Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by InternetSecurity2010??


  • This topic is locked This topic is locked
14 replies to this topic

#1 swebb32_99

swebb32_99

  • Members
  • 141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:40 PM

Posted 31 January 2010 - 12:26 PM

System Info:
XP Home Edition v.2002
SP3
Pentium 4
200 GHz
640 MB Ram

Previous A/V software:
AVG 8.5 (removed since they continue to get infected)

Currently:
Avast 5.0.377 (disabled, service won't start)
Comondo 3.11.108364.552

Computer was recently stuck in the login/logoff loop. Problem was corrected by using suggestions from http://www.bleepingcomputer.com/forums/ind...t&p=1598675. After the program finished, it ran HJT. I noticed a line that said 'InternetSecurity2010' which caught my attention. I opened msconfig and notice there was an item checked to start, but no name was available. Now when the computer starts, it takes about 9 mins before the hour glass disappears and nothing is showing in the system tray. Also, Avast is showing that it was stopped, and I can't start it.

This is the 3rd or 4th time I have had this computer in one year. Is there a way to create Limited User accounts where the kids can't install anything? Lastly, is there a way to remove the old/unused entries from msconfig?

Here's are the three logs.

Thanks.


*************
DDS (Ver_09-12-01.01) - NTFSx86
Run by Timothy Mundy at 11:51:35.34 on Sun 01/31/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.638.260 [GMT -5:00]

AV: avast! Antivirus *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\mldocoms.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Update\Download\{23CF76E0-9C36-4377-A34C-14FF53F4B9A1}\GoogleEarth-Win-Plugin-5.1.7938.4346.exe
C:\Documents and Settings\Timothy Mundy\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://m.www.yahoo.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dellnet.com/
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJ&fl=0&ptb=qqp.skNADU_MmXqniqg7Lg&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = hxxp://localhost;*.local
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: CheatCodes.com Toolbar: {565fe2e0-7b46-46eb-9d83-3b2dc5934bcc} - c:\program files\cheatcodestoolbar\cheatcodes.com toolbar\cctoolbar.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {FE54FA40-D68C-11D2-98FA-00C0F0318AFE} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [<NO NAME>]
mRun: [smss32.exe] c:\windows\system32\smss32.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
dRun: [Internet Security 2010] c:\program files\internetsecurity2010\IS2010.exe
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil9d.exe
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: &Search
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: Yahoo! Bingo - hxxp://origin.games.yahoo.net/games/clients/y/xt0_x.cab
DPF: Yahoo! Spades - hxxp://origin.games.yahoo.net/games/clients/y/st3_x.cab
DPF: Yahoo! Tic-Tac-Toe - hxxp://origin.games.yahoo.net/games/clients/y/ft3_x.cab
DPF: {00000075-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxmsdec.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} - hxxp://download.mcafee.com/molbin/Shared/MGBrwFld.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Jigsaw%20Puzzle%20Platinum/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} - hxxp://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1091749722906
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229477882437
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37893.6392939815
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} - hxxp://www.worldwinner.com/games/v41/hangman/hangman.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://games.bellsouth.net/Gh/DeliciousWeb/zylomplayer.cab
DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - hxxp://a.download.toontown.com/sv1.0.30.20/ttinst.cab
DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} - hxxp://www.worldwinner.com/games/v50/dinerdash/dinerdash.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} - hxxps://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Jigsaw%20Puzzle%20Platinum/Images/armhelper.ocx
DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} - hxxp://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F135A813-7152-4532-AC8D-28AC2136DFC7} - hxxp://games.bigfishgames.com/en_parking-dash/online/parkingdash.1.0.0.10.cab
Filter: text/html - {7d7e9410-5421-4809-b7f4-ac85537a121e} -
Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - c:\program files\libronix dls\system\FileProt.dll
Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - c:\program files\libronix dls\system\ResProt.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: efcAPFvv - efcAPFvv.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: cru629.dat c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 c:\windows\system32\geBqRjKD
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 91.207.117.244 browser-security.microsoft.com

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-1-31 163280]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-9-22 132168]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-9-22 25160]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-1-31 19024]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-9-22 715392]
R2 mldo_device;mldo_device;c:\windows\system32\mldocoms.exe -service --> c:\windows\system32\mldocoms.exe -service [?]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-31 40384]
S2 gupdate1c9af20cdbb49ec;Google Update Service (gupdate1c9af20cdbb49ec);c:\program files\google\update\GoogleUpdate.exe [2009-3-27 133104]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-31 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-31 40384]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-15 7408]

=============== Created Last 30 ================

2010-01-31 15:09:09 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-01-30 22:22:13 262144 ---ha-w- c:\documents and settings\timothy mundy\ntuser.dat.LOG1
2010-01-30 22:22:13 0 ---ha-w- c:\documents and settings\timothy mundy\ntuser.dat.LOG2
2010-01-30 22:19:08 507904 ----a-w- c:\windows\system32\dllcache\winlogon.exe
2010-01-30 22:19:08 169984 ----a-w- c:\windows\system32\dllcache\msconfig.exe
2010-01-30 22:19:07 14336 ----a-w- c:\windows\system32\dllcache\svchost.exe
2010-01-30 22:19:06 1414656 ----a-w- c:\windows\system32\dllcache\mmc.exe
2010-01-30 22:19:04 13312 ----a-w- c:\windows\system32\dllcache\lsass.exe
2010-01-30 22:19:03 514560 ----a-w- c:\windows\system32\dllcache\logonui.exe
2010-01-30 22:19:03 15360 ----a-w- c:\windows\system32\dllcache\logoff.exe
2010-01-30 22:19:02 389120 ----a-w- c:\windows\system32\dllcache\cmd.exe
2010-01-30 22:19:01 146432 ----a-w- c:\windows\system32\dllcache\regedit.exe
2010-01-30 22:19:00 1033728 ----a-w- c:\windows\system32\dllcache\explorer.exe
2010-01-30 22:18:59 33280 ----a-w- c:\windows\system32\dllcache\rundll32.exe
2010-01-30 22:18:59 26112 ----a-w- c:\windows\system32\dllcache\userinit.exe
2010-01-23 02:31:47 0 ----a-w- c:\windows\system32\9961.exe
2010-01-23 02:11:39 0 ----a-w- c:\windows\system32\16827.exe
2010-01-23 01:07:07 0 ----a-w- c:\windows\system32\5705.exe
2010-01-23 00:46:42 0 ----a-w- c:\windows\system32\24464.exe
2010-01-23 00:25:54 0 ----a-w- c:\windows\system32\26962.exe
2010-01-23 00:05:46 0 ----a-w- c:\windows\system32\29358.exe
2010-01-22 23:45:40 0 ----a-w- c:\windows\system32\11478.exe
2010-01-22 22:19:33 0 ----a-w- c:\windows\system32\6334.exe
2010-01-22 21:59:15 0 ----a-w- c:\windows\system32\18467.exe
2010-01-22 21:38:52 646 ----a-w- C:\Internet Security 2010.lnk
2010-01-22 21:38:47 0 d-----w- c:\program files\InternetSecurity2010
2010-01-22 21:38:41 0 ----a-w- c:\windows\system32\41.exe
2010-01-22 21:38:13 2931 ----a-w- c:\windows\system32\warning.html
2010-01-22 21:37:03 437 ----a-w- C:\44.js
2010-01-16 12:40:04 437 ----a-w- C:\33.js
2010-01-13 14:13:53 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-07 23:43:22 0 d-----w- c:\program files\Virtools

==================== Find3M ====================

2010-01-16 20:07:00 20 ---h--w- c:\docume~1\alluse~1\applic~1\PKP_DLdu.DAT
2009-12-28 23:42:32 12123 ----a-w- c:\windows\system32\z00805irus592.bin
2009-12-28 11:16:56 10274 ----a-w- c:\windows\7431bac5dzor8329.dll
2009-12-24 04:59:17 5703 ----a-w- c:\windows\6435spam9zt5bd.dll
2009-12-21 13:19:18 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-21 05:09:06 18312 ----a-w- c:\windows\system32\1z129worm3539.bin
2009-12-20 10:51:22 18206 ----a-w- c:\windows\18369not-a-v9rus2z5.dll
2009-12-19 13:36:48 2833 ----a-w- c:\windows\system32\6991backdoo52932z.exe
2009-12-19 01:54:14 16526 ----a-w- c:\windows\system32\59backzoor2585.exe
2009-12-17 03:43:53 17898 ----a-w- c:\windows\299619rojzfe5.exe
2009-12-13 12:18:39 11727 ----a-w- c:\windows\system32\99956tzojc9.dll
2009-12-11 16:11:47 5477 ----a-w- c:\windows\4985s5ywarez6.bin
2009-12-08 09:12:00 14242 ----a-w- c:\windows\29259wzrm596.bin
2009-12-07 20:48:22 10317 ----a-w- c:\windows\system32\5235v9r184z5.dll
2009-12-01 16:31:42 16298 ----a-w- c:\windows\115165zam9ot60.dll
2009-11-27 00:00:18 16436 ----a-w- c:\windows\9636zro5694.exe
2009-11-23 11:23:48 3050 ----a-w- c:\windows\9z75t9ojb5.exe
2009-11-22 15:44:59 14266 ----a-w- c:\windows\system32\26259hacktoolz5.bin
2009-11-22 13:02:14 4233 ----a-w- c:\windows\3202hack9zol521.bin
2009-11-21 23:18:14 18079 ----a-w- c:\windows\system32\z3969worm5ad.bin
2009-11-18 19:59:28 10958 ----a-w- c:\windows\563cspzw5re2559.bin
2009-11-18 10:41:15 8572 ----a-w- c:\windows\738fv5z9971.bin
2009-11-18 03:08:37 12792 ----a-w- c:\windows\system32\29598sz5mbot7f5.dll
2009-11-17 11:30:12 11799 ----a-w- c:\windows\60945z9al1575.exe
2009-11-16 16:17:22 9631 ----a-w- c:\windows\2528backdz5r1947.exe
2009-11-16 04:24:10 9869 ----a-w- c:\windows\system32\1z219hacktoo5249.exe
2009-11-15 15:40:23 10211 ----a-w- c:\windows\192ezpywa592021.exe
2009-11-15 10:31:54 12134 ----a-w- c:\windows\z280thi5f21829.dll
2009-11-15 09:25:21 12557 ----a-w- c:\windows\system32\59z9ste9l2453.exe
2009-11-14 22:30:20 4454 ----a-w- c:\windows\system32\3d9c5hief1197z.dll
2009-11-13 02:10:43 18240 ----a-w- c:\windows\system32\57cestz9l1436.exe
2009-11-12 08:50:51 5434 ----a-w- c:\windows\868spy9z5e918.exe
2009-11-09 08:18:56 11765 ----a-w- c:\windows\system32\4809tzoj555.exe
2009-11-07 00:44:51 16487 ----a-w- c:\windows\system32\7e9astzal2526.exe
2009-08-26 22:35:39 11892 ----a-w- c:\program files\common files\coruxosure.scr
2009-08-26 22:35:39 10988 ----a-w- c:\program files\common files\heden.bin
2009-08-26 22:35:37 14484 ----a-w- c:\program files\common files\yfupe._dl
2003-03-19 16:52:26 207759 ----a-w- c:\program files\INSTALL.LOG
2009-09-20 15:05:50 16384 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2009-08-23 16:43:55 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2009-01-29 02:09:53 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009012820090129\index.dat
2009-01-31 21:25:07 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009013120090201\index.dat
2009-08-23 16:43:55 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009082320090824\index.dat
2009-08-12 07:27:55 114688 --sha-w- c:\windows\system32\config\systemprofile\privacie\index.dat

============= FINISH: 11:53:02.92 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 swebb32_99

swebb32_99
  • Topic Starter

  • Members
  • 141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:40 PM

Posted 31 January 2010 - 12:41 PM

Also, not sure if this helps, but when the computer was starting up, it would open to C:\Program Files\Common and I was getting a Spooler error msg. I have attached those error msgs too.

Attached Files



#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:40 AM

Posted 01 February 2010 - 06:58 AM

QUOTE
WARNING!
Looking at your system now, one or more of the identified infections is a backdoor Trojan. If this computer is ever used for on-line banking, I suggest you do the following IMMEDIATELY:
  • Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
  • From a clean computer, change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to.
Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information. Please refrain from using this computer for online-banking/financial purpose until we give it all clear




Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:






It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".


After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#4 swebb32_99

swebb32_99
  • Topic Starter

  • Members
  • 141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:40 PM

Posted 01 February 2010 - 11:18 PM

Not sure why it shows Comodo was enable, but I did disable it. I had to uninstall avast, since it was acting strange. I did re-install avast after everything so that I would have a/v software. Anyway, here's the log.

Thanks.



ComboFix 10-02-01.02 - Timothy Mundy 02/01/2010 22:21:10.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.638.270 [GMT -5:00]
Running from: C:\Documents and Settings\Timothy Mundy\Desktop\Combo-Fix.exe
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DFR1.tmp
C:\DFR19.tmp
C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate
C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\B32.dtd
C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\B64.dtd
C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\Flags.dtd
C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\Local.dtd
C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\UA.dtd
C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\UAcpt.dtd
C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\UCash.dtd
C:\Documents and Settings\All Users\Application Data\wylyjeb.inf
C:\Documents and Settings\All Users\Start Menu\PAV
C:\Documents and Settings\All Users\Start Menu\PAV\Uninstall.lnk
C:\Documents and Settings\Timothy Mundy\Local Settings\Application Data\{0A6E0241-DD27-432D-BACF-6066F864AF15}
C:\Documents and Settings\Timothy Mundy\Local Settings\Application Data\{0A6E0241-DD27-432D-BACF-6066F864AF15}\chrome.manifest
C:\Documents and Settings\Timothy Mundy\Local Settings\Application Data\{0A6E0241-DD27-432D-BACF-6066F864AF15}\chrome\content\_cfg.js
C:\Documents and Settings\Timothy Mundy\Local Settings\Application Data\{0A6E0241-DD27-432D-BACF-6066F864AF15}\chrome\content\c.js
C:\Documents and Settings\Timothy Mundy\Local Settings\Application Data\{0A6E0241-DD27-432D-BACF-6066F864AF15}\chrome\content\overlay.xul
C:\Documents and Settings\Timothy Mundy\Local Settings\Application Data\{0A6E0241-DD27-432D-BACF-6066F864AF15}\install.rdf
C:\Program Files\Common Files\Uninstall
C:\Program Files\Common Files\Uninstall\PAV\Uninstall.lnk
C:\Program Files\Common
C:\Program Files\INSTALL.LOG
C:\Program Files\InternetSecurity2010
C:\Program Files\PAV
C:\Program Files\Shared
C:\RECYCLER\S-1-5-21-1343024091-1935655697-839522115-1000
C:\WINDOWS\10434h9ckzool35f.dll
C:\WINDOWS\1053addwzre11989.exe
C:\WINDOWS\1109hackt9o59z.ocx
C:\WINDOWS\115165zam9ot60.dll
C:\WINDOWS\11804worm995z.exe
C:\WINDOWS\119939or5e0z.bin
C:\WINDOWS\11b99own5oazer1037.cpl
C:\WINDOWS\11dfbazk9oor505.exe
C:\WINDOWS\123fzddw59e2299.cpl
C:\WINDOWS\126045oz-a-9irus143.ocx
C:\WINDOWS\12658virus9z4.dll
C:\WINDOWS\12835spambo541z9.cpl
C:\WINDOWS\1297t5zj674.dll
C:\WINDOWS\133a5iz9033.ocx
C:\WINDOWS\13523sp9mbot4z4.cpl
C:\WINDOWS\135259zoj667.exe
C:\WINDOWS\1359spambzt57b.exe
C:\WINDOWS\13919t5zj379.bin
C:\WINDOWS\144czack5oor819.bin
C:\WINDOWS\14693zp528f.ocx
C:\WINDOWS\14721not-z-vi9us185.cpl
C:\WINDOWS\15565viruz5a69.ocx
C:\WINDOWS\155995pamboz7ce.ocx
C:\WINDOWS\15755wo9z545.ocx
C:\WINDOWS\15769hacktool69cz.cpl
C:\WINDOWS\157z7spam9ot1f7.dll
C:\WINDOWS\15955wozm29f.exe
C:\WINDOWS\16145n5t-azvirus9c.ocx
C:\WINDOWS\165z0virus9bf.exe
C:\WINDOWS\16dzsteal5590.cpl
C:\WINDOWS\16z63wo5m3769.cpl
C:\WINDOWS\17024zir5s709.exe
C:\WINDOWS\1715s95mbot58z.ocx
C:\WINDOWS\1717addwar5z009.dll
C:\WINDOWS\17249vzru599.ocx
C:\WINDOWS\1755spzware28259.cpl
C:\WINDOWS\18369not-a-v9rus2z5.dll
C:\WINDOWS\1854thizf1392.cpl
C:\WINDOWS\18963wo9m5z9.bin
C:\WINDOWS\18d4s9zal10035.cpl
C:\WINDOWS\1907sz579b.cpl
C:\WINDOWS\1912dow5lozder927.bin
C:\WINDOWS\1916zspy905.cpl
C:\WINDOWS\192ezpywa592021.exe
C:\WINDOWS\19308n5tz9-virus388.exe
C:\WINDOWS\1932zh9ckt5ol585.exe
C:\WINDOWS\1959steaz1226.exe
C:\WINDOWS\19875parse1z99.dll
C:\WINDOWS\198as5ealz8129.cpl
C:\WINDOWS\1993dzwnloade52511.cpl
C:\WINDOWS\19962not-a-vzrus4e15.bin
C:\WINDOWS\19e9zp9ware2265.dll
C:\WINDOWS\1b56azdw9re2152.ocx
C:\WINDOWS\1bc1thzeat289835.ocx
C:\WINDOWS\1df8zpywar530799.exe
C:\WINDOWS\1z4509roj7b5.ocx
C:\WINDOWS\1z505w5rm69d.ocx
C:\WINDOWS\1z6bth5eat25019.dll
C:\WINDOWS\1zd995r1873.cpl
C:\WINDOWS\2024b5ckdozr9997.dll
C:\WINDOWS\20569zroj6c5.dll
C:\WINDOWS\20575no9za-virus2c7.exe
C:\WINDOWS\20849not-a-vi5u96ze.dll
C:\WINDOWS\212z2v95us5f7.bin
C:\WINDOWS\2187zs9am5ot11.cpl
C:\WINDOWS\220455pambot69z.bin
C:\WINDOWS\2212hazk5oo940.dll
C:\WINDOWS\22290not5a-vir9s3ddz.exe
C:\WINDOWS\22411spzmb592de.ocx
C:\WINDOWS\225509pazbot7e5.exe
C:\WINDOWS\22723tr5jzef9.bin
C:\WINDOWS\22798w5rz6b9.exe
C:\WINDOWS\22805zot-a-vi9us50d.cpl
C:\WINDOWS\2295thzea5764.exe
C:\WINDOWS\22c5spyzare9069.cpl
C:\WINDOWS\23524za9ktool7d75.exe
C:\WINDOWS\2365zspy5439.bin
C:\WINDOWS\24048vzrus7a59.bin
C:\WINDOWS\247249zrm59d.bin
C:\WINDOWS\2514s9amzot521.cpl
C:\WINDOWS\2522vz9556.cpl
C:\WINDOWS\2528backdz5r1947.exe
C:\WINDOWS\25327w9zm2aa.exe
C:\WINDOWS\25532tr9z31.exe
C:\WINDOWS\25584s5amzot597.cpl
C:\WINDOWS\256faddwaze1967.exe
C:\WINDOWS\257229ozm14c.ocx
C:\WINDOWS\25874not-9-vz5us630.dll
C:\WINDOWS\25909hacztoo5354.exe
C:\WINDOWS\25923troj58z.cpl
C:\WINDOWS\25935haczt9ol594.bin
C:\WINDOWS\2597zddware2005.bin
C:\WINDOWS\2599ztr5j2b3.exe
C:\WINDOWS\25b6th95fz91.dll
C:\WINDOWS\25z03w5rm7849.bin
C:\WINDOWS\26205v9rus38z.exe
C:\WINDOWS\26245zpy3985.cpl
C:\WINDOWS\26449spazbot59f.exe
C:\WINDOWS\27455not-59viruz49f.cpl
C:\WINDOWS\27516viru9f0z.dll
C:\WINDOWS\2809zspy7e59.ocx
C:\WINDOWS\28445tz9j4a5.exe
C:\WINDOWS\28520hac9tzol14d.exe
C:\WINDOWS\28542not-a-zirus92b.cpl
C:\WINDOWS\28679zpy2985.cpl
C:\WINDOWS\28799troj5z0.ocx
C:\WINDOWS\28941zack9oo54c2.cpl
C:\WINDOWS\28979vizus153.ocx
C:\WINDOWS\29015spy5a2z.dll
C:\WINDOWS\290335py46z.ocx
C:\WINDOWS\29259wzrm596.bin
C:\WINDOWS\29536zir9s678.bin
C:\WINDOWS\2963b5ckdo9rz223.exe
C:\WINDOWS\29838not-z-v5rus9d.cpl
C:\WINDOWS\29959trojz72.dll
C:\WINDOWS\299619rojzfe5.exe
C:\WINDOWS\29c45hi9z679.cpl
C:\WINDOWS\29z22h9ckt5ol725.dll
C:\WINDOWS\29z50s9ambot93.dll
C:\WINDOWS\2azathrea5239419.cpl
C:\WINDOWS\2c29v5z793.exe
C:\WINDOWS\2cd5backdoor8z19.bin
C:\WINDOWS\2z058troj249.cpl
C:\WINDOWS\2z135spy7e9.ocx
C:\WINDOWS\2z613spambot4509.dll
C:\WINDOWS\3039z5cktoolb9.ocx
C:\WINDOWS\307979pz25.ocx
C:\WINDOWS\30835s9y25z.ocx
C:\WINDOWS\30840spamzot590.dll
C:\WINDOWS\3099spzrse1597.bin
C:\WINDOWS\31458wzrm7d95.cpl
C:\WINDOWS\3195spazse759.ocx
C:\WINDOWS\3195z5py571.dll
C:\WINDOWS\31965hacktoolz9a.dll
C:\WINDOWS\319z6w5r9bf.dll
C:\WINDOWS\31a2ste9l5948z.dll
C:\WINDOWS\31z1vir16599.cpl
C:\WINDOWS\3202hack9zol521.bin
C:\WINDOWS\321465zr9650.bin
C:\WINDOWS\32159hacktooz1a6.bin
C:\WINDOWS\32473nzt-a-v9r5s29.dll
C:\WINDOWS\3293backdoor1z59.dll
C:\WINDOWS\329ds59rse8z4.exe
C:\WINDOWS\33a5backdozr539.dll
C:\WINDOWS\33b9sp5warez187.exe
C:\WINDOWS\345z5teal922.exe
C:\WINDOWS\3500s9arze12685.dll
C:\WINDOWS\3595zo95loader1807.cpl
C:\WINDOWS\35d0zte9l784.bin
C:\WINDOWS\363zvi9541.bin
C:\WINDOWS\3697sp9rsez550.cpl
C:\WINDOWS\36z9addware2159.exe
C:\WINDOWS\3874s95al1596z.dll
C:\WINDOWS\387btzi591189.cpl
C:\WINDOWS\389cthzeat55887.cpl
C:\WINDOWS\38a9spyw5re1289z.dll
C:\WINDOWS\3906zpy50a.bin
C:\WINDOWS\3925ad5ware168z.cpl
C:\WINDOWS\397espyzare32425.exe
C:\WINDOWS\39f6spzrse2571.bin
C:\WINDOWS\3a57szar9e476.dll
C:\WINDOWS\3d9b5pyware1z46.dll
C:\WINDOWS\3ddoz9load5r399.dll
C:\WINDOWS\3ee5z59nloader2331.bin
C:\WINDOWS\3f19thre5z12299.bin
C:\WINDOWS\3z28t5ief9392.dll
C:\WINDOWS\40725hrz9t22430.bin
C:\WINDOWS\4356s9ywa5ez92.ocx
C:\WINDOWS\4398zteal15035.exe
C:\WINDOWS\43b6th9zat11541.ocx
C:\WINDOWS\43c75ownloader9z0.exe
C:\WINDOWS\458bzi9697.exe
C:\WINDOWS\45a1azdwa9e997.ocx
C:\WINDOWS\465athi9f857z.ocx
C:\WINDOWS\4799spazbot659.ocx
C:\WINDOWS\485athi5f210z9.exe
C:\WINDOWS\489c9oznloa5er393.dll
C:\WINDOWS\491bzparse5868.ocx
C:\WINDOWS\4985s5ywarez6.bin
C:\WINDOWS\4a55addwaze26389.cpl
C:\WINDOWS\4a91add9az51463.exe
C:\WINDOWS\4c94steal3z45.ocx
C:\WINDOWS\4d1cvzr9159.exe
C:\WINDOWS\4ed5tzi9f2419.bin
C:\WINDOWS\4z45spyw9re1955.bin
C:\WINDOWS\4z795irus751.cpl
C:\WINDOWS\4zaeth9ef573.ocx
C:\WINDOWS\5010zo9nl5ader2586.bin
C:\WINDOWS\501virz956f.dll
C:\WINDOWS\504not-a-virzs295.ocx
C:\WINDOWS\50db9parse191z5.bin
C:\WINDOWS\5195backzoo53003.dll
C:\WINDOWS\521addware5z59.dll
C:\WINDOWS\524et95zat16729.dll
C:\WINDOWS\5255spywarz5329.cpl
C:\WINDOWS\5259spyzare149.bin
C:\WINDOWS\526z95r2486.ocx
C:\WINDOWS\5289bazkd5or1054.bin
C:\WINDOWS\5291downlozder2975.exe
C:\WINDOWS\53136zpambo94e5.dll
C:\WINDOWS\53905zacktool709.ocx
C:\WINDOWS\542879py2d0z.bin
C:\WINDOWS\54307not-a9viruszb0.bin
C:\WINDOWS\5469a9zware2475.ocx
C:\WINDOWS\54769or53ez.cpl
C:\WINDOWS\5495sparze226.cpl
C:\WINDOWS\54a895dwarz1109.exe
C:\WINDOWS\55109ownloaderz196.bin
C:\WINDOWS\552dazdwar91560.ocx
C:\WINDOWS\5547not-a-vir9s2e9z.dll
C:\WINDOWS\557fs9arse231z.cpl
C:\WINDOWS\55915zr964.exe
C:\WINDOWS\55bftzrea932387.ocx
C:\WINDOWS\55z7threa932190.cpl
C:\WINDOWS\563cspzw5re2559.bin
C:\WINDOWS\56593hacztool36d.cpl
C:\WINDOWS\56e0zhre951706.cpl
C:\WINDOWS\572dzhreat10797.cpl
C:\WINDOWS\5748hacktozl493.cpl
C:\WINDOWS\577eba9zdo5r2903.exe
C:\WINDOWS\5798backdzor13169.ocx
C:\WINDOWS\58232spaz9ot17e.cpl
C:\WINDOWS\5855s5ezl29239.cpl
C:\WINDOWS\58espywzre7249.exe
C:\WINDOWS\58f85ddwarz9595.exe
C:\WINDOWS\5918spzrs9796.ocx
C:\WINDOWS\5919zorm58a5.ocx
C:\WINDOWS\59296virus2z6.cpl
C:\WINDOWS\593zthief24955.cpl
C:\WINDOWS\5957virz145.cpl
C:\WINDOWS\596azddware1539.dll
C:\WINDOWS\5973s5z4e8.bin
C:\WINDOWS\59920t9oj7b4z.bin
C:\WINDOWS\5b9cv5r196z.dll
C:\WINDOWS\5bd7sp9rse2z98.ocx
C:\WINDOWS\5be4s5arsz198.exe
C:\WINDOWS\5c52z9yware16.bin
C:\WINDOWS\5c705o9nloader410z.ocx
C:\WINDOWS\5ce2spywa593z44.ocx
C:\WINDOWS\5cf9vir9z2.exe
C:\WINDOWS\5d96st9a5602z.exe
C:\WINDOWS\5e59threzt13575.cpl
C:\WINDOWS\5e85zddware2295.ocx
C:\WINDOWS\5f45dzwnlo9der1413.dll
C:\WINDOWS\5z316troj9c.dll
C:\WINDOWS\5z5aaddware14359.cpl
C:\WINDOWS\5z87ad9w5re514.cpl
C:\WINDOWS\5z89v9r3054.ocx
C:\WINDOWS\5za8vi55099.ocx
C:\WINDOWS\5zb9spar5e1467.cpl
C:\WINDOWS\604cdownlzad9r12515.bin
C:\WINDOWS\6078s9yz995.cpl
C:\WINDOWS\60945z9al1575.exe
C:\WINDOWS\60dethreat95430z.bin
C:\WINDOWS\61095tzal2978.exe
C:\WINDOWS\6237backdo592929z.bin
C:\WINDOWS\62535ackt9ol538z.exe
C:\WINDOWS\63f7thi5f2639z.exe
C:\WINDOWS\6435spam9zt5bd.dll
C:\WINDOWS\6535s9ywarz1537.cpl
C:\WINDOWS\66bz59arse2572.exe
C:\WINDOWS\689sp5ware9531z.dll
C:\WINDOWS\6916zackdo5r3170.cpl
C:\WINDOWS\699bspywarez58.bin
C:\WINDOWS\6b915hreat4036z.cpl
C:\WINDOWS\6e4addwaz919805.ocx
C:\WINDOWS\6e79za9kdoo5595.dll
C:\WINDOWS\6e8b9a5kdoor2z39.dll
C:\WINDOWS\6f8e5h9ez2850.dll
C:\WINDOWS\6z58spy98d.dll
C:\WINDOWS\7057back9oz52975.bin
C:\WINDOWS\709ste9l1z05.ocx
C:\WINDOWS\710adz9nloa5er1126.cpl
C:\WINDOWS\718zdo9nloader5379.exe
C:\WINDOWS\71e6spzrse22985.cpl
C:\WINDOWS\72c0sparse2z959.exe
C:\WINDOWS\72e95irz519.cpl
C:\WINDOWS\735dthreat9870z.bin
C:\WINDOWS\738fv5z9971.bin
C:\WINDOWS\73ebzownloade59263.bin
C:\WINDOWS\7431bac5dzor8329.dll
C:\WINDOWS\74775pambzt3a9.bin
C:\WINDOWS\75055hze92099.cpl
C:\WINDOWS\7579not-a-viruz69d.ocx
C:\WINDOWS\75c9ackdo5z1181.exe
C:\WINDOWS\791zvi51797.dll
C:\WINDOWS\7963vi52z90.bin
C:\WINDOWS\79zdbackdo5r9579.bin
C:\WINDOWS\7a5bbackd5orz94.bin
C:\WINDOWS\7b59zown5oader2059.cpl
C:\WINDOWS\7ca9vz59659.cpl
C:\WINDOWS\7d7bbazkd9o5244.dll
C:\WINDOWS\7d99thrza526569.dll
C:\WINDOWS\7e95thre5t540z.exe
C:\WINDOWS\7f4ado5nload9r276z.dll
C:\WINDOWS\7fe75zeal799.dll
C:\WINDOWS\816wz9m657.bin
C:\WINDOWS\8547not-z9virus502.ocx
C:\WINDOWS\85ethr5az90516.ocx
C:\WINDOWS\868spy9z5e918.exe
C:\WINDOWS\8905troj7dz5.bin
C:\WINDOWS\90459w5rm4cz.exe
C:\WINDOWS\905bsparsz64.exe
C:\WINDOWS\90772viz5s2e6.ocx
C:\WINDOWS\90839hacktoz570a.dll
C:\WINDOWS\90bfvzr5472.cpl
C:\WINDOWS\92519virzs120.exe
C:\WINDOWS\92855pambot7z9.exe
C:\WINDOWS\92athze51876.bin
C:\WINDOWS\9314vir75z.cpl
C:\WINDOWS\9315tealz197.dll
C:\WINDOWS\9358zh5cktool5b5.dll
C:\WINDOWS\94859or55z4.cpl
C:\WINDOWS\952faddware8z9.ocx
C:\WINDOWS\9554z5ckdoor1845.dll
C:\WINDOWS\9589wzrm6ff5.ocx
C:\WINDOWS\959zst5al1347.bin
C:\WINDOWS\9636zro5694.exe
C:\WINDOWS\96517viru54z8.ocx
C:\WINDOWS\9679sza5bot595.cpl
C:\WINDOWS\96a6addz5re3175.exe
C:\WINDOWS\97z8spars5406.bin
C:\WINDOWS\981005pambot75z.ocx
C:\WINDOWS\9814ztro513.bin
C:\WINDOWS\98z2v5r1338.cpl
C:\WINDOWS\9902troz595.ocx
C:\WINDOWS\9950h5ckzool7e3.dll
C:\WINDOWS\99565hackzool3ee.exe
C:\WINDOWS\995addware2z48.ocx
C:\WINDOWS\9a29thze5894.cpl
C:\WINDOWS\9azv951065.dll
C:\WINDOWS\9c0a5oznloader2724.dll
C:\WINDOWS\9cba5kdoor1z199.bin
C:\WINDOWS\9d50spars52347z.dll
C:\WINDOWS\9ez9ir9625.cpl
C:\WINDOWS\9z57s5ambot35.bin
C:\WINDOWS\9z64wor955a.bin
C:\WINDOWS\9z75t9ojb5.exe
C:\WINDOWS\c9bvzr1569.dll
C:\WINDOWS\d6cs9eal549z.dll
C:\WINDOWS\deczd9ware27165.cpl
C:\WINDOWS\docynocede.vbs
C:\WINDOWS\Downloaded Program Files\3DVIA_player_installer.exe
C:\WINDOWS\e24spzwa9e592.ocx
C:\WINDOWS\e3db5ckdo9z44.ocx
C:\WINDOWS\e69backdoz52701.ocx
C:\WINDOWS\emuq.dll
C:\WINDOWS\gyhuledo.exe
C:\WINDOWS\Install.txt
C:\WINDOWS\ixawita.vbs
C:\WINDOWS\system32\10150no9-a-virus2z4.exe
C:\WINDOWS\system32\10615hack9oo5zea.cpl
C:\WINDOWS\system32\10949spazbo56b5.cpl
C:\WINDOWS\system32\10z59not-5-virus795.bin
C:\WINDOWS\system32\11478.exe
C:\WINDOWS\system32\115569pambot7z0.ocx
C:\WINDOWS\system32\11650not9azvirus5b5.dll
C:\WINDOWS\system32\1185z5orm459.bin
C:\WINDOWS\system32\11z59worm635.bin
C:\WINDOWS\system32\11z945orm793.exe
C:\WINDOWS\system32\12551spamboz79c.dll
C:\WINDOWS\system32\12679hazk5ool114.dll
C:\WINDOWS\system32\12958hack5ool29cz.exe
C:\WINDOWS\system32\12999zac5to9l21.bin
C:\WINDOWS\system32\129zsteal425.cpl
C:\WINDOWS\system32\13059spa9zot538.cpl
C:\WINDOWS\system32\135e9teal1969z.bin
C:\WINDOWS\system32\13946z9ru5697.dll
C:\WINDOWS\system32\13adownlz5der2479.cpl
C:\WINDOWS\system32\14374nzt9a-vi5us4fa.bin
C:\WINDOWS\system32\14555zirus59f.bin
C:\WINDOWS\system32\153589rzj5c45.bin
C:\WINDOWS\system32\153zstea91954.ocx
C:\WINDOWS\system32\15501troz69d.dll
C:\WINDOWS\system32\15512virus9z5.dll
C:\WINDOWS\system32\1556zspambo96b0.exe
C:\WINDOWS\system32\155b9ownload5rz547.bin
C:\WINDOWS\system32\15652spzmbot599.exe
C:\WINDOWS\system32\15683not5a9virzs6e0.ocx
C:\WINDOWS\system32\15705vzru57c9.cpl
C:\WINDOWS\system32\15755troj2z9.cpl
C:\WINDOWS\system32\159z9virus65d.ocx
C:\WINDOWS\system32\16096s9ambot515z.dll
C:\WINDOWS\system32\16297not-a-5iz9s11b.bin
C:\WINDOWS\system32\16408za9kto5l524.exe
C:\WINDOWS\system32\16659spy4az.cpl
C:\WINDOWS\system32\16827.exe
C:\WINDOWS\system32\168espa9s5z73.ocx
C:\WINDOWS\system32\16993not-a-vizus4685.cpl
C:\WINDOWS\system32\16z10wor97555.cpl
C:\WINDOWS\system32\17185spa9bzt486.ocx
C:\WINDOWS\system32\17281h59kzool794.exe
C:\WINDOWS\system32\17300zorm5915.cpl
C:\WINDOWS\system32\17307viru5z9b.cpl
C:\WINDOWS\system32\17592zacktoo5714.cpl
C:\WINDOWS\system32\17959hackz5ol37b.ocx
C:\WINDOWS\system32\17zbs5ar9e2758.ocx
C:\WINDOWS\system32\1820ste5917z2.dll
C:\WINDOWS\system32\182z3s9y32b5.cpl
C:\WINDOWS\system32\18467.exe
C:\WINDOWS\system32\18506ha9ktozl4d0.bin
C:\WINDOWS\system32\18769zywar52253.ocx
C:\WINDOWS\system32\189z8spambot554.exe
C:\WINDOWS\system32\1915spy6dfz.cpl
C:\WINDOWS\system32\19239hzckt5o9500.exe
C:\WINDOWS\system32\192589py3c0z.ocx
C:\WINDOWS\system32\19365spy5cz.ocx
C:\WINDOWS\system32\19523wormz905.exe
C:\WINDOWS\system32\196539py616z.exe
C:\WINDOWS\system32\19756h5cktool9z.exe
C:\WINDOWS\system32\1c2spywz5e1059.ocx
C:\WINDOWS\system32\1c4edowzloade59326.ocx
C:\WINDOWS\system32\1e45stz9l599.bin
C:\WINDOWS\system32\1f70zpyw5r9790.cpl
C:\WINDOWS\system32\1fd7down5oader96z2.bin
C:\WINDOWS\system32\1z078spambot95.bin
C:\WINDOWS\system32\1z129worm3539.bin
C:\WINDOWS\system32\1z219hacktoo5249.exe
C:\WINDOWS\system32\1z5da5dw9re2963.dll
C:\WINDOWS\system32\20190spambz55ea.ocx
C:\WINDOWS\system32\2052vi9156z.bin
C:\WINDOWS\system32\207615ackto9l3zb.cpl
C:\WINDOWS\system32\2089notza-virus2595.ocx
C:\WINDOWS\system32\20992sp5mbot3f9z.dll
C:\WINDOWS\system32\20downloa95r2z61.ocx
C:\WINDOWS\system32\21659wo9m1fz.cpl
C:\WINDOWS\system32\21913n5t-a-viruz4b9.cpl
C:\WINDOWS\system32\21943s5968z.exe
C:\WINDOWS\system32\21975spambztf9.bin
C:\WINDOWS\system32\219z2wo5m5509.cpl
C:\WINDOWS\system32\2297no5-azvirus5549.bin
C:\WINDOWS\system32\229999ozme5.bin
C:\WINDOWS\system32\23283s9zmbot70e5.dll
C:\WINDOWS\system32\233615p9mbzt636.ocx
C:\WINDOWS\system32\2337thre9528z01.exe
C:\WINDOWS\system32\237fba5kzoor1099.ocx
C:\WINDOWS\system32\23935not-a-vzrus6289.dll
C:\WINDOWS\system32\23983spz65a9.cpl
C:\WINDOWS\system32\24074not-a-5ir9s45z.ocx
C:\WINDOWS\system32\24464.exe
C:\WINDOWS\system32\24b49hie520z6.exe
C:\WINDOWS\system32\250bbackzoor2986.cpl
C:\WINDOWS\system32\25259hacktoolzb0.exe
C:\WINDOWS\system32\25350wzr59f4.exe
C:\WINDOWS\system32\25593nzt-a-viru95f1.exe
C:\WINDOWS\system32\25619hz95tool3f9.ocx
C:\WINDOWS\system32\25847troz398.bin
C:\WINDOWS\system32\25857spy4z9.bin
C:\WINDOWS\system32\25899zroj2bc.exe
C:\WINDOWS\system32\259z9worm5c1.ocx
C:\WINDOWS\system32\25bbspzwar91249.exe
C:\WINDOWS\system32\25z589irusf2.cpl
C:\WINDOWS\system32\26259hacktoolz5.bin
C:\WINDOWS\system32\2625not-5-v9ruszad.ocx
C:\WINDOWS\system32\2652895y3ddz.bin
C:\WINDOWS\system32\26933sp5mzot73c.cpl
C:\WINDOWS\system32\26962.exe
C:\WINDOWS\system32\2698z9pam5ot211.bin
C:\WINDOWS\system32\27798spy4zd5.exe
C:\WINDOWS\system32\27e7spazse25965.bin
C:\WINDOWS\system32\27z029ot-a-5irus5e7.bin
C:\WINDOWS\system32\28259not-a-viruz1c8.ocx
C:\WINDOWS\system32\283735pambot9z9.ocx
C:\WINDOWS\system32\28385spamb9t5cz.dll
C:\WINDOWS\system32\28561spazbot97.exe
C:\WINDOWS\system32\2889spa5bo97e9z.exe
C:\WINDOWS\system32\29098t5o97cz.bin
C:\WINDOWS\system32\29199hackt5ol7zc.exe
C:\WINDOWS\system32\29357zir9s499.ocx
C:\WINDOWS\system32\29358.exe
C:\WINDOWS\system32\2951095t-a-virus7z3.ocx
C:\WINDOWS\system32\29598sz5mbot7f5.dll
C:\WINDOWS\system32\29859zirus404.bin
C:\WINDOWS\system32\29955viruz61a.bin
C:\WINDOWS\system32\29a7th9zf5188.ocx
C:\WINDOWS\system32\29b9backdoor1z585.cpl
C:\WINDOWS\system32\2a9cdo9nloade5894z.bin
C:\WINDOWS\system32\2bfbz9arse2521.cpl
C:\WINDOWS\system32\2cbasteal1259z.exe
C:\WINDOWS\system32\2cc5thzeat12499.cpl
C:\WINDOWS\system32\2e64backdozr5998.dll
C:\WINDOWS\system32\2z075tro933c.cpl
C:\WINDOWS\system32\2z47downloader96895.cpl
C:\WINDOWS\system32\2z495troj45a9.bin
C:\WINDOWS\system32\2z565not-a-viru9358.dll
C:\WINDOWS\system32\2z850w9rm789.ocx
C:\WINDOWS\system32\2z9649py55b.ocx
C:\WINDOWS\system32\2z98virus563.dll
C:\WINDOWS\system32\2za59ir1748.exe
C:\WINDOWS\system32\3050tzo9774.exe
C:\WINDOWS\system32\30547not-a-viruz2159.ocx
C:\WINDOWS\system32\311th5e9z049.cpl
C:\WINDOWS\system32\31528s5z6a89.bin
C:\WINDOWS\system32\31565zorm57e9.bin
C:\WINDOWS\system32\321395irus3c1z.dll
C:\WINDOWS\system32\32185notza9virusba5.bin
C:\WINDOWS\system32\324s9azse1353.dll
C:\WINDOWS\system32\32bcs5ezl1920.exe
C:\WINDOWS\system32\32daspar5e96z.cpl
C:\WINDOWS\system32\3516spar9z1639.bin
C:\WINDOWS\system32\354vir95z5.exe
C:\WINDOWS\system32\3555v9rus1z9.dll
C:\WINDOWS\system32\358bszea92792.exe
C:\WINDOWS\system32\35c49hre5t597z.bin
C:\WINDOWS\system32\35z59pyware23465.ocx
C:\WINDOWS\system32\37899t5alz883.dll
C:\WINDOWS\system32\37z4s952f3.exe
C:\WINDOWS\system32\3945wo5m30z.dll
C:\WINDOWS\system32\3951downloadez1975.exe
C:\WINDOWS\system32\3951spy9z95.bin
C:\WINDOWS\system32\3ab9backdoorz250.cpl
C:\WINDOWS\system32\3adazown9oade53267.ocx
C:\WINDOWS\system32\3bz95hief139.dll
C:\WINDOWS\system32\3d53d5w9lozder2850.exe
C:\WINDOWS\system32\3d9c5hief1197z.dll
C:\WINDOWS\system32\3e53sp9warz2282.dll
C:\WINDOWS\system32\3f71zackdoor5949.exe
C:\WINDOWS\system32\3fz5sp9war5569.bin
C:\WINDOWS\system32\3z0spar5e3049.bin
C:\WINDOWS\system32\3z9b5ckdoor1216.dll
C:\WINDOWS\system32\41.exe
C:\WINDOWS\system32\43b0th9efz59.bin
C:\WINDOWS\system32\4457vir9s1za.dll
C:\WINDOWS\system32\4466vi59s6c0z.dll
C:\WINDOWS\system32\448cvi92z52.cpl
C:\WINDOWS\system32\44a19pywar5z092.bin
C:\WINDOWS\system32\44ds9ar5e1938z.ocx
C:\WINDOWS\system32\4503threaz10197.ocx
C:\WINDOWS\system32\4513zh5ef192.cpl
C:\WINDOWS\system32\453zh95ktool4be.exe
C:\WINDOWS\system32\459fsteal257z.dll
C:\WINDOWS\system32\45bfzddw5re9319.bin
C:\WINDOWS\system32\45z0addwar589.bin
C:\WINDOWS\system32\4799stez52281.dll
C:\WINDOWS\system32\4809tzoj555.exe
C:\WINDOWS\system32\4818ba9kdo5r3z11.dll
C:\WINDOWS\system32\4859s5z95d.cpl
C:\WINDOWS\system32\48a29ownloaderz35.dll
C:\WINDOWS\system32\49165ddzare3132.dll
C:\WINDOWS\system32\4941zh9eat16058.dll
C:\WINDOWS\system32\495e5ddwzre4769.bin
C:\WINDOWS\system32\49ecs9ea5z729.exe
C:\WINDOWS\system32\4abzvi91562.ocx
C:\WINDOWS\system32\4b4asp5waze1965.bin
C:\WINDOWS\system32\4cs59ware2z36.bin
C:\WINDOWS\system32\4d0f5dzwar91533.dll
C:\WINDOWS\system32\4fb0add5a9e2z45.bin
C:\WINDOWS\system32\4z97wo9m4bd5.exe
C:\WINDOWS\system32\50296hacztool5439.ocx
C:\WINDOWS\system32\51ddad9wa5e1955z.bin
C:\WINDOWS\system32\5229szamb5t5a2.dll
C:\WINDOWS\system32\5235v9r184z5.dll
C:\WINDOWS\system32\523ethzea59975.exe
C:\WINDOWS\system32\527e5pywarz2991.cpl
C:\WINDOWS\system32\52968spzmb9t4f3.ocx
C:\WINDOWS\system32\52f6thze91513.cpl
C:\WINDOWS\system32\52z55hief24059.cpl
C:\WINDOWS\system32\53d7v5r9z42.ocx
C:\WINDOWS\system32\54789pambotz93.cpl
C:\WINDOWS\system32\552eszea91350.ocx
C:\WINDOWS\system32\5541thrzat51972.ocx
C:\WINDOWS\system32\5546z9ru51a.bin
C:\WINDOWS\system32\554b5o9nloaderz259.cpl
C:\WINDOWS\system32\554zsp9mbot424.cpl
C:\WINDOWS\system32\556zspambot297.exe
C:\WINDOWS\system32\55842hzcktool59.ocx
C:\WINDOWS\system32\5585zp9mbot62d.bin
C:\WINDOWS\system32\5592w9rmz95.exe
C:\WINDOWS\system32\55cestza91536.bin
C:\WINDOWS\system32\55zfth9ef1840.cpl
C:\WINDOWS\system32\5629spzrs92408.exe
C:\WINDOWS\system32\5659hacktool59z.exe
C:\WINDOWS\system32\56spywarz951.exe
C:\WINDOWS\system32\5705.exe
C:\WINDOWS\system32\5749sp5z2e.exe
C:\WINDOWS\system32\5770threat2489z.bin
C:\WINDOWS\system32\577aspyware9z755.ocx
C:\WINDOWS\system32\57c95h9eaz31847.exe
C:\WINDOWS\system32\57cestz9l1436.exe
C:\WINDOWS\system32\57eespy9are82z.exe
C:\WINDOWS\system32\57z29spy5f.dll
C:\WINDOWS\system32\5823not-a-virz559c.cpl
C:\WINDOWS\system32\5855ztroj1a49.bin
C:\WINDOWS\system32\5857h5ckt9zl6e4.exe
C:\WINDOWS\system32\58zath9eat26286.bin
C:\WINDOWS\system32\59544troj97z.bin
C:\WINDOWS\system32\598athreat225z5.ocx
C:\WINDOWS\system32\59backzoor2585.exe
C:\WINDOWS\system32\59dathief5z64.dll
C:\WINDOWS\system32\59z9ste9l2453.exe
C:\WINDOWS\system32\5b25stzal1395.ocx
C:\WINDOWS\system32\5b9vir4z9.exe
C:\WINDOWS\system32\5c58viz9503.dll
C:\WINDOWS\system32\5c5zspyware2579.dll
C:\WINDOWS\system32\5cb5vir2749z.exe
C:\WINDOWS\system32\5d3fzddwar9649.dll
C:\WINDOWS\system32\5d5edownlzader13759.bin
C:\WINDOWS\system32\5dbth9ef8z7.exe
C:\WINDOWS\system32\5dz9steal985.ocx
C:\WINDOWS\system32\5e30add5are975z.exe
C:\WINDOWS\system32\5f21spywar9z50.dll
C:\WINDOWS\system32\5z020sp9584.ocx
C:\WINDOWS\system32\5z4959roj49d.ocx
C:\WINDOWS\system32\5z54sp5rs992.bin
C:\WINDOWS\system32\5z98spa5bo93b.bin
C:\WINDOWS\system32\6045vir95z.bin
C:\WINDOWS\system32\60zbvir9835.dll
C:\WINDOWS\system32\616zthrea95306.bin
C:\WINDOWS\system32\61ad5wnload9r27z2.ocx
C:\WINDOWS\system32\62zfsparse2589.bin
C:\WINDOWS\system32\63205hief9z77.ocx
C:\WINDOWS\system32\6334.exe
C:\WINDOWS\system32\63beszar9e265.ocx
C:\WINDOWS\system32\648zw9rm705.exe
C:\WINDOWS\system32\6569sp95zre2901.dll
C:\WINDOWS\system32\6579ziru527b9.exe
C:\WINDOWS\system32\65819dz5are3087.ocx
C:\WINDOWS\system32\65fat9reatz688.ocx
C:\WINDOWS\system32\67easz5r9e159.cpl
C:\WINDOWS\system32\684fth5eat87z79.ocx
C:\WINDOWS\system32\6919do9nloadzr1551.exe
C:\WINDOWS\system32\691bthief231z5.dll
C:\WINDOWS\system32\6932tro547z.cpl
C:\WINDOWS\system32\6991backdoo52932z.exe
C:\WINDOWS\system32\6b04dzwnloade93567.ocx
C:\WINDOWS\system32\6b35bzckd5or20209.exe
C:\WINDOWS\system32\6cac5tzal539.dll
C:\WINDOWS\system32\6e15do9nloadez1230.bin
C:\WINDOWS\system32\6f76sp5warez299.cpl
C:\WINDOWS\system32\6f95spazse1735.dll
C:\WINDOWS\system32\6z95thief855.exe
C:\WINDOWS\system32\6zf9back9oor3053.ocx
C:\WINDOWS\system32\7007z5arse2968.cpl
C:\WINDOWS\system32\711czir945.exe
C:\WINDOWS\system32\7177w5r969az.ocx
C:\WINDOWS\system32\73a2zh95f1377.exe
C:\WINDOWS\system32\73z5addw5re799.bin
C:\WINDOWS\system32\7567zpy941.exe
C:\WINDOWS\system32\759zvi5725.cpl
C:\WINDOWS\system32\75f8thief559z.exe
C:\WINDOWS\system32\75f9downlzader3002.exe
C:\WINDOWS\system32\7699wo5m309z.ocx
C:\WINDOWS\system32\76d25z9ware473.cpl
C:\WINDOWS\system32\7954stzal594.cpl
C:\WINDOWS\system32\795cstzal272.bin
C:\WINDOWS\system32\7975zteal1785.exe
C:\WINDOWS\system32\79d8ste5z393.dll
C:\WINDOWS\system32\7a90t5ief2z69.bin
C:\WINDOWS\system32\7b39tezl1195.cpl
C:\WINDOWS\system32\7d89t5re9tz0569.ocx
C:\WINDOWS\system32\7dz9spa59e2959.exe
C:\WINDOWS\system32\7e38baz9door14365.dll
C:\WINDOWS\system32\7e9astzal2526.exe
C:\WINDOWS\system32\8575s9y481z.dll
C:\WINDOWS\system32\85z95roj379.bin
C:\WINDOWS\system32\9023ztro56.dll
C:\WINDOWS\system32\9042spywaze2553.bin
C:\WINDOWS\system32\90490sz52.bin
C:\WINDOWS\system32\9059hackzool6fb.exe
C:\WINDOWS\system32\90938spambot5acz.dll
C:\WINDOWS\system32\9115troj65z.dll
C:\WINDOWS\system32\92297wzr56c7.exe
C:\WINDOWS\system32\924athrz5t15433.ocx
C:\WINDOWS\system32\9279n5tza-virus24b.ocx
C:\WINDOWS\system32\927zsp5rse451.ocx
C:\WINDOWS\system32\93bz5ddware1390.dll
C:\WINDOWS\system32\9435noz-a-9irus4fb.cpl
C:\WINDOWS\system32\946zthr5at16185.dll
C:\WINDOWS\system32\9496ad5zare662.bin
C:\WINDOWS\system32\95108notza5virusbd.ocx
C:\WINDOWS\system32\9541zpyc95.ocx
C:\WINDOWS\system32\9557backdoor4z3.dll
C:\WINDOWS\system32\95796viru548az.cpl
C:\WINDOWS\system32\967895oj25z.bin
C:\WINDOWS\system32\9749spa5se1574z.dll
C:\WINDOWS\system32\97545tro5z3d.cpl
C:\WINDOWS\system32\97dzbackdoor5523.bin
C:\WINDOWS\system32\981z5spy5a8.dll
C:\WINDOWS\system32\9860not-azv5rus590.cpl
C:\WINDOWS\system32\98z6sp5rse633.ocx
C:\WINDOWS\system32\991895ambot4za.cpl
C:\WINDOWS\system32\9961.exe
C:\WINDOWS\system32\9965wo9z5c7.ocx
C:\WINDOWS\system32\997et5iez784.cpl
C:\WINDOWS\system32\99956tzojc9.dll
C:\WINDOWS\system32\9a9athreaz303505.bin
C:\WINDOWS\system32\9d8cspzware1675.dll
C:\WINDOWS\system32\9fz4addware52.dll
C:\WINDOWS\system32\9z32w5rm662.bin
C:\WINDOWS\system32\9z87spambo56dc.cpl
C:\WINDOWS\system32\a2fzir99575.bin
C:\WINDOWS\system32\bcczackdoo5491.bin
C:\WINDOWS\system32\c2s9ealz75.cpl
C:\WINDOWS\system32\c96t9ze5t12066.dll
C:\WINDOWS\system32\ca9zownload9r15265.cpl
C:\WINDOWS\system32\dc5za9kdoor1694.exe
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\drivers\ndisrd.sys
C:\WINDOWS\system32\Install.txt
C:\WINDOWS\system32\ndisapi.dll
C:\WINDOWS\system32\warning.html
C:\WINDOWS\system32\z00805irus592.bin
C:\WINDOWS\system32\z04195irus608.bin
C:\WINDOWS\system32\z25dthi9f2816.cpl
C:\WINDOWS\system32\z3246virus9c5.exe
C:\WINDOWS\system32\z3969worm5ad.bin
C:\WINDOWS\system32\z492s9arse1593.exe
C:\WINDOWS\system32\z5235t5oj393.bin
C:\WINDOWS\system32\z5c0spyw5re16979.cpl
C:\WINDOWS\system32\z6053spy559.cpl
C:\WINDOWS\system32\z6105ddware926.dll
C:\WINDOWS\system32\z6310w5rm3609.bin
C:\WINDOWS\system32\z6659t5oj38.cpl
C:\WINDOWS\system32\z6729t5oj308.cpl
C:\WINDOWS\system32\z738sp9ware5985.exe
C:\WINDOWS\system32\z7417vi9us15b.cpl
C:\WINDOWS\system32\z7603virus2895.ocx
C:\WINDOWS\system32\z8155vi9us72b.bin
C:\WINDOWS\system32\z85989r5jf3.dll
C:\WINDOWS\system32\z881troj954.bin
C:\WINDOWS\system32\z895worm7cf.exe
C:\WINDOWS\system32\z9009sp52d4.cpl
C:\WINDOWS\system32\z9043w9rm95.ocx
C:\WINDOWS\system32\z946d5wnlo9der1865.cpl
C:\WINDOWS\system32\z972t9ief1576.exe
C:\WINDOWS\system32\z9835hief1556.exe
C:\WINDOWS\system32\z98fvi95390.exe
C:\WINDOWS\system32\ze339t5al521.ocx
C:\WINDOWS\system32\ze52do5nload9r2047.dll
C:\WINDOWS\system32\zfdsp5rse1789.cpl
C:\WINDOWS\unins000.dat
C:\WINDOWS\unins000.exe
C:\WINDOWS\wiaserviv.log
C:\WINDOWS\z01865roj794.exe
C:\WINDOWS\z01ddown95ader597.exe
C:\WINDOWS\z1d9st95l631.ocx
C:\WINDOWS\z280thi5f21829.dll
C:\WINDOWS\z2975hacktool9e4.dll
C:\WINDOWS\z2996troj51f5.bin
C:\WINDOWS\z2ac9hreat6355.dll
C:\WINDOWS\z33ste5l9679.bin
C:\WINDOWS\z356bac5door869.cpl
C:\WINDOWS\z445parse2509.exe
C:\WINDOWS\z453backd9or2009.cpl
C:\WINDOWS\z49cad9ware5504.exe
C:\WINDOWS\z5061not-a-viru94d8.bin
C:\WINDOWS\z59do9nloader2739.bin
C:\WINDOWS\z5d5teal2293.bin
C:\WINDOWS\z5d6d9wnloader1524.ocx
C:\WINDOWS\z5eavir9946.bin
C:\WINDOWS\z615s5amb9t5ce.cpl
C:\WINDOWS\z654st59l735.dll
C:\WINDOWS\z6a0thre5t29428.dll
C:\WINDOWS\z7965ir358.dll
C:\WINDOWS\z93spyware450.exe
C:\WINDOWS\z9714w9rm52c.cpl
C:\WINDOWS\z999vir1571.exe
C:\WINDOWS\za4back9o5r2254.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_NDISRD
-------\Legacy_NETLOGIN
-------\Legacy_SVCPROC
-------\Service_NDISRD


((((((((((((((((((((((((( Files Created from 2010-01-02 to 2010-02-02 )))))))))))))))))))))))))))))))
.



#5 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:40 AM

Posted 02 February 2010 - 07:05 AM

Err... for some reason your ComboFix log being cut off.. Can you find the log at C:\combofix.txt and post the complete log here? smile.gif

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#6 swebb32_99

swebb32_99
  • Topic Starter

  • Members
  • 141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:40 PM

Posted 02 February 2010 - 02:25 PM

That's where the log came from. Which part was cut off (top, bottom, etc)? I can attach the file if needed. As a side note, if there was some sort of clean-up process after the reboot, it still took nearly 10 mins before the computer was fully functional, so that may have been the reason.

Would it help to run CF again?

Thanks.

#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:40 AM

Posted 03 February 2010 - 08:02 AM

Yes, please attach the log first and then please re-run ComboFix once again.. smile.gif

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#8 swebb32_99

swebb32_99
  • Topic Starter

  • Members
  • 141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:40 PM

Posted 03 February 2010 - 04:45 PM

The file was located at C:\Combo-Fix\ComboFix1.txt, not sure if that makes a difference. I renamed it since I didn't know if it would get overwritten by the new log. I should have new log shortly.

Thanks.

Attached Files



#9 swebb32_99

swebb32_99
  • Topic Starter

  • Members
  • 141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:40 PM

Posted 03 February 2010 - 05:18 PM

Here's the new log. This was located in the correct place.

Thanks.

--------------

ComboFix 10-02-01.02 - Timothy Mundy 02/03/2010 16:51:04.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.638.325 [GMT -5:00]
Running from: c:\documents and settings\Timothy Mundy\Desktop\Combo-Fix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\DFR1.tmp
C:\DFR19.tmp
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\B32.dtd
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\B64.dtd
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\Flags.dtd
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\Local.dtd
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\UA.dtd
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\UAcpt.dtd
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\UCash.dtd
c:\documents and settings\All Users\Application Data\wylyjeb.inf
c:\documents and settings\All Users\Start Menu\PAV\Uninstall.lnk
c:\documents and settings\Timothy Mundy\Local Settings\Application Data\{0A6E0241-DD27-432D-BACF-6066F864AF15}\chrome.manifest
c:\documents and settings\Timothy Mundy\Local Settings\Application Data\{0A6E0241-DD27-432D-BACF-6066F864AF15}\chrome\content\_cfg.js
c:\documents and settings\Timothy Mundy\Local Settings\Application Data\{0A6E0241-DD27-432D-BACF-6066F864AF15}\chrome\content\c.js
c:\documents and settings\Timothy Mundy\Local Settings\Application Data\{0A6E0241-DD27-432D-BACF-6066F864AF15}\chrome\content\overlay.xul
c:\documents and settings\Timothy Mundy\Local Settings\Application Data\{0A6E0241-DD27-432D-BACF-6066F864AF15}\install.rdf
c:\program files\Common Files\Uninstall\PAV\Uninstall.lnk
c:\program files\INSTALL.LOG
c:\windows\10434h9ckzool35f.dll
c:\windows\1053addwzre11989.exe
c:\windows\1109hackt9o59z.ocx
c:\windows\115165zam9ot60.dll
c:\windows\11804worm995z.exe
c:\windows\119939or5e0z.bin
c:\windows\11b99own5oazer1037.cpl
c:\windows\11dfbazk9oor505.exe
c:\windows\123fzddw59e2299.cpl
c:\windows\126045oz-a-9irus143.ocx
c:\windows\12658virus9z4.dll
c:\windows\12835spambo541z9.cpl
c:\windows\1297t5zj674.dll
c:\windows\133a5iz9033.ocx
c:\windows\13523sp9mbot4z4.cpl
c:\windows\135259zoj667.exe
c:\windows\1359spambzt57b.exe
c:\windows\13919t5zj379.bin
c:\windows\144czack5oor819.bin
c:\windows\14693zp528f.ocx
c:\windows\14721not-z-vi9us185.cpl
c:\windows\15565viruz5a69.ocx
c:\windows\155995pamboz7ce.ocx
c:\windows\15755wo9z545.ocx
c:\windows\15769hacktool69cz.cpl
c:\windows\157z7spam9ot1f7.dll
c:\windows\15955wozm29f.exe
c:\windows\16145n5t-azvirus9c.ocx
c:\windows\165z0virus9bf.exe
c:\windows\16dzsteal5590.cpl
c:\windows\16z63wo5m3769.cpl
c:\windows\17024zir5s709.exe
c:\windows\1715s95mbot58z.ocx
c:\windows\1717addwar5z009.dll
c:\windows\17249vzru599.ocx
c:\windows\1755spzware28259.cpl
c:\windows\18369not-a-v9rus2z5.dll
c:\windows\1854thizf1392.cpl
c:\windows\18963wo9m5z9.bin
c:\windows\18d4s9zal10035.cpl
c:\windows\1907sz579b.cpl
c:\windows\1912dow5lozder927.bin
c:\windows\1916zspy905.cpl
c:\windows\192ezpywa592021.exe
c:\windows\19308n5tz9-virus388.exe
c:\windows\1932zh9ckt5ol585.exe
c:\windows\1959steaz1226.exe
c:\windows\19875parse1z99.dll
c:\windows\198as5ealz8129.cpl
c:\windows\1993dzwnloade52511.cpl
c:\windows\19962not-a-vzrus4e15.bin
c:\windows\19e9zp9ware2265.dll
c:\windows\1b56azdw9re2152.ocx
c:\windows\1bc1thzeat289835.ocx
c:\windows\1df8zpywar530799.exe
c:\windows\1z4509roj7b5.ocx
c:\windows\1z505w5rm69d.ocx
c:\windows\1z6bth5eat25019.dll
c:\windows\1zd995r1873.cpl
c:\windows\2024b5ckdozr9997.dll
c:\windows\20569zroj6c5.dll
c:\windows\20575no9za-virus2c7.exe
c:\windows\20849not-a-vi5u96ze.dll
c:\windows\212z2v95us5f7.bin
c:\windows\2187zs9am5ot11.cpl
c:\windows\220455pambot69z.bin
c:\windows\2212hazk5oo940.dll
c:\windows\22290not5a-vir9s3ddz.exe
c:\windows\22411spzmb592de.ocx
c:\windows\225509pazbot7e5.exe
c:\windows\22723tr5jzef9.bin
c:\windows\22798w5rz6b9.exe
c:\windows\22805zot-a-vi9us50d.cpl
c:\windows\2295thzea5764.exe
c:\windows\22c5spyzare9069.cpl
c:\windows\23524za9ktool7d75.exe
c:\windows\2365zspy5439.bin
c:\windows\24048vzrus7a59.bin
c:\windows\247249zrm59d.bin
c:\windows\2514s9amzot521.cpl
c:\windows\2522vz9556.cpl
c:\windows\2528backdz5r1947.exe
c:\windows\25327w9zm2aa.exe
c:\windows\25532tr9z31.exe
c:\windows\25584s5amzot597.cpl
c:\windows\256faddwaze1967.exe
c:\windows\257229ozm14c.ocx
c:\windows\25874not-9-vz5us630.dll
c:\windows\25909hacztoo5354.exe
c:\windows\25923troj58z.cpl
c:\windows\25935haczt9ol594.bin
c:\windows\2597zddware2005.bin
c:\windows\2599ztr5j2b3.exe
c:\windows\25b6th95fz91.dll
c:\windows\25z03w5rm7849.bin
c:\windows\26205v9rus38z.exe
c:\windows\26245zpy3985.cpl
c:\windows\26449spazbot59f.exe
c:\windows\27455not-59viruz49f.cpl
c:\windows\27516viru9f0z.dll
c:\windows\2809zspy7e59.ocx
c:\windows\28445tz9j4a5.exe
c:\windows\28520hac9tzol14d.exe
c:\windows\28542not-a-zirus92b.cpl
c:\windows\28679zpy2985.cpl
c:\windows\28799troj5z0.ocx
c:\windows\28941zack9oo54c2.cpl
c:\windows\28979vizus153.ocx
c:\windows\29015spy5a2z.dll
c:\windows\290335py46z.ocx
c:\windows\29259wzrm596.bin
c:\windows\29536zir9s678.bin
c:\windows\2963b5ckdo9rz223.exe
c:\windows\29838not-z-v5rus9d.cpl
c:\windows\29959trojz72.dll
c:\windows\299619rojzfe5.exe
c:\windows\29c45hi9z679.cpl
c:\windows\29z22h9ckt5ol725.dll
c:\windows\29z50s9ambot93.dll
c:\windows\2azathrea5239419.cpl
c:\windows\2c29v5z793.exe
c:\windows\2cd5backdoor8z19.bin
c:\windows\2z058troj249.cpl
c:\windows\2z135spy7e9.ocx
c:\windows\2z613spambot4509.dll
c:\windows\3039z5cktoolb9.ocx
c:\windows\307979pz25.ocx
c:\windows\30835s9y25z.ocx
c:\windows\30840spamzot590.dll
c:\windows\3099spzrse1597.bin
c:\windows\31458wzrm7d95.cpl
c:\windows\3195spazse759.ocx
c:\windows\3195z5py571.dll
c:\windows\31965hacktoolz9a.dll
c:\windows\319z6w5r9bf.dll
c:\windows\31a2ste9l5948z.dll
c:\windows\31z1vir16599.cpl
c:\windows\3202hack9zol521.bin
c:\windows\321465zr9650.bin
c:\windows\32159hacktooz1a6.bin
c:\windows\32473nzt-a-v9r5s29.dll
c:\windows\3293backdoor1z59.dll
c:\windows\329ds59rse8z4.exe
c:\windows\33a5backdozr539.dll
c:\windows\33b9sp5warez187.exe
c:\windows\345z5teal922.exe
c:\windows\3500s9arze12685.dll
c:\windows\3595zo95loader1807.cpl
c:\windows\35d0zte9l784.bin
c:\windows\363zvi9541.bin
c:\windows\3697sp9rsez550.cpl
c:\windows\36z9addware2159.exe
c:\windows\3874s95al1596z.dll
c:\windows\387btzi591189.cpl
c:\windows\389cthzeat55887.cpl
c:\windows\38a9spyw5re1289z.dll
c:\windows\3906zpy50a.bin
c:\windows\3925ad5ware168z.cpl
c:\windows\397espyzare32425.exe
c:\windows\39f6spzrse2571.bin
c:\windows\3a57szar9e476.dll
c:\windows\3d9b5pyware1z46.dll
c:\windows\3ddoz9load5r399.dll
c:\windows\3ee5z59nloader2331.bin
c:\windows\3f19thre5z12299.bin
c:\windows\3z28t5ief9392.dll
c:\windows\40725hrz9t22430.bin
c:\windows\4356s9ywa5ez92.ocx
c:\windows\4398zteal15035.exe
c:\windows\43b6th9zat11541.ocx
c:\windows\43c75ownloader9z0.exe
c:\windows\458bzi9697.exe
c:\windows\45a1azdwa9e997.ocx
c:\windows\465athi9f857z.ocx
c:\windows\4799spazbot659.ocx
c:\windows\485athi5f210z9.exe
c:\windows\489c9oznloa5er393.dll
c:\windows\491bzparse5868.ocx
c:\windows\4985s5ywarez6.bin
c:\windows\4a55addwaze26389.cpl
c:\windows\4a91add9az51463.exe
c:\windows\4c94steal3z45.ocx
c:\windows\4d1cvzr9159.exe
c:\windows\4ed5tzi9f2419.bin
c:\windows\4z45spyw9re1955.bin
c:\windows\4z795irus751.cpl
c:\windows\4zaeth9ef573.ocx
c:\windows\5010zo9nl5ader2586.bin
c:\windows\501virz956f.dll
c:\windows\504not-a-virzs295.ocx
c:\windows\50db9parse191z5.bin
c:\windows\5195backzoo53003.dll
c:\windows\521addware5z59.dll
c:\windows\524et95zat16729.dll
c:\windows\5255spywarz5329.cpl
c:\windows\5259spyzare149.bin
c:\windows\526z95r2486.ocx
c:\windows\5289bazkd5or1054.bin
c:\windows\5291downlozder2975.exe
c:\windows\53136zpambo94e5.dll
c:\windows\53905zacktool709.ocx
c:\windows\542879py2d0z.bin
c:\windows\54307not-a9viruszb0.bin
c:\windows\5469a9zware2475.ocx
c:\windows\54769or53ez.cpl
c:\windows\5495sparze226.cpl
c:\windows\54a895dwarz1109.exe
c:\windows\55109ownloaderz196.bin
c:\windows\552dazdwar91560.ocx
c:\windows\5547not-a-vir9s2e9z.dll
c:\windows\557fs9arse231z.cpl
c:\windows\55915zr964.exe
c:\windows\55bftzrea932387.ocx
c:\windows\55z7threa932190.cpl
c:\windows\563cspzw5re2559.bin
c:\windows\56593hacztool36d.cpl
c:\windows\56e0zhre951706.cpl
c:\windows\572dzhreat10797.cpl
c:\windows\5748hacktozl493.cpl
c:\windows\577eba9zdo5r2903.exe
c:\windows\5798backdzor13169.ocx
c:\windows\58232spaz9ot17e.cpl
c:\windows\5855s5ezl29239.cpl
c:\windows\58espywzre7249.exe
c:\windows\58f85ddwarz9595.exe
c:\windows\5918spzrs9796.ocx
c:\windows\5919zorm58a5.ocx
c:\windows\59296virus2z6.cpl
c:\windows\593zthief24955.cpl
c:\windows\5957virz145.cpl
c:\windows\596azddware1539.dll
c:\windows\5973s5z4e8.bin
c:\windows\59920t9oj7b4z.bin
c:\windows\5b9cv5r196z.dll
c:\windows\5bd7sp9rse2z98.ocx
c:\windows\5be4s5arsz198.exe
c:\windows\5c52z9yware16.bin
c:\windows\5c705o9nloader410z.ocx
c:\windows\5ce2spywa593z44.ocx
c:\windows\5cf9vir9z2.exe
c:\windows\5d96st9a5602z.exe
c:\windows\5e59threzt13575.cpl
c:\windows\5e85zddware2295.ocx
c:\windows\5f45dzwnlo9der1413.dll
c:\windows\5z316troj9c.dll
c:\windows\5z5aaddware14359.cpl
c:\windows\5z87ad9w5re514.cpl
c:\windows\5z89v9r3054.ocx
c:\windows\5za8vi55099.ocx
c:\windows\5zb9spar5e1467.cpl
c:\windows\604cdownlzad9r12515.bin
c:\windows\6078s9yz995.cpl
c:\windows\60945z9al1575.exe
c:\windows\60dethreat95430z.bin
c:\windows\61095tzal2978.exe
c:\windows\6237backdo592929z.bin
c:\windows\62535ackt9ol538z.exe
c:\windows\63f7thi5f2639z.exe
c:\windows\6435spam9zt5bd.dll
c:\windows\6535s9ywarz1537.cpl
c:\windows\66bz59arse2572.exe
c:\windows\689sp5ware9531z.dll
c:\windows\6916zackdo5r3170.cpl
c:\windows\699bspywarez58.bin
c:\windows\6b915hreat4036z.cpl
c:\windows\6e4addwaz919805.ocx
c:\windows\6e79za9kdoo5595.dll
c:\windows\6e8b9a5kdoor2z39.dll
c:\windows\6f8e5h9ez2850.dll
c:\windows\6z58spy98d.dll
c:\windows\7057back9oz52975.bin
c:\windows\709ste9l1z05.ocx
c:\windows\710adz9nloa5er1126.cpl
c:\windows\718zdo9nloader5379.exe
c:\windows\71e6spzrse22985.cpl
c:\windows\72c0sparse2z959.exe
c:\windows\72e95irz519.cpl
c:\windows\735dthreat9870z.bin
c:\windows\738fv5z9971.bin
c:\windows\73ebzownloade59263.bin
c:\windows\7431bac5dzor8329.dll
c:\windows\74775pambzt3a9.bin
c:\windows\75055hze92099.cpl
c:\windows\7579not-a-viruz69d.ocx
c:\windows\75c9ackdo5z1181.exe
c:\windows\791zvi51797.dll
c:\windows\7963vi52z90.bin
c:\windows\79zdbackdo5r9579.bin
c:\windows\7a5bbackd5orz94.bin
c:\windows\7b59zown5oader2059.cpl
c:\windows\7ca9vz59659.cpl
c:\windows\7d7bbazkd9o5244.dll
c:\windows\7d99thrza526569.dll
c:\windows\7e95thre5t540z.exe
c:\windows\7f4ado5nload9r276z.dll
c:\windows\7fe75zeal799.dll
c:\windows\816wz9m657.bin
c:\windows\8547not-z9virus502.ocx
c:\windows\85ethr5az90516.ocx
c:\windows\868spy9z5e918.exe
c:\windows\8905troj7dz5.bin
c:\windows\90459w5rm4cz.exe
c:\windows\905bsparsz64.exe
c:\windows\90772viz5s2e6.ocx
c:\windows\90839hacktoz570a.dll
c:\windows\90bfvzr5472.cpl
c:\windows\92519virzs120.exe
c:\windows\92855pambot7z9.exe
c:\windows\92athze51876.bin
c:\windows\9314vir75z.cpl
c:\windows\9315tealz197.dll
c:\windows\9358zh5cktool5b5.dll
c:\windows\94859or55z4.cpl
c:\windows\952faddware8z9.ocx
c:\windows\9554z5ckdoor1845.dll
c:\windows\9589wzrm6ff5.ocx
c:\windows\959zst5al1347.bin
c:\windows\9636zro5694.exe
c:\windows\96517viru54z8.ocx
c:\windows\9679sza5bot595.cpl
c:\windows\96a6addz5re3175.exe
c:\windows\97z8spars5406.bin
c:\windows\981005pambot75z.ocx
c:\windows\9814ztro513.bin
c:\windows\98z2v5r1338.cpl
c:\windows\9902troz595.ocx
c:\windows\9950h5ckzool7e3.dll
c:\windows\99565hackzool3ee.exe
c:\windows\995addware2z48.ocx
c:\windows\9a29thze5894.cpl
c:\windows\9azv951065.dll
c:\windows\9c0a5oznloader2724.dll
c:\windows\9cba5kdoor1z199.bin
c:\windows\9d50spars52347z.dll
c:\windows\9ez9ir9625.cpl
c:\windows\9z57s5ambot35.bin
c:\windows\9z64wor955a.bin
c:\windows\9z75t9ojb5.exe
c:\windows\c9bvzr1569.dll
c:\windows\d6cs9eal549z.dll
c:\windows\deczd9ware27165.cpl
c:\windows\docynocede.vbs
c:\windows\Downloaded Program Files\3DVIA_player_installer.exe
c:\windows\e24spzwa9e592.ocx
c:\windows\e3db5ckdo9z44.ocx
c:\windows\e69backdoz52701.ocx
c:\windows\emuq.dll
c:\windows\gyhuledo.exe
c:\windows\Install.txt
c:\windows\ixawita.vbs
c:\windows\system32\10150no9-a-virus2z4.exe
c:\windows\system32\10615hack9oo5zea.cpl
c:\windows\system32\10949spazbo56b5.cpl
c:\windows\system32\10z59not-5-virus795.bin
c:\windows\system32\11478.exe
c:\windows\system32\115569pambot7z0.ocx
c:\windows\system32\11650not9azvirus5b5.dll
c:\windows\system32\1185z5orm459.bin
c:\windows\system32\11z59worm635.bin
c:\windows\system32\11z945orm793.exe
c:\windows\system32\12551spamboz79c.dll
c:\windows\system32\12679hazk5ool114.dll
c:\windows\system32\12958hack5ool29cz.exe
c:\windows\system32\12999zac5to9l21.bin
c:\windows\system32\129zsteal425.cpl
c:\windows\system32\13059spa9zot538.cpl
c:\windows\system32\135e9teal1969z.bin
c:\windows\system32\13946z9ru5697.dll
c:\windows\system32\13adownlz5der2479.cpl
c:\windows\system32\14374nzt9a-vi5us4fa.bin
c:\windows\system32\14555zirus59f.bin
c:\windows\system32\153589rzj5c45.bin
c:\windows\system32\153zstea91954.ocx
c:\windows\system32\15501troz69d.dll
c:\windows\system32\15512virus9z5.dll
c:\windows\system32\1556zspambo96b0.exe
c:\windows\system32\155b9ownload5rz547.bin
c:\windows\system32\15652spzmbot599.exe
c:\windows\system32\15683not5a9virzs6e0.ocx
c:\windows\system32\15705vzru57c9.cpl
c:\windows\system32\15755troj2z9.cpl
c:\windows\system32\159z9virus65d.ocx
c:\windows\system32\16096s9ambot515z.dll
c:\windows\system32\16297not-a-5iz9s11b.bin
c:\windows\system32\16408za9kto5l524.exe
c:\windows\system32\16659spy4az.cpl
c:\windows\system32\16827.exe
c:\windows\system32\168espa9s5z73.ocx
c:\windows\system32\16993not-a-vizus4685.cpl
c:\windows\system32\16z10wor97555.cpl
c:\windows\system32\17185spa9bzt486.ocx
c:\windows\system32\17281h59kzool794.exe
c:\windows\system32\17300zorm5915.cpl
c:\windows\system32\17307viru5z9b.cpl
c:\windows\system32\17592zacktoo5714.cpl
c:\windows\system32\17959hackz5ol37b.ocx
c:\windows\system32\17zbs5ar9e2758.ocx
c:\windows\system32\1820ste5917z2.dll
c:\windows\system32\182z3s9y32b5.cpl
c:\windows\system32\18467.exe
c:\windows\system32\18506ha9ktozl4d0.bin
c:\windows\system32\18769zywar52253.ocx
c:\windows\system32\189z8spambot554.exe
c:\windows\system32\1915spy6dfz.cpl
c:\windows\system32\19239hzckt5o9500.exe
c:\windows\system32\192589py3c0z.ocx
c:\windows\system32\19365spy5cz.ocx
c:\windows\system32\19523wormz905.exe
c:\windows\system32\196539py616z.exe
c:\windows\system32\19756h5cktool9z.exe
c:\windows\system32\1c2spywz5e1059.ocx
c:\windows\system32\1c4edowzloade59326.ocx
c:\windows\system32\1e45stz9l599.bin
c:\windows\system32\1f70zpyw5r9790.cpl
c:\windows\system32\1fd7down5oader96z2.bin
c:\windows\system32\1z078spambot95.bin
c:\windows\system32\1z129worm3539.bin
c:\windows\system32\1z219hacktoo5249.exe
c:\windows\system32\1z5da5dw9re2963.dll
c:\windows\system32\20190spambz55ea.ocx
c:\windows\system32\2052vi9156z.bin
c:\windows\system32\207615ackto9l3zb.cpl
c:\windows\system32\2089notza-virus2595.ocx
c:\windows\system32\20992sp5mbot3f9z.dll
c:\windows\system32\20downloa95r2z61.ocx
c:\windows\system32\21659wo9m1fz.cpl
c:\windows\system32\21913n5t-a-viruz4b9.cpl
c:\windows\system32\21943s5968z.exe
c:\windows\system32\21975spambztf9.bin
c:\windows\system32\219z2wo5m5509.cpl
c:\windows\system32\2297no5-azvirus5549.bin
c:\windows\system32\229999ozme5.bin
c:\windows\system32\23283s9zmbot70e5.dll
c:\windows\system32\233615p9mbzt636.ocx
c:\windows\system32\2337thre9528z01.exe
c:\windows\system32\237fba5kzoor1099.ocx
c:\windows\system32\23935not-a-vzrus6289.dll
c:\windows\system32\23983spz65a9.cpl
c:\windows\system32\24074not-a-5ir9s45z.ocx
c:\windows\system32\24464.exe
c:\windows\system32\24b49hie520z6.exe
c:\windows\system32\250bbackzoor2986.cpl
c:\windows\system32\25259hacktoolzb0.exe
c:\windows\system32\25350wzr59f4.exe
c:\windows\system32\25593nzt-a-viru95f1.exe
c:\windows\system32\25619hz95tool3f9.ocx
c:\windows\system32\25847troz398.bin
c:\windows\system32\25857spy4z9.bin
c:\windows\system32\25899zroj2bc.exe
c:\windows\system32\259z9worm5c1.ocx
c:\windows\system32\25bbspzwar91249.exe
c:\windows\system32\25z589irusf2.cpl
c:\windows\system32\26259hacktoolz5.bin
c:\windows\system32\2625not-5-v9ruszad.ocx
c:\windows\system32\2652895y3ddz.bin
c:\windows\system32\26933sp5mzot73c.cpl
c:\windows\system32\26962.exe
c:\windows\system32\2698z9pam5ot211.bin
c:\windows\system32\27798spy4zd5.exe
c:\windows\system32\27e7spazse25965.bin
c:\windows\system32\27z029ot-a-5irus5e7.bin
c:\windows\system32\28259not-a-viruz1c8.ocx
c:\windows\system32\283735pambot9z9.ocx
c:\windows\system32\28385spamb9t5cz.dll
c:\windows\system32\28561spazbot97.exe
c:\windows\system32\2889spa5bo97e9z.exe
c:\windows\system32\29098t5o97cz.bin
c:\windows\system32\29199hackt5ol7zc.exe
c:\windows\system32\29357zir9s499.ocx
c:\windows\system32\29358.exe
c:\windows\system32\2951095t-a-virus7z3.ocx
c:\windows\system32\29598sz5mbot7f5.dll
c:\windows\system32\29859zirus404.bin
c:\windows\system32\29955viruz61a.bin
c:\windows\system32\29a7th9zf5188.ocx
c:\windows\system32\29b9backdoor1z585.cpl
c:\windows\system32\2a9cdo9nloade5894z.bin
c:\windows\system32\2bfbz9arse2521.cpl
c:\windows\system32\2cbasteal1259z.exe
c:\windows\system32\2cc5thzeat12499.cpl
c:\windows\system32\2e64backdozr5998.dll
c:\windows\system32\2z075tro933c.cpl
c:\windows\system32\2z47downloader96895.cpl
c:\windows\system32\2z495troj45a9.bin
c:\windows\system32\2z565not-a-viru9358.dll
c:\windows\system32\2z850w9rm789.ocx
c:\windows\system32\2z9649py55b.ocx
c:\windows\system32\2z98virus563.dll
c:\windows\system32\2za59ir1748.exe
c:\windows\system32\3050tzo9774.exe
c:\windows\system32\30547not-a-viruz2159.ocx
c:\windows\system32\311th5e9z049.cpl
c:\windows\system32\31528s5z6a89.bin
c:\windows\system32\31565zorm57e9.bin
c:\windows\system32\321395irus3c1z.dll
c:\windows\system32\32185notza9virusba5.bin
c:\windows\system32\324s9azse1353.dll
c:\windows\system32\32bcs5ezl1920.exe
c:\windows\system32\32daspar5e96z.cpl
c:\windows\system32\3516spar9z1639.bin
c:\windows\system32\354vir95z5.exe
c:\windows\system32\3555v9rus1z9.dll
c:\windows\system32\358bszea92792.exe
c:\windows\system32\35c49hre5t597z.bin
c:\windows\system32\35z59pyware23465.ocx
c:\windows\system32\37899t5alz883.dll
c:\windows\system32\37z4s952f3.exe
c:\windows\system32\3945wo5m30z.dll
c:\windows\system32\3951downloadez1975.exe
c:\windows\system32\3951spy9z95.bin
c:\windows\system32\3ab9backdoorz250.cpl
c:\windows\system32\3adazown9oade53267.ocx
c:\windows\system32\3bz95hief139.dll
c:\windows\system32\3d53d5w9lozder2850.exe
c:\windows\system32\3d9c5hief1197z.dll
c:\windows\system32\3e53sp9warz2282.dll
c:\windows\system32\3f71zackdoor5949.exe
c:\windows\system32\3fz5sp9war5569.bin
c:\windows\system32\3z0spar5e3049.bin
c:\windows\system32\3z9b5ckdoor1216.dll
c:\windows\system32\41.exe
c:\windows\system32\43b0th9efz59.bin
c:\windows\system32\4457vir9s1za.dll
c:\windows\system32\4466vi59s6c0z.dll
c:\windows\system32\448cvi92z52.cpl
c:\windows\system32\44a19pywar5z092.bin
c:\windows\system32\44ds9ar5e1938z.ocx
c:\windows\system32\4503threaz10197.ocx
c:\windows\system32\4513zh5ef192.cpl
c:\windows\system32\453zh95ktool4be.exe
c:\windows\system32\459fsteal257z.dll
c:\windows\system32\45bfzddw5re9319.bin
c:\windows\system32\45z0addwar589.bin
c:\windows\system32\4799stez52281.dll
c:\windows\system32\4809tzoj555.exe
c:\windows\system32\4818ba9kdo5r3z11.dll
c:\windows\system32\4859s5z95d.cpl
c:\windows\system32\48a29ownloaderz35.dll
c:\windows\system32\49165ddzare3132.dll
c:\windows\system32\4941zh9eat16058.dll
c:\windows\system32\495e5ddwzre4769.bin
c:\windows\system32\49ecs9ea5z729.exe
c:\windows\system32\4abzvi91562.ocx
c:\windows\system32\4b4asp5waze1965.bin
c:\windows\system32\4cs59ware2z36.bin
c:\windows\system32\4d0f5dzwar91533.dll
c:\windows\system32\4fb0add5a9e2z45.bin
c:\windows\system32\4z97wo9m4bd5.exe
c:\windows\system32\50296hacztool5439.ocx
c:\windows\system32\51ddad9wa5e1955z.bin
c:\windows\system32\5229szamb5t5a2.dll
c:\windows\system32\5235v9r184z5.dll
c:\windows\system32\523ethzea59975.exe
c:\windows\system32\527e5pywarz2991.cpl
c:\windows\system32\52968spzmb9t4f3.ocx
c:\windows\system32\52f6thze91513.cpl
c:\windows\system32\52z55hief24059.cpl
c:\windows\system32\53d7v5r9z42.ocx
c:\windows\system32\54789pambotz93.cpl
c:\windows\system32\552eszea91350.ocx
c:\windows\system32\5541thrzat51972.ocx
c:\windows\system32\5546z9ru51a.bin
c:\windows\system32\554b5o9nloaderz259.cpl
c:\windows\system32\554zsp9mbot424.cpl
c:\windows\system32\556zspambot297.exe
c:\windows\system32\55842hzcktool59.ocx
c:\windows\system32\5585zp9mbot62d.bin
c:\windows\system32\5592w9rmz95.exe
c:\windows\system32\55cestza91536.bin
c:\windows\system32\55zfth9ef1840.cpl
c:\windows\system32\5629spzrs92408.exe
c:\windows\system32\5659hacktool59z.exe
c:\windows\system32\56spywarz951.exe
c:\windows\system32\5705.exe
c:\windows\system32\5749sp5z2e.exe
c:\windows\system32\5770threat2489z.bin
c:\windows\system32\577aspyware9z755.ocx
c:\windows\system32\57c95h9eaz31847.exe
c:\windows\system32\57cestz9l1436.exe
c:\windows\system32\57eespy9are82z.exe
c:\windows\system32\57z29spy5f.dll
c:\windows\system32\5823not-a-virz559c.cpl
c:\windows\system32\5855ztroj1a49.bin
c:\windows\system32\5857h5ckt9zl6e4.exe
c:\windows\system32\58zath9eat26286.bin
c:\windows\system32\59544troj97z.bin
c:\windows\system32\598athreat225z5.ocx
c:\windows\system32\59backzoor2585.exe
c:\windows\system32\59dathief5z64.dll
c:\windows\system32\59z9ste9l2453.exe
c:\windows\system32\5b25stzal1395.ocx
c:\windows\system32\5b9vir4z9.exe
c:\windows\system32\5c58viz9503.dll
c:\windows\system32\5c5zspyware2579.dll
c:\windows\system32\5cb5vir2749z.exe
c:\windows\system32\5d3fzddwar9649.dll
c:\windows\system32\5d5edownlzader13759.bin
c:\windows\system32\5dbth9ef8z7.exe
c:\windows\system32\5dz9steal985.ocx
c:\windows\system32\5e30add5are975z.exe
c:\windows\system32\5f21spywar9z50.dll
c:\windows\system32\5z020sp9584.ocx
c:\windows\system32\5z4959roj49d.ocx
c:\windows\system32\5z54sp5rs992.bin
c:\windows\system32\5z98spa5bo93b.bin
c:\windows\system32\6045vir95z.bin
c:\windows\system32\60zbvir9835.dll
c:\windows\system32\616zthrea95306.bin
c:\windows\system32\61ad5wnload9r27z2.ocx
c:\windows\system32\62zfsparse2589.bin
c:\windows\system32\63205hief9z77.ocx
c:\windows\system32\6334.exe
c:\windows\system32\63beszar9e265.ocx
c:\windows\system32\648zw9rm705.exe
c:\windows\system32\6569sp95zre2901.dll
c:\windows\system32\6579ziru527b9.exe
c:\windows\system32\65819dz5are3087.ocx
c:\windows\system32\65fat9reatz688.ocx
c:\windows\system32\67easz5r9e159.cpl
c:\windows\system32\684fth5eat87z79.ocx
c:\windows\system32\6919do9nloadzr1551.exe
c:\windows\system32\691bthief231z5.dll
c:\windows\system32\6932tro547z.cpl
c:\windows\system32\6991backdoo52932z.exe
c:\windows\system32\6b04dzwnloade93567.ocx
c:\windows\system32\6b35bzckd5or20209.exe
c:\windows\system32\6cac5tzal539.dll
c:\windows\system32\6e15do9nloadez1230.bin
c:\windows\system32\6f76sp5warez299.cpl
c:\windows\system32\6f95spazse1735.dll
c:\windows\system32\6z95thief855.exe
c:\windows\system32\6zf9back9oor3053.ocx
c:\windows\system32\7007z5arse2968.cpl
c:\windows\system32\711czir945.exe
c:\windows\system32\7177w5r969az.ocx
c:\windows\system32\73a2zh95f1377.exe
c:\windows\system32\73z5addw5re799.bin
c:\windows\system32\7567zpy941.exe
c:\windows\system32\759zvi5725.cpl
c:\windows\system32\75f8thief559z.exe
c:\windows\system32\75f9downlzader3002.exe
c:\windows\system32\7699wo5m309z.ocx
c:\windows\system32\76d25z9ware473.cpl
c:\windows\system32\7954stzal594.cpl
c:\windows\system32\795cstzal272.bin
c:\windows\system32\7975zteal1785.exe
c:\windows\system32\79d8ste5z393.dll
c:\windows\system32\7a90t5ief2z69.bin
c:\windows\system32\7b39tezl1195.cpl
c:\windows\system32\7d89t5re9tz0569.ocx
c:\windows\system32\7dz9spa59e2959.exe
c:\windows\system32\7e38baz9door14365.dll
c:\windows\system32\7e9astzal2526.exe
c:\windows\system32\8575s9y481z.dll
c:\windows\system32\85z95roj379.bin
c:\windows\system32\9023ztro56.dll
c:\windows\system32\9042spywaze2553.bin
c:\windows\system32\90490sz52.bin
c:\windows\system32\9059hackzool6fb.exe
c:\windows\system32\90938spambot5acz.dll
c:\windows\system32\9115troj65z.dll
c:\windows\system32\92297wzr56c7.exe
c:\windows\system32\924athrz5t15433.ocx
c:\windows\system32\9279n5tza-virus24b.ocx
c:\windows\system32\927zsp5rse451.ocx
c:\windows\system32\93bz5ddware1390.dll
c:\windows\system32\9435noz-a-9irus4fb.cpl
c:\windows\system32\946zthr5at16185.dll
c:\windows\system32\9496ad5zare662.bin
c:\windows\system32\95108notza5virusbd.ocx
c:\windows\system32\9541zpyc95.ocx
c:\windows\system32\9557backdoor4z3.dll
c:\windows\system32\95796viru548az.cpl
c:\windows\system32\967895oj25z.bin
c:\windows\system32\9749spa5se1574z.dll
c:\windows\system32\97545tro5z3d.cpl
c:\windows\system32\97dzbackdoor5523.bin
c:\windows\system32\981z5spy5a8.dll
c:\windows\system32\9860not-azv5rus590.cpl
c:\windows\system32\98z6sp5rse633.ocx
c:\windows\system32\991895ambot4za.cpl
c:\windows\system32\9961.exe
c:\windows\system32\9965wo9z5c7.ocx
c:\windows\system32\997et5iez784.cpl
c:\windows\system32\99956tzojc9.dll
c:\windows\system32\9a9athreaz303505.bin
c:\windows\system32\9d8cspzware1675.dll
c:\windows\system32\9fz4addware52.dll
c:\windows\system32\9z32w5rm662.bin
c:\windows\system32\9z87spambo56dc.cpl
c:\windows\system32\a2fzir99575.bin
c:\windows\system32\bcczackdoo5491.bin
c:\windows\system32\c2s9ealz75.cpl
c:\windows\system32\c96t9ze5t12066.dll
c:\windows\system32\ca9zownload9r15265.cpl
c:\windows\system32\dc5za9kdoor1694.exe
c:\windows\system32\drivers\fad.sys
c:\windows\system32\drivers\ndisrd.sys
c:\windows\system32\Install.txt
c:\windows\system32\ndisapi.dll
c:\windows\system32\warning.html
c:\windows\system32\z00805irus592.bin
c:\windows\system32\z04195irus608.bin
c:\windows\system32\z25dthi9f2816.cpl
c:\windows\system32\z3246virus9c5.exe
c:\windows\system32\z3969worm5ad.bin
c:\windows\system32\z492s9arse1593.exe
c:\windows\system32\z5235t5oj393.bin
c:\windows\system32\z5c0spyw5re16979.cpl
c:\windows\system32\z6053spy559.cpl
c:\windows\system32\z6105ddware926.dll
c:\windows\system32\z6310w5rm3609.bin
c:\windows\system32\z6659t5oj38.cpl
c:\windows\system32\z6729t5oj308.cpl
c:\windows\system32\z738sp9ware5985.exe
c:\windows\system32\z7417vi9us15b.cpl
c:\windows\system32\z7603virus2895.ocx
c:\windows\system32\z8155vi9us72b.bin
c:\windows\system32\z85989r5jf3.dll
c:\windows\system32\z881troj954.bin
c:\windows\system32\z895worm7cf.exe
c:\windows\system32\z9009sp52d4.cpl
c:\windows\system32\z9043w9rm95.ocx
c:\windows\system32\z946d5wnlo9der1865.cpl
c:\windows\system32\z972t9ief1576.exe
c:\windows\system32\z9835hief1556.exe
c:\windows\system32\z98fvi95390.exe
c:\windows\system32\ze339t5al521.ocx
c:\windows\system32\ze52do5nload9r2047.dll
c:\windows\system32\zfdsp5rse1789.cpl
c:\windows\unins000.dat
c:\windows\unins000.exe
c:\windows\wiaserviv.log
c:\windows\z01865roj794.exe
c:\windows\z01ddown95ader597.exe
c:\windows\z1d9st95l631.ocx
c:\windows\z280thi5f21829.dll
c:\windows\z2975hacktool9e4.dll
c:\windows\z2996troj51f5.bin
c:\windows\z2ac9hreat6355.dll
c:\windows\z33ste5l9679.bin
c:\windows\z356bac5door869.cpl
c:\windows\z445parse2509.exe
c:\windows\z453backd9or2009.cpl
c:\windows\z49cad9ware5504.exe
c:\windows\z5061not-a-viru94d8.bin
c:\windows\z59do9nloader2739.bin
c:\windows\z5d5teal2293.bin
c:\windows\z5d6d9wnloader1524.ocx
c:\windows\z5eavir9946.bin
c:\windows\z615s5amb9t5ce.cpl
c:\windows\z654st59l735.dll
c:\windows\z6a0thre5t29428.dll
c:\windows\z7965ir358.dll
c:\windows\z93spyware450.exe
c:\windows\z9714w9rm52c.cpl
c:\windows\z999vir1571.exe
c:\windows\za4back9o5r2254.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_NDISRD
-------\Legacy_NETLOGIN
-------\Legacy_SVCPROC
-------\Service_NDISRD


((((((((((((((((((((((((( Files Created from 2010-01-03 to 2010-02-03 )))))))))))))))))))))))))))))))
.

2010-02-02 04:11 . 2010-01-28 21:54 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-02-02 04:11 . 2010-01-28 21:57 163280 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-02-02 04:11 . 2010-01-28 21:54 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-02-02 04:10 . 2010-01-28 21:57 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-02-02 04:10 . 2010-01-28 21:54 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-02-02 04:10 . 2010-01-28 21:54 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-02-02 04:10 . 2010-01-28 21:53 28240 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-02-02 04:09 . 2010-01-28 22:09 152672 ----a-w- c:\windows\system32\aswBoot.exe
2010-02-02 04:09 . 2010-01-19 11:57 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-01-31 15:09 . 2010-02-02 04:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-01-31 15:09 . 2010-01-31 15:09 -------- d-----w- c:\program files\Alwil Software
2010-01-30 22:19 . 2009-03-19 19:07 169984 ----a-w- c:\windows\system32\dllcache\msconfig.exe
2010-01-30 22:19 . 2009-03-19 19:07 507904 ----a-w- c:\windows\system32\dllcache\winlogon.exe
2010-01-30 22:19 . 2009-03-19 19:07 14336 ----a-w- c:\windows\system32\dllcache\svchost.exe
2010-01-30 22:19 . 2009-03-19 19:07 1414656 ----a-w- c:\windows\system32\dllcache\mmc.exe
2010-01-30 22:19 . 2009-03-19 19:07 13312 ----a-w- c:\windows\system32\dllcache\lsass.exe
2010-01-30 22:19 . 2009-03-19 19:07 15360 ----a-w- c:\windows\system32\dllcache\logoff.exe
2010-01-30 22:19 . 2009-03-19 19:07 514560 ----a-w- c:\windows\system32\dllcache\logonui.exe
2010-01-30 22:19 . 2009-03-19 19:07 389120 ----a-w- c:\windows\system32\dllcache\cmd.exe
2010-01-30 22:19 . 2009-03-19 19:07 146432 ----a-w- c:\windows\system32\dllcache\regedit.exe
2010-01-30 22:19 . 2009-03-19 19:07 1033728 ----a-w- c:\windows\system32\dllcache\explorer.exe
2010-01-30 22:18 . 2009-03-19 19:07 26112 ----a-w- c:\windows\system32\dllcache\userinit.exe
2010-01-30 22:18 . 2009-03-19 19:07 33280 ----a-w- c:\windows\system32\dllcache\rundll32.exe
2010-01-13 14:13 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-07 23:44 . 2010-01-07 23:44 -------- d-----w- c:\documents and settings\Timothy Mundy\Local Settings\Application Data\3DVIA
2010-01-07 23:43 . 2010-01-07 23:43 -------- d-----w- c:\program files\Virtools

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-02 04:38 . 2006-07-09 20:34 -------- d-----w- c:\program files\Google
2010-01-31 16:04 . 2010-01-31 16:04 52224 ----a-w- c:\documents and settings\Timothy Mundy\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-31 16:04 . 2009-09-22 22:23 117760 ----a-w- c:\documents and settings\Timothy Mundy\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-31 16:03 . 2009-09-22 22:22 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-31 14:42 . 2009-03-28 14:34 -------- d-----w- c:\documents and settings\Timothy Mundy\Application Data\wsInspector
2010-01-16 20:07 . 2009-12-26 02:24 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2009-12-30 00:19 . 2009-12-30 00:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Mattel
2009-12-30 00:18 . 2003-03-19 16:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-30 00:18 . 2009-12-30 00:16 -------- d-----w- c:\program files\Mattel
2009-12-30 00:16 . 2009-12-30 00:16 -------- d-----w- c:\program files\DIFX
2009-12-26 02:31 . 2009-12-26 02:31 -------- d-----w- c:\documents and settings\Timothy Mundy\Application Data\Nikon
2009-12-26 02:26 . 2009-12-26 02:26 -------- d-----w- c:\program files\Common Files\muvee Technologies
2009-12-26 02:26 . 2009-12-26 02:26 -------- d-----w- c:\program files\Common Files\Nikon
2009-12-26 02:26 . 2009-12-26 02:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Nikon
2009-12-26 02:26 . 2009-12-26 02:26 -------- d-----w- c:\program files\Nikon
2009-12-26 02:24 . 2009-12-26 02:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Ultima_T15
2009-12-26 02:24 . 2009-12-26 02:24 -------- d-----w- c:\documents and settings\All Users\Application Data\EnterNHelp
2009-12-21 19:14 . 2005-02-18 20:19 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-11 01:26 . 2008-08-28 00:26 664 ----a-w- c:\documents and settings\Timothy Mundy\Local Settings\Application Data\d3d9caps.dat
2009-11-21 15:51 . 2002-08-29 11:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-08-26 22:35 . 2009-08-26 22:35 11892 ----a-w- c:\program files\Common Files\coruxosure.scr
2009-08-26 22:35 . 2009-08-26 22:35 10988 ----a-w- c:\program files\Common Files\heden.bin
2009-08-26 22:35 . 2009-08-26 22:35 14484 ----a-w- c:\program files\Common Files\yfupe._dl
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{565FE2E0-7B46-46EB-9D83-3B2DC5934BCC}"= "c:\program files\CheatCodesToolbar\CheatCodes.com Toolbar\cctoolbar.dll" [2008-11-28 2593280]

[HKEY_CLASSES_ROOT\clsid\{565fe2e0-7b46-46eb-9d83-3b2dc5934bcc}]
[HKEY_CLASSES_ROOT\TBSB06474.TBSB06474.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\TBSB06474.TBSB06474]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{565FE2E0-7B46-46EB-9D83-3B2DC5934BCC}"= "c:\program files\CheatCodesToolbar\CheatCodes.com Toolbar\cctoolbar.dll" [2008-11-28 2593280]

[HKEY_CLASSES_ROOT\clsid\{565fe2e0-7b46-46eb-9d83-3b2dc5934bcc}]
[HKEY_CLASSES_ROOT\TBSB06474.TBSB06474.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\TBSB06474.TBSB06474]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2005-10-19 126976]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-09-22 1796368]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-01-28 2757512]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"= 1 (0x1)
"NoSetActiveDesktop"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SYSTEM32\guard32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Timothy Mundy^Start Menu^Programs^Startup^Connection Manager.lnk]
path=c:\documents and settings\Timothy Mundy\Start Menu\Programs\Startup\Connection Manager.lnk
backup=c:\windows\pss\Connection Manager.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Timothy Mundy^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Timothy Mundy\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2002-04-10 22:44 679936 ----a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
2003-08-29 08:59 122880 ----a-w- c:\windows\BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A940]
2003-06-25 15:29 294998 ----a-w- c:\program files\Dell AIO Printer A940\dlbabmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 16:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 14:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HelpCenter4.1]
2008-06-18 04:13 198184 ----a-w- c:\program files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2001-08-03 08:36 196608 ----a-w- c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb03.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 08:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-03-30 14:36 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo Share]
2008-09-16 03:42 144656 ----a-w- c:\program files\Memeo\Memeo Share\MemeoLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 20:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-09 09:19 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
2002-07-15 17:48 1544192 ----a-w- c:\program files\Support.com\bin\tgcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2004-11-22 12:18 307200 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2008-11-10 17:23 157312 ----a-w- c:\program files\Zune\ZuneLauncher.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2 Trial Version\\zt2demoretail.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Support.com\\bin\\tgcmd.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\GlobalStar Software\\Mall Tycoon\\mall.exe"=
"c:\\WINDOWS\\SYSTEM32\\mldocoms.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\mldopswx.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\mldotime.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\mldojswx.exe"=

R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [2/1/2010 11:11 PM 163280]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\SYSTEM32\DRIVERS\cmdguard.sys [9/22/2009 4:49 PM 132168]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\SYSTEM32\DRIVERS\cmdhlp.sys [9/22/2009 4:49 PM 25160]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/15/2009 10:42 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 10:42 AM 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [2/1/2010 11:11 PM 19024]
R2 mldo_device;mldo_device;c:\windows\system32\mldocoms.exe -service --> c:\windows\system32\mldocoms.exe -service [?]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 gupdate1c9af20cdbb49ec;Google Update Service (gupdate1c9af20cdbb49ec);c:\program files\Google\Update\GoogleUpdate.exe [3/27/2009 4:12 PM 133104]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 10:42 AM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-27 21:12]

2010-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-27 21:12]

2010-02-02 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2008-11-19 12:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://m.www.yahoo.com/
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJ&fl=0&ptb=qqp.skNADU_MmXqniqg7Lg&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = hxxp://localhost;*.local
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: Yahoo! Bingo - hxxp://origin.games.yahoo.net/games/clients/y/xt0_x.cab
DPF: Yahoo! Spades - hxxp://origin.games.yahoo.net/games/clients/y/st3_x.cab
DPF: Yahoo! Tic-Tac-Toe - hxxp://origin.games.yahoo.net/games/clients/y/ft3_x.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://games.bellsouth.net/Gh/DeliciousWeb/zylomplayer.cab
DPF: {F135A813-7152-4532-AC8D-28AC2136DFC7} - hxxp://games.bigfishgames.com/en_parking-dash/online/parkingdash.1.0.0.10.cab
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{da21bd13-ca22-42e3-a071-98f08f1ca1e7} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKU-Default-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKU-Default-Run-Internet Security 2010 - c:\program files\InternetSecurity2010\IS2010.exe
HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil9d.exe
Notify-efcAPFvv - efcAPFvv.dll
MSConfigStartUp-19837184 - c:\documents and settings\All Users\Application Data\19837184\19837184.exe
MSConfigStartUp-Cleanup - c:\docume~1\TIMOTH~1\LOCALS~1\Temp\200932892955_mcappins.exe
MSConfigStartUp-ConMgr - c:\program files\EarthLink 5.0\conmgr.exe
MSConfigStartUp-Dqezanonul - c:\windows\Cqufuleja.dll
MSConfigStartUp-GetModule36 - c:\program files\GetModule\GetModule36.exe
MSConfigStartUp-GetPack28 - c:\program files\GetPack\GetPack28.exe
MSConfigStartUp-Microsoft Default Manager - c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
MSConfigStartUp-MicroSys-Launcher - c:\program files\Micro-Sys Software\Launcher\launcher.exe
MSConfigStartUp-mmtask - c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
MSConfigStartUp-MMTray - c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
MSConfigStartUp-MPFExe - c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe
MSConfigStartUp-MPSExe - c:\program files\McAfee.com\MPS\mscifapp.exe
MSConfigStartUp-msci - c:\docume~1\TIMOTH~1\LOCALS~1\Temp\200932892947_mcinfo.exe
MSConfigStartUp-MSDRV - NetFilter.exe
MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe
MSConfigStartUp-My Web Search Community Tools - c:\program files\MyWebSearch\bar\3.bin\m3IMPipe.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
MSConfigStartUp-Qsosuzedesuv - c:\windows\epudoxiyetukopib.dll
MSConfigStartUp-RealTray - c:\program files\Real\RealPlayer\RealPlay.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-ttool - c:\windows\9129837.exe
MSConfigStartUp-VirusScan Online - c:\progra~1\mcafee.com\vso\mcvsshld.exe
AddRemove-BellSouth® FastAccess® DSL Westell WireSpeed Update_is1 - c:\windows\unins000.exe
AddRemove-HijackThis - c:\bwht202\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-03 17:04
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d7,a6,7c,50,54,08,4c,45,81,72,3a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d7,a6,7c,50,54,08,4c,45,81,72,3a,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9D9EEA93-DD59-68FD-2527E621161D0237}\{C35E9742-B8BD-06C7-FA5575747B82F58D}\{7D561727-4D3E-D313-4CFAAB3C00BB0207}*]
"YKBG4FY6MRBLZHWNMN5KORGMPA1"=hex:01,00,01,00,00,00,00,00,da,37,90,89,91,09,97,
9b,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(696)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\igfxsrvc.dll
c:\windows\system32\hccutils.DLL

- - - - - - - > 'explorer.exe'(3684)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-02-03 17:14:11
ComboFix-quarantined-files.txt 2010-02-03 22:13

Pre-Run: 31,497,486,336 bytes free
Post-Run: 31,424,086,016 bytes free

- - End Of File - - 706A96E8D77445BB01EED6C1A0A8EF79


#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:40 AM

Posted 04 February 2010 - 06:53 AM

1. Please open Notepad
  • If you don't know how, just go to Start >> Run >> copy/paste notepad.exe >> Enter

2. Now copy/paste the entire content of the codebox below into the Notepad window:

CODE
KillAll::

File::
c:\program files\Common Files\coruxosure.scr
c:\program files\Common Files\heden.bin
c:\program files\Common Files\yfupe._dl

DDS::
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJ&fl=0&ptb=qqp.skNADU_MmXqniqg7Lg&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe/KittyFix.exe as depicted in the animation below. This will start ComboFix/KittyFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.




Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.





Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

How's the computer now? smile.gif

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 swebb32_99

swebb32_99
  • Topic Starter

  • Members
  • 141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:40 PM

Posted 04 February 2010 - 11:12 PM

Ok, here is the CF, HJT, MBAM, ESET logs.

Thanks.

*************
ComboFix 10-02-01.02 - Timothy Mundy 02/04/2010 16:49:05.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.638.261 [GMT -5:00]
Running from: c:\documents and settings\Timothy Mundy\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Timothy Mundy\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

FILE ::
"c:\program files\Common Files\coruxosure.scr"
"c:\program files\Common Files\heden.bin"
"c:\program files\Common Files\yfupe._dl"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\coruxosure.scr
c:\program files\Common Files\heden.bin
c:\program files\Common Files\yfupe._dl

.
((((((((((((((((((((((((( Files Created from 2010-01-04 to 2010-02-04 )))))))))))))))))))))))))))))))
.

2010-02-02 04:11 . 2010-01-28 21:54 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-02-02 04:11 . 2010-01-28 21:57 163280 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-02-02 04:11 . 2010-01-28 21:54 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-02-02 04:10 . 2010-01-28 21:57 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-02-02 04:10 . 2010-01-28 21:54 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-02-02 04:10 . 2010-01-28 21:54 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-02-02 04:10 . 2010-01-28 21:53 28240 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-02-02 04:09 . 2010-01-28 22:09 152672 ----a-w- c:\windows\system32\aswBoot.exe
2010-02-02 04:09 . 2010-01-19 11:57 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-01-31 15:09 . 2010-02-02 04:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-01-31 15:09 . 2010-01-31 15:09 -------- d-----w- c:\program files\Alwil Software
2010-01-30 22:19 . 2009-03-19 19:07 169984 ----a-w- c:\windows\system32\dllcache\msconfig.exe
2010-01-30 22:19 . 2009-03-19 19:07 507904 ----a-w- c:\windows\system32\dllcache\winlogon.exe
2010-01-30 22:19 . 2009-03-19 19:07 14336 ----a-w- c:\windows\system32\dllcache\svchost.exe
2010-01-30 22:19 . 2009-03-19 19:07 1414656 ----a-w- c:\windows\system32\dllcache\mmc.exe
2010-01-30 22:19 . 2009-03-19 19:07 13312 ----a-w- c:\windows\system32\dllcache\lsass.exe
2010-01-30 22:19 . 2009-03-19 19:07 15360 ----a-w- c:\windows\system32\dllcache\logoff.exe
2010-01-30 22:19 . 2009-03-19 19:07 514560 ----a-w- c:\windows\system32\dllcache\logonui.exe
2010-01-30 22:19 . 2009-03-19 19:07 389120 ----a-w- c:\windows\system32\dllcache\cmd.exe
2010-01-30 22:19 . 2009-03-19 19:07 146432 ----a-w- c:\windows\system32\dllcache\regedit.exe
2010-01-30 22:19 . 2009-03-19 19:07 1033728 ----a-w- c:\windows\system32\dllcache\explorer.exe
2010-01-30 22:18 . 2009-03-19 19:07 26112 ----a-w- c:\windows\system32\dllcache\userinit.exe
2010-01-30 22:18 . 2009-03-19 19:07 33280 ----a-w- c:\windows\system32\dllcache\rundll32.exe
2010-01-13 14:13 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-07 23:44 . 2010-01-07 23:44 -------- d-----w- c:\documents and settings\Timothy Mundy\Local Settings\Application Data\3DVIA
2010-01-07 23:43 . 2010-01-07 23:43 -------- d-----w- c:\program files\Virtools

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-02 04:38 . 2006-07-09 20:34 -------- d-----w- c:\program files\Google
2010-01-31 16:04 . 2010-01-31 16:04 52224 ----a-w- c:\documents and settings\Timothy Mundy\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-31 16:04 . 2009-09-22 22:23 117760 ----a-w- c:\documents and settings\Timothy Mundy\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-31 16:03 . 2009-09-22 22:22 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-31 14:42 . 2009-03-28 14:34 -------- d-----w- c:\documents and settings\Timothy Mundy\Application Data\wsInspector
2010-01-16 20:07 . 2009-12-26 02:24 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2009-12-30 00:19 . 2009-12-30 00:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Mattel
2009-12-30 00:18 . 2003-03-19 16:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-30 00:18 . 2009-12-30 00:16 -------- d-----w- c:\program files\Mattel
2009-12-30 00:16 . 2009-12-30 00:16 -------- d-----w- c:\program files\DIFX
2009-12-26 02:31 . 2009-12-26 02:31 -------- d-----w- c:\documents and settings\Timothy Mundy\Application Data\Nikon
2009-12-26 02:26 . 2009-12-26 02:26 -------- d-----w- c:\program files\Common Files\muvee Technologies
2009-12-26 02:26 . 2009-12-26 02:26 -------- d-----w- c:\program files\Common Files\Nikon
2009-12-26 02:26 . 2009-12-26 02:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Nikon
2009-12-26 02:26 . 2009-12-26 02:26 -------- d-----w- c:\program files\Nikon
2009-12-26 02:24 . 2009-12-26 02:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Ultima_T15
2009-12-26 02:24 . 2009-12-26 02:24 -------- d-----w- c:\documents and settings\All Users\Application Data\EnterNHelp
2009-12-21 19:14 . 2005-02-18 20:19 916480 ------w- c:\windows\system32\wininet.dll
2009-12-11 01:26 . 2008-08-28 00:26 664 ----a-w- c:\documents and settings\Timothy Mundy\Local Settings\Application Data\d3d9caps.dat
2009-11-21 15:51 . 2002-08-29 11:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{565FE2E0-7B46-46EB-9D83-3B2DC5934BCC}"= "c:\program files\CheatCodesToolbar\CheatCodes.com Toolbar\cctoolbar.dll" [2008-11-28 2593280]

[HKEY_CLASSES_ROOT\clsid\{565fe2e0-7b46-46eb-9d83-3b2dc5934bcc}]
[HKEY_CLASSES_ROOT\TBSB06474.TBSB06474.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\TBSB06474.TBSB06474]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{565FE2E0-7B46-46EB-9D83-3B2DC5934BCC}"= "c:\program files\CheatCodesToolbar\CheatCodes.com Toolbar\cctoolbar.dll" [2008-11-28 2593280]

[HKEY_CLASSES_ROOT\clsid\{565fe2e0-7b46-46eb-9d83-3b2dc5934bcc}]
[HKEY_CLASSES_ROOT\TBSB06474.TBSB06474.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\TBSB06474.TBSB06474]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2005-10-19 126976]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-09-22 1796368]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-01-28 2757512]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"= 1 (0x1)
"NoSetActiveDesktop"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SYSTEM32\guard32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Timothy Mundy^Start Menu^Programs^Startup^Connection Manager.lnk]
path=c:\documents and settings\Timothy Mundy\Start Menu\Programs\Startup\Connection Manager.lnk
backup=c:\windows\pss\Connection Manager.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Timothy Mundy^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Timothy Mundy\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2002-04-10 22:44 679936 ----a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
2003-08-29 08:59 122880 ----a-w- c:\windows\BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A940]
2003-06-25 15:29 294998 ----a-w- c:\program files\Dell AIO Printer A940\dlbabmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 16:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 14:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HelpCenter4.1]
2008-06-18 04:13 198184 ----a-w- c:\program files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2001-08-03 08:36 196608 ----a-w- c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb03.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 08:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-03-30 14:36 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo Share]
2008-09-16 03:42 144656 ----a-w- c:\program files\Memeo\Memeo Share\MemeoLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 20:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-09 09:19 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
2002-07-15 17:48 1544192 ----a-w- c:\program files\Support.com\bin\tgcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2004-11-22 12:18 307200 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2008-11-10 17:23 157312 ----a-w- c:\program files\Zune\ZuneLauncher.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2 Trial Version\\zt2demoretail.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Support.com\\bin\\tgcmd.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\GlobalStar Software\\Mall Tycoon\\mall.exe"=
"c:\\WINDOWS\\SYSTEM32\\mldocoms.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\mldopswx.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\mldotime.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\mldojswx.exe"=

R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [2/1/2010 11:11 PM 163280]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\SYSTEM32\DRIVERS\cmdguard.sys [9/22/2009 4:49 PM 132168]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\SYSTEM32\DRIVERS\cmdhlp.sys [9/22/2009 4:49 PM 25160]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/15/2009 10:42 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 10:42 AM 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [2/1/2010 11:11 PM 19024]
R2 mldo_device;mldo_device;c:\windows\system32\mldocoms.exe -service --> c:\windows\system32\mldocoms.exe -service [?]
S?2 gupdate1c9af20cdbb49ec;Google Update Service (gupdate1c9af20cdbb49ec);c:\program files\Google\Update\GoogleUpdate.exe [3/27/2009 4:12 PM 133104]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 10:42 AM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-27 21:12]

2010-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-27 21:12]

2010-02-04 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2008-11-19 12:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://m.www.yahoo.com/
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJ&fl=0&ptb=qqp.skNADU_MmXqniqg7Lg&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = hxxp://localhost;*.local
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: Yahoo! Bingo - hxxp://origin.games.yahoo.net/games/clients/y/xt0_x.cab
DPF: Yahoo! Spades - hxxp://origin.games.yahoo.net/games/clients/y/st3_x.cab
DPF: Yahoo! Tic-Tac-Toe - hxxp://origin.games.yahoo.net/games/clients/y/ft3_x.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://games.bellsouth.net/Gh/DeliciousWeb/zylomplayer.cab
DPF: {F135A813-7152-4532-AC8D-28AC2136DFC7} - hxxp://games.bigfishgames.com/en_parking-dash/online/parkingdash.1.0.0.10.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-04 17:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d7,a6,7c,50,54,08,4c,45,81,72,3a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d7,a6,7c,50,54,08,4c,45,81,72,3a,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9D9EEA93-DD59-68FD-2527E621161D0237}\{C35E9742-B8BD-06C7-FA5575747B82F58D}\{7D561727-4D3E-D313-4CFAAB3C00BB0207}*]
"YKBG4FY6MRBLZHWNMN5KORGMPA1"=hex:01,00,01,00,00,00,00,00,da,37,90,89,91,09,97,
9b,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3184)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\mldocoms.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\ZuneBusEnum.exe
c:\program files\COMODO\COMODO Internet Security\cfpupdat.exe
.
**************************************************************************
.
Completion time: 2010-02-04 17:13:38 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-04 22:13

Pre-Run: 31,478,870,016 bytes free
Post-Run: 31,450,918,912 bytes free

- - End Of File - - CCB5F448DE46176B5EDA4AC8CA69F2F6
***************************

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:57:13 PM, on 2/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\mldocoms.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.home.bellsouth.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;*.local
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: CheatCodes.com Toolbar - {565FE2E0-7B46-46EB-9D83-3B2DC5934BCC} - C:\Program Files\CheatCodesToolbar\CheatCodes.com Toolbar\cctoolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: Yahoo! Bingo - http://origin.games.yahoo.net/games/clients/y/xt0_x.cab
O16 - DPF: Yahoo! Spades - http://origin.games.yahoo.net/games/clients/y/st3_x.cab
O16 - DPF: Yahoo! Tic-Tac-Toe - http://origin.games.yahoo.net/games/clients/y/ft3_x.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Jigsaw%20Puzzle%20Platinum/Images/stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1229477882437
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v41/hangman/hangman.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://games.bellsouth.net/Gh/DeliciousWeb/zylomplayer.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.30.20/ttinst.cab
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} (DinerDash Control) - http://www.worldwinner.com/games/v50/dinerdash/dinerdash.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Jigsaw%20Puzzle%20Platinum/Images/armhelper.ocx
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47/famil.../familyfeud.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/in...r_installer.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F135A813-7152-4532-AC8D-28AC2136DFC7} (CPlayFirstParkingDasControl Object) - http://games.bigfishgames.com/en_parking-d...sh.1.0.0.10.cab
O20 - AppInit_DLLs: C:\WINDOWS\SYSTEM32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Update Service (gupdate1c9af20cdbb49ec) (gupdate1c9af20cdbb49ec) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: mldo_device - - C:\WINDOWS\system32\mldocoms.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8390 bytes
******************

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/4/2010 7:53:29 PM
mbam-log-2010-02-04 (19-53-29).txt

Scan type: Full Scan (C:\|)
Objects scanned: 286861
Time elapsed: 1 hour(s), 42 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000813.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000908.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0001067.sys (Malware.Trace) -> Quarantined and deleted successfully.
***************

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=0
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=e563477c8f51cb409bc438050125c1d5
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-02-05 02:02:12
# local_time=2010-02-04 09:02:12 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777175 100 0 0 0 0 0
# compatibility_mode=3073 16777213 80 89 11592623 11592745 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=0
# found=0
# cleaned=0
# scan_time=0
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=e563477c8f51cb409bc438050125c1d5
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-02-05 03:34:05
# local_time=2010-02-04 10:34:05 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777191 100 0 0 0 0 0
# compatibility_mode=3073 16777213 80 89 11592789 11592911 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=155240
# found=4
# cleaned=4
# scan_time=5347
C:\Documents and Settings\NetworkService\Application Data\Microsoft\Internet Explorer\Desktop.htt Win32/TrojanDownloader.FakeAlert.AED virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\warning.html.vir Win32/TrojanDownloader.FakeAlert.AED virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Internet Explorer\Desktop.htt Win32/TrojanDownloader.FakeAlert.ADM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20090131-180550.backup Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
*************


#12 swebb32_99

swebb32_99
  • Topic Starter

  • Members
  • 141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:40 PM

Posted 05 February 2010 - 05:41 AM

The computer still seems slow. I think that may be Avast. It always seems like its doing a full scan. I think I'll switch back to AVG. Also, the tray icons are still not loading. I have to actually open Comodo and Avast, just to get the icons to show on the tray.

#13 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:40 AM

Posted 05 February 2010 - 07:26 AM

Uninstall COMODO and Avast.. Then reinstall it again if you wish, but remember you need ONE antivirus in each computer.. If you wish to install AVG instead of Avast, just go ahead, as long as there's an antivirus, it will be fine smile.gif


Looks good to me.. Lets do some cleanup...


Please download OTC and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTC
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes



Please read these excellent articles write by my friends:
Preventing Malware and Safe Computing by Rorschach112
What makes your machine slow? by Artellos


Also, please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware


Read these great info's about safe internet surfing..

http://www.pcpitstop.com/spycheck/safesurfing.asp
http://bluefive.pair.com/practice_safe_surfing.htm




Please reply to this thread once more and tell us about the computer behaviour before we can close this thread smile.gif



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#14 swebb32_99

swebb32_99
  • Topic Starter

  • Members
  • 141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:40 PM

Posted 05 February 2010 - 07:28 AM

I'll take care of it this afternoon.

Thanks.

#15 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:40 AM

Posted 05 February 2010 - 08:02 AM

You are very welcome, I'm glad that we could help.

I will now close this topic. If you need this topic to be re-open, please pm me or Moderators regarding the matter..

If you have any new malware related questions or issues in the future please start a new topic.

Cheers and Happy Computing !

fenzodahl512


Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users