Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

AntivirusPro 2010 keeps coming back

Started by Mitiu , Oct 17 2009 10:18 AM

  • Please log in to reply

#1
Mitiu
Posted 17 October 2009 - 10:18 AM

Mitiu

    New Member

  • Member
  • Pip
  • 7 posts
Hi,
I have the following problem - I have the AntivirusPro 2010 installing itself permanently. I cleaned it with Malwarebytes, but it keeps poping out after the next restart. Sometimes my computer reboots by itself, giving me a service.sys error.
I had the braviax and cru629 before which I cleaned somehow, now it is the seres.exe modification. please help
  • 0

Advertisements

#2
kahdah
Posted 17 October 2009 - 12:08 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello Mitiu

Welcome to G2Go. :)
=====================
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Download This file. Note its name and save it to your root folder, such as C:\.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

  • 0

#3
Mitiu
Posted 18 October 2009 - 12:51 PM

Mitiu

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi,
thank you for the quick response. I have a problem with the GMER application - when scanning for files my laptop becomes overheated and shuts down. I have scanned everything without files option.

OTL.txt

OTL logfile created on: 18.10.2009 г. 21:21:26 - Run 4
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: dd.M.yyyy 'г.'

766,04 Mb Total Physical Memory | 408,58 Mb Available Physical Memory | 53,34% Memory free
2,02 Gb Paging File | 1,69 Gb Available in Paging File | 83,62% Paging File free
Paging file location(s): c:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93,16 Gb Total Space | 6,42 Gb Free Space | 6,89% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DIMITAR
Current User Name: Dimiter
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Atheros\ACU.exe (Atheros Communications, Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE (ATI Technologies Inc.)
PRC - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Belkin\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\System32\acs.exe (Atheros)
PRC - C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\System32\PAStiSvc.exe ()
PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (6to4 [Auto | Running]) -- C:\WINDOWS\System32\6to4svc.dll (Microsoft Corporation)
SRV - (ACS [Auto | Running]) -- C:\WINDOWS\System32\acs.exe (Atheros)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Disabled | Stopped]) -- File not found
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (avast! Antivirus [Disabled | Stopped]) -- File not found
SRV - (avast! Mail Scanner [Disabled | Stopped]) -- File not found
SRV - (avast! Web Scanner [Disabled | Stopped]) -- File not found
SRV - (bepldr [Disabled | Stopped]) -- C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe ()
SRV - (btwdins [Auto | Running]) -- C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (ccEvtMgr [Disabled | Stopped]) -- File not found
SRV - (ccPwdSvc [Disabled | Stopped]) -- File not found
SRV - (ccSetMgr [Disabled | Stopped]) -- File not found
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DefWatch [Disabled | Stopped]) -- File not found
SRV - (Diskeeper [Disabled | Stopped]) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
SRV - (EhttpSrv [On_Demand | Stopped]) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn [Auto | Running]) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (matlabserver [Disabled | Stopped]) -- File not found
SRV - (SavRoam [Disabled | Stopped]) -- File not found
SRV - (sdAuxService [On_Demand | Stopped]) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (sdCoreService [On_Demand | Stopped]) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (SNDSrvc [Disabled | Stopped]) -- File not found
SRV - (SPBBCSvc [Disabled | Stopped]) -- File not found
SRV - (STI Simulator [Auto | Running]) -- C:\WINDOWS\System32\PAStiSvc.exe ()
SRV - (Symantec AntiVirus [Disabled | Stopped]) -- File not found
SRV - (usnjsvc [Disabled | Stopped]) -- File not found
SRV - (WMPNetworkSvc [Disabled | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
DRV - (AR5211 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ar5211.sys (Atheros Communications, Inc.)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (btaudio [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTDriver [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\btport.sys (Broadcom Corporation.)
DRV - (BTKRNL [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWDNDIS [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\btwdndis.sys (Broadcom Corporation.)
DRV - (btwhid [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\btwhid.sys (Broadcom Corporation.)
DRV - (BTWUSB [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\btwusb.sys (Broadcom Corporation.)
DRV - (eamon [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\eamon.sys (ESET)
DRV - (ehdrv [System | Running]) -- C:\WINDOWS\System32\DRIVERS\ehdrv.sys (ESET)
DRV - (epfwtdir [System | Running]) -- C:\WINDOWS\System32\DRIVERS\epfwtdir.sys (ESET)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (Ntfs [Disabled | Running]) -- C:\WINDOWS\System32\drivers\ntfs.sys ()
DRV - (NwlnkIpx [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys (Microsoft Corporation)
DRV - (NwlnkNb [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys (Microsoft Corporation)
DRV - (PAC7311 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\PA707UCM.SYS (PixArt Imaging Inc.)
DRV - (pfc [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pfc.sys (Padus, Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\PxHelp20.sys (Sonic Solutions)
DRV - (rtl8139 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SCDEmu [System | Running]) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sptd [Boot | Stopped]) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (Tcpip6 [System | Running]) -- C:\WINDOWS\System32\DRIVERS\tcpip6.sys (Microsoft Corporation)
DRV - (TVICHW32 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\TVICHW32.SYS (EnTech Taiwan)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========



FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.08.14 22:29:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.08.14 22:29:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2009.10.18 20:30:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dimiter\Application Data\mozilla\Firefox\Profiles\f8ovkvmn.default\extensions
[2009.01.28 21:35:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dimiter\Application Data\mozilla\Firefox\Profiles\f8ovkvmn.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009.09.15 23:27:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dimiter\Application Data\mozilla\Firefox\Profiles\f8ovkvmn.default\extensions\{EE223D7A-F30F-11DD-8F0A-D2AD55D89593}
[2009.05.06 23:57:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dimiter\Application Data\mozilla\Firefox\Profiles\f8ovkvmn.default\extensions\[email protected]
[2008.02.16 20:01:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dimiter\Application Data\mozilla\Firefox\Profiles\f8ovkvmn.default\extensions\[email protected]
[2007.09.10 16:57:46 | 00,001,340 | ---- | M] () -- C:\Documents and Settings\Dimiter\Application Data\Mozilla\FireFox\Profiles\f8ovkvmn.default\searchplugins\bbc-news.xml
[2007.09.02 22:24:32 | 00,001,679 | ---- | M] () -- C:\Documents and Settings\Dimiter\Application Data\Mozilla\FireFox\Profiles\f8ovkvmn.default\searchplugins\imdb.xml
[2009.10.17 03:44:02 | 00,001,743 | ---- | M] () -- C:\Documents and Settings\Dimiter\Application Data\Mozilla\FireFox\Profiles\f8ovkvmn.default\searchplugins\kolibka.xml
[2007.09.10 01:33:00 | 00,001,312 | ---- | M] () -- C:\Documents and Settings\Dimiter\Application Data\Mozilla\FireFox\Profiles\f8ovkvmn.default\searchplugins\wikipedia-en.xml
[2009.09.15 12:52:57 | 00,001,336 | ---- | M] () -- C:\Documents and Settings\Dimiter\Application Data\Mozilla\FireFox\Profiles\f8ovkvmn.default\searchplugins\wiktionary-en.xml
[2008.06.08 18:01:53 | 00,002,109 | ---- | M] () -- C:\Documents and Settings\Dimiter\Application Data\Mozilla\FireFox\Profiles\f8ovkvmn.default\searchplugins\youtube-video-search.xml
[2009.10.18 20:30:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009.06.04 13:01:22 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008.07.14 00:10:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2007.09.09 21:15:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2009.06.04 13:01:22 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected]
[2009.06.04 13:01:07 | 00,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2009.06.04 13:01:07 | 00,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2009.06.04 13:01:07 | 00,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2009.06.04 13:01:09 | 00,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2009.06.04 13:01:09 | 00,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2007.07.27 02:03:34 | 00,717,312 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009.06.04 13:01:19 | 00,022,656 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2004.12.14 02:19:18 | 00,057,344 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008.07.07 17:31:03 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009.07.15 21:05:47 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009.07.15 21:05:47 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009.07.15 21:05:48 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009.07.15 21:05:48 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009.07.15 21:05:48 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009.07.15 21:05:48 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009.07.15 21:05:48 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008.07.07 17:31:31 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2008.07.07 17:30:51 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009.06.04 13:01:21 | 00,001,514 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009.06.04 13:01:21 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009.06.04 13:01:21 | 00,001,038 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009.06.04 13:01:21 | 00,001,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009.06.04 13:01:21 | 00,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009.06.04 13:01:21 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [ACU] C:\Program Files\Atheros\ACU.exe (Atheros Communications, Inc.)
O4 - HKLM..\Run: [Antivirus Pro 2010] C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe (vikbnerobeb)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Regedit32] C:\WINDOWS\System32\regedit.exe File not found
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\Belkin\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\Dimiter\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: SpecifyDefaultButtons = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html ()
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html ()
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {3BB4FE3B-7A37-11D3-A41E-0060080C03B3} http://vblu.uni-bocc...WClientFull.cab (Entire Screen Builder Web Viewer)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 78.90.87.1 213.240.241.253
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\System32\wpdshserviceobj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\Program Files\MarkAny\ContentSafer\MACSMANAGER.dll (MarkAny Cooperation.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.08.30 18:46:51 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009.10.08 17:19:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2009.10.14 01:16:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EarMaster
[2009.10.15 15:09:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sibelius Software
[2009.10.08 17:22:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dimiter\Application Data\CyberLink
[2009.10.15 15:09:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dimiter\Application Data\Sibelius Software
[2009.09.29 12:15:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dimiter\Application Data\Thinstall
[2009.10.08 15:06:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dimiter\Local Settings\Application Data\eSupport.com
[2009.10.08 16:08:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dimiter\Local Settings\Application Data\ratDVD
[2009.10.15 14:46:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dimiter\Local Settings\Application Data\Sibelius_Software_Ltd
[2009.10.18 20:29:11 | 00,000,000 | ---D | C] -- C:\Program Files\AntivirusPro_2010
[2009.10.06 23:45:59 | 00,000,000 | ---D | C] -- C:\Program Files\BackRex Expert Backup
[2009.10.03 19:06:17 | 00,000,000 | ---D | C] -- C:\Program Files\CPU Thermometer
[2009.10.08 17:17:56 | 00,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2009.10.14 01:16:49 | 00,000,000 | ---D | C] -- C:\Program Files\EarMaster School 5
[2009.10.15 17:58:17 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009.10.07 16:27:11 | 00,000,000 | ---D | C] -- C:\Program Files\MozBackup
[2009.10.08 15:56:14 | 00,000,000 | ---D | C] -- C:\Program Files\ratDVD
[2009.10.14 02:29:14 | 00,000,000 | ---D | C] -- C:\Program Files\Sibelius Software
[2009.10.08 17:11:53 | 00,000,000 | ---D | C] -- C:\Program Files\The KMPlayer
[2009.10.14 00:58:57 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009.10.18 20:29:15 | 00,169,472 | ---- | C] (Legal Corporation) -- C:\WINDOWS\System32\_scui.cpl
[2009.10.18 20:29:15 | 00,000,000 | ---D | C] -- C:\AntivirusPro_2010
[2009.10.17 21:55:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2009.10.17 13:31:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009.10.15 19:26:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2009.10.15 17:58:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009.10.15 13:33:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dimiter\My Documents\Scores
[2009.10.14 01:16:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dimiter\My Documents\EarMaster
[2009.10.10 22:31:34 | 00,000,000 | ---D | C] -- C:\Movies
[2009.10.08 17:19:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dimiter\My Documents\CyberLink
[2009.10.08 17:18:47 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll
[2009.10.08 17:12:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dimiter\My Documents\The KMPlayer
[2009.10.08 16:40:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dimiter\Desktop\details.php_files
[2009.10.08 16:27:42 | 00,000,000 | ---D | C] -- C:\WINXPCD
[2009.10.08 13:32:00 | 00,000,000 | ---D | C] -- C:\WinSetupFromUSB
[2009.10.06 23:48:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dimiter\My Documents\BR-091006-00
[2009.09.29 15:32:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dimiter\Desktop\Lidiya
[2009.09.29 13:35:05 | 01,224,704 | ---- | C] (German IT Development Ltd.) -- C:\Documents and Settings\Dimiter\Desktop\Heineken.exe

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009.10.18 21:20:00 | 00,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8A29E077-EB93-4313-B150-D4541E9396A1}.job
[2009.10.18 21:19:33 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009.10.18 21:19:31 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009.10.18 20:30:00 | 00,018,235 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\toky.bat
[2009.10.18 20:30:00 | 00,018,219 | ---- | M] () -- C:\WINDOWS\System32\rojix.reg
[2009.10.18 20:30:00 | 00,018,055 | ---- | M] () -- C:\WINDOWS\System32\ujad.dl
[2009.10.18 20:30:00 | 00,017,902 | ---- | M] () -- C:\WINDOWS\uxezup.pif
[2009.10.18 20:30:00 | 00,016,847 | ---- | M] () -- C:\WINDOWS\cuxiwowaro.bin
[2009.10.18 20:30:00 | 00,015,895 | ---- | M] () -- C:\Program Files\Common Files\ejefazit.inf
[2009.10.18 20:30:00 | 00,013,999 | ---- | M] () -- C:\WINDOWS\qytymocef.pif
[2009.10.18 20:30:00 | 00,012,715 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\uwymy.vbs
[2009.10.18 20:30:00 | 00,012,372 | ---- | M] () -- C:\WINDOWS\aheva.lib
[2009.10.18 20:30:00 | 00,011,529 | ---- | M] () -- C:\WINDOWS\oxyz.dl
[2009.10.18 20:30:00 | 00,010,422 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\kudydopa.dl
[2009.10.18 20:30:00 | 00,010,372 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ipacyw.scr
[2009.10.18 15:19:37 | 00,291,328 | ---- | M] () -- C:\sz5ru2vx.exe
[2009.10.18 15:19:37 | 00,291,328 | ---- | M] () -- C:\Documents and Settings\Dimiter\Desktop\sz5ru2vx.exe
[2009.10.18 14:43:15 | 00,028,160 | ---- | M] () -- C:\Documents and Settings\Dimiter\Desktop\II Job Description.doc
[2009.10.18 13:44:55 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009.10.18 01:39:46 | 00,170,496 | ---- | M] () -- C:\Documents and Settings\Dimiter\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.18 00:07:04 | 00,169,472 | ---- | M] (Legal Corporation) -- C:\WINDOWS\System32\_scui.cpl
[2009.10.17 13:27:47 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009.10.17 13:10:38 | 00,017,267 | ---- | M] () -- C:\WINDOWS\System32\utyvenewez.lib
[2009.10.17 13:10:38 | 00,011,106 | ---- | M] () -- C:\WINDOWS\System32\ilukevu.com
[2009.10.17 13:10:38 | 00,010,062 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\uvoqyd.lib
[2009.10.17 13:10:37 | 00,011,509 | ---- | M] () -- C:\Program Files\Common Files\equdykucer.dat
[2009.10.16 13:00:31 | 00,014,935 | ---- | M] () -- C:\WINDOWS\ijyvu.lib
[2009.10.15 18:54:52 | 00,018,198 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\vovos.dat
[2009.10.15 17:58:26 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Dimiter\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009.10.15 17:42:02 | 00,019,295 | ---- | M] () -- C:\WINDOWS\kivufosi.lib
[2009.10.15 17:42:02 | 00,018,601 | ---- | M] () -- C:\WINDOWS\jitunug.com
[2009.10.15 17:42:02 | 00,018,156 | ---- | M] () -- C:\WINDOWS\gesixygut.lib
[2009.10.15 17:42:02 | 00,014,930 | ---- | M] () -- C:\WINDOWS\ehoqycyv.lib
[2009.10.15 17:42:02 | 00,013,654 | ---- | M] () -- C:\Program Files\Common Files\ygymifu.dat
[2009.10.15 17:42:02 | 00,013,632 | ---- | M] () -- C:\Program Files\Common Files\ytyzuzyry.dat
[2009.10.15 17:42:02 | 00,013,039 | ---- | M] () -- C:\WINDOWS\System32\avehaw.db
[2009.10.15 17:42:02 | 00,011,095 | ---- | M] () -- C:\Program Files\Common Files\qesif.lib
[2009.10.15 16:36:17 | 00,017,333 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\uqyvumuji.lib
[2009.10.15 16:36:17 | 00,015,314 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ritara.db
[2009.10.15 16:36:17 | 00,014,822 | ---- | M] () -- C:\WINDOWS\lose.db
[2009.10.15 16:36:17 | 00,011,140 | ---- | M] () -- C:\WINDOWS\hycax.lib
[2009.10.15 15:09:50 | 00,000,604 | -H-- | M] () -- C:\Program Files\STLL Notifier
[2009.10.15 14:25:58 | 00,001,196 | ---- | M] () -- C:\WINDOWS\win.ini
[2009.10.15 14:25:58 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009.10.15 13:33:28 | 00,000,452 | ---- | M] () -- C:\WINDOWS\{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}_WiseFW.ini
[2009.10.15 13:33:13 | 00,001,814 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sibelius 6.lnk
[2009.10.15 11:54:28 | 00,018,948 | ---- | M] () -- C:\WINDOWS\synev.lib
[2009.10.15 11:54:28 | 00,018,530 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\wyhid.dat
[2009.10.15 11:54:28 | 00,011,934 | ---- | M] () -- C:\WINDOWS\System32\elujypozu.dat
[2009.10.14 14:15:14 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Dimiter\Desktop\HijackThis.lnk
[2009.10.14 14:01:06 | 00,031,768 | ---- | M] () -- C:\Documents and Settings\Dimiter\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009.10.14 14:00:35 | 00,140,440 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.10.13 19:45:17 | 00,000,077 | ---- | M] () -- C:\Documents and Settings\Dimiter\Desktop\Show Desktop.scf
[2009.10.12 13:49:10 | 00,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009.10.12 12:41:05 | 00,034,404 | ---- | M] () -- C:\Documents and Settings\Dimiter\Desktop\imbt-xvid-pe-cd2.srt
[2009.10.12 12:23:57 | 00,044,031 | ---- | M] () -- C:\Documents and Settings\Dimiter\Desktop\imbt-xvid-pe-cd1.srt
[2009.10.11 08:10:09 | 00,236,544 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009.10.08 17:31:05 | 00,006,950 | ---- | M] () -- C:\Documents and Settings\Dimiter\My Documents\PDVD_MediaDisc.PlayList
[2009.10.08 16:41:16 | 00,033,796 | ---- | M] () -- C:\Documents and Settings\Dimiter\Desktop\details.php.htm
[2009.10.08 16:07:49 | 00,000,676 | ---- | M] () -- C:\Documents and Settings\Dimiter\Desktop\ratDVD.lnk
[2009.10.08 15:06:47 | 00,001,050 | ---- | M] () -- C:\Documents and Settings\Dimiter\Desktop\BiosAgent Plus.lnk
[2009.10.08 13:32:10 | 00,000,631 | ---- | M] () -- C:\Documents and Settings\Dimiter\Desktop\WinSetupFromUSB.lnk
[2009.10.07 21:18:33 | 00,016,297 | ---- | M] () -- C:\WINDOWS\System32\uzucet.lib
[2009.10.07 21:18:33 | 00,011,771 | ---- | M] () -- C:\WINDOWS\yluhokuru.lib
[2009.10.07 16:28:35 | 06,166,971 | ---- | M] () -- C:\Documents and Settings\Dimiter\My Documents\Firefox 2.0.0.20 (en-US) - 2009-10-07.pcv
[2009.10.07 16:27:12 | 00,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MozBackup.lnk
[2009.10.06 23:46:01 | 00,001,593 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BackRex Expert Backup.lnk
[2009.10.06 21:35:42 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\agp440.sys
[2009.10.05 12:25:21 | 00,019,174 | ---- | M] () -- C:\Program Files\Common Files\ruhun.db
[2009.10.05 12:25:21 | 00,018,885 | ---- | M] () -- C:\Program Files\Common Files\amym.dat
[2009.10.05 12:25:21 | 00,013,115 | ---- | M] () -- C:\WINDOWS\inugofuk.com
[2009.10.05 12:25:21 | 00,013,012 | ---- | M] () -- C:\WINDOWS\anapox.com
[2009.10.05 12:25:21 | 00,012,190 | ---- | M] () -- C:\WINDOWS\zese.db
[2009.10.05 12:25:21 | 00,010,993 | ---- | M] () -- C:\WINDOWS\jogyjopudo.lib
[2009.10.03 19:58:03 | 00,000,977 | ---- | M] () -- C:\Documents and Settings\Dimiter\Desktop\Shortcut to Skype.exe.lnk
[2009.09.30 23:57:24 | 00,471,645 | ---- | M] () -- C:\Documents and Settings\Dimiter\Desktop\tripple.jpg
[2009.09.29 19:40:22 | 00,120,448 | ---- | M] () -- C:\Documents and Settings\Dimiter\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009.09.29 19:37:16 | 00,000,197 | ---- | M] () -- C:\Documents and Settings\Dimiter\My Documents\acad.err
[2009.09.29 13:35:08 | 01,224,704 | ---- | M] (German IT Development Ltd.) -- C:\Documents and Settings\Dimiter\Desktop\Heineken.exe
[2009.09.28 11:56:45 | 00,012,603 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\xowysikika.dat
[2009.09.26 17:16:17 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\Dimiter\Desktop\SANCO+SA+MEMO.xls
[2009.09.19 11:40:04 | 00,019,102 | ---- | M] () -- C:\Documents and Settings\Dimiter\Local Settings\Application Data\waxutama.lib
[2009.09.19 11:40:04 | 00,018,136 | ---- | M] () -- C:\WINDOWS\System32\wojuqe.lib
[2009.09.19 11:40:04 | 00,016,339 | ---- | M] () -- C:\WINDOWS\ymycevoput.lib
[2009.09.19 11:36:18 | 00,019,798 | ---- | M] () -- C:\Program Files\Common Files\uqojop.db
[2009.09.19 11:36:18 | 00,019,731 | ---- | M] () -- C:\Program Files\Common Files\ticemokyvy.db
[2009.09.19 11:36:18 | 00,017,837 | ---- | M] () -- C:\WINDOWS\System32\ebys.dat
[2009.09.19 11:36:18 | 00,011,709 | ---- | M] () -- C:\WINDOWS\quhotezo.lib
[2009.09.19 11:36:18 | 00,010,270 | ---- | M] () -- C:\Program Files\Common Files\gikiqicece.lib

