Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Can someone anaylze my Combo-Fix Log Report?

Started by Mabo19 , Jun 19 2009 04:17 PM

  • Please log in to reply

#1
Mabo19
Posted 19 June 2009 - 04:17 PM

Mabo19

    Member

  • Member
  • PipPip
  • 19 posts
Hello, after this programs saved my bros computer from being a paperweight, I decided to try this out on my computer. Here's the report:

ComboFix 09-06-16.05 - USER 06/18/2009 23:18.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.214 [GMT -4:00]
Running from: c:\documents and settings\user\desktop\virus malware programs\combo-fix.exe
AV: Webroot AntiVirus with AntiSpyware *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\progra~1\COMMON~1\{305DE~1
c:\progra~1\COMMON~1\{B05DE~1
c:\progra~1\COMMON~1\{B05DE~2
c:\program files\Common Files\sembly~1
c:\program files\Common Files\uninstall information
c:\temp\tn3
c:\windows\sks~1
c:\windows\system32\cks
c:\windows\system32\dtw5d
c:\windows\system32\UAs
c:\windows\ymbols~1
c:\documents and settings\USER\Application Data\02000000111248b1517C.manifest
c:\documents and settings\USER\Application Data\02000000111248b1517O.manifest
c:\documents and settings\USER\Application Data\02000000111248b1517P.manifest
c:\documents and settings\USER\Application Data\02000000111248b1517S.manifest
c:\documents and settings\USER\Application Data\Dxccwrd.dll
c:\documents and settings\USER\Application Data\inst.exe
C:\lswmv.ini
c:\progra~1\COMMON~1\{305DE~1\Bar888.dll
c:\progra~1\COMMON~1\{305DE~1\UnInstall.exe
c:\windows\GnuHashes.ini
c:\windows\system32\afhsjpvg.ini
c:\windows\system32\anmkmoix.ini
c:\windows\system32\AutoRun.inf
c:\windows\system32\cjetsrqw.ini
c:\windows\system32\cks\[email protected][1].txt
c:\windows\system32\cks\[email protected][2].txt
c:\windows\system32\cks\[email protected][3].txt
c:\windows\system32\cks\user@adbrite[1].txt
c:\windows\system32\cks\user@adbrite[2].txt
c:\windows\system32\cks\user@adbrite[3].txt
c:\windows\system32\cks\user@adbrite[4].txt
c:\windows\system32\cks\user@advertising[1].txt
c:\windows\system32\cks\user@advertising[2].txt
c:\windows\system32\cks\user@apmebf[1].txt
c:\windows\system32\cks\user@atdmt[1].txt
c:\windows\system32\cks\user@atdmt[2].txt
c:\windows\system32\cks\user@atdmt[3].txt
c:\windows\system32\cks\user@casalemedia[1].txt
c:\windows\system32\cks\user@casalemedia[2].txt
c:\windows\system32\cks\user@casalemedia[3].txt
c:\windows\system32\cks\user@doubleclick[1].txt
c:\windows\system32\cks\user@doubleclick[2].txt
c:\windows\system32\cks\user@fastclick[2].txt
c:\windows\system32\cks\user@zedo[1].txt
c:\windows\system32\cks\user@zedo[2].txt
c:\windows\system32\cks\user@zedo[3].txt
c:\windows\system32\cxavgivm.ini
c:\windows\system32\dogxaimy.ini
c:\windows\system32\dtw5d\3376_0000000371.pst
c:\windows\system32\dtw5d\3420_0000000369.pst
c:\windows\system32\dtw5d\3420_0000000370.pst
c:\windows\system32\dtw5d\3456_0000000373.clb
c:\windows\system32\dtw5d\3456_0000000374.htm
c:\windows\system32\dtw5d\3456_0000000375.frm
c:\windows\system32\dtw5d\3456_0000000376.pst
c:\windows\system32\dtw5d\376_0000000378.clb
c:\windows\system32\dtw5d\376_0000000379.htm
c:\windows\system32\dtw5d\376_0000000380.frm
c:\windows\system32\dtw5d\376_0000000381.pst
c:\windows\system32\dtw5d\376_0000000382.pst
c:\windows\system32\dtw5d\376_0000000384.clb
c:\windows\system32\dtw5d\376_0000000385.htm
c:\windows\system32\dtw5d\376_0000000386.frm
c:\windows\system32\dtw5d\376_0000000387.pst
c:\windows\system32\dtw5d\AcroRd32_UAs001.dat
c:\windows\system32\dtw5d\crashreporter_UAs001.dat
c:\windows\system32\dtw5d\Explorer_UAs001.dat
c:\windows\system32\dtw5d\Explorer_UAs002.dat
c:\windows\system32\dtw5d\firefox_UAs001.dat
c:\windows\system32\dtw5d\firefox_UAs002.dat
c:\windows\system32\dtw5d\firefox_UAs003.dat
c:\windows\system32\dtw5d\iexplore_UAs007.dat
c:\windows\system32\dtw5d\javaw_UAs001.dat
c:\windows\system32\dtw5d\jre-6u13-windows-i586-p-iftw_13974002_UAs001.dat
c:\windows\system32\dtw5d\jre-6u13-windows-i586-p-iftw_13974002_UAs002.dat
c:\windows\system32\dtw5d\jre-6u14-windows-i586-iftw-rv_UAs001.dat
c:\windows\system32\dtw5d\jre-6u14-windows-i586-iftw-rv_UAs002.dat
c:\windows\system32\dtw5d\launchpad_UAs001.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs047.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs048.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs049.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs050.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs051.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs052.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs053.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs054.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs055.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs056.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs057.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs058.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs059.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs060.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs061.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs062.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs063.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs064.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs065.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs066.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs067.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs068.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs069.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs070.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs071.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs072.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs073.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs074.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs075.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs076.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs077.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs078.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs079.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs080.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs081.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs082.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs083.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs084.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs085.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs086.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs087.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs088.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs089.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs090.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs091.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs092.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs093.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs094.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs095.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs096.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs097.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs098.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs099.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs100.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs101.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs102.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs103.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs104.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs105.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs106.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs107.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs108.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs109.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs110.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs111.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs112.