Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Warning! your're in danger!" on my desktop


  • This topic is locked This topic is locked
13 replies to this topic

#1 idiomtangent

idiomtangent

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 31 July 2009 - 10:47 PM

Hello. For about a month or so I have been posting in the thread can i make an avast auto run disk
about getting some really nasty maleware... this has led me up to this point. my computer is virtually useless to me and has been for going on two months...and my roommate wants his laptop back.

when this first happened i couldn't open ANY exe file. my computer would shut itself off literally every 5mins. my desktop wallpaper looks like this Posted Image


that might tip someone off as to what happened... as you can see who ever designed this program either can't speak english well... or is a kid. frustrating.

with help from the amazing people on this board i was able to run malwarebytes and get it to a point where i can at least keep my computer on to work on it. there is where i am at now.

here is my DDS Attach log


thank you so much to anyone who takes the time to read this

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:25 AM

Posted 10 August 2009 - 12:01 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 idiomtangent

idiomtangent
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 11 August 2009 - 08:46 AM

Hello. My DDS log is attached to my original post as I was instructed. Thank you for taking the time to look at my post.

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 12 August 2009 - 03:25 AM

Hello, my name is fenzodahl512 and welcome to the forum.. Please do the following....


Please download The Comedian.exe by Rorschach112 to your desktop
  • Please disable all of your antivirus/firewall before doing this step. Please visit HERE if you don't know how..
  • Double click the program to run it. It will only take around several minutes to run.
  • It will do a series of tasks and tell you when each one is finished.
  • You will be prompted to press any key after each step
  • When it is done it will close and exit itself automatically.
  • You can delete The_Comedian.exe once it is finished
STOP! if you can't complete this step.. Tell me more about it..



NEXT


Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.



NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.


NEXT


Please download GMER and unzip it to your Desktop. <<mirror>>
Please rename the random filename or GMER into GAMERS
  • Open the renamed program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.
IMPORTANT: Do NOT run any program while you are doing these scans as it may interfere with the output results



Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GAMERS result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 idiomtangent

idiomtangent
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 18 August 2009 - 09:17 PM

ok here we go...

Malwarebytes' Anti-Malware 1.40
Database version: 2651
Windows 5.1.2600 Service Pack 2

8/18/2009 9:51:03 PM
mbam-log-2009-08-18 (21-51-03).txt

Scan type: Full Scan (C:\|)
Objects scanned: 314679
Time elapsed: 54 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\DigiFast (Adware.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

----------------------------------

Logfile of random's system information tool 1.06 (written by random/random)
Run by ry at 2009-08-18 21:52:10
Microsoft Windows XP Professional Service Pack 2
System drive C: has 15 GB (20%) free of 76 GB
Total RAM: 1014 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:52:20 PM, on 8/18/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AOL\1241981519\ee\AOLSoftware.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\ry\Desktop\RSIT.exe
C:\Program Files\trend micro\ry.exe

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1241981519\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [CTSVolFE] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - AppInit_DLLs: blocker.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 4808 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06 322880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-10 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HostManager"=C:\Program Files\Common Files\AOL\1241981519\ee\AOLSoftware.exe [2008-06-24 41824]
"CTSVolFE"=C:\Program Files\Creative\Mixer\CTSVolFE.exe [2005-02-23 57344]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-10 148888]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-08-03 419088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"=C:\Program Files\AOL 9.1\AOL.EXE [2008-11-06 50472]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="blocker.dll"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\aol\acs\AOLDial.exe"="C:\Program Files\Common Files\aol\acs\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer"
"C:\Program Files\Common Files\aol\acs\AOLacsd.exe"="C:\Program Files\Common Files\aol\acs\AOLacsd.exe:*:Enabled:AOL Connectivity Service"
"C:\Program Files\Common Files\aol\1241981519\ee\aolsoftware.exe"="C:\Program Files\Common Files\aol\1241981519\ee\aolsoftware.exe:*:Enabled:AOL Shared Components"
"C:\Program Files\AOL 9.1\waol.exe"="C:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\aol\Loader\aolload.exe"="C:\Program Files\Common Files\aol\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\aol\System Information\sinf.exe"="C:\Program Files\Common Files\aol\System Information\sinf.exe:*:Enabled:AOL System Information"
"C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe"="C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-5-4-91-100028851-100019053-100023613-2089.com f:\
shell\Open\command - F:\RECYCLER\S-5-4-91-100028851-100019053-100023613-2089.com f:\

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-5-4-91-100028851-100019053-100023613-2089.com h:\
shell\Open\command - H:\RECYCLER\S-5-4-91-100028851-100019053-100023613-2089.com h:\

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d95f7106-46ee-11dc-8d87-00167662fdf0}]
shell\AutoRun\command - H:\LaunchU3.exe -a