========== Files - No Company Name ==========
[2009.10.18 20:30:00 | 00,018,235 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\toky.bat
[2009.10.18 20:30:00 | 00,018,219 | ---- | C] () -- C:\WINDOWS\System32\rojix.reg
[2009.10.18 20:30:00 | 00,018,055 | ---- | C] () -- C:\WINDOWS\System32\ujad.dl
[2009.10.18 20:30:00 | 00,017,902 | ---- | C] () -- C:\WINDOWS\uxezup.pif
[2009.10.18 20:30:00 | 00,016,847 | ---- | C] () -- C:\WINDOWS\cuxiwowaro.bin
[2009.10.18 20:30:00 | 00,015,895 | ---- | C] () -- C:\Program Files\Common Files\ejefazit.inf
[2009.10.18 20:30:00 | 00,013,999 | ---- | C] () -- C:\WINDOWS\qytymocef.pif
[2009.10.18 20:30:00 | 00,012,715 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\uwymy.vbs
[2009.10.18 20:30:00 | 00,012,372 | ---- | C] () -- C:\WINDOWS\aheva.lib
[2009.10.18 20:30:00 | 00,011,529 | ---- | C] () -- C:\WINDOWS\oxyz.dl
[2009.10.18 20:30:00 | 00,010,422 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\kudydopa.dl
[2009.10.18 20:30:00 | 00,010,372 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ipacyw.scr
[2009.10.18 15:20:08 | 00,291,328 | ---- | C] () -- C:\sz5ru2vx.exe
[2009.10.18 15:19:34 | 00,291,328 | ---- | C] () -- C:\Documents and Settings\Dimiter\Desktop\sz5ru2vx.exe
[2009.10.17 13:10:38 | 00,017,267 | ---- | C] () -- C:\WINDOWS\System32\utyvenewez.lib
[2009.10.17 13:10:38 | 00,011,106 | ---- | C] () -- C:\WINDOWS\System32\ilukevu.com
[2009.10.17 13:10:38 | 00,010,062 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\uvoqyd.lib
[2009.10.17 13:10:37 | 00,011,509 | ---- | C] () -- C:\Program Files\Common Files\equdykucer.dat
[2009.10.16 13:00:31 | 00,014,935 | ---- | C] () -- C:\WINDOWS\ijyvu.lib
[2009.10.15 20:02:15 | 00,236,544 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009.10.15 18:54:52 | 00,018,198 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\vovos.dat
[2009.10.15 17:58:26 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Dimiter\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009.10.15 17:42:02 | 00,019,295 | ---- | C] () -- C:\WINDOWS\kivufosi.lib
[2009.10.15 17:42:02 | 00,018,601 | ---- | C] () -- C:\WINDOWS\jitunug.com
[2009.10.15 17:42:02 | 00,018,156 | ---- | C] () -- C:\WINDOWS\gesixygut.lib
[2009.10.15 17:42:02 | 00,014,930 | ---- | C] () -- C:\WINDOWS\ehoqycyv.lib
[2009.10.15 17:42:02 | 00,013,654 | ---- | C] () -- C:\Program Files\Common Files\ygymifu.dat
[2009.10.15 17:42:02 | 00,013,632 | ---- | C] () -- C:\Program Files\Common Files\ytyzuzyry.dat
[2009.10.15 17:42:02 | 00,013,039 | ---- | C] () -- C:\WINDOWS\System32\avehaw.db
[2009.10.15 17:42:02 | 00,011,095 | ---- | C] () -- C:\Program Files\Common Files\qesif.lib
[2009.10.15 16:36:17 | 00,017,333 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\uqyvumuji.lib
[2009.10.15 16:36:17 | 00,015,314 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ritara.db
[2009.10.15 16:36:17 | 00,014,822 | ---- | C] () -- C:\WINDOWS\lose.db
[2009.10.15 16:36:17 | 00,011,140 | ---- | C] () -- C:\WINDOWS\hycax.lib
[2009.10.15 15:09:50 | 00,000,604 | -H-- | C] () -- C:\Program Files\STLL Notifier
[2009.10.15 13:33:13 | 00,001,814 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Sibelius 6.lnk
[2009.10.15 13:28:40 | 00,000,452 | ---- | C] () -- C:\WINDOWS\{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}_WiseFW.ini
[2009.10.15 11:54:28 | 00,018,948 | ---- | C] () -- C:\WINDOWS\synev.lib
[2009.10.15 11:54:28 | 00,018,530 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\wyhid.dat
[2009.10.15 11:54:28 | 00,011,934 | ---- | C] () -- C:\WINDOWS\System32\elujypozu.dat
[2009.10.14 01:37:27 | 00,044,031 | ---- | C] () -- C:\Documents and Settings\Dimiter\Desktop\imbt-xvid-pe-cd1.srt
[2009.10.14 01:37:27 | 00,034,404 | ---- | C] () -- C:\Documents and Settings\Dimiter\Desktop\imbt-xvid-pe-cd2.srt
[2009.10.14 00:58:59 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Dimiter\Desktop\HijackThis.lnk
[2009.10.13 19:45:17 | 00,000,077 | ---- | C] () -- C:\Documents and Settings\Dimiter\Desktop\Show Desktop.scf
[2009.10.11 13:45:55 | 00,028,160 | ---- | C] () -- C:\Documents and Settings\Dimiter\Desktop\II Job Description.doc
[2009.10.08 17:22:56 | 00,006,950 | ---- | C] () -- C:\Documents and Settings\Dimiter\My Documents\PDVD_MediaDisc.PlayList
[2009.10.08 16:41:16 | 00,033,796 | ---- | C] () -- C:\Documents and Settings\Dimiter\Desktop\details.php.htm
[2009.10.08 16:07:49 | 00,000,676 | ---- | C] () -- C:\Documents and Settings\Dimiter\Desktop\ratDVD.lnk
[2009.10.08 15:06:47 | 00,001,050 | ---- | C] () -- C:\Documents and Settings\Dimiter\Desktop\BiosAgent Plus.lnk
[2009.10.08 13:32:10 | 00,000,631 | ---- | C] () -- C:\Documents and Settings\Dimiter\Desktop\WinSetupFromUSB.lnk
[2009.10.07 21:18:33 | 00,016,297 | ---- | C] () -- C:\WINDOWS\System32\uzucet.lib
[2009.10.07 21:18:33 | 00,011,771 | ---- | C] () -- C:\WINDOWS\yluhokuru.lib
[2009.10.07 16:28:30 | 06,166,971 | ---- | C] () -- C:\Documents and Settings\Dimiter\My Documents\Firefox 2.0.0.20 (en-US) - 2009-10-07.pcv
[2009.10.07 16:27:12 | 00,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MozBackup.lnk
[2009.10.06 23:46:01 | 00,001,593 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BackRex Expert Backup.lnk
[2009.10.05 12:25:21 | 00,019,174 | ---- | C] () -- C:\Program Files\Common Files\ruhun.db
[2009.10.05 12:25:21 | 00,018,885 | ---- | C] () -- C:\Program Files\Common Files\amym.dat
[2009.10.05 12:25:21 | 00,013,115 | ---- | C] () -- C:\WINDOWS\inugofuk.com
[2009.10.05 12:25:21 | 00,013,012 | ---- | C] () -- C:\WINDOWS\anapox.com
[2009.10.05 12:25:21 | 00,012,190 | ---- | C] () -- C:\WINDOWS\zese.db
[2009.10.05 12:25:21 | 00,010,993 | ---- | C] () -- C:\WINDOWS\jogyjopudo.lib
[2009.10.03 19:58:03 | 00,000,977 | ---- | C] () -- C:\Documents and Settings\Dimiter\Desktop\Shortcut to Skype.exe.lnk
[2009.09.30 23:53:09 | 00,471,645 | ---- | C] () -- C:\Documents and Settings\Dimiter\Desktop\tripple.jpg
[2009.09.29 19:40:22 | 00,120,448 | ---- | C] () -- C:\Documents and Settings\Dimiter\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009.09.29 19:37:16 | 00,000,197 | ---- | C] () -- C:\Documents and Settings\Dimiter\My Documents\acad.err
[2009.09.28 11:56:45 | 00,012,603 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xowysikika.dat
[2009.09.26 17:16:09 | 00,027,648 | ---- | C] () -- C:\Documents and Settings\Dimiter\Desktop\SANCO+SA+MEMO.xls
[2009.09.19 11:40:04 | 00,019,102 | ---- | C] () -- C:\Documents and Settings\Dimiter\Local Settings\Application Data\waxutama.lib
[2009.09.19 11:40:04 | 00,018,136 | ---- | C] () -- C:\WINDOWS\System32\wojuqe.lib
[2009.09.19 11:40:04 | 00,016,339 | ---- | C] () -- C:\WINDOWS\ymycevoput.lib
[2009.09.19 11:36:18 | 00,019,798 | ---- | C] () -- C:\Program Files\Common Files\uqojop.db
[2009.09.19 11:36:18 | 00,019,731 | ---- | C] () -- C:\Program Files\Common Files\ticemokyvy.db
[2009.09.19 11:36:18 | 00,017,837 | ---- | C] () -- C:\WINDOWS\System32\ebys.dat
[2009.09.19 11:36:18 | 00,011,709 | ---- | C] () -- C:\WINDOWS\quhotezo.lib
[2009.09.19 11:36:18 | 00,010,270 | ---- | C] () -- C:\Program Files\Common Files\gikiqicece.lib
[2009.09.14 10:32:59 | 00,019,436 | ---- | C] () -- C:\Program Files\Common Files\hetenybo._dl
[2009.09.12 18:28:32 | 00,019,179 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\parunewo.dat
[2009.09.12 18:28:32 | 00,018,632 | ---- | C] () -- C:\Program Files\Common Files\xesaqog.dat
[2009.09.12 18:28:32 | 00,017,369 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\lubesymymo.exe
[2009.09.12 18:28:32 | 00,016,345 | ---- | C] () -- C:\Program Files\Common Files\zasul._dl
[2009.09.12 18:28:32 | 00,014,837 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\efasow.pif
[2009.09.11 16:57:11 | 00,018,421 | ---- | C] () -- C:\Documents and Settings\Dimiter\Application Data\xyxoda._dl
[2009.09.11 16:57:11 | 00,016,861 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ijypas.dl
[2009.09.11 16:57:11 | 00,016,414 | ---- | C] () -- C:\Documents and Settings\Dimiter\Local Settings\Application Data\axosufug._dl
[2009.09.11 16:57:11 | 00,016,345 | ---- | C] () -- C:\Documents and Settings\Dimiter\Local Settings\Application Data\ditela._sy
[2009.09.11 16:57:11 | 00,014,000 | ---- | C] () -- C:\Documents and Settings\Dimiter\Application Data\efare.lib
[2009.09.11 16:57:11 | 00,013,460 | ---- | C] () -- C:\Program Files\Common Files\ponicu.dl
[2009.09.11 16:57:11 | 00,012,628 | ---- | C] () -- C:\Program Files\Common Files\rosunep.bin
[2009.09.11 16:57:11 | 00,012,350 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\benit.sys
[2009.09.11 16:57:11 | 00,012,168 | ---- | C] () -- C:\Documents and Settings\Dimiter\Local Settings\Application Data\iroqiqakyq.db
[2009.09.11 16:57:11 | 00,011,976 | ---- | C] () -- C:\Documents and Settings\Dimiter\Application Data\tidexoqory.exe
[2009.09.11 16:57:11 | 00,011,031 | ---- | C] () -- C:\Program Files\Common Files\adulecir.exe
[2009.09.11 16:57:11 | 00,010,925 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\yvelen.pif
[2009.09.11 16:57:11 | 00,010,832 | ---- | C] () -- C:\Documents and Settings\Dimiter\Local Settings\Application Data\ysygi._sy
[2009.09.11 16:57:11 | 00,010,664 | ---- | C] () -- C:\WINDOWS\pihu.sys
[2009.09.11 16:57:11 | 00,010,098 | ---- | C] () -- C:\Program Files\Common Files\hadeke._dl
[2009.09.08 13:03:11 | 00,018,292 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\otydop.com
[2009.09.08 13:03:11 | 00,016,514 | ---- | C] () -- C:\Program Files\Common Files\asif.ban
[2009.09.08 13:03:11 | 00,015,736 | ---- | C] () -- C:\WINDOWS\System32\jogiwakes.sys
[2009.09.08 13:03:11 | 00,015,151 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\owodekego.pif
[2009.09.08 13:03:11 | 00,014,407 | ---- | C] () -- C:\Program Files\Common Files\giryqinywo.dat
[2009.09.08 13:03:11 | 00,012,578 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\heduk.db
[2009.09.08 13:03:11 | 00,010,424 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\uhiligisa._dl
[2009.09.07 12:11:52 | 00,014,841 | ---- | C] () -- C:\Program Files\Common Files\wykazydaho._dl
[2009.09.07 12:11:51 | 00,019,781 | ---- | C] () -- C:\Program Files\Common Files\udamog.bin
[2009.09.07 12:11:51 | 00,017,294 | ---- | C] () -- C:\Program Files\Common Files\uvidymuno.dl
[2009.09.07 12:11:51 | 00,016,567 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\igyhaf.ban
[2009.09.07 12:11:51 | 00,012,576 | ---- | C] () -- C:\Program Files\Common Files\enimezug.com
[2009.09.07 12:11:51 | 00,012,103 | ---- | C] () -- C:\Program Files\Common Files\emorexuca.bin
[2009.09.05 18:25:43 | 00,010,661 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\uvujuw.exe
[2009.09.05 18:25:42 | 00,017,513 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ewanu.exe
[2009.09.05 17:46:59 | 00,018,990 | ---- | C] () -- C:\Program Files\Common Files\pyrubi._sy
[2009.09.05 17:46:59 | 00,018,561 | ---- | C] () -- C:\Program Files\Common Files\yqazoceny.exe
[2009.09.05 17:46:59 | 00,018,313 | ---- | C] () -- C:\Documents and Settings\Dimiter\Application Data\bumisaxe.com
[2009.09.05 17:46:59 | 00,016,541 | ---- | C] () -- C:\Documents and Settings\Dimiter\Application Data\lome.dl
[2009.09.05 17:46:59 | 00,016,454 | ---- | C] () -- C:\Documents and Settings\Dimiter\Application Data\wopehox.com
[2009.09.05 17:46:59 | 00,011,794 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\novafy.exe
[2009.09.05 17:46:59 | 00,010,612 | ---- | C] () -- C:\Documents and Settings\Dimiter\Local Settings\Application Data\asyxykas.dat
[2009.09.05 17:43:06 | 00,019,845 | ---- | C] () -- C:\Documents and Settings\Dimiter\Local Settings\Application Data\ypacudap.lib
[2009.09.05 17:43:06 | 00,018,020 | ---- | C] () -- C:\Documents and Settings\Dimiter\Application Data\hahefy.pif
[2009.09.05 17:43:06 | 00,016,842 | ---- | C] () -- C:\Documents and Settings\Dimiter\Application Data\hysyx._dl
[2009.09.05 17:43:06 | 00,016,736 | ---- | C] () -- C:\Documents and Settings\Dimiter\Application Data\egeceg.dl
[2009.09.05 17:43:06 | 00,015,193 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\focaxetagu.scr
[2009.09.05 17:43:06 | 00,014,199 | ---- | C] () -- C:\Documents and Settings\Dimiter\Application Data\ecesohihe.pif
[2009.09.05 17:43:06 | 00,013,982 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\yfybiwumo.exe
[2009.09.05 17:43:06 | 00,012,021 | ---- | C] () -- C:\Program Files\Common Files\axyqij.com
[2009.09.05 12:59:41 | 00,019,447 | ---- | C] () -- C:\Documents and Settings\Dimiter\Application Data\gixit.lib
[2009.09.05 12:59:41 | 00,016,808 | ---- | C] () -- C:\WINDOWS\System32\isozulaja.dll
[2009.09.05 12:59:41 | 00,014,437 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\revo.dll
[2009.09.05 12:59:41 | 00,013,697 | ---- | C] () -- C:\Program Files\Common Files\oryrelofyv.pif
[2009.09.05 12:59:41 | 00,013,522 | ---- | C] () -- C:\Program Files\Common Files\ucunal.dat
[2009.09.05 12:59:41 | 00,011,609 | ---- | C] () -- C:\WINDOWS\xuhyh.sys
[2009.09.04 17:34:42 | 00,017,220 | ---- | C] () -- C:\Program Files\Common Files\hasebokyda.pif
[2009.09.04 17:34:42 | 00,016,003 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\qafu.scr
[2009.09.04 17:34:42 | 00,015,856 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ejyxas.ban
[2009.09.04 17:34:42 | 00,014,867 | ---- | C] () -- C:\Program Files\Common Files\dyweqyg._dl
[2009.09.04 17:34:42 | 00,010,422 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ufyb.pif
[2009.09.04 17:13:18 | 00,018,937 | ---- | C] () -- C:\Program Files\Common Files\suzepuda.db
[2009.09.04 17:13:18 | 00,016,728 | ---- | C] () -- C:\Program Files\Common Files\ahomezese.ban
[2009.09.04 17:13:18 | 00,015,147 | ---- | C] () -- C:\Program Files\Common Files\vogyqi.sys
[2009.09.04 17:13:18 | 00,014,995 | ---- | C] () -- C:\WINDOWS\bydusazyz.sys
[2009.09.04 17:13:18 | 00,012,844 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\enigyleki.ban
[2009.09.04 17:13:18 | 00,010,213 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xumedu.dll
[2009.09.04 14:33:59 | 00,018,803 | ---- | C] () -- C:\Program Files\Common Files\atusuqoh.exe
[2009.09.04 14:33:59 | 00,017,663 | ---- | C] () -- C:\Program Files\Common Files\etevy._dl
[2009.09.04 14:33:59 | 00,010,011 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\cibuqive.pif
[2009.09.03 12:19:26 | 00,019,553 | ---- | C] () -- C:\Program Files\Common Files\hynofoqemy.db
[2009.09.03 12:19:26 | 00,015,558 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\yqer.exe
[2009.09.03 12:19:26 | 00,012,703 | ---- | C] () -- C:\WINDOWS\System32\ywaxosa.sys
[2009.09.01 23:04:06 | 00,016,379 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\gavo.scr
[2009.09.01 23:04:06 | 00,015,245 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ekatupitos.bin
[2009.09.01 23:04:06 | 00,014,279 | ---- | C] () -- C:\Program Files\Common Files\radixahu._dl
[2009.09.01 23:04:06 | 00,011,492 | ---- | C] () -- C:\WINDOWS\akaxaka.sys
[2009.09.01 20:54:03 | 00,019,611 | ---- | C] () -- C:\Documents and Settings\Dimiter\Local Settings\Application Data\bokibelen.pif
[2009.09.01 20:54:03 | 00,018,214 | ---- | C] () -- C:\Documents and Settings\Dimiter\Application Data\zakyfif.ban
[2009.09.01 20:54:03 | 00,017,101 | ---- | C] () -- C:\Documents and Settings\Dimiter\Application Data\sypyjyc.exe
[2009.09.01 20:54:03 | 00,016,864 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\yfycajo.ban
[2009.09.01 20:54:03 | 00,015,844 | ---- | C] () -- C:\Documents and Settings\Dimiter\Application Data\tuwimew.dl
[2009.09.01 20:54:03 | 00,014,423 | ---- | C] () -- C:\Documents and Settings\Dimiter\Application Data\isorolep.bin
[2009.09.01 20:54:03 | 00,010,310 | ---- | C] () -- C:\Documents and Settings\Dimiter\Local Settings\Application Data\ivokazuqo.com
[2009.09.01 19:55:05 | 00,019,494 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\quqetakoxa.lib
[2009.09.01 19:55:05 | 00,013,131 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ityhequ.sys
[2009.09.01 19:55:05 | 00,010,338 | ---- | C] () -- C:\Program Files\Common Files\lyme.exe
[2009.09.01 15:40:02 | 00,839,680 | ---- | C] () -- C:\WINDOWS\System32\AxEImage.dll
[2009.09.01 15:40:02 | 00,663,552 | ---- | C] () -- C:\WINDOWS\System32\FreeImage.dll
[2009.08.26 14:56:09 | 00,019,489 | ---- | C] () -- C:\Documents and Settings\Dimiter\Local Settings\Application Data\ozogo.com
[2009.08.26 14:56:09 | 00,015,911 | ---- | C] () -- C:\Documents and Settings\Dimiter\Local Settings\Application Data\obohiv.db
[2009.08.26 14:56:08 | 00,017,038 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\unobeqipow.pif
[2009.08.26 14:56:08 | 00,016,504 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\agufy.dll
[2009.08.26 14:56:08 | 00,010,091 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\deruseg.db
[2009.08.24 00:22:55 | 00,019,437 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ilohaduzi.sys
[2009.08.24 00:22:55 | 00,019,416 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ucesuly.dl
[2009.08.24 00:22:55 | 00,019,155 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\quqi._sy
[2009.08.24 00:22:55 | 00,016,835 | ---- | C] () -- C:\Program Files\Common Files\ajaj.dll
[2009.08.24 00:22:55 | 00,013,175 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\seravuka._sy
[2009.08.24 00:22:55 | 00,012,111 | ---- | C] () -- C:\Program Files\Common Files\emabyz.bin
[2009.08.17 14:17:33 | 00,019,602 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bawuk.com
[2009.08.17 14:17:33 | 00,017,940 | ---- | C] () -- C:\Program Files\Common Files\gysykam.dl
[2009.08.17 14:17:33 | 00,016,051 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\geruxaryp._dl
[2009.08.17 14:17:33 | 00,011,873 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\uvapu.com
[2009.08.17 14:17:33 | 00,011,745 | ---- | C] () -- C:\Program Files\Common Files\emoze.exe
[2009.08.14 22:44:11 | 00,016,731 | ---- | C] () -- C:\WINDOWS\System32\vipevuqy.sys
[2009.07.16 17:14:23 | 00,000,107 | ---- | C] () -- C:\WINDOWS\MYOKENT.INI
[2009.04.23 23:21:15 | 00,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009.04.13 16:24:01 | 00,018,991 | ---- | C] () -- C:\WINDOWS\System32\Vmscnt3.dll
[2009.01.19 22:04:15 | 00,000,755 | ---- | C] () -- C:\Documents and Settings\Dimiter\Application Data\AtomicAlarmClock.ini
[2009.01.11 21:07:56 | 00,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2009.01.11 21:07:56 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2009.01.11 21:07:56 | 00,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2009.01.11 21:07:56 | 00,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2008.12.12 23:51:03 | 00,000,072 | ---- | C] () -- C:\WINDOWS\MediaManager.INI
[2008.08.07 04:54:51 | 02,113,092 | -H-- | C] () -- C:\Documents and Settings\Dimiter\Local Settings\Application Data\IconCache.db
[2008.07.31 19:04:54 | 00,000,100 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008.05.21 12:32:53 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\SMIIMG.DLL
[2008.04.23 16:42:39 | 00,299,008 | ---- | C] () -- C:\WINDOWS\System32\LAME_MP3.dll
[2008.04.23 16:41:28 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2008.04.23 16:41:28 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2008.04.23 16:41:26 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2008.04.23 16:41:26 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\Ogg.dll
[2008.02.21 20:00:05 | 00,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008.01.31 22:55:36 | 00,278,728 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008.01.31 22:55:34 | 00,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008.01.17 19:25:56 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008.01.09 01:33:08 | 00,002,905 | ---- | C] () -- C:\WINDOWS\ilan_txt.ini
[2008.01.09 01:33:08 | 00,000,069 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2008.01.06 00:47:51 | 00,000,065 | ---- | C] () -- C:\WINDOWS\FISHUI.INI
[2007.11.06 22:15:46 | 00,626,336 | ---- | C] () -- C:\WINDOWS\System32\drivers\ntfs.sys
[2007.11.06 18:27:00 | 00,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007.10.16 19:55:23 | 00,018,048 | ---- | C] () -- C:\Documents and Settings\Dimiter\Application Data\GDIPFONTCACHEV1.DAT
[2007.09.14 00:33:10 | 00,000,159 | ---- | C] () -- C:\WINDOWS\matlab.ini
[2007.09.08 21:10:51 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\kbdBF.dll
[2007.09.02 21:29:34 | 00,170,496 | ---- | C] () -- C:\Documents and Settings\Dimiter\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.08.31 19:42:56 | 00,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.08.31 12:58:22 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.08.31 12:54:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2007.08.31 12:49:24 | 00,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2007.08.31 12:34:11 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007.08.31 10:31:47 | 00,031,768 | ---- | C] () -- C:\Documents and Settings\Dimiter\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2007.08.31 09:57:37 | 00,000,588 | ---- | C] () -- C:\WINDOWS\WINCMD.INI
[2007.08.31 02:18:39 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2007.08.30 18:58:03 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Dimiter\Application Data\desktop.ini
[2007.03.29 23:00:40 | 00,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2006.12.01 20:34:16 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2006.11.22 13:37:08 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2006.11.22 13:37:08 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2006.11.22 13:37:08 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2006.11.22 13:37:08 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2006.11.22 13:37:08 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2006.11.22 13:37:08 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2006.11.22 13:37:08 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2006.11.22 13:37:08 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2006.11.22 13:37:08 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2006.06.07 17:52:08 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2006.03.06 12:41:02 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\AMV_DecDLL.dll
[2005.02.17 13:41:32 | 00,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005.02.17 13:41:30 | 00,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2005.01.25 15:15:42 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\PA207USD.DLL
[2004.12.20 12:08:28 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004.12.20 12:03:26 | 00,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004.09.16 15:26:40 | 00,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004.09.16 15:26:40 | 00,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2004.08.04 02:07:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\agp440.sys
[2002.10.16 01:54:04 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2001.11.14 14:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001.08.23 15:00:00 | 00,001,196 | ---- | C] () -- C:\WINDOWS\win.ini
[2001.08.23 15:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[1995.07.11 03:00:00 | 00,003,546 | ---- | C] () -- C:\WINDOWS\System32\msexchd4.dll

