Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sudden Mouse Problems


  • This topic is locked This topic is locked
33 replies to this topic

#1 lina816

lina816

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 28 September 2009 - 11:57 PM

Hi,

My mouse suddenly starting having this problem. I'll be using my mouse, then it suddenly makes the "disconnect" noise, followed by the "reconnect" noise, during which time my mouse stops working. Once it reconnects, the mouse will work for a while, then it will suddenly disconnect again. Sometimes, the reconnect noise does not happen, and the mouse remains disconnected. In this case, I have to manually disconnect the mouse (i.e. unplug it, it is connected through a USB) and then reconnect it. The problem isn't predictable. Sometimes it will be fine for a while (maybe even 10 minutes), other times the problem happens every couple of seconds (to the point where the mouse basically becomes unusable).

So, I started thinking that maybe I had a mouse problem. I went and bought a new mouse, to see if that would resolve the problem. The new mouse no longer does the "disconnect/reconnect" thing, but it doesn't act properly. Now, the mouse will be working fine for a while, then it will get really slow (i.e. instead of moving across the entire screen, the mouse will only move an inch) or even completely stop moving. The device remains connected the entire time, but it feels like the mouse just slows way down (or stops) periodically. Other times, the mouse moves normally, but I have to click on something multiple times before it actually registers that I've clicked on something. And other times, the mouse works perfectly normally. Again, I can't predict when the mouse will demonstrate different problems.

When the mouse isn't working properly, it feels like the entire computer is just "bogged down" or slow. However, I can't tell if the computer is really slow, or if it's just the mouse. I don't know much about computers, but I tried the few things I do know. I ran my antivirus (which is up-to-date), and it found nothing. I also ran Malwarebytes Anti-Malware, which also found nothing. I looked at the task manager, and noticed that the CPU percentage jumps up at times (it will fluctuate from like 2% suddenly up to 80%, then back to 35%, then 28%, etc.). I don't know enough about computers to know whether this is normal or not. But I thought I'd let you know about it.

I originally posted this topic in the forum entitled "Am I infected? What do I do?" With the help of the moderator Garmanma, we found (and fixed) a few things, but nothing successfully resolved the problems I'm having. Garmanma suggested I post a topic in this forum, to try to resolve these problems. I'd really appreciate any help you can offer!

Here are the DDS results:


DDS (Ver_09-09-29.01) - NTFSx86
Run by Heidi at 23:15:31.00 on Mon 09/28/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.426 [GMT -5:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSMonitor.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Heidi\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local.,;*.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: ZoneAlarm Spy Blocker BHO: {f0d4b231-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
TB: ZoneAlarm Spy Blocker: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: AIM Search: {40d41a8b-d79b-43d7-99a7-9ee0f344c385} - c:\program files\aim toolbar\AIMBar.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\RegistryBooster.exe /S
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
uRun: [EPSON Stylus CX7400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticda.exe /fu "c:\windows\temp\E_SA2.tmp" /EF "HKCU"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; InfoPath.1)" -"http://www.shockwave.com/contentPlay/shockwave.jsp?dwin=1&id=jigsawpuzzles&fullScreen=1"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [wcmdmgr] c:\windows\wt\updater\wcmdmgrl.exe -launch
mRun: [nwiz] nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [IntelliType] "c:\program files\microsoft hardware\keyboard\type32.exe"
mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [AVGIDS] "c:\program files\avg\avg8\identityprotection\agent\bin\AVGIDSUI.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
IE: &AIM Search - c:\program files\aim toolbar\AIMBar.dll/aimsearch.htm
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: ActiveGS.cab - hxxp://www.virtualapple.org/activegs.cab
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {055B4212-4C81-448E-AFA9-C3CA4AAE8F95} - hxxp://www.shockwave.com/content/dairydash/sis/DairyDashWeb.1.0.0.12.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} - hxxp://www.symantec.com/techsupp/activedata/nprdtinf.cab
DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} - hxxp://rd1.surfernetwork.com/surferplugin.ocx
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133679358765
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {775879E2-7309-4619-BB02-AADE41F4B690} - hxxp://www.shockwave.com/content/dreamchronicles/sis/dreamweb.1.0.0.10.cab
DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxp://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371420.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - hxxp://www.shockwave.com/content/burgershop/sis/EggoKitchen/GoBitGamesPlayer_v5.cab
DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} - hxxp://simcity.ea.com/play/classic/SimCityX.cab
DPF: {C0C0CB9B-BFEB-47C2-90FA-BE9692875ADB} - hxxp://www.shockwave.com/content/petshophop/sis/petshophopweb.1.0.0.17.cab
DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} - hxxp://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/cpucheck_1_0_0_4.cab
DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - hxxp://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/Entriq_3_4_0_15_Silent.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - hxxp://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/NBCUniversal_1_0_0_3.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHr;AVGIDSErHr;c:\windows\system32\drivers\AVGIDSErHr.sys [2009-7-22 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-9-27 12552]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-31 64160]
R0 St320hg;St320hg;c:\windows\system32\drivers\st320hg.sys [2002-9-12 85696]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-27 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-9-27 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-27 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 74480]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-10-28 353672]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-9-27 297752]
R2 avgfws8;AVG8 Firewall;c:\progra~1\avg\avg8\avgfws8.exe [2009-9-27 1370488]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg8\identityprotection\agent\bin\AVGIDSAgent.exe [2009-7-22 5641736]
R2 AVGIDSWatcher;AVGIDSWatcher;c:\program files\avg\avg8\identityprotection\agent\bin\AVGIDSWatcher.exe [2009-7-22 571912]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-7-19 192160]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-7-19 169632]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1029456]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-9-27 1813232]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-2-22 24652]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-9-27 29208]
R3 AVGIDSDriver;AVGIDSDriver;c:\program files\avg\avg8\identityprotection\agent\driver\platform_xp\AVGIDSDriver.sys [2009-7-22 121352]
R3 AVGIDSFilter;AVGIDSFilter;c:\program files\avg\avg8\identityprotection\agent\driver\platform_xp\AVGIDSFilter.sys [2009-7-22 30216]
R3 AVGIDSShim;AVGIDSShim;c:\program files\avg\avg8\identityprotection\agent\driver\platform_xp\AVGIDSShim.sys [2009-7-22 27232]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-28 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090927.002\naveng.sys [2009-9-27 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090927.002\navex15.sys [2009-9-27 1323568]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-9-27 29208]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-15 7408]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-9-27 116464]
S3 tj2knd5;Terayon Cable Modem (NDIS);c:\windows\system32\drivers\tj2knd5.sys [2005-1-24 17616]
S3 tj2kunic;Terayon Cable Modem (WDM);c:\windows\system32\drivers\tj2kunic.sys [2005-1-24 69680]

=============== Created Last 30 ================

2009-09-27 23:52 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-09-27 23:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Downloaded Installations
2009-09-27 23:08 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-09-27 23:08 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-09-27 23:08 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-09-27 23:08 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-09-27 23:06 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-09-27 23:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-09-27 23:04 50,968 a------- c:\windows\system32\avgfwdx.dll
2009-09-27 23:04 29,208 a------- c:\windows\system32\drivers\avgfwdx.sys
2009-09-27 23:04 <DIR> --d----- c:\program files\AVG
2009-09-27 23:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-09-27 22:56 <DIR> --d----- c:\docume~1\heidip~1\applic~1\AVG8
2009-09-27 22:17 18,340 a------- c:\windows\c9dow5loazer1976.bin
2009-09-27 09:31 17,282 a------- c:\windows\4e52virz3479.bin
2009-09-25 23:08 8,977 a------- c:\windows\4997thie55z.dll
2009-09-24 07:17 10,852 a------- c:\windows\system32\2684azdw95e331.bin
2009-09-23 19:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\F-Secure
2009-09-22 16:32 13,528 a------- c:\windows\system32\1f355ownlz9der2627.bin
2009-09-21 19:27 <DIR> --d----- c:\documents and settings\heidi\DoctorWeb
2009-09-20 22:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-09-20 22:43 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-09-20 22:43 <DIR> --d----- c:\docume~1\heidip~1\applic~1\SUPERAntiSpyware.com
2009-09-20 22:27 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-20 22:27 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-20 22:27 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-19 21:26 1,753,088 a------- c:\windows\system32\ExGrid.dll
2009-09-19 21:26 614,400 a------- c:\windows\system32\ExButton.dll
2009-09-19 21:26 602,112 a------- c:\windows\system32\ExMenu.dll
2009-09-19 21:26 516,096 a------- c:\windows\system32\ExTab.dll
2009-09-19 21:26 307,200 a------- c:\windows\system32\ExPMenu.dll
2009-09-19 21:26 118,784 a------- c:\windows\system32\eWebControl.dll
2009-09-19 21:26 <DIR> --d----- c:\program files\AnswersThatWork
2009-09-19 18:46 16,230 a------- c:\windows\197zthreat23955.bin
2009-09-18 16:38 4,927 a------- c:\windows\system32\291zth59f2736.ocx
2009-09-18 16:14 3,582 a------- c:\windows\system32\542959zcktool2b1.bin
2009-09-18 14:33 5,234 a------- c:\windows\5255s9yzare296.ocx
2009-09-15 21:57 <DIR> --d----- c:\program files\iPod
2009-09-15 21:57 <DIR> --d----- c:\program files\iTunes
2009-09-15 20:46 11,674 a------- c:\windows\system32\9613s9ambot575z.dll
2009-09-15 07:06 16,540 a------- c:\windows\system32\ezabackdoo93059.cpl
2009-09-15 01:54 14,877 a------- c:\windows\5185a9dwaze2772.cpl
2009-09-15 00:15 44,768 a---h--- c:\windows\system32\mlfcache.dat
2009-09-14 21:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SecTaskMan
2009-09-14 21:53 <DIR> --d----- c:\program files\Security Task Manager
2009-09-14 19:33 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-09-14 19:33 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-09-14 19:32 21,504 a------- c:\windows\system32\drivers\hidserv.dll
2009-09-14 19:22 21,504 ac------ c:\windows\system32\dllcache\hidserv.dll
2009-09-14 19:22 21,504 a------- c:\windows\system32\hidserv.dll
2009-09-13 22:36 6,395 a------- c:\windows\23296virus25z.bin
2009-09-13 15:05 <DIR> --d----- c:\docume~1\heidip~1\applic~1\Office Genuine Advantage
2009-09-12 20:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-12 16:12 <DIR> --d----- c:\docume~1\heidip~1\applic~1\GraveyardShift
2009-09-12 07:52 15,966 a------- c:\windows\50467n9t-a-vizus69.exe
2009-09-11 23:38 14,359 a------- c:\windows\1fabzpywar599.cpl
2009-09-11 13:09 5,622 a------- c:\windows\system32\355z9pa5se2852.ocx
2009-09-11 08:22 5,357 a------- c:\windows\1028tr9j50z5.bin
2009-09-11 04:04 17,221 a------- c:\windows\system32\310a5dwa9e3z78.dll
2009-09-08 18:55 153,088 -c------ c:\windows\system32\dllcache\triedit.dll
2009-09-05 01:54 94,208 a------- c:\windows\system32\QuickTimeVR.qtx
2009-09-05 01:54 69,632 a------- c:\windows\system32\QuickTime.qts
2009-09-02 02:02 14,233 a------- c:\windows\system32\22z555o9m454.dll

==================== Find3M ====================

2009-09-27 22:17 17,313 a------- c:\windows\5c18back9oor11z5.bin
2009-08-28 09:49 17,609 a------- c:\windows\system32\9z87hack9ool595.exe
2009-08-25 16:07 8,872 a------- c:\windows\system32\535ed9wnloadez3220.bin
2009-08-24 10:16 16,915 a------- c:\windows\system32\24z429p5259.dll
2009-08-24 10:10 17,244 a------- c:\windows\system32\5e9downl9azer589.dll
2009-08-21 23:50 7,471 a------- c:\windows\2972not-a-v5rzs35.bin
2009-08-21 20:35 15,678 a------- c:\windows\system32\573f9parsz674.dll
2009-08-20 19:38 17,029 a------- c:\windows\system32\9269stzal5608.dll
2009-08-20 14:53 15,591 a------- c:\windows\13633sp9mbot25z.dll
2009-08-19 21:43 17,283 a------- c:\windows\1551not-a-vizu9153.exe
2009-08-19 13:42 2,958 a------- c:\windows\system32\8975hacktoo560z.exe
2009-08-14 08:36 7,640 a------- c:\windows\z126vi5us9d0.bin
2009-08-14 01:44 14,964 a------- c:\windows\7fezvi920015.bin
2009-08-11 22:35 4,797 a------- c:\windows\system32\2152z9pyaa.bin
2009-08-11 07:26 18,215 a------- c:\windows\236fthizf5191.exe
2009-08-09 07:17 16,750 a------- c:\windows\system32\539zvir4559.exe
2009-08-08 04:11 3,518 a------- c:\windows\system32\148zaddware5139.dll
2009-08-06 23:51 14,809 a------- c:\windows\system32\303z3sp59bot72d.exe
2009-08-06 10:10 16,937 a------- c:\windows\6ea2ad9zare521.exe
2009-08-05 04:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-04 18:51 8,294 a------- c:\windows\system32\5bf1b5ckdzor3109.dll
2009-08-03 15:07 403,816 a------- c:\windows\system32\OGACheckControl.dll
2009-08-03 15:07 322,928 a------- c:\windows\system32\OGAAddin.dll
2009-08-03 15:07 230,768 a------- c:\windows\system32\OGAEXEC.exe
2009-08-03 11:45 3,387 a------- c:\windows\75ceadd5arz21509.bin
2009-07-27 17:50 3,108 a------- c:\windows\system32\5ee59hreatz0410.bin
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-23 07:24 5,234 a------- c:\windows\system32\21773wozm9225.bin
2009-07-20 16:57 14,421 a------- c:\windows\system32\1f4fs5zrse14949.bin
2009-07-20 02:29 7,200 a------- c:\windows\9472w9r5z21.bin
2009-07-18 16:40 8,988 a------- c:\windows\z193addwa59890.dll
2009-07-17 20:18 18,409 a------- c:\windows\system32\9534spazse121.bin
2009-07-17 14:56 10,934 a------- c:\windows\z5d9a5dware1847.exe
2009-07-17 14:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 07:30 5,106 a------- c:\windows\7854hackt9ol770z.exe
2009-07-16 18:01 16,967 a------- c:\windows\125cszeal9978.exe
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-11 19:16 11,593 a------- c:\windows\system32\2z954tr5j2e19.exe
2009-07-09 11:44 5,963 a------- c:\windows\system32\1z615tr9j6fa.dll
2009-07-08 17:18 13,913 a------- c:\windows\5322thre9t691z.exe
2009-07-08 16:30 18,136 a------- c:\windows\system32\27bfd9wn5oazer1652.exe
2009-07-08 09:06 2,799 a------- c:\windows\system32\28425szy95b.exe
2009-07-06 23:04 15,545 a------- c:\windows\10954za95tool213.exe
2009-07-05 04:35 7,539 a------- c:\windows\5599vir590z.dll
2009-07-04 10:47 6,860 a------- c:\windows\z9809spy7f5.dll
2009-07-03 12:09 915,456 a------- c:\windows\system32\wininet.dll
2009-07-03 07:00 5,923 a------- c:\windows\system32\1630s9zal2955.dll
2009-07-01 09:20 9,163 a------- c:\windows\system32\97a5threatz698.dll
2008-04-05 04:46 5,824 ac------ c:\docume~1\heidip~1\applic~1\mindhabits.dat
2005-04-30 01:25 774,144 a------- c:\program files\RngInterstitial.dll
1765-11-26 20:49 4,263 -c-sh--- c:\windows\windllreg1c.sys
2008-10-02 22:15 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008100220081003\index.dat

============= FINISH: 23:17:09.10 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:30 PM

Posted 16 October 2009 - 04:24 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:30 PM

Posted 23 October 2009 - 04:07 PM

Hello.

Due to Lack of feedback, this topic is now Closed

If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#4 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:30 PM

Posted 24 October 2009 - 09:39 PM

***Topic re-opened per OP request***

Hi and welcome to the HijackThis Logs and Virus/Trojan/Spyware/Malware Removal forum,

I am Posted Image and I am here to help you!

I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

==========

Lets begin.............

I know for certain that this is one of your problems!!!!!!!!!!!!

I do not recommend that you have more than one anti virus or firewall product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove two: AVG or ZoneAlarm or Symantec.

Again.....one AV and one FW only!!!!!!!! No exceptions.

==========

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

==========

The following is referring to Uniblue Registry Booster.
Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:
  • Registry tools can cause irreparable damage to your Operating System
  • Registry tools can, as a result of the above, render your pc to be inoperable.
This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.
If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.

==========

Uninstall ZoneAlarm Spy Blocker please.

==========

Download and Run ComboFix (by sUBs)

You must rename it before saving it.

Posted Image

Posted Image

Please download ComboFix from one of these locations:

Link 1
Link 2

Save thcbytes.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.

  • Double click on thcbytes.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


==========

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

With your next post please provide:

* Which AV & FW did you uninstall?
* Did you uninstall the Registry cleaner?
* Did you uninstall Viewpoint and the ZoneAlarm Spy Blocker?
* Combofix.txt
* How is your computer running now?

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#5 lina816

lina816
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 24 October 2009 - 09:50 PM

Thanks so much for your help! Quick question with the first step:
I got rid of AVG...which leaves Symantec and ZoneAlarm. Forgive my computer ignorance, but isn't Symantec an anti-virus and ZoneAlarm a firewall? Or do they each do both things, and therefore I should get rid of one? Thanks so much!

#6 lina816

lina816
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 24 October 2009 - 10:05 PM

I have another question. I've been reading through your post, and have a question about the registry booster (once I get to that step). How do I get rid of Uniblue Registry Booster? It's not in add/remove programs, so do I just manually delete the folder it's located in? Thanks so much for all your help!

#7 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:30 PM

Posted 24 October 2009 - 10:43 PM

Hi there,

I got rid of AVG...which leaves Symantec and ZoneAlarm. Forgive my computer ignorance, but isn't Symantec an anti-virus and ZoneAlarm a firewall? Or do they each do both things, and therefore I should get rid of one?

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
FW: AVG Firewall


Go ahead and uninstall ZoneAlarm for now. That will leave you with Symantec AV and the Windows firewall. :(

==========

Do I just manually delete the folder it's located in?
Nah. I will nuke it later.