======List of files/folders created in the last 3 months======

2009-12-26 00:22:26 ----A---- C:\WINDOWS\z9582hack9ool559.exe
2009-12-20 10:27:35 ----A---- C:\WINDOWS\15739not-a-vir9s6z2.exe
2009-12-14 07:47:18 ----A---- C:\WINDOWS\19516wo9m25z.exe
2009-12-13 09:52:10 ----A---- C:\WINDOWS\system32\19807hack5zol356.dll
2009-12-09 04:58:07 ----A---- C:\WINDOWS\system32\2978back5oor597z.exe
2009-12-08 15:34:32 ----A---- C:\WINDOWS\93f5spzware2378.exe
2009-12-07 05:56:08 ----A---- C:\WINDOWS\system32\z518595ambot380.exe
2009-12-06 09:39:27 ----A---- C:\WINDOWS\system32\2de5sp9z5re826.dll
2009-12-04 12:39:52 ----A---- C:\WINDOWS\system32\156189azktool3d4.exe
2009-12-04 00:26:27 ----A---- C:\WINDOWS\system32\3693sparsez4145.dll
2009-12-03 02:38:33 ----A---- C:\WINDOWS\system32\180495orm4z19.exe
2009-12-01 10:16:42 ----A---- C:\WINDOWS\system32\295cthzeat25506.dll
2009-12-01 00:13:57 ----A---- C:\WINDOWS\system32\14545s9amzot4d6.exe
2009-11-25 07:22:33 ----A---- C:\WINDOWS\1055z9orm7305.exe
2009-11-23 04:59:32 ----A---- C:\WINDOWS\5519add5aze15579.dll
2009-11-22 03:40:20 ----A---- C:\WINDOWS\system32\17494spyzd5.exe
2009-11-17 16:57:13 ----A---- C:\WINDOWS\535avz9234.exe
2009-11-12 20:10:19 ----A---- C:\WINDOWS\30811w9rz35d.exe
2009-11-10 08:34:36 ----A---- C:\WINDOWS\z599sparse434.dll
2009-11-05 20:01:03 ----A---- C:\WINDOWS\system32\z6995pambot63f.dll
2009-11-05 04:30:21 ----A---- C:\WINDOWS\system32\7563sp9rse18z1.exe
2009-10-26 21:11:05 ----A---- C:\WINDOWS\system32\2d4fdownzoad5r793.dll
2009-10-26 11:06:26 ----A---- C:\WINDOWS\system32\28f3ste954z4.dll
2009-10-24 08:13:52 ----A---- C:\WINDOWS\system32\6eezth5e91528.exe
2009-10-24 07:17:21 ----A---- C:\WINDOWS\system32\25555wo9meaz.dll
2009-10-23 00:18:42 ----A---- C:\WINDOWS\system32\25zfthreat14998.dll
2009-10-21 01:39:07 ----A---- C:\WINDOWS\32685s5amboz290.exe
2009-10-17 05:34:54 ----A---- C:\WINDOWS\74b2tzre5t74979.dll
2009-10-14 22:59:25 ----A---- C:\WINDOWS\414dbzc9d5or1881.dll
2009-10-13 12:51:20 ----A---- C:\WINDOWS\336dsza5se2719.dll
2009-10-12 02:16:55 ----A---- C:\WINDOWS\23351spazbo9595.dll
2009-10-10 16:37:13 ----A---- C:\WINDOWS\system32\32003nzt-a9vi5us6eb.dll
2009-10-10 08:40:40 ----A---- C:\WINDOWS\system32\59adstezl5522.exe
2009-10-08 20:36:52 ----A---- C:\WINDOWS\10693spamzot556.dll
2009-10-08 04:59:41 ----A---- C:\WINDOWS\280z95roj5bf.dll
2009-10-05 15:59:20 ----A---- C:\WINDOWS\21546not-a-vzrus595.exe
2009-10-03 20:36:24 ----A---- C:\WINDOWS\system32\16549worz42c.dll
2009-10-03 07:10:32 ----A---- C:\WINDOWS\526959iez1750.exe
2009-10-02 06:10:58 ----A---- C:\WINDOWS\1932hacktzol2c5.exe
2009-09-22 13:16:02 ----A---- C:\WINDOWS\system32\6247th9ef5z25.dll
2009-09-20 18:26:22 ----A---- C:\WINDOWS\system32\24959tr9j8z.exe
2009-09-19 14:40:24 ----A---- C:\WINDOWS\system32\967bsp5zse207.exe
2009-09-17 20:37:23 ----A---- C:\WINDOWS\19824hackto953zc.dll
2009-09-10 15:01:15 ----A---- C:\WINDOWS\system32\6859b5ckdzor1594.exe
2009-09-09 14:48:28 ----A---- C:\WINDOWS\system32\4255zir1559.dll
2009-09-04 03:04:34 ----A---- C:\WINDOWS\14256w9rm20az.exe
2009-08-19 08:28:32 ----A---- C:\WINDOWS\5399threatz5521.exe
2009-08-18 21:52:11 ----D---- C:\Program Files\trend micro
2009-08-18 21:52:10 ----D---- C:\rsit
2009-08-18 20:48:53 ----D---- C:\Program Files\ERUNT
2009-08-18 20:46:58 ----D---- C:\WINDOWS\LastGood
2009-08-15 06:43:13 ----A---- C:\WINDOWS\system32\4631bzckdoor5900.exe
2009-08-09 18:36:18 ----A---- C:\WINDOWS\29099sp5411z.exe
2009-08-06 06:40:25 ----A---- C:\WINDOWS\6823spa5s92z61.exe
2009-08-02 20:58:15 ----A---- C:\WINDOWS\system32\z09085py3f5.dll
2009-08-02 13:22:14 ----A---- C:\WINDOWS\522zaddware29769.exe
2009-08-01 01:19:18 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$
2009-08-01 01:19:12 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-08-01 01:19:07 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-08-01 01:19:01 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-08-01 01:18:55 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-08-01 01:18:53 ----A---- C:\WINDOWS\system32\MRT.INI
2009-08-01 01:17:49 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-08-01 01:17:42 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-25 19:38:24 ----A---- C:\WINDOWS\z1291not-a-viru55c0.dll
2009-07-24 20:08:46 ----A---- C:\WINDOWS\system32\6b61thr5zt39263.exe
2009-07-14 07:28:32 ----A---- C:\WINDOWS\system32\2z9105py66e.dll
2009-07-11 05:45:52 ----A---- C:\WINDOWS\13c7t9re5tz2370.dll
2009-07-09 09:50:41 ----A---- C:\WINDOWS\system32\48c8stezl39595.exe
2009-07-03 18:48:43 ----A---- C:\WINDOWS\115395iruz7f2.dll
2009-07-03 17:23:49 ----A---- C:\WINDOWS\system32\1e55v9r3538z.exe
2009-07-03 09:33:03 ----A---- C:\WINDOWS\system32\1561zpamb5t19d.dll
2009-07-01 20:51:27 ----A---- C:\WINDOWS\system32\59406zpy65d.dll
2009-06-21 18:39:51 ----A---- C:\WINDOWS\system32\26726vir5s5z09.dll
2009-06-17 09:41:01 ----A---- C:\WINDOWS\system32\zd9dvi9235.exe
2009-06-12 12:55:30 ----A---- C:\WINDOWS\system32\56d9wnloazer2056.dll
2009-06-12 05:55:34 ----A---- C:\WINDOWS\system32\67z9vir9s285.dll
2009-06-11 17:21:43 ----A---- C:\WINDOWS\19855zpambot247.dll
2009-06-05 14:30:54 ----A---- C:\WINDOWS\system32\15131h95ktool125z.exe
2009-06-04 09:36:43 ----A---- C:\WINDOWS\44165rzj2469.exe
2009-06-02 17:06:14 ----A---- C:\WINDOWS\18f0zh9e5t27325.dll
2009-06-01 23:47:06 ----A---- C:\WINDOWS\system32\z0069hacktoo5a.dll
2009-06-01 23:47:06 ----A---- C:\WINDOWS\system32\f9dz5reat7336.dll
2009-06-01 23:47:06 ----A---- C:\WINDOWS\system32\95z6thief2185.exe
2009-06-01 23:47:06 ----A---- C:\WINDOWS\system32\741cadd9a5e241z.exe
2009-06-01 23:47:06 ----A---- C:\WINDOWS\system32\59z1sp5rse1455.dll
2009-06-01 23:47:06 ----A---- C:\WINDOWS\system32\592fzir5493.dll
2009-06-01 23:47:06 ----A---- C:\WINDOWS\system32\58107trzj3c79.exe
2009-06-01 23:47:06 ----A---- C:\WINDOWS\system32\4806notza-vi59s412.dll
2009-06-01 23:47:06 ----A---- C:\WINDOWS\system32\43z9irus15e.exe
2009-06-01 23:47:06 ----A---- C:\WINDOWS\system32\3131zsp55bc9.dll
2009-06-01 23:47:06 ----A---- C:\WINDOWS\system32\2972backdoorz538.exe
2009-06-01 23:47:06 ----A---- C:\WINDOWS\system32\257d9hiefz7.exe
2009-06-01 23:47:06 ----A---- C:\WINDOWS\system32\1z54spars9855.exe
2009-06-01 23:47:06 ----A---- C:\WINDOWS\6517thiefz296.dll
2009-06-01 23:47:06 ----A---- C:\WINDOWS\59e8viz10535.dll
2009-06-01 23:47:06 ----A---- C:\WINDOWS\4fddst9zl5545.dll
2009-06-01 23:47:06 ----A---- C:\WINDOWS\4795viru5z799.exe
2009-06-01 23:47:06 ----A---- C:\WINDOWS\4528s9zmbot270.exe
2009-06-01 23:47:06 ----A---- C:\WINDOWS\3457downloaderz139.dll
2009-06-01 23:47:06 ----A---- C:\WINDOWS\31530zpa5bot9dd.exe
2009-06-01 23:47:06 ----A---- C:\WINDOWS\19959hackz9ol3e1.exe
2009-06-01 23:47:05 ----A---- C:\WINDOWS\z733spamb9t351.dll
2009-06-01 23:47:05 ----A---- C:\WINDOWS\system32\5c905teal1809z.exe
2009-06-01 23:47:05 ----A---- C:\WINDOWS\system32\5030s9a5se1142z.dll
2009-06-01 23:47:05 ----A---- C:\WINDOWS\system32\29973spamb9z53c.dll
2009-06-01 23:47:05 ----A---- C:\WINDOWS\system32\2856495y76z.dll
2009-06-01 23:47:05 ----A---- C:\WINDOWS\system32\17763hzcktool5059.exe
2009-06-01 23:47:05 ----A---- C:\WINDOWS\95655tzoj751.exe
2009-06-01 23:47:05 ----A---- C:\WINDOWS\94945tzoj2da5.dll
2009-06-01 23:47:05 ----A---- C:\WINDOWS\27597wo5m2z1.exe
2009-06-01 23:47:05 ----A---- C:\WINDOWS\16bcaddwar5960z.exe
2009-06-01 23:47:05 ----A---- C:\WINDOWS\15447spamzo56b29.exe
2009-06-01 23:47:04 ----A---- C:\WINDOWS\z1951troj592.exe
2009-06-01 23:47:04 ----A---- C:\WINDOWS\system32\7566not-a-vi9uszc.exe
2009-06-01 23:47:04 ----A---- C:\WINDOWS\system32\19z82spy59f.exe
2009-06-01 23:47:04 ----A---- C:\WINDOWS\system32\124z25orm99.dll
2009-06-01 23:47:04 ----A---- C:\WINDOWS\1625hac9zool751.dll
2009-06-01 23:47:03 ----A---- C:\WINDOWS\system32\9z598virus255.dll
2009-06-01 23:47:03 ----A---- C:\WINDOWS\system32\998trz5521.dll
2009-06-01 23:47:03 ----A---- C:\WINDOWS\system32\2cbbzpyw9re2539.exe
2009-06-01 23:47:03 ----A---- C:\WINDOWS\94z85irus68d.exe
2009-06-01 23:47:02 ----A---- C:\WINDOWS\system32\ze26th9e5t27412.dll
2009-06-01 23:47:02 ----A---- C:\WINDOWS\system32\32295h9cktool46z.exe
2009-06-01 23:47:02 ----A---- C:\WINDOWS\957zvir2416.exe
2009-06-01 23:47:02 ----A---- C:\WINDOWS\16895spz12b9.exe
2009-06-01 23:47:01 ----A---- C:\WINDOWS\system32\43e5thrzat32928.dll
2009-06-01 23:47:01 ----A---- C:\WINDOWS\5521zackd9or5281.dll
2009-06-01 23:47:01 ----A---- C:\WINDOWS\298z7virus54.exe
2009-06-01 23:44:12 ----D---- C:\Documents and Settings\ry\Application Data\Malwarebytes
2009-06-01 19:49:07 ----A---- C:\WINDOWS\system32\6fe9s5eal1592z.dll
2009-06-01 00:52:00 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-06-01 00:43:09 ----A---- C:\WINDOWS\ntbtlog.txt
2009-05-24 06:06:05 ----A---- C:\WINDOWS\25389zac5toolb4.dll
2009-05-22 20:51:50 ----D---- C:\Documents and Settings\ry\Application Data\Apple Computer
2009-05-20 23:54:13 ----A---- C:\WINDOWS\system32\rewire.dll
2009-05-20 23:36:42 ----D---- C:\Documents and Settings\ry\Application Data\Ahead
2009-05-20 07:53:35 ----A---- C:\WINDOWS\system32\3681zhreat22594.dll
2009-05-20 02:50:30 ----D---- C:\Program Files\Microsoft Works
2009-05-20 02:45:24 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2009-05-20 02:44:30 ----RHD---- C:\MSOCache
2009-05-19 22:01:48 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2009-05-19 22:01:29 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple

======List of files/folders modified in the last 3 months======

2009-08-18 21:52:11 ----D---- C:\Program Files
2009-08-18 21:16:30 ----D---- C:\WINDOWS\Prefetch
2009-08-18 21:04:58 ----A---- C:\WINDOWS\win.ini
2009-08-18 21:02:25 ----D---- C:\Program Files\Mozilla Firefox
2009-08-18 20:51:09 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-18 20:51:06 ----D---- C:\WINDOWS\system32\drivers
2009-08-18 20:49:41 ----HD---- C:\WINDOWS\inf
2009-08-18 20:49:19 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-18 20:49:19 ----D---- C:\WINDOWS
2009-08-18 20:46:57 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-18 20:45:14 ----D---- C:\WINDOWS\Temp
2009-08-06 22:14:01 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-04 15:03:32 ----D---- C:\WINDOWS\system32
2009-08-04 15:01:59 ----D---- C:\Temp
2009-08-04 15:01:58 ----A---- C:\WINDOWS\NeroDigital.ini
2009-08-03 22:15:11 ----D---- C:\WINDOWS\Minidump
2009-08-03 18:37:39 ----SD---- C:\Documents and Settings\ry\Application Data\Microsoft
2009-08-01 01:19:25 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-01 01:19:25 ----D---- C:\Program Files\Internet Explorer
2009-08-01 01:19:15 ----A---- C:\WINDOWS\imsins.BAK
2009-07-19 11:02:19 ----D---- C:\WINDOWS\system32\wbem
2009-07-19 11:02:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-18 20:23:33 ----SHD---- C:\RECYCLER
2009-07-18 12:20:31 ----A---- C:\WINDOWS\system32\shdocvw.dll
2009-07-18 12:20:31 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-07 08:10:58 ----A---- C:\WINDOWS\system32\MRT.exe
2009-06-26 12:18:54 ----A---- C:\WINDOWS\system32\wininet.dll
2009-06-26 12:18:54 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-06-26 12:18:54 ----A---- C:\WINDOWS\system32\shlwapi.dll
2009-06-26 12:18:54 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-06-26 12:18:54 ----A---- C:\WINDOWS\system32\mstime.dll
2009-06-26 12:18:53 ----A---- C:\WINDOWS\system32\msrating.dll
2009-06-26 12:18:53 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-06-26 12:18:52 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-06-26 12:18:52 ----A---- C:\WINDOWS\system32\inseng.dll
2009-06-26 12:18:52 ----A---- C:\WINDOWS\system32\iepeers.dll
2009-06-26 12:18:52 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-06-26 12:18:52 ----A---- C:\WINDOWS\system32\extmgr.dll
2009-06-26 12:18:52 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-06-26 12:18:52 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-06-26 12:18:52 ----A---- C:\WINDOWS\system32\danim.dll
2009-06-26 12:18:51 ----A---- C:\WINDOWS\system32\cdfview.dll
2009-06-26 12:18:51 ----A---- C:\WINDOWS\system32\browseui.dll
2009-06-22 07:26:06 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2009-06-18 03:57:21 ----HD---- C:\Config.Msi
2009-06-18 03:57:20 ----SHD---- C:\WINDOWS\Installer
2009-06-16 10:55:16 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-06-16 10:55:16 ----A---- C:\WINDOWS\system32\fontsub.dll
2009-06-03 15:27:58 ----A---- C:\WINDOWS\system32\quartz.dll
2009-06-01 23:30:04 ----D---- C:\Documents and Settings
2009-05-31 23:25:31 ----D---- C:\Documents and Settings\ry\Application Data\HPAppData
2009-05-31 23:08:24 ----D---- C:\Documents and Settings\ry\Application Data\Azureus
2009-05-28 15:46:06 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\DVD Shrink
2009-05-27 12:39:44 ----D---- C:\Program Files\Common Files\aol
2009-05-26 07:40:52 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-05-21 00:00:49 ----D---- C:\Program Files\VstPlugins
2009-05-21 00:00:48 ----D---- C:\Program Files\Image-Line
2009-05-20 18:08:08 ----D---- C:\Documents and Settings\ry\Application Data\Vso
2009-05-20 02:50:51 ----D---- C:\WINDOWS\system32\config
2009-05-20 02:49:58 ----D---- C:\Program Files\Microsoft Office
2009-05-20 02:49:44 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-05-20 02:49:25 ----RSD---- C:\WINDOWS\Fonts
2009-05-20 02:49:04 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2009-05-20 02:47:17 ----HD---- C:\WINDOWS\ShellNew
2009-05-20 02:47:06 ----D---- C:\Program Files\Common Files\System
2009-05-19 00:30:43 ----D---- C:\Documents and Settings\ry\Application Data\U3

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-05-27 75096]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-12-02 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-12-02 14848]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-12-02 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-12-02 12160]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-05-16 47360]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2004-04-01 10368]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-11-16 1047816]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-12-02 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-12-02 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-12-02 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-12-02 20480]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-10-30 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-10-30 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-10-30 21568]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-02 26496]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2004-12-02 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-10 152984]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-12-02 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-12-02 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-12-02 14336]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2004-11-19 147456]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-12-02 38912]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.06 2009-08-18 21:52:22

======Uninstall list======

-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNNMP.exe /UNINSTALL
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56EC9D19-61CD-4982-8634-F5CBF3ED5550}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7E9BE6D1-680B-49B2-A2B0-CBC32D20DF04}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"E:\Adobe Photoshop 7\Uninst.isu" -c"E:\Adobe Photoshop 7\Uninst.dll"
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Parental Control-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{390FF986-468D-4CA9-8830-2C4B313F447F} /l1033
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Azureus-->C:\Program Files\Azureus\Uninstall.exe
Collab-->C:\Program Files\Image-Line\Collab\uninstall.exe
ConvertXtoDVD 3.3.0.96-->"E:\ConvertXtoDVD\3\unins000.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Download Updater (AOL LLC)-->C:\Program Files\Common Files\Software Update Utility\uninstall.exe
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
FL Studio 7-->C:\Program Files\Image-Line\FL Studio 7\uninstall.exe
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Customer Participation Program 10.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3-->C:\Program Files\HP\Digital Imaging\{D77D43B5-ED55-426b-B67B-E21F804F6102}\setup\hpzscr01.exe -datfile hposcr27.dat -onestop
HP Imaging Device Functions 10.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential 2.5-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 10.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{11B83AD3-7A46-4C2E-A568-9505981D4C6F}
IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe
Intel® PRO Network Connections Drivers-->Prounstl.exe
Intel® PROSet for Wired Connections-->MsiExec.exe /I{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}
Java™ 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Standard 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall STANDARDR /dll OSETUP.DLL
Microsoft Office Standard 2007-->MsiExec.exe /X{91120000-0012-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft VC9 runtime libraries-->MsiExec.exe /I{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}
Mixer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7E9BE6D1-680B-49B2-A2B0-CBC32D20DF04}\setup.exe" -l0x9 /remove
Mozilla Firefox (2.0.0.2)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero Suite-->C:\Program Files\Common Files\Ahead\Uninstall\Setup.exe /uninstall
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Sound Blaster Audigy ADVANCED MB Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56EC9D19-61CD-4982-8634-F5CBF3ED5550}\setup.exe" -l0x9 /remove
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

Securitycenter WMI appears to be broken

======System event log======

Computer Name: RY-632806520896
Event Code: 7003
Message: The Fast User Switching Compatibility service depends on the following nonexistent service: TermService

Record Number: 29
Source Name: Service Control Manager
Time Written: 20090604005639.000000-240
Event Type: error
User:

Computer Name: RY-632806520896
Event Code: 7022
Message: The HP CUE DeviceDiscovery Service service hung on starting.

Record Number: 28
Source Name: Service Control Manager
Time Written: 20090604005639.000000-240
Event Type: error
User:

Computer Name: RY-632806520896
Event Code: 7003
Message: The Fast User Switching Compatibility service depends on the following nonexistent service: TermService

Record Number: 23
Source Name: Service Control Manager
Time Written: 20090604004434.000000-240
Event Type: error
User:

Computer Name: RY-632806520896
Event Code: 7003
Message: The Fast User Switching Compatibility service depends on the following nonexistent service: TermService

Record Number: 6
Source Name: Service Control Manager
Time Written: 20090604004104.000000-240
Event Type: error
User:

Computer Name: RY-632806520896
Event Code: 7022
Message: The HP CUE DeviceDiscovery Service service hung on starting.

Record Number: 5
Source Name: Service Control Manager
Time Written: 20090604004104.000000-240
Event Type: error
User:

=====Application event log=====

Computer Name: RY-632806520896
Event Code: 1090
Message: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.

Record Number: 1006
Source Name: Userenv
Time Written: 20090720234603.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: RY-632806520896
Event Code: 1090
Message: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.

Record Number: 1005
Source Name: Userenv
Time Written: 20090720231306.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: RY-632806520896
Event Code: 1090
Message: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.

Record Number: 1004
Source Name: Userenv
Time Written: 20090720220603.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: RY-632806520896
Event Code: 1090
Message: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.

Record Number: 1003
Source Name: Userenv
Time Written: 20090720212506.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: RY-632806520896
Event Code: 1090
Message: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.

Record Number: 1002
Source Name: Userenv
Time Written: 20090720202803.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\DivX Shared\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0409
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Attached Files



#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 19 August 2009 - 12:42 AM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image


It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".