========== LOP Check ==========

[2009.10.18 20:30:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data
[2009.07.15 21:08:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008.09.27 13:27:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2009.06.28 21:53:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2009.10.08 17:19:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2009.06.20 11:08:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2008.05.30 16:32:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
[2009.10.14 01:16:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EarMaster
[2009.08.14 19:37:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2007.10.27 17:25:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
[2008.10.07 16:54:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GRETECH
[2009.10.03 19:07:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HDD Thermometer
[2008.10.03 21:00:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2008.05.14 01:57:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2008.10.04 14:19:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009.02.17 00:43:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
[2008.06.13 12:57:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PY_Software
[2009.10.15 15:09:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sibelius Software
[2009.10.18 14:46:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soulseek
[2009.07.19 21:36:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive
[2009.09.19 11:47:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007.09.19 20:14:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2009.05.04 13:23:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TVU Networks
[2009.10.15 20:16:04 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Dimiter\Application Data
[2007.09.06 22:06:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dimiter\Application Data\Ahead
[2008.01.09 00:10:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dimiter\Application Data\ArcSoft
[2007.11.15 13:44:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dimiter\Application Data\ATI
[2009.08.11 17:23:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dimiter\Application Data\BenchMark
[2009.10.08 17:22:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dimiter\Application Data\CyberLink
[2009.06.20 11:11:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dimiter\Application Data\DAEMON Tools Lite
[2008.01.06 00:30:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dimiter\Application Data\DataCast
[2009.07.02 00:55:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dimiter\Application Data\dvdcss
[2009.09.03 01:55:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dimiter\Application Data\foobar2000
[2009.08.08 19:31:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dimiter\Application Data\Free Download Manager
[2008.10.07 16:53:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dimiter\Application Data\GRETECH
[2009.06.24 00:50:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dimiter\Application Data\HDD Thermometer
[2007.12.25 15:52:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dimiter\Application Data\ImgBurn
[2007.12.25 17:55:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dimiter\Application Data\InfraRecorder
[2007.09.14 00:33:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dimiter\Application Data\MathWorks
[2009.07.05 19:58:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dimiter\Application Data\Mobipocket
[2008.02.24 23:22:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dimiter\Application Data\Move Networks
[2009.01.31 10:30:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dimiter\Application Data\NetMedia Providers
[2008.01.09 01:54:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dimiter\Application Data\Nitro PDF
[2008.10.04 14:19:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dimiter\Application Data\Nokia
[2008.03.14 22:17:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dimiter\Application Data\Opera
[2008.10.04 14:19:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dimiter\Application Data\PC Suite
[2009.01.24 16:09:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dimiter\Application Data\PowerChallenge
[2009.02.17 00:43:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dimiter\Application Data\Propellerhead Software
[2009.01.31 10:30:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dimiter\Application Data\Publish Providers
[2008.02.19 21:00:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dimiter\Application Data\Quantitative Micro Software
[2009.02.03 23:52:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dimiter\Application Data\REAPER
[2008.03.06 15:03:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dimiter\Application Data\SealedMedia
[2008.02.09 15:06:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dimiter\Application Data\SecondLife
[2008.06.30 19:22:43 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Dimiter\Application Data\SecuROM
[2009.10.15 15:09:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dimiter\Application Data\Sibelius Software
[2009.01.11 21:07:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dimiter\Application Data\Simply Super Software
[2007.09.08 18:21:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dimiter\Application Data\SopCast
[2009.07.19 21:36:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dimiter\Application Data\Sports Interactive
[2008.10.08 22:07:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dimiter\Application Data\SystemRequirementsLab
[2009.09.29 22:00:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dimiter\Application Data\Thinstall
[2008.04.29 21:56:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dimiter\Application Data\TVU Networks
[2009.10.18 01:53:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dimiter\Application Data\uTorrent
[2009.02.13 20:43:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dimiter\Application Data\VoipBuster
[2009.09.01 20:04:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dimiter\Application Data\VSRevoGroup
[2001.08.23 17:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009.10.18 21:19:33 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009.10.18 21:20:00 | 00,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{8A29E077-EB93-4313-B150-D4541E9396A1}.job
[2009.05.17 16:35:45 | 00,000,436 | ---- | M] () -- C:\WINDOWS\Tasks\Wise Disk Cleaner 4.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 196 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:556BBACC
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >


Extras.txt:

OTL Extras logfile created on: 18.10.2009 г. 21:21:26 - Run 4
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: dd.M.yyyy 'г.'

766,04 Mb Total Physical Memory | 408,58 Mb Available Physical Memory | 53,34% Memory free
2,02 Gb Paging File | 1,69 Gb Available in Paging File | 83,62% Paging File free
Paging file location(s): c:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93,16 Gb Total Space | 6,42 Gb Free Space | 6,89% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DIMITAR
Current User Name: Dimiter
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\PROGRAM FILES\WINAMP\WINAMP.EXE" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\PROGRAM FILES\WINAMP\WINAMP.EXE" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\PROGRAM FILES\WINAMP\WINAMP.EXE" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26000:TCP" = 26000:TCP:*:Enabled:BitComet 26000 TCP
"26000:UDP" = 26000:UDP:*:Enabled:BitComet 26000 UDP
"49153:TCP" = 49153:TCP:*:Enabled:BitComet 49153 TCP
"49153:UDP" = 49153:UDP:*:Enabled:BitComet 49153 UDP
"17150:TCP" = 17150:TCP:*:Enabled:BitComet 17150 TCP
"17150:UDP" = 17150:UDP:*:Enabled:BitComet 17150 UDP
"12086:TCP" = 12086:TCP:*:Enabled:BitComet 12086 TCP
"12086:UDP" = 12086:UDP:*:Enabled:BitComet 12086 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client -- (www.BitComet.com)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Documents and Settings\Dimiter\Application Data\SopCast\adv\SopAdver.exe" = C:\Documents and Settings\Dimiter\Application Data\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\Soulseek\slsk.exe" = C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek -- ()
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\Soulseek-Test\slsk.exe" = C:\Program Files\Soulseek-Test\slsk.exe:*:Enabled:SoulSeek -- ()
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Sibelius Software\Sibelius 6\RegTool.exe" = C:\Program Files\Sibelius Software\Sibelius 6\RegTool.exe:*:Enabled:RegTool.exe -- ()
"C:\Program Files\Sibelius Software\Sibelius 6\Sibelius.exe" = C:\Program Files\Sibelius Software\Sibelius 6\Sibelius.exe:*:Enabled:Sibelius.exe -- (Sibelius Software, a division of Avid Technology, Inc. and its licensors.)
"C:\Downloads\utorrent.exe" = C:\Downloads\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0D9E1F52-CE29-B03B-D79F-8EC434821033}" = Nero 7 Demo
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}" = Sibelius 6
"{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}" = PC Connectivity Solution
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2EEBAC31-3EEF-4118-91CB-1A286A507DB2}" = ESET NOD32 Antivirus
"{2F392D0C-7E3B-4B0E-A1DA-77679ECE5DA0}" = EViews 5 Update
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = Belkin Bluetooth Software
"{438BB9B4-65FE-4626-91D9-A8F57B18001D}" = Bluesoleil2.6.0.8 Release 070517
"{547C9628-C490-48AB-94F4-7F2495562930}" = PDF to DWG Converter
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{599F0E20-264A-46A7-8D1A-64B0AB63A5ED}" = Delta Trading
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{5EF0BC8A-B7A6-471D-BCAB-46C3A017ADC4}" = Temperature Monitor
"{656A8811-95E1-4BD2-B692-8202DDBA15D5}_is1" = CPU Thermometer 1.0
"{67A48ED5-0B6A-470A-995C-B8F1942E8AB9}" = Diskeeper 2008 Pro Premier
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7032E73F-68A0-48F9-8100-E70E79169BAE}" = AGEIA PhysX v6.12.02
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72DD7920-EF3C-461D-9834-E31498A9F894}" = BenchMark Trader
"{7AA9AC5F-E6E2-4310-9DE5-8282748C0A90}" = Nitro PDF Professional
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}" = MP3 Player Utilities 4.15
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{A2E501DB-2533-4074-BD1C-F06B211AB8C9}" = Algebra Equation Solver Ver 7.30
"{A5DC4F11-6E03-4E63-8003-115B0955F160}" = PLEOMAX PWC-2000
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C08A4ECB-1E86-4578-8010-8DEF0527F939}" = MIDI-OX
"{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}" = Nokia Connectivity Cable Driver
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CCB3F587-BAD0-4F32-99FC-301E6F9ABAB4}" = MIDI Yoke
"{CD7404AF-ABA3-4293-9350-729DFF00BB08}" = ATI Catalyst Control Center
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FB706A00-C234-4716-AB1F-27DCB192C664}" = Opera 9.26
"ActiveXControlPad" = Microsoft ActiveX Control Pad
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Alarm Clock_is1" = Alarm Clock v1.0
"All ATI Software" = ATI - Software Uninstall Utility
"AntivirusPro_2010" = Antivirus Pro 2010
"ATI Display Driver" = ATI Display Driver
"Atlas of World History" = Atlas of World History
"Atomic Alarm Clock_is1" = Atomic Alarm Clock 5.85
"BackRex Expert Backup" = BackRex Expert Backup
"BitComet" = BitComet 1.06
"BSPlayer1" = BSPlayer
"Bulgarian(Phonetic)" = BulgarianPhonetic XP by G. Atanasov
"Cartes du Ciel" = Cartes du Ciel
"CDisplay_is1" = CDisplay 1.7
"ComandoDeinstKey" = Commando
"Digital Video Repair" = Digital Video Repair 1.0
"Digitale Bibliothek 3" = Digitale Bibliothek 3
"DriverAgent.exe" = DriverAgent by TouchStone Software
"DVD Identifier_is1" = DVD Identifier
"EarMaster School 5_is1" = EarMaster School 5
"Easy Video Joiner_is1" = Easy Video Joiner 5.21
"eMule" = eMule
"ERUNT_is1" = ERUNT 1.1j
"EuroDictXP" = KoralSoft - EuroDictXP
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"ffdshow" = ffdshow (remove only)
"foobar2000" = foobar2000 v0.9.4.5
"Free Download Manager_is1" = Free Download Manager 2.5
"Gear Poker" = Gear Poker
"GOM Player" = GOM Player
"Hallo northern sky planetarium program_is1" = HNSKY 2.3.0i
"HDD Thermometer" = HDD Thermometer
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ImgBurn" = ImgBurn (Remove Only)
"InfraRecorder" = InfraRecorder
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"IsoBuster_is1" = IsoBuster 2.2
"Lame MP3 Codec (for the ACM)" = Lame ACM MP3 Codec
"Magic ISO Maker v5.5 (build 0272)" = Magic ISO Maker v5.5 (build 0272)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MatlabR2006a" = MATLAB R2006a
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"MOP" = MOP
"Mortal Kombat 4" = Mortal Kombat 4
"MouSing" = MouSing
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)
"mpeg-vcr" = mpeg-vcr 3.14.4.2 (03/2008)
"Music Alarm Clock" = Music Alarm Clock
"MyFreeCodec" = MyFreeCodec
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC Tools Disk Suite_is1" = PC Tools Disk Suite 1.0
"PowerISO" = PowerISO
"ratDVD" = ratDVD 0.78.1444
"RealPlayer 6.0" = RealPlayer
"Reason4_is1" = Reason 4.0
"ReCycle v2.1" = ReCycle v2.1
"Revo Uninstaller" = Revo Uninstaller 1.83
"SA Dictionary 2004 Datacenter" = SA Dictionary 2004 Datacenter
"SA Dictionary 2005 T2" = SA Dictionary 2005 T2
"SopCast" = SopCast 2.0.4
"Soulseek" = SoulSeek Client 156c
"Soulseek2" = SoulSeek 157 NS 12d
"Spyware Doctor" = Spyware Doctor 6.1
"Street Fighter 2 Plus Champion Edition_is1" = Street Fighter 2 Plus Champion Edition
"Sub Station Alpha v4.08" = Sub Station Alpha v4.08
"SubMagic_is1" = SubMagic V0.71
"SubtitleWorkshop" = Subtitle Workshop 2.51
"SystemRequirementsLab" = System Requirements Lab
"The KMPlayer" = The KMPlayer (remove only)
"Total Video Converter 3.14_is1" = Total Video Converter 3.14 080930
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.3.4.1
"Unlocker" = Unlocker 1.8.5
"Veoh Web Player Beta" = Veoh Web Player Beta
"VLC media player" = VideoLAN VLC media player 0.8.6c
"VobSub" = VobSub v2.23 (Remove Only)
"VoipBuster_is1" = VoipBuster
"VTTV" = VTTV 1.0.1
"Winamp" = Winamp
"Windows Commander" = Windows Commander
"Windows Scheduler_is1" = System Scheduler 3.82
"WinRAR archiver" = WinRAR archiver
"Wise Disk Cleaner_is1" = Wise Disk Cleaner 4.24
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"Xilisoft Video Converter" = Xilisoft Video Converter 3
"XviD_is1" = XviD MPEG-4 Video Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 12.11.2007 г. 19:20:16 | Computer Name = DIMITAR | Source = avast! | ID = 33554522
Description =

Error - 13.11.2007 г. 10:52:01 | Computer Name = DIMITAR | Source = avast! | ID = 33554522
Description =

Error - 13.11.2007 г. 10:52:01 | Computer Name = DIMITAR | Source = avast! | ID = 33554522
Description =

Error - 13.11.2007 г. 10:52:01 | Computer Name = DIMITAR | Source = avast! | ID = 33554522
Description =

Error - 13.11.2007 г. 18:07:25 | Computer Name = DIMITAR | Source = avast! | ID = 33554522
Description =

Error - 13.11.2007 г. 18:07:25 | Computer Name = DIMITAR | Source = avast! | ID = 33554522
Description =

Error - 13.11.2007 г. 18:07:25 | Computer Name = DIMITAR | Source = avast! | ID = 33554522
Description =

Error - 10.1.2008 г. 08:45:42 | Computer Name = DIMITAR | Source = avast! | ID = 33554522
Description =

Error - 10.1.2008 г. 08:45:42 | Computer Name = DIMITAR | Source = avast! | ID = 33554522
Description =

Error - 10.1.2008 г. 08:45:53 | Computer Name = DIMITAR | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 08.10.2009 г. 09:15:35 | Computer Name = DIMITAR | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.5721.5145, faulting
module unknown, version 0.0.0.0, fault address 0x02611aa5.

Error - 08.10.2009 г. 09:21:36 | Computer Name = DIMITAR | Source = Application Error | ID = 1000
Description = Faulting application kmplayer.exe, version 2.9.3.1324, faulting module
unknown, version 0.0.0.0, fault address 0x022e1aa5.

Error - 08.10.2009 г. 09:27:13 | Computer Name = DIMITAR | Source = Application Error | ID = 1000
Description = Faulting application xebencoder.exe, version 0.7.8.333, faulting module
unknown, version 0.0.0.0, fault address 0x057e7ea3.

Error - 08.10.2009 г. 09:30:00 | Computer Name = DIMITAR | Source = Application Error | ID = 1000
Description = Faulting application kmplayer.exe, version 2.9.3.1324, faulting module
unknown, version 0.0.0.0, fault address 0x022e1aa5.

Error - 08.10.2009 г. 09:35:59 | Computer Name = DIMITAR | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.5721.5145, faulting
module unknown, version 0.0.0.0, fault address 0x02611aa5.

Error - 08.10.2009 г. 10:07:25 | Computer Name = DIMITAR | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.5721.5145, faulting
module xebdec.ax, version 0.5.0.16, fault address 0x0000ba3d.

Error - 08.10.2009 г. 10:10:39 | Computer Name = DIMITAR | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.5721.5145, faulting
module xebdec.ax, version 0.5.0.16, fault address 0x0000ba3d.

Error - 08.10.2009 г. 10:15:21 | Computer Name = DIMITAR | Source = Application Error | ID = 1000
Description = Faulting application kmplayer.exe, version 2.9.4.1435, faulting module
unknown, version 0.0.0.0, fault address 0x05931aa5.

Error - 08.10.2009 г. 12:03:52 | Computer Name = DIMITAR | Source = Application Error | ID = 1000
Description = Faulting application kmplayer.exe, version 2.9.4.1435, faulting module
unknown, version 0.0.0.0, fault address 0x03001aa5.

