Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

? Still infected with "Malware Catcher" ? DDS.txt attached


  • This topic is locked This topic is locked
11 replies to this topic

#1 johnfull

johnfull

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 23 August 2009 - 12:47 PM

I ran Malwarebytes which cleaned issues; ran Malwarebytes again and nothing found. SAS and MS Security Essentials find nothing. Ran dds.scr and I see "Malware Catcher" listed four times in the DDS.txt but don't understand what the significance is or what action to take.

I have attached the Attach.txt and RootRepeal.txt and ark.txt- and -Attached File  RootRepeal.txt   35.02KB   13 downloadsAttached File  RootRepeal.txt   35.02KB   13 downloads

Here is the DDS.txt -


DDS (Ver_09-06-26.01) - NTFSx86
Run by Administrator at 11:37:40.11 on Sun 08/23/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.209 [GMT -5:00]

AV: Malware Catcher 2009 *On-access scanning enabled* (Updated) {1325ABCC-B91B-4FA7-BC56-D3E724798093}
AV: Malware Catcher 2009 *On-access scanning enabled* (Updated) {8CE482FD-8EBB-436A-83FF-4E28A799423A}
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: Malware Catcher 2009 *enabled* {A920383D-826A-462C-911A-48B99D182F70}
FW: Malware Catcher 2009 *enabled* {0A62D3B5-E93E-4277-970D-77FEFBD6BB12}

============== Running Processes ===============

C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Secunia\PSI\psi.exe
svchost.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Windows Internet Explorer provided by Yahoo!
uStart Page = hxxp://att.net
uDefault_Page_URL = hxxp://att.net
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web

printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet

explorer\SkypeIEPlugin.dll
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web

printing\hpswp_BHO.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [SBAutoUpdate] "c:\program files\spywareblaster\sbautoupdate.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi.exe
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program

files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital

imaging\smart web printing\hpswp_BHO.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1245341148153
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {2FE838F6-E5AB-4A8E-A0CA-D68D073E6CC9} = 68.238.64.12,68.238.128.12
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll

============= SERVICES / DRIVERS ===============

R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]
S3 AFFUDMWR;AFFUDMWR; [x]
S3 DFCVOPD;DFCVOPD; [x]
S3 SAIBSAXPIZFFIMVK;SAIBSAXPIZFFIMVK; [x]

=============== Created Last 30 ================

2009-08-23 04:18 10,999 a------- c:\windows\system32\1e41sparsz29599.cpl
2009-08-21 20:15 12,761 a------- c:\windows\5b39spars925z95.cpl
2009-08-21 17:58 <DIR> --d----- c:\program files\Microsoft Security Essentials
2009-08-21 17:56 <DIR> --d----- C:\5f807059a6ff85bdb64a6e1d36c47f4b
2009-08-21 17:33 <DIR> --d----- C:\209170f20bc7f5ca1e
2009-08-21 10:37 4,462 a------- c:\windows\362z5ir9102.exe
2009-08-20 18:16 2,564 a------- c:\windows\3075znot-a-viru95d1.exe
2009-08-17 21:51 13,265 a------- c:\windows\system32\7972tzief253.exe
2009-08-17 06:48 15,349 a------- c:\windows\3cezthreat29905.ocx
2009-08-12 07:19 8,151 a------- c:\windows\3899zo5-a-virus684.bin
2009-08-12 06:48 7,587 a------- c:\windows\system32\15190viruz942.bin
2009-08-11 22:56 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll
2009-08-11 22:56 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx
2009-08-11 05:54 7,872 a------- c:\windows\5fb9backdo5z9956.cpl
2009-08-11 02:43 12,555 a------- c:\windows\system32\5932downlza9er437.dll
2009-08-10 16:18 7,570 a------- c:\windows\3533zvi9us162.dll
2009-08-09 18:40 12,245 a------- c:\windows\159zworm95f.ocx
2009-08-08 14:07 6,271 a------- c:\windows\82489zy6ff5.dll
2009-08-07 17:55 6,003 a------- c:\windows\8655spambo91fz.dll
2009-08-06 21:44 11,860 a------- c:\windows\system32\3185sp9rse4z1.cpl
2009-08-05 04:01 204,800 -c------ c:\windows\system32\dllcache\mswebdvd.dll
2009-07-27 06:33 17,181 a------- c:\windows\system32\4bffspzware24759.bin
2009-07-25 13:47 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-25 13:47 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-25 13:47 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-25 00:39 13,750 a------- c:\windows\system32\2929threatz67395.ocx
2009-07-25 00:23 11,058 a------- c:\windows\system32\635spywa9e934z.exe

==================== Find3M ====================

2009-08-05 04:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-23 08:27 4,306 a------- c:\windows\54z5th9eat27495.exe
2009-07-20 13:27 14,307 a------- c:\windows\system32\baeth5efz9.dll
2009-07-19 13:14 7,296 a------- c:\windows\system32\18920not-5-vir9s1z5.dll
2009-07-17 14:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-15 22:15 11,442 a------- c:\windows\system32\22493worm4z5.dll
2009-07-13 04:35 2,824 a------- c:\windows\167599roj54z.bin
2009-07-12 12:21 233,472 -------- c:\windows\system32\wmpdxm.dll
2009-07-11 02:52 3,893 a------- c:\windows\51b4zddw9re16265.bin
2009-07-08 08:29 16,359 a------- c:\windows\2z43worm2395.bin
2009-07-08 05:22 14,284 a------- c:\windows\system32\7200t5o9f2z.bin
2009-07-07 14:57 3,177 a------- c:\windows\system32\39959p5zfd.bin
2009-07-06 15:16 13,904 a------- c:\windows\35329py7z0.bin
2009-07-04 02:12 3,800 a------- c:\windows\system32\140zspar5e7799.bin
2009-07-03 12:09 915,456 a------- c:\windows\system32\wininet.dll
2009-07-01 23:24 12,086 a------- c:\windows\2408do9nloadez3555.dll
2009-07-01 10:27 2,069,088 a------- C:\RegCureSetup_RW.exe
2009-06-30 19:24 49,811,272 a------- C:\a2FreeSetup.exe
2009-06-27 10:27 16,333 a------- c:\windows\system32\32503not9a-virzs7da5.exe
2009-06-26 18:52 16,294 a------- c:\windows\15992hacktozl5a09.exe
2009-06-25 19:54 618,072 a------- C:\PSISetup.exe
2009-06-25 03:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 03:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 03:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 03:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 03:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 03:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-24 08:14 13,905 a------- c:\windows\system32\27475hackto5z92d.bin
2009-06-22 13:16 11,296 a------- c:\windows\1549z5o9m293.exe
2009-06-21 10:26 7,553 a------- c:\windows\57z259irus3da.dll
2009-06-20 14:29 8,542 a------- c:\windows\system32\2aczdo9nloader3155.dll
2009-06-19 13:12 11,102 a------- c:\windows\56936not-a-virus7fz.dll
2009-06-18 21:04 13,372 a------- c:\windows\490ddown5oader1z9.dll
2009-06-18 10:13 1,828,872 a------- C:\advisor.exe
2009-06-18 09:28 3,559 a------- c:\windows\system32\2d7bba9kzoor1465.dll
2009-06-17 23:15 14,273 a------- c:\windows\system32\51z5not-a-9irus975.exe
2009-06-17 16:22 4,190 a------- c:\windows\system32\3a0dsp5wzre279.bin
2009-06-17 15:01 13,301 a------- c:\windows\2ed6spar9z6305.dll
2009-06-17 06:44 6,595 a------- c:\windows\1z7cvi522239.dll
2009-06-16 10:50 65,778,464 a------- C:\avg_free_stf_en_85_364a1545.exe
2009-06-16 09:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 09:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-15 20:32 16,140 a------- c:\windows\system32\2z76tr9543d.bin
2009-06-13 03:22 16,661 a------- c:\windows\20752w59m7z4.exe
2009-06-12 13:08 14,691 a------- c:\windows\system32\z79985roj15a.bin
2009-06-12 07:31 80,896 a------- c:\windows\system32\tlntsess.exe
2009-06-12 07:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-11 18:08 6,904 a------- c:\windows\system32\z5f5vi97.bin
2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-06-10 09:13 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 01:14 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-09 06:48 5,160 a------- c:\windows\31969worm254z.dll
2009-06-08 19:23 2,610 a------- c:\windows\7d4z95arse444.dll
2009-06-06 17:42 14,210 a------- c:\windows\system32\zdc659arse1015.bin
2009-06-05 20:51 3,832 a------- c:\windows\system32\4e15addw5rz9449.bin
2009-06-04 20:07 2,782 a------- c:\windows\system32\11bdzir1519.dll
2009-06-04 19:21 15,612 a------- c:\windows\c5bthr9zt7622.exe
2009-06-03 14:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-02 20:49 4,222 a------- c:\windows\system32\22a295dwzre8.exe
2009-06-01 06:37 18,432 a------- c:\windows\system32\515czhr9at5597.dll
2009-05-28 11:19 6,734 a------- c:\windows\z0703hack5ool369.dll
2009-05-26 00:10 8,833 a------- c:\windows\1686spamzot915.dll
2009-03-25 12:21 32,768 a--sh--- c:\windows\system32\config\systemprofile\local

settings\history\history.ie5\mshist012009031620090323\index.dat
2009-03-25 12:21 32,768 a--sh--- c:\windows\system32\config\systemprofile\local

settings\history\history.ie5\mshist012009032520090326\index.dat

============= FINISH: 11:39:17.34 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:24 AM

Posted 23 August 2009 - 02:36 PM

Hello johnfull and welcome to BC forums.

Your DDS log shows many, many suspect files, some from as far back as May. It may reach a point where you'll be advised to wipe the system and reload Windows fresh !

You will want to print out or copy these instructions to Notepad for Safe Mode/offline reference!
Posted Image
If you are a casual viewer, do NOT try this on your system!
If you are not johnfull and have a similar problem, do NOT post here; start your own topic


Do not run or start any other programs while these utilities and tools are in use!
Posted Image Do NOT run any other tools on your own or do any fixes other than what is listed here.
If you have questions, please ask before you do something on your own.
But it is important that you get going on these following steps.
=
Close any of your open programs while you run these tools.

Please do the following:
1. Go >> Here << and download ERUNT
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
2. Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
3. Start ERUNT
(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
4. Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).
5. Make sure that at least the first two check boxes are ticked
6. Press OK
7. Press YES to create the folder.

=

1. Set Windows to show all files and all folders.
On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.
Next, un-check Hide extensions for known file types.
Next un-check Hide protected operating system files.

=
Important! => Open Notepad > Click on Format > Uncheck Word wrap, if checked. Exit Notepad.

Next, Download The Avenger by Swandog46 from here.
  • Unzip/extract it to a folder on your desktop.
  • Double click on avenger.exe to run The Avenger.
  • Click OK.
  • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
  • Copy all of the text in the below textbox to the clibpboard by highlighting it and then pressing Ctrl+C.
    Files to delete:
     c:\Documents and Settings\All Users\Application Data\7c69f0c
     c:\Documents and Settings\All Users\Application Data\7c69f0c\MCatcher.exe
     c:\Documents and Settings\All Users\Application Data\7c69f0c\SystemFeed
     c:\Documents and Settings\All Users\Application Data\7c69f0c\SystemFeed\vd952342.bd
     c:\Documents and Settings\All Users\Application Data\SystemFeed
     c:\Documents and Settings\All Users\Application Data\SystemFeed\mctch.ini
     
     Drivers to delete:
     Malware Catcher 2009
     
     Folders to delete:
     C:\Resycled
     D:\Resycled
     E:\Resycled
     F:\Resycled
     G:\Resycled
     H:\Resycled
     I:\Resycled
  • In the avenger window, click the Paste Script from Clipboard icon, Posted Image button.
  • :!: Make sure that what appears in Avenger matches exactly what you were asked to Copy/Paste from the Code box above.
  • Click the Execute button.
  • You will be asked Are you sure you want to execute the current script?.
  • Click Yes.
  • You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
  • Click Yes.
  • Your PC will now be rebooted.
  • Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
  • If that is the case, it will force a BSOD on the first reboot. This is normal & expected behaviour.
  • After your PC has completed the necessary reboots, a log should automatically open. Please copy/paste the contents of c:\avenger.txt into your next reply.
=

Doubleclick RootRepeal.exe icon on your Desktop.
Click on the Report tab at bottom of window and then click on Scan button.

A Windows will open asking what to include in the scan. Check all of the below and then click Ok.

Drivers
Files
Processes
SSDT
Hidden Services
Stealth Objects


You will then be asked which drive to scan.
Check C: (or the drive your operating system is installed on if not C) and click Ok again.
The scan will start.
It will take a little while so please be patient. When the scan has finished, click on Save Report.
Name the log RootRepeal.txt and save it to your Documents folder (it should default there).
When you have done this, please copy and paste it in this thread.

Reply with copy of C:\Avenger.txt
and RootRepeal.txt

There will be much more to do after this.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.
Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You'll likely have to do more than 1 reply.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#3 johnfull

johnfull
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 23 August 2009 - 07:35 PM

Thank you Maurice,

Here is a copy of C:\Avenger.txt and RootRepeal.txt -

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "c:\Documents and Settings\All Users\Application Data\7c69f0c" not found!
Deletion of file "c:\Documents and Settings\All Users\Application Data\7c69f0c" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open file "c:\Documents and Settings\All Users\Application Data\7c69f0c\MCatcher.exe"
Deletion of file "c:\Documents and Settings\All Users\Application Data\7c69f0c\MCatcher.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open file "c:\Documents and Settings\All Users\Application Data\7c69f0c\SystemFeed"
Deletion of file "c:\Documents and Settings\All Users\Application Data\7c69f0c\SystemFeed" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open file "c:\Documents and Settings\All Users\Application Data\7c69f0c\SystemFeed\vd952342.bd"
Deletion of file "c:\Documents and Settings\All Users\Application Data\7c69f0c\SystemFeed\vd952342.bd" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: file "c:\Documents and Settings\All Users\Application Data\SystemFeed" not found!
Deletion of file "c:\Documents and Settings\All Users\Application Data\SystemFeed" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open file "c:\Documents and Settings\All Users\Application Data\SystemFeed\mctch.ini"
Deletion of file "c:\Documents and Settings\All Users\Application Data\SystemFeed\mctch.ini" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\Malware Catcher 2009" not found!
Deletion of driver "Malware Catcher 2009" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: folder "C:\Resycled" not found!
Deletion of folder "C:\Resycled" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open folder "D:\Resycled"
Deletion of folder "D:\Resycled" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open folder "E:\Resycled"
Deletion of folder "E:\Resycled" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open folder "F:\Resycled"
Deletion of folder "F:\Resycled" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open folder "G:\Resycled"
Deletion of folder "G:\Resycled" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open folder "H:\Resycled"
Deletion of folder "H:\Resycled" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open folder "I:\Resycled"
Deletion of folder "I:\Resycled" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Completed script processing.

*******************

Finished! Terminate.