After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 idiomtangent

idiomtangent
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 19 August 2009 - 09:40 PM

ComboFix 09-08-19.01 - ry 08/19/2009 22:17.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.773 [GMT -4:00]
Running from: c:\documents and settings\ry\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\ry\Application Data\inst.exe
c:\progra~1\COMMON~1\{0485B~1
c:\progra~1\COMMON~1\{0485B~2
c:\progra~1\COMMON~1\{0485B~3
c:\progra~1\COMMON~1\{3485B~1
c:\recycler\S-1-5-21-117609710-1450960922-839522115-1002
c:\recycler\S-1-5-21-1229272821-616249376-725345543-1004
c:\windows\1055z9orm7305.exe
c:\windows\106059zckto5l774.dll
c:\windows\10693spamzot556.dll
c:\windows\108815aczt9ol592.bin
c:\windows\109c5teaz2303.dll
c:\windows\113z5wo9m2c7.exe
c:\windows\1140t9rzat18154.exe
c:\windows\115395iruz7f2.dll
c:\windows\1153zhacktool9c3.exe
c:\windows\115athreat955z.exe
c:\windows\11z69viru96745.ocx
c:\windows\132595p9zbot2c.bin
c:\windows\13506s9am5ot7zc.cpl
c:\windows\13640spambo9z105.exe
c:\windows\1372595rus14z.exe
c:\windows\137not-a-5irusz9.ocx
c:\windows\13c7t9re5tz2370.dll
c:\windows\141599azktool19c.dll
c:\windows\14179hazkt9ol5c85.bin
c:\windows\14256w9rm20az.exe
c:\windows\1454back9oor69z.bin
c:\windows\14683viru979z5.dll
c:\windows\15415s9ambot10z.bin
c:\windows\15447spamzo56b29.exe
c:\windows\15521no9za-virus71e.cpl
c:\windows\155295acztool8e.cpl
c:\windows\1553z5wnloade91595.cpl
c:\windows\15602sp9z9b.ocx
c:\windows\1565zspy69a.bin
c:\windows\15739not-a-vir9s6z2.exe
c:\windows\1599thie5262z.bin
c:\windows\1625hac9zool751.dll
c:\windows\16558zorm9b.cpl
c:\windows\16762virus59ez.dll
c:\windows\1680st5a94z7.cpl
c:\windows\16895spz12b9.exe
c:\windows\16919worm415z.ocx
c:\windows\1695zrojed.exe
c:\windows\16bcaddwar5960z.exe
c:\windows\1708zspambot5d59.dll
c:\windows\17252virus5a9z.dll
c:\windows\180fz9eal3225.ocx
c:\windows\1814zwor93b5.dll
c:\windows\18299w5zm6dc.exe
c:\windows\18951not5a-virus1f9z.dll
c:\windows\18f0zh9e5t27325.dll
c:\windows\1932hacktzol2c5.exe
c:\windows\19516wo9m25z.exe
c:\windows\1956spamzot249.cpl
c:\windows\1959259rz725.bin
c:\windows\195thrzat5369.ocx
c:\windows\19824hackto953zc.dll
c:\windows\19855zpambot247.dll
c:\windows\19885t5zj286.ocx
c:\windows\198zdownl5ader891.dll
c:\windows\1992backd5or19z9.cpl
c:\windows\19959hackz9ol3e1.exe
c:\windows\199z29o5m39b.ocx
c:\windows\19z15spamb5t391.exe
c:\windows\1bb09hreaz7558.cpl
c:\windows\1bb5addwaze1789.exe
c:\windows\1cf0zo5nloader3959.ocx
c:\windows\1d2spyw5rz9816.ocx
c:\windows\1dz5ad9ware434.bin
c:\windows\1e29backdoo51945z.exe
c:\windows\1z28thi9f19955.ocx
c:\windows\1z292wo9m45d.cpl
c:\windows\1z92wo5m987.exe
c:\windows\1z95vir916.dll
c:\windows\202549rojz09.dll
c:\windows\205z9teal1369.cpl
c:\windows\20705spa59zt450.dll
c:\windows\209downzoader1519.cpl
c:\windows\20z219orm585.exe
c:\windows\21546not-a-vzrus595.exe
c:\windows\22178vir9s5z9.cpl
c:\windows\22369v5rus69z.bin
c:\windows\227269acktoolzc75.cpl
c:\windows\22965spamboz4ac.dll
c:\windows\2297viruz357.ocx
c:\windows\22z0tr5j39a.cpl
c:\windows\23351spazbo9595.dll
c:\windows\23486vir9s1z95.bin
c:\windows\23922hzckt5ol9e2.exe
c:\windows\23989not5z-virus3cb.bin
c:\windows\2404sze9l31035.bin
c:\windows\2428v9r2z53.cpl
c:\windows\24344no9za5virus375.cpl
c:\windows\245zst9al12655.cpl
c:\windows\247z7virus5279.bin
c:\windows\24a8z5r9415.ocx
c:\windows\24aespazse1958.exe
c:\windows\24z09s9yce5.cpl
c:\windows\25389zac5toolb4.dll
c:\windows\254vzr9557.bin
c:\windows\25715worm65z9.ocx
c:\windows\257919roz5aa.ocx
c:\windows\258539orm7z5.exe
c:\windows\2590t5ief93z.cpl
c:\windows\259459zrm484.cpl
c:\windows\25d9spyware2z76.cpl
c:\windows\25zfaddware2539.ocx
c:\windows\26527hzcktoo56499.exe
c:\windows\267329a5ktoolz77.cpl
c:\windows\27506spambot99az.exe
c:\windows\27552t9ojz95.bin
c:\windows\27597wo5m2z1.exe
c:\windows\275ir29z9.ocx
c:\windows\280z95roj5bf.dll
c:\windows\28325virzs399.bin
c:\windows\28555spz3639.bin
c:\windows\285btzief69.bin
c:\windows\2895teaz961.dll
c:\windows\29099sp5411z.exe
c:\windows\295dvzr43.ocx
c:\windows\29618haz9tool155.cpl
c:\windows\29868hackto9l3bz5.bin
c:\windows\298z7virus54.exe
c:\windows\29918spa9bz527.dll
c:\windows\2995z5py374.bin
c:\windows\29987hacz9o5lb8.bin
c:\windows\2ae1bzckd95r699.bin
c:\windows\2bz5threa913237.ocx
c:\windows\2ea1ztea52917.exe
c:\windows\2f4zbac59oor1170.bin
c:\windows\2f95steaz32445.dll
c:\windows\2z594tr5j69b.exe
c:\windows\2zfe5hief499.ocx
c:\windows\30045virzs5869.cpl
c:\windows\3027zspa59ot617.cpl
c:\windows\30449hacktooz9415.ocx
c:\windows\3059ztroj629.ocx
c:\windows\30811w9rz35d.exe
c:\windows\3092trz5180.cpl
c:\windows\31530zpa5bot9dd.exe
c:\windows\31648hack5zol915.ocx
c:\windows\31z4st5al2949.bin
c:\windows\32285hackzo9l176.cpl
c:\windows\3251spyware195z.ocx
c:\windows\32685s5amboz290.exe
c:\windows\32bastz5l8099.cpl
c:\windows\3345viz4519.ocx
c:\windows\3359dow5loz9er3059.ocx
c:\windows\336dsza5se2719.dll
c:\windows\33975ackdozr992.ocx
c:\windows\3457downloaderz139.dll
c:\windows\35dspzwar51994.cpl
c:\windows\3696wozm9a5.bin
c:\windows\37d3ad9ware18z5.bin
c:\windows\3903zack5oor2993.ocx
c:\windows\391d5ir326z.dll
c:\windows\396cdownlza9er5108.ocx
c:\windows\3981spaz9e18785.exe
c:\windows\39fc5hreat2z468.bin
c:\windows\39z5sparse1960.exe
c:\windows\3aa09hief5118z.bin
c:\windows\3b2cadzw59e2533.ocx
c:\windows\3c54spy9are14z5.cpl
c:\windows\3cb9ad5ware11z6.dll
c:\windows\3ce9bac5door86z.exe
c:\windows\3d359parsz2251.dll
c:\windows\3d51addw9rez1405.cpl
c:\windows\3d9cspars58z5.cpl
c:\windows\3e55thiez1759.bin
c:\windows\3f56ad5waze995.bin
c:\windows\3f5zaddwar91483.exe
c:\windows\3z58sp9rse137.cpl
c:\windows\3z7189ackt5ol121.cpl
c:\windows\3z77ba5kdo9r2062.dll