Error - 15.10.2009 г. 17:07:30 | Computer Name = DIMITAR | Source = Application Hang | ID = 1002
Description = Hanging application Sibelius.exe, version 6.0.0.54, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 18.10.2009 г. 06:45:14 | Computer Name = DIMITAR | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 aswTdi Beep eeCtrl SAVRT SAVRTPEL sptd SYMTDI

Error - 18.10.2009 г. 13:20:12 | Computer Name = DIMITAR | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 18.10.2009 г. 13:20:12 | Computer Name = DIMITAR | Source = Service Control Manager | ID = 7000
Description = The avast! Standard Shield Support service failed to start due to
the following error: %%2

Error - 18.10.2009 г. 13:20:15 | Computer Name = DIMITAR | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 aswTdi Beep eeCtrl SAVRT SAVRTPEL sptd SYMTDI

Error - 18.10.2009 г. 14:02:14 | Computer Name = DIMITAR | Source = Service Control Manager | ID = 7000
Description = The avast! Standard Shield Support service failed to start due to
the following error: %%2

Error - 18.10.2009 г. 14:02:15 | Computer Name = DIMITAR | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 18.10.2009 г. 14:02:20 | Computer Name = DIMITAR | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 aswTdi Beep eeCtrl SAVRT SAVRTPEL sptd SYMTDI

Error - 18.10.2009 г. 14:19:47 | Computer Name = DIMITAR | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 18.10.2009 г. 14:19:51 | Computer Name = DIMITAR | Source = Service Control Manager | ID = 7000
Description = The avast! Standard Shield Support service failed to start due to
the following error: %%2

Error - 18.10.2009 г. 14:19:56 | Computer Name = DIMITAR | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 aswTdi Beep eeCtrl SAVRT SAVRTPEL sptd SYMTDI


< End of report >

GMER.log:

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-10-18 21:30:15
Windows 5.1.2600 Service Pack 2
Running: sz5ru2vx.exe; Driver: C:\DOCUME~1\Dimiter\LOCALS~1\Temp\fwrdapod.sys


---- System - GMER 1.0.15 ----

SSDT 8342D8A0 ZwAssignProcessToJobObject
SSDT 8342CCB0 ZwOpenProcess
SSDT 8342D0D0 ZwOpenThread
SSDT 8342D6D0 ZwSuspendProcess
SSDT 8342D4F0 ZwSuspendThread
SSDT 8342CEE0 ZwTerminateProcess
SSDT 8342D310 ZwTerminateThread

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[984] kernel32.dll!SetUnhandledExceptionFilter 7C84480D 4 Bytes [C2, 04, 00, 00]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs [83E78E01] Ntfs.sys[.reloc]

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)

---- Threads - GMER 1.0.15 ----

Thread System [4:352] 8342B930

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x1A 0x2A 0x4A 0xA5 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x31 0x1B 0x0B 0xCA ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xDC 0x85 0x09 0x1C ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3F 0xC2 0x9F 0xC3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x1A 0x2A 0x4A 0xA5 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x1A 0x2A 0x4A 0xA5 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x1A 0x2A 0x4A 0xA5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x1A 0x2A 0x4A 0xA5 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x1A 0x2A 0x4A 0xA5 ...

---- EOF - GMER 1.0.15 ----
  • 0

#4
kahdah
Posted 18 October 2009 - 01:07 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
O4 - HKLM..\Run: [Antivirus Pro 2010] C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe (vikbnerobeb)
O4 - HKLM..\Run: [Regedit32] C:\WINDOWS\System32\regedit.exe File not found
[2009.10.18 20:29:11 | 00,000,000 | ---D | C] -- C:\Program Files\AntivirusPro_2010
[2009.10.18 20:29:15 | 00,000,000 | ---D | C] -- C:\AntivirusPro_2010
[2009.10.18 20:30:00 | 00,018,235 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\toky.bat
[2009.10.18 20:30:00 | 00,018,219 | ---- | M] () -- C:\WINDOWS\System32\rojix.reg
[2009.10.18 20:30:00 | 00,018,055 | ---- | M] () -- C:\WINDOWS\System32\ujad.dl
[2009.10.18 20:30:00 | 00,017,902 | ---- | M] () -- C:\WINDOWS\uxezup.pif
[2009.10.18 20:30:00 | 00,016,847 | ---- | M] () -- C:\WINDOWS\cuxiwowaro.bin
[2009.10.18 20:30:00 | 00,015,895 | ---- | M] () -- C:\Program Files\Common Files\ejefazit.inf
[2009.10.18 20:30:00 | 00,013,999 | ---- | M] () -- C:\WINDOWS\qytymocef.pif
[2009.10.18 20:30:00 | 00,012,715 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\uwymy.vbs
[2009.10.18 20:30:00 | 00,012,372 | ---- | M] () -- C:\WINDOWS\aheva.lib
[2009.10.18 20:30:00 | 00,011,529 | ---- | M] () -- C:\WINDOWS\oxyz.dl
[2009.10.18 20:30:00 | 00,010,422 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\kudydopa.dl
[2009.10.18 20:30:00 | 00,010,372 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ipacyw.scr
[2009.10.17 13:10:38 | 00,017,267 | ---- | M] () -- C:\WINDOWS\System32\utyvenewez.lib
[2009.10.17 13:10:38 | 00,011,106 | ---- | M] () -- C:\WINDOWS\System32\ilukevu.com
[2009.10.17 13:10:38 | 00,010,062 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\uvoqyd.lib
[2009.10.17 13:10:37 | 00,011,509 | ---- | M] () -- C:\Program Files\Common Files\equdykucer.dat
[2009.10.16 13:00:31 | 00,014,935 | ---- | M] () -- C:\WINDOWS\ijyvu.lib
[2009.10.15 18:54:52 | 00,018,198 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\vovos.dat
[2009.10.15 17:42:02 | 00,019,295 | ---- | M] () -- C:\WINDOWS\kivufosi.lib
[2009.10.15 17:42:02 | 00,018,601 | ---- | M] () -- C:\WINDOWS\jitunug.com
[2009.10.15 17:42:02 | 00,018,156 | ---- | M] () -- C:\WINDOWS\gesixygut.lib
[2009.10.15 17:42:02 | 00,014,930 | ---- | M] () -- C:\WINDOWS\ehoqycyv.lib
[2009.10.15 17:42:02 | 00,013,654 | ---- | M] () -- C:\Program Files\Common Files\ygymifu.dat
[2009.10.15 17:42:02 | 00,013,632 | ---- | M] () -- C:\Program Files\Common Files\ytyzuzyry.dat
[2009.10.15 17:42:02 | 00,013,039 | ---- | M] () -- C:\WINDOWS\System32\avehaw.db
[2009.10.15 17:42:02 | 00,011,095 | ---- | M] () -- C:\Program Files\Common Files\qesif.lib
[2009.10.15 16:36:17 | 00,017,333 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\uqyvumuji.lib
[2009.10.15 16:36:17 | 00,015,314 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ritara.db
[2009.10.15 16:36:17 | 00,014,822 | ---- | M] () -- C:\WINDOWS\lose.db
[2009.10.15 16:36:17 | 00,011,140 | ---- | M] () -- C:\WINDOWS\hycax.lib
[2009.10.07 21:18:33 | 00,016,297 | ---- | M] () -- C:\WINDOWS\System32\uzucet.lib
[2009.10.07 21:18:33 | 00,011,771 | ---- | M] () -- C:\WINDOWS\yluhokuru.lib
2009.10.05 12:25:21 | 00,019,174 | ---- | M] () -- C:\Program Files\Common Files\ruhun.db
[2009.10.05 12:25:21 | 00,018,885 | ---- | M] () -- C:\Program Files\Common Files\amym.dat
[2009.10.05 12:25:21 | 00,013,115 | ---- | M] () -- C:\WINDOWS\inugofuk.com
[2009.10.05 12:25:21 | 00,013,012 | ---- | M] () -- C:\WINDOWS\anapox.com
[2009.10.05 12:25:21 | 00,012,190 | ---- | M] () -- C:\WINDOWS\zese.db
[2009.10.05 12:25:21 | 00,010,993 | ---- | M] () -- C:\WINDOWS\jogyjopudo.lib
2009.09.28 11:56:45 | 00,012,603 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\xowysikika.dat
[2009.09.19 11:40:04 | 00,019,102 | ---- | M] () -- C:\Documents and Settings\Dimiter\Local Settings\Application Data\waxutama.lib
[2009.09.19 11:40:04 | 00,018,136 | ---- | M] () -- C:\WINDOWS\System32\wojuqe.lib
[2009.09.19 11:40:04 | 00,016,339 | ---- | M] () -- C:\WINDOWS\ymycevoput.lib
[2009.09.19 11:36:18 | 00,019,798 | ---- | M] () -- C:\Program Files\Common Files\uqojop.db
[2009.09.19 11:36:18 | 00,019,731 | ---- | M] () -- C:\Program Files\Common Files\ticemokyvy.db
[2009.09.19 11:36:18 | 00,017,837 | ---- | M] () -- C:\WINDOWS\System32\ebys.dat
[2009.09.19 11:36:18 | 00,011,709 | ---- | M] () -- C:\WINDOWS\quhotezo.lib
[2009.09.19 11:36:18 | 00,010,270 | ---- | M] () -- C:\Program Files\Common Files\gikiqicece.lib

:Commands
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
========================
Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#5
Mitiu
Posted 18 October 2009 - 03:17 PM

Mitiu

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
ComboFix 09-10-17.01 - Dimiter 10.2009 г. 23:56.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.359.1033.18.766.301 [GMT 3:00]
Running from: c:\downloads\ComboFix.exe
AV: avast! antivirus 4.7.1043 [VPS 071113-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\onyquhozut._dl
c:\documents and settings\All Users\Application Data\rucahaf.bin
c:\documents and settings\All Users\Application Data\sejof.bat
c:\documents and settings\All Users\Application Data\ygovyseni.pif
c:\documents and settings\All Users\Documents\iquhyde.bat
c:\documents and settings\LocalService\Application Data\cebahu.dl
c:\documents and settings\LocalService\Application Data\hanunose._dl
c:\documents and settings\LocalService\Application Data\lizkavd.exe
c:\documents and settings\LocalService\Application Data\seres.exe
c:\documents and settings\LocalService\Application Data\svcst.exe
c:\documents and settings\LocalService\Application Data\ugyvy._sy
c:\documents and settings\LocalService\Application Data\uvitajoma.exe
c:\documents and settings\LocalService\Cookies\aqoc.db
c:\documents and settings\LocalService\Cookies\pixyziki.dat
c:\documents and settings\LocalService\Local Settings\Application Data\koto.com
c:\documents and settings\LocalService\Local Settings\Application Data\xifomimuz.bat
c:\documents and settings\LocalService\Local Settings\Application Data\ypowasoko.dll
c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\program files\AntivirusPro_2010
c:\program files\AntivirusPro_2010\AntivirusPro_2010.exe
c:\program files\AntivirusPro_2010\AVEngn.dll
c:\program files\AntivirusPro_2010\data\daily.cvd
c:\program files\AntivirusPro_2010\htmlayout.dll
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcm80.dll
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcp80.dll
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcr80.dll
c:\program files\AntivirusPro_2010\pthreadVC2.dll
c:\program files\AntivirusPro_2010\Uninstall.exe
c:\program files\AntivirusPro_2010\wscui.cpl
c:\program files\Common Files\axofyp.scr
c:\program files\Common Files\icofenykyv.pif
c:\program files\Common Files\ofor._sy
c:\program files\Common Files\qohunedom._dl
c:\windows\awebifabys.vbs
c:\windows\dofowus.reg
c:\windows\eniciraha.dll
c:\windows\funihuli.reg
c:\windows\owoma.pif
c:\windows\soguqodosi._sy
c:\windows\system32\_scui.cpl
c:\windows\system32\apazazory.dl
c:\windows\system32\avyryj.vbs
c:\windows\system32\fysinohyr.reg
c:\windows\xuwumupak.dll

c:\windows\system32\drivers\AGP440.sys . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2009-09-18 to 2009-10-18 )))))))))))))))))))))))))))))))
.

2009-10-18 20:59 . 2009-10-18 20:59 19945 ----a-w- c:\windows\yxemenone.dll
2009-10-18 20:59 . 2009-10-18 20:59 19785 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\sulynifo.scr
2009-10-18 20:59 . 2009-10-18 20:59 15894 ----a-w- c:\program files\Common Files\asaz.exe
2009-10-18 20:59 . 2009-10-18 20:59 15587 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\jyvynewes.exe
2009-10-18 20:59 . 2009-10-18 20:59 10990 ----a-w- c:\windows\system32\pyhe.scr
2009-10-18 20:59 . 2009-10-18 20:59 10827 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\uvupiqij.dat
2009-10-18 20:59 . 2009-10-18 20:59 10725 ----a-w- c:\windows\system32\zipupimor.com
2009-10-18 20:59 . 2009-10-18 20:59 10604 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\hamyrewa.exe
2009-10-18 20:58 . 2009-10-18 20:58 -------- d-----w- C:\AntivirusPro_2010
2009-10-18 20:44 . 2009-10-18 20:44 -------- d-----w- C:\_OTL
2009-10-18 20:03 . 2009-10-18 20:03 18555 ----a-w- c:\program files\Common Files\elymotowyn.dat
2009-10-18 12:20 . 2009-10-18 12:19 291328 ----a-w- C:\sz5ru2vx.exe
2009-10-17 18:55 . 2009-10-17 18:55 -------- d-----w- c:\windows\system32\Adobe
2009-10-15 16:26 . 2009-10-15 16:26 -------- d-----w- c:\windows\ERUNT
2009-10-15 14:58 . 2009-10-15 14:58 -------- d-----w- c:\program files\ERUNT
2009-10-15 12:09 . 2009-10-15 12:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Sibelius Software
2009-10-15 12:09 . 2009-10-15 12:09 -------- d-----w- c:\documents and settings\Dimiter\Application Data\Sibelius Software
2009-10-15 11:46 . 2009-10-15 11:46 -------- d-----w- c:\documents and settings\Dimiter\Local Settings\Application Data\Sibelius_Software_Ltd
2009-10-15 08:54 . 2009-10-15 08:54 11934 ----a-w- c:\windows\system32\elujypozu.dat
2009-10-13 23:29 . 2009-10-13 23:29 -------- d-----w- c:\program files\Sibelius Software
2009-10-13 22:16 . 2009-10-13 22:16 -------- d-----w- c:\program files\EarMaster School 5
2009-10-13 22:16 . 2009-10-13 22:16 -------- d-----w- c:\documents and settings\All Users\Application Data\EarMaster
2009-10-13 21:58 . 2009-10-13 21:58 -------- d-----w- c:\program files\Trend Micro
2009-10-10 19:31 . 2009-10-17 18:05 -------- d-----w- C:\Movies
2009-10-08 14:22 . 2009-10-08 14:22 -------- d-----w- c:\documents and settings\Dimiter\Application Data\CyberLink
2009-10-08 14:19 . 2009-10-08 14:19 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-10-08 14:18 . 2001-03-08 15:30 24064 ------w- c:\windows\system32\msxml3a.dll
2009-10-08 14:17 . 2009-10-08 16:06 -------- d-----w- c:\program files\CyberLink
2009-10-08 14:11 . 2009-10-08 14:42 -------- d-----w- c:\program files\The KMPlayer
2009-10-08 13:27 . 2009-10-08 13:40 -------- d-----w- C:\WINXPCD
2009-10-08 13:08 . 2009-10-08 13:08 -------- d-----w- c:\documents and settings\Dimiter\Local Settings\Application Data\ratDVD
2009-10-08 12:56 . 2009-10-08 13:07 -------- d-----w- c:\program files\ratDVD
2009-10-08 12:06 . 2009-10-08 12:06 -------- d-----w- c:\documents and settings\Dimiter\Local Settings\Application Data\eSupport.com
2009-10-08 10:32 . 2009-10-08 14:18 -------- d-----w- C:\WinSetupFromUSB
2009-10-07 18:18 . 2009-10-07 18:18 17334 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\fazoc.dat
2009-10-07 13:27 . 2009-10-07 13:27 -------- d-----w- c:\program files\MozBackup
2009-10-06 20:45 . 2009-10-06 20:46 -------- d-----w- c:\program files\BackRex Expert Backup
2009-10-05 19:26 . 2009-10-05 19:26 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\d3drpc32
2009-10-03 16:06 . 2009-10-03 16:07 -------- d-----w- c:\program files\CPU Thermometer
2009-09-29 16:40 . 2009-09-29 16:40 120448 ----a-w- c:\documents and settings\Dimiter\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-09-29 09:15 . 2009-09-29 19:00 -------- d-----w- c:\documents and settings\Dimiter\Application Data\Thinstall