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs113.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs114.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs115.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs116.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs117.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs118.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs119.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs120.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs121.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs122.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs123.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs124.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs125.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs126.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs127.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs128.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs129.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs130.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs131.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs132.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs133.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs134.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs135.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs136.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs137.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs138.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs139.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs140.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs141.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs142.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs143.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs144.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs145.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs146.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs147.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs148.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs149.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs150.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs151.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs152.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs153.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs154.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs155.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs156.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs157.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs158.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs159.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs160.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs161.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs162.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs163.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs164.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs165.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs166.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs167.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs168.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs169.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs170.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs171.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs172.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs173.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs174.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs175.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs176.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs177.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs178.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs179.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs180.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs181.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs182.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs183.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs184.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs185.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs186.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs187.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs188.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs189.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs190.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs191.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs192.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs193.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs194.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs195.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs196.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs197.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs198.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs199.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs200.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs201.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs202.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs203.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs204.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs205.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs206.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs207.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs208.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs209.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs210.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs211.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs212.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs213.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs214.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs215.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs216.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs217.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs218.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs219.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs220.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs221.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs222.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs223.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs224.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs225.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs226.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs227.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs228.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs229.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs230.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs231.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs232.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs233.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs234.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs235.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs236.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs237.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs238.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs239.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs240.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs241.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs242.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs243.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs244.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs245.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs246.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs247.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs248.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs249.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs250.