==========

Thanks,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#8 lina816

lina816
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 25 October 2009 - 11:17 AM

Hello,

Here's what I've done:
*Got rid of AVG
*Got rid of Zone Alarm
*Got rid of Viewpoint
*Got rid of Zone Alarm Spy Blocker
*Ran Combo Fix--Results below:

ComboFix 09-10-24.06 - Heidi 10/25/2009 10:46.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.419 [GMT -5:00]
Running from: c:\documents and settings\Heidi\Desktop\thcbytes.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Heidi\Application Data\.#
c:\windows\1028tr9j50z5.bin
c:\windows\102z5hac9tool315.bin
c:\windows\10952ziru945e.exe
c:\windows\10954za95tool213.exe
c:\windows\11097spazbot505.cpl
c:\windows\11389hac5tool3az.exe
c:\windows\11945h95ktozl59b.cpl
c:\windows\119905ot-a-v9rus2b9z.exe
c:\windows\12562not-a-vizu94d3.bin
c:\windows\125cszeal9978.exe
c:\windows\1295thizf2557.bin
c:\windows\12f2b9czdoor2253.exe
c:\windows\13519w9rm5cfz.bin
c:\windows\13633sp9mbot25z.dll
c:\windows\138z5vir9s2a3.exe
c:\windows\13955spy9d3z.dll
c:\windows\14549spambzt139.exe
c:\windows\1485ba9kzoor1512.cpl
c:\windows\149089roj521z.bin
c:\windows\15000spyzb9.bin
c:\windows\15005spambo95b1z.dll
c:\windows\15097sz5mbot6.dll
c:\windows\15219aczd5or488.cpl
c:\windows\15359vizus6df.exe
c:\windows\15498spyz9.bin
c:\windows\1551not-a-vizu9153.exe
c:\windows\15549zroj3e.exe
c:\windows\1559vizus96.ocx
c:\windows\1569addware3z71.cpl
c:\windows\15959not-a-virusz6e.exe
c:\windows\159bbackzoor2364.ocx
c:\windows\159cvir13z.ocx
c:\windows\15z00w9rm4f8.exe
c:\windows\16803hazkt5ol493.cpl
c:\windows\16938zpy2d5.exe
c:\windows\169395irzs798.exe
c:\windows\1695zpambot41d5.exe
c:\windows\16b4sz5ware2369.ocx
c:\windows\17356wor960cz.dll
c:\windows\17389hzcktool825.cpl
c:\windows\1752t9iez528.dll
c:\windows\17595teaz747.cpl
c:\windows\176z3t5oj78d9.exe
c:\windows\17823viz5s91.dll
c:\windows\17z31hack5o9l64d.cpl
c:\windows\17z56v9rus5eb.ocx
c:\windows\1801z9acktoola85.exe
c:\windows\19025sp51zf.dll
c:\windows\19230sp5za5.exe
c:\windows\193925orz5c1.ocx
c:\windows\19431trz52fb.bin
c:\windows\196109iru5ze3.exe
c:\windows\19643not-a-v9z5s24a.exe
c:\windows\197z25ir9s328.bin
c:\windows\197zthreat23955.bin
c:\windows\19806vz95s37e.bin
c:\windows\19880not-z95irus4aa.ocx
c:\windows\1989z5py633.ocx
c:\windows\19959py35z.cpl
c:\windows\1bzaad9ware3571.dll
c:\windows\1fabzpywar599.cpl
c:\windows\1fbaspzw9r52062.dll
c:\windows\1z157v9ru5402.cpl
c:\windows\1z41559oj4bc.cpl
c:\windows\1z5ethie91165.ocx
c:\windows\1z779t5oj5a3.cpl
c:\windows\1z990spy3405.bin
c:\windows\1zae9hie5455.cpl
c:\windows\20164sp54f9z.ocx
c:\windows\20b5threz92497.exe
c:\windows\20d6downloader56z9.dll
c:\windows\20z09spam5ot524.dll
c:\windows\21020no5-9-virzs1d7.bin
c:\windows\2108zv9ru5536.exe
c:\windows\21199trz5f0.dll
c:\windows\2123v9rz544.dll
c:\windows\2135sp96f5z.exe
c:\windows\21659viruz7b4.ocx
c:\windows\2173459rus4z0.exe
c:\windows\22180not-z-v59us279.dll
c:\windows\223699pa5bzt100.dll
c:\windows\225995r9z3b.cpl
c:\windows\225ztroj569.dll
c:\windows\22a2downl5ade9z042.exe
c:\windows\22fbsparse51z29.cpl
c:\windows\23296virus25z.bin
c:\windows\23583hack9ool7cz.exe
c:\windows\236fthizf5191.exe
c:\windows\24195virusz71.dll
c:\windows\2419addwz9e1457.dll
c:\windows\2475irz9599.dll
c:\windows\251529zoj41.bin
c:\windows\25295trojz05.exe
c:\windows\25319hacztool136.ocx
c:\windows\2551zte9l9055.exe
c:\windows\25583s5z9bot33d.dll
c:\windows\26262spa5bz940e.dll
c:\windows\26292spaz5ot8d.exe
c:\windows\26375spy9z4.exe
c:\windows\26855spamb9t5zb.ocx
c:\windows\26z43v9rus5e1.cpl
c:\windows\2735z9irusa95.ocx
c:\windows\27465wor591z.dll
c:\windows\27559tzoj7365.cpl
c:\windows\27a8sp95se586z.exe
c:\windows\27aethr5at2496z.cpl
c:\windows\27e39owzl5ader1727.bin
c:\windows\282529zrm75a.exe
c:\windows\28638no9-a-5zrus7e.exe
c:\windows\28759tzoj5cc.bin
c:\windows\28b6sz5al22179.bin
c:\windows\291z1tr5j696.ocx
c:\windows\294z6v9rus7925.bin
c:\windows\2972not-a-v5rzs35.bin
c:\windows\29793v5rus4z5.cpl
c:\windows\2b9zsp5ware2420.bin
c:\windows\2d66sp5rze2069.ocx
c:\windows\2e0zaddw9re5388.bin
c:\windows\2f39s9ywarez615.dll
c:\windows\2f5bzd9ware5698.bin
c:\windows\2z5stea9572.bin
c:\windows\2z604t9oj3f15.ocx
c:\windows\2z6629roj55c.bin
c:\windows\2zb6thie92345.cpl
c:\windows\3079z9a5ktool6a0.exe
c:\windows\3191threat1544z.ocx
c:\windows\32193spaz95t7bf.bin
c:\windows\321z1wo5m599.dll
c:\windows\32291tzoj152.dll
c:\windows\3250add5arz994.ocx
c:\windows\32594spambot75az.dll
c:\windows\3409hzckto5l.bin
c:\windows\3488s5eaz9519.dll
c:\windows\3495threaz15677.bin
c:\windows\3538backzoor898.bin
c:\windows\35480s9z22f.cpl
c:\windows\3578backdoz9649.dll
c:\windows\35zfvir23095.cpl
c:\windows\36c9addzare11625.bin
c:\windows\3785zhief3940.cpl
c:\windows\38015ownloa9er1449z.exe
c:\windows\39446not5a-virusz9e.cpl
c:\windows\39535hackzool3f9.bin
c:\windows\3982spyz56.exe
c:\windows\399btzie52090.dll
c:\windows\3b2abazk9oor155.dll
c:\windows\3c219hi5f1835z.ocx
c:\windows\3d47downlozd951001.dll
c:\windows\3de45te9l137z.dll
c:\windows\3e5cstezl9047.exe
c:\windows\3e9daddwar9z215.exe
c:\windows\3ef15pywa9e48z.bin
c:\windows\3f59zpyware1297.dll
c:\windows\40495pam9oz5ed.exe
c:\windows\4103down5zader95.exe
c:\windows\41b2down5ozd9r855.cpl
c:\windows\4230d5znload9r1008.exe
c:\windows\42549zrm62.cpl
c:\windows\429cs95waze611.bin
c:\windows\4374tzoj29d5.ocx
c:\windows\43bfazd5are1927.bin
c:\windows\43bzs5arse2195.bin
c:\windows\44059pywarz2345.bin
c:\windows\4419spy55z.ocx
c:\windows\444095zrse2717.dll
c:\windows\448zspam9o553a.bin
c:\windows\455dbackdozr12089.cpl
c:\windows\4561t9oj67z.exe
c:\windows\45abaddwa95639z.bin
c:\windows\45zb59ief2930.cpl
c:\windows\4659thzeat8522.cpl
c:\windows\470asp5r9z1865.exe
c:\windows\470zdownloader5965.dll
c:\windows\4997thie55z.dll
c:\windows\49dad9wnzoad5r627.exe
c:\windows\4a45thizf2598.dll
c:\windows\4a92stea522z9.ocx
c:\windows\4c7bdownz9ader596.cpl
c:\windows\4cfz9py5are693.exe
c:\windows\4d945pywaze2344.ocx
c:\windows\4e04thre9525z11.dll
c:\windows\4e52virz3479.bin
c:\windows\4ebzbackdoor9539.bin
c:\windows\4fe9back5o9z3222.bin
c:\windows\4z95backdoor726.cpl
c:\windows\4z9v5rus540.exe
c:\windows\50195spzmbot49d.ocx
c:\windows\50467n9t-a-vizus69.exe
c:\windows\507dbackdoo5z091.ocx
c:\windows\51108zroj591.cpl
c:\windows\5141b9ckdoor2z57.dll
c:\windows\514669irus40z.dll
c:\windows\51495hief1z1.exe
c:\windows\5185a9dwaze2772.cpl
c:\windows\519e9hief317z.dll
c:\windows\51aevir197z.ocx
c:\windows\51d9hief2552z.dll
c:\windows\5213vzr99255.exe
c:\windows\5255s9yzare296.ocx
c:\windows\526espy9are2z315.ocx
c:\windows\5322thre9t691z.exe
c:\windows\5339ir588z.cpl
c:\windows\5351stzal2697.cpl
c:\windows\5360t9iefz991.cpl
c:\windows\5382hacztoo9355.cpl
c:\windows\53a9s5eal1556z.exe
c:\windows\53f1down9oader1z59.exe
c:\windows\5426sp9z.dll
c:\windows\549avirz509.bin
c:\windows\54ddthiz59517.ocx
c:\windows\556spyzare1907.bin
c:\windows\5597thrzat2545.dll
c:\windows\5599vir590z.dll
c:\windows\559zspars929785.dll
c:\windows\5651zteal913.exe
c:\windows\57794virusza.ocx
c:\windows\577downloaderz2599.exe
c:\windows\5799threat31z42.bin
c:\windows\579threat289z7.exe
c:\windows\57z39hac9tool358.cpl
c:\windows\581zha9ktool457.exe
c:\windows\582fs9eal26z4.exe
c:\windows\5859vizus381.ocx
c:\windows\5867ztroj1f09.bin
c:\windows\588aspa5s91123z.dll
c:\windows\589cdownloader5z01.exe
c:\windows\589edow5loade92z53.exe
c:\windows\5912vzrus5.cpl
c:\windows\5945szy5aa.dll
c:\windows\59566not-a-virus2az.exe
c:\windows\5959thrzat20258.ocx
c:\windows\598ezhief3162.dll
c:\windows\59c9vir147z.dll
c:\windows\59d7zddware554.exe
c:\windows\59e7stezl15475.cpl
c:\windows\5a5zdownloader910.exe
c:\windows\5a9a5te9l129z.exe
c:\windows\5a9v9z12385.exe
c:\windows\5b52s5ywarez092.cpl
c:\windows\5bf7s9ywzre3074.cpl
c:\windows\5c18back9oor11z5.bin
c:\windows\5ea7downzoader9825.bin
c:\windows\5edzvir759.exe
c:\windows\5f7bbackdo5r29z7.ocx
c:\windows\5z77thre9t27712.exe
c:\windows\5z780t9oj4a4.bin
c:\windows\5z7eth9ef323.dll
c:\windows\5zedd5wnlo9der1445.exe
c:\windows\602b5pa9sz2803.exe
c:\windows\60785p9rse2z14.bin
c:\windows\609fste593z23.cpl
c:\windows\60z9sp575.exe
c:\windows\61za5pa9se3000.dll
c:\windows\6398hackto5936z.exe
c:\windows\6508tr9z226.dll
c:\windows\6553zownloader1919.bin
c:\windows\6557addware997z.dll
c:\windows\65e5zddware11649.exe
c:\windows\6693a5dwa9ez497.ocx
c:\windows\66a5t9zeat3817.bin
c:\windows\680faddwar977z5.cpl
c:\windows\6837z9t5a-virus46f.bin
c:\windows\6897spzware577.ocx
c:\windows\696zhre5t32189.bin
c:\windows\6971zorm3995.ocx
c:\windows\699thre5t1610z.cpl
c:\windows\6a9fzhief2582.exe
c:\windows\6c6fsp9waze2507.cpl
c:\windows\6c90addwa5z373.dll
c:\windows\6ce9bac5dozr3006.dll
c:\windows\6ea2ad9zare521.exe
c:\windows\6eaesp5zare1539.bin
c:\windows\7035p9rsez920.bin
c:\windows\711threaz9575.bin
c:\windows\7157not9azviru5570.ocx
c:\windows\72569zc5tool5f0.exe
c:\windows\7431not-5-vir9s316z.dll
c:\windows\7445zor52c89.ocx
c:\windows\7489bazkdoo51955.bin
c:\windows\75ceadd5arz21509.bin
c:\windows\7854hackt9ol770z.exe
c:\windows\78acthief2z59.exe
c:\windows\78z59hief968.exe
c:\windows\790aadd5ar979z.cpl
c:\windows\7e71sp5wzre2989.dll
c:\windows\7f1spyw9re2651z.dll
c:\windows\7fezvi920015.bin
c:\windows\7z1bspars51932.dll
c:\windows\7z5f9pywa5e149.ocx
c:\windows\7z5stea9655.bin
c:\windows\8025pambo9z2c.ocx
c:\windows\8313spa9bot705z.exe
c:\windows\8360zroj5f9.ocx
c:\windows\8585s59ze5.exe
c:\windows\88529zrm95.ocx
c:\windows\8932woz538d.dll
c:\windows\89455py19z.exe
c:\windows\8z0t9reat79355.dll
c:\windows\9005iz1596.exe
c:\windows\900ste5l2z4.exe
c:\windows\90zcsteal1955.cpl
c:\windows\915sparsz2968.cpl
c:\windows\91621hacktoo52za.cpl
c:\windows\9245znot-a5virus6c5.dll
c:\windows\9339spzmb956a7.ocx
c:\windows\945viz835.ocx
c:\windows\9472w9r5z21.bin
c:\windows\9498spyw5rz383.ocx
c:\windows\94z63tr5j48e.exe
c:\windows\95f3zir930.ocx
c:\windows\95z8spambot395.dll
c:\windows\9649zroj665.bin
c:\windows\96d5hrezt114349.exe
c:\windows\9706vir26z95.bin
c:\windows\977zadd5are1735.exe
c:\windows\97d9spy5are1845z.dll
c:\windows\9835s9amzot117.ocx
c:\windows\9839tro516z.ocx
c:\windows\983zvir538.bin
c:\windows\98405hac5toolz50.cpl
c:\windows\9860hacktool58dz.dll
c:\windows\9869hzckto59505.bin
c:\windows\9875spambzt5449.bin
c:\windows\99599s5y1z3.exe
c:\windows\997z7wor5740.ocx
c:\windows\99z5troj528.exe
c:\windows\9d1spyzare21915.cpl
c:\windows\9dz5threat139025.dll
c:\windows\9f7vir155z.cpl
c:\windows\9z658spy550.dll
c:\windows\az5spa9se2059.dll
c:\windows\c39spazse1551.cpl
c:\windows\c595ddwzre2917.ocx
c:\windows\c7959yzare1592.ocx
c:\windows\c9dow5loazer1976.bin
c:\windows\cd3dow5lzader1969.ocx
c:\windows\cd4sparze9945.dll
c:\windows\d22viz2895.bin
c:\windows\d50sz9rse399.dll
c:\windows\fffstza92559.exe
c:\windows\system32\10008s5amzot319.dll
c:\windows\system32\10192tzoj517.cpl
c:\windows\system32\10423zp59bot6bb.ocx
c:\windows\system32\104z4w5rm6f9.exe
c:\windows\system32\10836notza-vi5u93e6.cpl
c:\windows\system32\11098hac5tool6z.ocx
c:\windows\system32\11195teal2696z.ocx
c:\windows\system32\11251virz9257.bin
c:\windows\system32\11550hzc9tool355.ocx
c:\windows\system32\11708v9rus1z95.cpl
c:\windows\system32\119z3hacktool795.dll
c:\windows\system32\12066notza-vi5us7d9.cpl
c:\windows\system32\12256no9-a-virusz97.ocx
c:\windows\system32\122fvi51z369.cpl
c:\windows\system32\13fddown95ader2z85.dll
c:\windows\system32\14078zorm56b9.ocx
c:\windows\system32\1464st9alz55.dll
c:\windows\system32\14798spamzo5134.exe
c:\windows\system32\148zaddware5139.dll
c:\windows\system32\151725ot-a-viruz31f9.ocx
c:\windows\system32\15299ha5kzool236.exe
c:\windows\system32\15348nz9-a5virus4cd.exe
c:\windows\system32\1554th9eat94z3.ocx
c:\windows\system32\15657troz76c9.exe
c:\windows\system32\15696worm3c5z.dll
c:\windows\system32\15768wor96zc.cpl
c:\windows\system32\1585znot-5-viru969e.bin
c:\windows\system32\1589zhief1927.cpl
c:\windows\system32\15923hacktozl4799.dll
c:\windows\system32\15938hac5too925z.dll
c:\windows\system32\15z3steal9605.cpl
c:\windows\system32\16189spy51z.exe
c:\windows\system32\161995z9-a-virus4d9.cpl
c:\windows\system32\1630s9zal2955.dll
c:\windows\system32\16351viru975z.ocx
c:\windows\system32\17299vzru572a.cpl
c:\windows\system32\1769zhack5ool75a.ocx
c:\windows\system32\177z2troj2a59.exe
c:\windows\system32\17dfazdware29525.cpl
c:\windows\system32\18050not5a-v9rus1z0.cpl
c:\windows\system32\181049acktool5z.bin
c:\windows\system32\194d5ackdoor1838z.ocx
c:\windows\system32\19502szy9b8.ocx
c:\windows\system32\19521hazktoold5.bin
c:\windows\system32\195bst9az1993.ocx
c:\windows\system32\19785zo5-a-virus5c9.cpl
c:\windows\system32\197fth9e5t143z5.dll
c:\windows\system32\199095roj7fz.ocx
c:\windows\system32\199655pambot7z39.cpl
c:\windows\system32\19dbaczdoo5680.dll
c:\windows\system32\19z01worm577.dll
c:\windows\system32\1b505hi9f162z.ocx
c:\windows\system32\1b88zdd5are16229.dll
c:\windows\system32\1caddownl9adz53163.ocx
c:\windows\system32\1d2dsp5wa9e613z.ocx
c:\windows\system32\1dz0downlo9d5r87.exe
c:\windows\system32\1e1f9dd5arez984.dll
c:\windows\system32\1e4ebzc9door2582.bin
c:\windows\system32\1f355ownlz9der2627.bin
c:\windows\system32\1f4fs5zrse14949.bin
c:\windows\system32\1z095worm555.bin
c:\windows\system32\1z195sp5429.exe
c:\windows\system32\1z5319roj1e5.cpl
c:\windows\system32\1z615tr9j6fa.dll
c:\windows\system32\1z83spa5se937.exe
c:\windows\system32\1z93dow5loader2741.ocx
c:\windows\system32\1zb5threat30191.bin
c:\windows\system32\20128wo5z159.ocx
c:\windows\system32\201965roj21z.ocx
c:\windows\system32\20559ir203z.exe
c:\windows\system32\20560hackto9z19d.ocx
c:\windows\system32\205ed5wnloade9z061.cpl
c:\windows\system32\20928notz5-virus69a.dll
c:\windows\system32\209z85py644.exe
c:\windows\system32\2152z9pyaa.bin
c:\windows\system32\21773wozm9225.bin
c:\windows\system32\2252zpy9835.cpl
c:\windows\system32\226659za5bot151.dll
c:\windows\system32\2278z9orm2135.dll
c:\windows\system32\22z555o9m454.dll
c:\windows\system32\23637zot-a5viru9355.exe
c:\windows\system32\23ed9hreat1558z.cpl
c:\windows\system32\24393spambot9z5.cpl
c:\windows\system32\2459steal552z.ocx
c:\windows\system32\247abaczdoor945.bin
c:\windows\system32\24z429p5259.dll
c:\windows\system32\250spywa9z628.cpl
c:\windows\system32\255469ozm7ad.cpl
c:\windows\system32\25615tr9j39ez.cpl
c:\windows\system32\25622not-a9zirus427.exe
c:\windows\system32\2566bzckdoor1907.exe
c:\windows\system32\25bfthreat1z9719.dll
c:\windows\system32\26415zp9555.dll
c:\windows\system32\2658not-9-viruz4ba.bin
c:\windows\system32\2684azdw95e331.bin
c:\windows\system32\272365irus7zf9.dll
c:\windows\system32\2757spywzre99.cpl
c:\windows\system32\27bfd9wn5oazer1652.exe
c:\windows\system32\27z55hack9ool3d8.cpl
c:\windows\system32\28425szy95b.exe
c:\windows\system32\28902spamz5t5fc.cpl
c:\windows\system32\28a9d9wnzo5der1337.ocx
c:\windows\system32\29058not-a-virus6ez.bin
c:\windows\system32\29105spz573.bin
c:\windows\system32\291zth59f2736.ocx
c:\windows\system32\292845pz9bot415.ocx
c:\windows\system32\29395spzm5ot7ca.bin
c:\windows\system32\29413szambot2645.ocx
c:\windows\system32\295aspy9are27z5.dll
c:\windows\system32\29646zpambo9115.cpl
c:\windows\system32\29755izus5cd.ocx
c:\windows\system32\29z47s9ambote05.ocx
c:\windows\system32\29z97not-a-viru5369.dll
c:\windows\system32\2a18do9nloadzr2605.cpl
c:\windows\system32\2a4zpa9se5124.ocx
c:\windows\system32\2b3bspyw5re1199z.bin
c:\windows\system32\2d4as59al15z6.bin
c:\windows\system32\2f595zeal100.dll
c:\windows\system32\2f89thi9519z2.cpl
c:\windows\system32\2z379troj952.cpl
c:\windows\system32\2z400n9t-a5virus22c.cpl
c:\windows\system32\2z459troj964.dll
c:\windows\system32\2z775spy6d9.dll
c:\windows\system32\2z954tr5j2e19.exe
c:\windows\system32\3035zot-a-vi5us1319.ocx
c:\windows\system32\303z3sp59bot72d.exe
c:\windows\system32\30479sp5z29.bin
c:\windows\system32\310a5dwa9e3z78.dll
c:\windows\system32\31652wor91z2.exe
c:\windows\system32\31829wzrm6559.bin
c:\windows\system32\32350not9a-viruz7f8.dll
c:\windows\system32\3247spamb9t305z.exe
c:\windows\system32\329zba5kdoor72.bin
c:\windows\system32\35257spambo960z.cpl
c:\windows\system32\3535tzoj699.ocx
c:\windows\system32\35573trojz91.cpl
c:\windows\system32\355z9pa5se2852.ocx
c:\windows\system32\3591spydbz.exe
c:\windows\system32\35bcstzal1965.exe
c:\windows\system32\35efspyzar92175.bin
c:\windows\system32\3661thr5at1z289.dll
c:\windows\system32\371bvzr31159.ocx
c:\windows\system32\3899sp9zbot7c95.bin
c:\windows\system32\390zspy4595.dll
c:\windows\system32\3929sparsz2355.exe
c:\windows\system32\39495spz15.cpl
c:\windows\system32\3998doznloade52049.exe
c:\windows\system32\39d2downloader5479z.cpl
c:\windows\system32\39z1th5e9t28964.cpl
c:\windows\system32\39z265irus257.ocx
c:\windows\system32\3bd7tzief96365.exe
c:\windows\system32\3cf5downlo9der8z1.bin
c:\windows\system32\3d3d5ownloader1794z.dll
c:\windows\system32\3e76d5wnlo9dzr2110.ocx
c:\windows\system32\3z63359rmd3.bin
c:\windows\system32\3z9ev5r664.bin
c:\windows\system32\3zc2thi5f599.dll
c:\windows\system32\405zthie93088.dll
c:\windows\system32\413zst5al9250.cpl
c:\windows\system32\4255spzware9575.ocx
c:\windows\system32\42a2thz5at90696.exe
c:\windows\system32\435fbackdzor549.cpl
c:\windows\system32\448ba5zware519.bin
c:\windows\system32\44cd5ow9loaderz636.cpl
c:\windows\system32\44fbs9ea5281z.bin
c:\windows\system32\4509steal2210z.exe
c:\windows\system32\455zth59at28143.dll
c:\windows\system32\458eaddw95e1z32.cpl
c:\windows\system32\45adzir9165.cpl
c:\windows\system32\4717sp9r5e2z14.bin
c:\windows\system32\4799back5oor199z.dll
c:\windows\system32\47z5vir5s9d.bin
c:\windows\system32\48c9ad9warez58.dll
c:\windows\system32\4959nzt-a-virus150.dll
c:\windows\system32\4995sp5mboz36c.bin
c:\windows\system32\4b09add9are1250z.ocx
c:\windows\system32\4bazpa5se1390.dll
c:\windows\system32\4f6zdo9nl5ader516.exe
c:\windows\system32\4fa55ownl9zder749.exe
c:\windows\system32\4z5c5h9ef647.bin
c:\windows\system32\5055t9zj750.exe
c:\windows\system32\50z1v9r1403.ocx
c:\windows\system32\5178vzrus3c9.dll
c:\windows\system32\519cs9arse2854z.exe
c:\windows\system32\5226dowzloader295.cpl
c:\windows\system32\526vi92z12.exe
c:\windows\system32\527fsparse2259z.bin
c:\windows\system32\530dthzea928417.exe
c:\windows\system32\53179szy4de.dll
c:\windows\system32\531fb5ckdo9rz77.bin
c:\windows\system32\5359z9py4fb.cpl
c:\windows\system32\535ed9wnloadez3220.bin
c:\windows\system32\539zvir4559.exe
c:\windows\system32\54030sp9mzot189.dll
c:\windows\system32\5406stea91105z.dll
c:\windows\system32\542959zcktool2b1.bin
c:\windows\system32\5441ba5k9ooz978.ocx
c:\windows\system32\5457s59mbot7c7z.ocx
c:\windows\system32\5471z9r1357.exe
c:\windows\system32\5499zir117.ocx
c:\windows\system32\5529addzare597.exe
c:\windows\system32\554t9reat5z56.ocx
c:\windows\system32\5552spa9sez809.cpl
c:\windows\system32\55749ddware249z.dll
c:\windows\system32\55ezthre9t22771.dll
c:\windows\system32\5675spy9z9.cpl
c:\windows\system32\56eddo9nl5zder85.exe
c:\windows\system32\573f9parsz674.dll
c:\windows\system32\5760t9reaz23265.bin
c:\windows\system32\57fca5zwa9e703.ocx
c:\windows\system32\5933szarse1483.dll
c:\windows\system32\594dbaczdoo5121.exe
c:\windows\system32\59f3addware58z.bin
c:\windows\system32\59z5spy26.cpl
c:\windows\system32\59zcdownloader1577.cpl
c:\windows\system32\5a89ownloader1921z.dll
c:\windows\system32\5aa4addwar51911z.exe
c:\windows\system32\5b4zsteal795.ocx
c:\windows\system32\5b93do5nlzader479.bin
c:\windows\system32\5bedste9z2352.dll
c:\windows\system32\5bf1b5ckdzor3109.dll
c:\windows\system32\5c5zvir12869.exe
c:\windows\system32\5d1d5wnloader309z.exe
c:\windows\system32\5e6dspywa5z22949.dll
c:\windows\system32\5e9downl9azer589.dll
c:\windows\system32\5ee59hreatz0410.bin
c:\windows\system32\5eezspyware2599.exe
c:\windows\system32\5z039parse479.exe
c:\windows\system32\608a9ackzoor20355.dll
c:\windows\system32\6095downloader206z.ocx
c:\windows\system32\61c8s9ezl5857.dll
c:\windows\system32\62zcste952573.exe
c:\windows\system32\6353z9arse1510.exe
c:\windows\system32\64955pz3a89.exe
c:\windows\system32\65e1downloader9396z.exe
c:\windows\system32\65f5down9oader115z.exe
c:\windows\system32\65z19ownloader1232.dll
c:\windows\system32\660e5dd9are2530z.dll
c:\windows\system32\66f59pyware147z.bin
c:\windows\system32\6750spy59z.ocx
c:\windows\system32\67f0thrzat512229.dll
c:\windows\system32\6982tzreat5958.cpl
c:\windows\system32\6b019iz3056.exe
c:\windows\system32\6c19d5wnlo9der177z.exe
c:\windows\system32\6dz7do9nload5r1368.cpl
c:\windows\system32\6e80s5zal919.ocx
c:\windows\system32\6ea29hreatz1395.ocx
c:\windows\system32\6fdczhreat901095.cpl
c:\windows\system32\6z15hac9tool5b2.ocx
c:\windows\system32\6z775hrea926756.ocx
c:\windows\system32\6zdsp5rse25109.cpl
c:\windows\system32\703zwor9585.ocx
c:\windows\system32\709spyw5re289z.exe
c:\windows\system32\72z3spa59e1362.cpl
c:\windows\system32\74065ot-a-vi9uz3d3.cpl
c:\windows\system32\7598zparse5759.exe
c:\windows\system32\75a7spywar9z435.dll
c:\windows\system32\75bca9dzare1877.ocx
c:\windows\system32\7715zroj4949.dll
c:\windows\system32\78ee9ownlo5der3z47.exe
c:\windows\system32\7984wz5m9a.exe
c:\windows\system32\7a69vzr550.dll
c:\windows\system32\7a9adowzloader22315.cpl
c:\windows\system32\7b93zteal30925.bin
c:\windows\system32\7c5zspars93269.dll
c:\windows\system32\7c70downl9zde5562.cpl
c:\windows\system32\7ccc9ownloader1215z.cpl
c:\windows\system32\7cf9threaz59505.bin
c:\windows\system32\7efzaddw59e2872.bin
c:\windows\system32\7z1baddware590.bin
c:\windows\system32\7z76th9eat25287.exe
c:\windows\system32\7ze25h9ef3250.cpl
c:\windows\system32\80105py6z9.dll
c:\windows\system32\8439hr5zt30499.ocx
c:\windows\system32\8552worz3309.cpl
c:\windows\system32\859doz5l9ader1044.dll
c:\windows\system32\859steal3054z.cpl
c:\windows\system32\8975hacktoo560z.exe
c:\windows\system32\8z55troj6af9.bin
c:\windows\system32\9006zvir5s2c7.ocx
c:\windows\system32\9010zhi5f1845.ocx
c:\windows\system32\909bzc5door1391.ocx
c:\windows\system32\90fzs5arse3218.bin
c:\windows\system32\90z5t5o94c.bin
c:\windows\system32\91906troz3e25.dll
c:\windows\system32\9210thrzat25618.exe
c:\windows\system32\9269stzal5608.dll
c:\windows\system32\93755spambzt214.exe
c:\windows\system32\94b3downl5ader5z6.ocx
c:\windows\system32\94c5bzckdoor2472.dll
c:\windows\system32\94dedownlo5der20z8.ocx
c:\windows\system32\94z3s5arse394.exe
c:\windows\system32\951vz9959.bin
c:\windows\system32\9534spazse121.bin
c:\windows\system32\9555stealz230.cpl
c:\windows\system32\959aaddwar5233z.exe
c:\windows\system32\9613s9ambot575z.dll
c:\windows\system32\97245zpy135.bin
c:\windows\system32\97815not-a-virus15z.ocx
c:\windows\system32\978z7spy58d.dll
c:\windows\system32\97a5threatz698.dll
c:\windows\system32\9800trz55b7.exe
c:\windows\system32\98286not-5-virzs29.ocx
c:\windows\system32\991zt5oj138.cpl
c:\windows\system32\99503vi5us2az.cpl
c:\windows\system32\9991szeal5958.exe
c:\windows\system32\9995zorm5b95.exe
c:\windows\system32\99d5backdoor59z8.cpl
c:\windows\system32\99des5eaz2243.exe
c:\windows\system32\99z4spyware2560.exe
c:\windows\system32\9a58virz863.cpl
c:\windows\system32\9b5t5i9z2137.exe
c:\windows\system32\9b9z5parse1931.dll
c:\windows\system32\9bb5ck9oorz10.cpl
c:\windows\system32\9bthief211z5.bin
c:\windows\system32\9c9zv5r2427.cpl
c:\windows\system32\9ce6zownloade52312.ocx
c:\windows\system32\9e48viz7755.ocx
c:\windows\system32\9z87hack9ool595.exe
c:\windows\system32\b84t9iefz495.ocx
c:\windows\system32\d99t5iefz93.dll
c:\windows\system32\dbxDgrevCheck.dll
c:\windows\system32\e50sp9rse35z.dll
c:\windows\system32\ez95hreat31925.ocx
c:\windows\system32\ezabackdoo93059.cpl
c:\windows\system32\fe0bac9door5153z.ocx
c:\windows\system32\z0159spy9c5.cpl
c:\windows\system32\z04cstea92385.ocx
c:\windows\system32\z0719tr9j5c8.dll
c:\windows\system32\z0803not-a-v5rus319.exe
c:\windows\system32\z15189i5us258.ocx
c:\windows\system32\z1b2do9nloader2085.ocx
c:\windows\system32\z489troj2a05.ocx
c:\windows\system32\z5367spy6aa9.ocx
c:\windows\system32\z596threat14582.bin
c:\windows\system32\z6853sp5mb9t5f.exe
c:\windows\system32\z6c0a5dware1299.cpl
c:\windows\system32\z72ethie51259.bin
c:\windows\system32\z7584spambot5159.ocx
c:\windows\system32\z7650troj95b.ocx
c:\windows\system32\z7850not-a-virus1a39.cpl
c:\windows\system32\z7d9backdoor655.dll
c:\windows\system32\z846vir9s345.ocx
c:\windows\system32\z89ds9yware23585.cpl
c:\windows\system32\z8a5ackdoor14459.cpl
c:\windows\system32\z9259virus9ab.ocx
c:\windows\system32\z9361not-5-virus5c9.cpl
c:\windows\system32\z9489spy659.exe
c:\windows\system32\z9565spamb9t69f.cpl
c:\windows\system32\z9691troj523.ocx
c:\windows\system32\z9769s5y441.exe
c:\windows\system32\z9819no5-a-virus200.cpl
c:\windows\system32\zb19th5ef642.cpl
c:\windows\system32\ze09b9ckdoor155.cpl
c:\windows\system32\zfbsteal599.dll
c:\windows\z0a1thi592532.cpl
c:\windows\z1265wor5359.bin
c:\windows\z126vi5us9d0.bin
c:\windows\z1932wo9m750.bin
c:\windows\z193addwa59890.dll
c:\windows\z220threat25935.ocx
c:\windows\z225spars523149.exe
c:\windows\z4090spy455.cpl
c:\windows\z47725py5b9.bin
c:\windows\z489ackd5or1591.dll
c:\windows\z4f5s9a5se2319.dll
c:\windows\z5859troj404.cpl
c:\windows\z59vir9525.ocx
c:\windows\z5d9a5dware1847.exe
c:\windows\z75worm595.bin
c:\windows\z893spar5e2778.cpl
c:\windows\z908vir596.dll
c:\windows\z945spyw9re3225.bin
c:\windows\z9809spy7f5.dll
c:\windows\z9812spam9o51b5.exe
c:\windows\z99215roj7d4.cpl
c:\windows\zb6bd5wnloader17809.dll
c:\windows\zc345hrea924094.exe
c:\windows\zfd5ad9ware2023.exe