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/23 19:28
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF3C22000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8CB6000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF1049000 Size: 49152 File Visible: No Signed: -
Status: -

Name: sgooegsc.sys
Image Path: sgooegsc.sys
Address: 0xF8776000 Size: 61440 File Visible: No Signed: -
Status: -

==EOF==

#4 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:24 AM

Posted 24 August 2009 - 12:22 PM

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe
  • Close all open windows on the Task Bar. Click the icon (for Vista, right click the icon and Run as Administrator) to start the program.
  • In the lower right corner of the Top Panel, checkmark "LOP Check" and checkmark "Purity Check".
  • Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  • It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  • Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  • Exit OTL by clicking the X at top right.
Download Security Check by screen317 and save it to your Desktop: here or here
  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!
Posted Image If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

Then copy/paste the following into your post (in order):
  • the contents of OTL.txt
  • Extras.txt
  • and checkup.txt
Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.
Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#5 johnfull

johnfull
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 24 August 2009 - 02:59 PM

Again Maurice, thank you -

Here are the results:
•the contents of OTL.txt
•Extras.txt
•and checkup.txt

OTL logfile created on: 8/24/2009 2:37:20 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.98 Mb Total Physical Memory | 261.73 Mb Available Physical Memory | 51.22% Memory free
1.22 Gb Paging File | 0.92 Gb Available in Paging File | 75.81% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 28.32 Gb Free Space | 76.01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GUEST1-Z795T3H2
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2005/08/09 22:29:40 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2009/07/02 17:36:52 | 00,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2005/08/09 22:29:40 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/07/26 08:23:42 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2009/08/06 13:13:46 | 01,046,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2008/07/26 08:25:36 | 00,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/06/24 03:51:12 | 00,803,176 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi.exe
PRC - [2003/08/29 19:05:35 | 00,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 00,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe
PRC - [2008/07/26 08:23:42 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2009/08/24 14:28:01 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (AFFUDMWR [On_Demand | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005/08/09 22:29:40 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - File not found -- -- (DFCVOPD [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2007/11/06 21:16:54 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running])
SRV - [2007/11/06 21:16:54 | 00,139,264 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running])
SRV - [2008/07/26 08:23:42 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer [Auto | Running])
SRV - [2008/07/26 08:25:36 | 00,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv [Auto | Running])
SRV - [2009/07/02 17:36:52 | 00,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc [Auto | Running])
SRV - [2006/11/08 16:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Stopped])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/11/08 16:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Stopped])
SRV - File not found -- -- (SAIBSAXPIZFFIMVK [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2001/08/17 07:19:48 | 00,174,464 | ---- | M] (ESS Technology, Inc.) -- C:\WINDOWS\System32\drivers\es198x.sys -- (allegro [On_Demand | Running])
DRV - [2005/08/09 22:35:42 | 01,273,856 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2008/02/27 13:49:00 | 00,003,840 | ---- | M] () -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt [System | Running])
DRV - [2001/08/17 07:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2007/10/30 04:25:53 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2007/10/30 04:25:54 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2007/10/30 04:25:55 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2008/07/26 08:25:02 | 00,025,624 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys -- (LVPr2Mon [On_Demand | Running])
DRV - [2008/07/26 10:25:48 | 00,627,864 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\System32\DRIVERS\lvrs.sys -- (LVRS [On_Demand | Stopped])
DRV - [2008/07/26 10:26:22 | 00,041,752 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Stopped])
DRV - [2009/06/18 18:48:04 | 00,142,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\MpFilter.sys -- (MpFilter [System | Running])
DRV - [2008/07/26 10:22:22 | 00,013,848 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\System32\DRIVERS\lv302af.sys -- (pepifilter [On_Demand | Stopped])
DRV - [2008/07/26 10:22:34 | 02,570,520 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\System32\DRIVERS\LV302V32.SYS -- (PID_PEPI [On_Demand | Stopped])
DRV - [2009/06/17 07:20:34 | 00,012,648 | ---- | M] (Secunia) -- C:\WINDOWS\System32\DRIVERS\psi_mf.sys -- (PSI [On_Demand | Running])
DRV - [2003/07/16 11:36:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/04/13 11:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2001/08/17 13:53:32 | 00,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\serscan.sys -- (StillCam [On_Demand | Running])
DRV - [2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2002/08/28 17:59:26 | 00,154,624 | ---- | M] (Lucent Technologies) -- C:\WINDOWS\System32\DRIVERS\wlluc48.sys -- (wlluc48 [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.net
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.net
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/22 11:14:57 | 00,000,000 | ---D | M]