c:\windows\3za6t9r5at8482.exe
c:\windows\3zb79ddware555.ocx
c:\windows\4004thie9z6305.cpl
c:\windows\4124n9t-a-zirus955.ocx
c:\windows\414dbzc9d5or1881.dll
c:\windows\419zv5r2957.cpl
c:\windows\41f7ba5zd9or1984.cpl
c:\windows\44165rzj2469.exe
c:\windows\4528s9zmbot270.exe
c:\windows\4595szyware702.ocx
c:\windows\45e3szarse1629.dll
c:\windows\45fcaddw9rz1462.bin
c:\windows\4676hac5toolzf9.bin
c:\windows\4765sp96ez.cpl
c:\windows\4784worm7z59.ocx
c:\windows\4795viru5z799.exe
c:\windows\4913tz59at26712.dll
c:\windows\495eba9zdoor2085.exe
c:\windows\49z5addware93.exe
c:\windows\4b0eazdwar5999.ocx
c:\windows\4b3c95eal191z.bin
c:\windows\4b5cs5yw9re235z.ocx
c:\windows\4caa59arse294z.dll
c:\windows\4d03down9oaderz415.cpl
c:\windows\4dcab9ck5oor2358z.ocx
c:\windows\4dz5threat39453.bin
c:\windows\4e43sp5warez4639.dll
c:\windows\4fddst9zl5545.dll
c:\windows\4fz2a59ware2344.ocx
c:\windows\4z25spywa9e3256.bin
c:\windows\4z58thief2369.ocx
c:\windows\4z7dthi951669.dll
c:\windows\5038sp5z9e849.ocx
c:\windows\504z39roj327.cpl
c:\windows\5150a9dware9z7.cpl
c:\windows\5172sp56e9z.cpl
c:\windows\5189sp5mbo91dz.cpl
c:\windows\5191vzr325.dll
c:\windows\51c6down5oaderz9369.bin
c:\windows\520389ozm35b.exe
c:\windows\522zaddware29769.exe
c:\windows\52365wzrm7959.bin
c:\windows\526959iez1750.exe
c:\windows\5284s5azbot69f.bin
c:\windows\53049spa9bot375z.ocx
c:\windows\535avz9234.exe
c:\windows\5395threaz3370.ocx
c:\windows\5399threatz5521.exe
c:\windows\53d4th9zat51895.cpl
c:\windows\54974hazktool2c5.cpl
c:\windows\54z5threa912175.cpl
c:\windows\5519add5aze15579.dll
c:\windows\5521zackd9or5281.dll
c:\windows\5545ha9ktoolz11.ocx
c:\windows\554csparse2z97.cpl
c:\windows\55531spambo97b0z.bin
c:\windows\558dsp9rze1035.ocx
c:\windows\55a9thrzat241.exe
c:\windows\55e7vir1z9.cpl
c:\windows\55z45pa9se2419.cpl
c:\windows\5620sz911.bin
c:\windows\56830szambo91b4.bin
c:\windows\568zspam9ot6ed.ocx
c:\windows\57745o9-a-virus5c2z.dll
c:\windows\579ead9warz2523.cpl
c:\windows\57bzspywa592471.ocx
c:\windows\583459pamzot227.cpl
c:\windows\585dthi95589z.exe
c:\windows\58bzvir192.bin
c:\windows\591zworm910.ocx
c:\windows\5935vi59s2fz.bin
c:\windows\59894trzj601.bin
c:\windows\59b3steal4z5.dll
c:\windows\59deth5zf1797.exe
c:\windows\59e8viz10535.dll
c:\windows\59f9thzeat29585.exe
c:\windows\5a95vir663z.dll
c:\windows\5bf49teal1168z.bin
c:\windows\5c52dow9loader219z.ocx
c:\windows\5cdtzreat19199.cpl
c:\windows\5dee9ackdzor2135.cpl
c:\windows\5fd8ad5waze14009.cpl
c:\windows\5fz6sparse2946.bin
c:\windows\5fzcthre5t1129.dll
c:\windows\5z90th9ef867.cpl
c:\windows\6068sp9rsz29545.bin
c:\windows\615cdownlo5zer2796.ocx
c:\windows\6256dowzloader1943.cpl
c:\windows\6434t9zef565.dll
c:\windows\6517thiefz296.dll
c:\windows\653z9iru57f1.ocx
c:\windows\65z9tro5591.cpl
c:\windows\661z9pywar52951.ocx
c:\windows\66zbb9ckdoor450.cpl
c:\windows\67859pywarz174.dll
c:\windows\6823spa5s92z61.exe
c:\windows\689estez59534.bin
c:\windows\68a9bzckdoor24925.ocx
c:\windows\6959backdozr1551.ocx
c:\windows\6979azdwar539.ocx
c:\windows\69fszarse2251.ocx
c:\windows\6c31v5r21z9.exe
c:\windows\6c4zste9l5249.cpl
c:\windows\6cbbthiez29935.ocx
c:\windows\6e539ddwzr52075.dll
c:\windows\6ea5adzwa592049.bin
c:\windows\6ead95zal921.ocx
c:\windows\6fa6thief5z94.ocx
c:\windows\6z585roj1d9.bin
c:\windows\6zd759arse2877.ocx
c:\windows\7049szambot6225.ocx
c:\windows\70bbackdoz510499.exe
c:\windows\70c89ir15z5.bin
c:\windows\7195arse790z.cpl
c:\windows\725fspy9arez711.bin
c:\windows\72f95hreat66z0.dll
c:\windows\7463b9ckzoo52187.exe
c:\windows\748095rus70z.ocx
c:\windows\74b2tzre5t74979.dll
c:\windows\75495teaz2729.cpl
c:\windows\759cstzal838.dll
c:\windows\75a1zi5989.dll
c:\windows\76eddownloade92z56.bin
c:\windows\7715zackt5o931c.dll
c:\windows\776at9reat54220z.cpl
c:\windows\7770s5arze25849.bin
c:\windows\7909worm58z5.bin
c:\windows\79f4zte5l2571.dll
c:\windows\7a5d9wnlzader820.ocx
c:\windows\7b09a5dwzre25689.exe
c:\windows\7b32s59al25z.ocx
c:\windows\7b7faddwar58z9.ocx
c:\windows\7d095ackdoor912z.bin
c:\windows\7dbdownloa5e92z74.exe
c:\windows\7e339i5122z.cpl
c:\windows\7e369tez51937.dll
c:\windows\7e59threat24971z.dll
c:\windows\7f4z9ddwar5704.ocx
c:\windows\7z6c5hief993.exe
c:\windows\8297not-a5vizu9793.exe
c:\windows\87429a5ktozl6d9.cpl
c:\windows\8998s5y739z.bin
c:\windows\93f5spzware2378.exe
c:\windows\94945tzoj2da5.dll
c:\windows\94z85irus68d.exe
c:\windows\9526zworm30d.cpl
c:\windows\95655tzoj751.exe
c:\windows\957zvir2416.exe
c:\windows\95s5eaz2038.cpl
c:\windows\9625wormzc05.cpl
c:\windows\979d5hizf792.bin
c:\windows\9995r9j77z.dll
c:\windows\9a96zir875.cpl
c:\windows\9b63zo5nloader2005.bin
c:\windows\9e5baddwarez127.bin
c:\windows\9z969spy145.bin
c:\windows\b99spywarez95.cpl
c:\windows\b9aspy9zre5871.ocx
c:\windows\c325ownloadzr2479.dll
c:\windows\c4cdownlo9zer755.exe
c:\windows\f5b9ir9z5.cpl
c:\windows\f95szeal3183.ocx
c:\windows\fbaspazs58939.cpl
c:\windows\system32\drivers\gxvxcgdeydwomjdrqbkgwuhnsxswevssuyxxa.sys
c:\windows\system32\drivers\gxvxcmpdmrqfoasbpxmdbyueugoswwfsxtsvn.sys
c:\windows\system32\gxvxcclrpptwpaqslkdkddfiqctxilwsuhchm.dll
c:\windows\system32\gxvxccount
c:\windows\system32\gxvxcslapbncpooysiowstrwbppcjtjkwspsg.dll
c:\windows\ymbols~1
c:\windows\z032thi9f1575.exe
c:\windows\z0425t9al65.ocx
c:\windows\z1291not-a-viru55c0.dll
c:\windows\z1951troj592.exe
c:\windows\z1959spy50f9.cpl
c:\windows\z29915o9m2f2.dll
c:\windows\z445st9al2642.bin
c:\windows\z4a9spars5725.bin
c:\windows\z526spyware9236.cpl
c:\windows\z5709spy655.exe
c:\windows\z599sparse434.dll
c:\windows\z6feaddware27589.bin
c:\windows\z733spamb9t351.dll
c:\windows\z833thi59393.ocx
c:\windows\z94849pya35.bin
c:\windows\z9582hack9ool559.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gxvxcserv.sys
-------\Legacy_gxvxcserv.sys


