsung Common SM"="c:\windows\Samsung\ComSMMgr\ssmmgr.exe" [2005-07-03 372736]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2002-10-23 86016]
"IPInSightMonitor 02"="c:\program files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" [2003-06-11 122880]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-09 148888]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-11-07 19968]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Hawking HWU54G Utility.lnk]
backup=c:\windows\pss\Hawking HWU54G Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SmartUI.lnk]
backup=c:\windows\pss\SmartUI.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"XCOMM"=2 (0x2)
"VSSERV"=2 (0x2)
"scan"=3 (0x3)
"LIVESRV"=2 (0x2)
"CAISafe"=2 (0x2)
"VETMSGNT"=2 (0x2)
"iPodService"=3 (0x3)
"Brother XP spl Service"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"IndexSearch"=c:\program files\Scansoft\PaperPort\IndexSearch.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"PaperPort PTD"=c:\program files\Scansoft\PaperPort\pptd40nt.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_12\bin\jusched.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"= c:\\Program Files\\Yahoo!\\Messenger\\YPAGER.EXE
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= c:\\Program Files\\Yahoo!\\Messenger\\yserver.exe
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\Smith Micro Shared\\Directory\\SMIPTray.exe"=
"c:\\Program Files\\SBC Self Support Tool\\SmartBridge\\MotiveSB.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\CA\\eTrust EZ Armor\\eTrust EZ Antivirus\\VetMsg.exe"=
"c:\\Program Files\\CA\\eTrust EZ Armor\\eTrust EZ Antivirus\\iSafe.exe"=
"c:\\Program Files\\CA\\eTrust EZ Armor\\eTrust EZ Antivirus\\iSafInst.exe"=
"c:\\Program Files\\CA\\eTrust EZ Armor\\eTrust EZ Antivirus\\autodown.exe"=
"c:\\Program Files\\CA\\eTrust EZ Armor\\eTrust EZ Antivirus\\cafix.exe"=
"c:\\Program Files\\CA\\eTrust EZ Armor\\eTrust EZ Antivirus\\CAVTray.exe"=
"c:\\Python24\\pythonw.exe"=
"c:\\Program Files\\Yahoo!\\browser\\ybrowser.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Nexon\\MapleStory\\MapleStory.exe"=
"c:\\Program Files\\LittleFighter2\\LF2_v2.0\\lf2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57425:TCP"= 57425:TCP:Pando Media Booster
"57425:UDP"= 57425:UDP:Pando Media Booster

R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [5/23/2009 5:35 PM 9088]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6/8/2009 1:22 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/8/2009 1:22 PM 20560]
R2 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [5/23/2009 5:35 PM 333184]
S0 ndisrd;ndisrd; [x]
S2 DV2020WDM;DV2020WDM Video Camera;c:\windows\system32\drivers\DV2020.sys [11/27/2005 5:47 PM 24419]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2/12/2005 5:53 PM 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\brserwdm.sys [2/12/2005 5:52 PM 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2/12/2005 5:53 PM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2/12/2005 5:52 PM 10368]
S3 DCamUSBNW802;D-Link USB Digital Video Camera;c:\windows\system32\drivers\pcam.sys [9/25/2001 9:25 AM 161080]
S3 dump_wmimmc;dump_wmimmc;\??\c:\nexon\Mabinogi\GameGuard\dump_wmimmc.sys --> c:\nexon\Mabinogi\GameGuard\dump_wmimmc.sys [?]
S3 WLAN(WLAN);802.11b+g USB Wireless LAN Adapter Driver(WLAN);c:\windows\system32\drivers\ZD1211U.sys [2/24/2005 4:41 PM 273408]
S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver;c:\windows\system32\ZDBRGSYS.sys [8/7/2005 4:54 PM 19200]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 8:13 PM 24652]

--- Other Services/Drivers In Memory ---

*Deregistered* - IPVNMon
.
Contents of the 'Scheduled Tasks' folder

2009-05-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-06-09 c:\windows\Tasks\HP Usg Daily FY04.job
- c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped06.exe [2004-06-07 04:53]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: Stop popups from this web page
Trusted Zone: aol.com\*.aimexpress
Trusted Zone: aol.com\aimexpress
Trusted Zone: yahoo.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\la7y8t2c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-09 11:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-06-09 11:55
ComboFix-quarantined-files.txt 2009-06-09 15:55
ComboFix2.txt 2009-06-09 15:23

Pre-Run: 3,994,726,400 bytes free
Post-Run: 3,998,834,688 bytes free

Current=4 Default=4 Failed=3 LastKnownGood=1 Sets=1,2,3,4
203 --- E O F --- 2009-02-07 03:21

------------------------------------------------------

Did that do it? >.>'

#14 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:10:07 PM

Posted 09 June 2009 - 11:01 AM

Hi,

Just a few more things... :thumbup2:

I see you have Viewpoint installed...
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.
  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player
Then, * Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Let me know in your next reply how things are now.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 PandaMeatExpress

PandaMeatExpress
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 09 June 2009 - 11:06 AM

Well, everything has been back to normal except for the one registry value, so I'll have to run MBAM again to see if it still picks up an infected registry value...
I'll get back to you once that's done. Thanks for the help. :thumbup2:

Oh, I've looked through regedit and it appears that the registry value is gone. :) Going to run MBAM anyway but this time nothing should pop up.

Edited by PandaMeatExpress, 09 June 2009 - 11:10 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users