O1 HOSTS File: (1108 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 74.125.45.100 test1111.com
O1 - Hosts: 74.125.45.100 test1112.com
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [DWQueuedReporting] c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SBAutoUpdate] C:\Program Files\SpywareBlaster\sbautoupdate.exe ()
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (Secunia)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: 26 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1245341148153 (MUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/16 19:28:20 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[6 C:\WINDOWS\*.tmp files]
[2009/12/28 15:42:47 | 00,016,854 | ---- | C] () -- C:\WINDOWS\1e6dd5wnl9adez2254.ocx
[2009/12/27 15:57:35 | 00,007,317 | ---- | C] () -- C:\WINDOWS\System32\4a76spz5se9421.cpl
[2009/12/26 06:13:15 | 00,014,080 | ---- | C] () -- C:\WINDOWS\System32\120ethi9f56z9.ocx
[2009/12/23 02:30:04 | 00,010,561 | ---- | C] () -- C:\WINDOWS\1z7649roj295.ocx
[2009/12/22 03:01:42 | 00,016,837 | ---- | C] () -- C:\WINDOWS\System32\799bvzr22335.bin
[2009/12/20 19:52:47 | 00,014,683 | ---- | C] () -- C:\WINDOWS\System32\49d2s9a5ze2715.exe
[2009/12/20 12:50:26 | 00,003,637 | ---- | C] () -- C:\WINDOWS\48z8thief5967.exe
[2009/12/18 04:27:59 | 00,013,241 | ---- | C] () -- C:\WINDOWS\5f329ackd5zr3185.ocx
[2009/12/17 05:06:42 | 00,006,138 | ---- | C] () -- C:\WINDOWS\13904no5-a-vzrus55e9.cpl
[2009/12/15 22:13:03 | 00,009,514 | ---- | C] () -- C:\WINDOWS\System32\19338not-5-viruse5z.cpl
[2009/12/15 16:34:30 | 00,011,874 | ---- | C] () -- C:\WINDOWS\4z52vir1093.cpl
[2009/12/13 14:28:26 | 00,002,993 | ---- | C] () -- C:\WINDOWS\System32\37339py54z.dll
[2009/12/13 04:24:51 | 00,013,252 | ---- | C] () -- C:\WINDOWS\5019threa9z3159.cpl
[2009/12/12 15:26:48 | 00,006,918 | ---- | C] () -- C:\WINDOWS\System32\53c7th9zf145.exe
[2009/12/10 19:01:25 | 00,004,022 | ---- | C] () -- C:\WINDOWS\System32\21d9vir598z.cpl
[2009/12/09 19:41:02 | 00,006,947 | ---- | C] () -- C:\WINDOWS\27de5hzeat7904.ocx
[2009/12/09 13:48:53 | 00,011,383 | ---- | C] () -- C:\WINDOWS\System32\13135n5t-a9vizus3a2.ocx
[2009/12/08 03:00:33 | 00,011,853 | ---- | C] () -- C:\WINDOWS\73845p9rse1z32.cpl
[2009/12/07 06:37:57 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\43e1spars95z68.ocx
[2009/12/06 02:43:35 | 00,005,818 | ---- | C] () -- C:\WINDOWS\System32\51ads5a9ze2738.ocx
[2009/12/05 03:42:36 | 00,013,356 | ---- | C] () -- C:\WINDOWS\System32\921z9py4b15.bin
[2009/12/03 23:03:59 | 00,014,218 | ---- | C] () -- C:\WINDOWS\7292vir5sz94.bin
[2009/12/01 04:30:49 | 00,003,114 | ---- | C] () -- C:\WINDOWS\7ee9th5eaz3524.dll
[2009/11/28 02:54:22 | 00,016,515 | ---- | C] () -- C:\WINDOWS\555c9hreat30z7.dll
[2009/11/27 12:26:04 | 00,007,115 | ---- | C] () -- C:\WINDOWS\System32\16725spyzd9.ocx
[2009/11/26 20:22:56 | 00,003,432 | ---- | C] () -- C:\WINDOWS\19055wozm323.cpl
[2009/11/24 18:29:05 | 00,012,901 | ---- | C] () -- C:\WINDOWS\4747v5rus439z.exe
[2009/11/23 21:50:11 | 00,013,497 | ---- | C] () -- C:\WINDOWS\System32\3974spamb9tz85.ocx
[2009/11/23 20:09:01 | 00,003,796 | ---- | C] () -- C:\WINDOWS\79des5yz9re270.exe
[2009/11/23 05:35:08 | 00,010,952 | ---- | C] () -- C:\WINDOWS\System32\31959worm495z.ocx
[2009/11/23 00:36:07 | 00,007,661 | ---- | C] () -- C:\WINDOWS\System32\z993spa95ot6a0.dll
[2009/11/22 22:57:00 | 00,004,068 | ---- | C] () -- C:\WINDOWS\System32\6ddf5par9z188.dll
[2009/11/22 17:12:27 | 00,012,463 | ---- | C] () -- C:\WINDOWS\96311zpambo51c6.exe
[2009/11/18 13:01:17 | 00,005,897 | ---- | C] () -- C:\WINDOWS\System32\26141n5t-a-virus119z.ocx
[2009/11/16 12:53:43 | 00,005,568 | ---- | C] () -- C:\WINDOWS\System32\98567spa5bot1a0z.bin
[2009/11/16 04:39:03 | 00,006,923 | ---- | C] () -- C:\WINDOWS\180z35orm479.ocx
[2009/11/15 23:43:35 | 00,005,255 | ---- | C] () -- C:\WINDOWS\System32\3cf75zdware9711.dll
[2009/11/15 17:29:58 | 00,009,412 | ---- | C] () -- C:\WINDOWS\System32\4z75th95f435.exe
[2009/11/14 12:16:10 | 00,012,386 | ---- | C] () -- C:\WINDOWS\System32\3z5spywa9e15925.dll
[2009/11/14 07:48:20 | 00,005,201 | ---- | C] () -- C:\WINDOWS\20469s9y3z5.ocx
[2009/11/14 06:39:00 | 00,012,120 | ---- | C] () -- C:\WINDOWS\System32\36b9th9efz8125.ocx
[2009/11/12 12:59:20 | 00,013,148 | ---- | C] () -- C:\WINDOWS\6z39addware29015.ocx
[2009/11/10 16:10:58 | 00,014,695 | ---- | C] () -- C:\WINDOWS\408edow5lo9der2z85.exe
[2009/11/09 13:40:28 | 00,005,319 | ---- | C] () -- C:\WINDOWS\7ad0bacz5oo91409.dll
[2009/11/06 05:09:59 | 00,015,247 | ---- | C] () -- C:\WINDOWS\System32\1z945s596e0.exe
[2009/11/04 09:54:57 | 00,005,203 | ---- | C] () -- C:\WINDOWS\29768szy59f5.dll
[2009/11/04 09:50:10 | 00,009,118 | ---- | C] () -- C:\WINDOWS\System32\2012h9cktool580z.cpl
[2009/11/03 22:13:00 | 00,013,030 | ---- | C] () -- C:\WINDOWS\System32\2285stz9l8225.exe
[2009/11/03 00:40:43 | 00,006,498 | ---- | C] () -- C:\WINDOWS\System32\15151sp95cz.dll
[2009/10/25 23:56:00 | 00,018,372 | ---- | C] () -- C:\WINDOWS\System32\29569sp9517z.bin
[2009/10/25 12:27:17 | 00,007,064 | ---- | C] () -- C:\WINDOWS\System32\2395t9i5f153z.dll
[2009/10/23 19:20:29 | 00,007,614 | ---- | C] () -- C:\WINDOWS\System32\5ee0tz9e51026.bin
[2009/10/23 15:28:20 | 00,017,295 | ---- | C] () -- C:\WINDOWS\z74fthief25939.cpl
[2009/10/23 05:03:04 | 00,006,904 | ---- | C] () -- C:\WINDOWS\System32\7d90zteal25575.dll
[2009/10/22 20:53:56 | 00,012,285 | ---- | C] () -- C:\WINDOWS\System32\37775r9j5zb.exe
[2009/10/18 13:32:39 | 00,003,272 | ---- | C] () -- C:\WINDOWS\99536spzm5ot95.dll
[2009/10/15 21:24:53 | 00,002,864 | ---- | C] () -- C:\WINDOWS\System32\15z71troj1e89.exe
[2009/10/14 22:14:18 | 00,005,603 | ---- | C] () -- C:\WINDOWS\System32\14116not-a-59rus4az.dll
[2009/10/14 12:18:29 | 00,006,815 | ---- | C] () -- C:\WINDOWS\e639pars5670z.exe
[2009/10/14 06:54:13 | 00,003,757 | ---- | C] () -- C:\WINDOWS\System32\1793addwar5z917.cpl
[2009/10/13 15:21:12 | 00,012,091 | ---- | C] () -- C:\WINDOWS\50289not-a-virus527z.cpl
[2009/10/13 14:50:52 | 00,003,623 | ---- | C] () -- C:\WINDOWS\System32\3567s9azse27745.dll
[2009/10/13 09:54:07 | 00,006,136 | ---- | C] () -- C:\WINDOWS\System32\3569addw59e17z3.ocx
[2009/10/11 00:30:21 | 00,002,776 | ---- | C] () -- C:\WINDOWS\System32\94289no5za-virus324.cpl
[2009/10/09 21:53:36 | 00,004,457 | ---- | C] () -- C:\WINDOWS\System32\217zs5eal2295.dll
[2009/10/09 09:42:04 | 00,016,448 | ---- | C] () -- C:\WINDOWS\c1fdo5nl9azer188.bin
[2009/10/09 08:39:05 | 00,010,779 | ---- | C] () -- C:\WINDOWS\31790nzt-9-v5rus582.cpl
[2009/10/08 14:01:13 | 00,012,337 | ---- | C] () -- C:\WINDOWS\System32\d95viz181.bin
[2009/10/08 00:24:20 | 00,003,460 | ---- | C] () -- C:\WINDOWS\System32\589z7sp9567.ocx
[2009/10/07 17:35:42 | 00,018,183 | ---- | C] () -- C:\WINDOWS\593dtzrea510995.ocx
[2009/10/06 03:40:33 | 00,009,043 | ---- | C] () -- C:\WINDOWS\System32\39fat5reat647z.dll
[2009/10/05 02:53:15 | 00,011,665 | ---- | C] () -- C:\WINDOWS\System32\9f95stezl142.bin
[2009/10/05 02:48:52 | 00,005,570 | ---- | C] () -- C:\WINDOWS\353z5h9cktool728.ocx
[2009/10/02 04:07:40 | 00,004,118 | ---- | C] () -- C:\WINDOWS\14984sp59boz6c9.ocx
[2009/09/28 08:00:40 | 00,004,467 | ---- | C] () -- C:\WINDOWS\1468h9c5tooz689.dll
[2009/09/27 16:52:28 | 00,003,596 | ---- | C] () -- C:\WINDOWS\9956t5ief76z.dll
[2009/09/23 02:50:29 | 00,003,219 | ---- | C] () -- C:\WINDOWS\System32\4bbbspyware189z5.bin
[2009/09/22 13:18:29 | 00,010,319 | ---- | C] () -- C:\WINDOWS\System32\z6524spy9ef.ocx
[2009/09/22 07:58:17 | 00,011,211 | ---- | C] () -- C:\WINDOWS\System32\4z9395ief2171.bin
[2009/09/21 18:03:12 | 00,008,491 | ---- | C] () -- C:\WINDOWS\5acezddware9064.ocx
[2009/09/20 06:44:17 | 00,003,057 | ---- | C] () -- C:\WINDOWS\z9656t5oj40c9.dll
[2009/09/19 23:19:41 | 00,010,104 | ---- | C] () -- C:\WINDOWS\System32\2535spaz5ot229.exe
[2009/09/19 11:51:05 | 00,010,834 | ---- | C] () -- C:\WINDOWS\System32\369zhackto9l5b3.bin
[2009/09/19 04:50:10 | 00,007,751 | ---- | C] () -- C:\WINDOWS\System32\3479ste5z2010.ocx
[2009/09/16 07:45:08 | 00,006,202 | ---- | C] () -- C:\WINDOWS\System32\29884not-a-vir597z.ocx
[2009/09/13 21:35:15 | 00,002,768 | ---- | C] () -- C:\WINDOWS\z2915worm508.dll
[2009/09/12 08:23:26 | 00,016,681 | ---- | C] () -- C:\WINDOWS\1z9baddwar91258.cpl
[2009/09/12 08:08:44 | 00,008,604 | ---- | C] () -- C:\WINDOWS\165639ac5tool7b3z.bin
[2009/09/11 15:22:31 | 00,006,693 | ---- | C] () -- C:\WINDOWS\System32\1a95steal536z.bin
[2009/09/10 19:10:05 | 00,004,326 | ---- | C] () -- C:\WINDOWS\3850ad9z5re149.bin
[2009/09/10 14:15:57 | 00,008,982 | ---- | C] () -- C:\WINDOWS\System32\42c99iz2285.exe
[2009/09/10 09:31:18 | 00,015,024 | ---- | C] () -- C:\WINDOWS\7b15spars96z8.exe
[2009/09/06 13:48:26 | 00,016,507 | ---- | C] () -- C:\WINDOWS\5dbzsteal3597.exe
[2009/09/02 01:44:02 | 00,009,823 | ---- | C] () -- C:\WINDOWS\5879spamb9z794.cpl
[2009/09/01 00:09:08 | 00,011,840 | ---- | C] () -- C:\WINDOWS\System32\15226sp9mbot6z3.cpl
[2009/08/31 23:06:15 | 00,016,479 | ---- | C] () -- C:\WINDOWS\System32\18446h9cktzol50e.exe
[2009/08/27 22:13:10 | 00,016,056 | ---- | C] () -- C:\WINDOWS\System32\6ab9azd9are5937.cpl
[2009/08/27 11:11:59 | 00,006,421 | ---- | C] () -- C:\WINDOWS\System32\46a2threat919z35.ocx
[2009/08/27 05:46:09 | 00,007,540 | ---- | C] () -- C:\WINDOWS\System32\192519zr519b.dll
[2009/08/26 20:37:30 | 00,009,553 | ---- | C] () -- C:\WINDOWS\System32\32957hazktool1f.ocx
[2009/08/25 04:02:36 | 00,003,802 | ---- | C] () -- C:\WINDOWS\20499worm68z5.exe
[2009/08/24 14:29:27 | 00,838,360 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SecurityCheck.exe
[2009/08/24 14:27:46 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/08/23 19:12:55 | 00,000,000 | ---D | C] -- C:\Avenger
[2009/08/23 19:08:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\avenger
[2009/08/23 19:02:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/08/23 19:01:38 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2009/08/23 19:01:38 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2009/08/23 19:01:35 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/08/23 18:56:38 | 00,724,952 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\avenger.zip
[2009/08/23 18:48:06 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Administrator\Desktop\erunt-setup.exe
[2009/08/23 12:29:06 | 00,000,015 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\settings.dat
[2009/08/23 12:22:47 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Administrator\Desktop\RootRepeal.exe
[2009/08/23 04:18:44 | 00,010,999 | ---- | C] () -- C:\WINDOWS\System32\1e41sparsz29599.cpl
[2009/08/21 20:37:03 | 00,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/08/21 20:15:36 | 00,012,761 | ---- | C] () -- C:\WINDOWS\5b39spars925z95.cpl
[2009/08/21 17:58:26 | 00,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2009/08/21 17:58:24 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2009/08/21 17:56:49 | 00,000,000 | ---D | C] -- C:\5f807059a6ff85bdb64a6e1d36c47f4b
[2009/08/21 17:33:35 | 00,000,000 | ---D | C] -- C:\209170f20bc7f5ca1e
[2009/08/21 16:54:07 | 07,876,240 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Desktop\mssefullinstall-x86fre-en-us-xp.exe
[2009/08/21 10:37:31 | 00,004,462 | ---- | C] () -- C:\WINDOWS\362z5ir9102.exe
[2009/08/20 18:16:54 | 00,002,564 | ---- | C] () -- C:\WINDOWS\3075znot-a-viru95d1.exe
[2009/08/17 21:51:24 | 00,013,265 | ---- | C] () -- C:\WINDOWS\System32\7972tzief253.exe
[2009/08/17 06:48:06 | 00,015,349 | ---- | C] () -- C:\WINDOWS\3cezthreat29905.ocx
[2009/08/12 07:19:04 | 00,008,151 | ---- | C] () -- C:\WINDOWS\3899zo5-a-virus684.bin
[2009/08/12 06:48:02 | 00,007,587 | ---- | C] () -- C:\WINDOWS\System32\15190viruz942.bin
[2009/08/11 22:56:57 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll
[2009/08/11 22:56:00 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2009/08/11 05:54:05 | 00,007,872 | ---- | C] () -- C:\WINDOWS\5fb9backdo5z9956.cpl
[2009/08/11 02:43:53 | 00,012,555 | ---- | C] () -- C:\WINDOWS\System32\5932downlza9er437.dll
[2009/08/10 16:18:14 | 00,007,570 | ---- | C] () -- C:\WINDOWS\3533zvi9us162.dll
[2009/08/09 18:40:12 | 00,012,245 | ---- | C] () -- C:\WINDOWS\159zworm95f.ocx
[2009/08/08 14:07:07 | 00,006,271 | ---- | C] () -- C:\WINDOWS\82489zy6ff5.dll
[2009/08/07 17:55:53 | 00,006,003 | ---- | C] () -- C:\WINDOWS\8655spambo91fz.dll
[2009/08/06 21:44:15 | 00,011,860 | ---- | C] () -- C:\WINDOWS\System32\3185sp9rse4z1.cpl
[2009/08/05 04:01:48 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2009/07/27 16:05:32 | 06,568,480 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware.exe
[2009/07/27 06:33:30 | 00,017,181 | ---- | C] () -- C:\WINDOWS\System32\4bffspzware24759.bin
[2009/07/20 13:27:05 | 00,014,307 | ---- | C] () -- C:\WINDOWS\System32\baeth5efz9.dll
[2009/07/19 13:14:56 | 00,007,296 | ---- | C] () -- C:\WINDOWS\System32\18920not-5-vir9s1z5.dll
[2009/07/15 22:15:28 | 00,011,442 | ---- | C] () -- C:\WINDOWS\System32\22493worm4z5.dll
[2009/07/01 23:24:19 | 00,012,086 | ---- | C] () -- C:\WINDOWS\2408do9nloadez3555.dll
[2009/06/23 18:06:26 | 00,013,899 | ---- | C] () -- C:\WINDOWS\5d7asz9al722.dll
[2009/06/23 18:06:26 | 00,002,806 | ---- | C] () -- C:\WINDOWS\System32\2671ztr9j3f5.dll
[2009/06/23 18:06:25 | 00,018,065 | ---- | C] () -- C:\WINDOWS\5z597v9rus451.dll
[2009/06/23 18:06:25 | 00,012,130 | ---- | C] () -- C:\WINDOWS\System32\35d5thi9f32z5.dll
[2009/06/23 18:06:25 | 00,011,045 | ---- | C] () -- C:\WINDOWS\System32\18721not9a-vizu5f.dll
[2009/06/23 18:06:25 | 00,003,487 | ---- | C] () -- C:\WINDOWS\System32\1b59viz2929.dll
[2009/06/23 18:06:24 | 00,013,636 | ---- | C] () -- C:\WINDOWS\System32\52btzr9at29613.dll
[2009/06/23 18:06:23 | 00,014,512 | ---- | C] () -- C:\WINDOWS\4dbdvi5969z.dll
[2009/06/23 18:06:20 | 00,003,198 | ---- | C] () -- C:\WINDOWS\5d9aspzrse2259.dll
[2009/06/23 18:06:19 | 00,017,153 | ---- | C] () -- C:\WINDOWS\59d8azd9are3132.dll
[2009/06/23 18:06:17 | 00,014,820 | ---- | C] () -- C:\WINDOWS\151z9viru5490.dll
[2009/06/23 18:06:12 | 00,011,235 | ---- | C] () -- C:\WINDOWS\154119zy6c4.dll
[2009/06/23 18:06:10 | 00,010,776 | ---- | C] () -- C:\WINDOWS\System32\16195ir1279z.dll
[2009/06/23 18:06:10 | 00,008,333 | ---- | C] () -- C:\WINDOWS\System32\3469do5nloader2z10.dll
[2009/06/23 18:06:10 | 00,006,584 | ---- | C] () -- C:\WINDOWS\System32\z79425orm387.dll
[2009/06/23 18:06:10 | 00,002,553 | ---- | C] () -- C:\WINDOWS\1959ztro95745.dll
[2009/06/21 16:56:52 | 00,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/06/21 10:26:26 | 00,007,553 | ---- | C] () -- C:\WINDOWS\57z259irus3da.dll
[2009/06/20 14:29:01 | 00,008,542 | ---- | C] () -- C:\WINDOWS\System32\2aczdo9nloader3155.dll
[2009/06/19 13:12:21 | 00,011,102 | ---- | C] () -- C:\WINDOWS\56936not-a-virus7fz.dll
[2009/06/18 21:04:52 | 00,013,372 | ---- | C] () -- C:\WINDOWS\490ddown5oader1z9.dll
[2009/06/18 10:13:30 | 00,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009/06/18 09:28:19 | 00,003,559 | ---- | C] () -- C:\WINDOWS\System32\2d7bba9kzoor1465.dll
[2009/06/17 15:01:15 | 00,013,301 | ---- | C] () -- C:\WINDOWS\2ed6spar9z6305.dll
[2009/06/17 06:44:18 | 00,006,595 | ---- | C] () -- C:\WINDOWS\1z7cvi522239.dll
[2009/06/09 06:48:47 | 00,005,160 | ---- | C] () -- C:\WINDOWS\31969worm254z.dll
[2009/06/08 19:23:24 | 00,002,610 | ---- | C] () -- C:\WINDOWS\7d4z95arse444.dll
[2009/06/04 20:07:50 | 00,002,782 | ---- | C] () -- C:\WINDOWS\System32\11bdzir1519.dll
[2009/06/01 06:37:08 | 00,018,432 | ---- | C] () -- C:\WINDOWS\System32\515czhr9at5597.dll
[2009/05/28 11:19:24 | 00,006,734 | ---- | C] () -- C:\WINDOWS\z0703hack5ool369.dll
[2009/05/26 00:10:49 | 00,008,833 | ---- | C] () -- C:\WINDOWS\1686spamzot915.dll
[2009/05/19 17:50:07 | 00,007,801 | ---- | C] () -- C:\WINDOWS\22481tzoj3b95.dll
[2009/05/17 11:16:43 | 00,009,620 | ---- | C] () -- C:\WINDOWS\5c9b5hief2505z.dll
[2009/05/14 18:43:16 | 00,008,398 | ---- | C] () -- C:\WINDOWS\45c59hreatz2278.dll
[2009/05/12 11:12:19 | 00,005,971 | ---- | C] () -- C:\WINDOWS\6655bac9dozr237.dll
[2009/05/12 03:58:20 | 00,009,409 | ---- | C] () -- C:\WINDOWS\System32\457bzi517749.dll
[2009/05/08 11:52:21 | 00,018,309 | ---- | C] () -- C:\WINDOWS\System32\5795zro5930.dll
[2009/04/30 19:35:40 | 00,011,088 | ---- | C] () -- C:\WINDOWS\9z653troj553.dll
[2009/04/19 21:34:27 | 00,011,027 | ---- | C] () -- C:\WINDOWS\System32\25599not-a-5irus59z9.dll
[2009/04/17 13:22:47 | 00,006,511 | ---- | C] () -- C:\WINDOWS\6c6dbaz9door5517.dll
[2009/04/12 09:23:36 | 00,018,240 | ---- | C] () -- C:\WINDOWS\System32\ce45pyware1z89.dll
[2009/04/12 00:19:41 | 00,002,967 | ---- | C] () -- C:\WINDOWS\System32\5b67backdz952385.dll
[2009/03/27 09:06:46 | 00,012,777 | ---- | C] () -- C:\WINDOWS\System32\60f6spazse16059.dll
[2009/03/25 13:49:31 | 00,014,766 | ---- | C] () -- C:\WINDOWS\6202d9wn5oadzr1802.dll
[2009/03/18 14:53:56 | 00,003,905 | ---- | C] () -- C:\WINDOWS\System32\30990w5rm45z.dll
[2009/03/12 13:45:16 | 00,004,010 | ---- | C] () -- C:\WINDOWS\571z5spy96a.dll
[2009/03/10 10:33:51 | 00,017,807 | ---- | C] () -- C:\WINDOWS\59e0s5za91967.dll
[2009/03/08 20:44:36 | 00,007,031 | ---- | C] () -- C:\WINDOWS\System32\9594t5zeat25193.dll
[2009/02/25 23:53:55 | 00,016,576 | ---- | C] () -- C:\WINDOWS\9zddsp5ware2692.dll
[2009/02/15 00:53:04 | 00,007,904 | ---- | C] () -- C:\WINDOWS\System32\3fzvir99615.dll
[2009/02/09 06:05:45 | 00,011,249 | ---- | C] () -- C:\WINDOWS\z9595troj544.dll