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs251.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs252.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs253.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs254.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs255.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs256.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs257.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs258.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs259.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs260.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs261.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs262.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs263.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs264.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs265.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs266.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs267.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs268.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs269.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs270.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs271.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs272.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs273.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs274.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs275.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs276.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs277.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs278.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs279.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs280.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs281.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs282.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs283.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs284.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs285.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs286.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs287.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs288.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs289.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs290.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs291.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs292.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs293.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs294.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs295.dat
c:\windows\system32\dtw5d\LUCOMS~1_UAs296.dat
c:\windows\system32\dtw5d\mbam_UAs001.dat
c:\windows\system32\dtw5d\mbam_UAs002.dat
c:\windows\system32\dtw5d\msiexec_UAs001.dat
c:\windows\system32\dtw5d\MSTORDB_UAs001.dat
c:\windows\system32\dtw5d\[email protected][4].txt
c:\windows\system32\dtw5d\netbanke_2009.03.21.112150_user@casalemedia[1].txt
c:\windows\system32\dtw5d\netbanke_2009.03.21.112156_user@advertising[2].txt
c:\windows\system32\dtw5d\netbanke_2009.03.21.112156_user@doubleclick[2].txt
c:\windows\system32\dtw5d\netbanke_2009.03.21.113047_user@doubleclick[3].txt
c:\windows\system32\dtw5d\netbanke_2009.03.21.113438_user@doubleclick[2].txt
c:\windows\system32\dtw5d\netbanke_2009.03.21.121525_user@casalemedia[1].txt
c:\windows\system32\dtw5d\[email protected][4].txt
c:\windows\system32\dtw5d\netbanke_2009.03.21.125417_user@atdmt[2].txt
c:\windows\system32\dtw5d\[email protected][3].txt
c:\windows\system32\dtw5d\netbanke_2009.03.21.125820_user@atdmt[3].txt
c:\windows\system32\dtw5d\[email protected][4].txt
c:\windows\system32\dtw5d\[email protected][4].txt
c:\windows\system32\dtw5d\netbanke_2009.03.23.031229_user@casalemedia[1].txt
c:\windows\system32\dtw5d\[email protected][3].txt
c:\windows\system32\dtw5d\netbanke_2009.03.23.031235_user@atdmt[2].txt
c:\windows\system32\dtw5d\[email protected][4].txt
c:\windows\system32\dtw5d\[email protected][3].txt
c:\windows\system32\dtw5d\netbanke_2009.03.23.031246_user@atdmt[3].txt
c:\windows\system32\dtw5d\netbanke_2009.03.23.031246_user@casalemedia[1].txt
c:\windows\system32\dtw5d\[email protected][1].txt
c:\windows\system32\dtw5d\[email protected][3].txt
c:\windows\system32\dtw5d\netbanke_2009.03.23.031257_user@doubleclick[2].txt
c:\windows\system32\dtw5d\[email protected][3].txt
c:\windows\system32\dtw5d\netbanke_2009.03.23.031303_user@doubleclick[2].txt
c:\windows\system32\dtw5d\[email protected][3].txt
c:\windows\system32\dtw5d\[email protected][3].txt
c:\windows\system32\dtw5d\netbanke_2009.03.23.032840_user@casalemedia[3].txt
c:\windows\system32\dtw5d\[email protected][4].txt
c:\windows\system32\dtw5d\netbanke_2009.03.23.032846_user@atdmt[3].txt
c:\windows\system32\dtw5d\[email protected][4].txt
c:\windows\system32\dtw5d\[email protected][3].txt
c:\windows\system32\dtw5d\[email protected][3].txt
c:\windows\system32\dtw5d\[email protected][4].txt
c:\windows\system32\dtw5d\netbanke_2009.03.23.035223_user@casalemedia[3].txt
c:\windows\system32\dtw5d\[email protected][1].txt
c:\windows\system32\dtw5d\[email protected][4].txt
c:\windows\system32\dtw5d\netbanke_2009.03.23.035228_user@doubleclick[2].txt
c:\windows\system32\dtw5d\[email protected][2].txt
c:\windows\system32\dtw5d\[email protected][2].txt
c:\windows\system32\dtw5d\netbanke_2009.03.26.124124_user@doubleclick[1].txt
c:\windows\system32\dtw5d\[email protected][2].txt
c:\windows\system32\dtw5d\[email protected][1].txt
c:\windows\system32\dtw5d\[email protected][2].txt
c:\windows\system32\dtw5d\netbanke_2009.03.27.072225_user@casalemedia[2].txt
c:\windows\system32\dtw5d\netbanke_2009.03.27.072231_user@atdmt[1].txt
c:\windows\system32\dtw5d\[email protected][1].txt
c:\windows\system32\dtw5d\netbanke_2009.03.27.072242_user@casalemedia[2].txt
c:\windows\system32\dtw5d\[email protected][1].txt
c:\windows\system32\dtw5d\[email protected][2].txt
c:\windows\system32\dtw5d\netbanke_2009.03.29.101958_user@atdmt[1].txt
c:\windows\system32\dtw5d\netbanke_2009.03.29.102011_user@atdmt[2].txt
c:\windows\system32\dtw5d\[email protected][2].txt
c:\windows\system32\dtw5d\netbanke_2009.03.29.102341_user@advertising[1].txt
c:\windows\system32\dtw5d\netbanke_2009.03.29.102619_user@casalemedia[2].txt
c:\windows\system32\dtw5d\netbanke_2009.03.29.102713_user@advertising[2].txt
c:\windows\system32\dtw5d\netbanke_2009.03.29.102826_user@casalemedia[2].txt
c:\windows\system32\dtw5d\netbanke_2009.03.29.103423_user@advertising[1].txt
c:\windows\system32\dtw5d\[email protected][1].txt
c:\windows\system32\dtw5d\[email protected][2].txt
c:\windows\system32\dtw5d\[email protected][1].txt
c:\windows\system32\dtw5d\[email protected][2].txt
c:\windows\system32\dtw5d\[email protected][1].txt
c:\windows\system32\dtw5d\netbanke_2009.04.27.101432_user@atdmt[1].txt
c:\windows\system32\dtw5d\netbanke_2009.05.29.093814_user@atdmt[1].txt
c:\windows\system32\dtw5d\[email protected][1].txt
c:\windows\system32\dtw5d\spysweeperregsetup_en[1]_UAs001.dat
c:\windows\system32\dtw5d\spysweeperregsetup_en_UAs001.dat
c:\windows\system32\dtw5d\superantispyware_UAs001.dat
c:\windows\system32\dtw5d\superantispyware_UAs002.dat
c:\windows\system32\dtw5d\wgatray_UAs002.dat
c:\windows\system32\dtw5d\winword_UAs001.dat
c:\windows\system32\dtw5d\WRConsumerService_UAs001.dat
c:\windows\system32\dtw5d\WRConsumerService_UAs002.dat
c:\windows\system32\dtw5d\WRConsumerService_UAs003.dat
c:\windows\system32\dtw5d\WRConsumerService_UAs004.dat
c:\windows\system32\dtw5d\WRConsumerService_UAs005.dat
c:\windows\system32\dtw5d\WRConsumerService_UAs006.dat
c:\windows\system32\eajmcaqr.ini
c:\windows\system32\eavgnqxb.ini
c:\windows\system32\fnlnnxkd.ini
c:\windows\system32\fuaemkmi.ini
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\jlypdaqj.ini
c:\windows\system32\jthbfeco.ini
c:\windows\system32\kkrdrdov.ini
c:\windows\system32\kmnpo.ini
c:\windows\system32\kmnpo.ini2
c:\windows\system32\kmqqtnnx.ini
c:\windows\system32\korlg.ini
c:\windows\system32\kxthncxa.ini