((((((((((((((((((((((((( Files Created from 2009-07-20 to 2009-08-20 )))))))))))))))))))))))))))))))
.

2009-12-13 13:52 . 2009-12-13 13:52 15890 ----a-w- c:\windows\system32\19807hack5zol356.dll
2009-12-09 08:58 . 2009-12-09 08:58 3080 ----a-w- c:\windows\system32\2978back5oor597z.exe
2009-12-07 09:56 . 2009-12-07 09:56 8426 ----a-w- c:\windows\system32\z518595ambot380.exe
2009-12-06 13:39 . 2009-12-06 13:39 12588 ----a-w- c:\windows\system32\2de5sp9z5re826.dll
2009-12-04 16:39 . 2009-12-04 16:39 14628 ----a-w- c:\windows\system32\156189azktool3d4.exe
2009-12-04 04:26 . 2009-12-04 04:26 12558 ----a-w- c:\windows\system32\3693sparsez4145.dll
2009-12-03 06:38 . 2009-12-03 06:38 8044 ----a-w- c:\windows\system32\180495orm4z19.exe
2009-12-02 07:17 . 2009-12-02 07:17 6101 ----a-w- c:\windows\system32\43z1s5y391.bin
2009-12-01 14:16 . 2009-12-01 14:16 6138 ----a-w- c:\windows\system32\295cthzeat25506.dll
2009-12-01 04:13 . 2009-12-01 04:13 15297 ----a-w- c:\windows\system32\14545s9amzot4d6.exe
2009-11-22 07:40 . 2009-11-22 07:40 17340 ----a-w- c:\windows\system32\17494spyzd5.exe
2009-11-20 06:20 . 2009-11-20 06:20 10256 ----a-w- c:\windows\system32\7694d5wnloader93z6.bin
2009-11-17 21:51 . 2009-11-17 21:51 6123 ----a-w- c:\windows\system32\98553worz660.bin
2009-11-06 00:01 . 2009-11-06 00:01 12433 ----a-w- c:\windows\system32\z6995pambot63f.dll
2009-11-05 08:30 . 2009-11-05 08:30 3794 ----a-w- c:\windows\system32\7563sp9rse18z1.exe
2009-11-05 07:31 . 2009-11-05 07:31 14066 ----a-w- c:\windows\system32\5bzc9pyware2163.bin
2009-10-27 01:11 . 2009-10-27 01:11 16614 ----a-w- c:\windows\system32\2d4fdownzoad5r793.dll
2009-10-26 15:06 . 2009-10-26 15:06 16348 ----a-w- c:\windows\system32\28f3ste954z4.dll
2009-10-24 12:13 . 2009-10-24 12:13 10962 ----a-w- c:\windows\system32\6eezth5e91528.exe
2009-10-24 11:17 . 2009-10-24 11:17 12064 ----a-w- c:\windows\system32\25555wo9meaz.dll
2009-10-23 04:18 . 2009-10-23 04:18 7956 ----a-w- c:\windows\system32\25zfthreat14998.dll
2009-10-13 03:09 . 2009-10-13 03:09 2751 ----a-w- c:\windows\system32\98296worm5fz.bin
2009-10-10 20:37 . 2009-10-10 20:37 8434 ----a-w- c:\windows\system32\32003nzt-a9vi5us6eb.dll
2009-10-10 12:40 . 2009-10-10 12:40 8256 ----a-w- c:\windows\system32\59adstezl5522.exe
2009-10-04 00:36 . 2009-10-04 00:36 2996 ----a-w- c:\windows\system32\16549worz42c.dll
2009-09-22 17:16 . 2009-09-22 17:16 9099 ----a-w- c:\windows\system32\6247th9ef5z25.dll
2009-09-20 22:26 . 2009-09-20 22:26 10481 ----a-w- c:\windows\system32\24959tr9j8z.exe
2009-09-19 18:40 . 2009-09-19 18:40 5592 ----a-w- c:\windows\system32\967bsp5zse207.exe
2009-09-10 19:01 . 2009-09-10 19:01 7521 ----a-w- c:\windows\system32\6859b5ckdzor1594.exe
2009-09-09 18:48 . 2009-09-09 18:48 13255 ----a-w- c:\windows\system32\4255zir1559.dll
2009-08-27 11:42 . 2009-08-27 11:42 4024 ----a-w- c:\windows\system32\2934zteal21575.bin
2009-08-22 02:09 . 2009-08-22 02:09 12777 ----a-w- c:\windows\system32\z3adbackdoo95012.bin
2009-08-21 01:08 . 2009-08-21 01:08 9690 ----a-w- c:\windows\system32\65edspywarz29899.bin
2009-08-19 01:52 . 2009-08-19 01:52 -------- d-----w- c:\program files\trend micro
2009-08-19 01:52 . 2009-08-19 01:52 -------- d-----w- C:\rsit
2009-08-17 02:18 . 2009-08-17 02:18 11542 ----a-w- c:\windows\system32\1d32s9zrse252.bin
2009-08-15 10:43 . 2009-08-15 10:43 18007 ----a-w- c:\windows\system32\4631bzckdoor5900.exe
2009-08-05 10:08 . 2009-08-05 10:08 4052 ----a-w- c:\windows\system32\83559roj56fz.bin
2009-08-04 07:26 . 2009-08-04 07:26 11930 ----a-w- c:\windows\system32\8b5z9r2524.bin
2009-08-03 00:58 . 2009-08-03 00:58 4920 ----a-w- c:\windows\system32\z09085py3f5.dll
2009-07-25 00:08 . 2009-07-25 00:08 18021 ----a-w- c:\windows\system32\6b61thr5zt39263.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-19 02:23 . 2009-04-16 20:19 -------- d-----w- c:\program files\Image-Line
2009-08-19 00:51 . 2009-03-08 02:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-19 00:51 . 2009-07-05 20:27 3942047 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-05 09:11 . 2009-05-07 05:27 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 19:01 . 2009-05-12 03:38 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-03 17:36 . 2009-06-17 05:42 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 17:36 . 2009-06-17 05:42 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-17 18:55 . 2009-05-07 05:26 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-16 03:43 . 2009-07-16 03:43 18141 ----a-w- c:\windows\system32\4czdownl5ade92833.bin
2009-07-15 20:44 . 2009-07-15 20:44 16208 ----a-w- c:\windows\system32\6d699owzloader5182.bin
2009-07-14 11:28 . 2009-07-14 11:28 17756 ----a-w- c:\windows\system32\2z9105py66e.dll
2009-07-13 14:08 . 2009-05-07 05:32 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-09 13:50 . 2009-07-09 13:50 15045 ----a-w- c:\windows\system32\48c8stezl39595.exe
2009-07-03 21:23 . 2009-07-03 21:23 9263 ----a-w- c:\windows\system32\1e55v9r3538z.exe
2009-07-03 13:33 . 2009-07-03 13:33 11988 ----a-w- c:\windows\system32\1561zpamb5t19d.dll
2009-07-02 00:51 . 2009-07-02 00:51 9235 ----a-w- c:\windows\system32\59406zpy65d.dll
2009-06-27 12:01 . 2009-06-27 12:01 14210 ----a-w- c:\windows\system32\21388viz9s31e5.bin
2009-06-26 16:18 . 2009-05-07 05:31 659456 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:18 . 2009-05-07 05:27 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-25 18:36 . 2009-05-07 05:27 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:36 . 2009-05-07 05:27 471552 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:36 . 2009-05-07 05:27 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:36 . 2009-05-07 05:27 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:36 . 2009-05-07 05:27 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:36 . 2009-05-07 05:27 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:36 . 2009-05-07 05:27 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:36 . 2009-05-07 05:27 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:36 . 2009-05-07 05:27 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:36 . 2009-05-07 05:27 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:36 . 2009-05-07 05:27 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-25 18:36 . 2009-05-07 05:27 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-06-22 11:49 . 2009-05-07 05:27 117248 ----a-w- c:\windows\system32\mqtgsvc.exe
2009-06-22 11:49 . 2009-05-07 05:27 19968 ----a-w- c:\windows\system32\mqbkup.exe
2009-06-22 11:49 . 2009-05-07 05:27 4608 ----a-w- c:\windows\system32\mqsvc.exe
2009-06-22 11:48 . 2009-05-07 05:27 91776 ----a-w- c:\windows\system32\drivers\mqac.sys
2009-06-21 22:39 . 2009-06-21 22:39 7718 ----a-w- c:\windows\system32\26726vir5s5z09.dll
2009-06-17 13:41 . 2009-06-17 13:41 7798 ----a-w- c:\windows\system32\zd9dvi9235.exe
2009-06-16 14:55 . 2009-05-07 05:28 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:55 . 2009-05-07 05:27 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 16:55 . 2009-06-12 16:55 12047 ----a-w- c:\windows\system32\56d9wnloazer2056.dll
2009-06-12 11:50 . 2009-05-07 05:28 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 11:50 . 2009-05-07 05:28 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-12 09:55 . 2009-06-12 09:55 7488 ----a-w- c:\windows\system32\67z9vir9s285.dll
2009-06-10 14:21 . 2009-05-07 05:26 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:32 . 2009-05-07 05:31 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-05 20:19 . 2009-06-05 20:19 2520 ----a-w- c:\windows\system32\1ec9thzeat241185.bin
2009-06-05 18:30 . 2009-06-05 18:30 16114 ----a-w- c:\windows\system32\15131h95ktool125z.exe
2009-06-05 07:42 . 2009-05-09 02:13 655872 ----a-w- c:\windows\system32\mstscax.dll
2009-06-03 19:27 . 2009-05-07 05:28 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-06-01 23:49 . 2009-06-01 23:49 3410 ----a-w- c:\windows\system32\6fe9s5eal1592z.dll
2009-05-28 02:41 . 2009-05-18 03:30 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-15 13:31 . 2007-08-09 23:31 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-05-15 13:31 . 2007-08-09 23:31 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-05-15 13:31 . 2007-08-09 23:31 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-05-15 13:31 . 2007-08-09 23:31 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2009-05-15 13:31 . 2007-08-09 23:31 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\winlogon.exe
[-] 2004-12-02 09:00 502272 6225F14B8CE08CCBA8B25AD27843C674 c:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2008-11-06 50472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="c:\program files\Common Files\AOL\1241981519\ee\AOLSoftware.exe" [2008-06-24 41824]
"CTSVolFE"="c:\program files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 57344]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-11 148888]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-3-10 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\aol\\1241981519\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
DcomLaunch REG_MULTI_SZ DcomLaunch
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\ry\Application Data\Mozilla\Firefox\Profiles\fhe5z7r5.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-19 22:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-08-20 22:29
ComboFix-quarantined-files.txt 2009-08-20 02:29