[2009/02/06 21:43:21 | 00,008,821 | ---- | C] () -- C:\WINDOWS\7095threa519145z.dll
[2009/02/01 09:43:08 | 00,013,799 | ---- | C] () -- C:\WINDOWS\System32\3391spy5zre2584.dll
[2009/01/24 01:33:33 | 00,002,673 | ---- | C] () -- C:\WINDOWS\System32\z2898hack5oo921c.dll
[2009/01/21 09:47:27 | 00,015,497 | ---- | C] () -- C:\WINDOWS\System32\26adb5ckd9orz62.dll
[2009/01/13 19:26:50 | 00,008,407 | ---- | C] () -- C:\WINDOWS\System32\793zspy591.dll
[2009/01/13 11:26:34 | 00,017,137 | ---- | C] () -- C:\WINDOWS\System32\6928bzc5door2158.dll
[2009/01/04 02:21:21 | 00,015,905 | ---- | C] () -- C:\WINDOWS\System32\665adzwar91342.dll
[2008/12/19 23:48:31 | 00,002,585 | ---- | C] () -- C:\WINDOWS\System32\1c95backdozr5795.dll
[2008/12/18 17:41:17 | 00,014,915 | ---- | C] () -- C:\WINDOWS\5899spzmb9t5785.dll
[2008/12/18 13:15:08 | 00,009,868 | ---- | C] () -- C:\WINDOWS\1964zp95d2.dll
[2008/11/29 21:23:52 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/11/28 04:30:41 | 00,005,490 | ---- | C] () -- C:\WINDOWS\9121za5kt9ol478.dll
[2008/11/28 02:43:10 | 00,011,091 | ---- | C] () -- C:\WINDOWS\System32\5d93szywar91988.dll
[2008/11/23 06:01:49 | 00,003,487 | ---- | C] () -- C:\WINDOWS\11940spazbo9675.dll
[2008/11/15 23:51:16 | 00,015,551 | ---- | C] () -- C:\WINDOWS\System32\1z596hacktoo945a.dll
[2008/11/13 02:19:11 | 00,012,410 | ---- | C] () -- C:\WINDOWS\System32\58z5worm3929.dll
[2008/11/11 14:07:25 | 00,017,104 | ---- | C] () -- C:\WINDOWS\4ebfspy5are191z.dll
[2008/11/01 20:24:27 | 00,016,115 | ---- | C] () -- C:\WINDOWS\System32\2f8spywarz15709.dll
[2008/10/25 11:01:37 | 00,008,297 | ---- | C] () -- C:\WINDOWS\31cf5own9oader14z6.dll
[2008/10/23 08:09:19 | 00,007,726 | ---- | C] () -- C:\WINDOWS\7349downzoader2566.dll
[2008/10/18 22:32:45 | 00,010,042 | ---- | C] () -- C:\WINDOWS\3219backdzor32685.dll
[2008/10/14 22:45:34 | 00,014,494 | ---- | C] () -- C:\WINDOWS\System32\z351wor91a5.dll
[2008/10/06 20:24:42 | 00,006,687 | ---- | C] () -- C:\WINDOWS\System32\693bba5zdoor1039.dll
[2008/10/03 00:24:17 | 00,018,123 | ---- | C] () -- C:\WINDOWS\System32\4108zownl5ader2598.dll
[2008/09/27 17:15:48 | 00,002,548 | ---- | C] () -- C:\WINDOWS\19321vzrus15b.dll
[2008/09/16 04:51:33 | 00,005,771 | ---- | C] () -- C:\WINDOWS\System32\9z8bb5ckdoor956.dll
[2008/09/14 20:13:20 | 00,012,361 | ---- | C] () -- C:\WINDOWS\195addw9re2z12.dll
[2008/09/04 03:43:59 | 00,007,748 | ---- | C] () -- C:\WINDOWS\System32\784095ckdoor153z.dll
[2008/08/25 21:11:56 | 00,006,340 | ---- | C] () -- C:\WINDOWS\System32\5z86steal6959.dll
[2008/08/25 05:13:58 | 00,008,493 | ---- | C] () -- C:\WINDOWS\5504szarse1569.dll
[2008/08/14 08:10:10 | 00,006,712 | ---- | C] () -- C:\WINDOWS\20242s9azbot55b.dll
[2008/08/03 03:25:46 | 00,014,012 | ---- | C] () -- C:\WINDOWS\5195ddwarez94.dll
[2008/08/02 21:11:00 | 00,008,501 | ---- | C] () -- C:\WINDOWS\7z49downloa5er211.dll
[2008/07/26 08:25:02 | 00,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/07/14 11:47:43 | 00,017,266 | ---- | C] () -- C:\WINDOWS\fd5azdware907.dll
[2008/06/23 06:05:21 | 00,011,499 | ---- | C] () -- C:\WINDOWS\System32\5c4ethre9t26982z.dll
[2008/06/11 18:50:27 | 00,007,026 | ---- | C] () -- C:\WINDOWS\System32\4425zh9ef2431.dll
[2008/05/15 14:48:38 | 00,007,993 | ---- | C] () -- C:\WINDOWS\System32\194downl5ader295z.dll
[2008/05/10 21:48:48 | 00,013,217 | ---- | C] () -- C:\WINDOWS\91z0st5al2395.dll
[2008/05/08 12:32:24 | 00,009,656 | ---- | C] () -- C:\WINDOWS\System32\25992sp5z92.dll
[2008/05/05 05:09:07 | 00,013,646 | ---- | C] () -- C:\WINDOWS\System32\z486spa5bot7f89.dll
[2008/05/05 01:06:16 | 00,012,631 | ---- | C] () -- C:\WINDOWS\15asparse2559z.dll
[2008/04/20 10:57:42 | 00,009,210 | ---- | C] () -- C:\WINDOWS\69z9sp5ware308.dll
[2008/04/19 05:21:27 | 00,015,146 | ---- | C] () -- C:\WINDOWS\1894559zktool16c.dll
[2008/04/07 22:37:00 | 00,016,272 | ---- | C] () -- C:\WINDOWS\25b9spywaze645.dll
[2008/04/06 12:16:47 | 00,017,688 | ---- | C] () -- C:\WINDOWS\System32\459fvirz9055.dll
[2008/03/23 06:03:51 | 00,005,726 | ---- | C] () -- C:\WINDOWS\System32\z4556wor9106.dll
[2008/03/22 15:25:38 | 00,003,294 | ---- | C] () -- C:\WINDOWS\55c8ste9lz035.dll
[2008/03/22 05:59:45 | 00,013,655 | ---- | C] () -- C:\WINDOWS\System32\27057no5-a9vzrus1f7.dll
[2008/03/13 13:23:49 | 00,005,182 | ---- | C] () -- C:\WINDOWS\z0136spa9b5t1a3.dll
[2008/03/10 23:51:29 | 00,003,039 | ---- | C] () -- C:\WINDOWS\System32\3z54addwa9e2520.dll
[2008/03/08 17:33:25 | 00,009,902 | ---- | C] () -- C:\WINDOWS\System32\4cbfth9e5t13993z.dll
[2008/02/27 12:02:12 | 00,005,650 | ---- | C] () -- C:\WINDOWS\System32\z4194s5y559.dll
[2008/02/17 00:02:22 | 00,017,640 | ---- | C] () -- C:\WINDOWS\60zcdown9oader2745.dll
[2008/02/13 17:27:13 | 00,013,737 | ---- | C] () -- C:\WINDOWS\7a735pars97z7.dll
[2008/02/03 00:55:49 | 00,016,791 | ---- | C] () -- C:\WINDOWS\System32\31355hackt5ol19z.dll
[2008/01/27 03:48:34 | 00,004,296 | ---- | C] () -- C:\WINDOWS\13937haczto5l2459.dll
[2008/01/11 12:29:51 | 00,011,314 | ---- | C] () -- C:\WINDOWS\9996v9rzs7875.dll
[2008/01/07 05:52:57 | 00,009,851 | ---- | C] () -- C:\WINDOWS\20d5b9ckz5or3229.dll
[2008/01/06 10:56:27 | 00,002,732 | ---- | C] () -- C:\WINDOWS\29a3z5r2454.dll
[2003/07/16 11:45:02 | 00,000,634 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/07/16 11:41:30 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
[2009/12/28 15:42:47 | 00,016,854 | ---- | M] () -- C:\WINDOWS\1e6dd5wnl9adez2254.ocx
[2009/12/27 15:57:35 | 00,007,317 | ---- | M] () -- C:\WINDOWS\System32\4a76spz5se9421.cpl
[2009/12/26 06:13:15 | 00,014,080 | ---- | M] () -- C:\WINDOWS\System32\120ethi9f56z9.ocx
[2009/12/23 02:30:04 | 00,010,561 | ---- | M] () -- C:\WINDOWS\1z7649roj295.ocx
[2009/12/22 03:01:42 | 00,016,837 | ---- | M] () -- C:\WINDOWS\System32\799bvzr22335.bin
[2009/12/20 19:52:47 | 00,014,683 | ---- | M] () -- C:\WINDOWS\System32\49d2s9a5ze2715.exe
[2009/12/20 12:50:26 | 00,003,637 | ---- | M] () -- C:\WINDOWS\48z8thief5967.exe
[2009/12/18 04:27:59 | 00,013,241 | ---- | M] () -- C:\WINDOWS\5f329ackd5zr3185.ocx
[2009/12/17 05:06:42 | 00,006,138 | ---- | M] () -- C:\WINDOWS\13904no5-a-vzrus55e9.cpl
[2009/12/15 22:13:03 | 00,009,514 | ---- | M] () -- C:\WINDOWS\System32\19338not-5-viruse5z.cpl
[2009/12/15 16:34:30 | 00,011,874 | ---- | M] () -- C:\WINDOWS\4z52vir1093.cpl
[2009/12/13 14:28:26 | 00,002,993 | ---- | M] () -- C:\WINDOWS\System32\37339py54z.dll
[2009/12/13 04:24:51 | 00,013,252 | ---- | M] () -- C:\WINDOWS\5019threa9z3159.cpl
[2009/12/12 15:26:48 | 00,006,918 | ---- | M] () -- C:\WINDOWS\System32\53c7th9zf145.exe
[2009/12/10 19:01:25 | 00,004,022 | ---- | M] () -- C:\WINDOWS\System32\21d9vir598z.cpl
[2009/12/09 19:41:02 | 00,006,947 | ---- | M] () -- C:\WINDOWS\27de5hzeat7904.ocx
[2009/12/09 13:48:53 | 00,011,383 | ---- | M] () -- C:\WINDOWS\System32\13135n5t-a9vizus3a2.ocx
[2009/12/08 03:00:33 | 00,011,853 | ---- | M] () -- C:\WINDOWS\73845p9rse1z32.cpl
[2009/12/07 06:37:57 | 00,005,824 | ---- | M] () -- C:\WINDOWS\System32\43e1spars95z68.ocx
[2009/12/06 02:43:35 | 00,005,818 | ---- | M] () -- C:\WINDOWS\System32\51ads5a9ze2738.ocx
[2009/12/05 03:42:36 | 00,013,356 | ---- | M] () -- C:\WINDOWS\System32\921z9py4b15.bin
[2009/12/03 23:03:59 | 00,014,218 | ---- | M] () -- C:\WINDOWS\7292vir5sz94.bin
[2009/12/01 04:30:49 | 00,003,114 | ---- | M] () -- C:\WINDOWS\7ee9th5eaz3524.dll
[2009/11/28 02:54:22 | 00,016,515 | ---- | M] () -- C:\WINDOWS\555c9hreat30z7.dll
[2009/11/27 12:26:04 | 00,007,115 | ---- | M] () -- C:\WINDOWS\System32\16725spyzd9.ocx
[2009/11/26 20:22:56 | 00,003,432 | ---- | M] () -- C:\WINDOWS\19055wozm323.cpl
[2009/11/24 18:29:05 | 00,012,901 | ---- | M] () -- C:\WINDOWS\4747v5rus439z.exe
[2009/11/23 21:50:11 | 00,013,497 | ---- | M] () -- C:\WINDOWS\System32\3974spamb9tz85.ocx
[2009/11/23 20:09:01 | 00,003,796 | ---- | M] () -- C:\WINDOWS\79des5yz9re270.exe
[2009/11/23 05:35:08 | 00,010,952 | ---- | M] () -- C:\WINDOWS\System32\31959worm495z.ocx
[2009/11/23 00:36:07 | 00,007,661 | ---- | M] () -- C:\WINDOWS\System32\z993spa95ot6a0.dll
[2009/11/22 22:57:00 | 00,004,068 | ---- | M] () -- C:\WINDOWS\System32\6ddf5par9z188.dll
[2009/11/22 17:12:27 | 00,012,463 | ---- | M] () -- C:\WINDOWS\96311zpambo51c6.exe
[2009/11/18 13:01:17 | 00,005,897 | ---- | M] () -- C:\WINDOWS\System32\26141n5t-a-virus119z.ocx
[2009/11/16 12:53:43 | 00,005,568 | ---- | M] () -- C:\WINDOWS\System32\98567spa5bot1a0z.bin
[2009/11/16 04:39:03 | 00,006,923 | ---- | M] () -- C:\WINDOWS\180z35orm479.ocx
[2009/11/15 23:43:35 | 00,005,255 | ---- | M] () -- C:\WINDOWS\System32\3cf75zdware9711.dll
[2009/11/15 17:29:58 | 00,009,412 | ---- | M] () -- C:\WINDOWS\System32\4z75th95f435.exe
[2009/11/14 12:16:10 | 00,012,386 | ---- | M] () -- C:\WINDOWS\System32\3z5spywa9e15925.dll
[2009/11/14 07:48:20 | 00,005,201 | ---- | M] () -- C:\WINDOWS\20469s9y3z5.ocx
[2009/11/14 06:39:00 | 00,012,120 | ---- | M] () -- C:\WINDOWS\System32\36b9th9efz8125.ocx
[2009/11/12 12:59:20 | 00,013,148 | ---- | M] () -- C:\WINDOWS\6z39addware29015.ocx
[2009/11/10 16:10:58 | 00,014,695 | ---- | M] () -- C:\WINDOWS\408edow5lo9der2z85.exe
[2009/11/09 13:40:28 | 00,005,319 | ---- | M] () -- C:\WINDOWS\7ad0bacz5oo91409.dll
[2009/11/06 05:09:59 | 00,015,247 | ---- | M] () -- C:\WINDOWS\System32\1z945s596e0.exe
[2009/11/04 09:54:57 | 00,005,203 | ---- | M] () -- C:\WINDOWS\29768szy59f5.dll
[2009/11/04 09:50:10 | 00,009,118 | ---- | M] () -- C:\WINDOWS\System32\2012h9cktool580z.cpl
[2009/11/03 22:13:00 | 00,013,030 | ---- | M] () -- C:\WINDOWS\System32\2285stz9l8225.exe
[2009/11/03 00:40:43 | 00,006,498 | ---- | M] () -- C:\WINDOWS\System32\15151sp95cz.dll
[2009/10/25 23:56:00 | 00,018,372 | ---- | M] () -- C:\WINDOWS\System32\29569sp9517z.bin
[2009/10/25 12:27:17 | 00,007,064 | ---- | M] () -- C:\WINDOWS\System32\2395t9i5f153z.dll
[2009/10/23 19:20:29 | 00,007,614 | ---- | M] () -- C:\WINDOWS\System32\5ee0tz9e51026.bin
[2009/10/23 15:28:20 | 00,017,295 | ---- | M] () -- C:\WINDOWS\z74fthief25939.cpl
[2009/10/23 05:03:04 | 00,006,904 | ---- | M] () -- C:\WINDOWS\System32\7d90zteal25575.dll
[2009/10/22 20:53:56 | 00,012,285 | ---- | M] () -- C:\WINDOWS\System32\37775r9j5zb.exe
[2009/10/18 13:32:39 | 00,003,272 | ---- | M] () -- C:\WINDOWS\99536spzm5ot95.dll
[2009/10/15 21:24:53 | 00,002,864 | ---- | M] () -- C:\WINDOWS\System32\15z71troj1e89.exe
[2009/10/14 22:14:18 | 00,005,603 | ---- | M] () -- C:\WINDOWS\System32\14116not-a-59rus4az.dll
[2009/10/14 12:18:29 | 00,006,815 | ---- | M] () -- C:\WINDOWS\e639pars5670z.exe
[2009/10/14 06:54:13 | 00,003,757 | ---- | M] () -- C:\WINDOWS\System32\1793addwar5z917.cpl
[2009/10/13 15:21:12 | 00,012,091 | ---- | M] () -- C:\WINDOWS\50289not-a-virus527z.cpl
[2009/10/13 14:50:52 | 00,003,623 | ---- | M] () -- C:\WINDOWS\System32\3567s9azse27745.dll
[2009/10/13 09:54:07 | 00,006,136 | ---- | M] () -- C:\WINDOWS\System32\3569addw59e17z3.ocx
[2009/10/11 00:30:21 | 00,002,776 | ---- | M] () -- C:\WINDOWS\System32\94289no5za-virus324.cpl
[2009/10/09 21:53:36 | 00,004,457 | ---- | M] () -- C:\WINDOWS\System32\217zs5eal2295.dll
[2009/10/09 09:42:04 | 00,016,448 | ---- | M] () -- C:\WINDOWS\c1fdo5nl9azer188.bin
[2009/10/09 08:39:05 | 00,010,779 | ---- | M] () -- C:\WINDOWS\31790nzt-9-v5rus582.cpl
[2009/10/08 14:01:13 | 00,012,337 | ---- | M] () -- C:\WINDOWS\System32\d95viz181.bin
[2009/10/08 00:24:20 | 00,003,460 | ---- | M] () -- C:\WINDOWS\System32\589z7sp9567.ocx
[2009/10/07 17:35:42 | 00,018,183 | ---- | M] () -- C:\WINDOWS\593dtzrea510995.ocx
[2009/10/06 03:40:33 | 00,009,043 | ---- | M] () -- C:\WINDOWS\System32\39fat5reat647z.dll
[2009/10/05 02:53:15 | 00,011,665 | ---- | M] () -- C:\WINDOWS\System32\9f95stezl142.bin
[2009/10/05 02:48:52 | 00,005,570 | ---- | M] () -- C:\WINDOWS\353z5h9cktool728.ocx
[2009/10/02 04:07:40 | 00,004,118 | ---- | M] () -- C:\WINDOWS\14984sp59boz6c9.ocx
[2009/09/28 08:00:40 | 00,004,467 | ---- | M] () -- C:\WINDOWS\1468h9c5tooz689.dll
[2009/09/27 16:52:28 | 00,003,596 | ---- | M] () -- C:\WINDOWS\9956t5ief76z.dll
[2009/09/23 02:50:29 | 00,003,219 | ---- | M] () -- C:\WINDOWS\System32\4bbbspyware189z5.bin
[2009/09/22 13:18:29 | 00,010,319 | ---- | M] () -- C:\WINDOWS\System32\z6524spy9ef.ocx
[2009/09/22 07:58:17 | 00,011,211 | ---- | M] () -- C:\WINDOWS\System32\4z9395ief2171.bin
[2009/09/21 18:03:12 | 00,008,491 | ---- | M] () -- C:\WINDOWS\5acezddware9064.ocx
[2009/09/20 06:44:17 | 00,003,057 | ---- | M] () -- C:\WINDOWS\z9656t5oj40c9.dll
[2009/09/19 23:19:41 | 00,010,104 | ---- | M] () -- C:\WINDOWS\System32\2535spaz5ot229.exe
[2009/09/19 11:51:05 | 00,010,834 | ---- | M] () -- C:\WINDOWS\System32\369zhackto9l5b3.bin
[2009/09/19 04:50:10 | 00,007,751 | ---- | M] () -- C:\WINDOWS\System32\3479ste5z2010.ocx
[2009/09/16 07:45:08 | 00,006,202 | ---- | M] () -- C:\WINDOWS\System32\29884not-a-vir597z.ocx
[2009/09/13 21:35:15 | 00,002,768 | ---- | M] () -- C:\WINDOWS\z2915worm508.dll
[2009/09/12 08:23:26 | 00,016,681 | ---- | M] () -- C:\WINDOWS\1z9baddwar91258.cpl
[2009/09/12 08:08:44 | 00,008,604 | ---- | M] () -- C:\WINDOWS\165639ac5tool7b3z.bin
[2009/09/11 15:22:31 | 00,006,693 | ---- | M] () -- C:\WINDOWS\System32\1a95steal536z.bin
[2009/09/10 19:10:05 | 00,004,326 | ---- | M] () -- C:\WINDOWS\3850ad9z5re149.bin
[2009/09/10 14:15:57 | 00,008,982 | ---- | M] () -- C:\WINDOWS\System32\42c99iz2285.exe
[2009/09/10 09:31:18 | 00,015,024 | ---- | M] () -- C:\WINDOWS\7b15spars96z8.exe
[2009/09/06 13:48:26 | 00,016,507 | ---- | M] () -- C:\WINDOWS\5dbzsteal3597.exe
[2009/09/02 01:44:02 | 00,009,823 | ---- | M] () -- C:\WINDOWS\5879spamb9z794.cpl
[2009/09/01 00:09:08 | 00,011,840 | ---- | M] () -- C:\WINDOWS\System32\15226sp9mbot6z3.cpl
[2009/08/31 23:06:15 | 00,016,479 | ---- | M] () -- C:\WINDOWS\System32\18446h9cktzol50e.exe
[2009/08/27 22:13:10 | 00,016,056 | ---- | M] () -- C:\WINDOWS\System32\6ab9azd9are5937.cpl
[2009/08/27 11:11:59 | 00,006,421 | ---- | M] () -- C:\WINDOWS\System32\46a2threat919z35.ocx
[2009/08/27 05:46:09 | 00,007,540 | ---- | M] () -- C:\WINDOWS\System32\192519zr519b.dll
[2009/08/26 20:37:30 | 00,009,553 | ---- | M] () -- C:\WINDOWS\System32\32957hazktool1f.ocx
[2009/08/25 04:02:36 | 00,003,802 | ---- | M] () -- C:\WINDOWS\20499worm68z5.exe
[2009/08/24 14:29:41 | 00,838,360 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SecurityCheck.exe
[2009/08/24 14:28:01 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/08/23 19:19:05 | 00,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/08/23 19:15:14 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/23 19:13:31 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/23 19:13:26 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/23 19:11:04 | 04,300,736 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2009/08/23 19:01:38 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2009/08/23 19:01:38 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2009/08/23 18:56:48 | 00,724,952 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\avenger.zip
[2009/08/23 18:48:23 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Administrator\Desktop\erunt-setup.exe
[2009/08/23 12:41:11 | 00,000,015 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\settings.dat
[2009/08/23 12:23:14 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Administrator\Desktop\RootRepeal.exe
[2009/08/23 04:18:44 | 00,010,999 | ---- | M] () -- C:\WINDOWS\System32\1e41sparsz29599.cpl
[2009/08/21 20:30:45 | 00,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2009/08/21 20:15:36 | 00,012,761 | ---- | M] () -- C:\WINDOWS\5b39spars925z95.cpl
[2009/08/21 16:54:07 | 07,876,240 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Desktop\mssefullinstall-x86fre-en-us-xp.exe
[2009/08/21 10:37:31 | 00,004,462 | ---- | M] () -- C:\WINDOWS\362z5ir9102.exe
[2009/08/20 18:16:54 | 00,002,564 | ---- | M] () -- C:\WINDOWS\3075znot-a-viru95d1.exe
[2009/08/17 21:51:24 | 00,013,265 | ---- | M] () -- C:\WINDOWS\System32\7972tzief253.exe
[2009/08/17 06:48:06 | 00,015,349 | ---- | M] () -- C:\WINDOWS\3cezthreat29905.ocx
[2009/08/12 10:24:50 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CCleaner.lnk
[2009/08/12 07:19:04 | 00,008,151 | ---- | M] () -- C:\WINDOWS\3899zo5-a-virus684.bin
[2009/08/12 06:48:02 | 00,007,587 | ---- | M] () -- C:\WINDOWS\System32\15190viruz942.bin
[2009/08/11 23:15:20 | 00,000,634 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/08/11 05:54:05 | 00,007,872 | ---- | M] () -- C:\WINDOWS\5fb9backdo5z9956.cpl
[2009/08/11 02:43:53 | 00,012,555 | ---- | M] () -- C:\WINDOWS\System32\5932downlza9er437.dll
[2009/08/10 16:18:14 | 00,007,570 | ---- | M] () -- C:\WINDOWS\3533zvi9us162.dll
[2009/08/09 18:40:12 | 00,012,245 | ---- | M] () -- C:\WINDOWS\159zworm95f.ocx
[2009/08/08 14:07:07 | 00,006,271 | ---- | M] () -- C:\WINDOWS\82489zy6ff5.dll
[2009/08/07 17:55:53 | 00,006,003 | ---- | M] () -- C:\WINDOWS\8655spambo91fz.dll
[2009/08/06 21:44:15 | 00,011,860 | ---- | M] () -- C:\WINDOWS\System32\3185sp9rse4z1.cpl
[2009/08/05 04:01:48 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mswebdvd.dll
[2009/08/05 04:01:48 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/29 19:49:14 | 24,281,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/07/27 17:27:12 | 00,128,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2009/07/27 14:43:54 | 06,568,480 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware.exe
[2009/07/27 06:33:30 | 00,017,181 | ---- | M] () -- C:\WINDOWS\System32\4bffspzware24759.bin