.
((((((((((((((((((((((((( Files Created from 2009-09-25 to 2009-10-25 )))))))))))))))))))))))))))))))
.

2009-10-25 02:58 . 2007-12-15 06:24 262144 ----a-w- c:\program files\Uninstall Spy Blocker.dll
2009-10-10 03:13 . 2009-10-10 15:53 -------- d-----w- c:\program files\Windows Live Safety Center
2009-10-09 01:33 . 2009-10-09 01:33 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-10-09 01:32 . 2009-10-09 01:36 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-09 01:32 . 2009-10-09 01:32 -------- d-----w- c:\program files\NOS
2009-10-07 02:28 . 2009-10-01 15:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-28 04:09 . 2009-09-28 04:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-09-28 04:04 . 2009-09-28 04:04 -------- d-----w- c:\program files\AVG
2009-09-28 04:04 . 2009-10-25 02:35 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-09-28 03:56 . 2009-09-28 03:56 -------- d-----w- c:\documents and settings\Heidi\Application Data\AVG8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-25 15:35 . 2007-11-15 23:44 -------- d-----w- c:\program files\Symantec AntiVirus
2009-10-25 02:52 . 2005-01-24 06:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-10-12 04:17 . 2007-07-03 01:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-11 22:51 . 2007-10-04 03:25 -------- d-----w- c:\documents and settings\Heidi\Application Data\Move Networks
2009-10-11 19:46 . 2005-01-22 03:20 50800 -c--a-w- c:\documents and settings\Heidi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-09 01:35 . 2005-01-24 06:31 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-24 00:34 . 2009-09-24 00:34 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2009-09-21 03:44 . 2009-09-21 03:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-21 03:44 . 2009-09-21 03:43 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-21 03:43 . 2009-09-21 03:43 -------- d-----w- c:\documents and settings\Heidi\Application Data\SUPERAntiSpyware.com
2009-09-21 03:43 . 2009-04-25 20:55 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-21 03:28 . 2009-09-21 03:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-20 15:53 . 2007-10-04 16:11 -------- d-----w- c:\program files\Steam
2009-09-20 02:26 . 2009-09-20 02:26 -------- d-----w- c:\program files\AnswersThatWork
2009-09-16 04:33 . 2008-06-08 05:50 -------- d-----w- c:\program files\Shockwave.com
2009-09-16 02:58 . 2009-09-16 02:57 -------- d-----w- c:\program files\iTunes
2009-09-16 02:57 . 2009-09-16 02:57 -------- d-----w- c:\program files\iPod
2009-09-16 02:57 . 2009-03-21 17:56 -------- d-----w- c:\program files\Common Files\Apple
2009-09-16 02:56 . 2009-09-16 02:56 -------- d-----w- c:\program files\QuickTime
2009-09-16 02:56 . 2009-03-21 17:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-09-16 02:32 . 2005-04-30 06:25 -------- d-----w- c:\program files\Real
2009-09-16 02:32 . 2005-04-30 06:25 -------- d-----w- c:\program files\Common Files\Real
2009-09-16 02:20 . 2007-08-12 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2009-09-16 02:14 . 2007-08-12 17:23 -------- d-----w- c:\program files\Kodak
2009-09-16 01:00 . 2007-09-29 00:34 -------- d-----w- c:\program files\Full Tilt Poker.Net
2009-09-16 01:00 . 2005-01-22 02:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-16 00:59 . 2009-05-17 19:01 -------- d-----w- c:\program files\RealArcade
2009-09-15 05:15 . 2009-09-15 05:15 44768 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-15 03:32 . 2009-09-15 02:53 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2009-09-15 02:53 . 2009-09-15 02:53 -------- d-----w- c:\program files\Security Task Manager
2009-09-15 00:33 . 2009-09-15 00:33 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-09-15 00:33 . 2009-09-15 00:33 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-09-13 20:18 . 2005-01-24 06:20 -------- d-----w- c:\program files\Microsoft Hardware
2009-09-13 20:16 . 2005-01-24 07:00 -------- d-----w- c:\program files\EA GAMES
2009-09-13 20:05 . 2009-09-13 20:05 -------- d-----w- c:\documents and settings\Heidi\Application Data\Office Genuine Advantage
2009-09-13 02:06 . 2005-02-22 20:18 -------- d-----w- c:\documents and settings\Heidi\Application Data\Apple Computer
2009-09-13 01:42 . 2009-09-13 01:41 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-12 21:12 . 2009-09-12 21:12 -------- d-----w- c:\documents and settings\Heidi\Application Data\GraveyardShift
2009-09-12 01:06 . 2009-05-25 01:56 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-09-11 14:18 . 2003-03-31 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 05:21 . 2007-11-07 06:25 -------- d-----w- c:\documents and settings\Heidi\Application Data\Uniblue
2009-09-10 19:54 . 2009-09-21 03:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2009-09-21 03:27 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03 . 2003-03-31 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-01 01:25 . 2009-04-26 05:06 -------- d-----w- c:\documents and settings\All Users\Application Data\GoBit Games
2009-08-29 08:08 . 2004-08-24 01:32 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 03:07 . 2009-06-04 02:52 -------- d-----w- c:\documents and settings\Heidi\Application Data\YoudaGames
2009-08-29 03:03 . 2009-08-29 03:03 -------- d-----w- c:\documents and settings\Heidi\Application Data\CasualForge
2009-08-29 03:03 . 2009-08-29 03:03 -------- d-----w- c:\documents and settings\All Users\Application Data\CasualForge
2009-08-28 02:12 . 2008-10-01 00:23 -------- d-----w- c:\documents and settings\Heidi\Application Data\PlayFirst
2009-08-28 02:12 . 2008-10-01 00:23 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2009-08-26 08:00 . 2003-03-31 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-05 09:01 . 2003-03-31 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 00:52 . 2009-08-05 00:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-04 15:13 . 2003-03-31 12:00 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2002-08-29 01:04 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-08-03 20:07 . 2009-08-03 20:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 20:07 . 2009-08-03 20:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 20:07 . 2009-08-03 20:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2005-04-30 06:25 . 2005-04-30 06:25 774144 ----a-w- c:\program files\RngInterstitial.dll
1765-11-27 01:49 . 1765-11-27 01:49 4263 -csh--w- c:\windows\windllreg1c.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-04-04 81920]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe" [2009-03-19 460216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"wcmdmgr"="c:\windows\wt\updater\wcmdmgrl.exe" [2002-05-08 20480]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"IntelliType"="c:\program files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 94208]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-20 52896]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-28 125168]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-01-11 72192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-10-20 520024]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-09-21 86016]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2005-09-21 2807808]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\InterVideo\\DVD5\\WinDVD.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\sid meier's civilization iv warlords\\Warlords\\Civ4Warlords.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\sid meier's civilization iv warlords\\Warlords\\Civ4Warlords_PitBoss.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/31/2009 8:37 PM 64160]
R0 St320hg;St320hg;c:\windows\system32\drivers\st320hg.sys [9/12/2002 12:49 PM 85696]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/15/2009 11:42 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 11:42 AM 74480]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/28/2009 8:08 PM 102448]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 4:34 PM 1028432]
S3 getPlusHelper;getPlus® Helper;c:\windows\System32\svchost.exe -k getPlusHelper [3/31/2003 7:00 AM 14336]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 11:42 AM 7408]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/27/2006 9:33 PM 116464]
S3 tj2knd5;Terayon Cable Modem (NDIS);c:\windows\system32\drivers\tj2knd5.sys [1/24/2005 1:41 AM 17616]
S3 tj2kunic;Terayon Cable Modem (WDM);c:\windows\system32\drivers\tj2kunic.sys [1/24/2005 1:40 AM 69680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2009-10-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 00:37]

2009-06-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-10-25 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]

2009-10-25 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]

2009-10-25 c:\windows\Tasks\User_Feed_Synchronization-{4FC97EF4-DE1D-40CA-93A1-215AE32CFDCB}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local.,;*.local
IE: &AIM Search
IE: &AOL Toolbar search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: ActiveGS.cab - hxxp://www.virtualapple.org/activegs.cab
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {055B4212-4C81-448E-AFA9-C3CA4AAE8F95} - hxxp://www.shockwave.com/content/dairydash/sis/DairyDashWeb.1.0.0.12.cab
DPF: {775879E2-7309-4619-BB02-AADE41F4B690} - hxxp://www.shockwave.com/content/dreamchronicles/sis/dreamweb.1.0.0.10.cab
DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxp://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371420.cab
DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - hxxp://www.shockwave.com/content/burgershop/sis/EggoKitchen/GoBitGamesPlayer_v5.cab
DPF: {C0C0CB9B-BFEB-47C2-90FA-BE9692875ADB} - hxxp://www.shockwave.com/content/petshophop/sis/petshophopweb.1.0.0.17.cab
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-QwestDexPages453 - c:\program files\Dex Yellow & White Pages\DeIsL1.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-25 11:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1008)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2009-10-25 11:03
ComboFix-quarantined-files.txt 2009-10-25 16:03

Pre-Run: 36,905,533,440 bytes free
Post-Run: 40,884,932,608 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - C7CCEBBFF93C4A7AB2750F00E184E76F



As far as how my computer is running, it's hard to say right now, since I literally just ran combo fix. I'll let you know more as I try to use my computer. Thanks!

#9 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:30 PM

Posted 25 October 2009 - 12:11 PM

What a mess!!

Well done. :(

Let's continue....................

:( Warning: This script was specifically written and designed for this user only. Unsupervised use of this tool could render your computer unbootable permanently!! :)

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

SecCenter::
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}

File::
c:\documents and settings\All Users\Application Data\avg8
c:\documents and settings\Heidi\Application Data\AVG8
c:\documents and settings\All Users\Application Data\Viewpoint
c:\documents and settings\Heidi\Application Data\Uniblue

Folder::
c:\program files\AVG


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

==========

Please rerun MBAM.

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
    • Update Malwarebytes' Anti-Malware <--- Important!!
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

==========

With your next post please provide:

* Combofix.txt
* MBAM log

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#10 lina816

lina816
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 25 October 2009 - 03:26 PM

Ok,
I ran the Combo Fix:

ComboFix 09-10-25.01 - Heidi 10/25/2009 13:41.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.419 [GMT -5:00]
Running from: c:\documents and settings\Heidi\Desktop\thcbytes.exe
Command switches used :: c:\documents and settings\Heidi\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

FILE ::
"c:\documents and settings\All Users\Application Data\avg8"
"c:\documents and settings\All Users\Application Data\Viewpoint"
"c:\documents and settings\Heidi\Application Data\AVG8"
"c:\documents and settings\Heidi\Application Data\Uniblue"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AVG

.
((((((((((((((((((((((((( Files Created from 2009-09-25 to 2009-10-25 )))))))))))))))))))))))))))))))
.

2009-10-25 02:58 . 2007-12-15 06:24 262144 ----a-w- c:\program files\Uninstall Spy Blocker.dll
2009-10-10 03:13 . 2009-10-10 15:53 -------- d-----w- c:\program files\Windows Live Safety Center
2009-10-09 01:33 . 2009-10-09 01:33 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-10-09 01:32 . 2009-10-09 01:36 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-09 01:32 . 2009-10-09 01:32 -------- d-----w- c:\program files\NOS
2009-10-07 02:28 . 2009-10-01 15:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-28 04:09 . 2009-09-28 04:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-09-28 04:04 . 2009-10-25 02:35 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-09-28 03:56 . 2009-09-28 03:56 -------- d-----w- c:\documents and settings\Heidi\Application Data\AVG8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-25 18:34 . 2007-11-15 23:44 -------- d-----w- c:\program files\Symantec AntiVirus
2009-10-25 16:39 . 2005-01-24 06:31 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-25 02:52 . 2005-01-24 06:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-10-12 04:17 . 2007-07-03 01:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-11 22:51 . 2007-10-04 03:25 -------- d-----w- c:\documents and settings\Heidi\Application Data\Move Networks
2009-10-11 19:46 . 2005-01-22 03:20 50800 -c--a-w- c:\documents and settings\Heidi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-24 00:34 . 2009-09-24 00:34 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2009-09-21 03:44 . 2009-09-21 03:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-21 03:44 . 2009-09-21 03:43 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-21 03:43 . 2009-09-21 03:43 -------- d-----w- c:\documents and settings\Heidi\Application Data\SUPERAntiSpyware.com
2009-09-21 03:43 . 2009-04-25 20:55 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-21 03:28 . 2009-09-21 03:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-20 15:53 . 2007-10-04 16:11 -------- d-----w- c:\program files\Steam
2009-09-20 02:26 . 2009-09-20 02:26 -------- d-----w- c:\program files\AnswersThatWork
2009-09-16 04:33 . 2008-06-08 05:50 -------- d-----w- c:\program files\Shockwave.com
2009-09-16 02:58 . 2009-09-16 02:57 -------- d-----w- c:\program files\iTunes
2009-09-16 02:57 . 2009-09-16 02:57 -------- d-----w- c:\program files\iPod
2009-09-16 02:57 . 2009-03-21 17:56 -------- d-----w- c:\program files\Common Files\Apple
2009-09-16 02:56 . 2009-09-16 02:56 -------- d-----w- c:\program files\QuickTime
2009-09-16 02:56 . 2009-03-21 17:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-09-16 02:32 . 2005-04-30 06:25 -------- d-----w- c:\program files\Real
2009-09-16 02:32 . 2005-04-30 06:25 -------- d-----w- c:\program files\Common Files\Real
2009-09-16 02:20 . 2007-08-12 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2009-09-16 02:14 . 2007-08-12 17:23 -------- d-----w- c:\program files\Kodak
2009-09-16 01:00 . 2007-09-29 00:34 -------- d-----w- c:\program files\Full Tilt Poker.Net
2009-09-16 01:00 . 2005-01-22 02:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-16 00:59 . 2009-05-17 19:01 -------- d-----w- c:\program files\RealArcade
2009-09-15 05:15 . 2009-09-15 05:15 44768 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-15 03:32 . 2009-09-15 02:53 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2009-09-15 02:53 . 2009-09-15 02:53 -------- d-----w- c:\program files\Security Task Manager
2009-09-15 00:33 . 2009-09-15 00:33 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-09-15 00:33 . 2009-09-15 00:33 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-09-13 20:18 . 2005-01-24 06:20 -------- d-----w- c:\program files\Microsoft Hardware
2009-09-13 20:16 . 2005-01-24 07:00 -------- d-----w- c:\program files\EA GAMES
2009-09-13 20:05 . 2009-09-13 20:05 -------- d-----w- c:\documents and settings\Heidi\Application Data\Office Genuine Advantage
2009-09-13 02:06 . 2005-02-22 20:18 -------- d-----w- c:\documents and settings\Heidi\Application Data\Apple Computer
2009-09-13 01:42 . 2009-09-13 01:41 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-12 21:12 . 2009-09-12 21:12 -------- d-----w- c:\documents and settings\Heidi\Application Data\GraveyardShift
2009-09-12 01:06 . 2009-05-25 01:56 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-09-11 14:18 . 2003-03-31 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 05:21 . 2007-11-07 06:25 -------- d-----w- c:\documents and settings\Heidi\Application Data\Uniblue
2009-09-10 19:54 . 2009-09-21 03:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2009-09-21 03:27 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03 . 2003-03-31 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-01 01:25 . 2009-04-26 05:06 -------- d-----w- c:\documents and settings\All Users\Application Data\GoBit Games
2009-08-29 08:08 . 2004-08-24 01:32 916480 ------w- c:\windows\system32\wininet.dll
2009-08-29 03:07 . 2009-06-04 02:52 -------- d-----w- c:\documents and settings\Heidi\Application Data\YoudaGames
2009-08-29 03:03 . 2009-08-29 03:03 -------- d-----w- c:\documents and settings\Heidi\Application Data\CasualForge
2009-08-29 03:03 . 2009-08-29 03:03 -------- d-----w- c:\documents and settings\All Users\Application Data\CasualForge
2009-08-28 02:12 . 2008-10-01 00:23 -------- d-----w- c:\documents and settings\Heidi\Application Data\PlayFirst
2009-08-28 02:12 . 2008-10-01 00:23 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2009-08-26 08:00 . 2003-03-31 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-05 09:01 . 2003-03-31 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 00:52 . 2009-08-05 00:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-04 15:13 . 2003-03-31 12:00 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2002-08-29 01:04 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-08-03 20:07 . 2009-08-03 20:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 20:07 . 2009-08-03 20:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 20:07 . 2009-08-03 20:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2005-04-30 06:25 . 2005-04-30 06:25 774144 ----a-w- c:\program files\RngInterstitial.dll
1765-11-27 01:49 . 1765-11-27 01:49 4263 -csh--w- c:\windows\windllreg1c.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-10-25_16.00.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-06-01 20:43 . 2009-10-25 18:52 1538 c:\windows\wt\wtupdates\wtupdater\appinfo.dat
- 2005-06-01 20:43 . 2009-10-25 15:57 1538 c:\windows\wt\wtupdates\wtupdater\appinfo.dat
+ 2009-10-25 16:40 . 2009-10-25 16:40 3940352 c:\windows\Installer\457bb2.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-04-04 81920]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe" [2009-03-19 460216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"wcmdmgr"="c:\windows\wt\updater\wcmdmgrl.exe" [2002-05-08 20480]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"IntelliType"="c:\program files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 94208]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-20 52896]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-28 125168]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-01-11 72192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-10-20 520024]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-09-21 86016]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2005-09-21 2807808]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\InterVideo\\DVD5\\WinDVD.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\sid meier's civilization iv warlords\\Warlords\\Civ4Warlords.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\sid meier's civilization iv warlords\\Warlords\\Civ4Warlords_PitBoss.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/31/2009 8:37 PM 64160]
R0 St320hg;St320hg;c:\windows\system32\drivers\st320hg.sys [9/12/2002 12:49 PM 85696]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/15/2009 11:42 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 11:42 AM 74480]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/28/2009 8:08 PM 102448]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 4:34 PM 1028432]
S3 getPlusHelper;getPlus® Helper;c:\windows\System32\svchost.exe -k getPlusHelper [3/31/2003 7:00 AM 14336]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 11:42 AM 7408]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/27/2006 9:33 PM 116464]
S3 tj2knd5;Terayon Cable Modem (NDIS);c:\windows\system32\drivers\tj2knd5.sys [1/24/2005 1:41 AM 17616]
S3 tj2kunic;Terayon Cable Modem (WDM);c:\windows\system32\drivers\tj2kunic.sys [1/24/2005 1:40 AM 69680]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2009-10-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 00:37]

2009-06-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-10-25 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]

2009-10-25 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]

2009-10-25 c:\windows\Tasks\User_Feed_Synchronization-{4FC97EF4-DE1D-40CA-93A1-215AE32CFDCB}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local.,;*.local
IE: &AIM Search
IE: &AOL Toolbar search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: ActiveGS.cab - hxxp://www.virtualapple.org/activegs.cab
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {055B4212-4C81-448E-AFA9-C3CA4AAE8F95} - hxxp://www.shockwave.com/content/dairydash/sis/DairyDashWeb.1.0.0.12.cab
DPF: {775879E2-7309-4619-BB02-AADE41F4B690} - hxxp://www.shockwave.com/content/dreamchronicles/sis/dreamweb.1.0.0.10.cab
DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxp://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371420.cab
DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - hxxp://www.shockwave.com/content/burgershop/sis/EggoKitchen/GoBitGamesPlayer_v5.cab
DPF: {C0C0CB9B-BFEB-47C2-90FA-BE9692875ADB} - hxxp://www.shockwave.com/content/petshophop/sis/petshophopweb.1.0.0.17.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-25 13:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1008)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(220)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-10-25 13:58
ComboFix-quarantined-files.txt 2009-10-25 18:58
ComboFix2.txt 2009-10-25 16:03

Pre-Run: 40,931,667,968 bytes free
Post-Run: 40,921,513,984 bytes free

- - End Of File - - E8EDC58B96C87C8957ED4118E50D90F2




Then, after I ran the combo fix, my mouse completely stopped working. My computer didn't even seem to recognize that it was plugged in. So, I restarted my computer, hoping that would "bring back" my mouse. In the process of restarting, my computer froze, so I had to manually shut it down (by pushing and holding the power button). When the computer restarted, my mouse was back. So then I updated and ran Malwarebytes:

Malwarebytes' Anti-Malware 1.41
Database version: 3031
Windows 5.1.2600 Service Pack 3

10/25/2009 2:47:36 PM
mbam-log-2009-10-25 (14-47-36).txt

Scan type: Quick Scan
Objects scanned: 109704
Time elapsed: 4 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Then, when posting this reply, my computer completely froze, and I had to manually shut it down again, then restart it. I thought this information might be helpful, so I figured I'd let you know.

Thanks!

#11 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:30 PM

Posted 25 October 2009 - 03:56 PM

Your info is extremely beneficial. Thanks for the details.

Please take your time and do this....

Please download MBR.exe from here ->
http://www2.gmer.net/mbr/mbr.exe

Save the file to your desktop and double click on it.

A new text file will appear on your desktop, created by the tool. Copy and paste that file here, please.

==========

Please download ConflictInfo by aommaster to your desktop.
  • Double click Posted Image

  • Press Posted Image to begin.

  • It shall produce a ConflictInfo.txt on your desktop.

  • Please copy and paste the log in your next reply.
==========

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time.

c:\program files\Uninstall Spy Blocker.dll
c:\windows\windllreg1c.sys

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal

==========

Download BootCheck.exe to your desktop.
  • Double click BootCheck.exe to run the check
  • When complete, a Notepad window will open with some text in it
  • Save the Notepad file to your desktop as BootCheck.txt
  • Copy the contents of BootCheck.txt and post it in your next reply
==========

Your hard disk displays errors - Let's fix that!

* Click Start > Run and type chkdsk /f and the click OK.
o Note the space between the k and the /

* Allow the scan to run and when completed, reboot the system.

==========

You may have corrupt critical system files. Let's see if we can fix that.

* Click Start > Run and type sfc /scannow and the click OK.
o Note the space between the c and the /
* You may need your Windows XP CD so have it ready.
o If you have Service Pack 2 (SP2) or SP3 installed, you will need the SP2 or SP3 version of the version of the CD. This can be done with a borrowed CD, if you don't have one.
* Allow the scan to run and when completed, reboot the system.

==========

:( Warning: This script was specifically written and designed for this user only. Unsupervised use of this tool could render your computer unbootable permanently!! :(

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

DirLook::
c:\program files\NOS
c:\program files\Security Task Manager


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

==========

With your next post please provide:

* MBR log
* ConflictInfo.txt
* Upload results
* BootCheck.txt
* Chkdsk results
* Did the System File scan prompt you for your install disc?
* Combofix.txt

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#12 lina816

lina816
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 25 October 2009 - 05:45 PM

Ok, here's what I did:

*MBR:
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

*Conflict Info:
Logfile of Aommaster's ConflictInfo v.1.0.0
#############
Conflicting Devices
#############

===No device problems found===

~~~EOF~~~

*Jotti:
c:\program files\Uninstall Spy Blocker.dll --> I couldn't find this
c:\windows\windllreg1c.sys --> results all said Found Nothing


*BootCheck
CMDCONS Folder exists!

Contents of C:\boot.ini:

[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

*Ran the checkdisk and restarted my computer

*Attempted to do the system file scan, and it did ask for my Windows XP disc. Unfortunately, I have no idea where that is, so I don't know what to do about that. I don't know anyone with a Windows XP disc that I could borrow.

*Combo Fix
ComboFix 09-10-25.01 - Heidi 10/25/2009 17:06.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.432 [GMT -5:00]
Running from: c:\documents and settings\Heidi\Desktop\thcbytes.exe
Command switches used :: c:\documents and settings\Heidi\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((( Files Created from 2009-09-25 to 2009-10-25 )))))))))))))))))))))))))))))))
.

2009-10-25 21:57 . 2001-08-18 03:36 102400 -c--a-w- c:\windows\system32\dllcache\binlsvc.dll
2009-10-25 21:56 . 2001-08-17 17:12 97354 -c--a-w- c:\windows\system32\dllcache\aspndis3.sys
2009-10-25 21:55 . 2002-08-29 05:00 10880 -c--a-w- c:\windows\system32\dllcache\admjoy.sys
2009-10-10 03:13 . 2009-10-10 15:53 -------- d-----w- c:\program files\Windows Live Safety Center
2009-10-09 01:33 . 2009-10-09 01:33 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-10-09 01:32 . 2009-10-09 01:36 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-09 01:32 . 2009-10-09 01:32 -------- d-----w- c:\program files\NOS
2009-10-07 02:28 . 2009-10-01 15:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-28 04:09 . 2009-09-28 04:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-09-28 04:04 . 2009-10-25 02:35 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-09-28 03:56 . 2009-09-28 03:56 -------- d-----w- c:\documents and settings\Heidi\Application Data\AVG8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-25 22:02 . 2007-11-15 23:44 -------- d-----w- c:\program files\Symantec AntiVirus
2009-10-25 16:39 . 2005-01-24 06:31 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-25 02:52 . 2005-01-24 06:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-10-12 04:17 . 2007-07-03 01:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-11 22:51 . 2007-10-04 03:25 -------- d-----w- c:\documents and settings\Heidi\Application Data\Move Networks
2009-10-11 19:46 . 2005-01-22 03:20 50800 -c--a-w- c:\documents and settings\Heidi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-24 00:34 . 2009-09-24 00:34 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2009-09-21 03:44 . 2009-09-21 03:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-21 03:44 . 2009-09-21 03:43 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-21 03:43 . 2009-09-21 03:43 -------- d-----w- c:\documents and settings\Heidi\Application Data\SUPERAntiSpyware.com
2009-09-21 03:43 . 2009-04-25 20:55 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-21 03:28 . 2009-09-21 03:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-20 15:53 . 2007-10-04 16:11 -------- d-----w- c:\program files\Steam
2009-09-20 02:26 . 2009-09-20 02:26 -------- d-----w- c:\program files\AnswersThatWork
2009-09-16 04:33 . 2008-06-08 05:50 -------- d-----w- c:\program files\Shockwave.com
2009-09-16 02:58 . 2009-09-16 02:57 -------- d-----w- c:\program files\iTunes
2009-09-16 02:57 . 2009-09-16 02:57 -------- d-----w- c:\program files\iPod
2009-09-16 02:57 . 2009-03-21 17:56 -------- d-----w- c:\program files\Common Files\Apple
2009-09-16 02:56 . 2009-09-16 02:56 -------- d-----w- c:\program files\QuickTime
2009-09-16 02:56 . 2009-03-21 17:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-09-16 02:32 . 2005-04-30 06:25 -------- d-----w- c:\program files\Real
2009-09-16 02:32 . 2005-04-30 06:25 -------- d-----w- c:\program files\Common Files\Real
2009-09-16 02:20 . 2007-08-12 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2009-09-16 02:14 . 2007-08-12 17:23 -------- d-----w- c:\program files\Kodak
2009-09-16 01:00 . 2007-09-29 00:34 -------- d-----w- c:\program files\Full Tilt Poker.Net
2009-09-16 01:00 . 2005-01-22 02:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-16 00:59 . 2009-05-17 19:01 -------- d-----w- c:\program files\RealArcade
2009-09-15 05:15 . 2009-09-15 05:15 44768 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-15 03:32 . 2009-09-15 02:53 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2009-09-15 02:53 . 2009-09-15 02:53 -------- d-----w- c:\program files\Security Task Manager
2009-09-15 00:33 . 2009-09-15 00:33 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-09-15 00:33 . 2009-09-15 00:33 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-09-13 20:18 . 2005-01-24 06:20 -------- d-----w- c:\program files\Microsoft Hardware
2009-09-13 20:16 . 2005-01-24 07:00 -------- d-----w- c:\program files\EA GAMES
2009-09-13 20:05 . 2009-09-13 20:05 -------- d-----w- c:\documents and settings\Heidi\Application Data\Office Genuine Advantage
2009-09-13 02:06 . 2005-02-22 20:18 -------- d-----w- c:\documents and settings\Heidi\Application Data\Apple Computer
2009-09-13 01:42 . 2009-09-13 01:41 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-12 21:12 . 2009-09-12 21:12 -------- d-----w- c:\documents and settings\Heidi\Application Data\GraveyardShift
2009-09-12 01:06 . 2009-05-25 01:56 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-09-11 14:18 . 2003-03-31 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 05:21 . 2007-11-07 06:25 -------- d-----w- c:\documents and settings\Heidi\Application Data\Uniblue
2009-09-10 19:54 . 2009-09-21 03:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2009-09-21 03:27 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03 . 2003-03-31 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-01 01:25 . 2009-04-26 05:06 -------- d-----w- c:\documents and settings\All Users\Application Data\GoBit Games
2009-08-29 08:08 . 2004-08-24 01:32 916480 ------w- c:\windows\system32\wininet.dll
2009-08-29 03:07 . 2009-06-04 02:52 -------- d-----w- c:\documents and settings\Heidi\Application Data\YoudaGames
2009-08-29 03:03 . 2009-08-29 03:03 -------- d-----w- c:\documents and settings\Heidi\Application Data\CasualForge
2009-08-29 03:03 . 2009-08-29 03:03 -------- d-----w- c:\documents and settings\All Users\Application Data\CasualForge
2009-08-28 02:12 . 2008-10-01 00:23 -------- d-----w- c:\documents and settings\Heidi\Application Data\PlayFirst
2009-08-28 02:12 . 2008-10-01 00:23 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2009-08-26 08:00 . 2003-03-31 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-05 09:01 . 2003-03-31 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 00:52 . 2009-08-05 00:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-04 15:13 . 2003-03-31 12:00 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2002-08-29 01:04 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-08-03 20:07 . 2009-08-03 20:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 20:07 . 2009-08-03 20:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 20:07 . 2009-08-03 20:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2005-04-30 06:25 . 2005-04-30 06:25 774144 ----a-w- c:\program files\RngInterstitial.dll
1765-11-27 01:49 . 1765-11-27 01:49 4263 -csh--w- c:\windows\windllreg1c.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files\NOS ----

2009-10-09 01:32 . 2009-09-23 21:36 330072 ----a-w- c:\program files\NOS\bin\getPlusPlus_Adobe.exe
2009-10-09 01:32 . 2009-09-23 21:36 51168 ----a-w- c:\program files\NOS\bin\getPlus_Helper.dll

---- Directory of c:\program files\Security Task Manager ----

2009-09-15 02:53 . 2009-09-15 02:53 98 ----a-w- c:\program files\Security Task Manager\Purchase Security Task Manager Now!.url
2009-09-15 02:53 . 2007-03-05 21:41 70240 ----a-w- c:\program files\Security Task Manager\uninstal.exe
2009-09-15 02:53 . 2005-04-27 15:37 75146 ----a-w- c:\program files\Security Task Manager\taskman_rus.hlp
2009-09-15 02:53 . 2005-04-27 15:37 1562 ----a-w- c:\program files\Security Task Manager\taskman_rus.cnt
2009-09-15 02:53 . 2005-04-01 15:56 141557 ----a-w- c:\program files\Security Task Manager\taskman_fr.hlp
2009-09-15 02:53 . 2003-12-15 16:09 1613 ----a-w- c:\program files\Security Task Manager\taskman_fr.cnt
2009-09-15 02:53 . 2005-11-22 18:43 66659 ----a-w- c:\program files\Security Task Manager\taskman_en.hlp
2009-09-15 02:53 . 2005-06-22 15:42 1266 ----a-w- c:\program files\Security Task Manager\taskman_en.cnt
2009-09-15 02:53 . 2005-11-22 18:43 64697 ----a-w- c:\program files\Security Task Manager\taskman_de.hlp
2009-09-15 02:53 . 2005-06-22 15:44 1319 ----a-w- c:\program files\Security Task Manager\taskman_de.cnt
2009-09-15 02:53 . 2009-04-06 21:35 580448 ----a-w- c:\program files\Security Task Manager\TaskMan.exe
2009-09-15 02:53 . 2007-03-05 21:39 114248 ----a-w- c:\program files\Security Task Manager\SpyProtector.exe
2009-09-15 02:53 . 2007-03-05 21:42 48768 ----a-w- c:\program files\Security Task Manager\SpyProDll.dll
2009-09-15 02:53 . 2008-05-23 15:45 7654 ----a-w- c:\program files\Security Task Manager\readme.txt
2009-09-15 02:53 . 2007-03-05 21:41 107616 ----a-w- c:\program files\Security Task Manager\Setup.exe
2009-09-15 02:53 . 2009-06-02 20:00 1788 ----a-w- c:\program files\Security Task Manager\ordina.txt
2009-09-15 02:53 . 2005-11-22 17:04 24452 ----a-w- c:\program files\Security Task Manager\pad_file.xml
2009-09-15 02:53 . 2006-12-15 20:25 23952 ----a-w- c:\program files\Security Task Manager\psapi_.dll
2009-09-15 02:53 . 2003-12-15 16:09 144264 ----a-w- c:\program files\Security Task Manager\manual_fr.pdf
2009-09-15 02:53 . 2004-11-30 17:03 1728 ----a-w- c:\program files\Security Task Manager\order.txt
2009-09-15 02:53 . 2005-11-22 19:16 105243 ----a-w- c:\program files\Security Task Manager\manual_en.pdf
2009-09-15 02:53 . 2008-05-23 15:45 10274 ----a-w- c:\program files\Security Task Manager\liesmich.txt
2009-09-15 02:53 . 2007-04-11 16:17 8591 ----a-w- c:\program files\Security Task Manager\LisezMoi.txt
2009-09-15 02:53 . 2005-11-22 19:16 97568 ----a-w- c:\program files\Security Task Manager\manual_de.pdf
2009-09-15 02:53 . 2004-07-26 19:20 27434 ----a-w- c:\program files\Security Task Manager\lgs_turkish.txt
2009-09-15 02:53 . 2004-11-03 18:58 12451 ----a-w- c:\program files\Security Task Manager\lgs_ukrainian.txt
2009-09-15 02:53 . 2004-11-24 19:02 13694 ----a-w- c:\program files\Security Task Manager\lgs_vietnam.txt
2009-09-15 02:53 . 2005-04-25 16:23 13880 ----a-w- c:\program files\Security Task Manager\lgs_swedish.txt
2009-09-15 02:53 . 2007-09-01 18:44 15897 ----a-w- c:\program files\Security Task Manager\lgs_thai.txt
2009-09-15 02:53 . 2008-09-01 14:54 15251 ----a-w- c:\program files\Security Task Manager\lgs_slovak.txt
2009-09-15 02:53 . 2004-12-06 16:50 13606 ----a-w- c:\program files\Security Task Manager\lgs_slovenian.txt
2009-09-15 02:53 . 2008-09-26 13:30 16155 ----a-w- c:\program files\Security Task Manager\lgs_spanish.txt
2009-09-15 02:53 . 2005-10-24 16:17 15317 ----a-w- c:\program files\Security Task Manager\lgs_russian.txt
2009-09-15 02:53 . 2005-04-01 17:53 14908 ----a-w- c:\program files\Security Task Manager\lgs_serbian.txt
2009-09-15 02:53 . 2005-03-29 15:51 15489 ----a-w- c:\program files\Security Task Manager\lgs_portuguese.txt
2009-09-15 02:53 . 2005-07-12 21:57 15239 ----a-w- c:\program files\Security Task Manager\lgs_romanian.txt
2009-09-15 02:53 . 2004-09-07 20:09 14263 ----a-w- c:\program files\Security Task Manager\lgs_norwegian_nynorsk.txt
2009-09-15 02:53 . 2004-09-09 16:49 14725 ----a-w- c:\program files\Security Task Manager\lgs_polish.txt
2009-09-15 02:53 . 2006-04-04 19:18 15243 ----a-w- c:\program files\Security Task Manager\lgs_portuguese (Brasil).txt
2009-09-15 02:53 . 2007-02-08 16:04 14975 ----a-w- c:\program files\Security Task Manager\lgs_norwegian.txt
2009-09-15 02:53 . 2004-09-07 20:09 14298 ----a-w- c:\program files\Security Task Manager\lgs_norwegian_bokmaal.txt
2009-09-15 02:53 . 2004-11-03 18:44 13003 ----a-w- c:\program files\Security Task Manager\lgs_latvian.txt
2009-09-15 02:53 . 2005-05-13 17:44 15905 ----a-w- c:\program files\Security Task Manager\lgs_macedonian.txt
2009-09-15 02:53 . 2009-06-02 20:00 19676 ----a-w- c:\program files\Security Task Manager\lgs_italiano.txt
2009-09-15 02:53 . 2005-06-27 16:15 13051 ----a-w- c:\program files\Security Task Manager\lgs_korean.txt
2009-09-15 02:53 . 2006-11-07 23:19 17864 ----a-w- c:\program files\Security Task Manager\lgs_greek.txt
2009-09-15 02:53 . 2008-06-02 20:59 16445 ----a-w- c:\program files\Security Task Manager\lgs_hungarian.txt
2009-09-15 02:53 . 2004-10-21 15:35 15109 ----a-w- c:\program files\Security Task Manager\lgs_indonesian.txt
2009-09-15 02:53 . 2005-07-25 21:19 16810 ----a-w- c:\program files\Security Task Manager\lgs_french.txt
2009-09-15 02:53 . 2005-05-13 17:44 14976 ----a-w- c:\program files\Security Task Manager\lgs_galician.txt
2009-09-15 02:53 . 2005-03-24 20:02 14488 ----a-w- c:\program files\Security Task Manager\lgs_faroese.txt
2009-09-15 02:53 . 2004-09-27 19:30 14657 ----a-w- c:\program files\Security Task Manager\lgs_finnish.txt
2009-09-15 02:53 . 2005-05-24 18:35 15088 ----a-w- c:\program files\Security Task Manager\lgs_estonian.txt
2009-09-15 02:53 . 2005-06-27 19:51 15094 ----a-w- c:\program files\Security Task Manager\lgs_dutch.txt
2009-09-15 02:53 . 2009-04-06 21:34 18496 ----a-w- c:\program files\Security Task Manager\lgs_english.txt
2009-09-15 02:53 . 2006-02-06 20:42 15769 ----a-w- c:\program files\Security Task Manager\lgs_Español (latinoamérica).txt
2009-09-15 02:53 . 2004-08-06 15:42 14320 ----a-w- c:\program files\Security Task Manager\lgs_danish.txt
2009-09-15 02:53 . 2009-02-19 19:50 19647 ----a-w- c:\program files\Security Task Manager\lgs_deutsch.txt
2009-09-15 02:53 . 2005-04-08 14:50 14233 ----a-w- c:\program files\Security Task Manager\lgs_croatian.txt
2009-09-15 02:53 . 2007-04-02 16:12 14500 ----a-w- c:\program files\Security Task Manager\lgs_czech.txt
2009-09-15 02:53 . 2004-04-16 15:59 14902 ----a-w- c:\program files\Security Task Manager\lgs_catalan.txt
2009-09-15 02:53 . 2008-10-27 15:08 12968 ----a-w- c:\program files\Security Task Manager\lgs_chinese (Simplified).txt
2009-09-15 02:53 . 2008-10-27 15:08 12971 ----a-w- c:\program files\Security Task Manager\lgs_chinese (Traditional).txt
2009-09-15 02:53 . 2008-10-22 19:50 12728 ----a-w- c:\program files\Security Task Manager\lgs_Arabic.txt
2009-09-15 02:53 . 2006-03-21 16:43 15039 ----a-w- c:\program files\Security Task Manager\lgs_bosnian.txt
2009-09-15 02:53 . 2005-04-05 22:26 14811 ----a-w- c:\program files\Security Task Manager\lgs_bulgarian.txt
2009-09-15 02:53 . 2006-10-16 15:59 365 ----a-w- c:\program files\Security Task Manager\file_id.diz
2009-09-15 02:53 . 2005-04-25 16:08 1792 ----a-w- c:\program files\Security Task Manager\Formulaire.txt
2009-09-15 02:53 . 2009-06-03 20:13 8519 ----a-w- c:\program files\Security Task Manager\leggimi.txt
2009-09-15 02:53 . 2005-03-01 18:46 15272 ----a-w- c:\program files\Security Task Manager\lgs_albanian.txt
2009-09-15 02:53 . 2007-03-05 21:16 48768 ----a-w- c:\program files\Security Task Manager\ascode.dll
2009-09-15 02:53 . 2003-10-21 20:00 1434 ----a-w- c:\program files\Security Task Manager\bestell.txt


((((((((((((((((((((((((((((( SnapShot@2009-10-25_16.00.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-25 21:42 . 2009-10-25 21:42 16384 c:\windows\Temp\Perflib_Perfdata_2fc.dat
- 2003-03-31 12:00 . 2009-10-25 15:27 53608 c:\windows\system32\perfc009.dat
+ 2003-03-31 12:00 . 2009-10-25 21:46 53608 c:\windows\system32\perfc009.dat
+ 2003-03-31 12:00 . 2008-04-14 00:12 30749 c:\windows\system32\dllcache\vbajet32.dll
+ 2004-08-04 07:56 . 2007-04-02 16:36 16384 c:\windows\system32\dllcache\tcptsat.dll
+ 2004-08-04 07:56 . 2008-04-14 00:12 32827 c:\windows\system32\dllcache\tcptest.exe
+ 2003-03-31 12:00 . 2008-04-14 00:12 25088 c:\windows\system32\dllcache\slayerxp.dll
+ 2004-08-04 07:56 . 2008-04-14 00:12 16437 c:\windows\system32\dllcache\shtml.exe
+ 2004-08-04 07:56 . 2008-04-14 00:12 20536 c:\windows\system32\dllcache\shtml.dll
+ 2003-03-31 12:00 . 2008-04-14 00:12 65024 c:\windows\system32\dllcache\shimeng.dll
+ 2003-03-31 12:00 . 2008-04-14 00:12 77312 c:\windows\system32\dllcache\sdbinst.exe
+ 2003-03-31 12:00 . 2008-04-14 00:12 64000 c:\windows\system32\dllcache\samlib.dll
+ 2009-10-25 21:55 . 2001-08-17 19:56 66048 c:\windows\system32\dllcache\s3legacy.dll
+ 2003-03-31 12:00 . 2008-04-14 00:12 84992 c:\windows\system32\dllcache\olepro32.dll
+ 2005-01-22 01:42 . 2008-04-14 00:12 65536 c:\windows\system32\dllcache\oledb32r.dll
+ 2003-03-31 12:00 . 2008-04-14 00:12 20511 c:\windows\system32\dllcache\odtext32.dll
+ 2003-03-31 12:00 . 2008-04-14 00:12 20510 c:\windows\system32\dllcache\odpdx32.dll
+ 2003-03-31 12:00 . 2008-04-14 00:12 20510 c:\windows\system32\dllcache\odfox32.dll
+ 2003-03-31 12:00 . 2008-04-14 00:12 20510 c:\windows\system32\dllcache\odexl32.dll
+ 2003-03-31 12:00 . 2008-04-14 00:12 20511 c:\windows\system32\dllcache\oddbse32.dll
+ 2003-03-31 12:00 . 2008-04-14 00:10 53279 c:\windows\system32\dllcache\odbcji32.dll
+ 2003-03-31 12:00 . 2008-04-13 17:26 94208 c:\windows\system32\dllcache\odbcint.dll
+ 2003-03-31 12:00 . 2008-04-14 00:12 65536 c:\windows\system32\dllcache\odbccu32.dll
+ 2003-03-31 12:00 . 2008-04-14 00:12 65536 c:\windows\system32\dllcache\odbccr32.dll
+ 2003-03-31 12:00 . 2008-04-14 00:12 69632 c:\windows\system32\dllcache\odbcconf.exe
+ 2003-03-31 12:00 . 2008-04-14 00:12 32768 c:\windows\system32\dllcache\odbcad32.exe
+ 2003-03-31 12:00 . 2008-04-14 00:12 16384 c:\windows\system32\dllcache\odbc32gt.dll
+ 2003-03-31 12:00 . 2008-04-14 00:12 67584 c:\windows\system32\dllcache\ocmanage.dll
+ 2003-03-31 12:00 . 2008-04-14 00:12 64000 c:\windows\system32\dllcache\nwapi32.dll
+ 2003-03-31 12:00 . 2008-04-13 19:20 91520 c:\windows\system32\dllcache\ndiswan.sys
+ 2005-01-22 01:40 . 2008-04-14 00:12 24576 c:\windows\system32\dllcache\msxactps.dll
+ 2003-03-31 12:00 . 2008-04-13 18:30 61440 c:\windows\system32\dllcache\msvcrt40.dll
+ 2003-03-31 12:00 . 2008-03-25 04:50 60192 c:\windows\system32\dllcache\msjter40.dll
- 2008-03-25 04:50 . 2008-03-25 04:50 60192 c:\windows\system32\dllcache\msjter40.dll
+ 2005-01-22 01:40 . 2008-04-14 00:11 36864 c:\windows\system32\dllcache\msdfmap.dll
+ 2005-01-22 01:40 . 2008-04-14 00:11 77824 c:\windows\system32\dllcache\msdaosp.dll
+ 2003-03-31 12:00 . 2008-04-14 00:11 36864 c:\windows\system32\dllcache\mscpxl32.dll
+ 2005-01-22 01:40 . 2008-04-14 00:11 57344 c:\windows\system32\dllcache\msadrh15.dll
+ 2005-01-22 01:40 . 2008-04-14 00:11 57344 c:\windows\system32\dllcache\msador15.dll
+ 2005-01-22 01:40 . 2008-04-14 00:11 61440 c:\windows\system32\dllcache\msadcf.dll
+ 2003-03-31 12:00 . 2008-04-14 00:11 22528 c:\windows\system32\dllcache\mfcsubs.dll
- 2006-05-10 05:22 . 2009-08-29 08:08 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2003-03-31 12:00 . 2009-08-29 08:08 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-04 07:56 . 2008-04-14 00:11 68608 c:\windows\system32\dllcache\isatq.dll
+ 2003-03-31 12:00 . 2008-04-13 19:19 75264 c:\windows\system32\dllcache\ipsec.sys
+ 2004-08-04 07:56 . 2008-04-14 00:11 13312 c:\windows\system32\dllcache\infoadmn.dll
+ 2003-03-31 12:00 . 2008-04-14 00:11 36921 c:\windows\system32\dllcache\imeshare.dll
+ 2004-08-04 07:56 . 2008-04-14 00:12 30720 c:\windows\system32\dllcache\iisrstas.exe
+ 2004-08-04 07:56 . 2008-04-14 00:11 64512 c:\windows\system32\dllcache\iismap.dll
+ 2004-08-04 07:56 . 2008-04-14 00:11 68608 c:\windows\system32\dllcache\iisext51.dll
+ 2004-08-04 07:56 . 2008-04-14 00:12 20538 c:\windows\system32\dllcache\fpremadm.exe
+ 2004-08-04 07:56 . 2008-04-14 00:11 20541 c:\windows\system32\dllcache\fpexedll.dll
+ 2004-08-04 07:56 . 2008-04-14 00:12 15120 c:\windows\system32\dllcache\fp98sadm.exe
+ 2004-08-04 07:56 . 2008-04-14 00:11 49212 c:\windows\system32\dllcache\fp4awebs.dll
+ 2004-08-04 07:56 . 2008-04-14 00:11 32826 c:\windows\system32\dllcache\fp4avss.dll
+ 2004-08-04 07:56 . 2008-04-14 00:11 41020 c:\windows\system32\dllcache\fp4avnb.dll
+ 2004-08-04 07:56 . 2008-04-14 00:11 49210 c:\windows\system32\dllcache\fp4areg.dll
+ 2004-08-04 07:56 . 2008-04-14 00:11 82035 c:\windows\system32\dllcache\fp4anscp.dll
+ 2003-03-31 12:00 . 2008-04-14 00:11 16384 c:\windows\system32\dllcache\ds32gt.dll
+ 2003-03-31 12:00 . 2008-04-14 00:11 32768 c:\windows\system32\dllcache\dispex.dll
+ 2008-09-28 23:52 . 2008-04-14 00:11 39936 c:\windows\system32\dllcache\dimsroam.dll
+ 2008-09-28 23:52 . 2008-04-14 00:11 19456 c:\windows\system32\dllcache\dimsntfy.dll
+ 2003-03-31 12:00 . 2008-04-14 00:11 62464 c:\windows\system32\dllcache\cryptsvc.dll
+ 2003-03-31 12:00 . 2008-04-14 00:11 64512 c:\windows\system32\dllcache\cryptnet.dll
+ 2003-03-31 12:00 . 2008-04-14 00:11 53760 c:\windows\system32\dllcache\cryptext.dll
+ 2003-03-31 12:00 . 2008-04-14 00:11 33280 c:\windows\system32\dllcache\cryptdll.dll
+ 2003-03-31 12:00 . 2008-04-14 00:11 74752 c:\windows\system32\dllcache\cryptdlg.dll
+ 2004-08-04 07:56 . 2008-04-14 00:11 46592 c:\windows\system32\dllcache\coadmin.dll
+ 2003-03-31 12:00 . 2008-04-14 00:09 16896 c:\windows\system32\dllcache\cfgmgr32.dll
+ 2009-10-25 21:58 . 2001-08-17 18:51 13824 c:\windows\system32\dllcache\bulltlp3.sys
+ 2004-08-04 07:56 . 2008-04-14 00:11 50688 c:\windows\system32\dllcache\btpanui.dll
+ 2004-08-04 06:10 . 2008-04-13 18:46 18944 c:\windows\system32\dllcache\bthusb.sys
+ 2004-08-04 07:56 . 2008-04-14 00:11 30208 c:\windows\system32\dllcache\bthserv.dll
+ 2004-08-04 06:10 . 2008-04-13 18:46 36480 c:\windows\system32\dllcache\bthprint.sys
+ 2004-08-04 06:10 . 2008-04-13 18:46 37888 c:\windows\system32\dllcache\bthmodem.sys
+ 2004-08-04 06:10 . 2008-04-13 18:46 17024 c:\windows\system32\dllcache\bthenum.sys
+ 2004-08-04 07:56 . 2008-04-14 00:11 20992 c:\windows\system32\dllcache\bthci.dll
+ 2009-10-25 21:58 . 2001-08-17 17:11 31529 c:\windows\system32\dllcache\brzwlan.sys
+ 2009-10-25 21:58 . 2001-08-17 18:12 10368 c:\windows\system32\dllcache\brusbscn.sys
+ 2009-10-25 21:58 . 2001-08-17 18:12 11008 c:\windows\system32\dllcache\brusbmdm.sys
+ 2009-10-25 21:58 . 2001-08-17 18:12 60416 c:\windows\system32\dllcache\brserwdm.sys
+ 2009-10-25 21:58 . 2001-08-17 18:12 39552 c:\windows\system32\dllcache\brparwdm.sys
+ 2003-03-31 12:00 . 2008-04-14 00:11 78336 c:\windows\system32\dllcache\browsewm.dll
+ 2003-03-31 12:00 . 2008-04-14 00:11 77824 c:\windows\system32\dllcache\browser.dll
+ 2003-03-31 12:00 . 2008-04-13 17:03 63488 c:\windows\system32\dllcache\browselc.dll
+ 2009-10-25 21:58 . 2001-08-18 03:36 41472 c:\windows\system32\dllcache\brmfusb.dll
+ 2009-10-25 21:58 . 2001-08-18 03:36 32256 c:\windows\system32\dllcache\brmfrsmg.exe
+ 2009-10-25 21:58 . 2001-08-18 03:36 29696 c:\windows\system32\dllcache\brmflpt.dll
+ 2009-10-25 21:58 . 2001-08-18 03:36 81408 c:\windows\system32\dllcache\brmfcwia.dll
+ 2009-10-25 21:58 . 2001-08-18 03:36 15360 c:\windows\system32\dllcache\brmfbidi.dll
+ 2003-03-31 12:00 . 2008-04-13 18:53 71552 c:\windows\system32\dllcache\bridge.sys
+ 2009-10-25 21:58 . 2001-08-17 18:12 12160 c:\windows\system32\dllcache\brfiltlo.sys
+ 2009-10-25 21:58 . 2001-08-18 03:36 12800 c:\windows\system32\dllcache\brevif.dll
+ 2009-10-25 21:58 . 2001-08-18 03:36 19456 c:\windows\system32\dllcache\brbidiif.dll
+ 2004-08-04 07:56 . 2008-04-14 00:12 71680 c:\windows\system32\dllcache\blastcln.exe
+ 2003-03-31 12:00 . 2008-04-14 00:11 17408 c:\windows\system32\dllcache\bidispl.dll
+ 2009-10-25 21:57 . 2008-04-13 18:46 11776 c:\windows\system32\dllcache\bdasup.sys
+ 2009-10-25 21:57 . 2001-08-17 17:11 26568 c:\windows\system32\dllcache\bcm4e5.sys
+ 2009-10-25 21:57 . 2001-08-17 17:11 54271 c:\windows\system32\dllcache\bcm42xx5.sys
+ 2009-10-25 21:57 . 2001-08-17 17:11 66557 c:\windows\system32\dllcache\bcm42u.sys
+ 2009-10-25 21:57 . 2008-04-13 18:36 14208 c:\windows\system32\dllcache\battc.sys
+ 2003-03-31 12:00 . 2008-04-14 00:11 29184 c:\windows\system32\dllcache\batmeter.dll
+ 2003-03-31 12:00 . 2008-04-14 00:11 52736 c:\windows\system32\dllcache\basesrv.dll
+ 2009-10-25 21:57 . 2001-08-17 17:48 36128 c:\windows\system32\dllcache\banshee.sys
+ 2009-10-25 21:57 . 2001-08-17 17:11 96640 c:\windows\system32\dllcache\b57xp32.sys
+ 2009-10-25 21:57 . 2001-08-17 17:13 89952 c:\windows\system32\dllcache\b1cbase.sys
+ 2009-10-25 21:57 . 2001-08-17 17:19 36992 c:\windows\system32\dllcache\aztw2320.sys
+ 2009-10-25 21:57 . 2001-08-17 17:13 37568 c:\windows\system32\dllcache\avmwan.sys
+ 2009-10-25 21:57 . 2001-08-18 03:36 87552 c:\windows\system32\dllcache\avmcoxp.dll
+ 2003-03-31 12:00 . 2009-06-10 14:13 84992 c:\windows\system32\dllcache\avifil32.dll
- 2009-06-10 14:13 . 2009-06-10 14:13 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2003-03-31 12:00 . 2003-03-31 12:00 69584 c:\windows\system32\dllcache\avicap.dll
- 2005-01-21 19:35 . 2003-03-31 12:00 69584 c:\windows\system32\dllcache\avicap.dll
+ 2009-10-25 21:57 . 2008-04-13 18:46 13696 c:\windows\system32\dllcache\avcstrm.sys
+ 2009-10-25 21:57 . 2001-08-17 19:01 36096 c:\windows\system32\dllcache\avcaudio.sys
+ 2009-10-25 21:57 . 2008-04-13 18:46 38912 c:\windows\system32\dllcache\avc.sys
+ 2003-03-31 12:00 . 2008-04-14 00:12 11264 c:\windows\system32\dllcache\autolfn.exe
+ 2003-03-31 12:00 . 2008-04-14 00:11 62464 c:\windows\system32\dllcache\authz.dll
+ 2004-08-04 07:56 . 2008-04-14 00:12 16439 c:\windows\system32\dllcache\author.exe
+ 2004-08-04 07:56 . 2008-04-14 00:11 20540 c:\windows\system32\dllcache\author.dll
+ 2004-08-04 07:56 . 2008-04-14 00:12 14336 c:\windows\system32\dllcache\auditusr.exe
+ 2003-03-31 12:00 . 2008-04-14 00:11 42496 c:\windows\system32\dllcache\audiosrv.dll
+ 2004-08-04 07:56 . 2008-04-14 00:11 17279 c:\windows\system32\dllcache\atv10nt5.dll
+ 2004-08-04 07:56 . 2008-04-14 00:11 14143 c:\windows\system32\dllcache\atv06nt5.dll
+ 2004-08-04 07:56 . 2008-04-14 00:11 25471 c:\windows\system32\dllcache\atv04nt5.dll
+ 2004-08-04 07:56 . 2008-04-14 00:11 11359 c:\windows\system32\dllcache\atv02nt5.dll
+ 2004-08-04 07:56 . 2008-04-14 00:11 21183 c:\windows\system32\dllcache\atv01nt5.dll
+ 2003-03-31 12:00 . 2008-04-14 00:12 12288 c:\windows\system32\dllcache\attrib.exe
+ 2003-03-31 12:00 . 2008-04-14 00:11 30208 c:\windows\system32\dllcache\atmlib.dll
+ 2003-03-31 12:00 . 2008-04-13 18:51 55808 c:\windows\system32\dllcache\atmlane.sys
+ 2003-03-31 12:00 . 2008-04-13 18:51 59904 c:\windows\system32\dllcache\atmarpc.sys
+ 2003-03-31 12:00 . 2008-04-14 00:12 11264 c:\windows\system32\dllcache\atmadm.exe
+ 2003-03-31 12:00 . 2009-07-17 19:01 58880 c:\windows\system32\dllcache\atl.dll
- 2009-07-17 19:01 . 2009-07-17 19:01 58880 c:\windows\system32\dllcache\atl.dll
+ 2009-10-25 21:57 . 2001-08-17 17:49 23552 c:\windows\system32\dllcache\atixbar.sys
+ 2009-10-25 21:57 . 2001-08-17 17:49 26624 c:\windows\system32\dllcache\ativxbar.sys
+ 2009-10-25 21:57 . 2001-08-17 17:49 19456 c:\windows\system32\dllcache\ativttxx.sys
+ 2004-08-04 07:56 . 2008-04-14 00:11 32768 c:\windows\system32\dllcache\ativtmxx.dll
+ 2009-10-25 21:57 . 2001-08-17 17:49 17152 c:\windows\system32\dllcache\atitvsnd.sys
+ 2009-10-25 21:57 . 2001-08-17 17:49 17152 c:\windows\system32\dllcache\atitunep.sys
+ 2009-10-25 21:57 . 2001-08-17 17:49 26880 c:\windows\system32\dllcache\atirtsnd.sys
+ 2009-10-25 21:57 . 2001-08-17 17:49 49920 c:\windows\system32\dllcache\atirtcap.sys
+ 2009-10-25 21:57 . 2001-08-17 17:48 70528 c:\windows\system32\dllcache\atiragem.sys
+ 2009-10-25 21:57 . 2001-08-17 17:49 10240 c:\windows\system32\dllcache\atipcxxx.sys
+ 2004-08-04 05:29 . 2004-08-04 05:29 63488 c:\windows\system32\dllcache\atinxsxx.sys
+ 2004-08-04 05:29 . 2004-08-04 05:29 31744 c:\windows\system32\dllcache\atinxbxx.sys
+ 2004-08-04 05:29 . 2004-08-04 05:29 73216 c:\windows\system32\dllcache\atintuxx.sys
+ 2004-08-04 05:29 . 2004-08-04 05:29 13824 c:\windows\system32\dllcache\atinttxx.sys
+ 2004-08-04 05:29 . 2004-08-04 05:29 28672 c:\windows\system32\dllcache\atinsnxx.sys
+ 2004-08-04 05:29 . 2004-08-04 05:29 52224 c:\windows\system32\dllcache\atinraxx.sys
+ 2004-08-04 05:29 . 2004-08-04 05:29 14336 c:\windows\system32\dllcache\atinpdxx.sys
+ 2004-08-04 05:29 . 2004-08-04 05:29 13824 c:\windows\system32\dllcache\atinmdxx.sys
+ 2004-08-04 05:29 . 2004-08-04 05:29 57856 c:\windows\system32\dllcache\atinbtxx.sys
+ 2009-10-25 21:57 . 2001-08-17 17:49 75136 c:\windows\system32\dllcache\atimpae.sys
+ 2009-10-25 21:57 . 2001-08-18 03:36 37376 c:\windows\system32\dllcache\atievxx.exe
+ 2009-10-25 21:57 . 2001-08-17 17:49 46464 c:\windows\system32\dllcache\atibt829.sys
+ 2004-08-04 05:29 . 2004-08-04 05:29 12047 c:\windows\system32\dllcache\ati1pdxx.sys
+ 2009-10-25 21:57 . 2001-08-17 18:57 77568 c:\windows\system32\dllcache\ati.sys
+ 2009-10-25 21:57 . 2001-08-17 19:55 96128 c:\windows\system32\dllcache\ati.dll
+ 2005-01-22 02:01 . 2008-04-13 18:40 96512 c:\windows\system32\dllcache\atapi.sys
+ 2003-03-31 12:00 . 2008-04-14 00:12 25088 c:\windows\system32\dllcache\at.exe
+ 2003-03-31 12:00 . 2008-04-13 18:57 14336 c:\windows\system32\dllcache\asyncmac.sys
+ 2003-03-31 12:00 . 2008-04-14 00:11 65024 c:\windows\system32\dllcache\asycfilt.dll
+ 2003-03-31 12:00 . 2008-04-14 00:12 32768 c:\windows\system32\dllcache\asr_pfu.exe
+ 2003-03-31 12:00 . 2008-04-14 00:12 30208 c:\windows\system32\dllcache\asr_fmt.exe
+ 2009-10-25 21:56 . 2001-08-17 18:51 14848 c:\windows\system32\dllcache\asc3550.sys
+ 2009-10-25 21:56 . 2001-08-17 18:52 22400 c:\windows\system32\dllcache\asc3350p.sys
+ 2009-10-25 21:56 . 2001-08-17 18:52 26496 c:\windows\system32\dllcache\asc.sys
+ 2002-08-29 01:33 . 2008-04-13 18:51 60800 c:\windows\system32\dllcache\arp1394.sys
+ 2009-10-25 21:56 . 2002-08-29 04:59 36224 c:\windows\system32\dllcache\an983.sys
+ 2003-03-31 12:00 . 2008-04-14 00:11 70656 c:\windows\system32\dllcache\amstream.dll
+ 2009-10-25 21:56 . 2001-08-17 18:52 12032 c:\windows\system32\dllcache\amsint.sys
+ 2002-08-29 01:05 . 2008-04-13 18:31 37760 c:\windows\system32\dllcache\amdk7.sys
+ 2002-08-29 01:05 . 2008-04-13 18:31 37376 c:\windows\system32\dllcache\amdk6.sys
+ 2004-08-04 06:07 . 2008-04-13 18:36 43008 c:\windows\system32\dllcache\amdagp.sys
+ 2009-10-25 21:56 . 2001-08-17 17:11 16969 c:\windows\system32\dllcache\amb8002.sys
+ 2003-03-31 12:00 . 2008-04-14 00:11 17408 c:\windows\system32\dllcache\alrsvc.dll
+ 2004-08-04 06:07 . 2008-04-13 18:36 42752 c:\windows\system32\dllcache\alim1541.sys
+ 2009-10-25 21:56 . 2001-08-17 18:49 26624 c:\windows\system32\dllcache\alifir.sys
+ 2009-10-25 21:56 . 2001-08-17 17:11 27678 c:\windows\system32\dllcache\ali5261.sys
+ 2003-03-31 12:00 . 2008-04-14 00:12 44544 c:\windows\system32\dllcache\alg.exe
+ 2009-10-25 21:56 . 2001-08-17 19:07 56960 c:\windows\system32\dllcache\aic78xx.sys
+ 2009-10-25 21:56 . 2001-08-17 19:07 55168 c:\windows\system32\dllcache\aic78u2.sys
+ 2003-03-31 12:00 . 2008-04-14 00:12 98304 c:\windows\system32\dllcache\ahui.exe
+ 2009-10-25 21:56 . 2001-08-17 18:52 12800 c:\windows\system32\dllcache\aha154x.sys
+ 2003-03-31 12:00 . 2008-04-14 00:11 24064 c:\windows\system32\dllcache\agtintl.dll
+ 2008-09-28 23:52 . 2007-04-02 18:26 19456 c:\windows\system32\dllcache\agt0804.dll
+ 2008-09-28 23:52 . 2007-04-02 18:26 19456 c:\windows\system32\dllcache\agt0412.dll
+ 2008-09-28 23:52 . 2007-04-02 18:26 19456 c:\windows\system32\dllcache\agt0411.dll
+ 2008-09-28 23:52 . 2007-04-02 18:26 19456 c:\windows\system32\dllcache\agt040d.dll
+ 2008-09-28 23:52 . 2007-04-02 18:25 19456 c:\windows\system32\dllcache\agt0404.dll
+ 2008-09-28 23:52 . 2007-04-02 18:25 19456 c:\windows\system32\dllcache\agt0401.dll
+ 2004-08-04 06:07 . 2008-04-13 18:36 44928 c:\windows\system32\dllcache\agpcpq.sys
+ 2004-08-04 06:07 . 2008-04-13 18:36 42368 c:\windows\system32\dllcache\agp440.sys
+ 2003-03-31 12:00 . 2008-04-14 00:11 44032 c:\windows\system32\dllcache\agentsr.dll
+ 2003-03-31 12:00 . 2008-04-14 00:11 24064 c:\windows\system32\dllcache\agentpsh.dll
+ 2003-03-31 12:00 . 2008-04-14 00:11 49152 c:\windows\system32\dllcache\agentmpx.dll
+ 2003-03-31 12:00 . 2008-04-14 00:11 57344 c:\windows\system32\dllcache\agentdpv.dll
+ 2003-03-31 12:00 . 2008-04-14 00:11 42496 c:\windows\system32\dllcache\agentdp2.dll
+ 2003-03-31 12:00 . 2008-04-14 00:11 68096 c:\windows\system32\dllcache\adsmsext.dll
+ 2009-10-25 21:56 . 2001-08-17 17:11 46112 c:\windows\system32\dllcache\adptsf50.sys
+ 2004-08-04 07:56 . 2008-04-14 00:11 43520 c:\windows\system32\dllcache\admwprox.dll
- 2006-10-17 18:01 . 2009-03-08 09:32 72704 c:\windows\system32\dllcache\admparse.dll
+ 2003-03-31 12:00 . 2009-03-08 09:32 72704 c:\windows\system32\dllcache\admparse.dll
+ 2004-08-04 07:56 . 2008-04-14 00:12 16439 c:\windows\system32\dllcache\admin.exe
+ 2004-08-04 07:56 . 2008-04-14 00:11 20540 c:\windows\system32\dllcache\admin.dll
+ 2004-08-04 07:56 . 2008-04-14 00:11 29696 c:\windows\system32\dllcache\admexs.dll
+ 2009-10-25 21:55 . 2001-08-17 17:11 20160 c:\windows\system32\dllcache\adm8511.sys
+ 2003-03-31 12:00 . 2008-04-14 00:11 98304 c:\windows\system32\dllcache\actxprxy.dll
+ 2003-03-31 12:00 . 2003-03-31 12:00 11648 c:\windows\system32\dllcache\acpiec.sys
+ 2009-10-25 21:55 . 2001-08-18 03:36 61440 c:\windows\system32\dllcache\acerscad.dll
+ 2009-10-25 21:55 . 2002-08-29 05:00 84480 c:\windows\system32\dllcache\ac97via.sys
+ 2009-10-25 21:55 . 2001-08-17 17:20 96256 c:\windows\system32\dllcache\ac97intc.sys
+ 2009-10-25 21:55 . 2001-08-17 18:52 23552 c:\windows\system32\dllcache\abp480n5.sys
+ 2009-10-25 21:55 . 2001-08-18 03:36 98304 c:\windows\system32\dllcache\a3d.dll
+ 2009-10-25 21:55 . 2001-08-17 19:55 38400 c:\windows\system32\dllcache\8514a.dll
+ 2009-10-25 21:55 . 2008-04-13 18:46 48128 c:\windows\system32\dllcache\61883.sys
+ 2009-10-25 21:55 . 2008-04-13 18:40 12288 c:\windows\system32\dllcache\4mmdat.sys
+ 2009-10-25 21:55 . 2001-08-17 19:06 11264 c:\windows\system32\dllcache\1394vdbg.sys
+ 2003-03-31 12:00 . 2008-04-13 18:46 53376 c:\windows\system32\dllcache\1394bus.sys
+ 2005-06-01 20:43 . 2009-10-25 22:17 1542 c:\windows\wt\wtupdates\wtupdater\appinfo.dat
+ 2004-08-04 07:56 . 2008-04-14 00:12 8192 c:\windows\system32\dllcache\staxmem.dll
+ 2003-03-31 12:00 . 2008-04-14 00:12 5120 c:\windows\system32\dllcache\sfc.dll
+ 2005-01-22 01:40 . 2008-04-14 00:12 4639 c:\windows\system32\dllcache\mplayer2.exe
+ 2008-09-28 23:52 . 2008-04-14 00:09 6144 c:\windows\system32\dllcache\kbdpash.dll
+ 2008-09-28 23:52 . 2008-04-14 00:09 6144 c:\windows\system32\dllcache\kbdnepr.dll
+ 2008-09-28 23:52 . 2008-04-14 00:09 6144 c:\windows\system32\dllcache\kbdiultn.dll
+ 2008-09-28 23:52 . 2008-04-14 00:09 6144 c:\windows\system32\dllcache\kbdbhc.dll
+ 2009-10-25 21:58 . 2001-08-18 03:36 9728 c:\windows\system32\dllcache\brserif.dll
+ 2009-10-25 21:58 . 2001-08-18 03:36 5120 c:\windows\system32\dllcache\brscnrsm.dll
+ 2009-10-25 21:58 . 2001-08-17 18:12 3168 c:\windows\system32\dllcache\brparimg.sys
+ 2009-10-25 21:58 . 2001-08-17 18:12 3968 c:\windows\system32\dllcache\brfiltup.sys
+ 2009-10-25 21:58 . 2001-08-17 18:12 2944 c:\windows\system32\dllcache\brfilt.sys
+ 2009-10-25 21:58 . 2001-08-18 03:36 9728 c:\windows\system32\dllcache\brcoinst.dll
+ 2008-09-28 23:52 . 2008-04-14 00:11 7168 c:\windows\system32\dllcache\bitsprx4.dll
+ 2005-01-22 02:21 . 2008-04-14 00:11 7168 c:\windows\system32\dllcache\bitsprx3.dll
+ 2005-01-22 02:21 . 2008-04-14 00:11 8192 c:\windows\system32\dllcache\bitsprx2.dll
+ 2005-01-21 19:35 . 2008-04-14 00:11 8704 c:\windows\system32\dllcache\batt.dll
+ 2005-01-21 19:37 . 2001-08-17 13:59 3072 c:\windows\system32\dllcache\audstub.sys
+ 2009-10-25 21:57 . 2001-08-17 17:49 9472 c:\windows\system32\dllcache\ativmdcd.sys
+ 2009-10-25 21:56 . 2001-08-17 18:47 6272 c:\windows\system32\dllcache\apmbatt.sys
+ 2009-10-25 21:56 . 2001-08-17 18:51 5248 c:\windows\system32\dllcache\aliide.sys
+ 2004-08-04 07:56 . 2008-04-14 00:11 3775 c:\windows\system32\dllcache\adv11nt5.dll
+ 2004-08-04 07:56 . 2008-04-14 00:11 3711 c:\windows\system32\dllcache\adv09nt5.dll
+ 2004-08-04 07:56 . 2008-04-14 00:11 3135 c:\windows\system32\dllcache\adv08nt5.dll
+ 2004-08-04 07:56 . 2008-04-14 00:11 3647 c:\windows\system32\dllcache\adv07nt5.dll
+ 2004-08-04 07:56 . 2008-04-14 00:11 3615 c:\windows\system32\dllcache\adv05nt5.dll
+ 2004-08-04 07:56 . 2008-04-14 00:11 3967 c:\windows\system32\dllcache\adv02nt5.dll
+ 2004-08-04 07:56 . 2008-04-14 00:11 4255 c:\windows\system32\dllcache\adv01nt5.dll
+ 2009-10-25 21:55 . 2001-08-17 18:53 7424 c:\windows\system32\dllcache\adicvls.sys
+ 2003-03-31 12:00 . 2008-04-14 00:12 4096 c:\windows\system32\dllcache\actmovie.exe
+ 2003-03-31 12:00 . 2009-10-25 21:46 383254 c:\windows\system32\perfh009.dat
- 2003-03-31 12:00 . 2009-10-25 15:27 383254 c:\windows\system32\perfh009.dat
+ 2003-03-31 12:00 . 2008-04-14 00:12 176640 c:\windows\system32\dllcache\wintrust.dll
+ 2003-03-31 12:00 . 2008-04-14 00:12 507904 c:\windows\system32\dllcache\winlogon.exe
+ 2004-08-24 01:32 . 2009-08-29 08:08 916480 c:\windows\system32\dllcache\wininet.dll
- 2006-05-10 05:23 . 2009-08-29 08:08 916480 c:\windows\system32\dllcache\wininet.dll
+ 2003-03-31 12:00 . 2009-03-08 09:33 420352 c:\windows\system32\dllcache\vbscript.dll
- 2008-05-09 10:53 . 2009-03-08 09:33 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2003-03-31 12:00 . 2009-03-08 09:34 105984 c:\windows\system32\dllcache\url.dll
- 2006-10-17 18:05 . 2009-03-08 09:34 105984 c:\windows\system32\dllcache\url.dll
+ 2003-03-31 12:00 . 2008-04-14 00:12 123392 c:\windows\system32\dllcache\umpnpmgr.dll
+ 2003-03-31 12:00 . 2008-04-14 00:12 106496 c:\windows\system32\dllcache\sysocmgr.exe
+ 2003-03-31 12:00 . 2008-04-14 10:42 985088 c:\windows\system32\dllcache\setupapi.dll
+ 2003-03-31 12:00 . 2008-05-09 10:53 172032 c:\windows\system32\dllcache\scrrun.dll
- 2008-05-09 10:53 . 2008-05-09 10:53 172032 c:\windows\system32\dllcache\scrrun.dll
- 2008-05-09 10:53 . 2008-05-09 10:53 180224 c:\windows\system32\dllcache\scrobj.dll
+ 2003-03-31 12:00 . 2008-05-09 10:53 180224 c:\windows\system32\dllcache\scrobj.dll
+ 2003-03-31 12:00 . 2009-06-25 08:25 147456 c:\windows\system32\dllcache\schannel.dll
- 2008-12-05 06:54 . 2009-06-25 08:25 147456 c:\windows\system32\dllcache\schannel.dll
+ 2003-03-31 12:00 . 2008-04-14 00:12 415744 c:\windows\system32\dllcache\samsrv.dll
+ 2003-03-31 12:00 . 2008-04-13 17:37 208384 c:\windows\system32\dllcache\rsaenh.dll
+ 2003-03-31 12:00 . 2008-04-14 00:12 433664 c:\windows\system32\dllcache\riched20.dll
+ 2005-01-22 01:40 . 2008-04-14 00:12 487424 c:\windows\system32\dllcache\oledb32.dll
+ 2003-03-31 12:00 . 2008-04-14 00:12 551936 c:\windows\system32\dllcache\oleaut32.dll
+ 2003-03-31 12:00 . 2008-04-14 00:12 147456 c:\windows\system32\dllcache\odbctrac.dll
+ 2003-03-31 12:00 . 2008-04-14 00:12 278559 c:\windows\system32\dllcache\odbcjt32.dll
+ 2003-03-31 12:00 . 2008-04-14 00:12 106496 c:\windows\system32\dllcache\odbccp32.dll
+ 2003-03-31 12:00 . 2008-04-14 00:12 135168 c:\windows\system32\dllcache\odbcconf.dll
+ 2003-03-31 12:00 . 2008-04-14 00:12 249856 c:\windows\system32\dllcache\odbc32.dll
+ 2003-03-31 12:00 . 2008-04-13 19:15 574976 c:\windows\system32\dllcache\ntfs.sys
- 2009-04-16 04:36 . 2009-02-09 12:10 714752 c:\windows\system32\dllcache\ntdll.dll
+ 2003-03-31 12:00 . 2009-02-09 12:10 714752 c:\windows\system32\dllcache\ntdll.dll
+ 2005-01-22 02:30 . 2008-10-15 16:34 337408 c:\windows\system32\dllcache\netapi32.dll
- 2008-10-25 01:25 . 2008-10-15 16:34 337408 c:\windows\system32\dllcache\netapi32.dll
+ 2003-03-31 12:00 . 2008-03-25 04:50 621344 c:\windows\system32\dllcache\mswstr10.dll
- 2008-03-25 04:50 . 2008-03-25 04:50 621344 c:\windows\system32\dllcache\mswstr10.dll
+ 2003-03-31 12:00 . 2008-04-14 00:12 343040 c:\windows\system32\dllcache\msvcrt.dll
+ 2003-03-31 12:00 . 2008-04-14 00:12 143360 c:\windows\system32\dllcache\msorcl32.dll
- 2008-03-25 04:50 . 2008-03-25 04:50 248608 c:\windows\system32\dllcache\msjtes40.dll
+ 2003-03-31 12:00 . 2008-03-25 04:50 248608 c:\windows\system32\dllcache\msjtes40.dll
+ 2005-01-22 01:40 . 2008-04-14 00:12 102400 c:\windows\system32\dllcache\msjro.dll
+ 2003-03-31 12:00 . 2008-04-14 00:12 151583 c:\windows\system32\dllcache\msjint40.dll
+ 2005-01-22 01:40 . 2008-04-14 00:11 315392 c:\windows\system32\dllcache\msdasql.dll
+ 2005-01-22 01:40 . 2008-04-14 00:11 118784 c:\windows\system32\dllcache\msdarem.dll
+ 2005-01-22 01:40 . 2008-04-14 00:11 204800 c:\windows\system32\dllcache\msdaps.dll
+ 2005-01-22 01:40 . 2008-04-14 00:11 200704 c:\windows\system32\dllcache\msdaprst.dll
+ 2005-01-22 01:40 . 2008-04-14 00:11 233472 c:\windows\system32\dllcache\msdaora.dll
+ 2005-01-22 01:40 . 2008-04-14 00:11 200704 c:\windows\system32\dllcache\msadox.dll
+ 2005-01-22 01:40 . 2008-04-14 00:11 180224 c:\windows\system32\dllcache\msadomd.dll
+ 2005-01-22 01:40 . 2008-04-14 00:11 536576 c:\windows\system32\dllcache\msado15.dll
+ 2005-01-22 01:40 . 2008-04-14 00:11 155648 c:\windows\system32\dllcache\msadds.dll
+ 2005-01-22 01:40 . 2008-04-14 00:11 143360 c:\windows\system32\dllcache\msadco.dll
+ 2005-01-22 01:40 . 2008-05-01 14:33 331776 c:\windows\system32\dllcache\msadce.dll
- 2008-08-15 21:34 . 2008-05-01 14:33 331776 c:\windows\system32\dllcache\msadce.dll
+ 2003-03-31 12:00 . 2006-10-14 08:13 981760 c:\windows\system32\dllcache\mfc42u.dll
- 2006-10-14 08:13 . 2006-10-14 08:13 981760 c:\windows\system32\dllcache\mfc42u.dll
+ 2003-03-31 12:00 . 2008-04-14 00:11 927504 c:\windows\system32\dllcache\mfc40u.dll
- 2009-04-16 04:36 . 2009-06-25 08:25 730112 c:\windows\system32\dllcache\lsasrv.dll
+ 2003-03-31 12:00 . 2009-06-25 08:25 730112 c:\windows\system32\dllcache\lsasrv.dll
- 2009-03-21 14:06 . 2009-03-21 14:06 989696 c:\windows\system32\dllcache\kernel32.dll
+ 2003-03-31 12:00 . 2009-03-21 14:06 989696 c:\windows\system32\dllcache\kernel32.dll
+ 2003-03-31 12:00 . 2009-06-22 06:44 726528 c:\windows\system32\dllcache\jscript.dll
- 2008-05-09 10:53 . 2009-06-22 06:44 726528 c:\windows\system32\dllcache\jscript.dll
+ 2003-03-31 12:00 . 2008-04-14 00:11 138240 c:\windows\system32\dllcache\itss.dll
+ 2003-03-31 12:00 . 2008-04-14 00:11 155136 c:\windows\system32\dllcache\itircl.dll
+ 2004-08-04 07:56 . 2008-04-14 00:11 829440 c:\windows\system32\dllcache\inetmgr.dll
+ 2004-08-04 07:56 . 2008-04-14 00:11 133632 c:\windows\system32\dllcache\iisrtl.dll
+ 2004-08-04 07:56 . 2007-04-02 16:36 208896 c:\windows\system32\dllcache\fpmmcsat.dll
+ 2004-08-04 07:56 . 2008-04-14 00:11 598071 c:\windows\system32\dllcache\fpmmc.dll
+ 2004-08-04 07:56 . 2008-04-14 00:12 188494 c:\windows\system32\dllcache\fpcount.exe
+ 2004-08-04 07:56 . 2008-04-14 00:12 109840 c:\windows\system32\dllcache\fp98swin.exe
+ 2004-08-04 07:56 . 2008-04-14 00:11 876653 c:\windows\system32\dllcache\fp4awel.dll
+ 2004-08-04 07:56 . 2008-04-14 00:11 102509 c:\windows\system32\dllcache\fp4atxt.dll
+ 2004-08-04 07:56 . 2008-04-14 00:11 147513 c:\windows\system32\dllcache\fp4apws.dll
+ 2004-08-04 07:56 . 2008-04-14 00:11 184435 c:\windows\system32\dllcache\fp4amsft.dll
+ 2003-03-31 12:00 . 2008-04-13 19:14 143744 c:\windows\system32\dllcache\fastfat.sys
+ 2003-03-31 12:00 . 2008-04-14 00:11 380445 c:\windows\system32\dllcache\expsrv.dll
+ 2003-03-31 12:00 . 2008-04-13 17:37 138752 c:\windows\system32\dllcache\dssenh.dll
+ 2003-03-31 12:00 . 2008-04-14 00:11 512512 c:\windows\system32\dllcache\cryptui.dll
+ 2003-03-31 12:00 . 2008-04-14 00:11 599040 c:\windows\system32\dllcache\crypt32.dll
+ 2003-03-31 12:00 . 2008-04-14 00:11 252928 c:\windows\system32\dllcache\compatui.dll
+ 2003-03-31 12:00 . 2008-04-14 00:11 276992 c:\windows\system32\dllcache\comdlg32.dll
+ 2003-03-31 12:00 . 2008-04-14 00:11 617472 c:\windows\system32\dllcache\comctl32.dll
+ 2004-08-04 07:56 . 2008-04-14 00:12 188480 c:\windows\system32\dllcache\cfgwiz.exe
- 2008-06-11 04:17 . 2008-06-13 11:05 272128 c:\windows\system32\dllcache\bthport.sys
+ 2004-08-04 06:10 . 2008-06-13 11:05 272128 c:\windows\system32\dllcache\bthport.sys
+ 2004-08-04 05:58 . 2008-04-13 18:51 101120 c:\windows\system32\dllcache\bthpan.sys
+ 2003-03-31 12:00 . 2008-04-14 00:12 142848 c:\windows\system32\dllcache\bootcfg.exe
+ 2009-10-25 21:57 . 2001-08-17 18:28 871388 c:\windows\system32\dllcache\bcmdm.sys
+ 2009-10-25 21:57 . 2001-08-17 19:56 342336 c:\windows\system32\dllcache\banshee.dll
+ 2008-09-28 23:52 . 2008-04-14 00:11 233472 c:\windows\system32\dllcache\azroles.dll
+ 2009-10-25 21:57 . 2001-08-18 03:36 144384 c:\windows\system32\dllcache\avmenum.dll
- 2005-01-21 19:35 . 2003-03-31 12:00 109456 c:\windows\system32\dllcache\avifile.dll
+ 2003-03-31 12:00 . 2003-03-31 12:00 109456 c:\windows\system32\dllcache\avifile.dll
+ 2003-03-31 12:00 . 2008-04-14 00:12 580608 c:\windows\system32\dllcache\autofmt.exe
+ 2003-03-31 12:00 . 2008-04-14 00:12 602624 c:\windows\system32\dllcache\autoconv.exe
+ 2003-03-31 12:00 . 2008-04-14 00:12 588800 c:\windows\system32\dllcache\autochk.exe
+ 2003-03-31 12:00 . 2008-04-14 00:09 285696 c:\windows\system32\dllcache\atmfd.dll
+ 2004-08-04 07:56 . 2008-04-14 00:11 516768 c:\windows\system32\dllcache\ativvaxx.dll
+ 2009-10-25 21:57 . 2001-08-17 19:56 104832 c:\windows\system32\dllcache\atiraged.dll
+ 2004-08-04 05:29 . 2004-08-04 05:29 104960 c:\windows\system32\dllcache\atinrvxx.sys
+ 2009-10-25 21:57 . 2001-08-17 17:48 281600 c:\windows\system32\dllcache\atimtai.sys
+ 2009-10-25 21:57 . 2001-08-17 17:48 289664 c:\windows\system32\dllcache\atimpab.sys
+ 2009-10-25 21:57 . 2001-08-17 19:56 268160 c:\windows\system32\dllcache\atidvai.dll
+ 2009-10-25 21:57 . 2001-08-17 19:56 137216 c:\windows\system32\dllcache\atidrae.dll
+ 2009-10-25 21:57 . 2001-08-17 19:55 382592 c:\windows\system32\dllcache\atidrab.dll
+ 2004-08-04 07:56 . 2008-04-14 00:11 870784 c:\windows\system32\dllcache\ati3d1ag.dll
+ 2004-08-04 07:56 . 2008-04-14 00:11 201728 c:\windows\system32\dllcache\ati2dvag.dll
+ 2004-08-04 07:56 . 2008-04-14 00:11 377984 c:\windows\system32\dllcache\ati2dvaa.dll
+ 2004-08-04 07:56 . 2008-04-14 00:11 229376 c:\windows\system32\dllcache\ati2cqag.dll
+ 2004-08-04 07:56 . 2008-04-14 00:11 369664 c:\windows\system32\dllcache\asp51.dll
+ 2004-08-04 07:56 . 2008-04-14 00:11 331264 c:\windows\system32\dllcache\aqueue.dll
+ 2003-03-31 12:00 . 2008-04-14 00:11 295936 c:\windows\system32\dllcache\appmgr.dll
+ 2003-03-31 12:00 . 2008-04-14 00:11 167936 c:\windows\system32\dllcache\appmgmts.dll
+ 2003-03-31 12:00 . 2008-04-14 00:11 125952 c:\windows\system32\dllcache\apphelp.dll
+ 2004-08-04 07:56 . 2008-04-14 00:11 108544 c:\windows\system32\dllcache\appconf.dll
+ 2003-03-31 12:00 . 2008-04-14 00:12 256512 c:\windows\system32\dllcache\agentsvr.exe
+ 2003-03-31 12:00 . 2008-04-14 00:11 214016 c:\windows\system32\dllcache\agentctl.dll
- 2008-06-20 11:40 . 2008-08-14 10:04 138496 c:\windows\system32\dllcache\afd.sys
+ 2003-03-31 12:00 . 2008-08-14 10:04 138496 c:\windows\system32\dllcache\afd.sys
+ 2005-01-22 02:06 . 2008-04-13 16:39 142592 c:\windows\system32\dllcache\aec.sys
- 2006-10-17 18:00 . 2009-03-08 09:32 128512 c:\windows\system32\dllcache\advpack.dll
+ 2003-03-31 12:00 . 2009-03-08 09:32 128512 c:\windows\system32\dllcache\advpack.dll
- 2009-04-16 04:36 . 2009-02-09 12:10 617472 c:\windows\system32\dllcache\advapi32.dll
+ 2003-03-31 12:00 . 2009-02-09 12:10 617472 c:\windows\system32\dllcache\advapi32.dll
+ 2003-03-31 12:00 . 2008-04-14 00:11 123392 c:\windows\system32\dllcache\adsnw.dll
+ 2003-03-31 12:00 . 2008-04-14 00:11 263680 c:\windows\system32\dllcache\adsnt.dll
+ 2003-03-31 12:00 . 2008-04-14 00:11 143360 c:\windows\system32\dllcache\adsldpc.dll
+ 2003-03-31 12:00 . 2008-04-14 00:11 175616 c:\windows\system32\dllcache\adsldp.dll
+ 2004-08-04 07:56 . 2008-04-14 00:11 290816 c:\windows\system32\dllcache\adsiis51.dll
+ 2009-10-25 21:56 . 2001-08-17 19:07 101888 c:\windows\system32\dllcache\adpu160m.sys
+ 2009-10-25 21:55 . 2001-08-17 17:19 747392 c:\windows\system32\dllcache\adm8830.sys
+ 2009-10-25 21:55 . 2001-08-17 17:19 553984 c:\windows\system32\dllcache\adm8820.sys
+ 2009-10-25 21:55 . 2001-08-17 17:19 584448 c:\windows\system32\dllcache\adm8810.sys
+ 2003-03-31 12:00 . 2008-04-14 00:11 193536 c:\windows\system32\dllcache\activeds.dll
+ 2003-03-31 12:00 . 2008-04-14 00:11 245248 c:\windows\system32\dllcache\acspecfc.dll
+ 2003-03-31 12:00 . 2008-04-13 18:36 187776 c:\windows\system32\dllcache\acpi.sys
+ 2003-03-31 12:00 . 2008-04-14 00:11 115712 c:\windows\system32\dllcache\aclui.dll
+ 2003-03-31 12:00 . 2008-04-14 00:11 451072 c:\windows\system32\dllcache\aclayers.dll
+ 2009-10-25 21:55 . 2001-08-17 17:20 297728 c:\windows\system32\dllcache\ac97sis.sys
+ 2009-10-25 21:55 . 2002-08-29 05:00 231552 c:\windows\system32\dllcache\ac97ali.sys
+ 2008-09-28 23:52 . 2008-04-14 00:11 136192 c:\windows\system32\dllcache\aaclient.dll
+ 2009-10-25 21:55 . 2001-08-18 03:36 462848 c:\windows\system32\dllcache\a3dapi.dll
+ 2003-03-31 12:00 . 2008-04-14 00:11 100352 c:\windows\system32\dllcache\6to4svc.dll
+ 2009-10-25 21:55 . 2001-08-17 17:48 148352 c:\windows\system32\dllcache\3dfxvsm.sys
+ 2009-10-25 21:55 . 2001-08-17 19:55 689216 c:\windows\system32\dllcache\3dfxvs.dll
+ 2009-10-25 21:55 . 2001-08-17 18:28 762780 c:\windows\system32\dllcache\3cwmcru.sys
+ 2009-10-25 21:55 . 2008-04-14 00:12 189440 c:\windows\LastGood\system32\dllcache\smtpadm.dll
- 2006-05-10 05:23 . 2009-08-29 08:08 1208832 c:\windows\system32\dllcache\urlmon.dll
+ 2004-10-25 16:39 . 2009-08-29 08:08 1208832 c:\windows\system32\dllcache\urlmon.dll
+ 2003-03-31 12:00 . 2008-04-14 00:12 1614848 c:\windows\system32\dllcache\sfcfiles.dll
+ 2005-01-22 02:29 . 2008-04-14 00:12 1287168 c:\windows\system32\dllcache\ole32.dll
+ 2003-03-31 12:00 . 2009-08-04 15:13 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2008-10-16 03:39 . 2009-08-04 15:13 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2008-03-25 04:50 . 2008-03-25 04:50 1516568 c:\windows\system32\dllcache\msjet40.dll
+ 2003-03-31 12:00 . 2008-03-25 04:50 1516568 c:\windows\system32\dllcache\msjet40.dll
+ 2003-03-31 12:00 . 2008-04-14 00:11 1028096 c:\windows\system32\dllcache\mfc42.dll
+ 2004-08-23 00:34 . 2008-04-14 00:11 1025024 c:\windows\system32\dllcache\browseui.dll
+ 2004-08-04 07:56 . 2008-04-14 00:11 1888992 c:\windows\system32\dllcache\ati3duag.dll
+ 2003-03-31 12:00 . 2008-04-14 00:11 1852928 c:\windows\system32\dllcache\acgenral.dll
+ 2009-10-25 21:55 . 2009-08-05 01:44 2189184 c:\windows\LastGood\system32\dllcache\ntoskrnl.exe
+ 2009-10-25 16:40 . 2009-10-25 16:40 3940352 c:\windows\Installer\457bb2.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-04-04 81920]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe" [2009-03-19 460216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"wcmdmgr"="c:\windows\wt\updater\wcmdmgrl.exe" [2002-05-08 20480]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"IntelliType"="c:\program files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 94208]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-20 52896]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-28 125168]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-01-11 72192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-10-20 520024]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-09-21 86016]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2005-09-21 2807808]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\InterVideo\\DVD5\\WinDVD.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\sid meier's civilization iv warlords\\Warlords\\Civ4Warlords.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\sid meier's civilization iv warlords\\Warlords\\Civ4Warlords_PitBoss.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/31/2009 8:37 PM 64160]
R0 St320hg;St320hg;c:\windows\system32\drivers\st320hg.sys [9/12/2002 12:49 PM 85696]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/15/2009 11:42 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 11:42 AM 74480]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 4:34 PM 1028432]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/24/2009 8:54 PM 102448]
S3 getPlusHelper;getPlus® Helper;c:\windows\System32\svchost.exe -k getPlusHelper [3/31/2003 7:00 AM 14336]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 11:42 AM 7408]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/27/2006 9:33 PM 116464]
S3 tj2knd5;Terayon Cable Modem (NDIS);c:\windows\system32\drivers\tj2knd5.sys [1/24/2005 1:41 AM 17616]
S3 tj2kunic;Terayon Cable Modem (WDM);c:\windows\system32\drivers\tj2kunic.sys [1/24/2005 1:40 AM 69680]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2009-10-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 00:37]

2009-06-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-10-25 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]

2009-10-25 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]

2009-10-25 c:\windows\Tasks\User_Feed_Synchronization-{4FC97EF4-DE1D-40CA-93A1-215AE32CFDCB}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local.,;*.local
IE: &AIM Search
IE: &AOL Toolbar search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: ActiveGS.cab - hxxp://www.virtualapple.org/activegs.cab
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {055B4212-4C81-448E-AFA9-C3CA4AAE8F95} - hxxp://www.shockwave.com/content/dairydash/sis/DairyDashWeb.1.0.0.12.cab
DPF: {775879E2-7309-4619-BB02-AADE41F4B690} - hxxp://www.shockwave.com/content/dreamchronicles/sis/dreamweb.1.0.0.10.cab
DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxp://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371420.cab
DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - hxxp://www.shockwave.com/content/burgershop/sis/EggoKitchen/GoBitGamesPlayer_v5.cab
DPF: {C0C0CB9B-BFEB-47C2-90FA-BE9692875ADB} - hxxp://www.shockwave.com/content/petshophop/sis/petshophopweb.1.0.0.17.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-25 17:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(988)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(312)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-10-25 17:22
ComboFix-quarantined-files.txt 2009-10-25 22:22
ComboFix2.txt 2009-10-25 18:58
ComboFix3.txt 2009-10-25 16:03

Pre-Run: 40,803,164,160 bytes free
Post-Run: 40,776,232,960 bytes free

- - End Of File - - A779DD9CAEF366460369C86EB89981DA


Again, after I ran the combo fix, my mouse completely stopped working. My computer didn't even seem to recognize that it was plugged in. So, I restarted my computer, hoping that would "bring back" my mouse. In the process of restarting, my computer froze, so I had to manually shut it down (by pushing and holding the power button). When the computer restarted, my mouse was back.


Thanks for your help!

#13 lina816

lina816
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 25 October 2009 - 05:48 PM

One more thing: After disabling my antivirus and firewall, I went to run Combo Fix. When I clicked on it, I got a pop-up from Windows Defender saying I had this security issue:

Trojan:win32/Agent.gen!D

#14 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:30 PM

Posted 25 October 2009 - 08:42 PM

Alright.

This is the current situation. From a malware standpoint we almost have it all wrapped up. But the problem is that the malware appears to have corrupted critical system files. This might explain your bizzare computer behavior. You must find a Windows XP Pro install disc. You have to know someone that will let you borrow their disc.

Lets look for stragglers........

Please run the F-Secure Online Scanner
Note: This Scanner is for Internet Explorer Only!
Follow the Instruction here for installation.
Accept the License Agreement.
Once the ActiveX installs,Click Full System Scan
Once the download completes, the scan will begin automatically.
The scan will take some time to finish, so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and Copy&Paste the entire report in your next reply.

==========

We need to create an OTL Quick Scan
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • A report will open, copy and paste it in a reply here
==========

With your next post please provide:

* F-Secure log
* OTL log

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#15 lina816

lina816
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 26 October 2009 - 12:50 AM

F-Secure Results:
Scanning Report
Monday, October 26, 2009 23:46:06 - 00:40:21
Computer name: HEIDI
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\ D:\


--------------------------------------------------------------------------------

10 malware found
TrackingCookie.Questionmarket (spyware)
System (Disinfected)
TrackingCookie.2o7 (spyware)
System (Disinfected)
TrackingCookie.Advertising (spyware)
System (Disinfected)
TrackingCookie.Atdmt (spyware)
System (Disinfected)
TrackingCookie.Doubleclick (spyware)
System (Disinfected)
TrackingCookie.Revsci (spyware)
System (Disinfected)
TrackingCookie.Adbrite (spyware)
System (Disinfected)
TrackingCookie.Mediaplex (spyware)
System (Disinfected)
TrackingCookie.Yieldmanager (spyware)
System (Disinfected)
Rogue:W32/SecuritySoldier.A (virus)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{CC67763B-DBB2-4B86-AD8A-E5F61CE00699}\RP1077\A0533953.EXE (Renamed & Submitted)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 59511
System: 4040
Not scanned: 26
Actions:
Disinfected: 9
Renamed: 1
Deleted: 0
Not cleaned: 0
Submitted: 1
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0C23C2C75C13AA14A2FC9EF29657DF6F_DC96E140-FB6B-44CE-ACB0-4C97D3BAFED7
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\15D0AEF1010B3FF47574EB21A4CDD613_DC96E140-FB6B-44CE-ACB0-4C97D3BAFED7
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\28D2C376446105F265234C6D69C89052_DC96E140-FB6B-44CE-ACB0-4C97D3BAFED7
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2E08165433B1E73585B499DD7E207B2D_DC96E140-FB6B-44CE-ACB0-4C97D3BAFED7
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3B75DDD7C80979698CD23AD9D7E5F0DA_DC96E140-FB6B-44CE-ACB0-4C97D3BAFED7
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4DA511CA05DA66FBF6BBE60F0F2741BB_DC96E140-FB6B-44CE-ACB0-4C97D3BAFED7
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\52DB8789D407E7BA27211C8B21D047A3_DC96E140-FB6B-44CE-ACB0-4C97D3BAFED7
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6F6A3DEB9757480A0AEA718D3C959C66_DC96E140-FB6B-44CE-ACB0-4C97D3BAFED7
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\76086DB6B7A215263187E6DA98500460_DC96E140-FB6B-44CE-ACB0-4C97D3BAFED7
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9D4717D7A03376F90E3A490D87189C27_DC96E140-FB6B-44CE-ACB0-4C97D3BAFED7
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9D8E910D1463D7BBFC9583CC20B39372_DC96E140-FB6B-44CE-ACB0-4C97D3BAFED7
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A9B09CF46DF348C416A63E4756611B1D_DC96E140-FB6B-44CE-ACB0-4C97D3BAFED7
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B504E54C0C56F0D280D9B933C9E9D07A_DC96E140-FB6B-44CE-ACB0-4C97D3BAFED7
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D04A2D76DFC5EDEBD9A956553ED42329_DC96E140-FB6B-44CE-ACB0-4C97D3BAFED7
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D181C872E92BDF424DC2526E6FC5AAF9_DC96E140-FB6B-44CE-ACB0-4C97D3BAFED7
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DC713A090767D85EB71EC5EA877A9371_DC96E140-FB6B-44CE-ACB0-4C97D3BAFED7
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EA72A376C5E5957E52C8A2A4D78CB35C_DC96E140-FB6B-44CE-ACB0-4C97D3BAFED7
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F18EBF5C9912DF06F9EAA5B99FBC328B_DC96E140-FB6B-44CE-ACB0-4C97D3BAFED7
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F64A343B4910E5D64D18592A179DB033_DC96E140-FB6B-44CE-ACB0-4C97D3BAFED7
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FFCC5212362EDC333A332BB4EEF95739_DC96E140-FB6B-44CE-ACB0-4C97D3BAFED7

--------------------------------------------------------------------------------

Options
Scanning engines:
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use advanced heuristics

--------------------------------------------------------------------------------

Copyright © 1998-2009 Product support | Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name. This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.


As far as the OTL Scan, where do I download that from?

As far as getting a Windows XP disc, I have a question for you. A friend of mine just got Windows 7, and has said that I can use their CD. So, my question is, do I need to fix the problems with Windows XP, or could I avoid all that by upgrading to Windows 7? If I can just by-pass the XP and upgrade to Windows 7, my next question is: How do I know if my system can "handle" Windows 7? Are there specific requirements that I should make sure my machine meets?

Thanks again for all your help! It is GREATLY appreciated!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users