Pre-Run: 16,064,909,312 bytes free
Post-Run: 16,492,421,120 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

554 --- E O F --- 2009-08-19 04:21

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 19 August 2009 - 10:19 PM

1. Please open Notepad
  • If you don't know how, just go to Start >> Run >> copy/paste notepad.exe >> Enter
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
c:\windows\system32\19807hack5zol356.dll
c:\windows\system32\2978back5oor597z.exe
c:\windows\system32\z518595ambot380.exe
c:\windows\system32\2de5sp9z5re826.dll
c:\windows\system32\156189azktool3d4.exe
c:\windows\system32\3693sparsez4145.dll
c:\windows\system32\180495orm4z19.exe
c:\windows\system32\43z1s5y391.bin
c:\windows\system32\295cthzeat25506.dll
c:\windows\system32\14545s9amzot4d6.exe
c:\windows\system32\17494spyzd5.exe
c:\windows\system32\7694d5wnloader93z6.bin
c:\windows\system32\98553worz660.bin
c:\windows\system32\z6995pambot63f.dll
c:\windows\system32\7563sp9rse18z1.exe
c:\windows\system32\5bzc9pyware2163.bin
c:\windows\system32\2d4fdownzoad5r793.dll
c:\windows\system32\28f3ste954z4.dll
c:\windows\system32\6eezth5e91528.exe
c:\windows\system32\25555wo9meaz.dll
c:\windows\system32\25zfthreat14998.dll
c:\windows\system32\98296worm5fz.bin
c:\windows\system32\32003nzt-a9vi5us6eb.dll
c:\windows\system32\59adstezl5522.exe
c:\windows\system32\16549worz42c.dll
c:\windows\system32\6247th9ef5z25.dll
c:\windows\system32\24959tr9j8z.exe
c:\windows\system32\967bsp5zse207.exe
c:\windows\system32\6859b5ckdzor1594.exe
c:\windows\system32\4255zir1559.dll
c:\windows\system32\2934zteal21575.bin
c:\windows\system32\z3adbackdoo95012.bin
c:\windows\system32\65edspywarz29899.bin
c:\windows\system32\1d32s9zrse252.bin
c:\windows\system32\4631bzckdoor5900.exe
c:\windows\system32\83559roj56fz.bin
c:\windows\system32\8b5z9r2524.bin
c:\windows\system32\z09085py3f5.dll
c:\windows\system32\6b61thr5zt39263.exe
c:\windows\system32\4czdownl5ade92833.bin
c:\windows\system32\6d699owzloader5182.bin
c:\windows\system32\2z9105py66e.dll
c:\windows\system32\wmpdxm.dll
c:\windows\system32\48c8stezl39595.exe
c:\windows\system32\1e55v9r3538z.exe
c:\windows\system32\1561zpamb5t19d.dll
c:\windows\system32\59406zpy65d.dll
c:\windows\system32\21388viz9s31e5.bin
c:\windows\system32\drivers\mqac.sys
c:\windows\system32\26726vir5s5z09.dll
c:\windows\system32\zd9dvi9235.exe
c:\windows\system32\t2embed.dll
c:\windows\system32\fontsub.dll
c:\windows\system32\56d9wnloazer2056.dll
c:\windows\system32\tlntsess.exe
c:\windows\system32\telnet.exe
c:\windows\system32\67z9vir9s285.dll
c:\windows\system32\1ec9thzeat241185.bin
c:\windows\system32\15131h95ktool125z.exe

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 idiomtangent

idiomtangent
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 19 August 2009 - 11:30 PM

ComboFix 09-08-19.01 - ry 08/20/2009 0:03.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.737 [GMT -4:00]
Running from: c:\documents and settings\ry\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\ry\Desktop\CFScript.txt

FILE ::
"c:\windows\system32\14545s9amzot4d6.exe"
"c:\windows\system32\15131h95ktool125z.exe"
"c:\windows\system32\156189azktool3d4.exe"
"c:\windows\system32\1561zpamb5t19d.dll"
"c:\windows\system32\16549worz42c.dll"
"c:\windows\system32\17494spyzd5.exe"
"c:\windows\system32\180495orm4z19.exe"
"c:\windows\system32\19807hack5zol356.dll"
"c:\windows\system32\1d32s9zrse252.bin"
"c:\windows\system32\1e55v9r3538z.exe"
"c:\windows\system32\1ec9thzeat241185.bin"
"c:\windows\system32\21388viz9s31e5.bin"
"c:\windows\system32\24959tr9j8z.exe"
"c:\windows\system32\25555wo9meaz.dll"
"c:\windows\system32\25zfthreat14998.dll"
"c:\windows\system32\26726vir5s5z09.dll"
"c:\windows\system32\28f3ste954z4.dll"
"c:\windows\system32\2934zteal21575.bin"
"c:\windows\system32\295cthzeat25506.dll"
"c:\windows\system32\2978back5oor597z.exe"
"c:\windows\system32\2d4fdownzoad5r793.dll"
"c:\windows\system32\2de5sp9z5re826.dll"
"c:\windows\system32\2z9105py66e.dll"
"c:\windows\system32\32003nzt-a9vi5us6eb.dll"
"c:\windows\system32\3693sparsez4145.dll"
"c:\windows\system32\4255zir1559.dll"
"c:\windows\system32\43z1s5y391.bin"
"c:\windows\system32\4631bzckdoor5900.exe"
"c:\windows\system32\48c8stezl39595.exe"
"c:\windows\system32\4czdownl5ade92833.bin"
"c:\windows\system32\56d9wnloazer2056.dll"
"c:\windows\system32\59406zpy65d.dll"
"c:\windows\system32\59adstezl5522.exe"
"c:\windows\system32\5bzc9pyware2163.bin"
"c:\windows\system32\6247th9ef5z25.dll"
"c:\windows\system32\65edspywarz29899.bin"
"c:\windows\system32\67z9vir9s285.dll"
"c:\windows\system32\6859b5ckdzor1594.exe"
"c:\windows\system32\6b61thr5zt39263.exe"
"c:\windows\system32\6d699owzloader5182.bin"
"c:\windows\system32\6eezth5e91528.exe"
"c:\windows\system32\7563sp9rse18z1.exe"
"c:\windows\system32\7694d5wnloader93z6.bin"
"c:\windows\system32\83559roj56fz.bin"
"c:\windows\system32\8b5z9r2524.bin"
"c:\windows\system32\967bsp5zse207.exe"
"c:\windows\system32\98296worm5fz.bin"
"c:\windows\system32\98553worz660.bin"
"c:\windows\system32\drivers\mqac.sys"
"c:\windows\system32\fontsub.dll"
"c:\windows\system32\t2embed.dll"
"c:\windows\system32\telnet.exe"
"c:\windows\system32\tlntsess.exe"
"c:\windows\system32\wmpdxm.dll"
"c:\windows\system32\z09085py3f5.dll"
"c:\windows\system32\z3adbackdoo95012.bin"
"c:\windows\system32\z518595ambot380.exe"
"c:\windows\system32\z6995pambot63f.dll"
"c:\windows\system32\zd9dvi9235.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\1041zvi5us4869.ocx
c:\windows\system32\10455tzo549f.dll
c:\windows\system32\10707viru529z.cpl
c:\windows\system32\10915wor94e9z.ocx
c:\windows\system32\10917no59a-vizus213.dll
c:\windows\system32\10997wormz505.ocx
c:\windows\system32\10c2spy9aze355.dll
c:\windows\system32\10z549irus754.cpl
c:\windows\system32\1146sparsz5289.cpl
c:\windows\system32\11767no5-a-vir9sz65.dll
c:\windows\system32\1197steaz995.bin
c:\windows\system32\11e7szy59re3183.bin
c:\windows\system32\1215zt5o9588.ocx
c:\windows\system32\124z25orm99.dll
c:\windows\system32\130315pambot96z.dll
c:\windows\system32\13z03worm5219.cpl
c:\windows\system32\14221hacktzol57d9.cpl
c:\windows\system32\14287spa9bzt515.bin
c:\windows\system32\14545s9amzot4d6.exe
c:\windows\system32\15131h95ktool125z.exe
c:\windows\system32\15220hacktzol6d9.exe
c:\windows\system32\15389spz59ot24f.dll
c:\windows\system32\153z9hreat25982.ocx
c:\windows\system32\15422w9rm1cez.cpl
c:\windows\system32\154astza91002.dll
c:\windows\system32\1561zpamb5t19d.dll
c:\windows\system32\16549worz42c.dll
c:\windows\system32\17494spyzd5.exe
c:\windows\system32\180495orm4z19.exe
c:\windows\system32\19807hack5zol356.dll
c:\windows\system32\1d32s9zrse252.bin
c:\windows\system32\1e55v9r3538z.exe
c:\windows\system32\1ec9thzeat241185.bin
c:\windows\system32\21388viz9s31e5.bin
c:\windows\system32\24959tr9j8z.exe
c:\windows\system32\25555wo9meaz.dll
c:\windows\system32\25zfthreat14998.dll
c:\windows\system32\26726vir5s5z09.dll
c:\windows\system32\28f3ste954z4.dll
c:\windows\system32\2934zteal21575.bin
c:\windows\system32\295cthzeat25506.dll
c:\windows\system32\2978back5oor597z.exe
c:\windows\system32\2d4fdownzoad5r793.dll
c:\windows\system32\2de5sp9z5re826.dll
c:\windows\system32\2z9105py66e.dll
c:\windows\system32\32003nzt-a9vi5us6eb.dll
c:\windows\system32\3693sparsez4145.dll
c:\windows\system32\4255zir1559.dll
c:\windows\system32\43z1s5y391.bin
c:\windows\system32\4631bzckdoor5900.exe
c:\windows\system32\48c8stezl39595.exe
c:\windows\system32\4czdownl5ade92833.bin
c:\windows\system32\56d9wnloazer2056.dll
c:\windows\system32\59406zpy65d.dll
c:\windows\system32\59adstezl5522.exe
c:\windows\system32\5bzc9pyware2163.bin
c:\windows\system32\6247th9ef5z25.dll
c:\windows\system32\65edspywarz29899.bin
c:\windows\system32\67z9vir9s285.dll
c:\windows\system32\6859b5ckdzor1594.exe
c:\windows\system32\6b61thr5zt39263.exe
c:\windows\system32\6d699owzloader5182.bin
c:\windows\system32\6eezth5e91528.exe
c:\windows\system32\7563sp9rse18z1.exe
c:\windows\system32\7694d5wnloader93z6.bin
c:\windows\system32\83559roj56fz.bin
c:\windows\system32\8b5z9r2524.bin
c:\windows\system32\967bsp5zse207.exe
c:\windows\system32\98296worm5fz.bin
c:\windows\system32\98553worz660.bin
c:\windows\system32\drivers\mqac.sys
c:\windows\system32\telnet.exe
c:\windows\system32\tlntsess.exe
c:\windows\system32\z09085py3f5.dll
c:\windows\system32\z3adbackdoo95012.bin
c:\windows\system32\z518595ambot380.exe
c:\windows\system32\z6995pambot63f.dll
c:\windows\system32\zd9dvi9235.exe
c:\windows\z958thre5t23291.cpl
c:\windows\z9bevir552.bin
c:\windows\z9eaaddwar910165.cpl
c:\windows\zc56th9ef1133.bin
c:\windows\zd0459reat20859.ocx
c:\windows\ze24spa5se2292.ocx
c:\windows\zf06ste5l9208.ocx