========== LOP Check ==========

[2009/06/21 17:07:08 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Application Data
[2009/06/21 16:54:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2009/06/08 12:51:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MSN6
[2009/08/21 17:04:16 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/06/10 16:41:13 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\436f953
[2009/06/21 16:52:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Logishrd
[2009/04/12 19:12:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2008/11/29 16:24:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/08/23 19:16:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2003/07/16 11:31:17 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/08/23 19:19:05 | 00,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2009/08/23 19:13:31 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 352 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

**********************

OTL Extras logfile created on: 8/24/2009 2:37:20 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.98 Mb Total Physical Memory | 261.73 Mb Available Physical Memory | 51.22% Memory free
1.22 Gb Paging File | 0.92 Gb Available in Paging File | 75.81% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 28.32 Gb Free Space | 76.01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GUEST1-Z795T3H2
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam
"{466A6359-0EC2-4369-B889-6FE780D2CF3C}" = Microsoft Security Essentials
"{4D9C7DA3-D532-432D-A556-5F6CD186B0A5}" = DJ_AIO_03_F4200_ProductContext
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"{62653245-3DC5-4019-AF6B-4E62D6150D9E}" = F4200_Help
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67DFCE0D-BBA9-43AC-90B3-548390ECE522}" = F4200
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DBCE8C7-FE94-4D8F-9FF0-38EF3D8BC99E}" = DJ_AIO_03_F4200_Software
"{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}" = Microsoft Antimalware
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A11409F1-CD33-4076-85CB-4EE4A8439BFE}" = Scan
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{AE9A67F9-ADF1-4a44-BAB5-C1DB302B37A2}" = HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3
"{B29B526D-F027-4122-BC7A-D9E5BC86CC40}" = DJ_AIO_03_F4200_Software_Min
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ATI Display Driver" = ATI Display Driver
"Belarc Advisor" = Belarc Advisor 7.2
"CCleaner" = CCleaner (remove only)
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"ERUNT_is1" = ERUNT 1.1j
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"Gateway Drivers and Applications Recovery" = Gateway Drivers and Applications Recovery
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"lvdrivers_11.80" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Revo Uninstaller" = Revo Uninstaller 1.83
"Secunia PSI" = Secunia PSI
"Shop for HP Supplies" = Shop for HP Supplies
"SpywareBlaster_is1" = SpywareBlaster 4.2
"SpywareGuard_is1" = SpywareGuard v2.2
"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/28/2009 8:26:50 PM | Computer Name = GUEST1-Z795T3H2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server returned an invalid or unrecognized response

Error - 6/28/2009 8:26:50 PM | Computer Name = GUEST1-Z795T3H2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 6/30/2009 7:54:11 PM | Computer Name = GUEST1-Z795T3H2 | Source = Application Error | ID = 1000
Description = Faulting application superantispyware.exe, version 4.25.0.1014, faulting
module superantispyware.exe, version 4.25.0.1014, fault address 0x0008a823.

Error - 7/8/2009 9:26:10 AM | Computer Name = GUEST1-Z795T3H2 | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe.exe, version 1.36.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x773f65f1.

Error - 7/15/2009 9:57:25 AM | Computer Name = GUEST1-Z795T3H2 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/16/2009 5:47:21 PM | Computer Name = GUEST1-Z795T3H2 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/16/2009 5:47:21 PM | Computer Name = GUEST1-Z795T3H2 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/20/2009 12:18:37 AM | Computer Name = GUEST1-Z795T3H2 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/23/2009 2:50:46 PM | Computer Name = GUEST1-Z795T3H2 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/23/2009 2:50:47 PM | Computer Name = GUEST1-Z795T3H2 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 8/21/2009 10:38:34 PM | Computer Name = GUEST1-Z795T3H2 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework
3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.

Error - 8/21/2009 10:58:52 PM | Computer Name = GUEST1-Z795T3H2 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework
3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.

Error - 8/21/2009 11:23:09 PM | Computer Name = GUEST1-Z795T3H2 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 8/22/2009 12:09:50 PM | Computer Name = GUEST1-Z795T3H2 | Source = ACPIEC | ID = 327681
Description = \Device\ACPIEC: The embedded controller (EC) hardware didn't respond
within the timeout period. This may indicate an error in the EC hardware or firmware,
or possibly a poorly designed BIOS which accesses the EC in an unsafe manner.
The EC driver will retry the failed transaction if possible.

Error - 8/22/2009 12:16:42 PM | Computer Name = GUEST1-Z795T3H2 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework
3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.

Error - 8/23/2009 10:14:17 AM | Computer Name = GUEST1-Z795T3H2 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 8/23/2009 12:08:39 PM | Computer Name = GUEST1-Z795T3H2 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 8/23/2009 8:13:55 PM | Computer Name = GUEST1-Z795T3H2 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 8/23/2009 8:15:09 PM | Computer Name = GUEST1-Z795T3H2 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 8/24/2009 12:52:52 PM | Computer Name = GUEST1-Z795T3H2 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework
3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.


< End of report >

*******************************

Results of screen317's Security Check version 0.98.9
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!


Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:

SpywareBlaster 4.2
SpywareGuard v2.2
Malwarebytes' Anti-Malware
Microsoft Antimalware
Secunia PSI
CCleaner (remove only)
Eusing Free Registry Cleaner
Adobe Flash Player 10
Adobe Reader 9.1.2
``````````````````````````````
Process Check:
objlist.exe by Laurent



``````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

#6 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:24 AM

Posted 24 August 2009 - 03:26 PM

Please see this article http://support.microsoft.com/kb/283673
and turn ON the Windows firewall immediately.

Your Hosts file has some bad entries, which hoping we can fix by the following run of OTL.

Close and save any open work documents. Then make sure you have no other programs open that you started.

You will want to print out or copy these instructions to Notepad for Safe Mode/offline reference!
Posted Image
If you are a casual viewer, do NOT try this on your system!
If you are not johnfull and have a similar problem, do NOT post here; start your own topic


Do not run or start any other programs while these utilities and tools are in use!
Posted Image Do NOT run any other tools on your own or do any fixes other than what is listed here.
If you have questions, please ask before you do something on your own.
But it is important that you get going on these following steps.
=
Close any of your open programs while you run these tools.

  • Please double-click OTL.exe Posted Image to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :OTL
    O1 - Hosts: 74.125.45.100 test1111.com
    O1 - Hosts: 74.125.45.100 test1112.com
    O1 - Hosts: 74.125.45.100 4-open-davinci.com
    O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
    O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
    O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
    O1 - Hosts: 74.125.45.100 secure-plus-payments.com
    O1 - Hosts: 74.125.45.100 [url="http://www.getantivirusplusnow.com"]www.getantivirusplusnow.com[/url]
    O1 - Hosts: 74.125.45.100 [url="http://www.secure-plus-payments.com"]www.secure-plus-payments.com[/url]
    O1 - Hosts: 74.125.45.100 [url="http://www.securesoftwarebill.com"]www.securesoftwarebill.com[/url]
    
    :files
    C:\recycler
    D:\recycler
    e:\recycler
    f:\recycler
    g:\recycler
    h:\recycler
    
    :Commands
    [purity]
    [emptytemp]
    [reboot]
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button Run Fix.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

=

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

If you have a prior copy of Combofix, delete it now !

Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image


* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop
If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on Combo-Fix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.

IF you should see a message like this:
Posted Image
then, be sure to write down fully and also copy that into your next reply here and then await for my response.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
-------------------------------------------------------

A caution - Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.
If this occurs, please reboot to restore the desktop.
Even when ComboFix appears to be doing nothing, look at your Drive light.
If it is flashing, Combofix is still at work.
=

RE-Enable your AntiVirus and AntiSpyware applications.

Reply with copy of OTL MovedFiles log
and the C:\Combofix.txt

I'm quite concerned that this system is too infected. We may well be looking at a wipe and re-install.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#7 johnfull

johnfull
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 24 August 2009 - 08:42 PM

OK Maurice -

Here are my notes as I went through these steps:
Disabled Spyware Blaster
Ran OTL to remove stuff listed in the "text Box" - got an error message of "Could not create Hosts file" (sorry, I didn't copy the exact detail). Clicked through and then clicked "Run Fix" again - It created .log file and rebooted.

I exited Secunia and disabled MSE - noted some IP "talking and HD activity.

Ran Combo-Fix, installed MS Recovery Console, proceeded through stages 1 thru 50+ then it began deleting a BUNCH of files. PC rebooted and Combo-Fix said preparing report. Lots of HD activity, Combo-Fix took about 35 min to run.

Do I need to run OTL again?

Anyhow, here are the OTL MovedFiles log and the C:\Combofix.txt:

All processes killed
Error: Unable to interpret <O1 - Hosts: 74.125.45.100 test1111.com> in the current context!
Error: Unable to interpret <O1 - Hosts: 74.125.45.100 test1112.com> in the current context!
Error: Unable to interpret <O1 - Hosts: 74.125.45.100 4-open-davinci.com> in the current context!
Error: Unable to interpret <O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com> in the current context!
Error: Unable to interpret <O1 - Hosts: 74.125.45.100 privatesecuredpayments.com> in the current context!
Error: Unable to interpret <O1 - Hosts: 74.125.45.100 getantivirusplusnow.com> in the current context!
Error: Unable to interpret <O1 - Hosts: 74.125.45.100 secure-plus-payments.com> in the current context!
Error: Unable to interpret <O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com> in the current context!
Error: Unable to interpret <O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com> in the current context!
Error: Unable to interpret <O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com> in the current context!
========== FILES ==========
C:\RECYCLER\S-1-5-21-1454471165-854245398-1398299171-500\Dc1 moved successfully.
C:\RECYCLER\S-1-5-21-1454471165-854245398-1398299171-500 moved successfully.
C:\RECYCLER moved successfully.
File\Folder D:\recycler not found.
File\Folder e:\recycler not found.
File\Folder f:\recycler not found.
File\Folder g:\recycler not found.
File\Folder h:\recycler not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\VF8VX36Y\click,5jBaAEL4BwAgwRkAwtcDAAIAAAAAAP8AAAABDAIAAgIjNQQAr8gFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHVoxkkAAAAA,http%3A%2F%2Fus.ard.yahoo.com%2FSIG%3D15rnn3cgq%2FM%3D715481[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\VF8VX36Y\click,5jBaAEL4BwAgwRkAwtcDAAIAAAAAAP8AAAABDAIAAgIjNQQAr8gFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHZoxkkAAAAA,http%3A%2F%2Fus.ard.yahoo.com%2FSIG%3D15rqvvu56%2FM%3D715481[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\VF8VX36Y\click,5jBaAJz4BwAgwRkAwtcDAAAAbRwAAAkABgABEgIAAgIjNQQAr8gFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPW9xkkAAAAA,http%3A%2F%2Fus.ard.yahoo.com%2FSIG%3D15r0hl9hq%2FM%3D715481[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\VF8VX36Y\click,5jBaAJz4BwCavRkAwtcDAAAAaRwAAAgAAwABEgIAAgIjNQQAr8gFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIe9xkkAAAAA,http%3A%2F%2Fus.ard.yahoo.com%2FSIG%3D15r79d1v4%2FM%3D715481[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\VF8VX36Y\click,5jBaAJz4BwDcwRkAjb4GAAIACRwAAP8AAAABDQIAAgIjNQQAWPYJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMRyxkkAAAAA,http%3A%2F%2Fus.ard.yahoo.com%2FSIG%3D15r6690kc%2FM%3D715481[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\VF8VX36Y\v=5;m=2;l=969;cxt=;kw=;ts=858039;smuid=y7dV1B0H8RG4o6VoPvAuP74v5eKrjzdURZmZVUhZ;p=ui%3Dy7dV1B0H8RG4o6VoPvAuP74v5eKrjzdURZmZVUhZ%3Btr%3DB0udzYlFnq5%3Btm%3D0-0[1] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\CA6N6EOU\%7Bmod_zoom,mod_truffle,mod_transitlyr,mod_traffic_app,mod_scrollwheel,mod_quadtree,mod_lyrsctrl,mod_lyrs,mod_keyboard,mod_extended_dom,mod_drag,mod_controls,mod_cb_launc[2].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\CA6N6EOU\click,5jBaAJz4BwAgwRkAwtcDAAAAQRwAAAkABQABDwIAAgIjNQQAr8gFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeOxkkAAAAA,http%3A%2F%2Fus.ard.yahoo.com%2FSIG%3D15rst90n4%2FM%3D715481[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\CA6N6EOU\click,5jBaAJz4BwCvxBkAKT0JAAIAORwAAP8AAAABDwIAAgIjNQQA0T0NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP6LxkkAAAAA,http%3A%2F%2Fus.ard.yahoo[2].com%2F,;ord=1237748734 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\6QKID0ET\%7Bmod_zoom,mod_transitlyr,mod_traffic_app,mod_scrollwheel,mod_quadtree,mod_lyrsctrl,mod_lyrs,mod_keyboard,mod_extended_dom,mod_drag,mod_controls,mod_cb_launchpad,mod_cb_[2].js scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\6QKID0ET\click,5jBaAJz4BwAgwRkAwtcDAAAALRwAAAsAAwABDgIAAgIjNQQAr8gFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG6IxkkAAAAA,http%3A%2F%2Fus.ard.yahoo.com%2FSIG%3D15rdd7ch8%2FM%3D715481[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\6QKID0ET\click,5jBaAJz4BwCavRkAwtcDAAAAeRwAAAkABAABEwIAAgIjNQQAr8gFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3DxkkAAAAA,http%3A%2F%2Fus.ard.yahoo.com%2FSIG%3D15rhg9q3o%2FM%3D715481[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\6QKID0ET\click,5jBaAJz4BwCvxBkAKT0JAAAAcRwAAAsAAgABEwIAAgIjNQQA0T0NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPzCxkkAAAAA,http%3A%2F%2Fus.ard.yahoo[2].com%2F,;ord=1237762812 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\0SF44ATI\click,5jBaAJz4BwAgwRkAwtcDAAAADRwAAAoAAgABDQIAAgIjNQQAr8gFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN0xkkAAAAA,http%3A%2F%2Fus.ard.yahoo.com%2FSIG%3D15r7lmiv2%2FM%3D715481[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\0SF44ATI\click,5jBaAJz4BwAgwRkAwtcDAAAANRwAAAcABAABDgIAAgIjNQQAr8gFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC2KxkkAAAAA,http%3A%2F%2Fus.ard.yahoo.com%2FSIG%3D15r1577ub%2FM%3D715481[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\0SF44ATI\click,5jBaAJz4BwBoTxwAlTUJAAIAYRwAAP8AAAABEgIAAgIjNQQAojMNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGq6xkkAAAAA,http%3A%2F%2Fus.ard.yahoo.com%2FSIG%3D15rhu5ug6%2FM%3D715481[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\0SF44ATI\click,5jBaAJz4BwCavRkAwtcDAAAAURwAAAsAAQABEgIAAgIjNQQAr8gFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALK4xkkAAAAA,http%3A%2F%2Fus.ard.yahoo.com%2FSIG%3D15rvk7o7h%2FM%3D715481[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\0SF44ATI\click,5jBaAJz4BwCavRkAwtcDAAAAWRwAAAcAAgABEgIAAgIjNQQAr8gFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACa6xkkAAAAA,http%3A%2F%2Fus.ard.yahoo.com%2FSIG%3D15rvk7o7h%2FM%3D715481[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\0SF44ATI\click,5jBaAJz4BwCavRkAwtcDAAIARRwAAP8AAAABDwIAAgIjNQQAr8gFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHeOxkkAAAAA,http%3A%2F%2Fus.ard.yahoo.com%2FSIG%3D15rst90n4%2FM%3D715481[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\0SF44ATI\ZSHAX.books%252Fromance%253Bsz%253D728x90%253Bs%253D32%253Bs%253Dm1%253Bu%253D4b4135a73af644bc940c4c2670dc2cab%253Bz%253D175%253Bz%253D141%253Btile%253D2%253Bord%253D412327%253F scheduled to be deleted on reboot.
->Temp folder emptied: 12452691 bytes
->Temporary Internet Files folder emptied: 15830855 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 2626758 bytes