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-18 20:59 . 2009-10-18 20:59 10508 ----a-w- c:\documents and settings\LocalService\Application Data\bume.pif
2009-10-18 20:59 . 2009-10-18 20:59 19311 ----a-w- c:\documents and settings\LocalService\Application Data\ucerom.vbs
2009-10-18 20:59 . 2009-10-18 20:59 13660 ----a-w- c:\documents and settings\All Users\Application Data\acaby.pif
2009-10-18 20:59 . 2009-10-18 20:59 13597 ----a-w- c:\program files\Common Files\veqowi.db
2009-10-18 20:59 . 2009-10-18 20:59 10659 ----a-w- c:\documents and settings\LocalService\Application Data\rifuhag.dat
2009-10-18 20:59 . 2009-10-18 20:59 10067 ----a-w- c:\documents and settings\LocalService\Application Data\ymin.reg
2009-10-18 11:46 . 2008-07-11 21:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Soulseek
2009-10-18 01:30 . 2007-09-08 16:33 -------- d-----w- c:\program files\eMule
2009-10-17 22:53 . 2008-10-27 18:03 -------- d-----w- c:\documents and settings\Dimiter\Application Data\uTorrent
2009-10-17 19:13 . 2007-09-07 09:17 -------- d-----w- c:\documents and settings\Dimiter\Application Data\Skype
2009-10-17 18:29 . 2008-02-21 17:00 -------- d-----w- c:\documents and settings\Dimiter\Application Data\skypePM
2009-10-15 12:42 . 2009-09-01 19:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-15 12:09 . 2009-10-15 12:09 604 ---ha-w- c:\program files\STLL Notifier
2009-10-15 08:54 . 2009-10-15 08:54 18530 ----a-w- c:\documents and settings\All Users\Application Data\wyhid.dat
2009-10-14 11:01 . 2007-08-31 07:31 31768 -c--a-w- c:\documents and settings\Dimiter\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-08 16:06 . 2007-08-31 07:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-06 18:35 . 2004-08-03 23:07 0 ----a-w- c:\windows\system32\drivers\agp440.sys
2009-10-05 09:25 . 2009-10-05 09:25 19174 ----a-w- c:\program files\Common Files\ruhun.db
2009-10-03 16:07 . 2009-06-23 21:50 -------- d-----w- c:\documents and settings\All Users\Application Data\HDD Thermometer
2009-09-28 08:56 . 2009-09-28 08:56 12603 ----a-w- c:\documents and settings\All Users\Application Data\xowysikika.dat
2009-09-19 10:06 . 2009-04-09 22:04 -------- d-----w- c:\program files\Directmedia
2009-09-19 08:49 . 2007-11-06 02:29 -------- d-----w- c:\program files\ESET
2009-09-19 08:47 . 2009-01-11 18:08 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-14 07:32 . 2009-09-14 07:32 19436 ----a-w- c:\program files\Common Files\hetenybo._dl
2009-09-12 15:28 . 2009-09-12 15:28 19179 ----a-w- c:\documents and settings\All Users\Application Data\parunewo.dat
2009-09-12 15:28 . 2009-09-12 15:28 18632 ----a-w- c:\program files\Common Files\xesaqog.dat
2009-09-12 15:28 . 2009-09-12 15:28 17532 ----a-w- c:\documents and settings\LocalService\Application Data\ogaju.sys
2009-09-12 15:28 . 2009-09-12 15:28 17369 ----a-w- c:\documents and settings\All Users\Application Data\lubesymymo.exe
2009-09-12 15:28 . 2009-09-12 15:28 16345 ----a-w- c:\program files\Common Files\zasul._dl
2009-09-12 15:28 . 2009-09-12 15:28 15969 ----a-w- c:\windows\pylitaq.bin
2009-09-12 15:28 . 2009-09-12 15:28 15392 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\ahomaxyp.bin
2009-09-12 15:28 . 2009-09-12 15:28 14837 ----a-w- c:\documents and settings\All Users\Application Data\efasow.pif
2009-09-12 15:28 . 2009-09-12 15:28 14681 ----a-w- c:\windows\system32\mimesaq.exe
2009-09-12 15:28 . 2009-09-12 15:28 11109 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\uzulerul.dll
2009-09-12 15:21 . 2009-09-06 14:51 -------- d-----w- c:\program files\Spyware Doctor
2009-09-11 13:57 . 2009-09-11 13:57 13460 ----a-w- c:\program files\Common Files\ponicu.dl
2009-09-11 13:57 . 2009-09-11 13:57 12628 ----a-w- c:\program files\Common Files\rosunep.bin
2009-09-11 13:57 . 2009-09-11 13:57 12350 ----a-w- c:\documents and settings\All Users\Application Data\benit.sys
2009-09-11 13:57 . 2009-09-11 13:57 11976 ----a-w- c:\documents and settings\Dimiter\Application Data\tidexoqory.exe
2009-09-11 13:57 . 2009-09-11 13:57 11555 ----a-w- c:\windows\conisu.com
2009-09-11 13:57 . 2009-09-11 13:57 11031 ----a-w- c:\program files\Common Files\adulecir.exe
2009-09-11 13:57 . 2009-09-11 13:57 10925 ----a-w- c:\documents and settings\All Users\Application Data\yvelen.pif
2009-09-11 13:57 . 2009-09-11 13:57 10664 ----a-w- c:\windows\pihu.sys
2009-09-11 13:57 . 2009-09-11 13:57 10098 ----a-w- c:\program files\Common Files\hadeke._dl
2009-09-10 11:54 . 2009-09-01 19:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 11:53 . 2009-09-01 19:06 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-08 10:03 . 2009-09-08 10:03 18292 ----a-w- c:\documents and settings\All Users\Application Data\otydop.com
2009-09-08 10:03 . 2009-09-08 10:03 18052 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\paril.sys
2009-09-08 10:03 . 2009-09-08 10:03 16514 ----a-w- c:\program files\Common Files\asif.ban
2009-09-08 10:03 . 2009-09-08 10:03 15736 ----a-w- c:\windows\system32\jogiwakes.sys
2009-09-08 10:03 . 2009-09-08 10:03 15151 ----a-w- c:\documents and settings\All Users\Application Data\owodekego.pif
2009-09-08 10:03 . 2009-09-08 10:03 15034 ----a-w- c:\documents and settings\LocalService\Application Data\axowib.sys
2009-09-08 10:03 . 2009-09-08 10:03 14407 ----a-w- c:\program files\Common Files\giryqinywo.dat
2009-09-08 10:03 . 2009-09-08 10:03 12497 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\xihor.bin
2009-09-08 10:03 . 2009-09-08 10:03 11379 ----a-w- c:\windows\exyqutuqah.com
2009-09-07 09:11 . 2009-09-07 09:11 14841 ----a-w- c:\program files\Common Files\wykazydaho._dl
2009-09-07 09:11 . 2009-09-07 09:11 19781 ----a-w- c:\program files\Common Files\udamog.bin
2009-09-07 09:11 . 2009-09-07 09:11 17294 ----a-w- c:\program files\Common Files\uvidymuno.dl
2009-09-07 09:11 . 2009-09-07 09:11 12576 ----a-w- c:\program files\Common Files\enimezug.com
2009-09-07 09:11 . 2009-09-07 09:11 12103 ----a-w- c:\program files\Common Files\emorexuca.bin
2009-09-06 16:30 . 2009-09-06 16:26 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-09-06 16:26 . 2009-09-06 14:51 -------- d-----w- c:\program files\Common Files\PC Tools
2009-09-06 15:12 . 2009-09-06 15:12 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-09-06 15:12 . 2009-09-06 15:12 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-09-05 16:28 . 2009-09-05 16:28 -------- d-----w- c:\program files\MouSing
2009-09-05 15:25 . 2009-09-05 15:25 16743 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\ibeco.exe
2009-09-05 15:25 . 2009-09-05 15:25 13335 ----a-w- c:\windows\nofybisafe.pif
2009-09-05 15:25 . 2009-09-05 15:25 11942 ----a-w- c:\documents and settings\LocalService\Application Data\qezewu.com
2009-09-05 15:25 . 2009-09-05 15:25 11191 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\zywofo.com
2009-09-05 15:25 . 2009-09-05 15:25 10661 ----a-w- c:\documents and settings\All Users\Application Data\uvujuw.exe
2009-09-05 15:25 . 2009-09-05 15:25 17513 ----a-w- c:\documents and settings\All Users\Application Data\ewanu.exe
2009-09-05 14:46 . 2009-09-05 14:46 18990 ----a-w- c:\program files\Common Files\pyrubi._sy
2009-09-05 14:46 . 2009-09-05 14:46 18561 ----a-w- c:\program files\Common Files\yqazoceny.exe
2009-09-05 14:46 . 2009-09-05 14:46 18313 ----a-w- c:\documents and settings\Dimiter\Application Data\bumisaxe.com
2009-09-05 14:46 . 2009-09-05 14:46 16454 ----a-w- c:\documents and settings\Dimiter\Application Data\wopehox.com
2009-09-05 14:46 . 2009-09-05 14:46 15633 ----a-w- c:\windows\system32\qotaq.dat
2009-09-05 14:46 . 2009-09-05 14:46 15443 ----a-w- c:\windows\moferite.com
2009-09-05 14:46 . 2009-09-05 14:46 11794 ----a-w- c:\documents and settings\All Users\Application Data\novafy.exe
2009-09-05 14:46 . 2009-09-05 14:46 11510 ----a-w- c:\windows\rosyhihafo.com
2009-09-05 14:46 . 2009-09-05 14:46 10612 ----a-w- c:\documents and settings\Dimiter\Local Settings\Application Data\asyxykas.dat
2009-09-05 14:43 . 2009-09-05 14:43 18404 ----a-w- c:\windows\sosi.dat
2009-09-05 14:43 . 2009-09-05 14:43 18020 ----a-w- c:\documents and settings\Dimiter\Application Data\hahefy.pif
2009-09-05 14:43 . 2009-09-05 14:43 17829 ----a-w- c:\windows\belulus.dat
2009-09-05 14:43 . 2009-09-05 14:43 17268 ----a-w- c:\windows\kuwoky.dat
2009-09-05 14:43 . 2009-09-05 14:43 15193 ----a-w- c:\documents and settings\All Users\Application Data\focaxetagu.scr
2009-09-05 14:43 . 2009-09-05 14:43 14199 ----a-w- c:\documents and settings\Dimiter\Application Data\ecesohihe.pif
2009-09-05 14:43 . 2009-09-05 14:43 13982 ----a-w- c:\documents and settings\All Users\Application Data\yfybiwumo.exe
2009-09-05 14:43 . 2009-09-05 14:43 12021 ----a-w- c:\program files\Common Files\axyqij.com
2009-09-05 09:59 . 2009-09-05 09:59 16808 ----a-w- c:\windows\system32\isozulaja.dll
2009-09-05 09:59 . 2009-09-05 09:59 14796 ----a-w- c:\windows\onugiqiby.pif
2009-09-05 09:59 . 2009-09-05 09:59 14437 ----a-w- c:\documents and settings\All Users\Application Data\revo.dll
2009-09-05 09:59 . 2009-09-05 09:59 14200 ----a-w- c:\windows\paxyzama.bin
2009-09-05 09:59 . 2009-09-05 09:59 13697 ----a-w- c:\program files\Common Files\oryrelofyv.pif
2009-09-05 09:59 . 2009-09-05 09:59 13522 ----a-w- c:\program files\Common Files\ucunal.dat
2009-09-05 09:59 . 2009-09-05 09:59 11609 ----a-w- c:\windows\xuhyh.sys
2009-09-04 14:34 . 2009-09-04 14:34 17873 ----a-w- c:\windows\momoga.bin
2009-09-04 14:34 . 2009-09-04 14:34 13443 ----a-w- c:\windows\waruke.pif
2009-09-04 14:34 . 2009-09-04 14:34 17744 ----a-w- c:\documents and settings\LocalService\Application Data\edar.exe
2009-09-04 14:34 . 2009-09-04 14:34 17220 ----a-w- c:\program files\Common Files\hasebokyda.pif
2009-09-04 14:34 . 2009-09-04 14:34 16003 ----a-w- c:\documents and settings\All Users\Application Data\qafu.scr
2009-06-04 10:01 . 2007-09-02 19:07 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-06-04 10:01 . 2007-09-02 19:07 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-06-04 10:01 . 2007-09-02 19:07 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-06-04 10:01 . 2007-09-02 19:07 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2009-06-04 10:01 . 2007-09-02 19:07 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

------- Sigcheck -------


[-] 2009-08-23 21:16 . F11DED9B5E293C625F1A1990D6660E34 . 626336 . . [------] . . c:\windows\system32\drivers\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys

[-] 2009-10-06 18:35 . D41D8CD98F00B204E9800998ECF8427E . 0 . . [------] . . c:\windows\system32\drivers\agp440.sys

c:\windows\system32\drivers\beep.sys ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ACU"="c:\program files\Atheros\ACU.exe" [2006-03-25 335961]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-11-14 16270848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]
"IE7-10"="advpack.dll" - c:\windows\system32\advpack.dll [2007-07-22 124928]

c:\documents and settings\Dimiter\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Belkin\Bluetooth Software\BTTray.exe [2006-6-7 553021]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"= 1 (0x1)
"Btn_Tools"= 2 (0x2)
"Btn_Home"= 2 (0x2)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=myokent.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Dimiter^Start Menu^Programs^Startup^FlexWord 2.0.lnk]
path=c:\documents and settings\Dimiter\Start Menu\Programs\Startup\FlexWord 2.0.lnk
backup=c:\windows\pss\FlexWord 2.0.lnkStartup

[HKLM\~\startupfolder\c:^documents and settings^dimiter^start menu^programs^startup^ikowin32.exe]
path=c:\documents and settings\Dimiter\Start Menu\Programs\Startup\ikowin32.exe
backup=c:\windows\pss\ikowin32.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"Symantec AntiVirus"=2 (0x2)
"SavRoam"=3 (0x3)
"matlabserver"=2 (0x2)
"ERSvc"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"DefWatch"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"bepldr"=3 (0x3)
"DiskSuiteService"=2 (0x2)
"Diskeeper"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Documents and Settings\\Dimiter\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Soulseek-Test\\slsk.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Sibelius Software\\Sibelius 6\\RegTool.exe"=
"c:\\Program Files\\Sibelius Software\\Sibelius 6\\Sibelius.exe"=
"c:\\Downloads\\utorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26000:TCP"= 26000:TCP:BitComet 26000 TCP
"26000:UDP"= 26000:UDP:BitComet 26000 UDP
"49153:TCP"= 49153:TCP:BitComet 49153 TCP
"49153:UDP"= 49153:UDP:BitComet 49153 UDP
"17150:TCP"= 17150:TCP:BitComet 17150 TCP
"17150:UDP"= 17150:UDP:BitComet 17150 UDP
"12086:TCP"= 12086:TCP:BitComet 12086 TCP
"12086:UDP"= 12086:UDP:BitComet 12086 UDP

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.8.2009 г. 21:42 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.8.2009 г. 21:42 94360]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [28.5.2008 г. 12:33 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28.5.2008 г. 12:33 55024]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 г. 15:47 731840]
S0 fvqh;fvqh;c:\windows\system32\drivers\irfc.sys --> c:\windows\system32\drivers\irfc.sys [?]
S0 gpyj;gpyj;c:\windows\system32\drivers\jbet.sys --> c:\windows\system32\drivers\jbet.sys [?]
S0 luhkp;luhkp;c:\windows\system32\drivers\yyneonp.sys --> c:\windows\system32\drivers\yyneonp.sys [?]
S3 PAC7311;PLEOMAX PWC-2000;c:\windows\system32\drivers\PA707UCM.SYS [08.9.2007 г. 19:04 150272]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28.5.2008 г. 12:33 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [06.9.2009 г. 19:25 348752]
S4 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe [22.8.2007 г. 17:19 151552]
S4 SavRoam;SAVRoam;"c:\program files\Symantec AntiVirus\SavRoam.exe" --> c:\program files\Symantec AntiVirus\SavRoam.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2009-10-18 c:\windows\Tasks\User_Feed_Synchronization-{8A29E077-EB93-4313-B150-D4541E9396A1}.job
- c:\windows\system32\msfeedssync.exe [2007-11-06 17:36]

2009-05-17 c:\windows\Tasks\Wise Disk Cleaner 4.job
- c:\program files\Wise Disk Cleaner\WiseDiskCleaner.exe [2009-05-14 10:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.15\AMVConverter\grab.html
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.15\MediaManager\grab.html
IE: Send to &Bluetooth Device... - c:\program files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
TCP: {B99DE346-F25F-4BA1-A51A-7E9C6F42D0F9} = 78.90.87.1,89.190.192.162
DPF: {3BB4FE3B-7A37-11D3-A41E-0060080C03B3} - hxxp://vblu.uni-bocconi.it/vblu/NWWClientFull.cab
FF - ProfilePath - c:\documents and settings\Dimiter\Application Data\Mozilla\Firefox\Profiles\f8ovkvmn.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, false);.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Regedit32 - c:\windows\system32\regedit.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-19 00:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5281C2-E540-B626-03CF-1A0574F11851}\MiscStatus]
@Denied: (2) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\myokent.dll

- - - - - - - > 'lsass.exe'(852)
c:\windows\system32\myokent.dll
.
Completion time: 2009-10-18 0:12
ComboFix-quarantined-files.txt 2009-10-18 21:11

Pre-Run: 6 992 908 288 bytes free
Post-Run: 6 949 646 336 bytes free

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
375 --- E O F --- 2007-09-12 12:57
  • 0

#6
kahdah
Posted 18 October 2009 - 05:13 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
AGP440.sys
ntfs.sys
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
  • 0

#7
Mitiu
Posted 18 October 2009 - 05:42 PM

Mitiu

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 02:24 on 19/10/2009 by Dimiter (Administrator - Elevation successful)

========== filefind ==========

Searching for "AGP440.sys"
C:\WINDOWS\system32\drivers\agp440.sys --a--- 0 bytes [23:07 03/08/2004] [18:35 06/10/2009] D41D8CD98F00B204E9800998ECF8427E

Searching for "ntfs.sys"
C:\WINDOWS\$hf_mig$\KB930916\SP2QFE\ntfs.sys --a--c 574976 bytes [11:23 09/02/2007] [11:23 09/02/2007] 05AB81909514BFD69CBB1F2C147CF6B9
C:\WINDOWS\system32\drivers\ntfs.sys --a--c 626336 bytes [19:15 06/11/2007] [21:16 23/08/2009] F11DED9B5E293C625F1A1990D6660E34


-=End Of File=-
  • 0

#8
kahdah
Posted 18 October 2009 - 09:14 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Driver::
fvqh
gpyj
luhkp

File::
c:\documents and settings\Dimiter\Start Menu\Programs\Startup\ikowin32.exe
c:\windows\pss\ikowin32.exe
c:\documents and settings\LocalService\Application Data\bume.pif
c:\documents and settings\LocalService\Application Data\ucerom.vbs
c:\documents and settings\All Users\Application Data\acaby.pif
c:\program files\Common Files\veqowi.db
c:\documents and settings\LocalService\Application Data\rifuhag.dat
c:\documents and settings\LocalService\Application Data\ymin.reg
c:\documents and settings\All Users\Application Data\wyhid.dat
c:\program files\Common Files\ruhun.db
c:\documents and settings\All Users\Application Data\xowysikika.dat
c:\program files\Common Files\hetenybo._dl
c:\documents and settings\All Users\Application Data\parunewo.dat
c:\program files\Common Files\xesaqog.dat
c:\documents and settings\LocalService\Application Data\ogaju.sys
c:\documents and settings\All Users\Application Data\lubesymymo.exe
c:\program files\Common Files\zasul._dl
c:\windows\pylitaq.bin
c:\documents and settings\LocalService\Local Settings\Application Data\ahomaxyp.bin
c:\documents and settings\All Users\Application Data\efasow.pif
c:\windows\system32\mimesaq.exe
c:\documents and settings\LocalService\Local Settings\Application Data\uzulerul.dll
c:\program files\Common Files\ponicu.dl
c:\program files\Common Files\rosunep.bin
c:\documents and settings\All Users\Application Data\benit.sys
c:\documents and settings\Dimiter\Application Data\tidexoqory.exe
c:\windows\conisu.com
c:\program files\Common Files\adulecir.exe
c:\documents and settings\All Users\Application Data\yvelen.pif
c:\windows\pihu.sys
c:\program files\Common Files\hadeke._dl
c:\documents and settings\All Users\Application Data\otydop.com
c:\documents and settings\LocalService\Local Settings\Application Data\paril.sys
c:\program files\Common Files\asif.ban
c:\windows\system32\jogiwakes.sys
c:\documents and settings\All Users\Application Data\owodekego.pif
c:\documents and settings\LocalService\Application Data\axowib.sys
c:\program files\Common Files\giryqinywo.dat
c:\documents and settings\LocalService\Local Settings\Application Data\xihor.bin
c:\windows\exyqutuqah.com
c:\program files\Common Files\wykazydaho._dl
c:\program files\Common Files\udamog.bin
c:\program files\Common Files\uvidymuno.dl
c:\program files\Common Files\enimezug.com
c:\program files\Common Files\emorexuca.bin
c:\documents and settings\LocalService\Local Settings\Application Data\ibeco.exe
c:\windows\nofybisafe.pif
c:\documents and settings\LocalService\Application Data\qezewu.com
c:\documents and settings\LocalService\Local Settings\Application Data\zywofo.com
c:\documents and settings\All Users\Application Data\uvujuw.exe
c:\documents and settings\All Users\Application Data\ewanu.exe
c:\program files\Common Files\pyrubi._sy
c:\program files\Common Files\yqazoceny.exe
c:\documents and settings\Dimiter\Application Data\bumisaxe.com
c:\documents and settings\Dimiter\Application Data\wopehox.com
c:\windows\system32\qotaq.dat
c:\windows\moferite.com
c:\documents and settings\All Users\Application Data\novafy.exe
c:\windows\rosyhihafo.com
c:\documents and settings\Dimiter\Local Settings\Application Data\asyxykas.dat
c:\windows\sosi.dat
c:\documents and settings\Dimiter\Application Data\hahefy.pif
c:\windows\belulus.dat
c:\windows\kuwoky.dat
c:\documents and settings\All Users\Application Data\focaxetagu.scr
c:\documents and settings\Dimiter\Application Data\ecesohihe.pif
c:\documents and settings\All Users\Application Data\yfybiwumo.exe
c:\program files\Common Files\axyqij.com
c:\windows\system32\isozulaja.dll
c:\windows\onugiqiby.pif
c:\windows\paxyzama.bin
c:\program files\Common Files\oryrelofyv.pif
c:\program files\Common Files\ucunal.dat
c:\windows\xuhyh.sys
c:\windows\momoga.bin
c:\windows\waruke.pif
c:\documents and settings\LocalService\Application Data\edar.exe
c:\program files\Common Files\hasebokyda.pif
c:\documents and settings\All Users\Application Data\qafu.scr

Registry::
[-HKLM\~\startupfolder\c:^documents and settings^dimiter^start menu^programs^startup^ikowin32.exe]

SrPeek::
c:\windows\system32\drivers\beep.sys
c:\windows\system32\drivers\agp440.sys
c:\windows\system32\drivers\ntfs.sys


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following report/log into your next reply:
  • Combofix.txt
=============
  • 0

#9
Mitiu
Posted 19 October 2009 - 03:49 AM

Mitiu

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
After combofix system restarting, a system shutdown message popped out with 1 minute countdown and a message about an error in services.exe. Windows restarted before bringing the log. The AntivirusPro 2010 was installed again.
I repeated the procedure, this it went smoothly w/o restarting. here is the log:


ComboFix 09-10-18.04 - Dimiter 10.2009 г. 12:17.5.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.359.1033.18.766.374 [GMT 3:00]
Running from: c:\downloads\ComboFix.exe
Command switches used :: c:\downloads\CFScript.txt
AV: avast! antivirus 4.7.1043 [VPS 071113-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\documents and settings\All Users\Application Data\acaby.pif"
"c:\documents and settings\All Users\Application Data\benit.sys"
"c:\documents and settings\All Users\Application Data\efasow.pif"
"c:\documents and settings\All Users\Application Data\ewanu.exe"
"c:\documents and settings\All Users\Application Data\focaxetagu.scr"
"c:\documents and settings\All Users\Application Data\lubesymymo.exe"
"c:\documents and settings\All Users\Application Data\novafy.exe"
"c:\documents and settings\All Users\Application Data\otydop.com"
"c:\documents and settings\All Users\Application Data\owodekego.pif"
"c:\documents and settings\All Users\Application Data\parunewo.dat"
"c:\documents and settings\All Users\Application Data\qafu.scr"
"c:\documents and settings\All Users\Application Data\uvujuw.exe"
"c:\documents and settings\All Users\Application Data\wyhid.dat"
"c:\documents and settings\All Users\Application Data\xowysikika.dat"
"c:\documents and settings\All Users\Application Data\yfybiwumo.exe"
"c:\documents and settings\All Users\Application Data\yvelen.pif"
"c:\documents and settings\Dimiter\Application Data\bumisaxe.com"
"c:\documents and settings\Dimiter\Application Data\ecesohihe.pif"
"c:\documents and settings\Dimiter\Application Data\hahefy.pif"
"c:\documents and settings\Dimiter\Application Data\tidexoqory.exe"
"c:\documents and settings\Dimiter\Application Data\wopehox.com"
"c:\documents and settings\Dimiter\Local Settings\Application Data\asyxykas.dat"
"c:\documents and settings\Dimiter\Start Menu\Programs\Startup\ikowin32.exe"
"c:\documents and settings\LocalService\Application Data\axowib.sys"
"c:\documents and settings\LocalService\Application Data\bume.pif"
"c:\documents and settings\LocalService\Application Data\edar.exe"
"c:\documents and settings\LocalService\Application Data\ogaju.sys"
"c:\documents and settings\LocalService\Application Data\qezewu.com"
"c:\documents and settings\LocalService\Application Data\rifuhag.dat"
"c:\documents and settings\LocalService\Application Data\ucerom.vbs"
"c:\documents and settings\LocalService\Application Data\ymin.reg"
"c:\documents and settings\LocalService\Local Settings\Application Data\ahomaxyp.bin"
"c:\documents and settings\LocalService\Local Settings\Application Data\ibeco.exe"
"c:\documents and settings\LocalService\Local Settings\Application Data\paril.sys"
"c:\documents and settings\LocalService\Local Settings\Application Data\uzulerul.dll"
"c:\documents and settings\LocalService\Local Settings\Application Data\xihor.bin"
"c:\documents and settings\LocalService\Local Settings\Application Data\zywofo.com"
"c:\program files\Common Files\adulecir.exe"
"c:\program files\Common Files\asif.ban"
"c:\program files\Common Files\axyqij.com"
"c:\program files\Common Files\emorexuca.bin"
"c:\program files\Common Files\enimezug.com"
"c:\program files\Common Files\giryqinywo.dat"
"c:\program files\Common Files\hadeke._dl"
"c:\program files\Common Files\hasebokyda.pif"
"c:\program files\Common Files\hetenybo._dl"
"c:\program files\Common Files\oryrelofyv.pif"
"c:\program files\Common Files\ponicu.dl"
"c:\program files\Common Files\pyrubi._sy"
"c:\program files\Common Files\rosunep.bin"
"c:\program files\Common Files\ruhun.db"
"c:\program files\Common Files\ucunal.dat"
"c:\program files\Common Files\udamog.bin"
"c:\program files\Common Files\uvidymuno.dl"
"c:\program files\Common Files\veqowi.db"
"c:\program files\Common Files\wykazydaho._dl"
"c:\program files\Common Files\xesaqog.dat"
"c:\program files\Common Files\yqazoceny.exe"
"c:\program files\Common Files\zasul._dl"
"c:\windows\belulus.dat"
"c:\windows\conisu.com"
"c:\windows\exyqutuqah.com"
"c:\windows\kuwoky.dat"
"c:\windows\moferite.com"
"c:\windows\momoga.bin"
"c:\windows\nofybisafe.pif"
"c:\windows\onugiqiby.pif"
"c:\windows\paxyzama.bin"
"c:\windows\pihu.sys"
"c:\windows\pss\ikowin32.exe"
"c:\windows\pylitaq.bin"
"c:\windows\rosyhihafo.com"
"c:\windows\sosi.dat"
"c:\windows\system32\isozulaja.dll"
"c:\windows\system32\jogiwakes.sys"
"c:\windows\system32\mimesaq.exe"
"c:\windows\system32\qotaq.dat"
"c:\windows\waruke.pif"
"c:\windows\xuhyh.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AntivirusPro_2010
c:\program files\AntivirusPro_2010\AntivirusPro_2010.exe
c:\program files\AntivirusPro_2010\AVEngn.dll
c:\program files\AntivirusPro_2010\data\daily.cvd
c:\program files\AntivirusPro_2010\htmlayout.dll
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcm80.dll
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcp80.dll
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcr80.dll
c:\program files\AntivirusPro_2010\pthreadVC2.dll
c:\program files\AntivirusPro_2010\Uninstall.exe
c:\program files\AntivirusPro_2010\wscui.cpl
c:\program files\Common Files\emylaxonuk.bat
c:\program files\Common Files\ujocihaha.vbs
c:\windows\irut.reg
c:\windows\jokosalega.inf
c:\windows\system32\_scui.cpl
c:\windows\system32\ojafu.bat
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\acaby.pif
c:\documents and settings\All Users\Application Data\benit.sys
c:\documents and settings\All Users\Application Data\ceban.pif
c:\documents and settings\All Users\Application Data\efasow.pif
c:\documents and settings\All Users\Application Data\ekaxewuraq.com
c:\documents and settings\All Users\Application Data\ewanu.exe
c:\documents and settings\All Users\Application Data\focaxetagu.scr
c:\documents and settings\All Users\Application Data\lubesymymo.exe
c:\documents and settings\All Users\Application Data\novafy.exe
c:\documents and settings\All Users\Application Data\otydop.com
c:\documents and settings\All Users\Application Data\owodekego.pif
c:\documents and settings\All Users\Application Data\parunewo.dat
c:\documents and settings\All Users\Application Data\qafu.scr
c:\documents and settings\All Users\Application Data\uvujuw.exe
c:\documents and settings\All Users\Application Data\wyhid.dat
c:\documents and settings\All Users\Application Data\xowysikika.dat
c:\documents and settings\All Users\Application Data\yfybiwumo.exe
c:\documents and settings\All Users\Application Data\yvelen.pif
c:\documents and settings\All Users\Documents\fasir.bat
c:\documents and settings\All Users\Documents\fone.bat
c:\documents and settings\All Users\Documents\ohuracuquc.inf
c:\documents and settings\All Users\Documents\tepolasuh.bat
c:\documents and settings\All Users\Documents\ybida.bat
c:\documents and settings\Dimiter\Application Data\bumisaxe.com
c:\documents and settings\Dimiter\Application Data\ecesohihe.pif
c:\documents and settings\Dimiter\Application Data\hahefy.pif
c:\documents and settings\Dimiter\Application Data\tidexoqory.exe
c:\documents and settings\Dimiter\Application Data\wopehox.com
c:\documents and settings\Dimiter\Local Settings\Application Data\asyxykas.dat
c:\documents and settings\LocalService\Application Data\asavaxo.inf
c:\documents and settings\LocalService\Application Data\asymufelys.bat
c:\documents and settings\LocalService\Application Data\axowib.sys
c:\documents and settings\LocalService\Application Data\bume.pif
c:\documents and settings\LocalService\Application Data\edar.exe
c:\documents and settings\LocalService\Application Data\lizkavd.exe
c:\documents and settings\LocalService\Application Data\ogaju.sys
c:\documents and settings\LocalService\Application Data\orinejula.dl
c:\documents and settings\LocalService\Application Data\qezewu.com
c:\documents and settings\LocalService\Application Data\rifuhag.dat
c:\documents and settings\LocalService\Application Data\seres.exe
c:\documents and settings\LocalService\Application Data\svcst.exe
c:\documents and settings\LocalService\Application Data\tyrytityja.scr
c:\documents and settings\LocalService\Application Data\ucerom.vbs
c:\documents and settings\LocalService\Application Data\ymin.reg
c:\documents and settings\LocalService\Cookies\apoc.dl
c:\documents and settings\LocalService\Cookies\semavozan.exe
c:\documents and settings\LocalService\Local Settings\Application Data\ahomaxyp.bin
c:\documents and settings\LocalService\Local Settings\Application Data\hamyrewa.exe
c:\documents and settings\LocalService\Local Settings\Application Data\ibeco.exe
c:\documents and settings\LocalService\Local Settings\Application Data\iniqyse.exe
c:\documents and settings\LocalService\Local Settings\Application Data\jyvynewes.exe
c:\documents and settings\LocalService\Local Settings\Application Data\paril.sys
c:\documents and settings\LocalService\Local Settings\Application Data\qonax.dl
c:\documents and settings\LocalService\Local Settings\Application Data\rykuf.ban
c:\documents and settings\LocalService\Local Settings\Application Data\sulynifo.scr
c:\documents and settings\LocalService\Local Settings\Application Data\uzulerul.dll
c:\documents and settings\LocalService\Local Settings\Application Data\xihor.bin
c:\documents and settings\LocalService\Local Settings\Application Data\zywofo.com
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\citeketyri.reg
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\ivawegafov.ban
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\yvidytetu.dat
c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\program files\AntivirusPro_2010\AntivirusPro_2010.cfg
c:\program files\AntivirusPro_2010\AntivirusPro_2010.exe
c:\program files\AntivirusPro_2010\AVEngn.dll
c:\program files\AntivirusPro_2010\data\daily.cvd
c:\program files\AntivirusPro_2010\htmlayout.dll
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcm80.dll
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcp80.dll
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcr80.dll
c:\program files\AntivirusPro_2010\pthreadVC2.dll
c:\program files\AntivirusPro_2010\Uninstall.exe
c:\program files\AntivirusPro_2010\wscui.cpl
c:\program files\Common Files\adulecir.exe
c:\program files\Common Files\asaz.exe
c:\program files\Common Files\asif.ban
c:\program files\Common Files\axyqij.com
c:\program files\Common Files\emorexuca.bin
c:\program files\Common Files\enimezug.com
c:\program files\Common Files\giryqinywo.dat
c:\program files\Common Files\hadeke._dl
c:\program files\Common Files\hasebokyda.pif
c:\program files\Common Files\hetenybo._dl
c:\program files\Common Files\jofomug.reg
c:\program files\Common Files\oryrelofyv.pif
c:\program files\Common Files\ponicu.dl
c:\program files\Common Files\pyrubi._sy
c:\program files\Common Files\rosunep.bin
c:\program files\Common Files\ruhun.db
c:\program files\Common Files\ucunal.dat
c:\program files\Common Files\udamog.bin
c:\program files\Common Files\upyleb.bin
c:\program files\Common Files\uvidymuno.dl
c:\program files\Common Files\veqowi.db
c:\program files\Common Files\wovu.bat
c:\program files\Common Files\wykazydaho._dl
c:\program files\Common Files\xesaqog.dat
c:\program files\Common Files\yqazoceny.exe
c:\program files\Common Files\zasul._dl
c:\windows\ahabilulac._sy
c:\windows\aloju._dl
c:\windows\belulus.dat
c:\windows\conisu.com
c:\windows\dise.bin
c:\windows\exyqutuqah.com
c:\windows\kuwoky.dat
c:\windows\moferite.com
c:\windows\momoga.bin
c:\windows\nofybisafe.pif
c:\windows\onugiqiby.pif
c:\windows\paxyzama.bin
c:\windows\pihu.sys
c:\windows\pylitaq.bin
c:\windows\rosyhihafo.com
c:\windows\sosi.dat
c:\windows\system32\_scui.cpl
c:\windows\system32\isozulaja.dll
c:\windows\system32\jogiwakes.sys
c:\windows\system32\mimesaq.exe
c:\windows\system32\pyhe.scr
c:\windows\system32\qotaq.dat
c:\windows\system32\uvylyse._sy
c:\windows\system32\xekicuxaso.dl
c:\windows\uhunoqy.dl
c:\windows\ujijujimem._sy
c:\windows\vylasece.bin
c:\windows\waruke.pif
c:\windows\xuhyh.sys
c:\windows\yxemenone.dll

-- Previous Run --

c:\windows\system32\drivers\AGP440.sys . . . is infected!!

--------

c:\windows\system32\drivers\AGP440.sys . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_fvqh
-------\Service_gpyj
-------\Service_luhkp


((((((((((((((((((((((((( Files Created from 2009-09-19 to 2009-10-19 )))))))))))))))))))))))))))))))
.

2009-10-19 09:20 . 2009-10-19 09:20 18642 ----a-w- c:\program files\Common Files\wejejasol.scr
2009-10-19 09:20 . 2009-10-19 09:20 17665 ----a-w- c:\windows\ykyqa.dll
2009-10-19 09:20 . 2009-10-19 09:20 15290 ----a-w- c:\windows\dabok.scr
2009-10-19 09:20 . 2009-10-19 09:20 12657 ----a-w- c:\program files\Common Files\xuzukatozu.dll
2009-10-19 09:20 . 2009-10-19 09:20 12533 ----a-w- c:\windows\hovi.pif
2009-10-19 09:20 . 2009-10-19 09:20 11448 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\ilyvegitid.pif
2009-10-19 09:20 . 2009-10-19 09:20 11214 ----a-w- c:\windows\qisamofob.pif
2009-10-19 08:31 . 2009-10-19 08:31 12979 ----a-w- c:\program files\Common Files\joqihoxo.dat
2009-10-18 20:59 . 2009-10-18 20:59 10827 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\uvupiqij.dat
2009-10-18 20:59 . 2009-10-18 20:59 10725 ----a-w- c:\windows\system32\zipupimor.com
2009-10-18 20:58 . 2009-10-18 20:58 -------- d-----w- C:\AntivirusPro_2010
2009-10-18 20:44 . 2009-10-18 20:44 -------- d-----w- C:\_OTL
2009-10-18 20:03 . 2009-10-18 20:03 18555 ----a-w- c:\program files\Common Files\elymotowyn.dat
2009-10-18 12:20 . 2009-10-18 12:19 291328 ----a-w- C:\sz5ru2vx.exe
2009-10-17 18:55 . 2009-10-17 18:55 -------- d-----w- c:\windows\system32\Adobe
2009-10-15 16:26 . 2009-10-15 16:26 -------- d-----w- c:\windows\ERUNT
2009-10-15 14:58 . 2009-10-15 14:58 -------- d-----w- c:\program files\ERUNT
2009-10-15 12:09 . 2009-10-15 12:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Sibelius Software
2009-10-15 12:09 . 2009-10-15 12:09 -------- d-----w- c:\documents and settings\Dimiter\Application Data\Sibelius Software
2009-10-15 11:46 . 2009-10-15 11:46 -------- d-----w- c:\documents and settings\Dimiter\Local Settings\Application Data\Sibelius_Software_Ltd
2009-10-15 08:54 . 2009-10-15 08:54 11934 ----a-w- c:\windows\system32\elujypozu.dat
2009-10-13 23:29 . 2009-10-13 23:29 -------- d-----w- c:\program files\Sibelius Software
2009-10-13 22:16 . 2009-10-13 22:16 -------- d-----w- c:\program files\EarMaster School 5
2009-10-13 22:16 . 2009-10-13 22:16 -------- d-----w- c:\documents and settings\All Users\Application Data\EarMaster
2009-10-13 21:58 . 2009-10-13 21:58 -------- d-----w- c:\program files\Trend Micro
2009-10-10 19:31 . 2009-10-17 18:05 -------- d-----w- C:\Movies
2009-10-08 14:22 . 2009-10-08 14:22 -------- d-----w- c:\documents and settings\Dimiter\Application Data\CyberLink
2009-10-08 14:19 . 2009-10-08 14:19 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-10-08 14:18 . 2001-03-08 15:30 24064 ------w- c:\windows\system32\msxml3a.dll
2009-10-08 14:17 . 2009-10-08 16:06 -------- d-----w- c:\program files\CyberLink
2009-10-08 14:11 . 2009-10-08 14:42 -------- d-----w- c:\program files\The KMPlayer
2009-10-08 13:27 . 2009-10-08 13:40 -------- d-----w- C:\WINXPCD
2009-10-08 13:08 . 2009-10-08 13:08 -------- d-----w- c:\documents and settings\Dimiter\Local Settings\Application Data\ratDVD
2009-10-08 12:56 . 2009-10-08 13:07 -------- d-----w- c:\program files\ratDVD
2009-10-08 12:06 . 2009-10-08 12:06 -------- d-----w- c:\documents and settings\Dimiter\Local Settings\Application Data\eSupport.com
2009-10-08 10:32 . 2009-10-08 14:18 -------- d-----w- C:\WinSetupFromUSB
2009-10-07 18:18 . 2009-10-07 18:18 17334 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\fazoc.dat
2009-10-07 13:27 . 2009-10-07 13:27 -------- d-----w- c:\program files\MozBackup
2009-10-06 20:45 . 2009-10-06 20:46 -------- d-----w- c:\program files\BackRex Expert Backup
2009-10-05 19:26 . 2009-10-05 19:26 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\d3drpc32
2009-10-03 16:06 . 2009-10-03 16:07 -------- d-----w- c:\program files\CPU Thermometer
2009-09-29 16:40 . 2009-09-29 16:40 120448 ----a-w- c:\documents and settings\Dimiter\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-09-29 09:15 . 2009-09-29 19:00 -------- d-----w- c:\documents and settings\Dimiter\Application Data\Thinstall

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-19 09:20 . 2009-10-19 09:20 18957 ----a-w- c:\program files\Common Files\ewiwijo._sy
2009-10-19 09:20 . 2009-10-19 09:20 15384 ----a-w- c:\documents and settings\All Users\Application Data\tugeq.dat
2009-10-19 09:20 . 2009-10-19 09:20 17563 ----a-w- c:\documents and settings\All Users\Application Data\dami.sys
2009-10-19 09:20 . 2009-10-19 09:20 10469 ----a-w- c:\program files\Common Files\ykyxik._sy
2009-10-19 09:17 . 2009-10-19 09:17 159856 ----a-w- c:\documents and settings\LocalService\Application Data\lizkavd.exe
2009-10-19 09:17 . 2009-10-19 09:17 45056 ----a-w- c:\documents and settings\LocalService\Application Data\svcst.exe
2009-10-19 09:17 . 2009-10-19 09:17 45056 ----a-w- c:\documents and settings\LocalService\Application Data\seres.exe
2009-10-19 08:31 . 2009-10-19 08:31 15390 ----a-w- c:\program files\Common Files\cesisekiqi.db
2009-10-19 08:15 . 2008-10-27 18:03 -------- d-----w- c:\documents and settings\Dimiter\Application Data\uTorrent
2009-10-18 11:46 . 2008-07-11 21:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Soulseek
2009-10-18 01:30 . 2007-09-08 16:33 -------- d-----w- c:\program files\eMule
2009-10-17 19:13 . 2007-09-07 09:17 -------- d-----w- c:\documents and settings\Dimiter\Application Data\Skype
2009-10-17 18:29 . 2008-02-21 17:00 -------- d-----w- c:\documents and settings\Dimiter\Application Data\skypePM
2009-10-15 12:42 . 2009-09-01 19:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-15 12:09 . 2009-10-15 12:09 604 ---ha-w- c:\program files\STLL Notifier
2009-10-14 11:01 . 2007-08-31 07:31 31768 -c--a-w- c:\documents and settings\Dimiter\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-08 16:06 . 2007-08-31 07:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-06 18:35 . 2004-08-03 23:07 0 ----a-w- c:\windows\system32\drivers\agp440.sys
2009-10-03 16:07 . 2009-06-23 21:50 -------- d-----w- c:\documents and settings\All Users\Application Data\HDD Thermometer
2009-09-19 10:06 . 2009-04-09 22:04 -------- d-----w- c:\program files\Directmedia
2009-09-19 08:49 . 2007-11-06 02:29 -------- d-----w- c:\program files\ESET
2009-09-19 08:47 . 2009-01-11 18:08 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-12 15:21 . 2009-09-06 14:51 -------- d-----w- c:\program files\Spyware Doctor
2009-09-10 11:54 . 2009-09-01 19:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 11:53 . 2009-09-01 19:06 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-06 16:30 . 2009-09-06 16:26 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-09-06 16:26 . 2009-09-06 14:51 -------- d-----w- c:\program files\Common Files\PC Tools
2009-09-06 15:12 . 2009-09-06 15:12 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-09-06 15:12 . 2009-09-06 15:12 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-09-05 16:28 . 2009-09-05 16:28 -------- d-----w- c:\program files\MouSing
2009-09-05 09:59 . 2009-09-05 09:59 14437 ----a-w- c:\documents and settings\All Users\Application Data\revo.dll
2009-09-04 14:34 . 2009-09-04 14:34 15051 ----a-w- c:\windows\weqymuqen.bin
2009-09-04 14:34 . 2009-09-04 14:34 14867 ----a-w- c:\program files\Common Files\dyweqyg._dl
2009-09-04 14:34 . 2009-09-04 14:34 14756 ----a-w- c:\windows\exukowepe.bin
2009-09-04 14:34 . 2009-09-04 14:34 10422 ----a-w- c:\documents and settings\All Users\Application Data\ufyb.pif
2009-09-04 14:13 . 2009-09-04 14:13 15211 ----a-w- c:\windows\pufy.com
2009-09-04 14:13 . 2009-09-04 14:13 18937 ----a-w- c:\program files\Common Files\suzepuda.db
2009-09-04 14:13 . 2009-09-04 14:13 18402 ----a-w- c:\documents and settings\LocalService\Application Data\tugu.sys
2009-09-04 14:13 . 2009-09-04 14:13 16728 ----a-w- c:\program files\Common Files\ahomezese.ban
2009-09-04 14:13 . 2009-09-04 14:13 16584 ----a-w- c:\windows\ufajame.com
2009-09-04 14:13 . 2009-09-04 14:13 15147 ----a-w- c:\program files\Common Files\vogyqi.sys
2009-09-04 14:13 . 2009-09-04 14:13 14995 ----a-w- c:\windows\bydusazyz.sys
2009-09-04 14:13 . 2009-09-04 14:13 14251 ----a-w- c:\documents and settings\LocalService\Application Data\ivabesahot.dll
2009-09-04 14:13 . 2009-09-04 14:13 10213 ----a-w- c:\documents and settings\All Users\Application Data\xumedu.dll
2009-09-04 11:33 . 2009-09-04 11:33 18803 ----a-w- c:\program files\Common Files\atusuqoh.exe
2009-09-04 11:33 . 2009-09-04 11:33 18269 ----a-w- c:\windows\system32\radelamoko.exe
2009-09-04 11:33 . 2009-09-04 11:33 17663 ----a-w- c:\program files\Common Files\etevy._dl
2009-09-04 11:33 . 2009-09-04 11:33 16335 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\zepi.scr
2009-09-04 11:33 . 2009-09-04 11:33 10011 ----a-w- c:\documents and settings\All Users\Application Data\cibuqive.pif
2009-09-03 09:19 . 2009-09-03 09:19 19553 ----a-w- c:\program files\Common Files\hynofoqemy.db
2009-09-03 09:19 . 2009-09-03 09:19 18800 ----a-w- c:\windows\jycekoma.dat
2009-09-03 09:19 . 2009-09-03 09:19 18174 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\ulotyqi.pif
2009-09-03 09:19 . 2009-09-03 09:19 15558 ----a-w- c:\documents and settings\All Users\Application Data\yqer.exe
2009-09-03 09:19 . 2009-09-03 09:19 14826 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\ilezu.pif
2009-09-03 09:19 . 2009-09-03 09:19 12703 ----a-w- c:\windows\system32\ywaxosa.sys
2009-09-03 09:19 . 2009-09-03 09:19 10128 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\suva.exe
2009-09-02 22:55 . 2007-10-29 00:31 -------- d-----w- c:\documents and settings\Dimiter\Application Data\foobar2000
2009-09-01 20:04 . 2009-09-01 20:04 17953 ----a-w- c:\windows\ykuv.dat
2009-09-01 20:04 . 2009-09-01 20:04 16420 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\acamisif.scr
2009-09-01 20:04 . 2009-09-01 20:04 16379 ----a-w- c:\documents and settings\All Users\Application Data\gavo.scr
2009-09-01 20:04 . 2009-09-01 20:04 15245 ----a-w- c:\documents and settings\All Users\Application Data\ekatupitos.bin
2009-09-01 20:04 . 2009-09-01 20:04 14279 ----a-w- c:\program files\Common Files\radixahu._dl
2009-09-01 20:04 . 2009-09-01 20:04 12831 ----a-w- c:\windows\system32\ineqaw.dat
2009-09-01 20:04 . 2009-09-01 20:04 12526 ----a-w- c:\windows\hasaly.com
2009-09-01 20:04 . 2009-09-01 20:04 11992 ----a-w- c:\windows\ufeworumit.com
2009-09-01 20:04 . 2009-09-01 20:04 11492 ----a-w- c:\windows\akaxaka.sys
2009-09-01 19:06 . 2009-09-01 19:06 -------- d-----w- c:\documents and settings\Dimiter\Application Data\Malwarebytes
2009-09-01 19:06 . 2009-09-01 19:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-01 17:54 . 2009-09-01 17:54 19611 ----a-w- c:\documents and settings\Dimiter\Local Settings\Application Data\bokibelen.pif
2009-09-01 17:54 . 2009-09-01 17:54 19032 ----a-w- c:\windows\zowyn.pif
2009-09-01 17:54 . 2009-09-01 17:54 17101 ----a-w- c:\documents and settings\Dimiter\Application Data\sypyjyc.exe
2009-09-01 17:54 . 2009-09-01 17:54 14423 ----a-w- c:\documents and settings\Dimiter\Application Data\isorolep.bin
2009-09-01 17:54 . 2009-09-01 17:54 12220 ----a-w- c:\windows\olunohok.com
2009-09-01 17:54 . 2009-09-01 17:54 10310 ----a-w- c:\documents and settings\Dimiter\Local Settings\Application Data\ivokazuqo.com
2009-09-01 17:09 . 2008-05-15 09:22 -------- d-----w- c:\program files\WinClamAVShield
2009-09-01 17:04 . 2009-09-01 17:04 -------- d-----w- c:\documents and settings\Dimiter\Application Data\VSRevoGroup
2009-09-01 16:55 . 2009-09-01 16:55 14852 ----a-w- c:\windows\system32\tyragukage.pif
2009-09-01 16:55 . 2009-09-01 16:55 13131 ----a-w- c:\documents and settings\All Users\Application Data\ityhequ.sys
2009-09-01 16:55 . 2009-09-01 16:55 10338 ----a-w- c:\program files\Common Files\lyme.exe
2009-09-01 15:28 . 2009-05-14 15:19 -------- d-----w- c:\program files\Wise Disk Cleaner
2009-09-01 12:40 . 2009-09-01 12:40 -------- d-----w- c:\program files\AutoDWG
2009-08-26 11:56 . 2009-08-26 11:56 19489 ----a-w- c:\documents and settings\Dimiter\Local Settings\Application Data\ozogo.com
2009-08-26 11:56 . 2009-08-26 11:56 19277 ----a-w- c:\windows\apovysyd.dat
2009-08-26 11:56 . 2009-08-26 11:56 18680 ----a-w- c:\windows\ijyzek.bin
2009-08-26 11:56 . 2009-08-26 11:56 17312 ----a-w- c:\windows\worex.pif
2009-08-26 11:56 . 2009-08-26 11:56 17045 ----a-w- c:\windows\ekuwidiwak.bin
2009-08-26 11:56 . 2009-08-26 11:56 15977 ----a-w- c:\windows\usany.bin
2009-08-26 11:56 . 2009-08-26 11:56 12089 ----a-w- c:\windows\owizaq.pif
2009-08-26 11:56 . 2009-08-26 11:56 17038 ----a-w- c:\documents and settings\All Users\Application Data\unobeqipow.pif
2009-08-26 11:56 . 2009-08-26 11:56 19296 ----a-w- c:\windows\system32\dibimywij.bin
2009-08-26 11:56 . 2009-08-26 11:56 16504 ----a-w- c:\documents and settings\All Users\Application Data\agufy.dll
2009-08-23 21:22 . 2009-08-23 21:22 19975 ----a-w- c:\documents and settings\LocalService\Application Data\bypufys.dll
2009-08-23 21:22 . 2009-08-23 21:22 19437 ----a-w- c:\documents and settings\All Users\Application Data\ilohaduzi.sys
2009-08-23 21:22 . 2009-08-23 21:22 18424 ----a-w- c:\windows\uxufaka.dat
2009-08-23 21:22 . 2009-08-23 21:22 17648 ----a-w- c:\documents and settings\LocalService\Application Data\tymucyj.bin
2009-08-23 21:22 . 2009-08-23 21:22 17435 ----a-w- c:\documents and settings\LocalService\Application Data\picyvylif.pif
2009-08-23 21:22 . 2009-08-23 21:22 17339 ----a-w- c:\windows\siwonyhabi.dat
2009-08-23 21:22 . 2009-08-23 21:22 16835 ----a-w- c:\program files\Common Files\ajaj.dll
2009-08-23 21:22 . 2009-08-23 21:22 12111 ----a-w- c:\program files\Common Files\emabyz.bin
2009-08-23 21:16 . 2007-11-06 19:15 626336 -c--a-w- c:\windows\system32\drivers\ntfs.sys
2009-06-04 10:01 . 2007-09-02 19:07 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-06-04 10:01 . 2007-09-02 19:07 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-06-04 10:01 . 2007-09-02 19:07 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-06-04 10:01 . 2007-09-02 19:07 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2009-06-04 10:01 . 2007-09-02 19:07 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))

c:\sdfix\apps\Replace\w2k\beep.sys [x]
[-] DF012C2853281CE2BF536E8DE871C8C1 4080 \RP453\A0120547.sys
[-] DF012C2853281CE2BF536E8DE871C8C1 4080 \RP455\A0121292.sys

c:\sdfix\apps\Replace\xp\beep.sys [x]
[7] DA1F27D85E0D1525F6621372E7B685E9 4224 \RP453\A0120548.sys
[7] DA1F27D85E0D1525F6621372E7B685E9 4224 \RP455\A0121288.sys

c:\windows\system32\dllcache\agp440.sys [x]
[-] D41D8CD98F00B204E9800998ECF8427E 0 \RP453\A0120821.sys

c:\windows\system32\drivers\beep.sys [x]
[-] A7E0AB36B0362650F4BB4AED5BAFE310 28672 \RP452\A0120437.sys

c:\winsetupfromusb\TEMP\$WIN_NT$.~BT\NTFS.SYS [x]
[7] 7179AC3F4258AEC9627590A842FDA1D6 574976 \RP444\A0110938.SYS
.
------- Sigcheck -------


[-] 2009-08-23 21:16 . F11DED9B5E293C625F1A1990D6660E34 . 626336 . . [------] . . c:\windows\system32\drivers\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys

[-] 2009-10-06 18:35 . D41D8CD98F00B204E9800998ECF8427E . 0 . . [------] . . c:\windows\system32\drivers\agp440.sys

c:\windows\system32\drivers\beep.sys ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot@2009-10-18_21.09.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-19 08:19 . 2009-10-19 08:19 761856 c:\windows\ERDNT\AutoBackup\19.10.2009 г\Users\00000002\UsrClass.dat
+ 2009-10-19 08:19 . 2005-10-20 09:02 163328 c:\windows\ERDNT\AutoBackup\19.10.2009 г\ERDNT.EXE
+ 2009-10-19 08:19 . 2009-10-19 08:19 12824576 c:\windows\ERDNT\AutoBackup\19.10.2009 г\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ACU"="c:\program files\Atheros\ACU.exe" [2006-03-25 335961]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"Regedit32"="c:\windows\system32\regedit.exe" [BU]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-11-14 16270848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]
"IE7-10"="advpack.dll" - c:\windows\system32\advpack.dll [2007-07-22 124928]

c:\documents and settings\Dimiter\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Belkin\Bluetooth Software\BTTray.exe [2006-6-7 553021]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"= 1 (0x1)
"Btn_Tools"= 2 (0x2)
"Btn_Home"= 2 (0x2)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=myokent.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Dimiter^Start Menu^Programs^Startup^FlexWord 2.0.lnk]
path=c:\documents and settings\Dimiter\Start Menu\Programs\Startup\FlexWord 2.0.lnk
backup=c:\windows\pss\FlexWord 2.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"Symantec AntiVirus"=2 (0x2)
"SavRoam"=3 (0x3)
"matlabserver"=2 (0x2)
"ERSvc"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"DefWatch"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"bepldr"=3 (0x3)
"DiskSuiteService"=2 (0x2)
"Diskeeper"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Documents and Settings\\Dimiter\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Soulseek-Test\\slsk.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Sibelius Software\\Sibelius 6\\RegTool.exe"=
"c:\\Program Files\\Sibelius Software\\Sibelius 6\\Sibelius.exe"=
"c:\\Downloads\\utorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26000:TCP"= 26000:TCP:BitComet 26000 TCP
"26000:UDP"= 26000:UDP:BitComet 26000 UDP
"49153:TCP"= 49153:TCP:BitComet 49153 TCP
"49153:UDP"= 49153:UDP:BitComet 49153 UDP
"17150:TCP"= 17150:TCP:BitComet 17150 TCP
"17150:UDP"= 17150:UDP:BitComet 17150 UDP
"12086:TCP"= 12086:TCP:BitComet 12086 TCP
"12086:UDP"= 12086:UDP:BitComet 12086 UDP

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.8.2009 г. 21:42 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.8.2009 г. 21:42 94360]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [28.5.2008 г. 12:33 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28.5.2008 г. 12:33 55024]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 г. 15:47 731840]
S3 PAC7311;PLEOMAX PWC-2000;c:\windows\system32\drivers\PA707UCM.SYS [08.9.2007 г. 19:04 150272]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28.5.2008 г. 12:33 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [06.9.2009 г. 19:25 348752]
S4 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe [22.8.2007 г. 17:19 151552]
S4 SavRoam;SAVRoam;"c:\program files\Symantec AntiVirus\SavRoam.exe" --> c:\program files\Symantec AntiVirus\SavRoam.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2009-10-19 c:\windows\Tasks\User_Feed_Synchronization-{8A29E077-EB93-4313-B150-D4541E9396A1}.job
- c:\windows\system32\msfeedssync.exe [2007-11-06 17:36]

2009-05-17 c:\windows\Tasks\Wise Disk Cleaner 4.job
- c:\program files\Wise Disk Cleaner\WiseDiskCleaner.exe [2009-05-14 10:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.15\AMVConverter\grab.html
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.15\MediaManager\grab.html
IE: Send to &Bluetooth Device... - c:\program files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
TCP: {B99DE346-F25F-4BA1-A51A-7E9C6F42D0F9} = 78.90.87.1,89.190.192.162
DPF: {3BB4FE3B-7A37-11D3-A41E-0060080C03B3} - hxxp://vblu.uni-bocconi.it/vblu/NWWClientFull.cab
FF - ProfilePath - c:\documents and settings\Dimiter\Application Data\Mozilla\Firefox\Profiles\f8ovkvmn.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, false);.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-19 12:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5281C2-E540-B626-03CF-1A0574F11851}\MiscStatus]
@Denied: (2) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\myokent.dll

- - - - - - - > 'lsass.exe'(852)
c:\windows\system32\myokent.dll
.
Completion time: 2009-10-19 12:33
ComboFix-quarantined-files.txt 2009-10-19 09:33
ComboFix2.txt 2009-10-18 21:13

Pre-Run: 4 884 049 920 bytes free
Post-Run: 4 861 087 744 bytes free

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 573FB71BFECB193CE14E2A8C39C899AB
  • 0

#10
kahdah
Posted 19 October 2009 - 06:02 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download the attached .zip file.

Extract it to C:\.
[attachment=35152:agp440.zip]
=================================
Then do the following:

Please install the Recovery Console this time when asked this is important

1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KILLALL::

Scopy::
\RP453\A0120548.sys|c:\windows\system32\drivers\beep.sys
\RP444\A0110938.SYS|C:\WINDOWS\system32\drivers\ntfs.sys

FMove::
C:\agp440.sys|c:\windows\system32\drivers\agp440.sys

File::
c:\program files\Common Files\wejejasol.scr
c:\windows\ykyqa.dll
c:\windows\dabok.scr
c:\program files\Common Files\xuzukatozu.dll
c:\windows\hovi.pif
c:\documents and settings\LocalService\Local Settings\Application Data\ilyvegitid.pif
c:\windows\qisamofob.pif
c:\program files\Common Files\joqihoxo.dat
c:\documents and settings\LocalService\Local Settings\Application Data\uvupiqij.dat
c:\windows\system32\zipupimor.com
c:\program files\Common Files\elymotowyn.dat
c:\windows\system32\elujypozu.dat
c:\program files\Common Files\ewiwijo._sy
c:\documents and settings\All Users\Application Data\tugeq.dat
C:\documents and settings\All Users\Application Data\dami.sys
c:\program files\Common Files\ykyxik._sy
c:\documents and settings\LocalService\Application Data\lizkavd.exe
c:\documents and settings\LocalService\Application Data\svcst.exe
c:\documents and settings\LocalService\Application Data\seres.exe
c:\program files\Common Files\cesisekiqi.db
c:\documents and settings\All Users\Application Data\revo.dll
c:\windows\weqymuqen.bin
c:\program files\Common Files\dyweqyg._dl
c:\windows\exukowepe.bin
c:\documents and settings\All Users\Application Data\ufyb.pif
c:\windows\pufy.com
c:\program files\Common Files\suzepuda.db
c:\documents and settings\LocalService\Application Data\tugu.sys
c:\program files\Common Files\ahomezese.ban
c:\windows\ufajame.com
c:\program files\Common Files\vogyqi.sys
c:\windows\bydusazyz.sys
c:\documents and settings\LocalService\Application Data\ivabesahot.dll
c:\documents and settings\All Users\Application Data\xumedu.dll
c:\program files\Common Files\atusuqoh.exe
c:\windows\system32\radelamoko.exe
c:\program files\Common Files\etevy._dl
c:\documents and settings\LocalService\Local Settings\Application Data\zepi.scr
c:\documents and settings\All Users\Application Data\cibuqive.pif
c:\program files\Common Files\hynofoqemy.db
c:\windows\jycekoma.dat
c:\documents and settings\LocalService\Local Settings\Application Data\ulotyqi.pif
c:\documents and settings\All Users\Application Data\yqer.exe
c:\documents and settings\LocalService\Local Settings\Application Data\ilezu.pif
c:\windows\system32\ywaxosa.sys
c:\documents and settings\LocalService\Local Settings\Application Data\suva.exe
c:\windows\ykuv.dat
c:\documents and settings\LocalService\Local Settings\Application Data\acamisif.scr
c:\documents and settings\All Users\Application Data\gavo.scr
c:\documents and settings\All Users\Application Data\ekatupitos.bin
c:\program files\Common Files\radixahu._dl
c:\windows\system32\ineqaw.dat
c:\windows\hasaly.com
c:\windows\ufeworumit.com
c:\windows\akaxaka.sys
c:\documents and settings\Dimiter\Local Settings\Application Data\bokibelen.pif
c:\windows\zowyn.pif
c:\documents and settings\Dimiter\Application Data\sypyjyc.exe
c:\documents and settings\Dimiter\Application Data\isorolep.bin
c:\windows\olunohok.com
c:\documents and settings\Dimiter\Local Settings\Application Data\ivokazuqo.com
c:\windows\system32\tyragukage.pif
c:\documents and settings\All Users\Application Data\ityhequ.sys
c:\program files\Common Files\lyme.exe
c:\documents and settings\Dimiter\Local Settings\Application Data\ozogo.com
c:\windows\apovysyd.dat
c:\windows\ijyzek.bin
c:\windows\worex.pif
c:\windows\ekuwidiwak.bin
c:\windows\usany.bin
c:\windows\owizaq.pif
c:\documents and settings\All Users\Application Data\unobeqipow.pif
c:\windows\system32\dibimywij.bin
c:\documents and settings\All Users\Application Data\agufy.dll
c:\documents and settings\LocalService\Application Data\bypufys.dll
c:\documents and settings\All Users\Application Data\ilohaduzi.sys
c:\windows\uxufaka.dat
c:\documents and settings\LocalService\Application Data\tymucyj.bin
c:\documents and settings\LocalService\Application Data\picyvylif.pif
c:\windows\siwonyhabi.dat
c:\program files\Common Files\ajaj.dll
c:\program files\Common Files\emabyz.bin


Folder::
C:\AntivirusPro_2010

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Regedit32"=-


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following report/log into your next reply:
  • Combofix.txt

  • 0

#11
Mitiu
Posted 19 October 2009 - 12:25 PM

Mitiu

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Combofix haven't asked me for Recovery Console, however I installed it from my Windows CD.
Here is the log:

ComboFix 09-10-18.06 - Dimiter 10.2009 г. 20:24.6.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.359.1033.18.766.410 [GMT 3:00]
Running from: c:\downloads\ComboFix.exe
Command switches used :: c:\downloads\CFScript.txt
AV: avast! antivirus 4.7.1043 [VPS 071113-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FILE ::
"c:\documents and settings\All Users\Application Data\agufy.dll"
"c:\documents and settings\All Users\Application Data\cibuqive.pif"
"c:\documents and settings\All Users\Application Data\dami.sys"
"c:\documents and settings\All Users\Application Data\ekatupitos.bin"
"c:\documents and settings\All Users\Application Data\gavo.scr"
"c:\documents and settings\All Users\Application Data\ilohaduzi.sys"
"c:\documents and settings\All Users\Application Data\ityhequ.sys"
"c:\documents and settings\All Users\Application Data\revo.dll"
"c:\documents and settings\All Users\Application Data\tugeq.dat"
"c:\documents and settings\All Users\Application Data\ufyb.pif"
"c:\documents and settings\All Users\Application Data\unobeqipow.pif"
"c:\documents and settings\All Users\Application Data\xumedu.dll"
"c:\documents and settings\All Users\Application Data\yqer.exe"
"c:\documents and settings\Dimiter\Application Data\isorolep.bin"
"c:\documents and settings\Dimiter\Application Data\sypyjyc.exe"
"c:\documents and settings\Dimiter\Local Settings\Application Data\bokibelen.pif"
"c:\documents and settings\Dimiter\Local Settings\Application Data\ivokazuqo.com"
"c:\documents and settings\Dimiter\Local Settings\Application Data\ozogo.com"
"c:\documents and settings\LocalService\Application Data\bypufys.dll"
"c:\documents and settings\LocalService\Application Data\ivabesahot.dll"
"c:\documents and settings\LocalService\Application Data\lizkavd.exe"
"c:\documents and settings\LocalService\Application Data\picyvylif.pif"
"c:\documents and settings\LocalService\Application Data\seres.exe"
"c:\documents and settings\LocalService\Application Data\svcst.exe"
"c:\documents and settings\LocalService\Application Data\tugu.sys"
"c:\documents and settings\LocalService\Application Data\tymucyj.bin"
"c:\documents and settings\LocalService\Local Settings\Application Data\acamisif.scr"
"c:\documents and settings\LocalService\Local Settings\Application Data\ilezu.pif"
"c:\documents and settings\LocalService\Local Settings\Application Data\ilyvegitid.pif"
"c:\documents and settings\LocalService\Local Settings\Application Data\suva.exe"
"c:\documents and settings\LocalService\Local Settings\Application Data\ulotyqi.pif"
"c:\documents and settings\LocalService\Local Settings\Application Data\uvupiqij.dat"
"c:\documents and settings\LocalService\Local Settings\Application Data\zepi.scr"
"c:\program files\Common Files\ahomezese.ban"
"c:\program files\Common Files\ajaj.dll"
"c:\program files\Common Files\atusuqoh.exe"
"c:\program files\Common Files\cesisekiqi.db"
"c:\program files\Common Files\dyweqyg._dl"
"c:\program files\Common Files\elymotowyn.dat"
"c:\program files\Common Files\emabyz.bin"
"c:\program files\Common Files\etevy._dl"
"c:\program files\Common Files\ewiwijo._sy"
"c:\program files\Common Files\hynofoqemy.db"
"c:\program files\Common Files\joqihoxo.dat"
"c:\program files\Common Files\lyme.exe"
"c:\program files\Common Files\radixahu._dl"
"c:\program files\Common Files\suzepuda.db"
"c:\program files\Common Files\vogyqi.sys"
"c:\program files\Common Files\wejejasol.scr"
"c:\program files\Common Files\xuzukatozu.dll"
"c:\program files\Common Files\ykyxik._sy"
"c:\windows\akaxaka.sys"
"c:\windows\apovysyd.dat"
"c:\windows\bydusazyz.sys"
"c:\windows\dabok.scr"
"c:\windows\ekuwidiwak.bin"
"c:\windows\exukowepe.bin"
"c:\windows\hasaly.com"
"c:\windows\hovi.pif"
"c:\windows\ijyzek.bin"
"c:\windows\jycekoma.dat"
"c:\windows\olunohok.com"
"c:\windows\owizaq.pif"
"c:\windows\pufy.com"
"c:\windows\qisamofob.pif"
"c:\windows\siwonyhabi.dat"
"c:\windows\system32\dibimywij.bin"
"c:\windows\system32\elujypozu.dat"
"c:\windows\system32\ineqaw.dat"
"c:\windows\system32\radelamoko.exe"
"c:\windows\system32\tyragukage.pif"
"c:\windows\system32\ywaxosa.sys"
"c:\windows\system32\zipupimor.com"
"c:\windows\ufajame.com"
"c:\windows\ufeworumit.com"
"c:\windows\usany.bin"
"c:\windows\uxufaka.dat"
"c:\windows\weqymuqen.bin"
"c:\windows\worex.pif"
"c:\windows\ykuv.dat"
"c:\windows\ykyqa.dll"
"c:\windows\zowyn.pif"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\AntivirusPro_2010
c:\antiviruspro_2010\AntivirusPro_2010.lnk
c:\antiviruspro_2010\Uninstall.lnk
c:\documents and settings\All Users\Application Data\agufy.dll
c:\documents and settings\All Users\Application Data\cibuqive.pif
c:\documents and settings\All Users\Application Data\dami.sys
c:\documents and settings\All Users\Application Data\ekatupitos.bin
c:\documents and settings\All Users\Application Data\gavo.scr
c:\documents and settings\All Users\Application Data\ilohaduzi.sys
c:\documents and settings\All Users\Application Data\ityhequ.sys
c:\documents and settings\All Users\Application Data\revo.dll
c:\documents and settings\All Users\Application Data\tugeq.dat
c:\documents and settings\All Users\Application Data\ufyb.pif
c:\documents and settings\All Users\Application Data\unobeqipow.pif
c:\documents and settings\All Users\Application Data\xumedu.dll
c:\documents and settings\All Users\Application Data\yqer.exe
c:\documents and settings\All Users\Documents\gebysa.inf
c:\documents and settings\All Users\Documents\raxowu.bin
c:\documents and settings\All Users\Documents\vacoribufi.vbs
c:\documents and settings\Dimiter\Application Data\isorolep.bin
c:\documents and settings\Dimiter\Application Data\sypyjyc.exe
c:\documents and settings\Dimiter\Local Settings\Application Data\bokibelen.pif
c:\documents and settings\Dimiter\Local Settings\Application Data\ivokazuqo.com
c:\documents and settings\Dimiter\Local Settings\Application Data\ozogo.com
c:\documents and settings\LocalService\Application Data\bypufys.dll
c:\documents and settings\LocalService\Application Data\ivabesahot.dll
c:\documents and settings\LocalService\Application Data\lizkavd.exe
c:\documents and settings\LocalService\Application Data\picyvylif.pif
c:\documents and settings\LocalService\Application Data\seres.exe
c:\documents and settings\LocalService\Application Data\svcst.exe
c:\documents and settings\LocalService\Application Data\tugu.sys
c:\documents and settings\LocalService\Application Data\tymucyj.bin
c:\documents and settings\LocalService\Local Settings\Application Data\acamisif.scr
c:\documents and settings\LocalService\Local Settings\Application Data\ilezu.pif
c:\documents and settings\LocalService\Local Settings\Application Data\ilyvegitid.pif
c:\documents and settings\LocalService\Local Settings\Application Data\suva.exe
c:\documents and settings\LocalService\Local Settings\Application Data\ulotyqi.pif
c:\documents and settings\LocalService\Local Settings\Application Data\uvupiqij.dat
c:\documents and settings\LocalService\Local Settings\Application Data\zepi.scr
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\irirupud.dll
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\uhixyqa.exe
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\yxixoredob.db
c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\zeqotok.dll
c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\program files\Common Files\ahomezese.ban
c:\program files\Common Files\ajaj.dll
c:\program files\Common Files\atusuqoh.exe
c:\program files\Common Files\cesisekiqi.db
c:\program files\Common Files\dyweqyg._dl
c:\program files\Common Files\elymotowyn.dat
c:\program files\Common Files\emabyz.bin
c:\program files\Common Files\etevy._dl
c:\program files\Common Files\ewiwijo._sy
c:\program files\Common Files\hynofoqemy.db
c:\program files\Common Files\joqihoxo.dat
c:\program files\Common Files\lyme.exe
c:\program files\Common Files\radixahu._dl
c:\program files\Common Files\suzepuda.db
c:\program files\Common Files\vogyqi.sys
c:\program files\Common Files\wejejasol.scr
c:\program files\Common Files\xuzukatozu.dll
c:\program files\Common Files\ykyxik._sy
c:\windows\akaxaka.sys
c:\windows\apovysyd.dat
c:\windows\bydusazyz.sys
c:\windows\dabok.scr
c:\windows\ekuwidiwak.bin
c:\windows\exukowepe.bin
c:\windows\hasaly.com
c:\windows\hovi.pif
c:\windows\ijyzek.bin
c:\windows\jycekoma.dat
c:\windows\olunohok.com
c:\windows\owizaq.pif
c:\windows\pufy.com
c:\windows\qisamofob.pif
c:\windows\siwonyhabi.dat
c:\windows\system32\dibimywij.bin
c:\windows\system32\elujypozu.dat
c:\windows\system32\ineqaw.dat
c:\windows\system32\italatoqa.ban
c:\windows\system32\radelamoko.exe
c:\windows\system32\tyragukage.pif
c:\windows\system32\ywaxosa.sys
c:\windows\system32\zipupimor.com
c:\windows\ufajame.com
c:\windows\ufeworumit.com
c:\windows\usany.bin
c:\windows\uxufaka.dat
c:\windows\weqymuqen.bin
c:\windows\worex.pif
c:\windows\ykuv.dat
c:\windows\ykyqa.dll
c:\windows\zowyn.pif

Infected copy of c:\windows\system32\drivers\ntfs.sys was found and disinfected
Restored copy from - c:\system volume information\_restore{9EA9BD1A-1088-41D7-9599-0BA5E3F81245}\RP444\A0110938.SYS

.
--------------- FMove ---------------

c:\agp440.sys --> c:\windows\system32\drivers\agp440.sys
.
((((((((((((((((((((((((( Files Created from 2009-09-19 to 2009-10-19 )))))))))))))))))))))))))))))))
.

2009-10-18 20:44 . 2009-10-18 20:44 -------- d-----w- C:\_OTL
2009-10-18 12:20 . 2009-10-18 12:19 291328 ----a-w- C:\sz5ru2vx.exe
2009-10-17 18:55 . 2009-10-17 18:55 -------- d-----w- c:\windows\system32\Adobe
2009-10-15 16:26 . 2009-10-15 16:26 -------- d-----w- c:\windows\ERUNT
2009-10-15 14:58 . 2009-10-15 14:58 -------- d-----w- c:\program files\ERUNT
2009-10-15 12:09 . 2009-10-15 12:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Sibelius Software
2009-10-15 12:09 . 2009-10-15 12:09 -------- d-----w- c:\documents and settings\Dimiter\Application Data\Sibelius Software
2009-10-15 11:46 . 2009-10-15 11:46 -------- d-----w- c:\documents and settings\Dimiter\Local Settings\Application Data\Sibelius_Software_Ltd
2009-10-13 23:29 . 2009-10-13 23:29 -------- d-----w- c:\program files\Sibelius Software
2009-10-13 22:16 . 2009-10-13 22:16 -------- d-----w- c:\program files\EarMaster School 5
2009-10-13 22:16 . 2009-10-13 22:16 -------- d-----w- c:\documents and settings\All Users\Application Data\EarMaster
2009-10-13 21:58 . 2009-10-13 21:58 -------- d-----w- c:\program files\Trend Micro
2009-10-10 19:31 . 2009-10-17 18:05 -------- d-----w- C:\Movies
2009-10-08 14:22 . 2009-10-08 14:22 -------- d-----w- c:\documents and settings\Dimiter\Application Data\CyberLink
2009-10-08 14:19 . 2009-10-08 14:19 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-10-08 14:18 . 2001-03-08 15:30 24064 ------w- c:\windows\system32\msxml3a.dll
2009-10-08 14:17 . 2009-10-08 16:06 -------- d-----w- c:\program files\CyberLink
2009-10-08 14:11 . 2009-10-08 14:42 -------- d-----w- c:\program files\The KMPlayer
2009-10-08 13:27 . 2009-10-08 13:40 -------- d-----w- C:\WINXPCD
2009-10-08 13:08 . 2009-10-08 13:08 -------- d-----w- c:\documents and settings\Dimiter\Local Settings\Application Data\ratDVD
2009-10-08 12:56 . 2009-10-08 13:07 -------- d-----w- c:\program files\ratDVD
2009-10-08 12:06 . 2009-10-08 12:06 -------- d-----w- c:\documents and settings\Dimiter\Local Settings\Application Data\eSupport.com
2009-10-08 10:32 . 2009-10-08 14:18 -------- d-----w- C:\WinSetupFromUSB
2009-10-07 18:18 . 2009-10-07 18:18 17334 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\fazoc.dat
2009-10-07 13:27 . 2009-10-07 13:27 -------- d-----w- c:\program files\MozBackup
2009-10-06 20:45 . 2009-10-06 20:46 -------- d-----w- c:\program files\BackRex Expert Backup
2009-10-05 19:26 . 2009-10-05 19:26 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\d3drpc32
2009-10-03 16:06 . 2009-10-03 16:07 -------- d-----w- c:\program files\CPU Thermometer
2009-09-29 16:40 . 2009-09-29 16:40 120448 ----a-w- c:\documents and settings\Dimiter\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-09-29 09:15 . 2009-09-29 19:00 -------- d-----w- c:\documents and settings\Dimiter\Application Data\Thinstall

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-19 09:52 . 2007-09-08 16:33 -------- d-----w- c:\program files\eMule
2009-10-19 08:15 . 2008-10-27 18:03 -------- d-----w- c:\documents and settings\Dimiter\Application Data\uTorrent
2009-10-18 11:46 . 2008-07-11 21:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Soulseek
2009-10-17 19:13 . 2007-09-07 09:17 -------- d-----w- c:\documents and settings\Dimiter\Application Data\Skype
2009-10-17 18:29 . 2008-02-21 17:00 -------- d-----w- c:\documents and settings\Dimiter\Application Data\skypePM
2009-10-15 12:42 . 2009-09-01 19:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-15 12:09 . 2009-10-15 12:09 604 ---ha-w- c:\program files\STLL Notifier
2009-10-14 11:01 . 2007-08-31 07:31 31768 -c--a-w- c:\documents and settings\Dimiter\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-08 16:06 . 2007-08-31 07:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-03 16:07 . 2009-06-23 21:50 -------- d-----w- c:\documents and settings\All Users\Application Data\HDD Thermometer
2009-09-19 10:06 . 2009-04-09 22:04 -------- d-----w- c:\program files\Directmedia
2009-09-19 08:49 . 2007-11-06 02:29 -------- d-----w- c:\program files\ESET
2009-09-19 08:47 . 2009-01-11 18:08 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-12 15:21 . 2009-09-06 14:51 -------- d-----w- c:\program files\Spyware Doctor
2009-09-10 11:54 . 2009-09-01 19:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 11:53 . 2009-09-01 19:06 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-06 16:30 . 2009-09-06 16:26 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-09-06 16:26 . 2009-09-06 14:51 -------- d-----w- c:\program files\Common Files\PC Tools
2009-09-06 15:12 . 2009-09-06 15:12 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-09-06 15:12 . 2009-09-06 15:12 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-09-05 16:28 . 2009-09-05 16:28 -------- d-----w- c:\program files\MouSing
2009-09-02 22:55 . 2007-10-29 00:31 -------- d-----w- c:\documents and settings\Dimiter\Application Data\foobar2000
2009-09-01 19:06 . 2009-09-01 19:06 -------- d-----w- c:\documents and settings\Dimiter\Application Data\Malwarebytes
2009-09-01 19:06 . 2009-09-01 19:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-01 17:09 . 2008-05-15 09:22 -------- d-----w- c:\program files\WinClamAVShield
2009-09-01 17:04 . 2009-09-01 17:04 -------- d-----w- c:\documents and settings\Dimiter\Application Data\VSRevoGroup
2009-09-01 15:28 . 2009-05-14 15:19 -------- d-----w- c:\program files\Wise Disk Cleaner
2009-09-01 12:40 . 2009-09-01 12:40 -------- d-----w- c:\program files\AutoDWG
2009-08-17 11:17 . 2009-08-17 11:17 19602 ----a-w- c:\documents and settings\All Users\Application Data\bawuk.com
2009-08-17 11:17 . 2009-08-17 11:17 17940 ----a-w- c:\program files\Common Files\gysykam.dl
2009-08-17 11:17 . 2009-08-17 11:17 14546 ----a-w- c:\documents and settings\LocalService\Application Data\ynanivo.bin
2009-08-17 11:17 . 2009-08-17 11:17 14275 ----a-w- c:\documents and settings\LocalService\Application Data\iholizexof.scr
2009-08-17 11:17 . 2009-08-17 11:17 11873 ----a-w- c:\documents and settings\All Users\Application Data\uvapu.com
2009-08-17 11:17 . 2009-08-17 11:17 11745 ----a-w- c:\program files\Common Files\emoze.exe
2009-08-17 11:17 . 2009-08-17 11:17 11580 ----a-w- c:\documents and settings\LocalService\Application Data\xifyneg.dat
2009-08-17 11:17 . 2009-08-17 11:17 11370 ----a-w- c:\windows\system32\utecodi.dat
2009-08-17 08:44 . 2009-08-17 08:44 14599 ----a-w- c:\windows\system32\nijabysa.com
2009-08-14 19:44 . 2009-08-14 19:44 16731 ----a-w- c:\windows\system32\vipevuqy.sys
2009-06-04 10:01 . 2007-09-02 19:07 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-06-04 10:01 . 2007-09-02 19:07 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-06-04 10:01 . 2007-09-02 19:07 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-06-04 10:01 . 2007-09-02 19:07 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2009-06-04 10:01 . 2007-09-02 19:07 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-10-18_21.09.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2001-07-14 14:32 . 2001-07-14 14:32 69632 c:\windows\setupupd\temp\wsdueng.dll
+ 2007-11-06 19:15 . 2007-04-05 13:39 574976 c:\windows\system32\drivers\ntfs.sys
+ 2009-10-19 08:19 . 2009-10-19 08:19 761856 c:\windows\ERDNT\AutoBackup\19.10.2009 г\Users\00000002\UsrClass.dat
+ 2009-10-19 08:19 . 2005-10-20 09:02 163328 c:\windows\ERDNT\AutoBackup\19.10.2009 г\ERDNT.EXE
+ 2009-10-19 08:19 . 2009-10-19 08:19 12824576 c:\windows\ERDNT\AutoBackup\19.10.2009 г\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ACU"="c:\program files\Atheros\ACU.exe" [2006-03-25 335961]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-11-14 16270848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]
"IE7-10"="advpack.dll" - c:\windows\system32\advpack.dll [2007-07-22 124928]

c:\documents and settings\Dimiter\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Belkin\Bluetooth Software\BTTray.exe [2006-6-7 553021]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"= 1 (0x1)
"Btn_Tools"= 2 (0x2)
"Btn_Home"= 2 (0x2)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=myokent.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Dimiter^Start Menu^Programs^Startup^FlexWord 2.0.lnk]
path=c:\documents and settings\Dimiter\Start Menu\Programs\Startup\FlexWord 2.0.lnk
backup=c:\windows\pss\FlexWord 2.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"Symantec AntiVirus"=2 (0x2)
"SavRoam"=3 (0x3)
"matlabserver"=2 (0x2)
"ERSvc"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"DefWatch"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"bepldr"=3 (0x3)
"DiskSuiteService"=2 (0x2)
"Diskeeper"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Documents and Settings\\Dimiter\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Soulseek-Test\\slsk.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Sibelius Software\\Sibelius 6\\RegTool.exe"=
"c:\\Program Files\\Sibelius Software\\Sibelius 6\\Sibelius.exe"=
"c:\\Downloads\\utorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26000:TCP"= 26000:TCP:BitComet 26000 TCP
"26000:UDP"= 26000:UDP:BitComet 26000 UDP
"49153:TCP"= 49153:TCP:BitComet 49153 TCP
"49153:UDP"= 49153:UDP:BitComet 49153 UDP
"17150:TCP"= 17150:TCP:BitComet 17150 TCP
"17150:UDP"= 17150:UDP:BitComet 17150 UDP
"12086:TCP"= 12086:TCP:BitComet 12086 TCP
"12086:UDP"= 12086:UDP:BitComet 12086 UDP

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.8.2009 г. 21:42 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.8.2009 г. 21:42 94360]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [28.5.2008 г. 12:33 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28.5.2008 г. 12:33 55024]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 г. 15:47 731840]
S3 PAC7311;PLEOMAX PWC-2000;c:\windows\system32\drivers\PA707UCM.SYS [08.9.2007 г. 19:04 150272]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28.5.2008 г. 12:33 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [06.9.2009 г. 19:25 348752]
S4 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe [22.8.2007 г. 17:19 151552]
S4 SavRoam;SAVRoam;"c:\program files\Symantec AntiVirus\SavRoam.exe" --> c:\program files\Symantec AntiVirus\SavRoam.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2009-10-19 c:\windows\Tasks\User_Feed_Synchronization-{8A29E077-EB93-4313-B150-D4541E9396A1}.job
- c:\windows\system32\msfeedssync.exe [2007-11-06 17:36]

2009-05-17 c:\windows\Tasks\Wise Disk Cleaner 4.job
- c:\program files\Wise Disk Cleaner\WiseDiskCleaner.exe [2009-05-14 10:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.15\AMVConverter\grab.html
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.15\MediaManager\grab.html
IE: Send to &Bluetooth Device... - c:\program files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
TCP: {B99DE346-F25F-4BA1-A51A-7E9C6F42D0F9} = 78.90.87.1,89.190.192.162
DPF: {3BB4FE3B-7A37-11D3-A41E-0060080C03B3} - hxxp://vblu.uni-bocconi.it/vblu/NWWClientFull.cab
FF - ProfilePath - c:\documents and settings\Dimiter\Application Data\Mozilla\Firefox\Profiles\f8ovkvmn.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, false);.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-19 20:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5281C2-E540-B626-03CF-1A0574F11851}\MiscStatus]
@Denied: (2) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\myokent.dll

- - - - - - - > 'lsass.exe'(852)
c:\windows\system32\myokent.dll

- - - - - - - > 'explorer.exe'(2264)
c:\windows\system32\myokent.dll
c:\program files\Common Files\Ahead\lib\NeroDigitalExt.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\xpsp3res.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\acs.exe
c:\program files\Belkin\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\PAStiSvc.exe
c:\combofix\CF8080.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\windows\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2009-10-19 20:47 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-19 17:47
ComboFix2.txt 2009-10-19 09:34
ComboFix3.txt 2009-10-18 21:13

Pre-Run: 4 849 823 744 bytes free
Post-Run: 4 813 029 376 bytes free

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 5B67937A70D4D3F478E8DFD6FD694A06
  • 0

#12
kahdah
Posted 19 October 2009 - 07:10 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Looks a lot better.
Please uninstall one of the 2 antivirus programs that you have.
Avast or Eset (NOD) before proceeding.
If 2 are not installed and it is just leftovers in the system that is fine then you can disregard trying to uninstall and just let me know if it is not present in the system.

================
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :Files
c:\documents and settings\All Users\Application Data\bawuk.com
c:\program files\Common Files\gysykam.dl
c:\documents and settings\LocalService\Application Data\ynanivo.bin
c:\documents and settings\LocalService\Application Data\iholizexof.scr
c:\documents and settings\All Users\Application Data\uvapu.com
c:\programfiles\Common Files\emoze.exe
c:\documents and settings\LocalService\Application Data\xifyneg.dat
c:\windows\system32\utecodi.dat
c:\windows\system32\nijabysa.com
c:\windows\system32\vipevuqy.sys

:Commands
[emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
================================Malwarebytes' Anti-Malware=================================
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
==================================
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#13
Mitiu
Posted 21 October 2009 - 10:54 AM

Mitiu

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I couldn't get Kaspersky to work, guess my connection is too slow.
Here are the Malware and OTL logs:

Malwarebytes' Anti-Malware 1.41
Database version: 3005
Windows 5.1.2600 Service Pack 2

21.10.2009 г. 19:46:49
mbam-log-2009-10-21 (19-46-49).txt

Scan type: Quick Scan
Objects scanned: 123045
Time elapsed: 6 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



All processes killed
========== FILES ==========
c:\documents and settings\All Users\Application Data\bawuk.com moved successfully.
c:\program files\Common Files\gysykam.dl moved successfully.
c:\documents and settings\LocalService\Application Data\ynanivo.bin moved successfully.
c:\documents and settings\LocalService\Application Data\iholizexof.scr moved successfully.
c:\documents and settings\All Users\Application Data\uvapu.com moved successfully.
File\Folder c:\programfiles\Common Files\emoze.exe not found.
c:\documents and settings\LocalService\Application Data\xifyneg.dat moved successfully.
c:\windows\system32\utecodi.dat moved successfully.
c:\windows\system32\nijabysa.com moved successfully.
c:\windows\system32\vipevuqy.sys moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: All Users.WINDOWS1

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User.WINDOWS1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Dimiter
File delete failed. C:\Documents and Settings\Dimiter\Local Settings\Temp\Acr225E.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Dimiter\Local Settings\Temp\Acr2260.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Dimiter\Local Settings\Temp\Acr52.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Dimiter\Local Settings\Temp\Perflib_Perfdata_8d8.dat scheduled to be deleted on reboot.
->Temp folder emptied: 2065723 bytes
File delete failed. C:\Documents and Settings\Dimiter\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 124904000 bytes
->Java cache emptied: 605024 bytes
->FireFox cache emptied: 15438357 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 136,39 mb


OTL by OldTimer - Version 3.0.21.0 log created on 10202009_044932

Files\Folders moved on Reboot...
C:\Documents and Settings\Dimiter\Local Settings\Temp\Acr225E.tmp moved successfully.
C:\Documents and Settings\Dimiter\Local Settings\Temp\Acr2260.tmp moved successfully.
C:\Documents and Settings\Dimiter\Local Settings\Temp\Acr52.tmp moved successfully.
File\Folder C:\Documents and Settings\Dimiter\Local Settings\Temp\Perflib_Perfdata_8d8.dat not found!

Registry entries deleted on Reboot...
  • 0

#14
kahdah
Posted 21 October 2009 - 12:02 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Ok try this one instead please:
* Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP