Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

computer slow & redirects browser help


  • Please log in to reply
5 replies to this topic

#1 cardoctorlv31

cardoctorlv31

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 03 September 2009 - 12:24 AM

Im following the help for infection directions heres my logs :>



DDS (Ver_09-07-30.01) - NTFSx86
Run by Owner at 22:10:26.40 on Wed 09/02/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.748 [GMT -7:00]

AV: Webroot Internet Security Essentials *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}

============== Running Processes ===============

C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2RORK32J\dds[1].scr

============== Pseudo HJT Report ===============

TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
mRun: [MyIPAddress]
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-explorer: <NO NAME> =
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: &Search
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: RAinit - RAinit.dll

============= SERVICES / DRIVERS ===============

R2 DLPORTIO;DLPORTIO;c:\windows\DLPORTIO.sys [2009-5-2 3584]
R2 RARfsDriver;RemotelyAnywhere Remote File System Driver;c:\windows\system32\drivers\RARfsDriver.sys [2009-8-9 47528]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\spy sweeper\WRConsumerService.exe [2009-4-30 1181040]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 ramirr;ramirr;c:\windows\system32\drivers\ramirr.sys [2008-9-8 10168]
S1 869351fc;869351fc;c:\windows\system32\drivers\869351fc.sys [2009-4-18 0]
S2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\2.bin\mwssvc.exe --> c:\progra~1\mywebs~1\bar\2.bin\mwssvc.exe [?]
S2 RAInfo;RemotelyAnywhere Kernel Information Provider;\??\c:\program files\remotelyanywhere\x86\rainfo.sys --> c:\program files\remotelyanywhere\x86\RaInfo.sys [?]
S4 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-4-17 33176]
S4 RARfsClientNP;RARfsClientNP; [x]
S4 Windows MSI;Windows MSI;\\?\globalroot\systemroot\system32\msihost.exe [2009-8-26 84992]

=============== Created Last 30 ================

2009-09-02 22:07 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-02 22:07 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-09-02 22:07 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-02 08:16 10,664 a------- c:\windows\14z225pambot98.bin
2009-09-02 02:45 10,131 a------- c:\windows\9063hackt5olz4d9.bin
2009-09-01 17:06 9,860 a------- c:\windows\system32\7ddfstza95788.dll
2009-08-31 20:47 9,919 a------- c:\windows\25799no5za-virus61d.cpl
2009-08-28 15:48 10,038 a------- c:\windows\system32\92589za5bot7e3.exe
2009-08-28 06:04 18,157 a------- c:\windows\2z968worm685.bin
2009-08-28 02:55 2,767 a------- c:\windows\z919back9oo52279.cpl
2009-08-27 20:23 3,411 a------- c:\windows\system32\1f3dzackdo9r2452.dll
2009-08-27 12:16 15,448 a------- c:\windows\system32\63235hze9t3720.bin
2009-08-27 11:51 16,580 a------- c:\windows\system32\9447s5eaz2649.dll
2009-08-27 08:40 62 a------- c:\windows\MyProg.ini
2009-08-27 02:59 <DIR> --d----- c:\docume~1\owner\applic~1\FreeCap
2009-08-27 01:31 13,707 a------- c:\windows\5z9py7b0.exe
2009-08-27 01:27 <DIR> --d----- c:\program files\LiveSpy
2009-08-27 01:25 411,368 a------- c:\windows\system32\deploytk.dll
2009-08-27 01:25 73,728 a------- c:\windows\system32\javacpl.cpl
2009-08-27 01:09 <DIR> --d----- c:\program files\My IP Address
2009-08-27 00:52 10 a---h--- C:\ggxvte.ufx
2009-08-26 23:00 14,515 a------- c:\windows\system32\28z90spamb9t57d.ocx
2009-08-26 16:53 6,459 a------- c:\windows\system32\262zs5919f.cpl
2009-08-26 10:07 84,992 a------- c:\windows\system32\msihost.exe
2009-08-26 07:54 17,391 a------- c:\windows\system32\209z9spa5bot6a3.ocx
2009-08-23 07:13 2,961 a------- c:\windows\258wozm609.ocx
2009-08-22 18:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trymedia
2009-08-22 18:25 <DIR> --d----- c:\documents and settings\owner\Saved Games
2009-08-22 18:25 <DIR> --d----- c:\docume~1\owner\applic~1\FloodLightGames
2009-08-22 18:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\FloodLightGames
2009-08-22 18:24 <DIR> --d----- c:\program files\AOL Games
2009-08-22 10:51 8,809 a------- c:\windows\system32\6c8cv5r94z6.ocx
2009-08-21 13:47 13,328 a------- c:\windows\system32\639faddware2z25.ocx
2009-08-20 22:03 7,626 a------- c:\windows\system32\1451threzt1493.bin
2009-08-20 21:30 15,940 a------- c:\windows\system32\67zda5dw9re2802.dll
2009-08-20 00:04 11,960 a------- c:\windows\7ze9steal1509.bin
2009-08-19 22:22 2,550 a------- c:\windows\system32\1373addzare5319.dll
2009-08-19 21:50 4,304 a------- c:\windows\2353addwaze25859.dll
2009-08-19 11:26 <DIR> --d----- c:\program files\Alpha Card Systems
2009-08-19 10:24 <DIR> --d----- c:\windows\Cache
2009-08-19 08:38 <DIR> --d----- c:\program files\ZebraDesigner
2009-08-19 08:34 532,480 a------- c:\windows\system32\zsdepl.dcl
2009-08-19 08:32 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-08-19 05:55 11,424 a------- c:\windows\system32\9768spy25ez.cpl
2009-08-19 04:54 6,749 a------- c:\windows\system32\18899troj5d5z.dll
2009-08-18 04:38 18,330 a------- c:\windows\5999addwzre5892.cpl
2009-08-16 21:29 12,912 a------- c:\windows\1679not-5-virus1z4.exe
2009-08-16 12:06 13,903 a------- c:\windows\system32\99064not5a-viruz46c.ocx
2009-08-15 12:09 15,093 a------- c:\windows\5fc5zhief2119.dll
2009-08-15 07:48 8,482 a------- c:\windows\system32\44cethizf27519.bin
2009-08-13 08:05 10,070 a------- c:\windows\system32\60189ackdoorz525.cpl
2009-08-12 22:05 8,819 a------- c:\windows\system32\z5908spy15e.ocx
2009-08-12 09:33 2,808 a------- c:\windows\system32\942z35orm20.cpl
2009-08-11 07:23 13,052 a------- c:\windows\system32\59z0steal2956.cpl
2009-08-10 19:23 10,724 a------- c:\windows\2z592t95j3.ocx
2009-08-09 15:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\LogMeIn
2009-08-09 12:15 29,008 a------- c:\windows\system32\RAport.dll
2009-08-09 12:15 83,312 a------- c:\windows\system32\RARfsClientNP.dll.000.bak
2009-08-09 12:15 83,312 a------- c:\windows\system32\RARfsClientNP.dll
2009-08-09 12:15 47,528 a------- c:\windows\system32\drivers\RARfsDriver.sys
2009-08-09 12:15 91,472 a------- c:\windows\system32\RAinit.dll
2009-08-09 12:15 1,024 a------- C:\.rnd
2009-08-09 12:06 <DIR> --d----- c:\program files\Network Console
2009-08-09 10:27 11,816 a------- c:\windows\1a59steaz590.bin
2009-08-09 00:05 <DIR> --d----- c:\program files\Trivia Machine
2009-08-08 22:55 8,585 a------- c:\windows\system32\15904not-z-virus5539.cpl
2009-08-08 18:17 9,319 a------- c:\windows\796fb9ckdooz6955.dll
2009-08-08 17:45 262,144 a------- C:\ntuser.dat
2009-08-08 17:44 <DIR> --d----- c:\program files\Yahoo!
2009-08-08 11:02 12,154 a------- c:\windows\system32\ef2t9rza531939.exe
2009-08-08 08:03 <DIR> --d----- C:\SWSetup
2009-08-08 06:37 445,440 a------- c:\windows\system32\drivers\ntndis.exe
2009-08-07 23:57 3,478 a------- c:\windows\5952backdoorz55.cpl
2009-08-07 19:27 5,372 a------- c:\windows\970spyware33z5.dll
2009-08-07 12:17 12,057 a------- c:\windows\system32\6e5bvir931z.exe
2009-08-06 10:49 13,119 a------- c:\windows\7a01th9ef2845z.bin
2009-08-06 09:46 15,875 a------- c:\windows\5c91sp9rse274z.cpl
2009-08-05 04:37 4,914 a------- c:\windows\system32\52a19hiez3875.dll
2009-08-05 04:01 7,449 a------- c:\windows\55359virus38z.dll
2009-08-04 18:46 15,648 a------- c:\windows\263bbaz5d9or969.ocx

==================== Find3M ====================

2009-08-26 10:02 196,608 a------- c:\windows\system32\avisynth.dll
2009-08-26 10:01 414,272 a------- c:\windows\system32\DivXc32f.dll
2009-08-26 10:01 414,272 a------- c:\windows\system32\DivXc32.dll
2009-08-26 10:01 33,280 a------- c:\windows\system32\HUFFYUV.DLL
2009-08-03 09:09 17,816 a------- c:\windows\system32\275549pambotdz.exe
2009-08-02 05:50 4,627 a------- c:\windows\988zv5r4.dll
2009-08-01 17:06 16,360 a------- c:\windows\system32\7d36sz59l2466.dll
2009-08-01 16:45 18,311 a------- c:\windows\49z9hacktool951.dll
2009-08-01 15:26 6,363 a------- c:\windows\9888spzmbo553e.bin
2009-07-31 22:34 9,053 a------- c:\windows\52603sp9zc3.bin
2009-07-27 15:59 13,172 a------- c:\windows\system32\18958zot-a-virus419.dll
2009-07-26 16:51 17,234 a------- c:\windows\system32\5e0795ckdzor3128.exe
2009-07-26 06:15 12,892 a------- c:\windows\zd9bth5eat7419.bin
2009-07-25 13:14 3,425 a------- c:\windows\system32\66f69ddware543z.dll
2009-07-22 20:48 10,472 a------- c:\windows\system32\224599o5m404z.dll
2009-07-22 06:59 12,841 a------- c:\windows\system32\z6589tro93a7.dll
2009-07-22 05:50 4,394 a------- c:\windows\13584spy4c9z.dll
2009-07-20 23:44 7,728 a------- c:\windows\system32\1ez9spywa5e3265.exe
2009-07-18 05:28 2,617 a------- c:\windows\142495orm2z19.exe
2009-07-18 04:38 6,592 a------- c:\windows\system32\569azparse2031.dll
2009-07-17 16:19 6,152 a------- c:\windows\1835659rzs7f6.dll
2009-07-15 23:13 2,703 a------- c:\windows\system32\17e7doznloade92165.dll
2009-07-15 21:31 5,225 a------- c:\windows\system32\20z85spambot58c9.bin
2009-07-15 19:37 3,078 a------- c:\windows\2650zspambot9995.bin
2009-07-15 15:56 2,816 a------- c:\windows\43325z945a.dll
2009-07-14 17:28 7,330 a------- c:\windows\20975spyz8a9.exe
2009-07-14 17:18 3,681 a------- c:\windows\system32\31645a9kdoor1939z.bin
2009-07-13 10:20 16,302 a------- c:\windows\31393spz405.exe
2009-07-11 15:21 11,551 a------- c:\windows\9953spamzot715.bin
2009-07-11 00:07 4,759 a------- c:\windows\system32\25590tr5j10az.dll
2009-07-10 09:58 9,027 a------- c:\windows\system32\15892spamboz799.bin
2009-07-09 18:06 11,075 a------- c:\windows\system32\59c45ir21z3.dll
2009-07-09 18:00 11,558 a------- c:\windows\5ze4spy5are906.exe
2009-07-05 23:59 9,589 a------- c:\windows\642zvi59422.dll
2009-07-05 01:28 3,139 a------- c:\windows\192259orm54z.bin
2009-07-04 23:58 16,502 a------- c:\windows\system32\563dzpywar95766.bin
2009-07-04 14:59 16,158 a------- c:\windows\5d39thzeat6721.exe
2009-07-04 08:47 18,305 a------- c:\windows\system32\5c49spywarez65.bin
2009-07-03 13:36 12,599 a------- c:\windows\system32\79ae9zea51882.bin
2009-07-02 06:43 16,373 a------- c:\windows\3adespar599z6.exe
2009-07-01 22:31 2,647 a------- c:\windows\system32\4588th95at1942z.bin
2009-06-30 17:42 3,373 a------- c:\windows\1z609ot-a-virus605.dll
2009-06-27 00:20 14,629 a------- c:\windows\z4019spambot705.exe
2009-06-26 20:16 17,612 a------- c:\windows\system32\z9cfsparse5699.exe
2009-06-25 22:46 2,563 a------- c:\windows\system32\14238hackto5z77f9.dll
2009-06-25 04:03 9,762 a------- c:\windows\system32\569dvzr1723.bin
2009-06-23 16:53 10,477 a------- c:\windows\system32\94at5iez9750.dll
2009-06-23 10:45 9,941 a------- c:\windows\5493sz9rs53170.dll
2009-06-23 08:02 6,705 a------- c:\windows\system32\z4607vi9us251.dll
2009-06-23 05:53 8,225 a------- c:\windows\26396zroj1d95.exe
2009-06-22 03:02 10,376 a------- c:\windows\5157spy9are1857z.dll
2009-06-19 12:09 3,118 a------- c:\windows\3d94zhi9f395.bin
2009-06-16 20:18 7,022 a------- c:\windows\system32\315z3worm59d5.bin
2009-06-15 21:09 17,916 a------- c:\windows\9azds5arse2635.bin
2009-06-15 20:27 2,939 a------- c:\windows\5994s5eal154z.bin
2009-06-14 08:16 8,367 a------- c:\windows\system32\5056zhre9t19078.bin
2009-06-13 17:35 16,742,799 a------- c:\docume~1\alluse~1\applic~1\vlc-0.9.9-win32.exe
2009-06-13 11:47 4,985 a------- c:\windows\system32\456zspy9are944.exe
2009-06-10 23:23 6,614 a------- c:\windows\system32\1fzthreat25929.dll
2009-06-07 11:04 3,956 a------- c:\windows\1e3zthre5t195019.exe
2009-06-06 08:00 18,141 a------- c:\windows\2d73ste9l2815z.dll
2009-06-05 08:38 2,589 a------- c:\windows\system32\319hac5tool5z.bin
2009-06-05 04:08 9,435 a------- c:\windows\52153spambzt93e.dll
2009-05-01 19:51 87,608 a------- c:\docume~1\owner\applic~1\inst.exe
2009-05-01 19:51 47,360 a------- c:\docume~1\owner\applic~1\pcouffin.sys

============= FINISH: 22:10:46.14 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:59 AM

Posted 04 September 2009 - 11:50 AM

Hello! :(
My name is Sam and I will be helping you.

In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.



Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 cardoctorlv31

cardoctorlv31
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 04 September 2009 - 01:47 PM

thank you Buckeye_Sam for your help !

ok i followed directions and attaching log ! my puter still slow , theres a real long delay after clicking a desktop icon to start thats about it ?


ComboFix 09-09-03.02 - Owner 09/04/2009 11:24.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.794 [GMT -7:00]
Running from: c:\documents and settings\Owner\My Documents\ComboFix.exe
AV: Webroot Internet Security Essentials *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
* Created a new restore point
.
/wow section - STAGE 34
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Owner\APPLIC~1\inst.exe
C:\install.exe
c:\program files\AskSearch\bin\DeFAultsearch.dll
c:\windows\10122tr5jz92.ocx
c:\windows\1080hazkto5l49a.cpl
c:\windows\109z9worm542.bin
c:\windows\11235virzs98.ocx
c:\windows\11595vzrusc.bin
c:\windows\1159spyware91z.bin
c:\windows\11835p9mzot564.exe
c:\windows\11931not-a-virusz5b.bin
c:\windows\12405v9rusb3z.exe
c:\windows\12526hackzo5l497.exe
c:\windows\1257zspambo95e7.ocx
c:\windows\12582wozm53e9.dll
c:\windows\12776not59-virus3z1.exe
c:\windows\12779tzoj1d5.cpl
c:\windows\1279not-a-vi5us49dz.ocx
c:\windows\1296zspy536.bin
c:\windows\12abdownz9ad5r1511.cpl
c:\windows\12z93virus50f.dll
c:\windows\13059noz-5-virus5fa9.bin
c:\windows\132zwo591ee.exe
c:\windows\13584spy4c9z.dll
c:\windows\13594not-a-virus7cz.exe
c:\windows\13928not-a-vir5z701.exe
c:\windows\13936hackto5l43z.ocx
c:\windows\13e5addzare99.dll
c:\windows\13z15spy33b9.cpl
c:\windows\14175wo5z39d.bin
c:\windows\14240no9-a-virzs574.dll
c:\windows\142495orm2z19.exe
c:\windows\142es5e9l1523z.exe
c:\windows\14322ha5ktozl5e9.cpl
c:\windows\1496spywarez506.ocx
c:\windows\14a5thief251z9.cpl
c:\windows\14dst9zl21645.exe
c:\windows\14z225pambot98.bin
c:\windows\14z27spy259.ocx
c:\windows\14z55hac59ool67a.exe
c:\windows\14z65wo9m365.ocx
c:\windows\1532zwor970a.ocx
c:\windows\1540zvirus1549.cpl
c:\windows\15490tzo59.dll
c:\windows\1554back9oor2z1.dll
c:\windows\15593spz38b9.cpl
c:\windows\156z9not-a-virus557.ocx
c:\windows\15736noz-a-viru92ea.bin
c:\windows\1575zs9yd9.dll
c:\windows\15833h5z9tool73.exe
c:\windows\15890hackt5ol3a9z.ocx
c:\windows\1595zspy49c.dll
c:\windows\1597viru9546z.ocx
c:\windows\15z77not-a-vi9us59e.exe
c:\windows\16007nzt9a-virusf5.cpl
c:\windows\16352zor91c9.exe
c:\windows\16491zir5s982.bin
c:\windows\16505w9zm59f.ocx
c:\windows\16514hac5to9z2a8.cpl
c:\windows\165z9not-a-v5rus14c9.bin
c:\windows\16626z9rus59b5.exe
c:\windows\16654not-95viruz7d1.bin
c:\windows\1679not-5-virus1z4.exe
c:\windows\1688295rus6fz.cpl
c:\windows\1695virz35.bin
c:\windows\16dbza5kdoor25349.dll
c:\windows\16z99t5oj201.exe
c:\windows\17005not-azv9rus11e.ocx
c:\windows\17020virus79z5.ocx
c:\windows\17087s5a9zot4d8.exe
c:\windows\1733thre9t3z585.ocx
c:\windows\17506no9-a-zirus53.cpl
c:\windows\1762zsp9mbot7575.dll
c:\windows\17819tzo517b.dll
c:\windows\1799495t-a-zirus784.cpl
c:\windows\179cszeal1275.bin
c:\windows\18145not-a-9ir5s16z.dll
c:\windows\18303z5oj5069.dll
c:\windows\1835659rzs7f6.dll
c:\windows\183bazdware11295.cpl
c:\windows\18430not-a-v9ruz6d45.exe
c:\windows\1853thzef1690.bin
c:\windows\185z59py677.exe
c:\windows\1876t5z975b.dll
c:\windows\1891195cktoolz24.dll
c:\windows\18945not-a-virus4fz.dll
c:\windows\1899szam5ot571.cpl
c:\windows\189z8wo599f.dll
c:\windows\18z67vir594d0.ocx
c:\windows\19165hzcktool9ff.exe
c:\windows\19197troz583.cpl
c:\windows\192259orm54z.bin
c:\windows\19270vi9uz556.dll
c:\windows\19272spamboz695.ocx
c:\windows\19294v5rus92fz.bin
c:\windows\192z1sp592.exe
c:\windows\19387s5ambzt971.dll
c:\windows\19482vzrus5de.dll
c:\windows\19514not-a-59rus3c6z.ocx
c:\windows\1958zvi9us3745.cpl
c:\windows\195fthrza913507.ocx
c:\windows\19645hac9tozl5bd.cpl
c:\windows\19941not-a5vi9usz61.cpl
c:\windows\19952spa9bot1ez5.cpl
c:\windows\19954notza5virus7c8.exe
c:\windows\19956virusz45.dll
c:\windows\19athre95z5525.dll
c:\windows\19az59arse1963.ocx
c:\windows\19b2thzea52499.bin
c:\windows\19b5spywzre2155.exe
c:\windows\19ddthief2z795.ocx
c:\windows\19e5szarse245.cpl
c:\windows\19z0vi52298.exe
c:\windows\1a59steaz590.bin
c:\windows\1a935teal2z72.dll
c:\windows\1aecd5wnzoader2599.dll
c:\windows\1c46back5oor943z.exe
c:\windows\1c60s95rse1z14.ocx
c:\windows\1c9baddwzre10485.exe
c:\windows\1czfd5wnloader3679.exe
c:\windows\1d21down5oa9er8z8.cpl
c:\windows\1d91tzie5455.exe
c:\windows\1de8down9ozde51255.exe
c:\windows\1e3zthre5t195019.exe
c:\windows\1e4ed5wnlzad9r2417.bin
c:\windows\1e59azdware5830.dll
c:\windows\1e9bbazkdoor25985.exe
c:\windows\1ff3s9zware5176.exe
c:\windows\1ff7spzr9e350.bin
c:\windows\1z0159y68b.ocx
c:\windows\1z1dthre5t84289.dll
c:\windows\1z554v9rus41e.cpl
c:\windows\1z609ot-a-virus605.dll
c:\windows\1z913sp95fe5.ocx
c:\windows\1z9865ac9tool1e.ocx
c:\windows\1zcf9hreat25055.ocx
c:\windows\1zd2vi9625.dll
c:\windows\1zfast5a9969.dll
c:\windows\20389ot-a-5irusz1f.bin
c:\windows\20533tzo5299.exe
c:\windows\20695spy4z5.exe
c:\windows\20975spyz8a9.exe
c:\windows\21350not-z-v9ru5b5.ocx
c:\windows\21446z9yd95.bin
c:\windows\21950spzmbot9a9.ocx
c:\windows\22179z9y5145.ocx
c:\windows\22325ziru5209.ocx
c:\windows\226375ir9s186z.bin
c:\windows\22953spamzot791.cpl
c:\windows\229baddwaze5911.cpl
c:\windows\22a2spzwa9e2752.ocx
c:\windows\22dzv5r9561.cpl
c:\windows\2303995rm3zb.bin
c:\windows\23056z5rm999.exe
c:\windows\23296v5ruz60d.dll
c:\windows\2336359cztool4d2.cpl
c:\windows\234z9viru5302.cpl
c:\windows\2353addwaze25859.dll
c:\windows\2402zh9cktool5b2.exe
c:\windows\240329ot-a-virzs5c4.dll
c:\windows\24623spzm5ot499.cpl
c:\windows\24985t5oj7fz.dll
c:\windows\24c7t9reat3219z5.ocx
c:\windows\24z739py553.ocx
c:\windows\24z75ownloader2938.cpl
c:\windows\24z75spamb9t58d.exe
c:\windows\25068hacktool9zc.bin
c:\windows\25155zirus99.ocx
c:\windows\25334hacktozl2da9.dll
c:\windows\25362spamzotd9.cpl
c:\windows\25376wz9m7.exe
c:\windows\25518virus7c9z.dll
c:\windows\25524hacktool7az9.bin
c:\windows\25568hackto9l55ez.dll
c:\windows\25579worm4z5.bin
c:\windows\255z9troj456.ocx
c:\windows\25799no5za-virus61d.cpl
c:\windows\258wozm609.ocx
c:\windows\2595zsp953c.ocx
c:\windows\2597threat22z75.exe
c:\windows\25ba95ief2z6.exe
c:\windows\25c5v9r1319z.dll
c:\windows\25z0do9nloader2216.cpl
c:\windows\25z17vir9s333.ocx
c:\windows\261z5sp9mbot555.cpl
c:\windows\262z4h9cktool5c9.ocx
c:\windows\26396zroj1d95.exe
c:\windows\263bbaz5d9or969.ocx
c:\windows\26400not-a-9irus4z55.ocx
c:\windows\2650zspambot9995.bin
c:\windows\265z9s5amb9t45b.ocx
c:\windows\266stezl529.cpl
c:\windows\2671tro9za75.exe
c:\windows\2688szars5944.dll
c:\windows\26ect59ef1z35.exe
c:\windows\26z99spamb9549.ocx
c:\windows\27162not-a5z9rus686.dll
c:\windows\2736backzoor5926.bin
c:\windows\2755znot-9-virus673.cpl
c:\windows\27979tz5j27f.dll
c:\windows\27z669p53f2.bin
c:\windows\27z69virus19f5.exe
c:\windows\2828z5ot-a-viru93e8.cpl
c:\windows\28541spzm9ot3fe.ocx
c:\windows\28581za9ktoolf5.bin
c:\windows\285z29iru55b0.cpl
c:\windows\2865thze951224.ocx
c:\windows\289375pyz3.exe
c:\windows\28b7thi592804z.exe
c:\windows\28bza9dware1051.cpl
c:\windows\28d3downloadzr5099.cpl
c:\windows\28e9vzr2859.exe
c:\windows\29009not-a-v5rus57z.ocx
c:\windows\2912b9ckdzor935.ocx
c:\windows\29165spy5z9.bin
c:\windows\29193trzj165.dll
c:\windows\291965ormz89.ocx
c:\windows\29235hacztoo9537.dll
c:\windows\2939d5warz560.ocx
c:\windows\29505z5rm69.exe
c:\windows\29511szy474.dll
c:\windows\2959addzare3152.bin
c:\windows\29652szy4a5.exe
c:\windows\297579zy5815.dll
c:\windows\297895ot-azvirus738.exe
c:\windows\2984znot-a-virus195.ocx
c:\windows\29851spambo5327z.exe
c:\windows\299055rojzb.exe
c:\windows\29950hacktoolzd99.cpl
c:\windows\2995wormz29.exe
c:\windows\29z8th95at30895.ocx
c:\windows\2a29b5ckdozr753.ocx
c:\windows\2a4zsp59are2144.dll
c:\windows\2afdzownlo9der6195.dll
c:\windows\2b5esp9wzre422.cpl
c:\windows\2d35thr9atz7523.ocx
c:\windows\2d73ste9l2815z.dll
c:\windows\2e55steal593z.dll
c:\windows\2e55tz9ef3002.ocx
c:\windows\2eebdo9zl5ader2842.exe
c:\windows\2effth5eat9z69.cpl
c:\windows\2f50backdooz1912.ocx
c:\windows\2f81v9r525z.dll
c:\windows\2z055s9y51a.cpl
c:\windows\2z0bthrea918511.dll
c:\windows\2z1ead9ware1975.dll
c:\windows\2z2495r2373.ocx
c:\windows\2z35dow9loader1206.cpl
c:\windows\2z789r5j6bd.bin
c:\windows\2z968worm685.bin
c:\windows\30482z9r51fc.exe
c:\windows\30502hazktool149.ocx
c:\windows\30626zacktool4985.cpl
c:\windows\3079dz5nloader942.dll
c:\windows\30857n95-a-zirusfd.dll
c:\windows\30950spambot19z.dll
c:\windows\3119backd9or1z55.cpl
c:\windows\31393spz405.exe
c:\windows\31496s5ambot29z.cpl
c:\windows\314z9wo59143.bin
c:\windows\315not-a9ziru5449.cpl
c:\windows\3191vi5z49.cpl
c:\windows\31czv9r2675.cpl
c:\windows\31e6bac9doo5273z.cpl
c:\windows\32009sp5mbzt577.exe
c:\windows\322th9eat130z5.cpl
c:\windows\323z5ackdoor9081.cpl
c:\windows\32417not-a5vi9us1z2.cpl
c:\windows\3246znot-a5v9rus330.bin
c:\windows\32514hackzoo9646.exe
c:\windows\3258zspy269.exe
c:\windows\327215irz9559.ocx
c:\windows\33f9thief25z5.bin
c:\windows\34445zcktool695.dll
c:\windows\35029pywarez701.cpl
c:\windows\3556wzrm54b9.dll
c:\windows\355b5zdwa9e824.ocx
c:\windows\3589sparse23z9.dll
c:\windows\3589spazbo571a.cpl
c:\windows\35911hacktooz7d4.exe
c:\windows\359zvir3294.ocx
c:\windows\35d9spyzare1501.exe
c:\windows\3696stzal27325.exe
c:\windows\36z5t9oj41e.cpl
c:\windows\372aspzr9e23875.bin
c:\windows\3859threa9569z8.exe
c:\windows\3867v9rz545d.ocx
c:\windows\38cf9hief6z45.bin
c:\windows\3925wo5m2zf.exe
c:\windows\3946s5y4zb.dll
c:\windows\3946vzru5583.bin
c:\windows\39569teal1369z.dll
c:\windows\3974downloadzr2750.bin
c:\windows\39f2addwa9529z5.ocx
c:\windows\39z07s5y38.exe
c:\windows\39zat9ie5171.bin
c:\windows\39zespars573.exe
c:\windows\3a1e9pywz5e1794.cpl
c:\windows\3a75zddw9re2544.bin
c:\windows\3adespar599z6.exe
c:\windows\3b75szeal9947.cpl
c:\windows\3b79downloade52z72.dll
c:\windows\3c8aspywa9e115z.dll
c:\windows\3d94virz195.cpl
c:\windows\3d94zhi9f395.bin
c:\windows\3f76zhief15995.bin
c:\windows\3f79vir24z55.ocx
c:\windows\3fbthi5f1z329.dll
c:\windows\3z5a5ddw9re3218.dll
c:\windows\40905iz9415.ocx
c:\windows\4095thiez1988.dll
c:\windows\41c9backdo5z585.ocx
c:\windows\42139hz5at1816.bin
c:\windows\4277hack5ozl1a9.ocx
c:\windows\42c7sz95are1708.dll
c:\windows\42fzth9eat5833.bin
c:\windows\43325z945a.dll
c:\windows\4464s9z4a5.dll
c:\windows\44e6vi91535z.dll
c:\windows\4503down9oader624z.ocx
c:\windows\4544virz29.dll
c:\windows\454zspyware9457.ocx
c:\windows\4559steal53z4.exe
c:\windows\455ftzief9003.dll
c:\windows\4563spam9ot69z.cpl
c:\windows\4574sp5waze6799.bin
c:\windows\45a75dd9zre1582.exe
c:\windows\45zaddware16359.exe
c:\windows\460cszywa5e30709.ocx
c:\windows\46475h9eaz10967.exe
c:\windows\468z9ownlo5der2998.exe
c:\windows\469zbackdoor15569.dll
c:\windows\4784v59use0z.cpl
c:\windows\4793stza92995.ocx
c:\windows\47a8s9zware965.ocx
c:\windows\47adth5e9t917z.cpl
c:\windows\47zfspywa593185.exe
c:\windows\4815threatz7998.ocx
c:\windows\4836t9ief570z.ocx
c:\windows\4899ba5k9oor16z2.ocx
c:\windows\48a19hrezt37325.dll
c:\windows\4925tzoj91.ocx
c:\windows\4939addwar5218z.bin
c:\windows\4950a5dware23z6.cpl
c:\windows\4955steal29z2.cpl
c:\windows\495ethief947z.exe
c:\windows\49c5th9ea52z728.dll
c:\windows\49z9hacktool951.dll
c:\windows\4az5steal394.exe
c:\windows\4b06st59l2372z.cpl
c:\windows\4bddownloaz9r2573.bin
c:\windows\4c56azdwar92815.cpl
c:\windows\4c8ethreat309z15.bin
c:\windows\4d65dzwnload9r578.dll
c:\windows\4d8ethr5a9z8536.bin
c:\windows\4d99addwarez975.exe
c:\windows\4edzaddw5re4919.exe
c:\windows\4f20stealz965.exe
c:\windows\4f23tz59at31656.bin
c:\windows\4f7eb9ckdzor26945.cpl
c:\windows\4z45threat9705.ocx
c:\windows\4z5tro93ed.exe
c:\windows\4z65ro979d.cpl
c:\windows\4z81hack59ol5e8.exe
c:\windows\500bszy9are1325.bin
c:\windows\5087zpy5919.dll
c:\windows\50bz9ir1159.cpl
c:\windows\5136viruszd9.bin
c:\windows\5139thiez3226.ocx
c:\windows\5157spy9are1857z.dll
c:\windows\51583spz956.dll
c:\windows\5159ir211z.bin
c:\windows\515not-z-virus2819.ocx
c:\windows\5170sp9warez226.cpl
c:\windows\518bth9eat5857z.ocx
c:\windows\51aa9iz3123.exe
c:\windows\520eth5e9z502.bin
c:\windows\52153spambzt93e.dll
c:\windows\52603sp9zc3.bin
c:\windows\526869orm1b3z.exe
c:\windows\52816vir9s5ez.dll
c:\windows\5287hackz9ol38f5.exe
c:\windows\5297backdo9r94z.cpl
c:\windows\529av5r2885z.cpl
c:\windows\52z90troj66.cpl
c:\windows\5339virz53.ocx
c:\windows\5367vz9655.bin
c:\windows\5395addwzre2560.dll
c:\windows\539zaddware1379.ocx
c:\windows\53b6spywa9z2938.ocx
c:\windows\5404zddware9780.ocx
c:\windows\5412n5z-a-virus4f9.bin
c:\windows\5479downloader1951z.cpl
c:\windows\5493sz9rs53170.dll
c:\windows\54977zroj21a.bin
c:\windows\54czb9ckdoor2549.exe
c:\windows\54ezaddware16529.dll
c:\windows\552av9r10z2.exe
c:\windows\55359virus38z.dll
c:\windows\553faddwar95459z.bin
c:\windows\553z5not-a-virus89.bin
c:\windows\5549addwz5e859.exe
c:\windows\554ezpyware2291.exe
c:\windows\556zw9r51c3.dll
c:\windows\5572hacktzol159.cpl
c:\windows\5579wzrm7dd.bin
c:\windows\5589sp5mbot10z.ocx
c:\windows\559069roj6ze.bin
c:\windows\5596wzrm561.cpl
c:\windows\559sparsez85.ocx
c:\windows\55a99hief288z.dll
c:\windows\55b7zpyware1970.cpl
c:\windows\55bbspa9sez233.ocx
c:\windows\55c5t95eatz575.cpl
c:\windows\55ethiz51297.cpl
c:\windows\55f59teal1z51.exe
c:\windows\55f7addwzre2950.ocx
c:\windows\55f9addwarez304.cpl
c:\windows\55z0backdoo9239.bin
c:\windows\5619virusz95.exe
c:\windows\5649virzs4e5.bin
c:\windows\5672zt9al1142.dll
c:\windows\569sp9rse248z.exe
c:\windows\56be9zreat2248.bin
c:\windows\56z97spamb9t15b.dll
c:\windows\5737spa5se29z79.exe
c:\windows\5749spa9bzt7dc5.dll
c:\windows\5772b9ckdoor1z425.cpl
c:\windows\5783zir9s7e5.dll
c:\windows\57872n9tza-virus1e.exe
c:\windows\579fs5yware95z2.ocx
c:\windows\57bdb9ckdozr31745.cpl
c:\windows\58298trojz1d.cpl
c:\windows\5856tz9ef1535.dll
c:\windows\5899sparze5965.bin
c:\windows\589sz5mbot49b.cpl
c:\windows\58a0ad9warz2588.exe
c:\windows\58abspyware9z835.ocx
c:\windows\58b5thiez5059.bin
c:\windows\5924thre5t2141z.cpl
c:\windows\592fbac95ozr2330.bin
c:\windows\59415zorm1b9.bin
c:\windows\5943zpars53174.cpl
c:\windows\5952backdoorz55.cpl
c:\windows\5952z5rm989.cpl
c:\windows\5957spy4z2.cpl
c:\windows\59634wzrm4da.cpl
c:\windows\5979sp53bz.bin
c:\windows\597zsparse1650.bin
c:\windows\5989worm579z.cpl
c:\windows\5991s5arse2989z.bin
c:\windows\5992s5yware12z5.bin
c:\windows\5994s5eal154z.bin
c:\windows\5999addwzre5892.cpl
c:\windows\599spywarz555.ocx
c:\windows\59bes5zrse2868.bin
c:\windows\59f8bazkdoor1512.bin
c:\windows\59z57worm1f9.ocx
c:\windows\59z5spyc59.dll
c:\windows\59zathief1095.exe
c:\windows\59zavir573.dll
c:\windows\5a3f5zr2999.bin
c:\windows\5a9eazdware2909.ocx
c:\windows\5b25addwz9e657.ocx
c:\windows\5b50doznl9ader1888.cpl
c:\windows\5c27thzeat393385.dll
c:\windows\5c59bzckdoor30955.ocx
c:\windows\5c5av5931z.cpl
c:\windows\5c5e9zdware5393.exe
c:\windows\5c91sp9rse274z.cpl
c:\windows\5d05backdo9r16z0.bin
c:\windows\5d21t95ef2789z.dll
c:\windows\5d39thzeat6721.exe
c:\windows\5d549ownloa5ez519.dll
c:\windows\5d59downloader473z.ocx
c:\windows\5d5zdown9oader176.dll
c:\windows\5d6e9hiz52225.ocx
c:\windows\5d94bazkd95r2138.bin
c:\windows\5dae5z9kdoor1283.ocx
c:\windows\5e68stez92550.bin
c:\windows\5e6c5pz9se413.ocx
c:\windows\5ecb5pyware99z9.ocx
c:\windows\5f04s9yware32z0.dll
c:\windows\5f95vi929z1.dll
c:\windows\5f9ad9ware22z1.dll
c:\windows\5fb1backdz5r491.cpl
c:\windows\5fc5zhief2119.dll
c:\windows\5z265hrea914159.dll
c:\windows\5z28w9rm722.ocx
c:\windows\5z48virus2359.cpl
c:\windows\5z54thr5at12966.dll
c:\windows\5z91w5rm47f.exe
c:\windows\5z9py7b0.exe
c:\windows\5ze4spy5are906.exe
c:\windows\605cspazse1559.exe
c:\windows\608dbazk5oor9717.bin
c:\windows\609dthiz51540.dll
c:\windows\6144spyw9ze5906.cpl
c:\windows\6185sp9ware16z0.exe
c:\windows\6225worz589.ocx
c:\windows\63959orm786z.dll
c:\windows\63z9h5cktool5369.dll
c:\windows\642zvi59422.dll
c:\windows\6475v95uz83.bin
c:\windows\649ctzrea531338.bin
c:\windows\64f9addwzre2265.dll
c:\windows\650dd9wnloazer225.dll
c:\windows\655bsza9se396.ocx
c:\windows\6569steaz1555.cpl
c:\windows\659azhr9at21824.exe
c:\windows\65zcthie916.bin
c:\windows\662espywzr52193.dll
c:\windows\6653viz905.cpl
c:\windows\66b8thze5t96598.exe
c:\windows\67579roz797.cpl
c:\windows\675fz5reat145089.exe
c:\windows\6777hacktoolz95.cpl
c:\windows\68c195arse9z5.ocx
c:\windows\68cdv5rz9459.ocx
c:\windows\68dzthreat515909.exe
c:\windows\691bd9wnlo5derz691.exe
c:\windows\694fadd9zre5236.ocx
c:\windows\6966vi59509z.ocx
c:\windows\6995spars51z69.ocx
c:\windows\69c5thzef390.bin
c:\windows\69czst5al1791.bin
c:\windows\69eazpy5are331.ocx
c:\windows\69zst5al34.dll
c:\windows\6a56downz9ader1384.dll
c:\windows\6a65downl5a9er163z.bin
c:\windows\6a9azdwar91543.exe
c:\windows\6c9659dwaze3049.dll
c:\windows\6db5th9zat99025.cpl
c:\windows\6ee3stea59386z.dll
c:\windows\6f2cs59rse6z3.bin
c:\windows\6f9zaddware995.cpl
c:\windows\6fa9thr5at2131z.cpl
c:\windows\6fadaddwa9523z4.ocx
c:\windows\6z42s5arse9992.ocx
c:\windows\6zed9wnloader5184.bin
c:\windows\7031hac9t5ol6a9z.bin
c:\windows\70da5z9al965.bin
c:\windows\70de5aczdoor692.cpl
c:\windows\70z5spa5bot96c.dll
c:\windows\7111ha9ztool575.ocx
c:\windows\71a5az9ware548.bin
c:\windows\71cth9eat1z506.ocx
c:\windows\7259thre951536z.dll
c:\windows\7292worm459z.ocx
c:\windows\729bstezl995.ocx
c:\windows\72bzspywar92315.bin
c:\windows\73259ir2973z.exe
c:\windows\7344hz5k9ool65b.bin
c:\windows\73959acktozl379.dll
c:\windows\73bcthief19z5.cpl
c:\windows\74b8downlza5er1490.bin
c:\windows\7518azdware9379.bin
c:\windows\7529hacktzolf7.ocx
c:\windows\752spz99.exe
c:\windows\75c5add9are1z58.bin
c:\windows\7659zir879.cpl
c:\windows\76af9pywzr5674.dll
c:\windows\76z5sp9551.cpl
c:\windows\7702backd5o944z.dll
c:\windows\7765t9rezt316925.exe
c:\windows\779espy5are7z5.ocx
c:\windows\77z9backdoor27205.cpl
c:\windows\782zth5ef3291.cpl
c:\windows\7889spyz54.dll
c:\windows\78dzdownloade524739.ocx
c:\windows\78zst9al1158.bin
c:\windows\793ad9wa5e304z.dll
c:\windows\794este5l2619z.cpl
c:\windows\796fb9ckdooz6955.dll
c:\windows\7980z5cktool2119.ocx
c:\windows\7998szamb5t4a0.exe
c:\windows\79zt5oj34e.exe
c:\windows\7a01th9ef2845z.bin
c:\windows\7ab4steal1z95.cpl
c:\windows\7b3zhi9f1557.dll
c:\windows\7b59addwzre563.exe
c:\windows\7bz5d9wnloader854.exe
c:\windows\7c7espyzare22759.cpl
c:\windows\7cd3th9zf905.exe
c:\windows\7cd5backdzor956.cpl
c:\windows\7d61tzreat310529.exe
c:\windows\7dadthz9a510709.bin
c:\windows\7dez9ir20125.bin
c:\windows\7e2spzw5re901.dll
c:\windows\7f86sparsz21945.cpl
c:\windows\7f8d9pywz5e32.cpl
c:\windows\7f9e9zeal1552.dll
c:\windows\7z29th5ef125.dll
c:\windows\7ze9steal1509.bin
c:\windows\8154zpa9bot65a.ocx
c:\windows\8193zr5955b.dll
c:\windows\8517s9ambotdz5.dll
c:\windows\8651not-a-v9zus6af.cpl
c:\windows\869ha9ktool4z5.ocx
c:\windows\88z5spy197.exe
c:\windows\8964v5zus395.cpl
c:\windows\898sp56ccz.cpl
c:\windows\89d5hrz9t9253.cpl
c:\windows\8b4spy5z9e2652.cpl
c:\windows\90053spamb5t4bez.exe
c:\windows\9050wzrm39.bin
c:\windows\9063hackt5olz4d9.bin
c:\windows\9155zspy74e.exe
c:\windows\9178hack9ool250z.exe
c:\windows\91fbv5r1453z.exe
c:\windows\92218wor54z6.exe
c:\windows\92270wozm45e.dll
c:\windows\92329irus5dbz.ocx
c:\windows\9248zorm1665.cpl
c:\windows\9261thief572z.ocx
c:\windows\92627virus5az.bin
c:\windows\9269s5amboz685.ocx
c:\windows\93140not5a-vzrus1bf.cpl
c:\windows\9352zteal2545.ocx
c:\windows\938z5ir1251.bin
c:\windows\94519o5m7z7.bin
c:\windows\9455wo5m90az.cpl
c:\windows\952zparse77.exe
c:\windows\953csteal2z1.cpl
c:\windows\95673noz-a-v5rus1c5.cpl
c:\windows\9576spam9oz25d.ocx
c:\windows\95821s5y5fz.dll
c:\windows\9595steal52z2.ocx
c:\windows\95bzspa5se465.exe
c:\windows\95z52worm672.dll
c:\windows\95z66virus7ed.bin
c:\windows\9611zp95bot87.bin
c:\windows\9657sp5mbot37z.exe
c:\windows\965spa9se1z18.cpl
c:\windows\96900trojcz5.exe
c:\windows\96d9virz359.cpl
c:\windows\96ddownzoader5924.bin
c:\windows\96espyw5re9294z.bin
c:\windows\970spyware33z5.dll
c:\windows\9715vir119z.bin
c:\windows\97597troj5dz.exe
c:\windows\97e15teal96z.cpl
c:\windows\9851vzrus68e.exe
c:\windows\9888spzmbo553e.bin
c:\windows\988zv5r4.dll
c:\windows\9919wor91ze5.cpl
c:\windows\994spa5sz2575.ocx
c:\windows\9952viz894.dll
c:\windows\9953spamzot715.bin
c:\windows\9966zot5a-virus438.bin
c:\windows\999caddza5e651.dll
c:\windows\999troj5z4.ocx
c:\windows\99azsparse1597.dll
c:\windows\99zs59al1828.exe
c:\windows\9acthreat5z623.cpl
c:\windows\9adasteal30z15.ocx
c:\windows\9azds5arse2635.bin
c:\windows\9b79threzt30755.exe
c:\windows\9c6spy5arz1021.dll
c:\windows\9db45hreat3z898.ocx
c:\windows\9e58stzal6825.dll
c:\windows\9e67szywa5e2412.exe
c:\windows\9f61steal556z.bin
c:\windows\9fa7spyw5rez514.ocx
c:\windows\9z147vir5s77f.ocx
c:\windows\9z228v5rus2b1.dll
c:\windows\9z9evir29135.cpl
c:\windows\9zabac5d9or2079.bin
c:\windows\9zd7backdoor550.dll
c:\windows\a88th9ef5z45.cpl
c:\windows\acdz9r2755.bin
c:\windows\affbz95door2599.dll
c:\windows\b85sparse96z8.dll
c:\windows\bb4threa5z9198.cpl
c:\windows\c0fadzware9950.bin
c:\windows\c9aspa5sez8.cpl
c:\windows\d1cszeal96145.exe
c:\windows\d99zd5ware1303.cpl
c:\windows\db5th9zf3112.bin
c:\windows\e06ztea51169.exe
c:\windows\e51zt5a91721.dll
c:\windows\e79zir9558.exe
c:\windows\ee7virz695.exe
c:\windows\f29zywa5e2253.bin
c:\windows\f8dthze9t303675.cpl
c:\windows\Installer\941d9f6.msi
c:\windows\system\AVIFILE.DLL
c:\windows\system\COMMDLG.DLL
c:\windows\system\KEYBOARD.DRV
c:\windows\system\MCISEQ.DRV
c:\windows\system\MCIWAVE.DRV
c:\windows\system\MMSYSTEM.DLL
c:\windows\system\MSVIDEO.DLL
c:\windows\system\OLECLI.DLL
c:\windows\system\OLESVR.DLL
c:\windows\system\SHELL.DLL
c:\windows\system\SOUND.DRV
c:\windows\system\SYSTEM.DRV
c:\windows\system\TAPI.DLL
c:\windows\system\TIMER.DRV
c:\windows\system\VGA.DRV
c:\windows\system\WFWNET.DRV
c:\windows\system\WINSPOOL.DRV
c:\windows\system32\101trz5849.cpl
c:\windows\system32\10845z9rm1d1.ocx
c:\windows\system32\10905tro552z9.exe
c:\windows\system32\11639zre5t20664.bin
c:\windows\system32\11693hackt5ol12z.dll
c:\windows\system32\1194addwa5e239z.dll
c:\windows\system32\11z4vir25959.bin
c:\windows\system32\11z93not-9-virus757.cpl
c:\windows\system32\11z9backdoor1575.ocx
c:\windows\system32\1246vizus15b9.dll
c:\windows\system32\12557spam9ot53z.ocx
c:\windows\system32\12839teal33z5.dll
c:\windows\system32\1295not-z-virus19d9.cpl
c:\windows\system32\12z06h9ckto5l441.cpl
c:\windows\system32\12zfspyw9re9995.ocx
c:\windows\system32\13169not-a-5irus54z.ocx
c:\windows\system32\13204not-a-ziru9556.bin
c:\windows\system32\1365z9irus7e9.exe
c:\windows\system32\1366695rus7cz.dll
c:\windows\system32\13677z9oj2df5.bin
c:\windows\system32\1373addzare5319.dll
c:\windows\system32\13871z9oj519.exe
c:\windows\system32\13919s95mboz69f.cpl
c:\windows\system32\1395steal519z.exe
c:\windows\system32\139avzr15879.ocx
c:\windows\system32\13ddt9zeat9582.ocx
c:\windows\system32\14238hackto5z77f9.dll
c:\windows\system32\1435spambzt54c9.dll
c:\windows\system32\1451threzt1493.bin
c:\windows\system32\1452zownl9a5er3141.ocx
c:\windows\system32\14680vir9z55.cpl
c:\windows\system32\14z13s9y495.exe
c:\windows\system32\14z14tro59b7.cpl
c:\windows\system32\14zfsparse1915.bin
c:\windows\system32\15065ow9loadzr2600.bin
c:\windows\system32\15147not-z5viru9447.cpl
c:\windows\system32\1523z9acktoola3.exe
c:\windows\system32\15260h5cktozl987.exe
c:\windows\system32\153h5czt9ol486.cpl
c:\windows\system32\15430s9z578.ocx
c:\windows\system32\154945pamboz80.ocx
c:\windows\system32\154z9virusf0.ocx
c:\windows\system32\1559tzief1987.bin
c:\windows\system32\156589oz-a-virus632.bin
c:\windows\system32\15892spamboz799.bin
c:\windows\system32\158z1not-a-v5r9s5bd.dll
c:\windows\system32\15904not-z-virus5539.cpl
c:\windows\system32\15943spyza.exe
c:\windows\system32\159zspars51489.cpl
c:\windows\system32\15czth9ef2144.cpl
c:\windows\system32\15f09ownloazer2678.ocx
c:\windows\system32\16579sp5mbzt450.dll
c:\windows\system32\165z4s5959.dll
c:\windows\system32\16694zo9m5ae.bin
c:\windows\system32\16a8downlo5de950z.ocx
c:\windows\system32\16z52ha9kto5l5bf.dll
c:\windows\system32\1744tzi5f21259.dll
c:\windows\system32\1749zwor5469.dll
c:\windows\system32\17505spamzo55909.cpl
c:\windows\system32\1754spa59ez35.dll
c:\windows\system32\177fthrezt209965.dll
c:\windows\system32\17891spambo52z5.ocx
c:\windows\system32\178zthief5579.bin
c:\windows\system32\17a5thief2z889.bin
c:\windows\system32\17c4zhr9at20555.cpl
c:\windows\system32\17e7doznloade92165.dll
c:\windows\system32\17z39troj435.dll
c:\windows\system32\17z6195y5df.bin
c:\windows\system32\18267z9oj560.cpl
c:\windows\system32\1829z59y602.bin
c:\windows\system32\183495zcktool26.dll
c:\windows\system32\18459not-a-zirus32f.cpl
c:\windows\system32\1859bzckdoor2791.ocx
c:\windows\system32\1859virus53z9.exe
c:\windows\system32\18899troj5d5z.dll
c:\windows\system32\18958zot-a-virus419.dll
c:\windows\system32\18d6v5rz99.exe
c:\windows\system32\19007h9ckto5l437z.cpl
c:\windows\system32\190185ot-a-virusz2e.ocx
c:\windows\system32\1906not-z-virus6105.bin
c:\windows\system32\19143noz-5-virus5c5.cpl
c:\windows\system32\1915add9arez968.bin
c:\windows\system32\19161ha5ktooz9e9.exe
c:\windows\system32\19259virus31z.ocx
c:\windows\system32\192z2spambo5299.bin
c:\windows\system32\1957not-a59iruzc.cpl
c:\windows\system32\19619n5t-z-virus2cf.exe
c:\windows\system32\199z5parse509.ocx
c:\windows\system32\19d3thze9518851.dll
c:\windows\system32\19d5spyware3z9.dll
c:\windows\system32\19z34not-a-v5rus13.ocx
c:\windows\system32\19z38hackt5ol1439.dll
c:\windows\system32\19z645ackto9l2f4.cpl
c:\windows\system32\1a9bzck59or557.bin
c:\windows\system32\1c2z5ir10989.cpl
c:\windows\system32\1c5adownlo9zer1554.exe
c:\windows\system32\1c60threa9z9554.ocx
c:\windows\system32\1ce5s9yzare5564.bin
c:\windows\system32\1ecftz95f270.dll
c:\windows\system32\1ez9spywa5e3265.exe
c:\windows\system32\1f3dzackdo9r2452.dll
c:\windows\system32\1f49z5dware214.bin
c:\windows\system32\1fza5ackdoor559.bin
c:\windows\system32\1fzthreat25929.dll
c:\windows\system32\1z00ba9kdoor153.ocx
c:\windows\system32\1z149vir9s7475.cpl
c:\windows\system32\1z155spam9ot15.bin
c:\windows\system32\1z29hack5oolf3.ocx
c:\windows\system32\1z2f5hre9t3137.dll
c:\windows\system32\1z353s95e0.dll
c:\windows\system32\1z458hackto9lea.ocx
c:\windows\system32\21089wo9575z.dll
c:\windows\system32\22542t9zj7ba5.exe
c:\windows\system32\29196troj565z.dll
c:\windows\system32\2944troz2775.exe
c:\windows\system32\29536wzrm342.dll
c:\windows\system32\295zaddwar519.dll
c:\windows\system32\2z538spa9bot5e4.dll
c:\windows\system32\2z957sp53fd9.dll
c:\windows\system32\30275ziru92e5.bin
c:\windows\system32\31179h59ktool5z9.exe
c:\windows\system32\3492backdzo5936.bin
c:\windows\system32\3591bz9kdoor364.exe
c:\windows\system32\3845ba5kdozr2739.dll
c:\windows\system32\3f28d5wnlzader9494.dll
c:\windows\system32\3z347v5rus3999.dll
c:\windows\system32\4014zirus59c.bin
c:\windows\system32\4a5f9hrezt11888.bin
c:\windows\system32\5455azdware9908.exe
c:\windows\system32\5469spamzo95a5.exe
c:\windows\system32\55590sp9z99.exe
c:\windows\system32\5591s5eaz9905.exe
c:\windows\system32\5946sparsz54969.bin
c:\windows\system32\5fa1sp9rze1255.bin
c:\windows\system32\6012downloade5z499.exe
c:\windows\system32\63235hze9t3720.bin
c:\windows\system32\6531dzwnl5ader29559.dll
c:\windows\system32\67zda5dw9re2802.dll
c:\windows\system32\6905hacktzol98a.bin
c:\windows\system32\6e5bvir931z.exe
c:\windows\system32\6zfd9i5569.exe
c:\windows\system32\704zsparse295.bin
c:\windows\system32\70e9back5o9r1111z.exe
c:\windows\system32\76bczown9oade51766.exe
c:\windows\system32\7985ste9l8z5.exe
c:\windows\system32\7z03vir1965.dll
c:\windows\system32\8649not-a-vizus756.bin
c:\windows\system32\8950hackt9oz49e.dll
c:\windows\system32\89559roj332z.bin
c:\windows\system32\92589za5bot7e3.exe
c:\windows\system32\9447s5eaz2649.dll
c:\windows\system32\9589vz9us444.bin
c:\windows\system32\99baddware1z745.bin
c:\windows\system32\9ddsteal955z.dll
c:\windows\system32\9z653spy3b5.dll
c:\windows\system32\9z96hack5oo913f.dll
c:\windows\system32\config\systemprofile\Local Settings\Application Data\clkw.exe
c:\windows\system32\config\systemprofile\Local Settings\Application Data\minisvr4.exe
c:\windows\system32\config\systemprofile\Local Settings\Application Data\part.exe
c:\windows\system32\config\systemprofile\Local Settings\Application Data\websvr.exe
c:\windows\system32\config\systemprofile\Local Settings\Application Data\zchMiB.exe
c:\windows\system32\drivers\ESQULqgrufyrcpykxxtexdtakytiwmtmtvpxj.sys
c:\windows\system32\drivers\gxvxcksiqqfasftjcbrrnshxweefyxusibpxo.sys.vir
c:\windows\system32\drivers\gxvxcmnvpyatnktawujxmpcbfjxvaaemusine.sys
c:\windows\system32\drivers\ntndis.exe
c:\windows\system32\drivers\ovfsthtcmqpqxnmsbfnpumotewmotivkixripl.sys.vir
c:\windows\system32\ef2t9rza531939.exe
c:\windows\system32\ESQULeaunmiubyubalqudaskucajneaxdoxrl.dll
c:\windows\system32\ESQULeylvnaotornosjwcjlmexjhyiuuypcnx.dll
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxckwdivxfvnmflqjydspvpukkbdwbnydvv.dll
c:\windows\system32\kqsat5bw.exe
c:\windows\system32\mssfc.dll
c:\windows\system32\SelfDel.bat
c:\windows\system32\sfcfiles.dat
c:\windows\system32\uniq.tll
c:\windows\system32\Winset20.exe
c:\windows\system32\z13985irus89.dll
c:\windows\system32\z801downloa5e9366.dll
c:\windows\system32\z95ebackdoo92963.bin
c:\windows\system32\zb01addwa591211.exe
c:\windows\system32\zcaa9ddwa5e1226.dll
c:\windows\uwaborovomasiv.dll
c:\windows\z01vir9s51d.cpl
c:\windows\z0366s59518.dll
c:\windows\z049wor55c2.exe
c:\windows\z1053s9y5e5.ocx
c:\windows\z1135viru9375.ocx
c:\windows\z199sp5rse1274.dll
c:\windows\z1f9s5eal9383.exe
c:\windows\z20195ief2225.exe
c:\windows\z24545pam9ot65.ocx
c:\windows\z2549virus39d5.ocx
c:\windows\z2752t9oj66c.ocx
c:\windows\z277sp9526.bin
c:\windows\z2975spam5ot62a.dll
c:\windows\z345ackdo9r2723.ocx
c:\windows\z3590t5oj536.dll
c:\windows\z4019spambot705.exe
c:\windows\z457virus21e9.cpl
c:\windows\z465s9arse1284.ocx
c:\windows\z479vir925.bin
c:\windows\z496sp5rs91483.bin
c:\windows\z5376vi9u583.cpl
c:\windows\z554vir2902.cpl
c:\windows\z55spy60e9.bin
c:\windows\z5609troj98.bin
c:\windows\z595backdoor236.dll
c:\windows\z599steal394.bin
c:\windows\z6085p9rse3086.ocx
c:\windows\z6097virus757.exe
c:\windows\z6425spy5559.bin
c:\windows\z728s9arse1858.bin
c:\windows\z7425spy3ac9.cpl
c:\windows\z7949troj465.dll
c:\windows\z7b9stea5492.ocx
c:\windows\z893vir1157.cpl
c:\windows\z90255ot-a-v9rus498.exe
c:\windows\z919back9oo52279.cpl
c:\windows\z950virus60c.bin
c:\windows\z9885hief1319.bin
c:\windows\z9ddt9ief5823.cpl
c:\windows\zb945pyware9740.ocx
c:\windows\zb9dspyw95e2274.bin
c:\windows\zc95steal2290.ocx
c:\windows\zd09thief550.ocx
c:\windows\zd65ddw9re94.bin
c:\windows\zd9bth5eat7419.bin
c:\windows\ze0at9r5at30455.exe
C:\xcrashdump.dat
D:\install.exe

Infected copy of c:\windows\system32\sfcfiles.dll was found and disinfected
Restored copy from - c:\windows\system32\dllcache\sfcfiles.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS
-------\Service_ESQULserv.sys
-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService
-------\Service_ESQULserv.sys
-------\Service_gxvxcserv.sys


((((((((((((((((((((((((( Files Created from 2009-08-04 to 2009-09-04 )))))))))))))))))))))))))))))))
.

2009-12-28 16:23 . 2009-12-28 16:23 4904 ----a-w- c:\windows\system32\1z53v592193.bin
2009-12-26 21:22 . 2009-12-26 21:22 7966 ----a-w- c:\windows\system32\6ceaspzware549.dll
2009-12-25 07:11 . 2009-12-25 07:11 3152 ----a-w- c:\windows\system32\z2452worm7985.dll
2009-12-03 07:08 . 2009-12-03 07:08 7744 ----a-w- c:\windows\system32\23214noz9a-vir5s3be.exe
2009-12-01 03:29 . 2009-12-01 03:29 7759 ----a-w- c:\windows\system32\6f0cvir9555z.dll
2009-11-23 15:00 . 2009-11-23 15:00 3510 ----a-w- c:\windows\system32\9a50sparsz1443.bin
2009-11-03 19:35 . 2009-11-03 19:35 8071 ----a-w- c:\windows\system32\9cf5hrzat5552.dll
2009-10-27 01:21 . 2009-10-27 01:21 6503 ----a-w- c:\windows\system32\589zsteal5389.exe
2009-10-26 18:00 . 2009-10-26 18:00 9671 ----a-w- c:\windows\system32\4c5a9ackdooz1618.dll
2009-10-19 14:46 . 2009-10-19 14:46 7786 ----a-w- c:\windows\system32\27454spamzot5095.bin
2009-10-14 07:28 . 2009-10-14 07:28 5541 ----a-w- c:\windows\system32\2143spzr5e197.bin
2009-10-13 15:21 . 2009-10-13 15:21 3761 ----a-w- c:\windows\system32\25c3vir1940z.bin
2009-10-07 00:43 . 2009-10-07 00:43 8488 ----a-w- c:\windows\system32\521spywar9z053.dll
2009-09-25 23:17 . 2009-09-25 23:17 6246 ----a-w- c:\windows\system32\8434n95-a-zirus4f2.exe
2009-09-21 00:53 . 2009-09-21 00:53 3802 ----a-w- c:\windows\system32\2365vzrus9cf.dll
2009-09-20 13:36 . 2009-09-20 13:36 4066 ----a-w- c:\windows\system32\7z29viru5175.bin
2009-09-15 10:40 . 2009-09-15 10:40 6292 ----a-w- c:\windows\system32\29591troj5zf.dll
2009-09-04 01:18 . 2009-09-04 01:18 9453 ----a-w- c:\windows\system32\2a00adz9are5633.dll
2009-09-03 05:07 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-03 05:07 . 2009-09-03 06:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-03 05:07 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-02 00:06 . 2009-09-02 00:06 9860 ----a-w- c:\windows\system32\7ddfstza95788.dll
2009-09-01 01:39 . 2009-09-01 01:39 -------- d-----w- c:\windows\Sun
2009-08-27 09:59 . 2009-08-27 09:59 -------- d-----w- c:\docume~1\Owner\APPLIC~1\FreeCap
2009-08-27 08:27 . 2009-09-02 01:58 -------- d-----w- c:\program files\LiveSpy
2009-08-27 08:25 . 2009-08-27 08:25 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-27 08:24 . 2009-08-27 08:24 -------- d-----w- c:\program files\Java
2009-08-27 08:09 . 2009-08-27 08:09 -------- d-----w- c:\program files\My IP Address
2009-08-26 17:07 . 2009-08-26 17:07 84992 ----a-w- c:\windows\system32\msihost.exe
2009-08-23 01:26 . 2009-08-23 01:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2009-08-23 01:25 . 2009-08-23 01:25 -------- d-----w- c:\documents and settings\Owner\Saved Games
2009-08-23 01:25 . 2009-08-23 01:25 -------- d-----w- c:\documents and settings\All Users\Application Data\FloodLightGames
2009-08-23 01:25 . 2009-08-23 01:25 -------- d-----w- c:\docume~1\Owner\APPLIC~1\FloodLightGames
2009-08-23 01:24 . 2009-08-23 01:24 -------- d-----w- c:\program files\AOL Games
2009-08-19 18:26 . 2009-08-19 18:26 -------- d-----w- c:\program files\Alpha Card Systems
2009-08-19 18:25 . 2009-08-19 18:25 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Downloaded Installations
2009-08-19 17:24 . 2009-08-19 17:24 -------- d-----w- c:\windows\Cache
2009-08-19 16:19 . 2009-08-19 16:19 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2009-08-19 15:38 . 2009-08-27 21:10 -------- d-----w- c:\program files\ZebraDesigner
2009-08-19 15:32 . 2004-08-04 06:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-08-15 14:48 . 2009-08-15 14:48 8482 ----a-w- c:\windows\system32\44cethizf27519.bin
2009-08-09 22:41 . 2009-08-09 22:41 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\LogMeIn
2009-08-09 22:41 . 2009-08-09 22:41 -------- d-----w- c:\documents and settings\All Users\Application Data\LogMeIn
2009-08-09 19:15 . 2009-04-07 19:26 29008 ----a-w- c:\windows\system32\RAport.dll
2009-08-09 19:15 . 2009-04-07 19:27 83312 ----a-w- c:\windows\system32\RARfsClientNP.dll
2009-08-09 19:15 . 2008-09-08 18:43 47528 ----a-w- c:\windows\system32\drivers\RARfsDriver.sys
2009-08-09 19:15 . 2009-04-07 19:26 91472 ----a-w- c:\windows\system32\RAinit.dll
2009-08-09 19:06 . 2009-08-09 19:18 -------- d-----w- c:\program files\Network Console
2009-08-09 07:05 . 2009-08-16 13:14 -------- d-----w- c:\program files\Trivia Machine
2009-08-09 01:00 . 2009-08-09 01:00 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Yahoo
2009-08-09 00:45 . 2009-08-09 00:45 262144 ----a-w- C:\ntuser.dat
2009-08-09 00:45 . 2009-08-09 01:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-08-09 00:45 . 2009-08-09 00:45 -------- d-----w- c:\docume~1\Owner\APPLIC~1\Yahoo!
2009-08-09 00:44 . 2009-08-09 00:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-08-09 00:44 . 2009-08-09 00:45 -------- d-----w- c:\program files\Yahoo!
2009-08-08 15:03 . 2009-08-08 15:03 -------- d-----w- C:\SWSetup

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-03 06:41 . 2009-05-06 02:12 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-03 04:44 . 2009-05-01 05:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot
2009-09-03 04:44 . 2009-05-01 05:43 -------- d-----w- c:\docume~1\Owner\APPLIC~1\Webroot
2009-08-29 01:59 . 2009-03-30 09:51 21488 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-27 21:08 . 2007-05-16 04:33 -------- d-----w- c:\program files\trademanager
2009-08-27 02:31 . 2009-03-30 09:40 138312 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-08-26 17:02 . 2007-05-19 05:38 196608 ----a-w- c:\windows\system32\avisynth.dll
2009-08-26 17:01 . 2007-05-19 05:38 414272 ----a-w- c:\windows\system32\DivXc32f.dll
2009-08-26 17:01 . 2007-05-19 05:38 414272 ----a-w- c:\windows\system32\DivXc32.dll
2009-08-26 17:01 . 2007-05-19 05:38 33280 ----a-w- c:\windows\system32\HUFFYUV.DLL
2009-08-05 11:37 . 2009-08-05 11:37 4914 ----a-w- c:\windows\system32\52a19hiez3875.dll
2009-08-03 16:09 . 2009-08-03 16:09 17816 ----a-w- c:\windows\system32\275549pambotdz.exe
2009-08-02 00:06 . 2009-08-02 00:06 16360 ----a-w- c:\windows\system32\7d36sz59l2466.dll
2009-07-26 23:51 . 2009-07-26 23:51 17234 ----a-w- c:\windows\system32\5e0795ckdzor3128.exe
2009-07-25 20:14 . 2009-07-25 20:14 3425 ----a-w- c:\windows\system32\66f69ddware543z.dll
2009-07-24 21:51 . 2009-07-18 18:32 -------- d-----w- c:\program files\Windows Live Safety Center
2009-07-23 03:48 . 2009-07-23 03:48 10472 ----a-w- c:\windows\system32\224599o5m404z.dll
2009-07-22 13:59 . 2009-07-22 13:59 12841 ----a-w- c:\windows\system32\z6589tro93a7.dll
2009-07-18 11:38 . 2009-07-18 11:38 6592 ----a-w- c:\windows\system32\569azparse2031.dll
2009-07-16 04:31 . 2009-07-16 04:31 5225 ----a-w- c:\windows\system32\20z85spambot58c9.bin
2009-07-15 00:18 . 2009-07-15 00:18 3681 ----a-w- c:\windows\system32\31645a9kdoor1939z.bin
2009-07-14 01:19 . 2009-07-14 01:19 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-11 07:07 . 2009-07-11 07:07 4759 ----a-w- c:\windows\system32\25590tr5j10az.dll
2009-07-10 01:06 . 2009-07-10 01:06 11075 ----a-w- c:\windows\system32\59c45ir21z3.dll
2009-07-05 06:58 . 2009-07-05 06:58 16502 ----a-w- c:\windows\system32\563dzpywar95766.bin
2009-07-04 15:47 . 2009-07-04 15:47 18305 ----a-w- c:\windows\system32\5c49spywarez65.bin
2009-07-03 20:36 . 2009-07-03 20:36 12599 ----a-w- c:\windows\system32\79ae9zea51882.bin
2009-07-02 05:31 . 2009-07-02 05:31 2647 ----a-w- c:\windows\system32\4588th95at1942z.bin
2009-06-27 03:16 . 2009-06-27 03:16 17612 ----a-w- c:\windows\system32\z9cfsparse5699.exe
2009-06-25 11:03 . 2009-06-25 11:03 9762 ----a-w- c:\windows\system32\569dvzr1723.bin
2009-06-23 23:53 . 2009-06-23 23:53 10477 ----a-w- c:\windows\system32\94at5iez9750.dll
2009-06-23 15:02 . 2009-06-23 15:02 6705 ----a-w- c:\windows\system32\z4607vi9us251.dll
2009-06-17 03:18 . 2009-06-17 03:18 7022 ----a-w- c:\windows\system32\315z3worm59d5.bin
2009-06-14 15:16 . 2009-06-14 15:16 8367 ----a-w- c:\windows\system32\5056zhre9t19078.bin
2009-06-14 00:35 . 2009-06-14 00:34 16742799 ----a-w- c:\documents and settings\All Users\Application Data\vlc-0.9.9-win32.exe
2009-06-13 18:47 . 2009-06-13 18:47 4985 ----a-w- c:\windows\system32\456zspy9are944.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\RAinit]
2009-04-07 19:26 91472 ----a-w- c:\windows\system32\RAinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=

R2 DLPORTIO;DLPORTIO;c:\windows\DLPORTIO.sys [5/2/2009 6:13 PM 3584]
R2 RARfsDriver;RemotelyAnywhere Remote File System Driver;c:\windows\system32\drivers\RARfsDriver.sys [8/9/2009 12:15 PM 47528]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [4/30/2009 10:53 PM 1181040]
R3 ramirr;ramirr;c:\windows\system32\drivers\ramirr.sys [9/8/2008 11:41 AM 10168]
S1 869351fc;869351fc;c:\windows\system32\drivers\869351fc.sys [4/18/2009 3:44 AM 0]
S2 RAInfo;RemotelyAnywhere Kernel Information Provider;\??\c:\program files\RemotelyAnywhere\x86\RaInfo.sys --> c:\program files\RemotelyAnywhere\x86\RaInfo.sys [?]
S4 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [4/17/2009 8:29 AM 33176]
S4 RARfsClientNP;RARfsClientNP; [x]
S4 Windows MSI;Windows MSI;\\?\c:\windows\system32\msihost.exe [8/26/2009 10:07 AM 84992]
.
Contents of the 'Scheduled Tasks' folder

2009-08-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-09-04 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-02-09 22:06]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-MyIPAddress - (no file)


.
------- Supplementary Scan -------
.
IE: &Search
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-04 11:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(624)
c:\windows\system32\RAinit.dll

- - - - - - - > 'explorer.exe'(1924)
c:\windows\system32\shdoclc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\devldr32.exe
.
**************************************************************************
.
Completion time: 2009-09-04 11:41 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-04 18:41

Pre-Run: 85,672,497,152 bytes free
Post-Run: 85,956,952,064 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Current=13 Default=13 Failed=12 LastKnownGood=14 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14
1154 --- E O F --- 2009-03-31 09:51

Attached Files

  • Attached File  log.txt   45.11KB   1 downloads

Edited by Buckeye_Sam, 04 September 2009 - 02:38 PM.


#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:59 AM

Posted 04 September 2009 - 02:49 PM

Wow, you are heavily infected!

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

Driver::
Windows MSI
869351fc

File::
c:\windows\system32\msihost.exe
c:\windows\system32\1z53v592193.bin
c:\windows\system32\20z85spambot58c9.bin
c:\windows\system32\2143spzr5e197.bin
c:\windows\system32\224599o5m404z.dll
c:\windows\system32\23214noz9a-vir5s3be.exe
c:\windows\system32\2365vzrus9cf.dll
c:\windows\system32\25590tr5j10az.dll
c:\windows\system32\25c3vir1940z.bin
c:\windows\system32\27454spamzot5095.bin
c:\windows\system32\275549pambotdz.exe
c:\windows\system32\29591troj5zf.dll
c:\windows\system32\2a00adz9are5633.dll
c:\windows\system32\315z3worm59d5.bin
c:\windows\system32\31645a9kdoor1939z.bin
c:\windows\system32\44cethizf27519.bin
c:\windows\system32\456zspy9are944.exe
c:\windows\system32\4588th95at1942z.bin
c:\windows\system32\4c5a9ackdooz1618.dll
c:\windows\system32\5056zhre9t19078.bin
c:\windows\system32\521spywar9z053.dll
c:\windows\system32\52a19hiez3875.dll
c:\windows\system32\563dzpywar95766.bin
c:\windows\system32\569azparse2031.dll
c:\windows\system32\569dvzr1723.bin
c:\windows\system32\589zsteal5389.exe
c:\windows\system32\59c45ir21z3.dll
c:\windows\system32\5c49spywarez65.bin
c:\windows\system32\5e0795ckdzor3128.exe
c:\windows\system32\66f69ddware543z.dll
c:\windows\system32\6ceaspzware549.dll
c:\windows\system32\6f0cvir9555z.dll
c:\windows\system32\79ae9zea51882.bin
c:\windows\system32\7d36sz59l2466.dll
c:\windows\system32\7ddfstza95788.dll
c:\windows\system32\7z29viru5175.bin
c:\windows\system32\8434n95-a-zirus4f2.exe
c:\windows\system32\94at5iez9750.dll
c:\windows\system32\9a50sparsz1443.bin
c:\windows\system32\9cf5hrzat5552.dll
c:\windows\system32\msihost.exe
c:\windows\system32\z2452worm7985.dll
c:\windows\system32\z4607vi9us251.dll
c:\windows\system32\z6589tro93a7.dll
c:\windows\system32\z9cfsparse5699.exe


RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
Prior to running Combofix.exe you should disable your antivirus program.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 cardoctorlv31

cardoctorlv31
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 04 September 2009 - 04:54 PM

ok did as directed attaching log . thank you for your help !!!

ComboFix 09-09-03.02 - Owner 09/04/2009 14:28.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.704 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: Webroot Internet Security Essentials *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}

FILE ::
"c:\windows\system32\1z53v592193.bin"
"c:\windows\system32\20z85spambot58c9.bin"
"c:\windows\system32\2143spzr5e197.bin"
"c:\windows\system32\224599o5m404z.dll"
"c:\windows\system32\23214noz9a-vir5s3be.exe"
"c:\windows\system32\2365vzrus9cf.dll"
"c:\windows\system32\25590tr5j10az.dll"
"c:\windows\system32\25c3vir1940z.bin"
"c:\windows\system32\27454spamzot5095.bin"
"c:\windows\system32\275549pambotdz.exe"
"c:\windows\system32\29591troj5zf.dll"
"c:\windows\system32\2a00adz9are5633.dll"
"c:\windows\system32\315z3worm59d5.bin"
"c:\windows\system32\31645a9kdoor1939z.bin"
"c:\windows\system32\44cethizf27519.bin"
"c:\windows\system32\456zspy9are944.exe"
"c:\windows\system32\4588th95at1942z.bin"
"c:\windows\system32\4c5a9ackdooz1618.dll"
"c:\windows\system32\5056zhre9t19078.bin"
"c:\windows\system32\521spywar9z053.dll"
"c:\windows\system32\52a19hiez3875.dll"
"c:\windows\system32\563dzpywar95766.bin"
"c:\windows\system32\569azparse2031.dll"
"c:\windows\system32\569dvzr1723.bin"
"c:\windows\system32\589zsteal5389.exe"
"c:\windows\system32\59c45ir21z3.dll"
"c:\windows\system32\5c49spywarez65.bin"
"c:\windows\system32\5e0795ckdzor3128.exe"
"c:\windows\system32\66f69ddware543z.dll"
"c:\windows\system32\6ceaspzware549.dll"
"c:\windows\system32\6f0cvir9555z.dll"
"c:\windows\system32\79ae9zea51882.bin"
"c:\windows\system32\7d36sz59l2466.dll"
"c:\windows\system32\7ddfstza95788.dll"
"c:\windows\system32\7z29viru5175.bin"
"c:\windows\system32\8434n95-a-zirus4f2.exe"
"c:\windows\system32\94at5iez9750.dll"
"c:\windows\system32\9a50sparsz1443.bin"
"c:\windows\system32\9cf5hrzat5552.dll"
"c:\windows\system32\msihost.exe"
"c:\windows\system32\z2452worm7985.dll"
"c:\windows\system32\z4607vi9us251.dll"
"c:\windows\system32\z6589tro93a7.dll"
"c:\windows\system32\z9cfsparse5699.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\1z53v592193.bin
c:\windows\system32\1z55sp95se875.exe
c:\windows\system32\1z9145orm702.dll
c:\windows\system32\1z96559rus2bf.dll
c:\windows\system32\1zd0threat50429.dll
c:\windows\system32\200395zoj4ed.exe
c:\windows\system32\20537zacktool9b05.exe
c:\windows\system32\205485ac9tool3z9.bin
c:\windows\system32\20592vir5z4f4.cpl
c:\windows\system32\20599zorm13.ocx
c:\windows\system32\207z45iru9409.dll
c:\windows\system32\208fdow9loade5z487.exe
c:\windows\system32\20900spam5ot41fz.ocx
c:\windows\system32\209z9spa5bot6a3.ocx
c:\windows\system32\20z17w95m59f.cpl
c:\windows\system32\20z85spambot58c9.bin
c:\windows\system32\21259w5rz6d9.dll
c:\windows\system32\212abazkd9o51312.ocx
c:\windows\system32\21307w59m4cz.bin
c:\windows\system32\2131hz5kt9ol167.bin
c:\windows\system32\2143spzr5e197.bin
c:\windows\system32\216225pazb9t689.ocx
c:\windows\system32\21655sza5b9t89.ocx
c:\windows\system32\21689spz539.bin
c:\windows\system32\21795zp5923.ocx
c:\windows\system32\21bfdz9nloader285.dll
c:\windows\system32\22185notza-9irus2cc.ocx
c:\windows\system32\22435hackto5z7699.dll
c:\windows\system32\224599o5m404z.dll
c:\windows\system32\229z4hackt5ol330.ocx
c:\windows\system32\22b3zpywar59884.dll
c:\windows\system32\22dabac5door1957z.exe
c:\windows\system32\22z9s5ywar91465.cpl
c:\windows\system32\23005szambot9be5.ocx
c:\windows\system32\23214noz9a-vir5s3be.exe
c:\windows\system32\23257hack9oolz69.dll
c:\windows\system32\233worm15z9.cpl
c:\windows\system32\23490vzr5s48b.bin
c:\windows\system32\2365vzrus9cf.dll
c:\windows\system32\239cbazkdo5r962.ocx
c:\windows\system32\23z05virus90c.exe
c:\windows\system32\2400zw9r529c.cpl
c:\windows\system32\240835zrm491.exe
c:\windows\system32\24132wo5922z.dll
c:\windows\system32\24166viru93az5.cpl
c:\windows\system32\24466spambot6z59.ocx
c:\windows\system32\245719acktozl67f.dll
c:\windows\system32\24752t59z1d7.dll
c:\windows\system32\2486zno9-5-virus4ee.exe
c:\windows\system32\24952worz33.cpl
c:\windows\system32\24955spy2z49.cpl
c:\windows\system32\24z5threa917360.ocx
c:\windows\system32\25023spam5o9z57.dll
c:\windows\system32\25225zpa5bo944c.cpl
c:\windows\system32\252735roj5az9.exe
c:\windows\system32\253529orm7zd.exe
c:\windows\system32\2539downzoader10675.bin
c:\windows\system32\25459spyzea.dll
c:\windows\system32\254es9arse156z.ocx
c:\windows\system32\25520not-a-viru953z.exe
c:\windows\system32\2554995z224.ocx
c:\windows\system32\2556ad9warz101.bin
c:\windows\system32\25590tr5j10az.dll
c:\windows\system32\25714z95108.ocx
c:\windows\system32\258ds5ar9ez87.bin
c:\windows\system32\25905zorm725.ocx
c:\windows\system32\25949virus18z.dll
c:\windows\system32\25c3vir1940z.bin
c:\windows\system32\25z15hacktool5295.bin
c:\windows\system32\25z4959oj5eb.bin
c:\windows\system32\25zbaddwa5e595.dll
c:\windows\system32\26034noz-a-v9rus4095.cpl
c:\windows\system32\261855pzmbot495.exe
c:\windows\system32\262zs5919f.cpl
c:\windows\system32\263105o9m16z.dll
c:\windows\system32\26356hacktoolz79.ocx
c:\windows\system32\26446not5a-vir9z4c0.dll
c:\windows\system32\26459spy14az.cpl
c:\windows\system32\2658virz5509.ocx
c:\windows\system32\2671559t-azvirus407.cpl
c:\windows\system32\27096zr5j7d6.cpl
c:\windows\system32\27315v9zus577.cpl
c:\windows\system32\273abackdoo5290z.ocx
c:\windows\system32\273s5arze99.exe
c:\windows\system32\27454spamzot5095.bin
c:\windows\system32\275549pambotdz.exe
c:\windows\system32\277bdown5zad9r259.ocx
c:\windows\system32\27zcsparse7985.cpl
c:\windows\system32\28121t5oz6629.cpl
c:\windows\system32\284ft5z9at18627.exe
c:\windows\system32\285dspzrse9646.bin
c:\windows\system32\286759rm5ez.bin
c:\windows\system32\2870azdw5r9353.ocx
c:\windows\system32\28904hzckto5l402.ocx
c:\windows\system32\28z69s5y26b.exe
c:\windows\system32\28z90spamb9t57d.ocx
c:\windows\system32\29155sz9a3.cpl
c:\windows\system32\29185troj3z0.bin
c:\windows\system32\29301szy35.ocx
c:\windows\system32\2940zspy58b5.exe
c:\windows\system32\29488wo5m300z.cpl
c:\windows\system32\29589wo5m32fz.bin
c:\windows\system32\29591troj5zf.dll
c:\windows\system32\295astealz697.ocx
c:\windows\system32\295czir12719.ocx
c:\windows\system32\29632t9zjd35.cpl
c:\windows\system32\29785z59616.cpl
c:\windows\system32\29856szy96b.bin
c:\windows\system32\2989zpyware16465.dll
c:\windows\system32\298z4s595df.cpl
c:\windows\system32\29952wzrm6d.exe
c:\windows\system32\29a5vir2z84.exe
c:\windows\system32\29b4ad5waze728.cpl
c:\windows\system32\29b85iz635.exe
c:\windows\system32\2a00adz9are5633.dll
c:\windows\system32\2b5dzhreat95469.cpl
c:\windows\system32\2cd6spars928z15.ocx
c:\windows\system32\2e07downlo95ez228.bin
c:\windows\system32\2e09tzief159.cpl
c:\windows\system32\2f56adzw9re1290.dll
c:\windows\system32\2f85thief1z94.ocx
c:\windows\system32\2f925ackdoor3z69.exe
c:\windows\system32\2z3755roj55f9.cpl
c:\windows\system32\2z59sparse2657.dll
c:\windows\system32\2z92spyware5247.ocx
c:\windows\system32\2z99virus5195.exe
c:\windows\system32\2zb0downl9ad5r2990.cpl
c:\windows\system32\3043th5eat399z8.exe
c:\windows\system32\3091zvi5us3059.dll
c:\windows\system32\30958nz5-9-virus5ec.cpl
c:\windows\system32\30z85viru5519.ocx
c:\windows\system32\310459zambot7095.ocx
c:\windows\system32\3110z5re9t20111.cpl
c:\windows\system32\312539pambo52z2.dll
c:\windows\system32\31550not-a5virus4z69.exe
c:\windows\system32\315z3worm59d5.bin
c:\windows\system32\31645a9kdoor1939z.bin
c:\windows\system32\318d9ackdooz9475.dll
c:\windows\system32\319hac5tool5z.bin
c:\windows\system32\31z5a9dware1588.ocx
c:\windows\system32\32061s9yze65.cpl
c:\windows\system32\32253z5c9tool377.ocx
c:\windows\system32\32460nzt-a-vi59s25d.dll
c:\windows\system32\32584no5-a-vz9us31b.cpl
c:\windows\system32\325975pambot971z.cpl
c:\windows\system32\32652not-a9virus2fz.bin
c:\windows\system32\32711spambo5390z.cpl
c:\windows\system32\32759spzmbot56.bin
c:\windows\system32\32764z5ck9ool1cf.bin
c:\windows\system32\3298bzck5oor2933.cpl
c:\windows\system32\32999spyzce5.exe
c:\windows\system32\3471bzckdoor5927.exe
c:\windows\system32\351zdown9oader1335.cpl
c:\windows\system32\3545not-a-vizus349.cpl
c:\windows\system32\354bdzwnl5ader9222.ocx
c:\windows\system32\3559bac9door8z2.dll
c:\windows\system32\357s9azse940.bin
c:\windows\system32\35944hack9oolz8c.ocx
c:\windows\system32\35b6vzr5909.ocx
c:\windows\system32\36405pam9oz429.dll
c:\windows\system32\36ccstez51409.bin
c:\windows\system32\36cdadd5are609z.cpl
c:\windows\system32\36f59ownloader23z5.cpl
c:\windows\system32\37349ir16z95.exe
c:\windows\system32\3835zh9eat25072.bin
c:\windows\system32\38f4s5ars9z057.cpl
c:\windows\system32\39059noz-5-virus69f.cpl
c:\windows\system32\39559hacktzol1eb.bin
c:\windows\system32\396zspar5e26309.exe
c:\windows\system32\3992zh5ef774.dll
c:\windows\system32\39d9sza59e2979.dll
c:\windows\system32\39e3zpyw9re2758.cpl
c:\windows\system32\39eadownlo9der357z.ocx
c:\windows\system32\3a7zthief9150.cpl
c:\windows\system32\3af9zd5wa9e2297.cpl
c:\windows\system32\3c96t9reat2z6685.dll
c:\windows\system32\3cffspywarez795.exe
c:\windows\system32\3f69doz5loader3101.cpl
c:\windows\system32\3fazba59door1460.dll
c:\windows\system32\3fcbdownlo9derz345.ocx
c:\windows\system32\3z561spambot6a95.ocx
c:\windows\system32\3z914t5oj42a.cpl
c:\windows\system32\3z9spyware17225.bin
c:\windows\system32\3zb5spyware9882.dll
c:\windows\system32\4075worm9z6.exe
c:\windows\system32\40b2bzckdoo5749.bin
c:\windows\system32\40c0do59loader2z13.ocx
c:\windows\system32\40ed59reaz5206.ocx
c:\windows\system32\4191threatz5454.dll
c:\windows\system32\4199v5r1795z.cpl
c:\windows\system32\419etzie52665.ocx
c:\windows\system32\419f5zeal494.exe
c:\windows\system32\426dspzw95e3261.bin
c:\windows\system32\42b9downloader1565z.bin
c:\windows\system32\43zsteal599.dll
c:\windows\system32\4427st9a5z418.dll
c:\windows\system32\44cethizf27519.bin
c:\windows\system32\4501zparse2995.ocx
c:\windows\system32\453bspa9sez95.ocx
c:\windows\system32\455a9teal322z.ocx
c:\windows\system32\456zspy9are944.exe
c:\windows\system32\457fback5oor1z849.cpl
c:\windows\system32\4588th95at1942z.bin
c:\windows\system32\459zthief618.exe
c:\windows\system32\45a9sparze2643.ocx
c:\windows\system32\45f3thiez2799.cpl
c:\windows\system32\4625thiez1924.bin
c:\windows\system32\462f59arse1644z.exe
c:\windows\system32\4648t9ief507z.ocx
c:\windows\system32\468dba5kdooz976.cpl
c:\windows\system32\4845viz459.ocx
c:\windows\system32\4940sp5z52.dll
c:\windows\system32\4993thzef5989.bin
c:\windows\system32\4994zpa5b9t2d2.bin
c:\windows\system32\49ead5war9z132.cpl
c:\windows\system32\4a4zadd9are20285.cpl
c:\windows\system32\4ab9addzare1558.dll
c:\windows\system32\4c0bthreat1980z5.cpl
c:\windows\system32\4c5a9ackdooz1618.dll
c:\windows\system32\4c9z9pyware275.ocx
c:\windows\system32\4cd25tz9l2056.ocx
c:\windows\system32\4cd9downloadez2519.bin
c:\windows\system32\4d1fzparse5914.exe
c:\windows\system32\4d26s5ywarez799.ocx
c:\windows\system32\4f21th5za924018.ocx
c:\windows\system32\4f5bspar9ez436.exe
c:\windows\system32\4f9ethrezt37145.cpl
c:\windows\system32\5030tr9j6z5.exe
c:\windows\system32\5030vi529z1.exe
c:\windows\system32\5056zhre9t19078.bin
c:\windows\system32\50719v9rzs53b.dll
c:\windows\system32\508spambzt690.bin
c:\windows\system32\50dathi9z158.cpl
c:\windows\system32\50z0thie92035.exe
c:\windows\system32\51149spazbo92e0.cpl
c:\windows\system32\5119spazse9735.exe
c:\windows\system32\5132thrza595854.cpl
c:\windows\system32\5139bzckdoor544.cpl
c:\windows\system32\5154viz9134.bin
c:\windows\system32\517329zambot766.cpl
c:\windows\system32\51809tr9z466.dll
c:\windows\system32\51982spy594z.ocx
c:\windows\system32\519dthreatz9455.exe
c:\windows\system32\521spywar9z053.dll
c:\windows\system32\5235adzw5re1090.dll
c:\windows\system32\524z0worm759.ocx
c:\windows\system32\525z5te9l2932.cpl
c:\windows\system32\527wo9mez.cpl
c:\windows\system32\52a19hiez3875.dll
c:\windows\system32\52adazd9are625.ocx
c:\windows\system32\52czv5r19509.cpl
c:\windows\system32\52ddbac5zo9r3020.dll
c:\windows\system32\5395zro9d9.bin
c:\windows\system32\539doznlo9der1159.bin
c:\windows\system32\53z09o5m531.bin
c:\windows\system32\5422szy6499.ocx
c:\windows\system32\5431bazk5oor3967.bin
c:\windows\system32\54599woz92ab.dll
c:\windows\system32\5459s5ambzt212.dll
c:\windows\system32\5477a9zware854.bin
c:\windows\system32\54979hrea513z21.dll
c:\windows\system32\54f9spyware2z65.bin
c:\windows\system32\5502spambzt379.ocx
c:\windows\system32\5528st9alz054.cpl
c:\windows\system32\5529v5z2905.ocx
c:\windows\system32\5552thief19z9.ocx
c:\windows\system32\5559addwaze45.ocx
c:\windows\system32\555dspy59re168z.dll
c:\windows\system32\555fs9ywarez500.cpl
c:\windows\system32\55635t9ojz6.cpl
c:\windows\system32\5576zs9ambot209.dll
c:\windows\system32\559119orz4c7.bin
c:\windows\system32\5591ztroj106.cpl
c:\windows\system32\55z0s9eal1759.cpl
c:\windows\system32\55z81virus905.ocx
c:\windows\system32\563dzpywar95766.bin
c:\windows\system32\5652dowzload9r3084.bin
c:\windows\system32\5659wzrm253.exe
c:\windows\system32\5695not-azvirus.bin
c:\windows\system32\569azparse2031.dll
c:\windows\system32\569dvzr1723.bin
c:\windows\system32\56z5sparse879.dll
c:\windows\system32\5711virz955d.ocx
c:\windows\system32\5775vz91611.ocx
c:\windows\system32\5791d5wnloade93z5.ocx
c:\windows\system32\579bszarse2092.bin
c:\windows\system32\579dzteal1261.bin
c:\windows\system32\57bvzr21949.bin
c:\windows\system32\57worm9z7.cpl
c:\windows\system32\57z54spambot3789.ocx
c:\windows\system32\57z7s5e9l3091.dll
c:\windows\system32\5832wozm1c9.dll
c:\windows\system32\58651v9rus75z.dll
c:\windows\system32\5885znot-a-vi9us3e6.ocx
c:\windows\system32\589zsteal5389.exe
c:\windows\system32\59029roz4ad.dll
c:\windows\system32\5928virusz959.exe
c:\windows\system32\59473hac9tool56ez.exe
c:\windows\system32\594fbaczdoor1405.exe
c:\windows\system32\5950troj1dz9.ocx
c:\windows\system32\5952hackt5ol3z8.cpl
c:\windows\system32\59559hacktoolz8.cpl
c:\windows\system32\595spz595.ocx
c:\windows\system32\59929szy569.exe
c:\windows\system32\5995vir140z.dll
c:\windows\system32\59azaddware2990.bin
c:\windows\system32\59c45ir21z3.dll
c:\windows\system32\59cevzr1555.exe
c:\windows\system32\59z0steal2956.cpl
c:\windows\system32\5a02spa9se222z.cpl
c:\windows\system32\5a05zhre9t50881.cpl
c:\windows\system32\5a15szeal27969.bin
c:\windows\system32\5af7st9al2306z.bin
c:\windows\system32\5b9d9z5eat5768.dll
c:\windows\system32\5b9fbackdozr1894.exe
c:\windows\system32\5bbs9eaz2329.dll
c:\windows\system32\5c49spywarez65.bin
c:\windows\system32\5c59thzef740.dll
c:\windows\system32\5c6a5parze2899.ocx
c:\windows\system32\5c71thzeat98522.dll
c:\windows\system32\5ca0thr5zt6199.bin
c:\windows\system32\5d5fdoznl5ader1669.cpl
c:\windows\system32\5d89vzr2896.dll
c:\windows\system32\5d959iz676.ocx
c:\windows\system32\5e0795ckdzor3128.exe
c:\windows\system32\5e479iz235.bin
c:\windows\system32\5f01ad5w9re6z.dll
c:\windows\system32\5f02t9iefz95.bin
c:\windows\system32\5f15b5ckdoorz559.bin
c:\windows\system32\5f4spywaze9695.cpl
c:\windows\system32\5z049hackto9l67e.dll
c:\windows\system32\5z19backd5or885.cpl
c:\windows\system32\5z269spy495.bin
c:\windows\system32\5z6s5eal9418.bin
c:\windows\system32\5z99stea51931.dll
c:\windows\system32\5z99vir3036.cpl
c:\windows\system32\5zbdthief293.cpl
c:\windows\system32\5zecthi5f495.bin
c:\windows\system32\5zf09ir2623.ocx
c:\windows\system32\60189ackdoorz525.cpl
c:\windows\system32\6029thief512z.cpl
c:\windows\system32\60d1thie5160z9.cpl
c:\windows\system32\60e4spyware31z59.dll
c:\windows\system32\616atzre5t1910.exe
c:\windows\system32\6192thiez5427.bin
c:\windows\system32\6198szeal1625.ocx
c:\windows\system32\61e1sz5al2229.cpl
c:\windows\system32\61zcvir92195.bin
c:\windows\system32\6270addware95z4.bin
c:\windows\system32\6355thrz592089.exe
c:\windows\system32\639faddware2z25.ocx
c:\windows\system32\63ezdownloade92595.dll
c:\windows\system32\6507doznloader2994.exe
c:\windows\system32\650znot-a-viru52919.dll
c:\windows\system32\6554az9ware1401.ocx
c:\windows\system32\6558stealz904.exe
c:\windows\system32\6562vir591f9z.ocx
c:\windows\system32\6589addw5r931z0.ocx
c:\windows\system32\658z9hreat16274.ocx
c:\windows\system32\65c4backdozr1279.exe
c:\windows\system32\65z9vir696.ocx
c:\windows\system32\6618sp9mbz584.cpl
c:\windows\system32\66f69ddware543z.dll
c:\windows\system32\673zaddwar92415.exe
c:\windows\system32\6792ad5wa9z553.exe
c:\windows\system32\67c8spy5zr9430.exe
c:\windows\system32\67c8spywarez959.ocx
c:\windows\system32\6a94t5ief246z.cpl
c:\windows\system32\6c8cv5r94z6.ocx
c:\windows\system32\6ceaspzware549.dll
c:\windows\system32\6d23tz95at14593.cpl
c:\windows\system32\6d5d5h9ef62z.bin
c:\windows\system32\6f0cvir9555z.dll
c:\windows\system32\6z31addware965.ocx
c:\windows\system32\6z34back9o5r2280.dll
c:\windows\system32\6z70dow9l5ader2854.cpl
c:\windows\system32\6z915ackdoor3216.dll
c:\windows\system32\6z9s5y528.exe
c:\windows\system32\7159sparse99z.dll
c:\windows\system32\725zbackdoor971.ocx
c:\windows\system32\72d2sparse599z.exe
c:\windows\system32\72fa5pzrs91787.ocx
c:\windows\system32\72z3down9o5der595.cpl
c:\windows\system32\7337addzar926225.bin
c:\windows\system32\7479v5rusz39.cpl
c:\windows\system32\7494b5ckdozr1110.bin
c:\windows\system32\756athz5at12935.ocx
c:\windows\system32\756d9ackdooz3245.ocx
c:\windows\system32\7592spy5are1787z.cpl
c:\windows\system32\7597szarse1138.ocx
c:\windows\system32\75d9spyware19z4.exe
c:\windows\system32\75ddadzwa952302.cpl
c:\windows\system32\75f8thie974z5.cpl
c:\windows\system32\75zathie92488.exe
c:\windows\system32\762dow5loader997z.ocx
c:\windows\system32\7657do9nzoader2116.cpl
c:\windows\system32\77a0zpyware2549.dll
c:\windows\system32\7830a9zware2569.cpl
c:\windows\system32\7893st9al24z5.ocx
c:\windows\system32\78f1st9zl3150.dll
c:\windows\system32\78z4threa529190.cpl
c:\windows\system32\7906vi52591z.cpl
c:\windows\system32\7915zp9mbo532.cpl
c:\windows\system32\7963not-a-v5rzs1289.ocx
c:\windows\system32\796ct9zef572.cpl
c:\windows\system32\7972thr9atz529.exe
c:\windows\system32\7991vi5238z.dll
c:\windows\system32\79a8addware8z5.exe
c:\windows\system32\79ae9zea51882.bin
c:\windows\system32\7a35zwnlo9der2279.cpl
c:\windows\system32\7aeathzef9875.dll
c:\windows\system32\7c57t9iez2585.ocx
c:\windows\system32\7ccado9zload5r1412.exe
c:\windows\system32\7d36sz59l2466.dll
c:\windows\system32\7d95downloadez5985.cpl
c:\windows\system32\7ddfstza95788.dll
c:\windows\system32\7e54spywaze2975.bin
c:\windows\system32\7fz9b9ckdoo5623.ocx
c:\windows\system32\7z29viru5175.bin
c:\windows\system32\7z5059arse161.cpl
c:\windows\system32\7z95steal2593.bin
c:\windows\system32\7z9fst9al95.exe
c:\windows\system32\7zb9do9nloader29585.cpl
c:\windows\system32\8121vzrus3d59.dll
c:\windows\system32\8398sp5z599.ocx
c:\windows\system32\841no9-a-v5rzs66a.bin
c:\windows\system32\8434n95-a-zirus4f2.exe
c:\windows\system32\850spywzre2069.dll
c:\windows\system32\854zacktool779.dll
c:\windows\system32\8829s5y12dz.exe
c:\windows\system32\8954not-a-virus3z3.exe
c:\windows\system32\899zv5rus12e.ocx
c:\windows\system32\90c5dd9are22z.bin
c:\windows\system32\9121spambot5a8z.cpl
c:\windows\system32\914do9nzoade5381.cpl
c:\windows\system32\91646s5y60bz.ocx
c:\windows\system32\918z5spy499.bin
c:\windows\system32\91bbdow5zoader810.ocx
c:\windows\system32\921noz-a-9irus7ab5.ocx
c:\windows\system32\92485spambot7eez.ocx
c:\windows\system32\925zvirus5e75.ocx
c:\windows\system32\92765pyz79.ocx
c:\windows\system32\92850szambot3b6.cpl
c:\windows\system32\930zthreat207285.cpl
c:\windows\system32\93573spyz71.bin
c:\windows\system32\93b5azdware587.bin
c:\windows\system32\942z35orm20.cpl
c:\windows\system32\94at5iez9750.dll
c:\windows\system32\9529hacktzol69f.dll
c:\windows\system32\95318virzs548.dll
c:\windows\system32\955z2virus1ee5.ocx
c:\windows\system32\9594worm58z.exe
c:\windows\system32\9596vzr2681.bin
c:\windows\system32\95at59ef1567z.cpl
c:\windows\system32\95z6sparse841.exe
c:\windows\system32\96298virzs551.ocx
c:\windows\system32\9635hacktz59416.ocx
c:\windows\system32\96722szyb5.bin
c:\windows\system32\96a5zr1967.dll
c:\windows\system32\97437hack5oolz4a.ocx
c:\windows\system32\9768spy25ez.cpl
c:\windows\system32\97dspy9a5ez522.cpl
c:\windows\system32\98155orm734z.dll
c:\windows\system32\989fvir5z91.ocx
c:\windows\system32\99064not5a-viruz46c.ocx
c:\windows\system32\99474zirus356.exe
c:\windows\system32\995zspa5bot63.exe
c:\windows\system32\995zvir789.cpl
c:\windows\system32\9985py5z9.bin
c:\windows\system32\9990spz4a5.ocx
c:\windows\system32\9a50sparsz1443.bin
c:\windows\system32\9az45ir1407.cpl
c:\windows\system32\9bzaspyware4075.exe
c:\windows\system32\9c7bsp5ware1540z.ocx
c:\windows\system32\9cd3addware25z9.exe
c:\windows\system32\9cf5hrzat5552.dll
c:\windows\system32\9e82backdoorz955.dll
c:\windows\system32\9ebspyzare5524.ocx
c:\windows\system32\9z23n9t-a-virus7665.bin
c:\windows\system32\9z24hackt5ol5c3.bin
c:\windows\system32\9zafdownloader255.dll
c:\windows\system32\9zc0steal3585.bin
c:\windows\system32\9zvir9s65b.exe
c:\windows\system32\a4bzhi591595.dll
c:\windows\system32\a97vi52852z.cpl
c:\windows\system32\b35thie5149z.exe
c:\windows\system32\b36down5o9der1z8.cpl
c:\windows\system32\b55doz9loa5er2751.cpl
c:\windows\system32\b5bdown9oaderz922.cpl
c:\windows\system32\b5f9teaz363.dll
c:\windows\system32\bcth9e5z84.bin
c:\windows\system32\bz5downloa5er2998.cpl
c:\windows\system32\c32zir9956.bin
c:\windows\system32\c95ba9kdoorz135.exe
c:\windows\system32\ca8zh9eat1555.exe
c:\windows\system32\ce9spa9se3254z.exe
c:\windows\system32\d7cdownl5zder15059.exe
c:\windows\system32\d89szarse5474.dll
c:\windows\system32\dbadz9nloader5520.ocx
c:\windows\system32\e19thi5fz499.bin
c:\windows\system32\e2fvir594z9.dll
c:\windows\system32\e6659eal14z1.bin
c:\windows\system32\f21t5ie99z6.ocx
c:\windows\system32\f2zb5ckdoor9.ocx
c:\windows\system32\msihost.exe
c:\windows\system32\z019p5rse276.dll
c:\windows\system32\z0496sp5794.exe
c:\windows\system32\z08925ot-a-vir9s576.bin
c:\windows\system32\z0e5thre9t52974.dll
c:\windows\system32\z109worm3e5.ocx
c:\windows\system32\z145vir5s4e79.exe
c:\windows\system32\z1665hackt9ol569.bin
c:\windows\system32\z2452worm7985.dll
c:\windows\system32\z2980spy65.cpl
c:\windows\system32\z3545orm69b.dll
c:\windows\system32\z456addware1956.ocx
c:\windows\system32\z45not-a9virus6ee.exe
c:\windows\system32\z4607vi9us251.dll
c:\windows\system32\z5235ha9ktool5635.bin
c:\windows\system32\z54849roj87.exe
c:\windows\system32\z564w5r98e.dll
c:\windows\system32\z5756hac95ool5a7.bin
c:\windows\system32\z5789spambot599.exe
c:\windows\system32\z58709roj101.dll
c:\windows\system32\z58esteal1492.dll
c:\windows\system32\z5908spy15e.ocx
c:\windows\system32\z5966spambot4bb.bin
c:\windows\system32\z61119acktoo57c3.ocx
c:\windows\system32\z6185spambo56899.dll
c:\windows\system32\z6589tro93a7.dll
c:\windows\system32\z6879t5oj9a6.cpl
c:\windows\system32\z703vir9s5b9.dll
c:\windows\system32\z77avi95708.dll
c:\windows\system32\z7fs59al225.dll
c:\windows\system32\z874not-a5virus9f8.cpl
c:\windows\system32\z895w9rm5f4.ocx
c:\windows\system32\z8eb5ir980.dll
c:\windows\system32\z904not-a-v5rus38.cpl
c:\windows\system32\z9116ha5ktool7c99.exe
c:\windows\system32\z9118virus65e.cpl
c:\windows\system32\z91235roj1ed.exe
c:\windows\system32\z919add5are216.dll
c:\windows\system32\z959s5a9bot725.exe
c:\windows\system32\z96fvir2945.ocx
c:\windows\system32\z9849hief656.cpl
c:\windows\system32\z9cfsparse5699.exe
c:\windows\system32\zb455hief15619.ocx
c:\windows\system32\zb59sparse2747.cpl
c:\windows\system32\zbb9thre5t23249.ocx
c:\windows\system32\zc33do5nloader5979.dll
c:\windows\system32\zc73steal29095.cpl
c:\windows\system32\zcb25ir935.bin

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINDOWS_MSI
-------\Service_869351fc
-------\Service_Windows MSI


((((((((((((((((((((((((( Files Created from 2009-08-04 to 2009-09-04 )))))))))))))))))))))))))))))))
.

2009-09-03 05:07 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-03 05:07 . 2009-09-03 06:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-03 05:07 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-01 01:39 . 2009-09-01 01:39 -------- d-----w- c:\windows\Sun
2009-08-27 09:59 . 2009-08-27 09:59 -------- d-----w- c:\documents and settings\Owner\Application Data\FreeCap
2009-08-27 08:27 . 2009-09-02 01:58 -------- d-----w- c:\program files\LiveSpy
2009-08-27 08:25 . 2009-08-27 08:25 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-27 08:24 . 2009-08-27 08:24 -------- d-----w- c:\program files\Java
2009-08-27 08:09 . 2009-08-27 08:09 -------- d-----w- c:\program files\My IP Address
2009-08-23 01:26 . 2009-08-23 01:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2009-08-23 01:25 . 2009-08-23 01:25 -------- d-----w- c:\documents and settings\Owner\Saved Games
2009-08-23 01:25 . 2009-08-23 01:25 -------- d-----w- c:\documents and settings\Owner\Application Data\FloodLightGames
2009-08-23 01:25 . 2009-08-23 01:25 -------- d-----w- c:\documents and settings\All Users\Application Data\FloodLightGames
2009-08-23 01:24 . 2009-08-23 01:24 -------- d-----w- c:\program files\AOL Games
2009-08-19 18:26 . 2009-08-19 18:26 -------- d-----w- c:\program files\Alpha Card Systems
2009-08-19 18:25 . 2009-08-19 18:25 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Downloaded Installations
2009-08-19 17:24 . 2009-08-19 17:24 -------- d-----w- c:\windows\Cache
2009-08-19 16:19 . 2009-08-19 16:19 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2009-08-19 15:38 . 2009-08-27 21:10 -------- d-----w- c:\program files\ZebraDesigner
2009-08-19 15:32 . 2004-08-04 06:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-08-09 22:41 . 2009-08-09 22:41 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\LogMeIn
2009-08-09 22:41 . 2009-08-09 22:41 -------- d-----w- c:\documents and settings\All Users\Application Data\LogMeIn
2009-08-09 19:15 . 2009-04-07 19:26 29008 ----a-w- c:\windows\system32\RAport.dll
2009-08-09 19:15 . 2009-04-07 19:27 83312 ----a-w- c:\windows\system32\RARfsClientNP.dll
2009-08-09 19:15 . 2008-09-08 18:43 47528 ----a-w- c:\windows\system32\drivers\RARfsDriver.sys
2009-08-09 19:15 . 2009-04-07 19:26 91472 ----a-w- c:\windows\system32\RAinit.dll
2009-08-09 19:06 . 2009-08-09 19:18 -------- d-----w- c:\program files\Network Console
2009-08-09 07:05 . 2009-08-16 13:14 -------- d-----w- c:\program files\Trivia Machine
2009-08-09 01:00 . 2009-08-09 01:00 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Yahoo
2009-08-09 00:45 . 2009-08-09 00:45 262144 ----a-w- C:\ntuser.dat
2009-08-09 00:45 . 2009-08-09 01:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-08-09 00:45 . 2009-08-09 00:45 -------- d-----w- c:\documents and settings\Owner\Application Data\Yahoo!
2009-08-09 00:44 . 2009-08-09 00:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-08-09 00:44 . 2009-08-09 00:45 -------- d-----w- c:\program files\Yahoo!
2009-08-08 15:03 . 2009-08-08 15:03 -------- d-----w- C:\SWSetup

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-03 06:41 . 2009-05-06 02:12 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-03 04:44 . 2009-05-01 05:43 -------- d-----w- c:\documents and settings\Owner\Application Data\Webroot
2009-09-03 04:44 . 2009-05-01 05:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot
2009-08-29 01:59 . 2009-03-30 09:51 21488 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-27 21:08 . 2007-05-16 04:33 -------- d-----w- c:\program files\trademanager
2009-08-27 02:31 . 2009-03-30 09:40 138312 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-08-26 17:02 . 2007-05-19 05:38 196608 ----a-w- c:\windows\system32\avisynth.dll
2009-08-26 17:01 . 2007-05-19 05:38 414272 ----a-w- c:\windows\system32\DivXc32f.dll
2009-08-26 17:01 . 2007-05-19 05:38 414272 ----a-w- c:\windows\system32\DivXc32.dll
2009-08-26 17:01 . 2007-05-19 05:38 33280 ----a-w- c:\windows\system32\HUFFYUV.DLL
2009-07-24 21:51 . 2009-07-18 18:32 -------- d-----w- c:\program files\Windows Live Safety Center
2009-07-14 01:19 . 2009-07-14 01:19 -------- d-----w- c:\program files\Microsoft Silverlight
2009-06-14 00:35 . 2009-06-14 00:34 16742799 ----a-w- c:\documents and settings\All Users\Application Data\vlc-0.9.9-win32.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-09-04_18.37.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-04 21:38 . 2009-09-04 21:38 16384 c:\windows\temp\Perflib_Perfdata_784.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\RAinit]
2009-04-07 19:26 91472 ----a-w- c:\windows\system32\RAinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=

R2 DLPORTIO;DLPORTIO;c:\windows\DLPORTIO.sys [5/2/2009 6:13 PM 3584]
R2 RARfsDriver;RemotelyAnywhere Remote File System Driver;c:\windows\system32\drivers\RARfsDriver.sys [8/9/2009 12:15 PM 47528]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [4/30/2009 10:53 PM 1181040]
R3 ramirr;ramirr;c:\windows\system32\drivers\ramirr.sys [9/8/2008 11:41 AM 10168]
S2 RAInfo;RemotelyAnywhere Kernel Information Provider;\??\c:\program files\RemotelyAnywhere\x86\RaInfo.sys --> c:\program files\RemotelyAnywhere\x86\RaInfo.sys [?]
S4 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [4/17/2009 8:29 AM 33176]
S4 RARfsClientNP;RARfsClientNP; [x]
.
Contents of the 'Scheduled Tasks' folder

2009-09-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-09-04 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-02-09 22:06]
.
.
------- Supplementary Scan -------
.
IE: &Search
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-04 14:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(624)
c:\windows\system32\RAinit.dll

- - - - - - - > 'explorer.exe'(1972)
c:\windows\system32\shdoclc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\devldr32.exe
.
**************************************************************************
.
Completion time: 2009-09-04 14:43 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-04 21:43
ComboFix2.txt 2009-09-04 18:42

Pre-Run: 85,907,726,336 bytes free
Post-Run: 85,866,242,048 bytes free

Current=13 Default=13 Failed=12 LastKnownGood=14 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14
739 --- E O F --- 2009-03-31 09:51

Attached Files


Edited by Buckeye_Sam, 05 September 2009 - 09:59 AM.


#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:59 AM

Posted 05 September 2009 - 10:00 AM

Please do not attach log files. It's much easier for me to review them if you copy and paste the text directly into your post.


Please update Malwarebytes and run a full scan.
  • Open Malwarebytes and select the Update tab.
  • Click on the Check for Updates button and allow the program to download the latest updates.
  • Once you have the latest updates, select the Scanner tab.
  • Select "Perform full scan" and click the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users