.
((((((((((((((((((((((((( Files Created from 2009-07-20 to 2009-08-20 )))))))))))))))))))))))))))))))
.

2009-08-19 01:52 . 2009-08-19 01:52 -------- d-----w- c:\program files\trend micro
2009-08-19 01:52 . 2009-08-19 01:52 -------- d-----w- C:\rsit

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-19 02:23 . 2009-04-16 20:19 -------- d-----w- c:\program files\Image-Line
2009-08-05 09:11 . 2009-05-07 05:27 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 19:01 . 2009-05-12 03:38 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-17 18:55 . 2009-05-07 05:26 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 14:08 . 2009-05-07 05:32 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-26 16:18 . 2009-05-07 05:31 659456 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:18 . 2009-05-07 05:27 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-25 18:36 . 2009-05-07 05:27 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:36 . 2009-05-07 05:27 471552 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:36 . 2009-05-07 05:27 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:36 . 2009-05-07 05:27 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:36 . 2009-05-07 05:27 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:36 . 2009-05-07 05:27 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:36 . 2009-05-07 05:27 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:36 . 2009-05-07 05:27 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:36 . 2009-05-07 05:27 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:36 . 2009-05-07 05:27 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:36 . 2009-05-07 05:27 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-25 18:36 . 2009-05-07 05:27 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-06-22 11:49 . 2009-05-07 05:27 117248 ----a-w- c:\windows\system32\mqtgsvc.exe
2009-06-22 11:49 . 2009-05-07 05:27 19968 ----a-w- c:\windows\system32\mqbkup.exe
2009-06-22 11:49 . 2009-05-07 05:27 4608 ----a-w- c:\windows\system32\mqsvc.exe
2009-06-16 14:55 . 2009-05-07 05:28 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:55 . 2009-05-07 05:27 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-10 14:21 . 2009-05-07 05:26 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:32 . 2009-05-07 05:31 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-05 07:42 . 2009-05-09 02:13 655872 ----a-w- c:\windows\system32\mstscax.dll
2009-06-03 19:27 . 2009-05-07 05:28 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-06-01 23:49 . 2009-06-01 23:49 3410 ----a-w- c:\windows\system32\6fe9s5eal1592z.dll
2009-05-28 02:41 . 2009-05-18 03:30 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-15 13:31 . 2007-08-09 23:31 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-05-15 13:31 . 2007-08-09 23:31 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-05-15 13:31 . 2007-08-09 23:31 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-05-15 13:31 . 2007-08-09 23:31 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2009-05-15 13:31 . 2007-08-09 23:31 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\winlogon.exe
[-] 2004-12-02 09:00 502272 6225F14B8CE08CCBA8B25AD27843C674 c:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-08-20_02.27.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-20 04:09 . 2009-08-20 04:09 16384 c:\windows\temp\Perflib_Perfdata_190.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2008-11-06 50472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="c:\program files\Common Files\AOL\1241981519\ee\AOLSoftware.exe" [2008-06-24 41824]
"CTSVolFE"="c:\program files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 57344]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-11 148888]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-3-10 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\aol\\1241981519\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=


--- Other Services/Drivers In Memory ---

*NewlyCreated* - ATWPKT2
*Deregistered* - ATWPKT2

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
DcomLaunch REG_MULTI_SZ DcomLaunch
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\ry\Application Data\Mozilla\Firefox\Profiles\fhe5z7r5.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-20 00:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Common Files\aol\acs\AOLacsd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AOL 9.1\waol.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\AOL 9.1\shellmon.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2009-08-20 0:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-20 04:16
ComboFix2.txt 2009-08-20 02:29

Pre-Run: 17,889,304,576 bytes free
Post-Run: 17,841,065,984 bytes free

289 --- E O F --- 2009-08-19 04:21

#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 20 August 2009 - 01:55 AM

Please do this step before you sleep or when you don't use the computer as it will take quite a while..

Please run the Kaspersky Online Scanner

In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.

  • Click on SCAN NOW
  • Click Accept.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
  • The scan will take a while, so be patient and let it finish.

When the scan is done, in the Scan is complete window, any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As
  • Next, in the Save as prompt, Save in area, select: Desktop.
  • In the File name area use KScan, or something similar.
  • In Save as type: click the drop arrow and select: Text file [*.txt]
  • Then, click: Save
Posted Image

Copy and paste the Kaspersky Online Scanner Report in your next reply.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 idiomtangent

idiomtangent
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 20 August 2009 - 06:01 PM

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, August 20, 2009
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, August 20, 2009 17:08:47
Records in database: 2666609
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 159288
Threats found: 5
Infected objects found: 9
Suspicious objects found: 0
Scan duration: 03:04:54


File name / Threat / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\gxvxcgdeydwomjdrqbkgwuhnsxswevssuyxxa.sys.vir Infected: Rootkit.Win32.Agent.llg 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\gxvxcclrpptwpaqslkdkddfiqctxilwsuhchm.dll.vir Infected: Trojan.Win32.Agent2.kit 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\gxvxcslapbncpooysiowstrwbppcjtjkwspsg.dll.vir Infected: Trojan.Win32.Agent2.kny 1
C:\System Volume Information\_restore{9C302C55-08CE-4728-A551-8899D30F1208}\RP369\A0028256.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.a 1
C:\System Volume Information\_restore{9C302C55-08CE-4728-A551-8899D30F1208}\RP370\A0028426.dll Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.a 1
C:\System Volume Information\_restore{CCE4EB10-A0E8-4434-95F1-0C3029AB625A}\RP43\A0007558.dll Infected: Trojan.Win32.Agent2.kit 1
C:\System Volume Information\_restore{CCE4EB10-A0E8-4434-95F1-0C3029AB625A}\RP43\A0007559.sys Infected: Rootkit.Win32.Agent.llg 1
C:\System Volume Information\_restore{CCE4EB10-A0E8-4434-95F1-0C3029AB625A}\RP43\A0007560.dll Infected: Trojan.Win32.Agent2.kny 1
C:\System Volume Information\_restore{CCE4EB10-A0E8-4434-95F1-0C3029AB625A}\RP43\A0007587.sys Infected: Trojan.Win32.Tdss.aghr 1

Selected area has been scanned.

#12 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 21 August 2009 - 01:38 AM

Looks good to me.. Lets do some cleanup...


Please download OTC and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTC
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes


Please read these excellent articles write by my friends:
Preventing Malware and Safe Computing by Rorschach112
What makes your machine slow? by Artellos


Also, please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware


Read these great info's about safe internet surfing..

http://www.pcpitstop.com/spycheck/safesurfing.asp
http://bluefive.pair.com/practice_safe_surfing.htm




Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :thumbup2:



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#13 idiomtangent

idiomtangent
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 21 August 2009 - 02:33 AM

Thanks so much! My roommate will be very happy to get his laptop back.

I can't thank you enough!

#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 21 August 2009 - 02:38 AM

You are very welcome, I'm glad that we could help.

I will now close this topic. If you need this topic to be re-open, please pm me or Moderators regarding the matter..

If you have any new malware related questions or issues in the future please start a new topic.

Cheers and Happy Computing !

fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users