c:\windows\system32\ldshyr.old
c:\windows\system32\lppicnkm.ini
c:\windows\system32\lujjfygo.ini
c:\windows\system32\nwklr.ini
c:\windows\system32\nwpp.ini
c:\windows\system32\nwwlnt.ini
c:\windows\system32\odqcsuqf.ini
c:\windows\system32\plrwlcuh.ini
c:\windows\system32\ppdnp.ini
c:\windows\system32\pporlg.ini
c:\windows\system32\slkciwnr.ini
c:\windows\system32\UAs\AcroRd32_UAs001.dat
c:\windows\system32\UAs\crashreporter_UAs001.dat
c:\windows\system32\UAs\divx player_UAs001.dat
c:\windows\system32\UAs\Explorer_UAs001.dat
c:\windows\system32\UAs\Explorer_UAs002.dat
c:\windows\system32\UAs\firefox_UAs001.dat
c:\windows\system32\UAs\firefox_UAs002.dat
c:\windows\system32\UAs\firefox_UAs003.dat
c:\windows\system32\UAs\fireworks_UAs001.dat
c:\windows\system32\UAs\iexplore_UAs001.dat
c:\windows\system32\UAs\iexplore_UAs002.dat
c:\windows\system32\UAs\iexplore_UAs003.dat
c:\windows\system32\UAs\iexplore_UAs004.dat
c:\windows\system32\UAs\iexplore_UAs005.dat
c:\windows\system32\UAs\iexplore_UAs006.dat
c:\windows\system32\UAs\iexplore_UAs007.dat
c:\windows\system32\UAs\javaw_UAs001.dat
c:\windows\system32\UAs\jre-6u13-windows-i586-p-iftw_13974002_UAs001.dat
c:\windows\system32\UAs\jre-6u13-windows-i586-p-iftw_13974002_UAs002.dat
c:\windows\system32\UAs\jre-6u14-windows-i586-iftw-rv_UAs001.dat
c:\windows\system32\UAs\jre-6u14-windows-i586-iftw-rv_UAs002.dat
c:\windows\system32\UAs\jucheck_UAs001.dat
c:\windows\system32\UAs\jusched_UAs001.dat
c:\windows\system32\UAs\launchpad_UAs001.dat
c:\windows\system32\UAs\LUCOMS~1_UAs001.dat
c:\windows\system32\UAs\LUCOMS~1_UAs002.dat
c:\windows\system32\UAs\LUCOMS~1_UAs003.dat
c:\windows\system32\UAs\LUCOMS~1_UAs004.dat
c:\windows\system32\UAs\LUCOMS~1_UAs005.dat
c:\windows\system32\UAs\LUCOMS~1_UAs006.dat
c:\windows\system32\UAs\LUCOMS~1_UAs007.dat
c:\windows\system32\UAs\LUCOMS~1_UAs008.dat
c:\windows\system32\UAs\LUCOMS~1_UAs009.dat
c:\windows\system32\UAs\LUCOMS~1_UAs010.dat
c:\windows\system32\UAs\LUCOMS~1_UAs011.dat
c:\windows\system32\UAs\LUCOMS~1_UAs012.dat
c:\windows\system32\UAs\LUCOMS~1_UAs013.dat
c:\windows\system32\UAs\LUCOMS~1_UAs014.dat
c:\windows\system32\UAs\LUCOMS~1_UAs015.dat
c:\windows\system32\UAs\LUCOMS~1_UAs016.dat
c:\windows\system32\UAs\LUCOMS~1_UAs017.dat
c:\windows\system32\UAs\LUCOMS~1_UAs018.dat
c:\windows\system32\UAs\LUCOMS~1_UAs019.dat
c:\windows\system32\UAs\LUCOMS~1_UAs020.dat
c:\windows\system32\UAs\LUCOMS~1_UAs021.dat
c:\windows\system32\UAs\LUCOMS~1_UAs022.dat
c:\windows\system32\UAs\LUCOMS~1_UAs023.dat
c:\windows\system32\UAs\LUCOMS~1_UAs024.dat
c:\windows\system32\UAs\LUCOMS~1_UAs025.dat
c:\windows\system32\UAs\LUCOMS~1_UAs026.dat
c:\windows\system32\UAs\LUCOMS~1_UAs027.dat
c:\windows\system32\UAs\LUCOMS~1_UAs028.dat
c:\windows\system32\UAs\LUCOMS~1_UAs029.dat
c:\windows\system32\UAs\LUCOMS~1_UAs030.dat
c:\windows\system32\UAs\LUCOMS~1_UAs031.dat
c:\windows\system32\UAs\LUCOMS~1_UAs032.dat
c:\windows\system32\UAs\LUCOMS~1_UAs033.dat
c:\windows\system32\UAs\LUCOMS~1_UAs034.dat
c:\windows\system32\UAs\LUCOMS~1_UAs035.dat
c:\windows\system32\UAs\LUCOMS~1_UAs036.dat
c:\windows\system32\UAs\LUCOMS~1_UAs037.dat
c:\windows\system32\UAs\LUCOMS~1_UAs038.dat
c:\windows\system32\UAs\LUCOMS~1_UAs039.dat
c:\windows\system32\UAs\LUCOMS~1_UAs040.dat
c:\windows\system32\UAs\LUCOMS~1_UAs041.dat
c:\windows\system32\UAs\LUCOMS~1_UAs042.dat
c:\windows\system32\UAs\LUCOMS~1_UAs043.dat
c:\windows\system32\UAs\LUCOMS~1_UAs044.dat
c:\windows\system32\UAs\LUCOMS~1_UAs045.dat
c:\windows\system32\UAs\LUCOMS~1_UAs046.dat
c:\windows\system32\UAs\LUCOMS~1_UAs047.dat
c:\windows\system32\UAs\LUCOMS~1_UAs048.dat
c:\windows\system32\UAs\LUCOMS~1_UAs049.dat
c:\windows\system32\UAs\LUCOMS~1_UAs050.dat
c:\windows\system32\UAs\LUCOMS~1_UAs051.dat
c:\windows\system32\UAs\LUCOMS~1_UAs052.dat
c:\windows\system32\UAs\LUCOMS~1_UAs053.dat
c:\windows\system32\UAs\LUCOMS~1_UAs054.dat
c:\windows\system32\UAs\LUCOMS~1_UAs055.dat
c:\windows\system32\UAs\LUCOMS~1_UAs056.dat
c:\windows\system32\UAs\LUCOMS~1_UAs057.dat
c:\windows\system32\UAs\LUCOMS~1_UAs058.dat
c:\windows\system32\UAs\LUCOMS~1_UAs059.dat
c:\windows\system32\UAs\LUCOMS~1_UAs060.dat
c:\windows\system32\UAs\LUCOMS~1_UAs061.dat
c:\windows\system32\UAs\LUCOMS~1_UAs062.dat
c:\windows\system32\UAs\LUCOMS~1_UAs063.dat
c:\windows\system32\UAs\LUCOMS~1_UAs064.dat
c:\windows\system32\UAs\LUCOMS~1_UAs065.dat
c:\windows\system32\UAs\LUCOMS~1_UAs066.dat
c:\windows\system32\UAs\LUCOMS~1_UAs067.dat
c:\windows\system32\UAs\LUCOMS~1_UAs068.dat
c:\windows\system32\UAs\LUCOMS~1_UAs069.dat
c:\windows\system32\UAs\LUCOMS~1_UAs070.dat
c:\windows\system32\UAs\LUCOMS~1_UAs071.dat
c:\windows\system32\UAs\LUCOMS~1_UAs072.dat
c:\windows\system32\UAs\LUCOMS~1_UAs073.dat
c:\windows\system32\UAs\LUCOMS~1_UAs074.dat
c:\windows\system32\UAs\LUCOMS~1_UAs075.dat
c:\windows\system32\UAs\LUCOMS~1_UAs076.dat
c:\windows\system32\UAs\LUCOMS~1_UAs077.dat
c:\windows\system32\UAs\LUCOMS~1_UAs078.dat
c:\windows\system32\UAs\LUCOMS~1_UAs079.dat
c:\windows\system32\UAs\LUCOMS~1_UAs080.dat
c:\windows\system32\UAs\LUCOMS~1_UAs081.dat
c:\windows\system32\UAs\LUCOMS~1_UAs082.dat
c:\windows\system32\UAs\LUCOMS~1_UAs083.dat
c:\windows\system32\UAs\LUCOMS~1_UAs084.dat
c:\windows\system32\UAs\LUCOMS~1_UAs085.dat
c:\windows\system32\UAs\LUCOMS~1_UAs086.dat
c:\windows\system32\UAs\LUCOMS~1_UAs087.dat
c:\windows\system32\UAs\LUCOMS~1_UAs088.dat
c:\windows\system32\UAs\LUCOMS~1_UAs089.dat
c:\windows\system32\UAs\LUCOMS~1_UAs090.dat
c:\windows\system32\UAs\LUCOMS~1_UAs091.dat
c:\windows\system32\UAs\LUCOMS~1_UAs092.dat
c:\windows\system32\UAs\LUCOMS~1_UAs093.dat
c:\windows\system32\UAs\LUCOMS~1_UAs094.dat
c:\windows\system32\UAs\LUCOMS~1_UAs095.dat
c:\windows\system32\UAs\LUCOMS~1_UAs096.dat
c:\windows\system32\UAs\LUCOMS~1_UAs097.dat
c:\windows\system32\UAs\LUCOMS~1_UAs098.dat
c:\windows\system32\UAs\LUCOMS~1_UAs099.dat
c:\windows\system32\UAs\LUCOMS~1_UAs100.dat
c:\windows\system32\UAs\LUCOMS~1_UAs101.dat
c:\windows\system32\UAs\LUCOMS~1_UAs102.dat
c:\windows\system32\UAs\LUCOMS~1_UAs103.dat
c:\windows\system32\UAs\LUCOMS~1_UAs104.dat
c:\windows\system32\UAs\LUCOMS~1_UAs105.dat
c:\windows\system32\UAs\LUCOMS~1_UAs106.dat
c:\windows\system32\UAs\LUCOMS~1_UAs107.dat
c:\windows\system32\UAs\LUCOMS~1_UAs108.dat
c:\windows\system32\UAs\LUCOMS~1_UAs109.dat
c:\windows\system32\UAs\LUCOMS~1_UAs110.dat
c:\windows\system32\UAs\LUCOMS~1_UAs111.dat
c:\windows\system32\UAs\LUCOMS~1_UAs112.dat
c:\windows\system32\UAs\LUCOMS~1_UAs113.dat
c:\windows\system32\UAs\LUCOMS~1_UAs114.dat
c:\windows\system32\UAs\LUCOMS~1_UAs115.dat
c:\windows\system32\UAs\LUCOMS~1_UAs116.dat
c:\windows\system32\UAs\LUCOMS~1_UAs117.dat
c:\windows\system32\UAs\LUCOMS~1_UAs118.dat
c:\windows\system32\UAs\LUCOMS~1_UAs119.dat
c:\windows\system32\UAs\LUCOMS~1_UAs120.dat
c:\windows\system32\UAs\LUCOMS~1_UAs121.dat
c:\windows\system32\UAs\LUCOMS~1_UAs122.dat
c:\windows\system32\UAs\LUCOMS~1_UAs123.dat
c:\windows\system32\UAs\LUCOMS~1_UAs124.dat
c:\windows\system32\UAs\LUCOMS~1_UAs125.dat
c:\windows\system32\UAs\LUCOMS~1_UAs126.dat
c:\windows\system32\UAs\LUCOMS~1_UAs127.dat
c:\windows\system32\UAs\LUCOMS~1_UAs128.dat
c:\windows\system32\UAs\LUCOMS~1_UAs129.dat
c:\windows\system32\UAs\LUCOMS~1_UAs130.dat
c:\windows\system32\UAs\LUCOMS~1_UAs131.dat
c:\windows\system32\UAs\LUCOMS~1_UAs132.dat
c:\windows\system32\UAs\LUCOMS~1_UAs133.dat
c:\windows\system32\UAs\LUCOMS~1_UAs134.dat
c:\windows\system32\UAs\LUCOMS~1_UAs135.dat
c:\windows\system32\UAs\LUCOMS~1_UAs136.dat
c:\windows\system32\UAs\LUCOMS~1_UAs137.dat
c:\windows\system32\UAs\LUCOMS~1_UAs138.dat
c:\windows\system32\UAs\LUCOMS~1_UAs139.dat
c:\windows\system32\UAs\LUCOMS~1_UAs140.dat
c:\windows\system32\UAs\LUCOMS~1_UAs141.dat
c:\windows\system32\UAs\LUCOMS~1_UAs142.dat
c:\windows\system32\UAs\LUCOMS~1_UAs143.dat
c:\windows\system32\UAs\LUCOMS~1_UAs144.dat
c:\windows\system32\UAs\LUCOMS~1_UAs145.dat
c:\windows\system32\UAs\LUCOMS~1_UAs146.dat
c:\windows\system32\UAs\LUCOMS~1_UAs147.dat
c:\windows\system32\UAs\LUCOMS~1_UAs148.dat