User: NetworkService
->Temp folder emptied: 14048 bytes
->Temporary Internet Files folder emptied: 33237 bytes

%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 1145933 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
File delete failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\TMP000000035227F703CABE7C47 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\TMP00000004530E978DA6F24A45 scheduled to be deleted on reboot.
Windows Temp folder emptied: 2715948 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 33.24 mb


OTL by OldTimer - Version 3.0.10.7 log created on 08242009_185528




ComboFix 09-08-24.05 - Administrator 08/24/2009 19:16.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.235 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\10257zpamb95265.cpl
c:\windows\10356viz9s508.exe
c:\windows\11294spamb9z15d.exe
c:\windows\11469zpa5bot597.exe
c:\windows\11504v9zus150.cpl
c:\windows\11940spazbo9675.dll
c:\windows\11a8spz5se1809.bin
c:\windows\11b5do5nloader4z79.exe
c:\windows\1238zhack9ool55d.bin
c:\windows\125425a9ztool4e5.exe
c:\windows\1256thre952z220.bin
c:\windows\12638sp59a1z.exe
c:\windows\130049ac5tool1cz.bin
c:\windows\1357hacktzo9194.cpl
c:\windows\13904no5-a-vzrus55e9.cpl
c:\windows\13937haczto5l2459.dll
c:\windows\13982spambo5904z.ocx
c:\windows\14367vir5z59c.exe
c:\windows\1468h9c5tooz689.dll
c:\windows\14895ackt9oz656.ocx
c:\windows\14984sp59boz6c9.ocx
c:\windows\151z9viru5490.dll
c:\windows\151zaddwar92223.exe
c:\windows\152295py99z.cpl
c:\windows\154119zy6c4.dll
c:\windows\1549z5o9m293.exe
c:\windows\15510tzoj60a9.ocx
c:\windows\1581sz59l152.exe
c:\windows\15858not-z9virus364.cpl
c:\windows\15992hacktozl5a09.exe
c:\windows\159zworm95f.ocx
c:\windows\15asparse2559z.dll
c:\windows\16495troj29z.cpl
c:\windows\16515not-a-9irzs565.cpl
c:\windows\165639ac5tool7b3z.bin
c:\windows\166z6w9rm565.cpl
c:\windows\167599roj54z.bin
c:\windows\1686spamzot915.dll
c:\windows\17b5z59al228.exe
c:\windows\180z35orm479.ocx
c:\windows\18323v9ruz695.cpl
c:\windows\1890zhac5tool70d9.cpl
c:\windows\1894559zktool16c.dll
c:\windows\19055wozm323.cpl
c:\windows\19128tz9j354.bin
c:\windows\191959pambzt1f1.exe
c:\windows\19321vzrus15b.dll
c:\windows\19554haz9tool175.exe
c:\windows\19591troj19cz.exe
c:\windows\1959zpy51c.exe
c:\windows\1959ztro95745.dll
c:\windows\195addw9re2z12.dll
c:\windows\1964zp95d2.dll
c:\windows\19889trzj815.cpl
c:\windows\1994b9czdoor556.ocx
c:\windows\1995sparsez56.cpl
c:\windows\19ccspzrse455.ocx
c:\windows\1b4ft5izf1998.bin
c:\windows\1bb2ste5lz194.cpl
c:\windows\1c59t5reatz5951.ocx
c:\windows\1c9ethzef5059.exe
c:\windows\1d52addw9re1055z.bin
c:\windows\1e6dd5wnl9adez2254.ocx
c:\windows\1z003spamb95a6.exe
c:\windows\1z6659y655.cpl
c:\windows\1z7649roj295.ocx
c:\windows\1z7cvi522239.dll
c:\windows\1z9baddwar91258.cpl
c:\windows\20241zpambot6985.bin
c:\windows\20242s9azbot55b.dll
c:\windows\20469s9y3z5.ocx
c:\windows\20499worm68z5.exe
c:\windows\20725not-a-virzs918.exe
c:\windows\20752w59m7z4.exe
c:\windows\20d5b9ckz5or3229.dll
c:\windows\21503spamb954zc.cpl
c:\windows\219cbackdoorz835.exe
c:\windows\219z7w5rm195.exe
c:\windows\2226adzwar914615.exe
c:\windows\22481tzoj3b95.dll
c:\windows\225zd9wnloader289.cpl
c:\windows\2297zackto5l22d.exe
c:\windows\22zdspar952464.bin
c:\windows\2348z9iru5702.ocx
c:\windows\235czackdoor1692.ocx
c:\windows\23968n5t-a-virzs142.bin
c:\windows\23b3t5rezt15519.cpl
c:\windows\2408do9nloadez3555.dll
c:\windows\240e9zeal3157.bin
c:\windows\24555wo9z4c1.ocx
c:\windows\2459arse1848z.cpl
c:\windows\25465wzr919.exe
c:\windows\2580z95oj634.cpl
c:\windows\25859ir655z.ocx
c:\windows\2597vi9150z.ocx
c:\windows\25989spyzf59.ocx
c:\windows\25b9spywaze645.dll
c:\windows\26240v59uz1d0.exe
c:\windows\2631tz5ef1129.cpl
c:\windows\26447hackto9512dz.cpl
c:\windows\265cstealz439.bin
c:\windows\274z29or5730.ocx
c:\windows\2758not-a-virus9f7z.cpl
c:\windows\27de5hzeat7904.ocx
c:\windows\27z0vi52179.ocx
c:\windows\283965orm1c1z.cpl
c:\windows\2895zhre9t25763.exe
c:\windows\29475spambzt91f.bin
c:\windows\295ath5ef319z.exe
c:\windows\29768szy59f5.dll
c:\windows\29855zeal2107.exe
c:\windows\29a3z5r2454.dll
c:\windows\2d08v9rz115.ocx
c:\windows\2da09parse28z05.ocx
c:\windows\2ed6spar9z6305.dll
c:\windows\2fez5pyware1397.ocx
c:\windows\2z25sp5rse1193.cpl
c:\windows\2z3et9ief1519.ocx
c:\windows\2z43worm2395.bin
c:\windows\305z7not-9-vir5s611.ocx
c:\windows\3075znot-a-viru95d1.exe
c:\windows\30z22hacktoo54fb9.exe
c:\windows\31576tz9j730.bin
c:\windows\31635spy7z9.exe
c:\windows\31790nzt-9-v5rus582.cpl
c:\windows\31960sza59ot57f.cpl
c:\windows\31969worm254z.dll
c:\windows\31cf5own9oader14z6.dll
c:\windows\3219backdzor32685.dll
c:\windows\3259zhacktool7bf.bin
c:\windows\3421down5oader92z1.exe
c:\windows\3509vzr12525.bin
c:\windows\35329py7z0.bin
c:\windows\3533zvi9us162.dll
c:\windows\353z5h9cktool728.ocx
c:\windows\362z5ir9102.exe
c:\windows\37659ackzoor2539.cpl
c:\windows\3850ad9z5re149.bin
c:\windows\3899zo5-a-virus684.bin
c:\windows\39119ro55ze.ocx
c:\windows\39249tz5jea.bin
c:\windows\39adownload5z32569.exe
c:\windows\39easteal652z.exe
c:\windows\3b7z59yware2920.ocx
c:\windows\3cezthreat29905.ocx
c:\windows\3e95tzief1165.cpl
c:\windows\3z7159oj5b2.cpl
c:\windows\408edow5lo9der2z85.exe
c:\windows\40a9pywar5701z.bin
c:\windows\4131notza-9iru5518.ocx
c:\windows\41badd5az9338.exe
c:\windows\4315nzt-a5v9rus2d.exe
c:\windows\4399sparse5155z.exe
c:\windows\4556h9ck5ozl199.cpl
c:\windows\4595zparse9275.cpl
c:\windows\45c59hreatz2278.dll
c:\windows\45ebb9ck5oor200z.bin
c:\windows\4747v5rus439z.exe
c:\windows\474zsp9ware935.cpl
c:\windows\47bfs5ar9e1799z.cpl
c:\windows\48z8thief5967.exe
c:\windows\490ddown5oader1z9.dll
c:\windows\4a35spar9z1065.ocx
c:\windows\4b969own5zader3107.ocx
c:\windows\4bz2v9r23075.cpl
c:\windows\4c2a95zeat25724.cpl
c:\windows\4dbdvi5969z.dll
c:\windows\4e9bthrea52z367.exe
c:\windows\4ebfspy5are191z.dll
c:\windows\4z52vir1093.cpl
c:\windows\4z56spy4995.ocx
c:\windows\5019threa9z3159.cpl
c:\windows\50289not-a-virus527z.cpl
c:\windows\509059pamzot7b0.cpl
c:\windows\50973not-a-virus59z.bin
c:\windows\50f7s5a9se3z19.bin
c:\windows\5126zhrea926801.cpl
c:\windows\5195ddwarez94.dll
c:\windows\51b4zddw9re16265.bin
c:\windows\525tzi9f3023.ocx
c:\windows\5264ztroj73e9.exe
c:\windows\52d0backdzor489.cpl
c:\windows\53920spy7zd9.cpl
c:\windows\539cs5ezl2973.ocx
c:\windows\5419thzeat5325.ocx
c:\windows\545z6troj693.ocx
c:\windows\5484s5e9l12z3.cpl
c:\windows\54z5th9eat27495.exe
c:\windows\5504szarse1569.dll
c:\windows\5538thiefz819.bin
c:\windows\5553not-a9zirus3a.exe
c:\windows\555c9hreat30z7.dll
c:\windows\5580spamboz290.ocx
c:\windows\55c8ste9lz035.dll
c:\windows\56936not-a-virus7fz.dll
c:\windows\56a1spar9e1z085.bin
c:\windows\56a1szyware35119.cpl
c:\windows\571z5spy96a.dll
c:\windows\57c95pzw9re1276.cpl
c:\windows\57z259irus3da.dll
c:\windows\585zsteal2495.ocx
c:\windows\5879spamb9z794.cpl
c:\windows\5899spzmb9t5785.dll
c:\windows\593dspywar9z752.exe
c:\windows\593dtzrea510995.ocx
c:\windows\5951spy2e8z.bin
c:\windows\59cevzr994.exe
c:\windows\59d8azd9are3132.dll
c:\windows\59e0s5za91967.dll
c:\windows\59f79pywa5z1480.exe
c:\windows\5a73t9reat1z361.ocx
c:\windows\5acezddware9064.ocx
c:\windows\5b39spars925z95.cpl
c:\windows\5bz5backdoor9022.bin
c:\windows\5c5zp9rse381.bin
c:\windows\5c8fbackdozr924.cpl
c:\windows\5c9b5hief2505z.dll
c:\windows\5d7asz9al722.dll
c:\windows\5d9aspzrse2259.dll
c:\windows\5db35parse10z99.bin
c:\windows\5dbzsteal3597.exe
c:\windows\5e169ownzoader899.exe
c:\windows\5e68adzware559.bin
c:\windows\5f329ackd5zr3185.ocx
c:\windows\5fb9backdo5z9956.cpl
c:\windows\5fz39ownloader3795.ocx
c:\windows\5z565troj2b9.cpl
c:\windows\5z597v9rus451.dll
c:\windows\5z7f9ownloader2942.cpl
c:\windows\5z933worm9e7.bin
c:\windows\60zcdown9oader2745.dll
c:\windows\6202d9wn5oadzr1802.dll
c:\windows\6252not-a-vzru591.cpl
c:\windows\625thre9z14256.exe
c:\windows\6296ste5lz509.bin
c:\windows\62ffstea51159z.bin
c:\windows\639bbazk5oor2249.exe
c:\windows\6595s9eaz250.ocx
c:\windows\6615vz91984.bin
c:\windows\6624thi5f260z9.ocx
c:\windows\6655bac9dozr237.dll
c:\windows\6655spywar9134z.exe
c:\windows\66e6a9dwar575z.exe
c:\windows\6759addwaze1990.exe
c:\windows\691hackt5oz5e9.ocx
c:\windows\69z9sp5ware308.dll
c:\windows\6c27ste5lz4079.exe
c:\windows\6c6dbaz9door5517.dll
c:\windows\6e09downloaderz657.exe
c:\windows\6f41zd95are2959.ocx
c:\windows\6z16ad95are1959.ocx
c:\windows\6z39addware29015.ocx
c:\windows\7095threa519145z.dll
c:\windows\70e9sp9rs5z158.bin
c:\windows\7185spam9ot6zf.cpl
c:\windows\7185stezl1339.cpl
c:\windows\71z29parse2795.ocx
c:\windows\726cba5kd9or28z.cpl
c:\windows\7292vir5sz94.bin
c:\windows\7349downzoader2566.dll
c:\windows\73845p9rse1z32.cpl
c:\windows\7491addware2z155.cpl
c:\windows\7507ztea92159.ocx
c:\windows\7519thie9z553.bin
c:\windows\7585troj9eaz.exe
c:\windows\783dad59zre2451.exe
c:\windows\795bbackdoorz1205.exe
c:\windows\7975troj453z.exe
c:\windows\79des5yz9re270.exe
c:\windows\79z5backdoor1599.bin
c:\windows\7a735pars97z7.dll
c:\windows\7a78st5a92z37.exe
c:\windows\7a96spywa5e1814z.exe
c:\windows\7ad0bacz5oo91409.dll
c:\windows\7b0astea5326z9.cpl
c:\windows\7b15spars96z8.exe
c:\windows\7cczspar5e9376.cpl
c:\windows\7d4z95arse444.dll
c:\windows\7ee9th5eaz3524.dll
c:\windows\7z49downloa5er211.dll
c:\windows\82489zy6ff5.dll
c:\windows\85859zrm5cf.cpl
c:\windows\8655spambo91fz.dll
c:\windows\8899h5cktool2zf.bin
c:\windows\88fstea9z59.bin
c:\windows\8aa5parsz1989.ocx
c:\windows\8e9spzrse20059.cpl
c:\windows\90059not-a-viru51dz.ocx
c:\windows\903095orm6z1.cpl
c:\windows\9094ztro51c6.exe
c:\windows\91065worm5ze.ocx
c:\windows\9121za5kt9ol478.dll
c:\windows\91z0st5al2395.dll
c:\windows\92z5spy559.exe
c:\windows\92zdownloader7375.ocx
c:\windows\93504virus6z8.exe
c:\windows\93a9thizf1559.exe
c:\windows\95599orm3zd.exe
c:\windows\96311zpambo51c6.exe
c:\windows\96c85irz290.exe
c:\windows\9711not5a-vi9uz224.exe
c:\windows\99030viruz5b55.ocx
c:\windows\99381trzj61a5.bin
c:\windows\99500vzrus591.ocx
c:\windows\99536spzm5ot95.dll
c:\windows\9956t5ief76z.dll
c:\windows\99775zoj596.bin
c:\windows\9996v9rzs7875.dll
c:\windows\9f22d5wnlozder2254.exe
c:\windows\9z653troj553.dll
c:\windows\9z65vir1747.ocx
c:\windows\9zddsp5ware2692.dll
c:\windows\c1fdo5nl9azer188.bin
c:\windows\c5bthr9zt7622.exe
c:\windows\d79threaz929025.cpl
c:\windows\dzcs5e9l3065.bin
c:\windows\e639pars5670z.exe
c:\windows\e90stez5539.cpl
c:\windows\fd5azdware907.dll
c:\windows\Installer\24f500.msi
c:\windows\Installer\24f501.msp
c:\windows\Installer\24f502.msp
c:\windows\Installer\24f503.msp
c:\windows\Installer\24f504.msp
c:\windows\Installer\24f505.msp
c:\windows\Installer\24f506.msp
c:\windows\Installer\24f507.msp
c:\windows\Installer\24f508.msp
c:\windows\Installer\24f509.msp
c:\windows\Installer\40360.msp
c:\windows\Installer\41c49.msp
c:\windows\Installer\960c040.msp
c:\windows\system32\10292spamb5za4.exe
c:\windows\system32\11149t5al1z38.bin
c:\windows\system32\1137do5nl9ader2z7.ocx
c:\windows\system32\11393z5rus20e.cpl
c:\windows\system32\11549not-a-v9r5s5zf.ocx
c:\windows\system32\11605s9y4b5z.exe
c:\windows\system32\119769p5mbzt595.cpl
c:\windows\system32\11bdzir1519.dll
c:\windows\system32\120ethi9f56z9.ocx
c:\windows\system32\12240woz93ce5.ocx
c:\windows\system32\125z2not9a-virus774.cpl
c:\windows\system32\128675orz7b49.exe
c:\windows\system32\129z6troj3795.ocx
c:\windows\system32\12e75p9rse2466z.cpl
c:\windows\system32\13107n5t-a-9irus31z.cpl
c:\windows\system32\13135n5t-a9vizus3a2.ocx
c:\windows\system32\140zspar5e7799.bin
c:\windows\system32\14116not-a-59rus4az.dll
c:\windows\system32\142595yz85.bin
c:\windows\system32\15062troz49c.bin
c:\windows\system32\15151sp95cz.dll
c:\windows\system32\15190viruz942.bin
c:\windows\system32\151zor96e4.exe
c:\windows\system32\152159roj1z.cpl
c:\windows\system32\15226sp9mbot6z3.cpl
c:\windows\system32\153csteal9708z.cpl
c:\windows\system32\1552vzrus59b.ocx
c:\windows\system32\15539szambo5445.bin
c:\windows\system32\1589no9-a-vir5s4fz.ocx
c:\windows\system32\159899pz1a6.exe
c:\windows\system32\15ccvir1996z.cpl
c:\windows\system32\15z71troj1e89.exe
c:\windows\system32\15z97w5rm236.ocx
c:\windows\system32\16195ir1279z.dll
c:\windows\system32\16725spyzd9.ocx
c:\windows\system32\1793addwar5z917.cpl
c:\windows\system32\17fd5hiz9583.bin
c:\windows\system32\18446h9cktzol50e.exe
c:\windows\system32\18595pambotz5e.bin
c:\windows\system32\18721not9a-vizu5f.dll
c:\windows\system32\18920not-5-vir9s1z5.dll
c:\windows\system32\1896downloader359z.cpl
c:\windows\system32\192519zr519b.dll
c:\windows\system32\19338not-5-viruse5z.cpl
c:\windows\system32\19465ackzool199.ocx
c:\windows\system32\194downl5ader295z.dll
c:\windows\system32\195eadd5are21z9.exe
c:\windows\system32\19651hazkto5l37d.ocx
c:\windows\system32\19705spa5b9t58bz.bin
c:\windows\system32\199579irus70cz.bin
c:\windows\system32\199695zrm58b.bin
c:\windows\system32\1999vi517z9.exe
c:\windows\system32\1a79sparse335z.ocx
c:\windows\system32\1a95steal536z.bin
c:\windows\system32\1b59viz2929.dll
c:\windows\system32\1c95backdozr5795.dll
c:\windows\system32\1dezthreat91855.cpl
c:\windows\system32\1e41sparsz29599.cpl
c:\windows\system32\1e8zv9r5353.ocx
c:\windows\system32\1z2espywa5e3179.exe
c:\windows\system32\1z596hacktoo945a.dll
c:\windows\system32\1z945s596e0.exe
c:\windows\system32\1z9ab9ckdoor26915.exe
c:\windows\system32\2010zvi59s781.cpl
c:\windows\system32\2012h9cktool580z.cpl
c:\windows\system32\201bth9e5z5089.cpl
c:\windows\system32\20598szyf69.cpl
c:\windows\system32\2073z5ckdoo9938.exe
c:\windows\system32\20c9backdozr695.cpl
c:\windows\system32\20z7th9ef2500.cpl
c:\windows\system32\21096troj5zd.exe
c:\windows\system32\212ad9wnzoade52778.cpl
c:\windows\system32\217zs5eal2295.dll
c:\windows\system32\21959vi5us490z.exe
c:\windows\system32\21d9vir598z.cpl
c:\windows\system32\22493worm4z5.dll
c:\windows\system32\2255zvir9s5e6.ocx
c:\windows\system32\2285stz9l8225.exe
c:\windows\system32\22a295dwzre8.exe
c:\windows\system32\2363thz5at25298.exe
c:\windows\system32\238zth5ef2998.cpl
c:\windows\system32\2395t9i5f153z.dll
c:\windows\system32\2444zddware9509.cpl
c:\windows\system32\2526st9a526z6.cpl
c:\windows\system32\2535spaz5ot229.exe
c:\windows\system32\25395zot5a9virus42c.ocx
c:\windows\system32\25443ha5kto9l3z4.bin
c:\windows\system32\2556zs5ambo965.bin
c:\windows\system32\25599not-a-5irus59z9.dll
c:\windows\system32\25992sp5z92.dll
c:\windows\system32\26141n5t-a-virus119z.ocx
c:\windows\system32\26155no9-a-virus3z65.cpl
c:\windows\system32\2671ztr9j3f5.dll
c:\windows\system32\26adb5ckd9orz62.dll
c:\windows\system32\27057no5-a9vzrus1f7.dll
c:\windows\system32\27433t9oz1265.cpl
c:\windows\system32\27475hackto5z92d.bin
c:\windows\system32\2802worm1z59.cpl
c:\windows\system32\28760z9rm3605.ocx
c:\windows\system32\2889z5roj3e9.exe
c:\windows\system32\28e69ddwar55z8.ocx
c:\windows\system32\28f6tzre5t18199.exe
c:\windows\system32\29095wozm38.exe
c:\windows\system32\29199wo9m258z.exe
c:\windows\system32\2929threatz67395.ocx
c:\windows\system32\29569sp9517z.bin
c:\windows\system32\29649zoj752.ocx
c:\windows\system32\298175a9ktzol72d.ocx
c:\windows\system32\29884not-a-vir597z.ocx
c:\windows\system32\29945not-a-5irus7z8.cpl
c:\windows\system32\29d4steal9z5.cpl
c:\windows\system32\2ac85zy9are215.cpl
c:\windows\system32\2aczdo9nloader3155.dll
c:\windows\system32\2ba95r1z73.cpl
c:\windows\system32\2d7bba9kzoor1465.dll
c:\windows\system32\2f8spywarz15709.dll
c:\windows\system32\2f95spzrs9485.bin
c:\windows\system32\2fde5ackdoor1941z.ocx
c:\windows\system32\2z580ha9kt5olf7.cpl
c:\windows\system32\2z76tr9543d.bin
c:\windows\system32\30990w5rm45z.dll
c:\windows\system32\31355hackt5ol19z.dll
c:\windows\system32\313z9sp9mbot4585.ocx
c:\windows\system32\314z559oj45e.ocx
c:\windows\system32\3185sp9rse4z1.cpl
c:\windows\system32\31959worm495z.ocx
c:\windows\system32\3202ztroj2c95.cpl
c:\windows\system32\32503not9a-virzs7da5.exe
c:\windows\system32\3275zac9door2519.cpl
c:\windows\system32\32957hazktool1f.ocx
c:\windows\system32\32995szy553.exe
c:\windows\system32\32e9spywarez59.cpl
c:\windows\system32\3332addwa5z9023.ocx
c:\windows\system32\3391spy5zre2584.dll
c:\windows\system32\3469do5nloader2z10.dll
c:\windows\system32\3479ste5z2010.ocx
c:\windows\system32\35075hz9ktool6f5.exe
c:\windows\system32\3567s9azse27745.dll
c:\windows\system32\3569addw59e17z3.ocx
c:\windows\system32\359adowzloader9599.exe
c:\windows\system32\35d5thi9f32z5.dll
c:\windows\system32\360c5hze9t17916.exe
c:\windows\system32\364t9rzat18815.bin
c:\windows\system32\369zhackto9l5b3.bin
c:\windows\system32\36b9th9efz8125.ocx
c:\windows\system32\37339py54z.dll
c:\windows\system32\37775r9j5zb.exe
c:\windows\system32\37bezp9ware5505.ocx
c:\windows\system32\393da5dwa9z2160.exe
c:\windows\system32\3945wo5z9b4.exe
c:\windows\system32\39534virus7zb.exe
c:\windows\system32\3967back9ozr21615.cpl
c:\windows\system32\3974spamb9tz85.ocx
c:\windows\system32\39959p5zfd.bin
c:\windows\system32\39f5stz9l1395.ocx
c:\windows\system32\39f5thzef2255.cpl
c:\windows\system32\39fat5reat647z.dll
c:\windows\system32\3a0dsp5wzre279.bin
c:\windows\system32\3a95spywaze984.bin
c:\windows\system32\3aa6addware51z09.cpl
c:\windows\system32\3az659dware1838.bin
c:\windows\system32\3b05thr9at29z40.ocx
c:\windows\system32\3c215azkdo9r487.bin
c:\windows\system32\3cb5th9ezt55234.bin
c:\windows\system32\3cf75zdware9711.dll
c:\windows\system32\3d79st95z902.exe
c:\windows\system32\3fzvir99615.dll
c:\windows\system32\3z53worm293.ocx
c:\windows\system32\3z54addwa9e2520.dll
c:\windows\system32\3z5spywa9e15925.dll
c:\windows\system32\3z6threa9288365.ocx
c:\windows\system32\3z7bs9yware500.ocx
c:\windows\system32\3z8a5dware24569.bin
c:\windows\system32\3za1spa9se1795.bin
c:\windows\system32\4024trz954c.cpl
c:\windows\system32\4108zownl5ader2598.dll
c:\windows\system32\4215bzckdoo52299.bin
c:\windows\system32\42c99iz2285.exe
c:\windows\system32\4393thie5z999.cpl
c:\windows\system32\43e1spars95z68.ocx
c:\windows\system32\4425zh9ef2431.dll
c:\windows\system32\44c9szyware18549.exe
c:\windows\system32\457bzi517749.dll
c:\windows\system32\459da5dware45z.bin
c:\windows\system32\459fvirz9055.dll
c:\windows\system32\45bzvir459.exe
c:\windows\system32\46a2threat919z35.ocx
c:\windows\system32\47e4addzare5978.bin
c:\windows\system32\4931not-z-virus705.exe
c:\windows\system32\4934thrza918579.cpl
c:\windows\system32\4956addwa5e5z6.ocx
c:\windows\system32\498fbackzoor5284.bin
c:\windows\system32\49d2s9a5ze2715.exe
c:\windows\system32\49e9viz5079.bin
c:\windows\system32\4a76spz5se9421.cpl
c:\windows\system32\4bbbspyware189z5.bin
c:\windows\system32\4bffspzware24759.bin
c:\windows\system32\4bz5downlo9der2387.ocx
c:\windows\system32\4cbaszea95118.cpl
c:\windows\system32\4cbfth9e5t13993z.dll
c:\windows\system32\4e15addw5rz9449.bin
c:\windows\system32\4z75th95f435.exe
c:\windows\system32\4z9395ief2171.bin
c:\windows\system32\5158zackto9l2f.ocx
c:\windows\system32\515czhr9at5597.dll
c:\windows\system32\51ads5a9ze2738.ocx
c:\windows\system32\51c85ir1917z.cpl
c:\windows\system32\51z5not-a-9irus975.exe
c:\windows\system32\52btzr9at29613.dll
c:\windows\system32\5306spywa9ez884.ocx
c:\windows\system32\535aspyzare9773.ocx
c:\windows\system32\53c7th9zf145.exe
c:\windows\system32\545d9wnloazer5781.ocx
c:\windows\system32\5549thrzat10499.ocx
c:\windows\system32\5553viz9145.exe
c:\windows\system32\5577ztro95ae.exe
c:\windows\system32\558fspy9ar5186z.bin
c:\windows\system32\55aspyz9re15.exe
c:\windows\system32\55z2vir2339.bin
c:\windows\system32\55zavir1982.exe
c:\windows\system32\5695spyzare1595.bin
c:\windows\system32\569fs5ywaze1143.exe
c:\windows\system32\5768zhreat118099.bin
c:\windows\system32\5794threat85z5.ocx
c:\windows\system32\5795zro5930.dll
c:\windows\system32\5849stzal2854.exe
c:\windows\system32\58980wo9zb5.ocx
c:\windows\system32\589z7sp9567.ocx
c:\windows\system32\58z5worm3929.dll
c:\windows\system32\59185ackdoor22z2.exe
c:\windows\system32\59265viz9s765.bin
c:\windows\system32\5932downlza9er437.dll
c:\windows\system32\5942zacktool584.exe
c:\windows\system32\5944viruz85.bin
c:\windows\system32\59567zroj945.ocx
c:\windows\system32\5960zpy493.cpl
c:\windows\system32\59f3t9rzat13561.cpl
c:\windows\system32\59z4vi52990.exe
c:\windows\system32\5b67backdz952385.dll
c:\windows\system32\5bc8zack5oor291.bin
c:\windows\system32\5c4ethre9t26982z.dll
c:\windows\system32\5d93szywar91988.dll
c:\windows\system32\5ee0tz9e51026.bin
c:\windows\system32\5ez9addw9re634.bin
c:\windows\system32\5f62z9c5door1581.ocx
c:\windows\system32\5fb95hi9f44z.exe
c:\windows\system32\5z66backdoor297.exe
c:\windows\system32\5z72spy3ee9.bin
c:\windows\system32\5z86steal6959.dll
c:\windows\system32\6055spy2ze9.bin
c:\windows\system32\60afviz9225.cpl
c:\windows\system32\60f6spazse16059.dll
c:\windows\system32\60z2sparse5459.cpl
c:\windows\system32\61easze9l2695.exe
c:\windows\system32\6209azdwar91515.cpl
c:\windows\system32\62z7spy5f79.exe
c:\windows\system32\635spywa9e934z.exe
c:\windows\system32\654fzi52090.bin
c:\windows\system32\658dspyware1z759.bin
c:\windows\system32\65az9parse138.bin
c:\windows\system32\665adzwar91342.dll
c:\windows\system32\6698ba5zdoor72.exe
c:\windows\system32\6883do5zloader890.cpl
c:\windows\system32\68b7backd59r268z.exe
c:\windows\system32\68dcbzck9o5r31.exe
c:\windows\system32\6928bzc5door2158.dll
c:\windows\system32\693bba5zdoor1039.dll
c:\windows\system32\6997spz54f.ocx
c:\windows\system32\69d9stza52928.exe
c:\windows\system32\69z0spywa5e2902.bin
c:\windows\system32\6a4zt9ief25795.bin
c:\windows\system32\6ab9azd9are5937.cpl
c:\windows\system32\6bb79irz51.ocx
c:\windows\system32\6d529hreatz951.ocx
c:\windows\system32\6d5bspywzre29185.bin
c:\windows\system32\6d9ft5ief197z.cpl
c:\windows\system32\6ddf5par9z188.dll
c:\windows\system32\6f42tzrea523192.cpl
c:\windows\system32\6fe1steal1z59.ocx
c:\windows\system32\6z92bac5door3231.ocx
c:\windows\system32\6z93thie5356.cpl
c:\windows\system32\6zbfad9ware1259.cpl
c:\windows\system32\6zd9spywar53010.bin
c:\windows\system32\709fv5r10z9.bin
c:\windows\system32\710ad9wn5oazer479.cpl
c:\windows\system32\7118s9yzare657.bin
c:\windows\system32\7200t5o9f2z.bin
c:\windows\system32\7235addwzre1993.cpl
c:\windows\system32\757zspars914705.ocx
c:\windows\system32\75dfbazkdo9r788.ocx
c:\windows\system32\7605vzrus4b9.ocx
c:\windows\system32\771es9arsz9605.ocx
c:\windows\system32\784095ckdoor153z.dll
c:\windows\system32\793zspy591.dll
c:\windows\system32\7972tzief253.exe
c:\windows\system32\799bvzr22335.bin
c:\windows\system32\79d5stz9l5658.cpl
c:\windows\system32\79z8troj9315.cpl
c:\windows\system32\7d1downloa95r2137z.cpl
c:\windows\system32\7d1e9i5114z.cpl
c:\windows\system32\7d90zteal25575.dll
c:\windows\system32\7df6addw9re19z5.cpl
c:\windows\system32\7e95ackdooz2967.bin
c:\windows\system32\8020no9-a-5irus5dz.cpl
c:\windows\system32\82spamboz90b5.ocx
c:\windows\system32\8475hacktooz1a49.cpl
c:\windows\system32\87475pzmbot2fc9.exe
c:\windows\system32\90932not-a-virus3ez5.ocx
c:\windows\system32\91935hreat12z26.cpl
c:\windows\system32\9208stea5715z.bin
c:\windows\system32\921z9py4b15.bin
c:\windows\system32\93z6sp5rse3020.cpl
c:\windows\system32\94102z5ambot251.cpl
c:\windows\system32\94195worz5d9.ocx
c:\windows\system32\94289no5za-virus324.cpl
c:\windows\system32\94333vi5zs102.ocx
c:\windows\system32\9490sp56ze.ocx
c:\windows\system32\9501tzo52b.cpl
c:\windows\system32\95684s5y43cz.cpl
c:\windows\system32\9594t5zeat25193.dll
c:\windows\system32\95f9thizf2459.cpl
c:\windows\system32\975azhief2330.bin
c:\windows\system32\9779tzie52964.exe
c:\windows\system32\980zpambot5.ocx
c:\windows\system32\98567spa5bot1a0z.bin
c:\windows\system32\99bzddwa5e498.cpl
c:\windows\system32\9az5downloader35.exe
c:\windows\system32\9b975ddware25z8.ocx
c:\windows\system32\9c7th9ezt50515.cpl
c:\windows\system32\9c9esparsz2570.cpl
c:\windows\system32\9d68th5ez254.cpl
c:\windows\system32\9e52ba5kdoorz594.bin
c:\windows\system32\9e55sp5rsz2023.bin
c:\windows\system32\9ecthief25z5.cpl
c:\windows\system32\9f95stezl142.bin
c:\windows\system32\9z5threat1907.ocx
c:\windows\system32\9z8bb5ckdoor956.dll
c:\windows\system32\baeth5efz9.dll
c:\windows\system32\ce45pyware1z89.dll
c:\windows\system32\d95viz181.bin
c:\windows\system32\dz9ownloader5993.ocx
c:\windows\system32\e59ba5kdooz400.bin
c:\windows\system32\ez7thi5f1956.ocx
c:\windows\system32\f08downloade59z99.cpl
c:\windows\system32\z1230not-a-vir9s7a5.ocx
c:\windows\system32\z1a8back5oor1109.bin
c:\windows\system32\z2065spam95t6d5.ocx
c:\windows\system32\z2295py437.exe
c:\windows\system32\z2350troj9cd.cpl
c:\windows\system32\z2895worm5a5.cpl
c:\windows\system32\z2898hack5oo921c.dll
c:\windows\system32\z351wor91a5.dll
c:\windows\system32\z3aad9wa5e1224.ocx
c:\windows\system32\z3d5spyware19585.cpl
c:\windows\system32\z4194s5y559.dll
c:\windows\system32\z4379sp5mbot47e9.cpl
c:\windows\system32\z4556wor9106.dll
c:\windows\system32\z486spa5bot7f89.dll
c:\windows\system32\z5049troj5b5.bin
c:\windows\system32\z5c4sp9rse526.cpl
c:\windows\system32\z5f5vi97.bin
c:\windows\system32\z6215tr9jb5.cpl
c:\windows\system32\z6524spy9ef.ocx
c:\windows\system32\z79425orm387.dll
c:\windows\system32\z79985roj15a.bin
c:\windows\system32\z875downlo9der5763.cpl
c:\windows\system32\z9055tro9758.exe
c:\windows\system32\z993spa95ot6a0.dll
c:\windows\system32\za51spywar92662.ocx
c:\windows\system32\zdc659arse1015.bin
c:\windows\system32\zf95thief539.ocx
c:\windows\system32\zfd5spywa9e3188.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\z00dsteal596.ocx
c:\windows\z0136spa9b5t1a3.dll
c:\windows\z042t5reat5639.cpl
c:\windows\z0559hief2483.exe
c:\windows\z0703hack5ool369.dll
c:\windows\z0a9do5nloader1468.cpl
c:\windows\z152s9y329.exe
c:\windows\z15cspars9463.bin
c:\windows\z2915worm508.dll
c:\windows\z4092troj753.cpl
c:\windows\z4760wor5396.bin
c:\windows\z5290worm258.exe
c:\windows\z555worm769.ocx
c:\windows\z69daddw5re15329.exe
c:\windows\z6c35ownloader2948.cpl
c:\windows\z74fthief25939.cpl
c:\windows\z899tr5j386.exe
c:\windows\z92fspyw59e982.exe
c:\windows\z9595troj544.dll
c:\windows\z95dspyware1901.exe
c:\windows\z9656t5oj40c9.dll
c:\windows\zb92addw5re1687.ocx
c:\windows\ze96addwa5e1611.bin

.
((((((((((((((((((((((((( Files Created from 2009-07-25 to 2009-08-25 )))))))))))))))))))))))))))))))
.

2009-08-24 00:01 . 2009-08-24 00:04 -------- d-----w- c:\program files\ERUNT
2009-08-21 22:58 . 2009-08-22 01:32 -------- d-----w- c:\program files\Microsoft Security Essentials
2009-08-21 22:56 . 2009-08-21 22:56 -------- d-----w- C:\5f807059a6ff85bdb64a6e1d36c47f4b
2009-08-21 22:33 . 2009-08-21 22:33 -------- d-----w- C:\209170f20bc7f5ca1e
2009-08-12 03:56 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-25 00:32 . 2009-04-10 15:39 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-25 00:31 . 2009-04-10 15:39 -------- d-----w- c:\program files\SpywareBlaster
2009-08-21 22:01 . 2009-04-10 16:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-08-15 16:31 . 2008-12-03 04:55 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-15 16:31 . 2008-12-03 04:55 -------- d-----w- c:\program files\NOS
2009-08-12 15:20 . 2009-06-21 22:02 -------- d-----w- c:\program files\Google
2009-08-12 15:18 . 2009-05-08 00:27 -------- d-----w- c:\program files\Yahoo!
2009-08-12 02:56 . 2009-07-25 18:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-12 02:55 . 2009-07-25 18:49 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-05 09:01 . 2003-07-16 16:31 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 18:36 . 2009-07-25 18:47 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 18:36 . 2009-07-25 18:47 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-20 16:19 . 2009-06-21 22:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM
2009-07-19 15:40 . 2009-07-19 15:40 -------- d-----w- c:\program files\CCleaner
2009-07-17 19:01 . 2003-07-16 16:18 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 16:47 . 2009-06-21 22:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2009-07-12 17:21 . 2004-08-04 07:56 233472 ------w- c:\windows\system32\wmpdxm.dll
2009-07-04 20:03 . 2009-04-14 14:10 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2009-07-04 16:01 . 2009-07-04 13:46 -------- d-----w- c:\program files\Trend Micro
2009-07-03 20:20 . 2009-07-03 20:20 -------- d-----w- c:\program files\Secunia
2009-07-03 18:01 . 2009-07-03 18:01 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-07-03 17:09 . 2006-06-23 19:33 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-01 15:27 . 2009-07-01 15:26 2069088 ----a-w- C:\RegCureSetup_RW.exe
2009-07-01 00:24 . 2009-07-01 00:20 49811272 ----a-w- C:\a2FreeSetup.exe
2009-06-26 00:54 . 2009-06-26 00:54 618072 ----a-w- C:\PSISetup.exe
2009-06-25 08:25 . 2005-06-15 17:50 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2003-07-16 16:44 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2003-07-16 16:38 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2003-07-16 16:37 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2003-07-16 16:31 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:25 . 2003-07-16 16:26 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-24 22:27 . 2008-11-29 21:26 42944 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-24 11:18 . 2003-07-16 16:26 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-21 22:07 . 2009-06-21 22:07 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-06-18 23:48 . 2009-03-11 23:21 142832 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2009-06-18 15:13 . 2009-06-18 15:13 1828872 ----a-w- C:\advisor.exe
2009-06-17 12:20 . 2009-06-17 12:20 12648 ----a-w- c:\windows\system32\drivers\psi_mf.sys
2009-06-16 15:50 . 2009-06-13 21:01 65778464 ----a-w- C:\avg_free_stf_en_85_364a1545.exe
2009-06-16 14:36 . 2003-07-16 16:41 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2003-07-16 16:22 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 12:31 . 2003-07-16 16:42 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2003-07-16 16:41 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:19 . 2008-11-17 00:22 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 14:13 . 2003-07-16 16:18 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:14 . 2003-07-16 16:45 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2005-08-30 04:02 1291264 ----a-w- c:\windows\system32\quartz.dll
.

------- Sigcheck -------

[-] 2004-08-04 05:39 142464 841F385C6CFAF66B58FBD898722BB4F0 c:\windows\$NtServicePackUninstall$\aec.sys
[7] 2008-04-13 16:39 142592 8BED39E3C35D6A489438B8141717A557 c:\windows\ServicePackFiles\i386\aec.sys
[-] 2004-08-04 05:39 142464 841F385C6CFAF66B58FBD898722BB4F0 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\aec.sys
[-] 2004-08-04 05:39 142464 841F385C6CFAF66B58FBD898722BB4F0 c:\windows\system32\drivers\aec.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SBAutoUpdate"="c:\program files\SpywareBlaster\sbautoupdate.exe" [2009-04-09 923176]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-08-06 1046840]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-6-24 803176]
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [6/17/2009 7:20 AM 12648]
S3 AFFUDMWR;AFFUDMWR; [x]
S3 DFCVOPD;DFCVOPD; [x]
S3 SAIBSAXPIZFFIMVK;SAIBSAXPIZFFIMVK; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-08-25 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 22:36]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://att.net
uDefault_Page_URL = hxxp://att.net
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: {2FE838F6-E5AB-4A8E-A0CA-D68D073E6CC9} = 68.238.64.12,68.238.128.12
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-24 19:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1454471165-854245398-1398299171-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cc,91,1e,ad,b6,70,cc,44,a0,52,23,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,46,05,c9,c8,a9,12,da,4b,bb,3c,d5,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cc,91,1e,ad,b6,70,cc,44,a0,52,23,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\System32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\System32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,46,05,c9,c8,a9,12,da,4b,bb,3c,d5,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,46,05,c9,c8,a9,12,da,4b,bb,3c,d5,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1148)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\SpywareGuard\sgbhp.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-08-25 19:37 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-25 00:37

Pre-Run: 30,312,833,024 bytes free
Post-Run: 30,298,988,544 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

935 --- E O F --- 2009-08-24 16:52

#8 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:24 AM

Posted 25 August 2009 - 06:21 AM

Combofix ran a long time due to its having to removing a lot of files. :thumbup2:

Start your MBAM MalwareBytes' Anti-Malware.
Click the Settings Tab. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.
At this time of posting, the current definitions are # 2693 or later. The latest program version is 1.40

When done, click the Scanner tab.
Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

=

Next, Scan the system with the Kaspersky Online Scanner
http://www.kaspersky.com/virusscanner

Posted Image Attention: Kaspersky Online Scanner 7.0 may not run successfully while another antivirus program is running. If you have Anti-Virus software installed, please temporarily disable your AV protection before running the Kaspersky Online Scanner. Reenable it after the scan is finished.

During this run, make sure your browser does not block popup windows. Have patience while some screens populate.

1) Click the Kapersky Online Scanner button. You'll see a popup window.
2) Accept the agreement
3) Accept the installation of the required ActiveX object ( XP SP2-SP3 will show this in the Information Bar )
4) For XP SP2-SP3, click the Install button when prompted
5) The necessary files will be downloaded and installed. Please have plenty of patience.
6) After Kaspersky AntiVirus Database is updated, look at the Scan box.
7) Click the My Computer line
8 ) Be infinetely patient, the scan is comprehensive and, unlike other online antivirus scanners, will detect all malwares

9) When the scan is completed there will be an option to Save report as a .txt file. Click that button. Copy and paste the report into your reply.

( To see an animated tutorial-how-to on the scan, see >>this link<<)

Re-enable your antivirus program after Kaspersky has finished.
Kapersky Online Scanner can be uninstalled later on from Add or Remove Programs in the Control Panel, if desired.

Do not be alarmed if Kaspersky tags items that are already in quarantine by MBAM, or ComboFix's Qoobox & quarantine.
Kaspersky is a report only and does not remove files.

Post back with copies of the the MBAM scan log
and the Kaspersky.txt report
.
How is your system now ?

Edited by Maurice Naggar, 25 August 2009 - 06:22 AM.

~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#9 johnfull

johnfull
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 25 August 2009 - 10:23 PM

Hi Maurice -

Like you said, be patient!

Below are copies of the the MBAM scan log and the Kaspersky.txt report.

The laptop mostly works OK if there is not a big load on the processor. It has an overheating problem which I remieded by adding an "auxillary outboard fan" to pull air through the processor heatsink. Without the fan, it will lockup easily.

I very much appreciate the support and attention you have provided to me. Thank you !!!

The reports:

Malwarebytes' Anti-Malware 1.40
Database version: 2695
Windows 5.1.2600 Service Pack 3

8/25/2009 1:36:12 PM
mbam-log-2009-08-25 (13-36-12).txt

Scan type: Quick Scan
Objects scanned: 87901
Time elapsed: 28 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, August 25, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, August 26, 2009 01:54:36
Records in database: 2688053
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\

Scan statistics:
Objects scanned: 40285
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 02:28:28


File name / Threat / Threats count
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2B65C1MZ\ronamishen_com[1].htm Infected: Trojan.JS.Agent.aiq 1

Selected area has been scanned.

#10 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:24 AM

Posted 26 August 2009 - 09:07 AM

We need to make 1 pass with OTL to cleanup temporary files. This will force a reboot.
Save and close any open work documents you have open. Exit any programs you have started yourself.
  • Please double-click OTL.exe Posted Image to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :files
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2B65C1MZ\ronamishen_com[1].htm 
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\*.*
    C:\recycler
    D:\recycler
    e:\recycler
    f:\recycler
    g:\recycler
    h:\recycler
    
    :Commands
    [purity]
    [emptytemp]
    [reboot]
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button Run Fix.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes.

I will not need that log.


Unless you have purchased Malwarebytes' Anti Malware {MBAM}, you should to un-install it. Go to Control Panel and Add-or-Remove programs.
Look for it and click the line for it. Select Change/Remove to de-install it.
De-install Kaspersky Online scan.
OK & Exit out of Control Panel

I see that you are clear of your original issues.
If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used; followed by advice on staying safer.

We have to remove Combofix and all its associated folders.
By whichever name you named it, ( you had named it combo-fix Posted Image), put that name in the RUN box stated just below.
The "/u" in the Run line below is to start Combofix for it's cleanup & removal function.
Note the space after x and before the slash mark.
The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.
  • Click Start, then click Run.

    In the command box that opens, type or copy/paste combo-fix /u and then click OK.
  • Please double-click OTL.exe Posted Image to run it.
  • Click on the CleanUp! button at upper Right corner. When you do this a text file named cleanup.txt will be downloaded from the internet. If you get a warning from your firewall or other security programs regarding OTL attempting to contact the internet you should allow it to do so. After the list has been download you'll be asked if you want to Begin cleanup process? Select Yes.
  • This step removes the files, folders, and shortcuts created by the tools I had you download and run.
Delete RootRepeal download and RootRepeal.exe, if still present.
We are finished here. Best regards.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#11 johnfull

johnfull
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:24 AM

Posted 26 August 2009 - 09:40 PM

Hi Maurice -

Thank you very much for the assistance. The lappy runs OK now.

I certainly appreciate the final cleanup instructions and direction for the future.

This puppy had been infected from at least last November - looks good to go now !!

I wish you every success in the future.

Best regards, John

#12 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:24 AM

Posted 29 August 2009 - 10:48 AM

John,
You are most welcome. Wish you all the best. Stay safe.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users