c:\windows\system32\UAs\LUCOMS~1_UAs149.dat
c:\windows\system32\UAs\LUCOMS~1_UAs150.dat
c:\windows\system32\UAs\LUCOMS~1_UAs151.dat
c:\windows\system32\UAs\LUCOMS~1_UAs152.dat
c:\windows\system32\UAs\LUCOMS~1_UAs153.dat
c:\windows\system32\UAs\LUCOMS~1_UAs154.dat
c:\windows\system32\UAs\LUCOMS~1_UAs155.dat
c:\windows\system32\UAs\LUCOMS~1_UAs156.dat
c:\windows\system32\UAs\LUCOMS~1_UAs157.dat
c:\windows\system32\UAs\LUCOMS~1_UAs158.dat
c:\windows\system32\UAs\LUCOMS~1_UAs159.dat
c:\windows\system32\UAs\LUCOMS~1_UAs160.dat
c:\windows\system32\UAs\LUCOMS~1_UAs161.dat
c:\windows\system32\UAs\LUCOMS~1_UAs162.dat
c:\windows\system32\UAs\LUCOMS~1_UAs163.dat
c:\windows\system32\UAs\LUCOMS~1_UAs164.dat
c:\windows\system32\UAs\LUCOMS~1_UAs165.dat
c:\windows\system32\UAs\LUCOMS~1_UAs166.dat
c:\windows\system32\UAs\LUCOMS~1_UAs167.dat
c:\windows\system32\UAs\LUCOMS~1_UAs168.dat
c:\windows\system32\UAs\LUCOMS~1_UAs169.dat
c:\windows\system32\UAs\LUCOMS~1_UAs170.dat
c:\windows\system32\UAs\LUCOMS~1_UAs171.dat
c:\windows\system32\UAs\LUCOMS~1_UAs172.dat
c:\windows\system32\UAs\LUCOMS~1_UAs173.dat
c:\windows\system32\UAs\LUCOMS~1_UAs174.dat
c:\windows\system32\UAs\LUCOMS~1_UAs175.dat
c:\windows\system32\UAs\LUCOMS~1_UAs176.dat
c:\windows\system32\UAs\LUCOMS~1_UAs177.dat
c:\windows\system32\UAs\LUCOMS~1_UAs178.dat
c:\windows\system32\UAs\LUCOMS~1_UAs179.dat
c:\windows\system32\UAs\LUCOMS~1_UAs180.dat
c:\windows\system32\UAs\LUCOMS~1_UAs181.dat
c:\windows\system32\UAs\LUCOMS~1_UAs182.dat
c:\windows\system32\UAs\LUCOMS~1_UAs183.dat
c:\windows\system32\UAs\LUCOMS~1_UAs184.dat
c:\windows\system32\UAs\LUCOMS~1_UAs185.dat
c:\windows\system32\UAs\LUCOMS~1_UAs186.dat
c:\windows\system32\UAs\LUCOMS~1_UAs187.dat
c:\windows\system32\UAs\LUCOMS~1_UAs188.dat
c:\windows\system32\UAs\LUCOMS~1_UAs189.dat
c:\windows\system32\UAs\LUCOMS~1_UAs190.dat
c:\windows\system32\UAs\LUCOMS~1_UAs191.dat
c:\windows\system32\UAs\LUCOMS~1_UAs192.dat
c:\windows\system32\UAs\LUCOMS~1_UAs193.dat
c:\windows\system32\UAs\LUCOMS~1_UAs194.dat
c:\windows\system32\UAs\LUCOMS~1_UAs195.dat
c:\windows\system32\UAs\LUCOMS~1_UAs196.dat
c:\windows\system32\UAs\LUCOMS~1_UAs197.dat
c:\windows\system32\UAs\LUCOMS~1_UAs198.dat
c:\windows\system32\UAs\LUCOMS~1_UAs199.dat
c:\windows\system32\UAs\LUCOMS~1_UAs200.dat
c:\windows\system32\UAs\LUCOMS~1_UAs201.dat
c:\windows\system32\UAs\LUCOMS~1_UAs202.dat
c:\windows\system32\UAs\LUCOMS~1_UAs203.dat
c:\windows\system32\UAs\LUCOMS~1_UAs204.dat
c:\windows\system32\UAs\LUCOMS~1_UAs205.dat
c:\windows\system32\UAs\LUCOMS~1_UAs206.dat
c:\windows\system32\UAs\LUCOMS~1_UAs207.dat
c:\windows\system32\UAs\LUCOMS~1_UAs208.dat
c:\windows\system32\UAs\LUCOMS~1_UAs209.dat
c:\windows\system32\UAs\LUCOMS~1_UAs210.dat
c:\windows\system32\UAs\LUCOMS~1_UAs211.dat
c:\windows\system32\UAs\LUCOMS~1_UAs212.dat
c:\windows\system32\UAs\LUCOMS~1_UAs213.dat
c:\windows\system32\UAs\LUCOMS~1_UAs214.dat
c:\windows\system32\UAs\LUCOMS~1_UAs215.dat
c:\windows\system32\UAs\LUCOMS~1_UAs216.dat
c:\windows\system32\UAs\LUCOMS~1_UAs217.dat
c:\windows\system32\UAs\LUCOMS~1_UAs218.dat
c:\windows\system32\UAs\LUCOMS~1_UAs219.dat
c:\windows\system32\UAs\LUCOMS~1_UAs220.dat
c:\windows\system32\UAs\LUCOMS~1_UAs221.dat
c:\windows\system32\UAs\LUCOMS~1_UAs222.dat
c:\windows\system32\UAs\LUCOMS~1_UAs223.dat
c:\windows\system32\UAs\LUCOMS~1_UAs224.dat
c:\windows\system32\UAs\LUCOMS~1_UAs225.dat
c:\windows\system32\UAs\LUCOMS~1_UAs226.dat
c:\windows\system32\UAs\LUCOMS~1_UAs227.dat
c:\windows\system32\UAs\LUCOMS~1_UAs228.dat
c:\windows\system32\UAs\LUCOMS~1_UAs229.dat
c:\windows\system32\UAs\LUCOMS~1_UAs230.dat
c:\windows\system32\UAs\LUCOMS~1_UAs231.dat
c:\windows\system32\UAs\LUCOMS~1_UAs232.dat
c:\windows\system32\UAs\LUCOMS~1_UAs233.dat
c:\windows\system32\UAs\LUCOMS~1_UAs234.dat
c:\windows\system32\UAs\LUCOMS~1_UAs235.dat
c:\windows\system32\UAs\LUCOMS~1_UAs236.dat
c:\windows\system32\UAs\LUCOMS~1_UAs237.dat
c:\windows\system32\UAs\LUCOMS~1_UAs238.dat
c:\windows\system32\UAs\LUCOMS~1_UAs239.dat
c:\windows\system32\UAs\LUCOMS~1_UAs240.dat
c:\windows\system32\UAs\LUCOMS~1_UAs241.dat
c:\windows\system32\UAs\LUCOMS~1_UAs242.dat
c:\windows\system32\UAs\LUCOMS~1_UAs243.dat
c:\windows\system32\UAs\LUCOMS~1_UAs244.dat
c:\windows\system32\UAs\LUCOMS~1_UAs245.dat
c:\windows\system32\UAs\LUCOMS~1_UAs246.dat
c:\windows\system32\UAs\LUCOMS~1_UAs247.dat
c:\windows\system32\UAs\LUCOMS~1_UAs248.dat
c:\windows\system32\UAs\LUCOMS~1_UAs249.dat
c:\windows\system32\UAs\LUCOMS~1_UAs250.dat
c:\windows\system32\UAs\LUCOMS~1_UAs251.dat
c:\windows\system32\UAs\LUCOMS~1_UAs252.dat
c:\windows\system32\UAs\LUCOMS~1_UAs253.dat
c:\windows\system32\UAs\LUCOMS~1_UAs254.dat
c:\windows\system32\UAs\LUCOMS~1_UAs255.dat
c:\windows\system32\UAs\LUCOMS~1_UAs256.dat
c:\windows\system32\UAs\LUCOMS~1_UAs257.dat
c:\windows\system32\UAs\LUCOMS~1_UAs258.dat
c:\windows\system32\UAs\LUCOMS~1_UAs259.dat
c:\windows\system32\UAs\LUCOMS~1_UAs260.dat
c:\windows\system32\UAs\LUCOMS~1_UAs261.dat
c:\windows\system32\UAs\LUCOMS~1_UAs262.dat
c:\windows\system32\UAs\LUCOMS~1_UAs263.dat
c:\windows\system32\UAs\LUCOMS~1_UAs264.dat
c:\windows\system32\UAs\LUCOMS~1_UAs265.dat
c:\windows\system32\UAs\LUCOMS~1_UAs266.dat
c:\windows\system32\UAs\LUCOMS~1_UAs267.dat
c:\windows\system32\UAs\LUCOMS~1_UAs268.dat
c:\windows\system32\UAs\LUCOMS~1_UAs269.dat
c:\windows\system32\UAs\LUCOMS~1_UAs270.dat
c:\windows\system32\UAs\LUCOMS~1_UAs271.dat
c:\windows\system32\UAs\LUCOMS~1_UAs272.dat
c:\windows\system32\UAs\LUCOMS~1_UAs273.dat
c:\windows\system32\UAs\LUCOMS~1_UAs274.dat
c:\windows\system32\UAs\LUCOMS~1_UAs275.dat
c:\windows\system32\UAs\LUCOMS~1_UAs276.dat
c:\windows\system32\UAs\LUCOMS~1_UAs277.dat
c:\windows\system32\UAs\LUCOMS~1_UAs278.dat
c:\windows\system32\UAs\LUCOMS~1_UAs279.dat
c:\windows\system32\UAs\LUCOMS~1_UAs280.dat
c:\windows\system32\UAs\LUCOMS~1_UAs281.dat
c:\windows\system32\UAs\LUCOMS~1_UAs282.dat
c:\windows\system32\UAs\LUCOMS~1_UAs283.dat
c:\windows\system32\UAs\LUCOMS~1_UAs284.dat
c:\windows\system32\UAs\LUCOMS~1_UAs285.dat
c:\windows\system32\UAs\LUCOMS~1_UAs286.dat
c:\windows\system32\UAs\LUCOMS~1_UAs287.dat
c:\windows\system32\UAs\LUCOMS~1_UAs288.dat
c:\windows\system32\UAs\LUCOMS~1_UAs289.dat
c:\windows\system32\UAs\LUCOMS~1_UAs290.dat
c:\windows\system32\UAs\LUCOMS~1_UAs291.dat
c:\windows\system32\UAs\LUCOMS~1_UAs292.dat
c:\windows\system32\UAs\LUCOMS~1_UAs293.dat
c:\windows\system32\UAs\LUCOMS~1_UAs294.dat
c:\windows\system32\UAs\LUCOMS~1_UAs295.dat
c:\windows\system32\UAs\LUCOMS~1_UAs296.dat
c:\windows\system32\UAs\mbam_UAs001.dat
c:\windows\system32\UAs\mbam_UAs002.dat
c:\windows\system32\UAs\msiexec_UAs001.dat
c:\windows\system32\UAs\msnmsgr_UAs001.dat
c:\windows\system32\UAs\msnmsgr_UAs002.dat
c:\windows\system32\UAs\msnmsgr_UAs003.dat
c:\windows\system32\UAs\msnmsgr_UAs004.dat
c:\windows\system32\UAs\MSTORDB_UAs001.dat
c:\windows\system32\UAs\softwareupdate_UAs001.dat
c:\windows\system32\UAs\spysweeperregsetup_en[1]_UAs001.dat
c:\windows\system32\UAs\spysweeperregsetup_en_UAs001.dat
c:\windows\system32\UAs\ssupdate_UAs001.dat
c:\windows\system32\UAs\superantispyware_UAs001.dat
c:\windows\system32\UAs\superantispyware_UAs002.dat
c:\windows\system32\UAs\viewmgr_UAs001.dat
c:\windows\system32\UAs\wgatray_UAs001.dat
c:\windows\system32\UAs\wgatray_UAs002.dat
c:\windows\system32\UAs\winword_UAs001.dat
c:\windows\system32\UAs\wmplayer_UAs001.dat
c:\windows\system32\UAs\WRConsumerService_UAs001.dat
c:\windows\system32\UAs\WRConsumerService_UAs002.dat
c:\windows\system32\UAs\WRConsumerService_UAs003.dat
c:\windows\system32\UAs\WRConsumerService_UAs004.dat
c:\windows\system32\UAs\WRConsumerService_UAs005.dat
c:\windows\system32\UAs\WRConsumerService_UAs006.dat
c:\windows\system32\webidbju.ini
c:\windows\system32\windmlp.ini
c:\windows\system32\worlg.ini
c:\windows\system32\xdodcwqf.ini
c:\windows\system32\xpqchjfg.ini
c:\windows\system32\ykedmpuy.ini
c:\windows\system32\ylbgtlng.ini
c:\windows\system32\ypjdjmnk.ini
c:\windows\system32\yuopsrpl.ini
C:\xcrashdump.dat

c:\windows\system32\powrprof.dll . . . is infected!!

Infected copy of c:\windows\system32\wininet.dll was found and disinfected
Restored copy from - c:\windows\ie8\wininet.dll

.
((((((((((((((((((((((((( Files Created from 2009-05-19 to 2009-06-19 )))))))))))))))))))))))))))))))
.

2009-06-15 04:52 . 2009-06-15 04:52 152576 ----a-w- c:\documents and settings\USER\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-10 05:30 . 2009-06-10 05:30 -------- d-----w- c:\documents and settings\USER\Application Data\Malwarebytes
2009-06-10 05:27 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-10 05:27 . 2009-06-10 05:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-10 05:26 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-10 05:25 . 2009-06-10 05:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-10 05:17 . 2009-06-10 05:19 -------- d-----w- c:\program files\ERUNT
2009-06-10 02:15 . 2009-06-10 02:15 -------- d-----w- c:\program files\Lavalys
2009-06-03 04:16 . 2009-06-03 04:24 -------- d-----w- c:\program files\CCleaner
2009-05-24 15:42 . 2009-05-24 21:19 -------- d-----w- c:\program files\EphPod
2009-05-24 15:22 . 2009-05-24 15:23 -------- d-----w- C:\47825acb8479d6acbfd9c94dc5a2fee5
2009-05-24 15:19 . 2009-05-24 15:19 -------- d-----w- C:\5115d97990deaea7a9c1

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-17 23:57 . 2007-12-12 14:03 -------- d-----w- c:\documents and settings\USER\Application Data\U3
2009-06-17 05:18 . 2009-01-17 02:07 -------- d-----w- c:\documents and settings\USER\Application Data\Orbit
2009-06-15 22:06 . 2009-03-26 00:28 117760 ----a-w- c:\documents and settings\USER\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-15 07:21 . 2009-03-21 04:53 651 ----a-w- c:\windows\system32\urhtps.dat
2009-06-15 07:13 . 2005-10-13 03:43 -------- d-----w- c:\program files\Java
2009-06-12 03:13 . 2008-10-15 14:46 -------- d-----w- c:\program files\Microsoft SQL Server
2009-06-11 05:24 . 2007-03-25 14:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-11 04:42 . 2008-10-15 14:33 -------- d-----w- c:\program files\Common Files\Merge Modules
2009-06-03 04:45 . 2009-01-20 02:16 -------- d-----w- c:\program files\Bonjour
2009-06-01 03:43 . 2009-02-02 20:50 -------- d-----w- c:\program files\VSO
2009-06-01 03:36 . 2009-02-02 20:50 -------- d-----w- c:\documents and settings\USER\Application Data\Vso
2009-06-01 03:35 . 2009-02-02 20:50 47360 ----a-w- c:\documents and settings\USER\Application Data\pcouffin.sys
2009-06-01 03:35 . 2009-02-02 20:50 47360 ----a-w- c:\documents and settings\USER\Application Data\pcouffin.sys
2009-05-29 02:48 . 2006-01-05 22:24 -------- d-----w- c:\program files\Sonic Foundry ACID 2.0
2009-05-24 15:49 . 2009-02-10 05:17 -------- d-----w- c:\program files\Unlocker
2009-05-21 15:33 . 2009-04-20 13:31 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-07 15:44 . 2004-08-04 07:56 344064 ----a-w- c:\windows\system32\localspl.dll
2009-05-04 00:53 . 2009-05-04 00:53 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-04-20 12:53 . 2009-04-20 12:53 152576 ----a-w- c:\documents and settings\USER\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-17 23:56 . 2004-08-04 07:56 21504 ----a-w- c:\windows\system32\powrprof.dll
2009-04-17 09:58 . 2004-08-04 06:17 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:11 . 2004-08-04 07:56 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2009-03-31 12:26 . 2009-03-31 12:15 164 ----a-w- c:\windows\install.dat
2007-01-29 00:21 . 2007-01-29 00:21 103 ----a-w- c:\program files\WS_FTP.LOG
2005-11-13 05:00 . 2005-11-13 05:00 987 ----a-w- c:\program files\.login
.

------- Sigcheck -------

[7] 2006-07-05 10:57 985088 0FDD84928A5DDE2510761B7EC76CCEC9 c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[7] 2007-04-16 16:07 986112 09F7CB3687F86EDAA4CA081F7AB66C03 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[7] 2009-03-21 13:54 989184 80202858D245FF07DAA1739C57A3E19B c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[7] 2009-03-21 13:59 991744 DA11D9D6ECBDF0F93436A4B7C13F7BEC c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[7] 2004-08-04 07:56 983552 888190E31455FAD793312F8D087146EB c:\windows\$NtUninstallKB917422$\kernel32.dll
[7] 2006-07-05 10:55 984064 D8DB5397DE07577C1CB50BA6D23B3AD4 c:\windows\$NtUninstallKB935839$\kernel32.dll
[-] 2009-03-18 00:40 992768 1084869E4493553BFD7720723D85F675 c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\kernel32.dll
[-] 2009-04-17 23:56 994304 0399FA8F6913310AE0FA2332D673DFFD c:\windows\system32\kernel32.dll
[-] 2009-04-17 23:56 994304 0399FA8F6913310AE0FA2332D673DFFD c:\windows\system32\dllcache\kernel32.dll

[-] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\powrprof.dll
[-] 2009-04-17 23:56 21504 4837DD37F86D9CE54524A4C605B0A174 c:\windows\system32\powrprof.dll
[-] 2009-04-17 23:56 21504 4837DD37F86D9CE54524A4C605B0A174 c:\windows\system32\dllcache\powrprof.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-03-05 21:02 238968 ----a-w- c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCTVOICE"="c:\windows\system32\pctspk.exe" [2002-06-05 167936]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-29 344064]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"SpySweeper"="c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" [2009-03-05 6308728]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" [2007-03-13 39264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9e.exe" [2007-11-21 218496]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
SiWake.lnk - c:\program files\Wireless LAN Utility\SiWake.exe [2006-2-21 155648]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-22 14:56 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TV Capture Remote Control.lnk]
backup=c:\windows\pss\TV Capture Remote Control.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ZDConfig.lnk]
backup=c:\windows\pss\ZDConfig.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^USER^Start Menu^Programs^Startup^Cyber-shot Viewer Media Check Tool.lnk]
backup=c:\windows\pss\Cyber-shot Viewer Media Check Tool.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^USER^Start Menu^Programs^Startup^Epson.lnk]
backup=c:\windows\pss\Epson.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eroca
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire 4.2.6\\LimeWire.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"=
"c:\\Program Files\\EA GAMES\\MOHAA\\MOHAA_server.exe"=
"c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\StubInstaller.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [1/18/2005 3:48 PM 9344]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [10/2/2008 5:15 AM 29808]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [5/28/2008 10:33 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/28/2008 10:33 AM 55024]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [12/19/2001 11:45 AM 8576]
R2 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [1/18/2005 3:48 PM 448640]
R2 BT848;MPEG.TV, WDM Video Capture;c:\windows\system32\drivers\BT848.sys [4/2/2005 9:10 PM 266180]
R2 BTTUNER;MPEG.TV, WDM TvTuner;c:\windows\system32\drivers\bttuner.sys [4/2/2005 9:11 PM 18944]
R2 BTXBAR;MPEG.TV, WDM Crossbar;c:\windows\system32\drivers\btxbar.sys [4/2/2005 9:12 PM 13308]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/11/2007 12:03 AM 24652]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [11/6/2008 1:23 AM 1178728]
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [2/21/2006 7:14 PM 215552]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [1/18/2005 3:34 PM 267136]
R3 SISNPF;SIS Netgroup Packet Filter;c:\windows\system32\drivers\sisnpf.sys [2/21/2006 7:14 PM 31872]
S2 Ca50xav;Icatch(V) Video Camera Device;c:\windows\system32\drivers\ca50xav.sys [12/25/2005 12:51 PM 515803]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/28/2008 10:33 AM 7408]
S3 USBCamera;Icatch(V) Still Camera Device;c:\windows\system32\drivers\Bulk50x.sys [12/25/2005 12:51 PM 10986]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]

2009-06-18 c:\windows\Tasks\WebReg Deskjet F4100 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2007-03-12 01:27]

2009-06-19 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-15 02:18]

2009-06-13 c:\windows\Tasks\wrSpySweeper_L4ED3112A779E42EFB4D58CBAD20CD638.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2008-11-06 21:10]

2009-06-13 c:\windows\Tasks\wrSpySweeper_L4ED3112A779E42EFB4D58CBAD20CD638.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2008-11-06 21:10]
.
- - - - ORPHANS REMOVED - - - -

BHO-{937C1028-3A2A-419E-8CC3-0B8DA063CB10} - (no file)
Notify-b05de451517 - c:\windows\System32\dx7vb32.dll
Notify-mljjgff - mljjgff.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://ca.yahoo.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-19 05:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(760)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1712)
c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Webroot\WebrootSecurity\SpySweeper.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Wireless LAN Utility\SiSCFG.exe
.
**************************************************************************
.
Completion time: 2009-06-19 5:11 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-19 09:11

Pre-Run: 4,097,466,368 bytes free
Post-Run: 3,912,413,184 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

1042 --- E O F --- 2009-06-12 03:45
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP