Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need help: Unidentified Trojan - maybe vundo.h variant? [Solved]

Started by mechanima , Mar 06 2010 09:46 PM

  • This topic is locked This topic is locked

#1
mechanima
Posted 06 March 2010 - 09:46 PM

mechanima

    Member

  • Member
  • PipPip
  • 32 posts
I'm not sure what this is. Malwarebytes showed Vundo.H earlier but seems to have cleared it (strange in itself).

In accord with instructions Malware and Spyware Cleaning Guide here is gmer log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-07 03:26:43
Windows 5.1.2600 Service Pack 1
Running: gmer.exe; Driver: C:\DOCUME~1\User\LOCALS~1\Temp\pgporfow.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\System32\Drivers\DP.sys ZwCreateFile [0xF98AE370]
SSDT \??\C:\WINDOWS\System32\Drivers\DP.sys ZwOpenFile [0xF98AE2B0]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs srntflt.sys (Xpoint UPTIME! Filter Driver/Xpoint Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat srntflt.sys (Xpoint UPTIME! Filter Driver/Xpoint Technologies, Inc.)

---- Processes - GMER 1.0.15 ----

Process C:\WINDOWS\System32\nlkfev7pzcfjnsxch.exe (*** hidden *** ) 532
Library C:\WINDOWS\System32\nlkfev7pzcfjnsxch.exe (*** hidden *** ) @ C:\WINDOWS\System32\nlkfev7pzcfjnsxch.exe [532] 0x00400000

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\System32\nlkfev7pzcfjnsxch.exe (*** hidden *** ) [AUTO] Time <-- ROOTKIT !!!
Service C:\WINDOWS\System32\timedrv26.sys (*** hidden *** ) [MANUAL] WTime <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\Time (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\Time@ Service
Reg HKLM\SYSTEM\ControlSet002\Control\SafeBoot\Network\Time (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Control\SafeBoot\Network\Time@ Service
Reg HKLM\SYSTEM\ControlSet002\Services\Time (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\Time@Type 272
Reg HKLM\SYSTEM\ControlSet002\Services\Time@Start 2
Reg HKLM\SYSTEM\ControlSet002\Services\Time@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\Time@ImagePath C:\WINDOWS\System32\nlkfev7pzcfjnsxch.exe
Reg HKLM\SYSTEM\ControlSet002\Services\Time@DisplayName Time Service
Reg HKLM\SYSTEM\ControlSet002\Services\Time@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\Services\Time@Description Maintains date and time synchronization on all clients and servers in the network.
Reg HKLM\SYSTEM\ControlSet002\Services\Time\Security (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\Time\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\ControlSet002\Services\WTime (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\WTime@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\WTime@ImagePath \??\C:\WINDOWS\System32\timedrv26.sys
Reg HKLM\SYSTEM\ControlSet002\Services\WTime@Start 3
Reg HKLM\SYSTEM\ControlSet002\Services\WTime@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Time
Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Time@ Service
Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Time
Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Time@ Service
Reg HKLM\SYSTEM\CurrentControlSet\Services\Time
Reg HKLM\SYSTEM\CurrentControlSet\Services\Time@Type 272
Reg HKLM\SYSTEM\CurrentControlSet\Services\Time@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\Time@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Time@ImagePath C:\WINDOWS\System32\nlkfev7pzcfjnsxch.exe
Reg HKLM\SYSTEM\CurrentControlSet\Services\Time@DisplayName Time Service
Reg HKLM\SYSTEM\CurrentControlSet\Services\Time@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\Time@Description Maintains date and time synchronization on all clients and servers in the network.
Reg HKLM\SYSTEM\CurrentControlSet\Services\Time\Security
Reg HKLM\SYSTEM\CurrentControlSet\Services\Time\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\WTime
Reg HKLM\SYSTEM\CurrentControlSet\Services\WTime@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\WTime@ImagePath \??\C:\WINDOWS\System32\timedrv26.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\WTime@Start 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\WTime@Type 1

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\mlsdf8haknquydin.exe 96800 bytes
File C:\WINDOWS\system32\mlsdf8hbeil.exe 87040 bytes executable
File C:\WINDOWS\system32\mlsdf8hdowaeimrwc.exe 96800 bytes
File C:\WINDOWS\system32\mlsdf8hrceimq.exe 96800 bytes
File C:\WINDOWS\system32\mlsdf8hxbgikmo.exe 96800 bytes
File C:\WINDOWS\system32\mlsdf8hxflps.exe 87040 bytes executable
File C:\WINDOWS\system32\mlsdf8hyhkoswafkq.exe 96800 bytes
File C:\WINDOWS\system32\nlkfev7dmqtxbg.exe 96800 bytes
File C:\WINDOWS\system32\nlkfev7lvzcgkpt.exe 96800 bytes
File C:\WINDOWS\system32\nlkfev7otzcgkpuze.exe 87040 bytes executable
File C:\WINDOWS\system32\nlkfev7pwzdhl.exe 87040 bytes executable
File C:\WINDOWS\system32\nlkfev7pzcfjnsxch.exe 96800 bytes <-- ROOTKIT !!!
File C:\WINDOWS\system32\nlkfev7pzcgkosxci.exe 96800 bytes
File C:\WINDOWS\system32\nlkfev7uxaeimqva.exe 87040 bytes executable
File C:\WINDOWS\system32\nlkfev7weil.exe 96800 bytes
File C:\WINDOWS\system32\sklrr7ygqtx.exe 96800 bytes
File C:\WINDOWS\system32\sklrr7yilor.exe 87040 bytes executable
File C:\WINDOWS\system32\sklrr7yilos.exe 87040 bytes executable
File C:\WINDOWS\system32\sklrr7yiosvzdim.exe 87040 bytes executable
File C:\WINDOWS\system32\sklrr7yknqtx.exe 87040 bytes executable
File C:\WINDOWS\system32\sklrr7yluxbfjnsxd.exe 96800 bytes
File C:\WINDOWS\system32\sklrr7yzcfjnrvaf.exe 87040 bytes executable
File C:\WINDOWS\system32\timedrv26.sys 4352 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\system32\dior4f4dmptxbfkp.exe 96800 bytes
File C:\WINDOWS\system32\dior4f4filpsxbg.exe 87040 bytes executable
File C:\WINDOWS\system32\dior4f4gknqu.exe 87040 bytes executable
File C:\WINDOWS\system32\dior4f4gqtxafjo.exe 96800 bytes
File C:\WINDOWS\system32\dior4f4szgjn.exe 96800 bytes
File C:\WINDOWS\system32\cjnr4r4gnqu.exe 87040 bytes executable
File C:\WINDOWS\system32\cjnr4r4isae.exe 96800 bytes
File C:\WINDOWS\system32\cjnr4r4nrsuwyad.exe 87040 bytes executable
File C:\WINDOWS\system32\cjnr4r4qtwaeimrwb.exe 87040 bytes executable
File C:\WINDOWS\system32\cjnr4r4twzd.exe 87040 bytes executable
File C:\WINDOWS\system32\cjnr4r4vfnruzd.exe 96800 bytes
File C:\WINDOWS\system32\cjnr4r4wdhkosx.exe 87040 bytes executable
File C:\WINDOWS\Temp\sklrr7y253238.exe 87552 bytes executable
File C:\WINDOWS\Temp\cjnr4r43728920.exe 87552 bytes executable
File C:\WINDOWS\Temp\dior4f4172096.exe 87552 bytes executable
File C:\Documents and Settings\michelle\Local Settings\Temp\nlkfev78105707.exe 87552 bytes executable

---- EOF - GMER 1.0.15 ----


@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Malwarebytes log:

Malwarebytes' Anti-Malware 1.44
Database version: 3830
Windows 5.1.2600 Service Pack 1
Internet Explorer 6.0.2800.1106

3/7/2010 3:33:54 AM
mbam-log-2010-03-07 (03-33-54).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 143170
Time elapsed: 26 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\timedrv26.sys (Backdoor.HacDef) -> Quarantined and deleted successfully.



@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

OTL custom scan log:

OTL logfile created on: 3/7/2010 3:33:43 AM - Run 1
OTL by OldTimer - Version 3.1.34.0 Folder = F:\virus tools
Windows XP Professional Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

247.00 Mb Total Physical Memory | 70.00 Mb Available Physical Memory | 28.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 28.42 Gb Total Space | 23.14 Gb Free Space | 81.43% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 963.73 Mb Total Space | 540.28 Mb Free Space | 56.06% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: IBM-D0360C6B369
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/07 01:55:26 | 000,553,984 | ---- | M] (OldTimer Tools) -- F:\virus tools\OTL.exe
PRC - [2010/01/07 16:07:10 | 001,394,000 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2006/08/21 17:20:55 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\win32bootcfg.exe
PRC - [2006/08/21 14:41:04 | 000,032,768 | ---- | M] (04399289e8uwhru243y5r78f73yh3t7y3) -- C:\nwnmff_12.exe
PRC - [2006/08/21 14:41:01 | 000,098,304 | ---- | M] (*&&*#&$*#RU*#Y&*#YR&Y#&RY#R) -- C:\kybrdff_12.exe
PRC - [2006/08/19 11:28:36 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\SIX.exe
PRC - [2006/03/16 21:04:15 | 000,075,264 | -H-- | M] () -- C:\WINDOWS\system32\zgtfxcob.exe
PRC - [2006/03/11 10:59:07 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\MDN.exe
PRC - [2006/02/24 06:44:28 | 000,189,952 | RHS- | M] () -- C:\WINDOWS\sqlmanagement.exe
PRC - [2006/02/18 03:46:46 | 000,039,936 | ---- | M] () -- C:\WINDOWS\win32host.exe
PRC - [2006/02/07 08:11:34 | 000,023,040 | ---- | M] () -- C:\WINDOWS\update\updmgr.exe
PRC - [2006/02/07 03:48:19 | 000,091,484 | RHS- | M] () -- C:\WINDOWS\system32\vcshost.exe
PRC - [2003/04/25 16:59:00 | 000,098,304 | ---- | M] () -- C:\Program Files\Xpoint\agent\Xpagent.exe
PRC - [2003/04/25 16:58:06 | 000,831,551 | ---- | M] (Xpoint Technologies) -- C:\Program Files\Xpoint\EEClient\Xpclient.exe
PRC - [2003/04/25 16:56:48 | 000,028,672 | ---- | M] () -- C:\Program Files\Xpoint\xpadmin\xpadmin.exe
PRC - [2003/04/16 00:17:16 | 000,167,936 | ---- | M] () -- C:\Program Files\Xpoint\PE\Skin\RRPCSB.EXE
PRC - [2003/04/15 17:52:46 | 002,702,336 | ---- | M] () -- C:\Program Files\Xpoint\PE\PCRecSA.exe
PRC - [2003/04/11 16:43:00 | 000,020,549 | ---- | M] () -- C:\Program Files\Xpoint\SAS\JRE\bin\javaw.exe
PRC - [2003/04/10 03:03:10 | 000,532,480 | ---- | M] (IBM) -- C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
PRC - [2002/09/21 00:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2002/08/29 11:41:24 | 001,004,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/08/29 11:41:24 | 000,196,096 | RHS- | M] () -- C:\WINDOWS\system32\msnmsgsm.exe
PRC - [2002/08/29 11:41:24 | 000,144,896 | RHS- | M] () -- C:\WINDOWS\system32\ddoSygate.exe
PRC - [2001/08/18 10:00:00 | 000,375,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe


========== Modules (SafeList) ==========

MOD - [2010/03/07 01:55:26 | 000,553,984 | ---- | M] (OldTimer Tools) -- F:\virus tools\OTL.exe
MOD - [2002/08/29 11:41:32 | 000,921,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (sdktemp)
SRV - [2006/08/19 11:28:36 | 000,159,744 | ---- | M] () [Disabled | Running] -- C:\WINDOWS\System32\SIX.exe -- (Six.update.net)
SRV - [2006/03/12 18:44:54 | 000,009,609 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\wgareg.exe -- (wgareg)
SRV - [2006/03/11 10:59:07 | 000,159,744 | ---- | M] () [Disabled | Running] -- C:\WINDOWS\System32\MDN.exe -- (MDM.update.net)
SRV - [2006/03/05 23:09:40 | 000,053,760 | RHS- | M] () [Disabled | Stopped] -- C:\WINDOWS\mnsmsgr.exe -- (€?
)
SRV - [2006/02/24 06:44:28 | 000,189,952 | RHS- | M] () [Auto | Running] -- C:\WINDOWS\sqlmanagement.exe -- (sqlmanagement)
SRV - [2006/02/18 03:46:46 | 000,039,936 | ---- | M] () [Auto | Running] -- C:\WINDOWS\win32host.exe -- (Win32Kernel)
SRV - [2006/02/07 08:11:34 | 000,023,040 | ---- | M] () [Auto | Running] -- C:\WINDOWS\update\updmgr.exe -- (UpdateManager)
SRV - [2005/07/06 10:14:12 | 000,471,040 | ---- | M] (Lexmark International, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxcecoms.exe -- (lxce_device)
SRV - [2005/04/05 19:17:22 | 000,206,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2003/04/25 17:01:34 | 000,040,960 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Xpoint\PE\pcradmin.exe -- (PCRadminServer)
SRV - [2003/04/25 16:59:00 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Xpoint\agent\Xpagent.exe -- (xpAgentServer)
SRV - [2003/04/25 16:56:48 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Program Files\Xpoint\xpadmin\xpadmin.exe -- (XPadminServer)
SRV - [2003/03/03 21:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2002/09/21 00:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
SRV - [2002/08/12 02:17:04 | 000,026,624 | R--- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\Psasrv.exe -- (PsaSrv)
SRV - [2001/08/18 10:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (WTime)
DRV - [2010/01/07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2006/03/05 01:12:09 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\rdriv.sys -- (rdriv)
DRV - [2006/02/18 08:55:45 | 000,012,288 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DP.sys -- (DP1112)
DRV - [2005/05/14 08:37:42 | 000,260,608 | R--- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WlanUZXP.sys -- (SG760_XP)
DRV - [2005/04/05 19:17:02 | 000,267,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2005/04/05 19:17:00 | 000,017,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2003/04/14 22:31:34 | 000,006,272 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2003/04/11 16:43:18 | 000,084,224 | ---- | M] (Xpoint Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\srntflt.sys -- (SRFilter)
DRV - [2002/08/29 07:16:30 | 000,891,711 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2002/06/29 02:21:40 | 000,017,251 | ---- | M] (Primax Electronics Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PELMOUSE.SYS -- (pelmouse)
DRV - [2002/04/12 21:49:40 | 000,029,329 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PELPS2M.SYS -- (pelps2m)
DRV - [2001/09/13 15:58:02 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PMEMNT.SYS -- (PMEM)
DRV - [2001/08/17 22:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 22:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 22:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 22:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 22:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 21:58:02 | 000,027,648 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2001/08/17 21:58:02 | 000,026,112 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2001/08/17 21:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 21:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 21:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 21:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 21:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 21:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 21:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 21:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 21:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 21:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 20:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)
DRV - [1999/09/10 11:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aspi32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.fin...siteyouneed.com

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2010/01/23 15:30:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/02/16 00:30:10 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2006/06/20 00:09:18 | 000,039,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npclntax.dll
[2006/02/16 00:47:45 | 002,078,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

O1 HOSTS File: ([2010/01/23 15:22:08 | 000,000,000 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx ()
O3 - HKLM\..\Toolbar: (ToolBar888) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll File not found
O3 - HKLM\..\Toolbar: (Zango Toolbar) - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll File not found
O4 - HKLM..\Run: [defender] C:\dfndrff_12.exe File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [keyboard] C:\\kybrdff_12.exe ()
O4 - HKLM..\Run: [LXCECATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.DLL ()
O4 - HKLM..\Run: [MDM] C:\WINDOWS\System32\MDN.exe ()
O4 - HKLM..\Run: [Microsoft ® Windows Update Manager] C:\WINDOWS\update\updmgr.exe ()
O4 - HKLM..\Run: [Microsoft Windows Update 32] File not found
O4 - HKLM..\Run: [MSN messanger] C:\WINDOWS\System32\msnmsgsm.exe ()
O4 - HKLM..\Run: [newname] C:\\nwnmff_12.exe ()
O4 - HKLM..\Run: [Rapid Restore] C:\Program Files\Xpoint\PE\Skin\RRPCSB.EXE ()
O4 - HKLM..\Run: [Real0ne] C:\WINDOWS\system32\boys.exe ()
O4 - HKLM..\Run: [REGEDIT] C:\Program Files\My App\zlip.exe File not found
O4 - HKLM..\Run: [SIX] C:\WINDOWS\System32\SIX.exe ()
O4 - HKLM..\Run: [Sygatedsa Personal Firewall] C:\WINDOWS\System32\ddoSygate.exe ()
O4 - HKLM..\Run: [VCS Host] C:\WINDOWS\System32\vcshost.exe ()
O4 - HKLM..\Run: [Windows Core Kernel Update] C:\WINDOWS\system32\win32bootcfg.exe ()
O4 - HKLM..\Run: [Winsock2 wqr1s] C:\WINDOWS\System32\zgtfxcob.exe ()
O4 - HKCU..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe (IBM)
O4 - HKCU..\Run: [MDM] C:\WINDOWS\System32\MDN.exe ()
O4 - HKCU..\Run: [Microsoft Windows Update 32] File not found
O4 - HKCU..\Run: [SIX] C:\WINDOWS\System32\SIX.exe ()
O4 - HKCU..\Run: [Sygatedsa Personal Firewall] C:\WINDOWS\System32\ddoSygate.exe ()
O4 - HKCU..\Run: [VCS Host] C:\WINDOWS\System32\vcshost.exe ()
O4 - HKLM..\RunOnce: [MDM] C:\WINDOWS\System32\MDN.exe ()
O4 - HKLM..\RunOnce: [SIX] C:\WINDOWS\System32\SIX.exe ()
O4 - HKCU..\RunOnce: [MDM] C:\WINDOWS\System32\MDN.exe ()
O4 - HKCU..\RunOnce: [SIX] C:\WINDOWS\System32\SIX.exe ()
O4 - HKCU..\RunOnce: [Winsock2 wqr1s] C:\WINDOWS\System32\zgtfxcob.exe ()
O4 - HKLM..\RunOnceEx: [RRPC-nls] File not found
O4 - HKLM..\RunServices: [MDM] C:\WINDOWS\System32\MDN.exe ()
O4 - HKLM..\RunServices: [MSN messanger] C:\WINDOWS\System32\msnmsgsm.exe ()
O4 - HKLM..\RunServices: [SIX] C:\WINDOWS\System32\SIX.exe ()
O4 - HKLM..\RunServices: [Sygatedsa Personal Firewall] C:\WINDOWS\System32\ddoSygate.exe ()
O4 - HKLM..\RunServices: [System Update] File not found
O4 - HKLM..\RunServices: [tutcdchk2] C:\WINDOWS\System32\tutcdchk2.exe File not found
O4 - HKLM..\RunServices: [updwebmin] C:\WINDOWS\System32\updwebmin.exe File not found
O4 - HKLM..\RunServices: [VCS Host] C:\WINDOWS\System32\vcshost.exe ()
O4 - HKCU..\RunServices: [System Update] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 8
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1139340454234 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1156174650718 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.137.1
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\Control Panel: DllName - C:\WINDOWS\system32\guard.tmp - C:\WINDOWS\System32\guard.tmp File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/07 02:07:08 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/07/30 19:01:18 | 000,001,723 | ---- | M] () - F:\autocadaddremovefix.zip -- [ FAT ]
O32 - AutoRun File - [2008/04/01 20:55:24 | 000,000,000 | ---D | M] - F:\autocadaddremovefix -- [ FAT ]
O32 - AutoRun File - [2010/03/06 00:22:14 | 000,000,209 | ---- | M] () - F:\Autorun.ini -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (stera) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2003/02/19 21:16:04 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 30 Days ==========

[2010/03/07 02:56:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/07 02:55:34 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/03/07 02:10:48 | 000,057,344 | ---- | C] (Registry Fix) -- C:\Documents and Settings\User\Desktop\RegistryFix.exe
[2010/03/07 02:08:51 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/03/06 23:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Malwarebytes
[2010/03/06 23:21:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/06 23:21:37 | 000,018,520 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/06 23:21:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/06 23:21:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/03/06 23:17:35 | 000,260,608 | R--- | C] (ZyDAS Technology Corporation) -- C:\WINDOWS\System32\drivers\WlanUZXP.sys
[2006/03/10 02:51:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2006/03/10 02:51:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2006/03/05 23:16:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help
[2006/03/05 23:16:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Help
[2003/02/19 21:34:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2003/02/19 21:34:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2003/02/19 21:19:10 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2003/02/19 21:19:10 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

========== Files - Modified Within 30 Days ==========

[2010/03/07 03:34:23 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\oaaudlhk.sys
[2010/03/07 02:55:34 | 000,000,622 | ---- | M] () -- C:\Documents and Settings\User\Desktop\NTREGOPT.lnk
[2010/03/07 02:55:34 | 000,000,603 | ---- | M] () -- C:\Documents and Settings\User\Desktop\ERUNT.lnk
[2010/03/07 02:54:47 | 000,002,730 | ---- | M] () -- C:\WINDOWS\System32\xt34mxxx
[2010/03/07 02:54:47 | 000,000,104 | ---- | M] () -- C:\WINDOWS\IBMVPD.INI
[2010/03/07 02:54:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\keyboard1.dat
[2010/03/07 02:53:30 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/07 02:53:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/07 02:53:20 | 259,051,520 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/07 02:52:53 | 000,786,432 | -H-- | M] () -- C:\Documents and Settings\User\NTUSER.DAT
[2010/03/07 02:52:53 | 000,000,180 | -HS- | M] () -- C:\Documents and Settings\User\ntuser.ini
[2010/03/07 02:11:17 | 004,298,590 | -H-- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\IconCache.db
[2010/03/07 02:10:50 | 000,057,344 | ---- | M] (Registry Fix) -- C:\Documents and Settings\User\Desktop\RegistryFix.exe
[2010/03/07 02:09:44 | 000,000,396 | RHS- | M] () -- C:\Documents and Settings\User\ntuser.pol
[2010/03/07 02:07:19 | 000,001,341 | ---- | M] () -- C:\Documents and Settings\User\Desktop\regtools.vbs
[2010/03/07 01:42:15 | 000,000,123 | ---- | M] () -- C:\WINDOWS\System32\987.reg
[2010/03/07 01:42:12 | 000,000,123 | ---- | M] () -- C:\WINDOWS\System32\376.reg
[2010/03/06 23:36:57 | 000,000,123 | ---- | M] () -- C:\WINDOWS\System32\535.reg
[2010/03/06 23:21:42 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/06 23:13:33 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

========== Files Created - No Company Name ==========

[2010/03/07 03:34:22 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\oaaudlhk.sys
[2010/03/07 02:55:34 | 000,000,622 | ---- | C] () -- C:\Documents and Settings\User\Desktop\NTREGOPT.lnk
[2010/03/07 02:55:34 | 000,000,603 | ---- | C] () -- C:\Documents and Settings\User\Desktop\ERUNT.lnk
[2010/03/07 02:09:44 | 000,000,396 | RHS- | C] () -- C:\Documents and Settings\User\ntuser.pol
[2010/03/07 02:07:33 | 000,001,341 | ---- | C] () -- C:\Documents and Settings\User\Desktop\regtools.vbs
[2010/03/07 02:03:35 | 259,051,520 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/07 01:42:15 | 000,000,123 | ---- | C] () -- C:\WINDOWS\System32\987.reg
[2010/03/07 01:42:12 | 000,000,123 | ---- | C] () -- C:\WINDOWS\System32\376.reg
[2010/03/06 23:36:57 | 000,000,123 | ---- | C] () -- C:\WINDOWS\System32\535.reg
[2010/03/06 23:21:42 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/23 15:30:55 | 000,000,164 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/01/23 15:27:13 | 000,235,721 | R-S- | C] () -- C:\WINDOWS\System32\fpr8039ue.dll
[2010/01/23 15:22:03 | 000,235,721 | R-S- | C] () -- C:\WINDOWS\System32\sye.dll
[2006/08/21 15:24:27 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\nmocod.dll
[2006/08/21 15:22:26 | 000,000,104 | ---- | C] () -- C:\WINDOWS\IBMVPD.INI
[2006/08/21 15:22:25 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\pmemw.dll
[2006/08/21 15:21:07 | 000,236,830 | R-S- | C] () -- C:\WINDOWS\System32\mv0ml9d11.dll
[2006/08/21 15:15:04 | 000,234,903 | R-S- | C] () -- C:\WINDOWS\System32\hI0q0cd5ef0.dll
[2006/08/21 15:11:30 | 000,233,526 | R-S- | C] () -- C:\WINDOWS\System32\sfi.dll
[2006/08/21 14:48:47 | 000,233,526 | R-S- | C] () -- C:\WINDOWS\System32\eV02ledo1h0c.dll
[2006/08/21 14:48:45 | 000,233,593 | R-S- | C] () -- C:\WINDOWS\System32\jt6007jme.dll
[2006/08/21 14:45:54 | 000,235,154 | R-S- | C] () -- C:\WINDOWS\System32\azaolc131f.dll
[2006/08/21 14:40:08 | 000,233,526 | R-S- | C] () -- C:\WINDOWS\System32\eucbbbc.dll
[2006/08/21 14:40:07 | 000,234,730 | R-S- | C] () -- C:\WINDOWS\System32\e402ledo1h0c.dll
[2006/08/20 11:42:34 | 000,233,526 | R-S- | C] () -- C:\WINDOWS\System32\l44qleh51h4.dll
[2006/08/19 00:06:57 | 000,233,526 | R-S- | C] () -- C:\WINDOWS\System32\azam0cf1ef2.dll
[2006/08/18 20:32:17 | 000,233,526 | R-S- | C] () -- C:\WINDOWS\System32\s2rslc971f.dll
[2006/08/18 14:12:40 | 000,233,539 | R-S- | C] () -- C:\WINDOWS\System32\lv4o09h3e.dll
[2006/08/18 12:47:50 | 000,233,526 | R-S- | C] () -- C:\WINDOWS\System32\azam09d1e.dll
[2006/08/18 12:44:42 | 000,234,428 | R-S- | C] () -- C:\WINDOWS\System32\l20u0cd9ef0.dll
[2006/08/18 12:44:38 | 000,235,118 | R-S- | C] () -- C:\WINDOWS\System32\irnml5511.dll
[2006/08/18 12:37:48 | 000,234,320 | R-S- | C] () -- C:\WINDOWS\System32\s4rs0e97eh.dll
[2006/08/18 12:37:43 | 000,233,526 | R-S- | C] () -- C:\WINDOWS\System32\n6r20g9oe6.dll
[2006/08/18 12:25:18 | 000,233,526 | R-S- | C] () -- C:\WINDOWS\System32\kbfcaww.dll
[2006/08/18 12:25:17 | 000,234,100 | R-S- | C] () -- C:\WINDOWS\System32\o4pq0e75eh.dll
[2006/08/18 12:25:12 | 000,233,526 | R-S- | C] () -- C:\WINDOWS\System32\ktl4l73q1.dll
[2006/08/18 12:20:15 | 000,234,663 | R-S- | C] () -- C:\WINDOWS\System32\ktlml7311.dll
[2006/08/18 12:20:12 | 000,233,526 | R-S- | C] () -- C:\WINDOWS\System32\fpnm0351e.dll
[2006/08/18 05:19:41 | 000,233,526 | R-S- | C] () -- C:\WINDOWS\System32\f22m0cf1ef2.dll
[2006/08/17 23:47:32 | 000,235,477 | R-S- | C] () -- C:\WINDOWS\System32\ennul1591.dll
[2006/08/17 23:47:32 | 000,233,526 | ---- | C] () -- C:\WINDOWS\System32\ukildll.dll
[2006/08/17 23:47:29 | 000,233,526 | ---- | C] () -- C:\WINDOWS\System32\unrsdpia.dll
[2006/08/17 23:47:28 | 000,233,635 | R-S- | C] () -- C:\WINDOWS\System32\lv0m09d1e.dll
[2006/08/17 23:44:37 | 000,233,526 | R-S- | C] () -- C:\WINDOWS\System32\mvi.dll
[2006/08/17 23:44:32 | 000,234,271 | R-S- | C] () -- C:\WINDOWS\System32\hr4s05h7e.dll
[2006/08/17 23:39:47 | 000,233,526 | R-S- | C] () -- C:\WINDOWS\System32\wbecedit.dll
[2006/08/17 23:31:13 | 000,234,464 | R-S- | C] () -- C:\WINDOWS\System32\o8lu0i39e8.dll
[2006/08/17 23:28:00 | 000,235,152 | R-S- | C] () -- C:\WINDOWS\System32\k626lgfs1626.dll
[2006/03/17 05:36:53 | 000,233,526 | R-S- | C] () -- C:\WINDOWS\System32\nL6qlgj516o.dll
[2006/03/17 05:22:47 | 000,234,074 | R-S- | C] () -- C:\WINDOWS\System32\l84q0ih5e84.dll
[2006/03/17 04:52:45 | 000,237,158 | R-S- | C] () -- C:\WINDOWS\System32\lzasrv.dll
[2006/03/17 04:52:44 | 000,233,877 | R-S- | C] () -- C:\WINDOWS\System32\mvn2l95o1.dll
[2006/03/17 00:05:42 | 000,235,739 | R-S- | C] () -- C:\WINDOWS\System32\g2220cfoef2c0.dll
[2006/03/16 20:06:32 | 000,235,446 | R-S- | C] () -- C:\WINDOWS\System32\aza2le5o1h.dll
[2006/03/16 09:53:10 | 000,234,888 | R-S- | C] () -- C:\WINDOWS\System32\m4nq0e55eh.dll
[2006/03/16 08:07:18 | 000,235,211 | R-S- | C] () -- C:\WINDOWS\System32\azaq01j5e.dll
[2006/03/16 05:15:55 | 000,234,334 | R-S- | C] () -- C:\WINDOWS\System32\cubcatq.dll
[2006/03/15 06:36:32 | 000,234,334 | R-S- | C] () -- C:\WINDOWS\System32\enj6l11s1.dll
[2006/03/15 04:49:39 | 000,234,334 | R-S- | C] () -- C:\WINDOWS\System32\aza2059oe.dll
[2006/03/15 02:08:12 | 000,235,899 | R-S- | C] () -- C:\WINDOWS\System32\ir6ql5j51.dll
[2006/03/15 01:58:04 | 000,234,880 | R-S- | C] () -- C:\WINDOWS\System32\l64q0gh5e64.dll
[2006/03/14 07:20:32 | 000,234,021 | R-S- | C] () -- C:\WINDOWS\System32\yVyyxwt.dll
[2006/03/11 09:23:57 | 000,036,527 | ---- | C] () -- C:\WINDOWS\System32\lovely.sys
[2006/03/11 09:23:57 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\msn.dll
[2006/03/11 09:23:57 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\knlps.sys
[2006/03/11 09:23:56 | 000,006,192 | ---- | C] () -- C:\WINDOWS\System32\aliases.ini
[2006/03/10 02:42:49 | 000,234,241 | R-S- | C] () -- C:\WINDOWS\System32\ktn0l75m1.dll
[2006/03/09 07:05:05 | 000,234,241 | R-S- | C] () -- C:\WINDOWS\System32\kvdindev.dll
[2006/03/09 02:57:11 | 000,235,533 | R-S- | C] () -- C:\WINDOWS\System32\mvnol9531.dll
[2006/03/09 00:17:08 | 000,235,533 | R-S- | C] () -- C:\WINDOWS\System32\p04ulah91d4.dll
[2006/03/09 00:07:27 | 000,235,469 | R-S- | C] () -- C:\WINDOWS\System32\hrrq0595e.dll
[2006/03/08 21:24:16 | 000,235,469 | R-S- | C] () -- C:\WINDOWS\System32\kxdycl.dll
[2006/03/08 06:00:46 | 000,235,469 | R-S- | C] () -- C:\WINDOWS\System32\c200lcdm1f0a.dll
[2006/03/08 00:51:49 | 000,234,249 | R-S- | C] () -- C:\WINDOWS\System32\jtjq0715e.dll
[2006/03/07 21:24:07 | 000,234,299 | R-S- | C] () -- C:\WINDOWS\System32\h0n00a5med.dll
[2006/03/07 06:17:08 | 000,237,054 | R-S- | C] () -- C:\WINDOWS\System32\dn8q01l5e.dll
[2006/03/07 05:49:47 | 000,234,124 | R-S- | C] () -- C:\WINDOWS\System32\o2nslc571f.dll
[2006/03/07 05:43:01 | 000,237,054 | R-S- | C] () -- C:\WINDOWS\System32\jcmd400.dll
[2006/03/07 05:43:01 | 000,237,054 | R-S- | C] () -- C:\WINDOWS\System32\hrn4055qe.dll
[2006/03/07 01:17:50 | 000,235,087 | R-S- | C] () -- C:\WINDOWS\System32\lvp0097me.dll
[2006/03/06 23:13:35 | 000,237,145 | R-S- | C] () -- C:\WINDOWS\System32\gp04l3dq1.dll
[2006/03/06 23:10:45 | 000,235,087 | R-S- | C] () -- C:\WINDOWS\System32\mh43dmod.dll
[2006/03/06 21:41:50 | 000,236,745 | R-S- | C] () -- C:\WINDOWS\System32\kt8ol7l31.dll
[2006/03/06 21:26:02 | 000,234,193 | R-S- | C] () -- C:\WINDOWS\System32\enr8l19u1.dll
[2006/03/06 19:43:41 | 000,236,745 | R-S- | C] () -- C:\WINDOWS\System32\kmdhu1.dll
[2006/03/06 19:02:18 | 000,235,087 | R-S- | C] () -- C:\WINDOWS\System32\q6860glse6q60.dll
[2006/03/06 03:44:30 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcevs.dll
[2006/03/06 03:38:19 | 000,235,087 | R-S- | C] () -- C:\WINDOWS\System32\r48slel71hq.dll
[2006/03/05 23:03:44 | 000,235,087 | R-S- | C] () -- C:\WINDOWS\System32\g4jole131h.dll
[2006/03/05 22:47:35 | 000,235,087 | R-S- | C] () -- C:\WINDOWS\System32\hrls0537e.dll
[2006/03/05 22:39:28 | 000,234,027 | R-S- | C] () -- C:\WINDOWS\System32\mvlol9331.dll
[2006/03/05 13:03:11 | 000,234,027 | R-S- | C] () -- C:\WINDOWS\System32\lxvely.dll
[2006/03/05 12:50:42 | 000,235,466 | R-S- | C] () -- C:\WINDOWS\System32\mvl4l93q1.dll
[2006/03/05 09:18:18 | 000,234,991 | R-S- | C] () -- C:\WINDOWS\System32\r46u0ej9eho.dll
[2006/03/05 09:02:14 | 000,234,584 | R-S- | C] () -- C:\WINDOWS\System32\lvlo0933e.dll
[2006/03/05 00:09:12 | 000,236,184 | R-S- | C] () -- C:\WINDOWS\System32\frdrclnr.dll
[2006/03/05 00:09:12 | 000,233,898 | R-S- | C] () -- C:\WINDOWS\System32\f00olad31d0.dll
[2006/03/04 23:56:05 | 000,236,184 | R-S- | C] () -- C:\WINDOWS\System32\lz8609lse.dll
[2006/03/04 23:41:28 | 000,236,184 | R-S- | C] () -- C:\WINDOWS\System32\mologmgr.dll
[2006/03/04 22:05:44 | 000,234,207 | R-S- | C] () -- C:\WINDOWS\System32\m8juli1918.dll
[2006/03/04 21:51:55 | 000,236,184 | R-S- | C] () -- C:\WINDOWS\System32\mfsip32.dll
[2006/03/04 21:27:28 | 000,234,022 | R-S- | C] () -- C:\WINDOWS\System32\dzcpmon.dll
[2006/03/04 20:13:37 | 000,236,115 | R-S- | C] () -- C:\WINDOWS\System32\bZtt.dll
[2006/03/04 19:28:43 | 000,236,324 | R-S- | C] () -- C:\WINDOWS\System32\lv0209doe.dll
[2006/03/04 19:25:19 | 000,233,913 | R-S- | C] () -- C:\WINDOWS\System32\i0lola331d.dll
[2006/03/04 19:23:40 | 000,234,108 | R-S- | C] () -- C:\WINDOWS\System32\l02slaf71d2.dll
[2006/03/04 19:20:38 | 000,236,115 | R-S- | C] () -- C:\WINDOWS\System32\snarddlg.dll
[2006/03/04 18:17:21 | 000,237,097 | R-S- | C] () -- C:\WINDOWS\System32\fpju0319e.dll
[2006/03/04 18:17:21 | 000,236,184 | ---- | C] () -- C:\WINDOWS\System32\dwdmo.dll
[2006/03/04 18:09:11 | 000,236,184 | R-S- | C] () -- C:\WINDOWS\System32\cgbcatex.dll
[2006/03/04 17:55:35 | 000,236,184 | ---- | C] () -- C:\WINDOWS\System32\esp0l17m1.dll
[2006/03/04 17:55:33 | 000,236,587 | R-S- | C] () -- C:\WINDOWS\System32\fp0403dqe.dll
[2006/03/04 17:44:04 | 000,234,264 | R-S- | C] () -- C:\WINDOWS\System32\f2l02c3mgf.dll
[2006/03/04 06:16:09 | 000,236,184 | R-S- | C] () -- C:\WINDOWS\System32\akctres.dll
[2006/03/04 04:02:14 | 000,233,912 | R-S- | C] () -- C:\WINDOWS\System32\mv2ol9f31.dll
[2006/03/04 04:00:20 | 000,233,904 | R-S- | C] () -- C:\WINDOWS\System32\g2jolc131f.dll
[2006/03/04 03:57:31 | 000,237,263 | R-S- | C] () -- C:\WINDOWS\System32\mvp0l97m1.dll
[2006/03/04 03:22:48 | 000,001,763 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/03/04 01:08:33 | 000,234,197 | R-S- | C] () -- C:\WINDOWS\System32\k0lqla351d.dll
[2006/03/03 23:06:04 | 000,236,184 | R-S- | C] () -- C:\WINDOWS\System32\hrr2059oe.dll
[2006/03/03 20:08:54 | 000,540,672 | -HS- | C] () -- C:\WINDOWS\System32\libprm.dll
[2006/03/02 22:44:59 | 000,233,521 | R-S- | C] () -- C:\WINDOWS\System32\mvl2l93o1.dll
[2006/03/02 22:30:06 | 000,233,497 | R-S- | C] () -- C:\WINDOWS\System32\rzfsaps.dll
[2006/03/02 22:30:06 | 000,233,497 | R-S- | C] () -- C:\WINDOWS\System32\j0n20a5oed.dll
[2006/03/02 21:40:32 | 000,233,497 | R-S- | C] () -- C:\WINDOWS\System32\kqdsl1.dll
[2006/03/02 21:40:31 | 000,237,291 | R-S- | C] () -- C:\WINDOWS\System32\p46slej71ho.dll
[2006/03/02 09:00:57 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\rdriv.sys
[2006/03/02 08:36:26 | 000,237,291 | R-S- | C] () -- C:\WINDOWS\System32\o866lijs18o6.dll
[2006/03/02 06:50:30 | 000,237,291 | R-S- | C] () -- C:\WINDOWS\System32\k0pm0a71ed.dll
[2006/03/01 07:07:54 | 000,237,291 | R-S- | C] () -- C:\WINDOWS\System32\pzflbmsg.dll
[2006/03/01 07:03:48 | 000,237,291 | R-S- | C] () -- C:\WINDOWS\System32\dlcpmon.dll
[2006/02/28 21:03:24 | 000,236,115 | R-S- | C] () -- C:\WINDOWS\System32\ir06l5ds1.dll
[2006/02/27 22:05:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/02/27 21:33:40 | 000,233,872 | R-S- | C] () -- C:\WINDOWS\System32\i842liho184c.dll
[2006/02/26 06:01:00 | 000,236,115 | R-S- | C] () -- C:\WINDOWS\System32\ggjql3151.dll
[2006/02/26 06:00:44 | 000,236,115 | R-S- | C] () -- C:\WINDOWS\System32\fR2mlef11h2.dll
[2006/02/26 05:24:16 | 000,237,043 | R-S- | C] () -- C:\WINDOWS\System32\n82u0if9e82.dll
[2006/02/25 22:11:25 | 000,236,115 | R-S- | C] () -- C:\WINDOWS\System32\uxrfaxa.dll
[2006/02/25 22:11:23 | 000,236,753 | R-S- | C] () -- C:\WINDOWS\System32\l8l60i3se8.dll
[2006/02/25 18:50:41 | 000,236,115 | R-S- | C] () -- C:\WINDOWS\System32\hr2q05f5e.dll
[2006/02/25 18:45:42 | 000,234,094 | R-S- | C] () -- C:\WINDOWS\System32\r2r6lc9s1f.dll
[2006/02/24 06:42:19 | 000,236,115 | R-S- | C] () -- C:\WINDOWS\System32\veoy.dll
[2006/02/24 05:40:04 | 000,236,115 | R-S- | C] () -- C:\WINDOWS\System32\wbpcore.dll
[2006/02/24 05:40:03 | 000,236,020 | R-S- | C] () -- C:\WINDOWS\System32\o0ro0a93ed.dll
[2006/02/23 22:37:14 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\lovely.dll
[2006/02/23 22:37:14 | 000,003,162 | ---- | C] () -- C:\WINDOWS\System32\mirc.ini
[2006/02/23 22:37:14 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\remote.ini
[2006/02/23 22:08:23 | 000,236,020 | R-S- | C] () -- C:\WINDOWS\System32\emcdec.dll
[2006/02/23 20:29:41 | 000,236,115 | R-S- | C] () -- C:\WINDOWS\System32\wussvc.dll
[2006/02/23 19:29:59 | 000,001,167 | ---- | C] () -- C:\WINDOWS\System32\tvm1eb79.sys
[2006/02/23 19:29:56 | 000,061,952 | ---- | C] () -- C:\WINDOWS\System32\tvm1eb79.dll
[2006/02/23 19:29:35 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\w001c02e.dll
[2006/02/22 02:05:57 | 000,236,020 | R-S- | C] () -- C:\WINDOWS\System32\lv2809fue.dll
[2006/02/22 00:52:13 | 000,236,709 | R-S- | C] () -- C:\WINDOWS\System32\lv8609lse.dll
[2006/02/22 00:48:27 | 000,236,898 | R-S- | C] () -- C:\WINDOWS\System32\r8p80i7ue8.dll
[2006/02/22 00:30:28 | 000,237,227 | R-S- | C] () -- C:\WINDOWS\System32\kt02l7do1.dll
[2006/02/22 00:24:23 | 000,233,932 | R-S- | C] () -- C:\WINDOWS\System32\mv6ol9j31.dll
[2006/02/22 00:19:18 | 000,236,053 | R-S- | C] () -- C:\WINDOWS\System32\fpl0033me.dll
[2006/02/22 00:13:59 | 000,236,020 | R-S- | C] () -- C:\WINDOWS\System32\uzerenv.dll
[2006/02/22 00:11:00 | 000,236,020 | R-S- | C] () -- C:\WINDOWS\System32\mCg_hook.dll
[2006/02/21 21:04:55 | 000,064,472 | ---- | C] () -- C:\WINDOWS\System32\lzx32.sys
[2006/02/21 20:50:28 | 000,019,840 | ---- | C] () -- C:\WINDOWS\System32\ntio256.sys
[2006/02/21 20:47:55 | 000,003,066 | ---- | C] () -- C:\Program Files\secure32.html
[2006/02/21 20:47:53 | 001,426,193 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\Install.dat
[2006/02/21 20:21:24 | 000,236,020 | R-S- | C] () -- C:\WINDOWS\System32\f42mlef11h2.dll
[2006/02/21 20:09:49 | 000,236,020 | R-S- | C] () -- C:\WINDOWS\System32\dDdrm.dll
[2006/02/21 19:55:29 | 000,236,020 | ---- | C] () -- C:\WINDOWS\System32\asmfd.dll
[2006/02/21 19:55:25 | 000,236,581 | R-S- | C] () -- C:\WINDOWS\System32\dn6q01j5e.dll
[2006/02/21 19:45:19 | 000,236,522 | R-S- | C] () -- C:\WINDOWS\System32\h20q0cd5ef0.dll
[2006/02/21 19:37:53 | 000,234,004 | R-S- | C] () -- C:\WINDOWS\System32\gpjql3151.dll
[2006/02/21 19:23:30 | 000,236,131 | R-S- | C] () -- C:\WINDOWS\System32\dnjm0111e.dll
[2006/02/21 19:19:20 | 000,234,202 | R-S- | C] () -- C:\WINDOWS\System32\l80ulid9180.dll
[2006/02/21 05:53:28 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\hqghumea.dll
[2006/02/21 05:48:21 | 000,236,468 | R-S- | C] () -- C:\WINDOWS\System32\k8440ihqe84e0.dll
[2006/02/21 05:44:12 | 000,236,622 | R-S- | C] () -- C:\WINDOWS\System32\i2060cdsef060.dll
[2006/02/21 05:22:32 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\qghumeay.dll
[2006/02/21 05:21:27 | 000,236,974 | R-S- | C] () -- C:\WINDOWS\System32\q4nu0e59eh.dll
[2006/02/21 05:03:56 | 000,236,992 | R-S- | C] () -- C:\WINDOWS\System32\s2pu0c79ef.dll
[2006/02/21 05:00:22 | 000,236,069 | R-S- | C] () -- C:\WINDOWS\System32\lv4009hme.dll
[2006/02/21 04:29:19 | 000,236,020 | R-S- | C] () -- C:\WINDOWS\System32\fp6203joe.dll
[2006/02/21 00:09:07 | 000,234,178 | R-S- | C] () -- C:\WINDOWS\System32\dn0q01d5e.dll
[2006/02/20 19:43:52 | 000,236,020 | R-S- | C] () -- C:\WINDOWS\System32\o248lchu1f48.dll
[2006/02/20 04:01:13 | 000,234,614 | R-S- | C] () -- C:\WINDOWS\System32\k026lafs1d26.dll
[2006/02/19 09:09:08 | 000,236,991 | R-S- | C] () -- C:\WINDOWS\System32\gp2ol3f31.dll
[2006/02/19 09:01:10 | 000,233,473 | R-S- | C] () -- C:\WINDOWS\System32\h60q0gd5e60.dll
[2006/02/19 07:26:56 | 000,233,473 | R-S- | C] () -- C:\WINDOWS\System32\tgpmon.dll
[2006/02/18 08:54:27 | 000,235,085 | R-S- | C] () -- C:\WINDOWS\System32\pwh.dll
[2006/02/18 06:26:01 | 000,237,011 | R-S- | C] () -- C:\WINDOWS\System32\hrn6055se.dll
[2006/02/17 05:53:38 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\DP.sys
[2006/02/17 05:51:30 | 000,234,272 | ---- | C] () -- C:\WINDOWS\System32\ddband.dll
[2006/02/17 05:50:39 | 000,235,085 | R-S- | C] () -- C:\WINDOWS\System32\azpmgr.dll
[2006/02/15 05:09:57 | 000,235,259 | R-S- | C] () -- C:\WINDOWS\System32\ktl2l73o1.dll
[2006/02/15 05:08:01 | 000,235,925 | R-S- | C] () -- C:\WINDOWS\System32\gp0ul3d91.dll
[2006/02/14 23:36:20 | 000,235,257 | R-S- | C] () -- C:\WINDOWS\System32\irl2l53o1.dll
[2006/02/13 08:57:07 | 000,237,071 | R-S- | C] () -- C:\WINDOWS\System32\fpn6035se.dll
[2006/02/13 03:29:55 | 000,237,071 | R-S- | C] () -- C:\WINDOWS\System32\dimrtp.dll
[2006/02/13 00:46:41 | 000,233,699 | R-S- | C] () -- C:\WINDOWS\System32\fp0u03d9e.dll
[2006/02/13 00:30:46 | 000,233,733 | R-S- | C] () -- C:\WINDOWS\System32\s0pu0a79ed.dll
[2006/02/12 20:30:58 | 000,237,071 | R-S- | C] () -- C:\WINDOWS\System32\h2j4lc1q1f.dll
[2006/02/12 06:15:10 | 000,234,272 | ---- | C] () -- C:\WINDOWS\System32\mxc42u.dll
[2006/02/12 06:14:12 | 000,237,071 | R-S- | C] () -- C:\WINDOWS\System32\ior8l59u1.dll
[2006/02/12 06:14:11 | 000,235,895 | R-S- | C] () -- C:\WINDOWS\System32\k6js0g17e6.dll
[2006/02/12 01:47:20 | 000,234,272 | ---- | C] () -- C:\WINDOWS\System32\nutevent.dll
[2006/02/12 00:34:12 | 000,235,895 | R-S- | C] () -- C:\WINDOWS\System32\mhlogmgr.dll
[2006/02/12 00:21:56 | 000,235,895 | R-S- | C] () -- C:\WINDOWS\System32\nelanman.dll
[2006/02/11 19:17:15 | 000,235,895 | R-S- | C] () -- C:\WINDOWS\System32\j4n2le5o1h.dll
[2006/02/11 08:25:58 | 000,234,072 | R-S- | C] () -- C:\WINDOWS\System32\mv46l9hs1.dll
[2006/02/11 08:19:17 | 000,235,895 | R-S- | C] () -- C:\WINDOWS\System32\uyat.dll
[2006/02/11 07:53:40 | 000,095,744 | -HS- | C] () -- C:\WINDOWS\System32\wsync32.dll
[2006/02/11 07:52:37 | 000,236,558 | R-S- | C] () -- C:\WINDOWS\System32\fp6603jse.dll
[2006/02/11 06:04:51 | 000,233,712 | R-S- | C] () -- C:\WINDOWS\System32\enp0l17m1.dll
[2006/02/10 09:26:33 | 000,236,648 | R-S- | C] () -- C:\WINDOWS\System32\hrp6057se.dll
[2006/02/10 08:04:59 | 000,234,198 | R-S- | C] () -- C:\WINDOWS\System32\l00ulad91d0.dll
[2006/02/10 08:03:05 | 000,235,068 | R-S- | C] () -- C:\WINDOWS\System32\fplo0333e.dll
[2006/02/09 07:45:06 | 000,098,324 | ---- | C] () -- C:\WINDOWS\System32\mpefjgcn.dll
[2006/02/09 04:52:14 | 000,235,102 | R-S- | C] () -- C:\WINDOWS\System32\hr2u05f9e.dll
[2006/02/09 03:08:42 | 000,235,102 | R-S- | C] () -- C:\WINDOWS\System32\csmctl32.dll
[2006/02/09 02:05:25 | 000,236,872 | R-S- | C] () -- C:\WINDOWS\System32\q0psla771d.dll
[2006/02/08 23:34:53 | 000,236,668 | R-S- | C] () -- C:\WINDOWS\System32\n66qlgj516o.dll
[2006/02/08 21:45:11 | 000,236,188 | ---- | C] () -- C:\WINDOWS\System32\f02mlaf11d2.dll
[2006/02/08 21:38:31 | 000,237,009 | R-S- | C] () -- C:\WINDOWS\System32\en4ul1h91.dll
[2006/02/08 21:36:05 | 000,235,123 | R-S- | C] () -- C:\WINDOWS\System32\irr8l59u1.dll
[2006/02/08 21:36:05 | 000,235,068 | R-S- | C] () -- C:\WINDOWS\System32\kpdth3.dll
[2006/02/08 07:45:24 | 000,235,068 | R-S- | C] () -- C:\WINDOWS\System32\ic41_qcx.dll
[2006/02/08 06:39:48 | 000,235,123 | R-S- | C] () -- C:\WINDOWS\System32\mypmsp.dll
[2006/02/07 19:48:27 | 000,235,123 | R-S- | C] () -- C:\WINDOWS\System32\p04u0ah9ed4.dll
[2006/02/07 06:10:36 | 000,235,068 | R-S- | C] () -- C:\WINDOWS\System32\okedlg.dll
[2006/02/07 06:07:18 | 000,235,068 | R-S- | C] () -- C:\WINDOWS\System32\d8j00i1me8.dll
[2006/02/07 05:35:42 | 000,235,600 | R-S- | C] () -- C:\WINDOWS\System32\k2lq0c35ef.dll
[2006/02/07 04:26:37 | 000,234,272 | R-S- | C] () -- C:\WINDOWS\System32\mvpql9751.dll
[2006/02/07 03:58:32 | 000,235,413 | R-S- | C] () -- C:\WINDOWS\System32\en4ml1h11.dll
[2006/02/07 03:53:59 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\utalaek.dll
[2006/01/08 21:30:06 | 000,000,044 | ---- | C] () -- C:\WINDOWS\SMWizard.INI
[2006/01/08 21:11:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/01/07 01:51:29 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/01/07 01:50:20 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\PCDrSystemInformation.dll
[2006/01/07 01:50:16 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2006/01/07 01:50:16 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2006/01/07 01:44:36 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Welcome.ini
[2006/01/07 01:38:37 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2006/01/07 01:35:10 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2006/01/07 01:31:12 | 000,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/02/19 21:39:14 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/11/15 10:14:26 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\AIBMRUNL.dll
[1980/01/01 08:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[1980/01/01 08:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2006/03/05 23:34:01 | 000,028,160 | ---- | M] () -- C:\1x.exe
[2006/02/23 19:29:30 | 000,002,560 | ---- | M] () -- C:\ac3_0010.exe
[2006/02/15 01:36:38 | 001,175,664 | ---- | M] (instyler installation software) -- C:\beti.exe
[2006/02/21 21:04:55 | 000,070,144 | ---- | M] () -- C:\bhowvt.exe
[2006/03/09 00:30:14 | 000,956,300 | ---- | M] () -- C:\c0p.exe
[2006/03/10 22:09:14 | 000,146,944 | ---- | M] () -- C:\cf.exe
[2006/03/08 00:34:33 | 000,020,062 | ---- | M] () -- C:\cold.exe
[2006/03/10 06:49:42 | 000,004,948 | ---- | M] (.) -- C:\ddi.exe
[2006/03/14 20:18:03 | 000,251,262 | ---- | M] () -- C:\deskbar.exe
[2006/02/13 23:39:23 | 000,081,920 | ---- | M] (DJWK JWBND HWBDH BWHDB HWHD H) -- C:\dfndrac_6.exe
[2006/02/10 04:10:30 | 000,081,920 | ---- | M] (DJWK JWBND HWBDH BWHDB HWHD H) -- C:\dfndrad_5.exe
[2006/02/15 19:42:17 | 000,081,920 | ---- | M] (DJWK JWBND HWBDH BWHDB HWHD H) -- C:\dfndrdd_6.exe
[2006/02/18 03:30:49 | 000,073,728 | ---- | M] (::::::::::::::::::::::::::::::::::::::::::::) -- C:\dfndred_7.exe
[2006/02/20 20:04:17 | 000,077,824 | ---- | M] (/|/\?\?\/|?\?) -- C:\dfndref_7.exe
[2006/02/07 03:48:58 | 000,081,920 | ---- | M] (DJWK JWBND HWBDH BWHDB HWHD H) -- C:\dfndre_5.exe
[2006/03/16 19:56:21 | 000,073,728 | ---- | M] (3u38742897r8yuruy4u3yru743433r) -- C:\dfndrff_11.exe
[2006/08/18 16:05:46 | 000,073,728 | ---- | M] (3u38742897r8yuruy4u3yru743433r) -- C:\dfndrff_11a.exe
[2006/02/28 21:04:12 | 000,077,824 | ---- | M] ((*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)) -- C:\dfndrff_7.exe
[2006/03/06 19:03:12 | 000,077,824 | ---- | M] (&@#*&#*#&@#*&@#*@&#*@&#*) -- C:\dfndrff_8.exe
[2006/03/10 20:53:48 | 000,073,728 | ---- | M] (..../...../..../..../..../..//......./////....) -- C:\dfndrff_9.exe
[2006/02/25 08:44:50 | 000,077,824 | ---- | M] (&%&%&%&%%&%&%%&%) -- C:\dfndrfg_7.exe
[2006/03/05 21:57:40 | 000,077,824 | ---- | M] (#^&$#^&$^&$^783647364763647367) -- C:\dfndrfg_8.exe
[2006/03/13 21:11:53 | 000,073,728 | ---- | M] ((%)(%)(%)(%)(%)(%)(%)(%)(%)(%)) -- C:\dfndrfh_10.exe
[2006/02/16 00:46:54 | 000,004,948 | ---- | M] (.) -- C:\do.exe
[2006/02/26 06:00:38 | 000,004,948 | ---- | M] (.) -- C:\dodi.exe
[2006/06/22 08:25:34 | 000,016,384 | ---- | M] (.) -- C:\dotdr.exe
[2006/02/09 07:35:40 | 000,006,144 | ---- | M] () -- C:\dr.exe
[2006/02/20 04:01:21 | 000,016,157 | ---- | M] () -- C:\drmy.exe
[2006/08/21 17:21:00 | 000,069,632 | ---- | M] (32489238eue7r734yr7634yr763t65535) -- C:\drsmartload.exe
[2006/08/21 14:59:23 | 000,069,632 | ---- | M] (32489238eue7r734yr7634yr763t65535) -- C:\drsmartload1.exe
[2006/02/11 06:07:10 | 000,020,480 | ---- | M] (eww hduew yr78 y784) -- C:\drsmartload45a1.exe
[2006/03/14 20:32:54 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload45a100.exe
[2006/03/15 05:23:24 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload45a1001.exe
[2006/02/12 01:47:30 | 000,020,480 | ---- | M] (eww hduew yr78 y784) -- C:\drsmartload45a2.exe
[2006/03/16 19:56:38 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload45a2002.exe
[2006/08/18 16:10:13 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload45a2002a.exe
[2006/02/13 00:31:39 | 000,020,480 | ---- | M] (eww hduew yr78 y784) -- C:\drsmartload45a3.exe
[2006/08/21 14:41:10 | 000,020,480 | ---- | M] (ewq48u328u747823yu) -- C:\drsmartload45a3333a.exe
[2006/02/13 23:39:40 | 000,020,480 | ---- | M] (.) -- C:\drsmartload45a4.exe
[2006/02/14 23:45:30 | 000,020,480 | ---- | M] (.) -- C:\drsmartload45a5.exe
[2006/02/15 00:31:50 | 000,020,480 | ---- | M] (.) -- C:\drsmartload45a6.exe
[2006/02/17 01:06:55 | 000,020,480 | ---- | M] (.) -- C:\drsmartload45a7.exe
[2006/02/17 05:51:33 | 000,020,480 | ---- | M] (.) -- C:\drsmartload45a7a.exe
[2006/02/18 03:30:53 | 000,020,480 | ---- | M] (.) -- C:\drsmartload45a7c.exe
[2006/02/19 02:38:34 | 000,020,480 | ---- | M] (.) -- C:\drsmartload45a7d.exe
[2006/02/20 04:01:44 | 000,020,480 | ---- | M] (.) -- C:\drsmartload45a7e.exe
[2006/02/20 19:44:44 | 000,020,480 | ---- | M] (.) -- C:\drsmartload45a7f.exe
[2006/02/21 19:20:48 | 000,020,480 | ---- | M] (.) -- C:\drsmartload45a7g.exe
[2006/02/22 03:14:49 | 000,020,480 | ---- | M] (.) -- C:\drsmartload45a7h.exe
[2006/02/23 19:28:25 | 000,020,480 | ---- | M] (.) -- C:\drsmartload45a7i.exe
[2006/03/03 20:08:34 | 000,020,480 | ---- | M] (.) -- C:\drsmartload45a8a.exe
[2006/03/05 21:57:43 | 000,020,480 | ---- | M] (.) -- C:\drsmartload45a8b.exe
[2006/03/07 21:24:31 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload45a8b5.exe
[2006/03/10 02:44:07 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload45a8b9.exe
[2006/03/10 20:53:58 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload45a8b9abc.exe
[2006/03/14 01:14:47 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload45a99.exe
[2006/08/19 11:21:43 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload45a999.exe
[2006/08/20 11:44:04 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload45a9999.exe
[2006/02/07 03:51:07 | 000,020,480 | ---- | M] (eww hduew yr78 y784) -- C:\drsmartload45y.exe
[2006/02/08 00:12:18 | 000,020,480 | ---- | M] (eww hduew yr78 y784) -- C:\drsmartload45z.exe
[2006/02/11 06:07:13 | 000,020,480 | ---- | M] (eww hduew yr78 y784) -- C:\drsmartload46a1.exe
[2006/03/14 20:32:57 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload46a100.exe
[2006/03/15 05:23:30 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload46a1001.exe
[2006/02/12 01:47:32 | 000,020,480 | ---- | M] (eww hduew yr78 y784) -- C:\drsmartload46a2.exe
[2006/03/16 19:56:44 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload46a2002.exe
[2006/08/18 16:10:27 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload46a2002a.exe
[2006/02/13 00:31:41 | 000,020,480 | ---- | M] (eww hduew yr78 y784) -- C:\drsmartload46a3.exe
[2006/08/21 14:41:11 | 000,020,480 | ---- | M] (ewq48u328u747823yu) -- C:\drsmartload46a3333a.exe
[2006/02/13 23:39:43 | 000,020,480 | ---- | M] (.) -- C:\drsmartload46a4.exe
[2006/02/14 23:45:32 | 000,020,480 | ---- | M] (.) -- C:\drsmartload46a5.exe
[2006/02/15 00:31:51 | 000,020,480 | ---- | M] (.) -- C:\drsmartload46a6.exe
[2006/02/17 01:07:00 | 000,020,480 | ---- | M] (.) -- C:\drsmartload46a7.exe
[2006/02/17 05:51:39 | 000,020,480 | ---- | M] (.) -- C:\drsmartload46a7a.exe
[2006/02/18 03:30:54 | 000,020,480 | ---- | M] (.) -- C:\drsmartload46a7c.exe
[2006/02/19 02:38:37 | 000,020,480 | ---- | M] (.) -- C:\drsmartload46a7d.exe
[2006/02/20 04:01:59 | 000,020,480 | ---- | M] (.) -- C:\drsmartload46a7e.exe
[2006/02/20 19:44:46 | 000,020,480 | ---- | M] (.) -- C:\drsmartload46a7f.exe
[2006/02/21 19:20:58 | 000,020,480 | ---- | M] (.) -- C:\drsmartload46a7g.exe
[2006/02/22 03:14:52 | 000,020,480 | ---- | M] (.) -- C:\drsmartload46a7h.exe
[2006/02/23 19:28:26 | 000,020,480 | ---- | M] (.) -- C:\drsmartload46a7i.exe
[2006/03/03 20:08:39 | 000,020,480 | ---- | M] (.) -- C:\drsmartload46a8a.exe
[2006/03/05 21:57:45 | 000,020,480 | ---- | M] (.) -- C:\drsmartload46a8b.exe
[2006/03/07 21:24:34 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload46a8b5.exe
[2006/03/10 02:44:13 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload46a8b9.exe
[2006/03/10 20:53:59 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload46a8b9abc.exe
[2006/03/14 01:14:49 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload46a99.exe
[2006/08/19 11:21:44 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload46a999.exe
[2006/08/20 11:44:02 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload46a9999.exe
[2006/02/07 03:51:17 | 000,020,480 | ---- | M] (eww hduew yr78 y784) -- C:\drsmartload46y.exe
[2006/02/08 00:12:21 | 000,020,480 | ---- | M] (eww hduew yr78 y784) -- C:\drsmartload46z.exe
[2006/02/07 03:49:20 | 000,020,480 | ---- | M] (eww hduew yr78 y784) -- C:\drsmartload849a.exe
[2006/02/11 06:07:14 | 000,020,480 | ---- | M] (eww hduew yr78 y784) -- C:\drsmartload849a1.exe
[2006/03/14 20:33:01 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload849a100.exe
[2006/03/15 05:23:35 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload849a1001.exe
[2006/02/12 01:47:34 | 000,020,480 | ---- | M] (eww hduew yr78 y784) -- C:\drsmartload849a2.exe
[2006/03/16 19:57:18 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload849a2002.exe
[2006/08/18 16:12:02 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload849a2002a.exe
[2006/02/13 00:31:46 | 000,020,480 | ---- | M] (eww hduew yr78 y784) -- C:\drsmartload849a3.exe
[2006/08/21 14:43:30 | 000,020,480 | ---- | M] (ewq48u328u747823yu) -- C:\drsmartload849a3333a.exe
[2006/02/13 23:39:45 | 000,020,480 | ---- | M] (eww hduew yr78 y784) -- C:\drsmartload849a4.exe
[2006/02/14 23:45:34 | 000,020,480 | ---- | M] (.) -- C:\drsmartload849a5.exe
[2006/02/15 00:31:52 | 000,020,480 | ---- | M] (.) -- C:\drsmartload849a6.exe
[2006/02/17 01:06:59 | 000,020,480 | ---- | M] (.) -- C:\drsmartload849a7.exe
[2006/02/17 05:51:42 | 000,020,480 | ---- | M] (.) -- C:\drsmartload849a7a.exe
[2006/02/18 03:30:56 | 000,020,480 | ---- | M] (.) -- C:\drsmartload849a7c.exe
[2006/02/19 02:38:39 | 000,020,480 | ---- | M] (.) -- C:\drsmartload849a7d.exe
[2006/02/20 04:02:01 | 000,020,480 | ---- | M] (.) -- C:\drsmartload849a7e.exe
[2006/02/20 19:44:47 | 000,020,480 | ---- | M] (.) -- C:\drsmartload849a7f.exe
[2006/02/21 19:21:40 | 000,020,480 | ---- | M] (.) -- C:\drsmartload849a7g.exe
[2006/02/22 03:15:31 | 000,020,480 | ---- | M] (.) -- C:\drsmartload849a7h.exe
[2006/02/23 19:28:32 | 000,020,480 | ---- | M] (.) -- C:\drsmartload849a7i.exe
[2006/03/03 20:08:46 | 000,020,480 | ---- | M] (.) -- C:\drsmartload849a8a.exe
[2006/03/05 21:57:46 | 000,020,480 | ---- | M] (.) -- C:\drsmartload849a8b.exe
[2006/03/07 21:24:48 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload849a8b5.exe
[2006/03/10 02:44:14 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload849a8b9.exe
[2006/03/10 20:54:02 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload849a8b9abc.exe
[2006/03/14 01:14:50 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload849a99.exe
[2006/08/19 11:21:46 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload849a999.exe
[2006/08/20 11:44:29 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload849a9999.exe
[2006/02/07 03:51:15 | 000,020,480 | ---- | M] (eww hduew yr78 y784) -- C:\drsmartload849y.exe
[2006/02/08 00:12:29 | 000,020,480 | ---- | M] (eww hduew yr78 y784) -- C:\drsmartload849z.exe
[2006/08/21 15:28:54 | 000,004,940 | ---- | M] (.) -- C:\dwin.exe
[2006/02/21 21:05:32 | 000,001,024 | ---- | M] () -- C:\gqyqhf.exe
[2006/02/15 05:27:28 | 000,827,613 | ---- | M] (instyler installation software) -- C:\gt.exe
[2006/08/18 15:30:25 | 000,000,338 | ---- | M] () -- C:\hehe.exe
[2006/02/21 21:04:51 | 000,001,024 | ---- | M] () -- C:\humxsgbm.exe
[2006/08/21 17:20:55 | 000,015,360 | ---- | M] () -- C:\iexplorer.exe
[2006/02/07 03:50:49 | 000,578,560 | ---- | M] () -- C:\Installer.exe
[2006/02/12 01:47:19 | 000,578,560 | ---- | M] () -- C:\Installer2.exe
[2006/02/17 05:51:30 | 000,578,560 | ---- | M] () -- C:\Installer3.exe
[2006/02/14 23:45:18 | 000,040,960 | ---- | M] (re8wru ehu hrweurhuweur 37wr3) -- C:\kybrdaca_6.exe
[2006/02/13 23:39:32 | 000,028,672 | ---- | M] (erijdf cisjtfgurhbyethb784yue7) -- C:\kybrdac_6.exe
[2006/02/10 04:10:35 | 000,040,960 | ---- | M] (re8wru ehu hrweurhuweur 37wr3) -- C:\kybrdad_5.exe
[2006/02/15 19:42:22 | 000,040,960 | ---- | M] (re8wru ehu hrweurhuweur 37wr3) -- C:\kybrddd_6.exe
[2006/02/18 03:30:47 | 000,028,672 | ---- | M] (re8wru ehu hrweurhuweur 37wr3) -- C:\kybrded_7.exe
[2006/02/20 20:04:20 | 000,032,768 | ---- | M] (|||?|||||||???||||) -- C:\kybrdef_7.exe
[2006/02/07 03:49:03 | 000,040,960 | ---- | M] (re8wru ehu hrweurhuweur 37wr3) -- C:\kybrde_5.exe
[2006/03/16 19:58:12 | 000,098,304 | ---- | M] (*&&*#&$*#RU*#Y&*#YR&Y#&RY#R) -- C:\kybrdff_11.exe
[2006/08/18 16:06:26 | 000,094,208 | ---- | M] (*&&*#&$*#RU*#Y&*#YR&Y#&RY#R) -- C:\kybrdff_11a.exe
[2006/08/21 14:41:01 | 000,098,304 | ---- | M] (*&&*#&$*#RU*#Y&*#YR&Y#&RY#R) -- C:\kybrdff_12.exe
[2006/02/28 05:35:28 | 000,086,016 | ---- | M] ((*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)) -- C:\kybrdff_7.exe
[2006/03/06 19:03:10 | 000,094,208 | ---- | M] (......) -- C:\kybrdff_8.exe
[2006/03/10 20:53:52 | 000,094,208 | ---- | M] (89482382884288442884382382488832) -- C:\kybrdff_9.exe
[2006/02/25 08:44:32 | 000,032,768 | ---- | M] (#$*&$*&#&$&*$&#&*$&*#$&*) -- C:\kybrdfg_7.exe
[2006/03/05 21:57:44 | 000,061,440 | ---- | M] ((*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)) -- C:\kybrdfg_8.exe
[2006/03/13 21:11:56 | 000,094,208 | ---- | M] ((%)(%)(%)(%)(%)(%)(%)(%)(%)(%)) -- C:\kybrdfh_10.exe
[2006/02/21 21:05:31 | 000,001,024 | ---- | M] () -- C:\lemj.exe
[2006/03/12 07:56:01 | 001,014,304 | ---- | M] () -- C:\lips.exe
[2006/02/07 20:11:48 | 000,151,112 | ---- | M] () -- C:\mc-110-12-0000144.exe
[2006/02/08 06:38:04 | 000,131,137 | ---- | M] () -- C:\Mendoza1.exe
[2006/03/02 23:54:48 | 000,151,112 | ---- | M] () -- C:\mok32.exe
[2006/02/22 00:31:50 | 000,151,112 | ---- | M] () -- C:\moot32.exe
[2006/02/07 03:49:33 | 000,025,105 | ---- | M] () -- C:\MTE3NDI6ODoxNg.exe
[2006/03/10 21:57:19 | 000,678,344 | ---- | M] (Administrator) -- C:\musique.exe
[2006/03/11 22:32:10 | 000,678,344 | ---- | M] (Administrator) -- C:\musiqueti.exe
[2006/02/23 22:09:36 | 000,151,112 | ---- | M] () -- C:\mzt32.exe
[2006/08/21 14:57:45 | 000,016,384 | ---- | M] (.) -- C:\navy.exe
[2006/02/13 23:39:41 | 000,028,672 | ---- | M] (erijdf cisjtfgurhbyethb784yue7) -- C:\nwnmac_6.exe
[2006/02/10 04:10:36 | 000,028,672 | ---- | M] (ewe wr 2344 45 454545) -- C:\nwnmad_5.exe
[2006/02/16 06:43:28 | 000,032,768 | ---- | M] (erijdf cisjtfgurhbyethb784yue7) -- C:\nwnmdd_6.exe
[2006/02/18 03:30:49 | 000,032,768 | ---- | M] (erijdf cisjtfgurhbyethb784yue7) -- C:\nwnmed_7.exe
[2006/02/20 20:04:15 | 000,032,768 | ---- | M] (erijdf cisjtfgurhbyethb784yue7) -- C:\nwnmef_7.exe
[2006/02/07 03:49:15 | 000,028,672 | ---- | M] (ewe wr 2344 45 454545) -- C:\nwnme_5.exe
[2006/03/16 19:56:04 | 000,032,768 | ---- | M] ((%)(%)(%)(%)(%)(%)(%)(%)(%)(%)) -- C:\nwnmff_11.exe
[2006/08/21 14:41:04 | 000,032,768 | ---- | M] (04399289e8uwhru243y5r78f73yh3t7y3) -- C:\nwnmff_12.exe
[2006/02/28 21:03:59 | 000,032,768 | ---- | M] (&#&*&$*#&*$&*#&$*&*&$*&#*&#*) -- C:\nwnmff_7.exe
[2006/03/06 19:03:07 | 000,032,768 | ---- | M] (rew9q8er3289374823748782474723842) -- C:\nwnmff_8.exe
[2006/03/10 20:53:42 | 000,032,768 | ---- | M] (...............................................) -- C:\nwnmff_9.exe
[2006/02/25 08:44:53 | 000,032,768 | ---- | M] (&#&*&$*#&*$&*#&$*&*&$*&#*&#*) -- C:\nwnmfg_7.exe
[2006/03/05 21:57:31 | 000,032,768 | ---- | M] (rew9q8er3289374823748782474723842) -- C:\nwnmfg_8.exe
[2006/03/13 21:11:42 | 000,032,768 | ---- | M] ((%)(%)(%)(%)(%)(%)(%)(%)(%)(%)) -- C:\nwnmfh_10.exe
[2006/03/03 23:10:22 | 000,000,371 | ---- | M] () -- C:\outwin1.exe
[2006/02/21 21:04:49 | 000,072,704 | ---- | M] () -- C:\qjmm.exe
[2006/03/11 22:31:01 | 000,678,344 | ---- | M] (Administrator) -- C:\qmekimic.exe
[2006/03/16 23:10:49 | 000,692,606 | ---- | M] () -- C:\qo.exe
[2006/03/03 23:35:08 | 000,869,995 | ---- | M] (smart) -- C:\ret.exe
[2006/02/21 21:04:50 | 000,032,768 | ---- | M] () -- C:\rftojhv.exe
[2006/03/12 06:03:50 | 000,159,744 | ---- | M] () -- C:\scan.exe
[2006/03/12 22:13:00 | 000,678,344 | ---- | M] (Administrator) -- C:\schmblack.exe
[2006/03/08 21:42:09 | 000,148,992 | ---- | M] () -- C:\spam.exe
[2006/03/12 22:19:14 | 000,678,344 | ---- | M] (Administrator) -- C:\ssssdefr.exe
[2006/03/05 23:34:55 | 000,151,112 | ---- | M] () -- C:\tam32.exe
[2006/02/10 09:35:16 | 000,004,956 | ---- | M] (..) -- C:\toislf.exe
[2006/03/12 06:03:59 | 000,000,236 | ---- | M] () -- C:\tu.exe
[2006/02/21 19:20:33 | 000,517,168 | ---- | M] () -- C:\ucmoreiex.exe
[2006/03/10 22:07:05 | 000,678,344 | ---- | M] (Administrator) -- C:\uhytr.exe
[2006/03/09 00:24:52 | 000,858,144 | ---- | M] () -- C:\ux.exe
[2006/02/21 21:05:31 | 000,005,632 | ---- | M] () -- C:\viobqsd.exe
[2006/03/10 02:50:42 | 000,858,144 | ---- | M] () -- C:\w33d.exe
[2006/02/07 03:51:17 | 000,578,560 | ---- | M] () -- C:\warebundle2.exe
[2006/02/17 05:51:40 | 000,578,560 | ---- | M] () -- C:\warebundle3.exe
[2006/02/07 03:50:40 | 000,578,560 | ---- | M] () -- C:\warebundlenew.exe
[2006/02/12 06:15:07 | 000,578,560 | ---- | M] () -- C:\warebundlenewer.exe
[2006/02/22 02:06:45 | 000,016,157 | ---- | M] () -- C:\wdb.exe
[2006/02/21 05:51:18 | 000,016,157 | ---- | M] () -- C:\wdl.exe
[2006/03/09 07:33:01 | 000,161,740 | ---- | M] () -- C:\wew.exe
[2006/03/07 01:34:30 | 000,135,460 | ---- | M] () -- C:\wgfhfg.exe
[2006/02/22 00:24:39 | 000,020,480 | ---- | M] (.) -- C:\windiwl.exe
[2006/02/19 09:17:30 | 000,020,480 | ---- | M] (.) -- C:\windowl.exe
[2006/02/23 22:08:41 | 000,020,480 | ---- | M] (.) -- C:\windui.exe
[2006/02/22 04:30:41 | 000,020,480 | ---- | M] (.) -- C:\windwl.exe
[2006/02/26 05:25:21 | 000,006,131 | ---- | M] () -- C:\winpatch.exe
[2006/03/17 04:55:45 | 000,066,745 | ---- | M] () -- C:\winquidsaan.exe
[2006/02/17 06:39:09 | 000,020,480 | ---- | M] (.) -- C:\winsdl.exe
[2006/03/15 02:49:18 | 000,135,680 | ---- | M] () -- C:\winsystesm.exe
[2006/02/18 06:26:32 | 000,020,480 | ---- | M] (.) -- C:\winzdl.exe
[2006/03/07 02:14:32 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\wksv.exe
[2006/03/05 23:34:52 | 000,130,558 | ---- | M] () -- C:\woa32.exe
[2006/03/02 23:55:41 | 000,130,558 | ---- | M] () -- C:\ww32.exe
[2006/03/10 21:50:19 | 000,682,150 | ---- | M] (Instyler® Software) -- C:\yhaaa.exe


< MD5 for: AGP440.SYS >
[2001/08/17 21:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINDOWS\system32\drivers\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2002/08/29 11:50:10 | 010,158,890 | ---- | M] () .cab file -- C:\I386\sp1.cab:atapi.sys
[2002/08/29 11:50:10 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2002/10/17 01:31:10 | 000,087,040 | ---- | M] (Microsoft Corporation) MD5=3DF589B9A15FF9EF4AA499F98C1C16D5 -- C:\I386\ATAPI.SYS
[2002/10/17 01:31:10 | 000,087,040 | ---- | M] (Microsoft Corporation) MD5=3DF589B9A15FF9EF4AA499F98C1C16D5 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2002/10/17 01:31:10 | 000,087,040 | ---- | M] (Microsoft Corporation) MD5=3DF589B9A15FF9EF4AA499F98C1C16D5 -- C:\WINDOWS\system32\drivers\ATAPI.SYS
[2002/08/29 09:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtUninstallQ331060$\ATAPI.SYS
[2002/08/29 09:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2002/08/29 11:40:52 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2002/08/29 11:41:08 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2002/08/29 11:41:12 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2003/02/19 21:18:16 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2003/02/19 21:18:16 | 000,626,688 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2003/02/19 21:18:16 | 000,405,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< >

========== Files - Unicode (All) ==========
[2006/02/07 03:54:00 | 000,000,000 | ---D | M](C:\WINDOWS\?icrosoft) -- C:\WINDOWS\Μicrosoft
[2006/02/07 03:54:00 | 000,000,000 | ---D | C](C:\WINDOWS\?icrosoft) -- C:\WINDOWS\Μicrosoft
[2006/02/07 03:53:00 | 000,000,000 | ---D | M](C:\WINDOWS\System32\?ymantec) -- C:\WINDOWS\System32\Ѕymantec
[2006/02/07 03:52:39 | 000,000,000 | ---D | C](C:\WINDOWS\System32\?ymantec) -- C:\WINDOWS\System32\Ѕymantec
< End of report >

Malwarebytes' Anti-Malware 1.44
Database version: 3830
Windows 5.1.2600 Service Pack 1
Internet Explorer 6.0.2800.1106

3/7/2010 3:33:54 AM
mbam-log-2010-03-07 (03-33-54).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 143170
Time elapsed: 26 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\timedrv26.sys (Backdoor.HacDef) -> Quarantined and deleted successfully.

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Any ideas?

Thanks in advance.

Edited by mechanima, 06 March 2010 - 10:17 PM.

  • 0

Advertisements

#2
Gammo
Posted 07 March 2010 - 05:24 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hi mechanima,

Welcome to Geeks to Go! My name is Gammo and I will be helping you fix your computer problem.
If for any reason you do not understand any of the instructions, or are just unsure then please do not guess, simply post back with your question, and we will go through it again.

Please note that I am still in training. All my posts have to be checked by an Expert, ensuring an accurate response. For that reason there may be some delay between replies.
  • 0

#3
mechanima
Posted 07 March 2010 - 09:44 AM

mechanima

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Thank you Gammo, and please take all the time you need, I am under no particular pressure to clear this machine
  • 0

#4
Gammo
Posted 07 March 2010 - 10:48 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hi,

1. Please download The Avenger by Swandog46 to your Desktop.
  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Begin copying here:
Drivers to delete:
DP1112
Time
WTime

Files to delete:
C:\WINDOWS\system32\mlsdf8haknquydin.exe
C:\WINDOWS\system32\mlsdf8hbeil.exe
C:\WINDOWS\system32\mlsdf8hdowaeimrwc.exe
C:\WINDOWS\system32\mlsdf8hrceimq.exe
C:\WINDOWS\system32\mlsdf8hxbgikmo.exe
C:\WINDOWS\system32\mlsdf8hxflps.exe
C:\WINDOWS\system32\mlsdf8hyhkoswafkq.exe
C:\WINDOWS\system32\nlkfev7dmqtxbg.exe
C:\WINDOWS\system32\nlkfev7lvzcgkpt.exe
C:\WINDOWS\system32\nlkfev7otzcgkpuze.exe
C:\WINDOWS\system32\nlkfev7pwzdhl.exe
C:\WINDOWS\system32\nlkfev7pzcfjnsxch.exe
C:\WINDOWS\system32\nlkfev7pzcgkosxci.exe
C:\WINDOWS\system32\nlkfev7uxaeimqva.exe
C:\WINDOWS\system32\nlkfev7weil.exe
C:\WINDOWS\system32\sklrr7ygqtx.exe
C:\WINDOWS\system32\sklrr7yilor.exe
C:\WINDOWS\system32\sklrr7yilos.exe
C:\WINDOWS\system32\sklrr7yiosvzdim.exe
C:\WINDOWS\system32\sklrr7yknqtx.exe
C:\WINDOWS\system32\sklrr7yluxbfjnsxd.exe
C:\WINDOWS\system32\sklrr7yzcfjnrvaf.exe
C:\WINDOWS\system32\timedrv26.sys
C:\WINDOWS\system32\dior4f4dmptxbfkp.exe
C:\WINDOWS\system32\dior4f4filpsxbg.exe
C:\WINDOWS\system32\dior4f4gknqu.exe
C:\WINDOWS\system32\dior4f4gqtxafjo.exe
C:\WINDOWS\system32\dior4f4szgjn.exe
C:\WINDOWS\system32\cjnr4r4gnqu.exe
C:\WINDOWS\system32\cjnr4r4isae.exe
C:\WINDOWS\system32\cjnr4r4nrsuwyad.exe
C:\WINDOWS\system32\cjnr4r4qtwaeimrwb.exe
C:\WINDOWS\system32\cjnr4r4twzd.exe
C:\WINDOWS\system32\cjnr4r4vfnruzd.exe
C:\WINDOWS\system32\cjnr4r4wdhkosx.exe
C:\WINDOWS\Temp\sklrr7y253238.exe
C:\WINDOWS\Temp\cjnr4r43728920.exe
C:\WINDOWS\Temp\dior4f4172096.exe
C:\Documents and Settings\michelle\Local Settings\Temp\nlkfev78105707.exe
C:\WINDOWS\System32\Drivers\DP.sys

Registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Time
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Time

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.
  • Right click on the window under Input script here:, and select Paste.
  • You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengers actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
SRV - File not found [Auto | Stopped] -- -- (sdktemp)
SRV - [2006/08/19 11:28:36 | 000,159,744 | ---- | M] () [Disabled | Running] -- C:\WINDOWS\System32\SIX.exe -- (Six.update.net)
SRV - [2006/03/12 18:44:54 | 000,009,609 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\wgareg.exe -- (wgareg)
SRV - [2006/03/11 10:59:07 | 000,159,744 | ---- | M] () [Disabled | Running] -- C:\WINDOWS\System32\MDN.exe -- (MDM.update.net)
SRV - [2006/03/05 23:09:40 | 000,053,760 | RHS- | M] () [Disabled | Stopped] -- C:\WINDOWS\mnsmsgr.exe -- (€?
)
SRV - [2006/02/24 06:44:28 | 000,189,952 | RHS- | M] () [Auto | Running] -- C:\WINDOWS\sqlmanagement.exe -- (sqlmanagement)
SRV - [2006/02/18 03:46:46 | 000,039,936 | ---- | M] () [Auto | Running] -- C:\WINDOWS\win32host.exe -- (Win32Kernel)
SRV - [2006/02/07 08:11:34 | 000,023,040 | ---- | M] () [Auto | Running] -- C:\WINDOWS\update\updmgr.exe -- (UpdateManager)
DRV - File not found [Kernel | On_Demand | Running] -- -- (WTime)
DRV - [2006/03/05 01:12:09 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\rdriv.sys -- (rdriv)
DRV - [2006/02/18 08:55:45 | 000,012,288 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DP.sys -- (DP1112)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
[2006/06/20 00:09:18 | 000,039,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npclntax.dll
O3 - HKLM\..\Toolbar: (ToolBar888) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll File not found
O3 - HKLM\..\Toolbar: (Zango Toolbar) - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll File not found
O4 - HKLM..\Run: [defender] C:\dfndrff_12.exe File not found
O4 - HKLM..\Run: [keyboard] C:\\kybrdff_12.exe ()
O4 - HKLM..\Run: [MDM] C:\WINDOWS\System32\MDN.exe ()
O4 - HKLM..\Run: [Microsoft ® Windows Update Manager] C:\WINDOWS\update\updmgr.exe ()
O4 - HKLM..\Run: [Microsoft Windows Update 32] File not found
O4 - HKLM..\Run: [MSN messanger] C:\WINDOWS\System32\msnmsgsm.exe ()
O4 - HKLM..\Run: [newname] C:\\nwnmff_12.exe ()
O4 - HKLM..\Run: [Real0ne] C:\WINDOWS\system32\boys.exe ()
O4 - HKLM..\Run: [REGEDIT] C:\Program Files\My App\zlip.exe File not found
O4 - HKLM..\Run: [SIX] C:\WINDOWS\System32\SIX.exe ()
O4 - HKLM..\Run: [Sygatedsa Personal Firewall] C:\WINDOWS\System32\ddoSygate.exe ()
O4 - HKLM..\Run: [VCS Host] C:\WINDOWS\System32\vcshost.exe ()
O4 - HKLM..\Run: [Windows Core Kernel Update] C:\WINDOWS\system32\win32bootcfg.exe ()
O4 - HKLM..\Run: [Winsock2 wqr1s] C:\WINDOWS\System32\zgtfxcob.exe ()
O4 - HKCU..\Run: [MDM] C:\WINDOWS\System32\MDN.exe ()
O4 - HKCU..\Run: [Microsoft Windows Update 32] File not found
O4 - HKCU..\Run: [SIX] C:\WINDOWS\System32\SIX.exe ()
O4 - HKCU..\Run: [Sygatedsa Personal Firewall] C:\WINDOWS\System32\ddoSygate.exe ()
O4 - HKCU..\Run: [VCS Host] C:\WINDOWS\System32\vcshost.exe ()
O4 - HKLM..\RunOnce: [MDM] C:\WINDOWS\System32\MDN.exe ()
O4 - HKLM..\RunOnce: [SIX] C:\WINDOWS\System32\SIX.exe ()
O4 - HKCU..\RunOnce: [MDM] C:\WINDOWS\System32\MDN.exe ()
O4 - HKCU..\RunOnce: [SIX] C:\WINDOWS\System32\SIX.exe ()
O4 - HKCU..\RunOnce: [Winsock2 wqr1s] C:\WINDOWS\System32\zgtfxcob.exe ()
O4 - HKLM..\RunOnceEx: [RRPC-nls] File not found
O4 - HKLM..\RunServices: [MDM] C:\WINDOWS\System32\MDN.exe ()
O4 - HKLM..\RunServices: [MSN messanger] C:\WINDOWS\System32\msnmsgsm.exe ()
O4 - HKLM..\RunServices: [SIX] C:\WINDOWS\System32\SIX.exe ()
O4 - HKLM..\RunServices: [Sygatedsa Personal Firewall] C:\WINDOWS\System32\ddoSygate.exe ()
O4 - HKLM..\RunServices: [System Update] File not found
O4 - HKLM..\RunServices: [tutcdchk2] C:\WINDOWS\System32\tutcdchk2.exe File not found
O4 - HKLM..\RunServices: [updwebmin] C:\WINDOWS\System32\updwebmin.exe File not found
O4 - HKLM..\RunServices: [VCS Host] C:\WINDOWS\System32\vcshost.exe ()
O4 - HKCU..\RunServices: [System Update] File not found
O20 - Winlogon\Notify\Control Panel: DllName - C:\WINDOWS\system32\guard.tmp - C:\WINDOWS\System32\guard.tmp File not found
O32 - AutoRun File - [2010/03/06 00:22:14 | 000,000,209 | ---- | M] () - F:\Autorun.ini -- [ FAT ]
[2010/03/07 03:34:23 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\oaaudlhk.sys
[2010/03/07 02:54:47 | 000,002,730 | ---- | M] () -- C:\WINDOWS\System32\xt34mxxx
[2010/03/07 02:54:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\keyboard1.dat
[2010/03/07 01:42:15 | 000,000,123 | ---- | M] () -- C:\WINDOWS\System32\987.reg
[2010/03/07 01:42:12 | 000,000,123 | ---- | M] () -- C:\WINDOWS\System32\376.reg
[2010/03/06 23:36:57 | 000,000,123 | ---- | M] () -- C:\WINDOWS\System32\535.reg
[2010/01/23 15:27:13 | 000,235,721 | R-S- | C] () -- C:\WINDOWS\System32\fpr8039ue.dll
[2010/01/23 15:22:03 | 000,235,721 | R-S- | C] () -- C:\WINDOWS\System32\sye.dll
[2006/08/21 15:21:07 | 000,236,830 | R-S- | C] () -- C:\WINDOWS\System32\mv0ml9d11.dll
[2006/08/21 15:15:04 | 000,234,903 | R-S- | C] () -- C:\WINDOWS\System32\hI0q0cd5ef0.dll
[2006/08/21 15:11:30 | 000,233,526 | R-S- | C] () -- C:\WINDOWS\System32\sfi.dll
[2006/08/21 14:48:47 | 000,233,526 | R-S- | C] () -- C:\WINDOWS\System32\eV02ledo1h0c.dll
[2006/08/21 14:48:45 | 000,233,593 | R-S- | C] () -- C:\WINDOWS\System32\jt6007jme.dll
[2006/08/21 14:45:54 | 000,235,154 | R-S- | C] () -- C:\WINDOWS\System32\azaolc131f.dll
[2006/08/21 14:40:08 | 000,233,526 | R-S- | C] () -- C:\WINDOWS\System32\eucbbbc.dll
[2006/08/21 14:40:07 | 000,234,730 | R-S- | C] () -- C:\WINDOWS\System32\e402ledo1h0c.dll
[2006/08/20 11:42:34 | 000,233,526 | R-S- | C] () -- C:\WINDOWS\System32\l44qleh51h4.dll
[2006/08/19 00:06:57 | 000,233,526 | R-S- | C] () -- C:\WINDOWS\System32\azam0cf1ef2.dll
[2006/08/18 20:32:17 | 000,233,526 | R-S- | C] () -- C:\WINDOWS\System32\s2rslc971f.dll
[2006/08/18 14:12:40 | 000,233,539 | R-S- | C] () -- C:\WINDOWS\System32\lv4o09h3e.dll
[2006/08/18 12:47:50 | 000,233,526 | R-S- | C] () -- C:\WINDOWS\System32\azam09d1e.dll
[2006/08/18 12:44:42 | 000,234,428 | R-S- | C] () -- C:\WINDOWS\System32\l20u0cd9ef0.dll
[2006/08/18 12:44:38 | 000,235,118 | R-S- | C] () -- C:\WINDOWS\System32\irnml5511.dll
[2006/08/18 12:37:48 | 000,234,320 | R-S- | C] () -- C:\WINDOWS\System32\s4rs0e97eh.dll
[2006/08/18 12:37:43 | 000,233,526 | R-S- | C] () -- C:\WINDOWS\System32\n6r20g9oe6.dll
[2006/08/18 12:25:18 | 000,233,526 | R-S- | C] () -- C:\WINDOWS\System32\kbfcaww.dll
[2006/08/18 12:25:17 | 000,234,100 | R-S- | C] () -- C:\WINDOWS\System32\o4pq0e75eh.dll
[2006/08/18 12:25:12 | 000,233,526 | R-S- | C] () -- C:\WINDOWS\System32\ktl4l73q1.dll
[2006/08/18 12:20:15 | 000,234,663 | R-S- | C] () -- C:\WINDOWS\System32\ktlml7311.dll
[2006/08/18 12:20:12 | 000,233,526 | R-S- | C] () -- C:\WINDOWS\System32\fpnm0351e.dll
[2006/08/18 05:19:41 | 000,233,526 | R-S- | C] () -- C:\WINDOWS\System32\f22m0cf1ef2.dll
[2006/08/17 23:47:32 | 000,235,477 | R-S- | C] () -- C:\WINDOWS\System32\ennul1591.dll
[2006/08/17 23:47:32 | 000,233,526 | ---- | C] () -- C:\WINDOWS\System32\ukildll.dll
[2006/08/17 23:47:29 | 000,233,526 | ---- | C] () -- C:\WINDOWS\System32\unrsdpia.dll
[2006/08/17 23:47:28 | 000,233,635 | R-S- | C] () -- C:\WINDOWS\System32\lv0m09d1e.dll
[2006/08/17 23:44:37 | 000,233,526 | R-S- | C] () -- C:\WINDOWS\System32\mvi.dll
[2006/08/17 23:44:32 | 000,234,271 | R-S- | C] () -- C:\WINDOWS\System32\hr4s05h7e.dll
[2006/08/17 23:39:47 | 000,233,526 | R-S- | C] () -- C:\WINDOWS\System32\wbecedit.dll
[2006/08/17 23:31:13 | 000,234,464 | R-S- | C] () -- C:\WINDOWS\System32\o8lu0i39e8.dll
[2006/08/17 23:28:00 | 000,235,152 | R-S- | C] () -- C:\WINDOWS\System32\k626lgfs1626.dll
[2006/03/17 05:36:53 | 000,233,526 | R-S- | C] () -- C:\WINDOWS\System32\nL6qlgj516o.dll
[2006/03/17 05:22:47 | 000,234,074 | R-S- | C] () -- C:\WINDOWS\System32\l84q0ih5e84.dll
[2006/03/17 04:52:45 | 000,237,158 | R-S- | C] () -- C:\WINDOWS\System32\lzasrv.dll
[2006/03/17 04:52:44 | 000,233,877 | R-S- | C] () -- C:\WINDOWS\System32\mvn2l95o1.dll
[2006/03/17 00:05:42 | 000,235,739 | R-S- | C] () -- C:\WINDOWS\System32\g2220cfoef2c0.dll
[2006/03/16 20:06:32 | 000,235,446 | R-S- | C] () -- C:\WINDOWS\System32\aza2le5o1h.dll
[2006/03/16 09:53:10 | 000,234,888 | R-S- | C] () -- C:\WINDOWS\System32\m4nq0e55eh.dll
[2006/03/16 08:07:18 | 000,235,211 | R-S- | C] () -- C:\WINDOWS\System32\azaq01j5e.dll
[2006/03/16 05:15:55 | 000,234,334 | R-S- | C] () -- C:\WINDOWS\System32\cubcatq.dll
[2006/03/15 06:36:32 | 000,234,334 | R-S- | C] () -- C:\WINDOWS\System32\enj6l11s1.dll
[2006/03/15 04:49:39 | 000,234,334 | R-S- | C] () -- C:\WINDOWS\System32\aza2059oe.dll
[2006/03/15 02:08:12 | 000,235,899 | R-S- | C] () -- C:\WINDOWS\System32\ir6ql5j51.dll
[2006/03/15 01:58:04 | 000,234,880 | R-S- | C] () -- C:\WINDOWS\System32\l64q0gh5e64.dll
[2006/03/14 07:20:32 | 000,234,021 | R-S- | C] () -- C:\WINDOWS\System32\yVyyxwt.dll
[2006/03/11 09:23:57 | 000,036,527 | ---- | C] () -- C:\WINDOWS\System32\lovely.sys
[2006/03/11 09:23:57 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\msn.dll
[2006/03/11 09:23:57 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\knlps.sys
[2006/03/11 09:23:56 | 000,006,192 | ---- | C] () -- C:\WINDOWS\System32\aliases.ini
[2006/03/10 02:42:49 | 000,234,241 | R-S- | C] () -- C:\WINDOWS\System32\ktn0l75m1.dll
[2006/03/09 07:05:05 | 000,234,241 | R-S- | C] () -- C:\WINDOWS\System32\kvdindev.dll
[2006/03/09 02:57:11 | 000,235,533 | R-S- | C] () -- C:\WINDOWS\System32\mvnol9531.dll
[2006/03/09 00:17:08 | 000,235,533 | R-S- | C] () -- C:\WINDOWS\System32\p04ulah91d4.dll
[2006/03/09 00:07:27 | 000,235,469 | R-S- | C] () -- C:\WINDOWS\System32\hrrq0595e.dll
[2006/03/08 21:24:16 | 000,235,469 | R-S- | C] () -- C:\WINDOWS\System32\kxdycl.dll
[2006/03/08 06:00:46 | 000,235,469 | R-S- | C] () -- C:\WINDOWS\System32\c200lcdm1f0a.dll
[2006/03/08 00:51:49 | 000,234,249 | R-S- | C] () -- C:\WINDOWS\System32\jtjq0715e.dll
[2006/03/07 21:24:07 | 000,234,299 | R-S- | C] () -- C:\WINDOWS\System32\h0n00a5med.dll
[2006/03/07 06:17:08 | 000,237,054 | R-S- | C] () -- C:\WINDOWS\System32\dn8q01l5e.dll
[2006/03/07 05:49:47 | 000,234,124 | R-S- | C] () -- C:\WINDOWS\System32\o2nslc571f.dll
[2006/03/07 05:43:01 | 000,237,054 | R-S- | C] () -- C:\WINDOWS\System32\jcmd400.dll
[2006/03/07 05:43:01 | 000,237,054 | R-S- | C] () -- C:\WINDOWS\System32\hrn4055qe.dll
[2006/03/07 01:17:50 | 000,235,087 | R-S- | C] () -- C:\WINDOWS\System32\lvp0097me.dll
[2006/03/06 23:13:35 | 000,237,145 | R-S- | C] () -- C:\WINDOWS\System32\gp04l3dq1.dll
[2006/03/06 23:10:45 | 000,235,087 | R-S- | C] () -- C:\WINDOWS\System32\mh43dmod.dll
[2006/03/06 21:41:50 | 000,236,745 | R-S- | C] () -- C:\WINDOWS\System32\kt8ol7l31.dll
[2006/03/06 21:26:02 | 000,234,193 | R-S- | C] () -- C:\WINDOWS\System32\enr8l19u1.dll
[2006/03/06 19:43:41 | 000,236,745 | R-S- | C] () -- C:\WINDOWS\System32\kmdhu1.dll
[2006/03/06 19:02:18 | 000,235,087 | R-S- | C] () -- C:\WINDOWS\System32\q6860glse6q60.dll
[2006/03/06 03:38:19 | 000,235,087 | R-S- | C] () -- C:\WINDOWS\System32\r48slel71hq.dll
[2006/03/05 23:03:44 | 000,235,087 | R-S- | C] () -- C:\WINDOWS\System32\g4jole131h.dll
[2006/03/05 22:47:35 | 000,235,087 | R-S- | C] () -- C:\WINDOWS\System32\hrls0537e.dll
[2006/03/05 22:39:28 | 000,234,027 | R-S- | C] () -- C:\WINDOWS\System32\mvlol9331.dll
[2006/03/05 13:03:11 | 000,234,027 | R-S- | C] () -- C:\WINDOWS\System32\lxvely.dll
[2006/03/05 12:50:42 | 000,235,466 | R-S- | C] () -- C:\WINDOWS\System32\mvl4l93q1.dll
[2006/03/05 09:18:18 | 000,234,991 | R-S- | C] () -- C:\WINDOWS\System32\r46u0ej9eho.dll
[2006/03/05 09:02:14 | 000,234,584 | R-S- | C] () -- C:\WINDOWS\System32\lvlo0933e.dll
[2006/03/05 00:09:12 | 000,236,184 | R-S- | C] () -- C:\WINDOWS\System32\frdrclnr.dll
[2006/03/05 00:09:12 | 000,233,898 | R-S- | C] () -- C:\WINDOWS\System32\f00olad31d0.dll
[2006/03/04 23:56:05 | 000,236,184 | R-S- | C] () -- C:\WINDOWS\System32\lz8609lse.dll
[2006/03/04 23:41:28 | 000,236,184 | R-S- | C] () -- C:\WINDOWS\System32\mologmgr.dll
[2006/03/04 22:05:44 | 000,234,207 | R-S- | C] () -- C:\WINDOWS\System32\m8juli1918.dll
[2006/03/04 21:51:55 | 000,236,184 | R-S- | C] () -- C:\WINDOWS\System32\mfsip32.dll
[2006/03/04 21:27:28 | 000,234,022 | R-S- | C] () -- C:\WINDOWS\System32\dzcpmon.dll
[2006/03/04 20:13:37 | 000,236,115 | R-S- | C] () -- C:\WINDOWS\System32\bZtt.dll
[2006/03/04 19:28:43 | 000,236,324 | R-S- | C] () -- C:\WINDOWS\System32\lv0209doe.dll
[2006/03/04 19:25:19 | 000,233,913 | R-S- | C] () -- C:\WINDOWS\System32\i0lola331d.dll
[2006/03/04 19:23:40 | 000,234,108 | R-S- | C] () -- C:\WINDOWS\System32\l02slaf71d2.dll
[2006/03/04 19:20:38 | 000,236,115 | R-S- | C] () -- C:\WINDOWS\System32\snarddlg.dll
[2006/03/04 18:17:21 | 000,237,097 | R-S- | C] () -- C:\WINDOWS\System32\fpju0319e.dll
[2006/03/04 18:17:21 | 000,236,184 | ---- | C] () -- C:\WINDOWS\System32\dwdmo.dll
[2006/03/04 18:09:11 | 000,236,184 | R-S- | C] () -- C:\WINDOWS\System32\cgbcatex.dll
[2006/03/04 17:55:35 | 000,236,184 | ---- | C] () -- C:\WINDOWS\System32\esp0l17m1.dll
[2006/03/04 17:55:33 | 000,236,587 | R-S- | C] () -- C:\WINDOWS\System32\fp0403dqe.dll
[2006/03/04 17:44:04 | 000,234,264 | R-S- | C] () -- C:\WINDOWS\System32\f2l02c3mgf.dll
[2006/03/04 06:16:09 | 000,236,184 | R-S- | C] () -- C:\WINDOWS\System32\akctres.dll
[2006/03/04 04:02:14 | 000,233,912 | R-S- | C] () -- C:\WINDOWS\System32\mv2ol9f31.dll
[2006/03/04 04:00:20 | 000,233,904 | R-S- | C] () -- C:\WINDOWS\System32\g2jolc131f.dll
[2006/03/04 03:57:31 | 000,237,263 | R-S- | C] () -- C:\WINDOWS\System32\mvp0l97m1.dll
[2006/03/04 01:08:33 | 000,234,197 | R-S- | C] () -- C:\WINDOWS\System32\k0lqla351d.dll
[2006/03/03 23:06:04 | 000,236,184 | R-S- | C] () -- C:\WINDOWS\System32\hrr2059oe.dll
[2006/03/03 20:08:54 | 000,540,672 | -HS- | C] () -- C:\WINDOWS\System32\libprm.dll
[2006/03/02 22:44:59 | 000,233,521 | R-S- | C] () -- C:\WINDOWS\System32\mvl2l93o1.dll
[2006/03/02 22:30:06 | 000,233,497 | R-S- | C] () -- C:\WINDOWS\System32\rzfsaps.dll
[2006/03/02 22:30:06 | 000,233,497 | R-S- | C] () -- C:\WINDOWS\System32\j0n20a5oed.dll
[2006/03/02 21:40:32 | 000,233,497 | R-S- | C] () -- C:\WINDOWS\System32\kqdsl1.dll
[2006/03/02 21:40:31 | 000,237,291 | R-S- | C] () -- C:\WINDOWS\System32\p46slej71ho.dll
[2006/03/02 09:00:57 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\rdriv.sys
[2006/03/02 08:36:26 | 000,237,291 | R-S- | C] () -- C:\WINDOWS\System32\o866lijs18o6.dll
[2006/03/02 06:50:30 | 000,237,291 | R-S- | C] () -- C:\WINDOWS\System32\k0pm0a71ed.dll
[2006/03/01 07:07:54 | 000,237,291 | R-S- | C] () -- C:\WINDOWS\System32\pzflbmsg.dll
[2006/03/01 07:03:48 | 000,237,291 | R-S- | C] () -- C:\WINDOWS\System32\dlcpmon.dll
[2006/02/28 21:03:24 | 000,236,115 | R-S- | C] () -- C:\WINDOWS\System32\ir06l5ds1.dll
[2006/02/27 21:33:40 | 000,233,872 | R-S- | C] () -- C:\WINDOWS\System32\i842liho184c.dll
[2006/02/26 06:01:00 | 000,236,115 | R-S- | C] () -- C:\WINDOWS\System32\ggjql3151.dll
[2006/02/26 06:00:44 | 000,236,115 | R-S- | C] () -- C:\WINDOWS\System32\fR2mlef11h2.dll
[2006/02/26 05:24:16 | 000,237,043 | R-S- | C] () -- C:\WINDOWS\System32\n82u0if9e82.dll
[2006/02/25 22:11:25 | 000,236,115 | R-S- | C] () -- C:\WINDOWS\System32\uxrfaxa.dll
[2006/02/25 22:11:23 | 000,236,753 | R-S- | C] () -- C:\WINDOWS\System32\l8l60i3se8.dll
[2006/02/25 18:50:41 | 000,236,115 | R-S- | C] () -- C:\WINDOWS\System32\hr2q05f5e.dll
[2006/02/25 18:45:42 | 000,234,094 | R-S- | C] () -- C:\WINDOWS\System32\r2r6lc9s1f.dll
[2006/02/24 06:42:19 | 000,236,115 | R-S- | C] () -- C:\WINDOWS\System32\veoy.dll
[2006/02/24 05:40:04 | 000,236,115 | R-S- | C] () -- C:\WINDOWS\System32\wbpcore.dll
[2006/02/24 05:40:03 | 000,236,020 | R-S- | C] () -- C:\WINDOWS\System32\o0ro0a93ed.dll
[2006/02/23 22:37:14 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\lovely.dll
[2006/02/23 22:37:14 | 000,003,162 | ---- | C] () -- C:\WINDOWS\System32\mirc.ini
[2006/02/23 22:37:14 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\remote.ini
[2006/02/23 22:08:23 | 000,236,020 | R-S- | C] () -- C:\WINDOWS\System32\emcdec.dll
[2006/02/23 20:29:41 | 000,236,115 | R-S- | C] () -- C:\WINDOWS\System32\wussvc.dll
[2006/02/23 19:29:59 | 000,001,167 | ---- | C] () -- C:\WINDOWS\System32\tvm1eb79.sys
[2006/02/23 19:29:56 | 000,061,952 | ---- | C] () -- C:\WINDOWS\System32\tvm1eb79.dll
[2006/02/23 19:29:35 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\w001c02e.dll
[2006/02/22 02:05:57 | 000,236,020 | R-S- | C] () -- C:\WINDOWS\System32\lv2809fue.dll
[2006/02/22 00:52:13 | 000,236,709 | R-S- | C] () -- C:\WINDOWS\System32\lv8609lse.dll
[2006/02/22 00:48:27 | 000,236,898 | R-S- | C] () -- C:\WINDOWS\System32\r8p80i7ue8.dll
[2006/02/22 00:30:28 | 000,237,227 | R-S- | C] () -- C:\WINDOWS\System32\kt02l7do1.dll
[2006/02/22 00:24:23 | 000,233,932 | R-S- | C] () -- C:\WINDOWS\System32\mv6ol9j31.dll
[2006/02/22 00:19:18 | 000,236,053 | R-S- | C] () -- C:\WINDOWS\System32\fpl0033me.dll
[2006/02/22 00:13:59 | 000,236,020 | R-S- | C] () -- C:\WINDOWS\System32\uzerenv.dll
[2006/02/22 00:11:00 | 000,236,020 | R-S- | C] () -- C:\WINDOWS\System32\mCg_hook.dll
[2006/02/21 21:04:55 | 000,064,472 | ---- | C] () -- C:\WINDOWS\System32\lzx32.sys
[2006/02/21 20:50:28 | 000,019,840 | ---- | C] () -- C:\WINDOWS\System32\ntio256.sys
[2006/02/21 20:47:55 | 000,003,066 | ---- | C] () -- C:\Program Files\secure32.html
[2006/02/21 20:47:53 | 001,426,193 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\Install.dat
[2006/02/21 20:21:24 | 000,236,020 | R-S- | C] () -- C:\WINDOWS\System32\f42mlef11h2.dll
[2006/02/21 20:09:49 | 000,236,020 | R-S- | C] () -- C:\WINDOWS\System32\dDdrm.dll
[2006/02/21 19:55:29 | 000,236,020 | ---- | C] () -- C:\WINDOWS\System32\asmfd.dll
[2006/02/21 19:55:25 | 000,236,581 | R-S- | C] () -- C:\WINDOWS\System32\dn6q01j5e.dll
[2006/02/21 19:45:19 | 000,236,522 | R-S- | C] () -- C:\WINDOWS\System32\h20q0cd5ef0.dll
[2006/02/21 19:37:53 | 000,234,004 | R-S- | C] () -- C:\WINDOWS\System32\gpjql3151.dll
[2006/02/21 19:23:30 | 000,236,131 | R-S- | C] () -- C:\WINDOWS\System32\dnjm0111e.dll
[2006/02/21 19:19:20 | 000,234,202 | R-S- | C] () -- C:\WINDOWS\System32\l80ulid9180.dll
[2006/02/21 05:53:28 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\hqghumea.dll
[2006/02/21 05:48:21 | 000,236,468 | R-S- | C] () -- C:\WINDOWS\System32\k8440ihqe84e0.dll
[2006/02/21 05:44:12 | 000,236,622 | R-S- | C] () -- C:\WINDOWS\System32\i2060cdsef060.dll
[2006/02/21 05:22:32 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\qghumeay.dll
[2006/02/21 05:21:27 | 000,236,974 | R-S- | C] () -- C:\WINDOWS\System32\q4nu0e59eh.dll
[2006/02/21 05:03:56 | 000,236,992 | R-S- | C] () -- C:\WINDOWS\System32\s2pu0c79ef.dll
[2006/02/21 05:00:22 | 000,236,069 | R-S- | C] () -- C:\WINDOWS\System32\lv4009hme.dll
[2006/02/21 04:29:19 | 000,236,020 | R-S- | C] () -- C:\WINDOWS\System32\fp6203joe.dll
[2006/02/21 00:09:07 | 000,234,178 | R-S- | C] () -- C:\WINDOWS\System32\dn0q01d5e.dll
[2006/02/20 19:43:52 | 000,236,020 | R-S- | C] () -- C:\WINDOWS\System32\o248lchu1f48.dll
[2006/02/20 04:01:13 | 000,234,614 | R-S- | C] () -- C:\WINDOWS\System32\k026lafs1d26.dll
[2006/02/19 09:09:08 | 000,236,991 | R-S- | C] () -- C:\WINDOWS\System32\gp2ol3f31.dll
[2006/02/19 09:01:10 | 000,233,473 | R-S- | C] () -- C:\WINDOWS\System32\h60q0gd5e60.dll
[2006/02/19 07:26:56 | 000,233,473 | R-S- | C] () -- C:\WINDOWS\System32\tgpmon.dll
[2006/02/18 08:54:27 | 000,235,085 | R-S- | C] () -- C:\WINDOWS\System32\pwh.dll
[2006/02/18 06:26:01 | 000,237,011 | R-S- | C] () -- C:\WINDOWS\System32\hrn6055se.dll
[2006/02/17 05:53:38 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\DP.sys
[2006/02/17 05:51:30 | 000,234,272 | ---- | C] () -- C:\WINDOWS\System32\ddband.dll
[2006/02/17 05:50:39 | 000,235,085 | R-S- | C] () -- C:\WINDOWS\System32\azpmgr.dll
[2006/02/15 05:09:57 | 000,235,259 | R-S- | C] () -- C:\WINDOWS\System32\ktl2l73o1.dll
[2006/02/15 05:08:01 | 000,235,925 | R-S- | C] () -- C:\WINDOWS\System32\gp0ul3d91.dll
[2006/02/14 23:36:20 | 000,235,257 | R-S- | C] () -- C:\WINDOWS\System32\irl2l53o1.dll
[2006/02/13 08:57:07 | 000,237,071 | R-S- | C] () -- C:\WINDOWS\System32\fpn6035se.dll
[2006/02/13 03:29:55 | 000,237,071 | R-S- | C] () -- C:\WINDOWS\System32\dimrtp.dll
[2006/02/13 00:46:41 | 000,233,699 | R-S- | C] () -- C:\WINDOWS\System32\fp0u03d9e.dll
[2006/02/13 00:30:46 | 000,233,733 | R-S- | C] () -- C:\WINDOWS\System32\s0pu0a79ed.dll
[2006/02/12 20:30:58 | 000,237,071 | R-S- | C] () -- C:\WINDOWS\System32\h2j4lc1q1f.dll
[2006/02/12 06:15:10 | 000,234,272 | ---- | C] () -- C:\WINDOWS\System32\mxc42u.dll
[2006/02/12 06:14:12 | 000,237,071 | R-S- | C] () -- C:\WINDOWS\System32\ior8l59u1.dll
[2006/02/12 06:14:11 | 000,235,895 | R-S- | C] () -- C:\WINDOWS\System32\k6js0g17e6.dll
[2006/02/12 01:47:20 | 000,234,272 | ---- | C] () -- C:\WINDOWS\System32\nutevent.dll
[2006/02/12 00:34:12 | 000,235,895 | R-S- | C] () -- C:\WINDOWS\System32\mhlogmgr.dll
[2006/02/12 00:21:56 | 000,235,895 | R-S- | C] () -- C:\WINDOWS\System32\nelanman.dll
[2006/02/11 19:17:15 | 000,235,895 | R-S- | C] () -- C:\WINDOWS\System32\j4n2le5o1h.dll
[2006/02/11 08:25:58 | 000,234,072 | R-S- | C] () -- C:\WINDOWS\System32\mv46l9hs1.dll
[2006/02/11 08:19:17 | 000,235,895 | R-S- | C] () -- C:\WINDOWS\System32\uyat.dll
[2006/02/11 07:53:40 | 000,095,744 | -HS- | C] () -- C:\WINDOWS\System32\wsync32.dll
[2006/02/11 07:52:37 | 000,236,558 | R-S- | C] () -- C:\WINDOWS\System32\fp6603jse.dll
[2006/02/11 06:04:51 | 000,233,712 | R-S- | C] () -- C:\WINDOWS\System32\enp0l17m1.dll
[2006/02/10 09:26:33 | 000,236,648 | R-S- | C] () -- C:\WINDOWS\System32\hrp6057se.dll
[2006/02/10 08:04:59 | 000,234,198 | R-S- | C] () -- C:\WINDOWS\System32\l00ulad91d0.dll
[2006/02/10 08:03:05 | 000,235,068 | R-S- | C] () -- C:\WINDOWS\System32\fplo0333e.dll
[2006/02/09 07:45:06 | 000,098,324 | ---- | C] () -- C:\WINDOWS\System32\mpefjgcn.dll
[2006/02/09 04:52:14 | 000,235,102 | R-S- | C] () -- C:\WINDOWS\System32\hr2u05f9e.dll
[2006/02/09 03:08:42 | 000,235,102 | R-S- | C] () -- C:\WINDOWS\System32\csmctl32.dll
[2006/02/09 02:05:25 | 000,236,872 | R-S- | C] () -- C:\WINDOWS\System32\q0psla771d.dll
[2006/02/08 23:34:53 | 000,236,668 | R-S- | C] () -- C:\WINDOWS\System32\n66qlgj516o.dll
[2006/02/08 21:45:11 | 000,236,188 | ---- | C] () -- C:\WINDOWS\System32\f02mlaf11d2.dll
[2006/02/08 21:38:31 | 000,237,009 | R-S- | C] () -- C:\WINDOWS\System32\en4ul1h91.dll
[2006/02/08 21:36:05 | 000,235,123 | R-S- | C] () -- C:\WINDOWS\System32\irr8l59u1.dll
[2006/02/08 21:36:05 | 000,235,068 | R-S- | C] () -- C:\WINDOWS\System32\kpdth3.dll
[2006/02/08 07:45:24 | 000,235,068 | R-S- | C] () -- C:\WINDOWS\System32\ic41_qcx.dll
[2006/02/08 06:39:48 | 000,235,123 | R-S- | C] () -- C:\WINDOWS\System32\mypmsp.dll
[2006/02/07 19:48:27 | 000,235,123 | R-S- | C] () -- C:\WINDOWS\System32\p04u0ah9ed4.dll
[2006/02/07 06:10:36 | 000,235,068 | R-S- | C] () -- C:\WINDOWS\System32\okedlg.dll
[2006/02/07 06:07:18 | 000,235,068 | R-S- | C] () -- C:\WINDOWS\System32\d8j00i1me8.dll
[2006/02/07 05:35:42 | 000,235,600 | R-S- | C] () -- C:\WINDOWS\System32\k2lq0c35ef.dll
[2006/02/07 04:26:37 | 000,234,272 | R-S- | C] () -- C:\WINDOWS\System32\mvpql9751.dll
[2006/02/07 03:58:32 | 000,235,413 | R-S- | C] () -- C:\WINDOWS\System32\en4ml1h11.dll
[2006/02/07 03:53:59 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\utalaek.dll
[2006/03/05 23:34:01 | 000,028,160 | ---- | M] () -- C:\1x.exe
[2006/02/23 19:29:30 | 000,002,560 | ---- | M] () -- C:\ac3_0010.exe
[2006/02/15 01:36:38 | 001,175,664 | ---- | M] (instyler installation software) -- C:\beti.exe
[2006/02/21 21:04:55 | 000,070,144 | ---- | M] () -- C:\bhowvt.exe
[2006/03/09 00:30:14 | 000,956,300 | ---- | M] () -- C:\c0p.exe
[2006/03/10 22:09:14 | 000,146,944 | ---- | M] () -- C:\cf.exe
[2006/03/08 00:34:33 | 000,020,062 | ---- | M] () -- C:\cold.exe
[2006/03/10 06:49:42 | 000,004,948 | ---- | M] (.) -- C:\ddi.exe
[2006/03/14 20:18:03 | 000,251,262 | ---- | M] () -- C:\deskbar.exe
[2006/02/13 23:39:23 | 000,081,920 | ---- | M] (DJWK JWBND HWBDH BWHDB HWHD H) -- C:\dfndrac_6.exe
[2006/02/10 04:10:30 | 000,081,920 | ---- | M] (DJWK JWBND HWBDH BWHDB HWHD H) -- C:\dfndrad_5.exe
[2006/02/15 19:42:17 | 000,081,920 | ---- | M] (DJWK JWBND HWBDH BWHDB HWHD H) -- C:\dfndrdd_6.exe
[2006/02/18 03:30:49 | 000,073,728 | ---- | M] (::::::::::::::::::::::::::::::::::::::::::::) -- C:\dfndred_7.exe
[2006/02/20 20:04:17 | 000,077,824 | ---- | M] (/|/\?\?\/|?\?) -- C:\dfndref_7.exe
[2006/02/07 03:48:58 | 000,081,920 | ---- | M] (DJWK JWBND HWBDH BWHDB HWHD H) -- C:\dfndre_5.exe
[2006/03/16 19:56:21 | 000,073,728 | ---- | M] (3u38742897r8yuruy4u3yru743433r) -- C:\dfndrff_11.exe
[2006/08/18 16:05:46 | 000,073,728 | ---- | M] (3u38742897r8yuruy4u3yru743433r) -- C:\dfndrff_11a.exe
[2006/02/28 21:04:12 | 000,077,824 | ---- | M] ((*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)) -- C:\dfndrff_7.exe
[2006/03/06 19:03:12 | 000,077,824 | ---- | M] (&@#*&#*#&@#*&@#*@&#*@&#*) -- C:\dfndrff_8.exe
[2006/03/10 20:53:48 | 000,073,728 | ---- | M] (..../...../..../..../..../..//......./////....) -- C:\dfndrff_9.exe
[2006/02/25 08:44:50 | 000,077,824 | ---- | M] (&%&%&%&%%&%&%%&%) -- C:\dfndrfg_7.exe
[2006/03/05 21:57:40 | 000,077,824 | ---- | M] (#^&$#^&$^&$^783647364763647367) -- C:\dfndrfg_8.exe
[2006/03/13 21:11:53 | 000,073,728 | ---- | M] ((%)(%)(%)(%)(%)(%)(%)(%)(%)(%)) -- C:\dfndrfh_10.exe
[2006/02/16 00:46:54 | 000,004,948 | ---- | M] (.) -- C:\do.exe
[2006/02/26 06:00:38 | 000,004,948 | ---- | M] (.) -- C:\dodi.exe
[2006/06/22 08:25:34 | 000,016,384 | ---- | M] (.) -- C:\dotdr.exe
[2006/02/09 07:35:40 | 000,006,144 | ---- | M] () -- C:\dr.exe
[2006/02/20 04:01:21 | 000,016,157 | ---- | M] () -- C:\drmy.exe
[2006/08/21 17:21:00 | 000,069,632 | ---- | M] (32489238eue7r734yr7634yr763t65535) -- C:\drsmartload.exe
[2006/08/21 14:59:23 | 000,069,632 | ---- | M] (32489238eue7r734yr7634yr763t65535) -- C:\drsmartload1.exe
[2006/02/11 06:07:10 | 000,020,480 | ---- | M] (eww hduew yr78 y784) -- C:\drsmartload45a1.exe
[2006/03/14 20:32:54 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload45a100.exe
[2006/03/15 05:23:24 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload45a1001.exe
[2006/02/12 01:47:30 | 000,020,480 | ---- | M] (eww hduew yr78 y784) -- C:\drsmartload45a2.exe
[2006/03/16 19:56:38 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload45a2002.exe
[2006/08/18 16:10:13 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload45a2002a.exe
[2006/02/13 00:31:39 | 000,020,480 | ---- | M] (eww hduew yr78 y784) -- C:\drsmartload45a3.exe
[2006/08/21 14:41:10 | 000,020,480 | ---- | M] (ewq48u328u747823yu) -- C:\drsmartload45a3333a.exe
[2006/02/13 23:39:40 | 000,020,480 | ---- | M] (.) -- C:\drsmartload45a4.exe
[2006/02/14 23:45:30 | 000,020,480 | ---- | M] (.) -- C:\drsmartload45a5.exe
[2006/02/15 00:31:50 | 000,020,480 | ---- | M] (.) -- C:\drsmartload45a6.exe
[2006/02/17 01:06:55 | 000,020,480 | ---- | M] (.) -- C:\drsmartload45a7.exe
[2006/02/17 05:51:33 | 000,020,480 | ---- | M] (.) -- C:\drsmartload45a7a.exe
[2006/02/18 03:30:53 | 000,020,480 | ---- | M] (.) -- C:\drsmartload45a7c.exe
[2006/02/19 02:38:34 | 000,020,480 | ---- | M] (.) -- C:\drsmartload45a7d.exe
[2006/02/20 04:01:44 | 000,020,480 | ---- | M] (.) -- C:\drsmartload45a7e.exe
[2006/02/20 19:44:44 | 000,020,480 | ---- | M] (.) -- C:\drsmartload45a7f.exe
[2006/02/21 19:20:48 | 000,020,480 | ---- | M] (.) -- C:\drsmartload45a7g.exe
[2006/02/22 03:14:49 | 000,020,480 | ---- | M] (.) -- C:\drsmartload45a7h.exe
[2006/02/23 19:28:25 | 000,020,480 | ---- | M] (.) -- C:\drsmartload45a7i.exe
[2006/03/03 20:08:34 | 000,020,480 | ---- | M] (.) -- C:\drsmartload45a8a.exe
[2006/03/05 21:57:43 | 000,020,480 | ---- | M] (.) -- C:\drsmartload45a8b.exe
[2006/03/07 21:24:31 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload45a8b5.exe
[2006/03/10 02:44:07 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload45a8b9.exe
[2006/03/10 20:53:58 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload45a8b9abc.exe
[2006/03/14 01:14:47 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload45a99.exe
[2006/08/19 11:21:43 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload45a999.exe
[2006/08/20 11:44:04 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload45a9999.exe
[2006/02/07 03:51:07 | 000,020,480 | ---- | M] (eww hduew yr78 y784) -- C:\drsmartload45y.exe
[2006/02/08 00:12:18 | 000,020,480 | ---- | M] (eww hduew yr78 y784) -- C:\drsmartload45z.exe
[2006/02/11 06:07:13 | 000,020,480 | ---- | M] (eww hduew yr78 y784) -- C:\drsmartload46a1.exe
[2006/03/14 20:32:57 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload46a100.exe
[2006/03/15 05:23:30 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload46a1001.exe
[2006/02/12 01:47:32 | 000,020,480 | ---- | M] (eww hduew yr78 y784) -- C:\drsmartload46a2.exe
[2006/03/16 19:56:44 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload46a2002.exe
[2006/08/18 16:10:27 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload46a2002a.exe
[2006/02/13 00:31:41 | 000,020,480 | ---- | M] (eww hduew yr78 y784) -- C:\drsmartload46a3.exe
[2006/08/21 14:41:11 | 000,020,480 | ---- | M] (ewq48u328u747823yu) -- C:\drsmartload46a3333a.exe
[2006/02/13 23:39:43 | 000,020,480 | ---- | M] (.) -- C:\drsmartload46a4.exe
[2006/02/14 23:45:32 | 000,020,480 | ---- | M] (.) -- C:\drsmartload46a5.exe
[2006/02/15 00:31:51 | 000,020,480 | ---- | M] (.) -- C:\drsmartload46a6.exe
[2006/02/17 01:07:00 | 000,020,480 | ---- | M] (.) -- C:\drsmartload46a7.exe
[2006/02/17 05:51:39 | 000,020,480 | ---- | M] (.) -- C:\drsmartload46a7a.exe
[2006/02/18 03:30:54 | 000,020,480 | ---- | M] (.) -- C:\drsmartload46a7c.exe
[2006/02/19 02:38:37 | 000,020,480 | ---- | M] (.) -- C:\drsmartload46a7d.exe
[2006/02/20 04:01:59 | 000,020,480 | ---- | M] (.) -- C:\drsmartload46a7e.exe
[2006/02/20 19:44:46 | 000,020,480 | ---- | M] (.) -- C:\drsmartload46a7f.exe
[2006/02/21 19:20:58 | 000,020,480 | ---- | M] (.) -- C:\drsmartload46a7g.exe
[2006/02/22 03:14:52 | 000,020,480 | ---- | M] (.) -- C:\drsmartload46a7h.exe
[2006/02/23 19:28:26 | 000,020,480 | ---- | M] (.) -- C:\drsmartload46a7i.exe
[2006/03/03 20:08:39 | 000,020,480 | ---- | M] (.) -- C:\drsmartload46a8a.exe
[2006/03/05 21:57:45 | 000,020,480 | ---- | M] (.) -- C:\drsmartload46a8b.exe
[2006/03/07 21:24:34 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload46a8b5.exe
[2006/03/10 02:44:13 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload46a8b9.exe
[2006/03/10 20:53:59 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload46a8b9abc.exe
[2006/03/14 01:14:49 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload46a99.exe
[2006/08/19 11:21:44 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload46a999.exe
[2006/08/20 11:44:02 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload46a9999.exe
[2006/02/07 03:51:17 | 000,020,480 | ---- | M] (eww hduew yr78 y784) -- C:\drsmartload46y.exe
[2006/02/08 00:12:21 | 000,020,480 | ---- | M] (eww hduew yr78 y784) -- C:\drsmartload46z.exe
[2006/02/07 03:49:20 | 000,020,480 | ---- | M] (eww hduew yr78 y784) -- C:\drsmartload849a.exe
[2006/02/11 06:07:14 | 000,020,480 | ---- | M] (eww hduew yr78 y784) -- C:\drsmartload849a1.exe
[2006/03/14 20:33:01 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload849a100.exe
[2006/03/15 05:23:35 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload849a1001.exe
[2006/02/12 01:47:34 | 000,020,480 | ---- | M] (eww hduew yr78 y784) -- C:\drsmartload849a2.exe
[2006/03/16 19:57:18 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload849a2002.exe
[2006/08/18 16:12:02 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload849a2002a.exe
[2006/02/13 00:31:46 | 000,020,480 | ---- | M] (eww hduew yr78 y784) -- C:\drsmartload849a3.exe
[2006/08/21 14:43:30 | 000,020,480 | ---- | M] (ewq48u328u747823yu) -- C:\drsmartload849a3333a.exe
[2006/02/13 23:39:45 | 000,020,480 | ---- | M] (eww hduew yr78 y784) -- C:\drsmartload849a4.exe
[2006/02/14 23:45:34 | 000,020,480 | ---- | M] (.) -- C:\drsmartload849a5.exe
[2006/02/15 00:31:52 | 000,020,480 | ---- | M] (.) -- C:\drsmartload849a6.exe
[2006/02/17 01:06:59 | 000,020,480 | ---- | M] (.) -- C:\drsmartload849a7.exe
[2006/02/17 05:51:42 | 000,020,480 | ---- | M] (.) -- C:\drsmartload849a7a.exe
[2006/02/18 03:30:56 | 000,020,480 | ---- | M] (.) -- C:\drsmartload849a7c.exe
[2006/02/19 02:38:39 | 000,020,480 | ---- | M] (.) -- C:\drsmartload849a7d.exe
[2006/02/20 04:02:01 | 000,020,480 | ---- | M] (.) -- C:\drsmartload849a7e.exe
[2006/02/20 19:44:47 | 000,020,480 | ---- | M] (.) -- C:\drsmartload849a7f.exe
[2006/02/21 19:21:40 | 000,020,480 | ---- | M] (.) -- C:\drsmartload849a7g.exe
[2006/02/22 03:15:31 | 000,020,480 | ---- | M] (.) -- C:\drsmartload849a7h.exe
[2006/02/23 19:28:32 | 000,020,480 | ---- | M] (.) -- C:\drsmartload849a7i.exe
[2006/03/03 20:08:46 | 000,020,480 | ---- | M] (.) -- C:\drsmartload849a8a.exe
[2006/03/05 21:57:46 | 000,020,480 | ---- | M] (.) -- C:\drsmartload849a8b.exe
[2006/03/07 21:24:48 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload849a8b5.exe
[2006/03/10 02:44:14 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload849a8b9.exe
[2006/03/10 20:54:02 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload849a8b9abc.exe
[2006/03/14 01:14:50 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload849a99.exe
[2006/08/19 11:21:46 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload849a999.exe
[2006/08/20 11:44:29 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\drsmartload849a9999.exe
[2006/02/07 03:51:15 | 000,020,480 | ---- | M] (eww hduew yr78 y784) -- C:\drsmartload849y.exe
[2006/02/08 00:12:29 | 000,020,480 | ---- | M] (eww hduew yr78 y784) -- C:\drsmartload849z.exe
[2006/08/21 15:28:54 | 000,004,940 | ---- | M] (.) -- C:\dwin.exe
[2006/02/21 21:05:32 | 000,001,024 | ---- | M] () -- C:\gqyqhf.exe
[2006/02/15 05:27:28 | 000,827,613 | ---- | M] (instyler installation software) -- C:\gt.exe
[2006/08/18 15:30:25 | 000,000,338 | ---- | M] () -- C:\hehe.exe
[2006/02/21 21:04:51 | 000,001,024 | ---- | M] () -- C:\humxsgbm.exe
[2006/08/21 17:20:55 | 000,015,360 | ---- | M] () -- C:\iexplorer.exe
[2006/02/07 03:50:49 | 000,578,560 | ---- | M] () -- C:\Installer.exe
[2006/02/12 01:47:19 | 000,578,560 | ---- | M] () -- C:\Installer2.exe
[2006/02/17 05:51:30 | 000,578,560 | ---- | M] () -- C:\Installer3.exe
[2006/02/14 23:45:18 | 000,040,960 | ---- | M] (re8wru ehu hrweurhuweur 37wr3) -- C:\kybrdaca_6.exe
[2006/02/13 23:39:32 | 000,028,672 | ---- | M] (erijdf cisjtfgurhbyethb784yue7) -- C:\kybrdac_6.exe
[2006/02/10 04:10:35 | 000,040,960 | ---- | M] (re8wru ehu hrweurhuweur 37wr3) -- C:\kybrdad_5.exe
[2006/02/15 19:42:22 | 000,040,960 | ---- | M] (re8wru ehu hrweurhuweur 37wr3) -- C:\kybrddd_6.exe
[2006/02/18 03:30:47 | 000,028,672 | ---- | M] (re8wru ehu hrweurhuweur 37wr3) -- C:\kybrded_7.exe
[2006/02/20 20:04:20 | 000,032,768 | ---- | M] (|||?|||||||???||||) -- C:\kybrdef_7.exe
[2006/02/07 03:49:03 | 000,040,960 | ---- | M] (re8wru ehu hrweurhuweur 37wr3) -- C:\kybrde_5.exe
[2006/03/16 19:58:12 | 000,098,304 | ---- | M] (*&&*#&$*#RU*#Y&*#YR&Y#&RY#R) -- C:\kybrdff_11.exe
[2006/08/18 16:06:26 | 000,094,208 | ---- | M] (*&&*#&$*#RU*#Y&*#YR&Y#&RY#R) -- C:\kybrdff_11a.exe
[2006/08/21 14:41:01 | 000,098,304 | ---- | M] (*&&*#&$*#RU*#Y&*#YR&Y#&RY#R) -- C:\kybrdff_12.exe
[2006/02/28 05:35:28 | 000,086,016 | ---- | M] ((*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)) -- C:\kybrdff_7.exe
[2006/03/06 19:03:10 | 000,094,208 | ---- | M] (......) -- C:\kybrdff_8.exe
[2006/03/10 20:53:52 | 000,094,208 | ---- | M] (89482382884288442884382382488832) -- C:\kybrdff_9.exe
[2006/02/25 08:44:32 | 000,032,768 | ---- | M] (#$*&$*&#&$&*$&#&*$&*#$&*) -- C:\kybrdfg_7.exe
[2006/03/05 21:57:44 | 000,061,440 | ---- | M] ((*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)(*)) -- C:\kybrdfg_8.exe
[2006/03/13 21:11:56 | 000,094,208 | ---- | M] ((%)(%)(%)(%)(%)(%)(%)(%)(%)(%)) -- C:\kybrdfh_10.exe
[2006/02/21 21:05:31 | 000,001,024 | ---- | M] () -- C:\lemj.exe
[2006/03/12 07:56:01 | 001,014,304 | ---- | M] () -- C:\lips.exe
[2006/02/07 20:11:48 | 000,151,112 | ---- | M] () -- C:\mc-110-12-0000144.exe
[2006/02/08 06:38:04 | 000,131,137 | ---- | M] () -- C:\Mendoza1.exe
[2006/03/02 23:54:48 | 000,151,112 | ---- | M] () -- C:\mok32.exe
[2006/02/22 00:31:50 | 000,151,112 | ---- | M] () -- C:\moot32.exe
[2006/02/07 03:49:33 | 000,025,105 | ---- | M] () -- C:\MTE3NDI6ODoxNg.exe
[2006/03/10 21:57:19 | 000,678,344 | ---- | M] (Administrator) -- C:\musique.exe
[2006/03/11 22:32:10 | 000,678,344 | ---- | M] (Administrator) -- C:\musiqueti.exe
[2006/02/23 22:09:36 | 000,151,112 | ---- | M] () -- C:\mzt32.exe
[2006/08/21 14:57:45 | 000,016,384 | ---- | M] (.) -- C:\navy.exe
[2006/02/13 23:39:41 | 000,028,672 | ---- | M] (erijdf cisjtfgurhbyethb784yue7) -- C:\nwnmac_6.exe
[2006/02/10 04:10:36 | 000,028,672 | ---- | M] (ewe wr 2344 45 454545) -- C:\nwnmad_5.exe
[2006/02/16 06:43:28 | 000,032,768 | ---- | M] (erijdf cisjtfgurhbyethb784yue7) -- C:\nwnmdd_6.exe
[2006/02/18 03:30:49 | 000,032,768 | ---- | M] (erijdf cisjtfgurhbyethb784yue7) -- C:\nwnmed_7.exe
[2006/02/20 20:04:15 | 000,032,768 | ---- | M] (erijdf cisjtfgurhbyethb784yue7) -- C:\nwnmef_7.exe
[2006/02/07 03:49:15 | 000,028,672 | ---- | M] (ewe wr 2344 45 454545) -- C:\nwnme_5.exe
[2006/03/16 19:56:04 | 000,032,768 | ---- | M] ((%)(%)(%)(%)(%)(%)(%)(%)(%)(%)) -- C:\nwnmff_11.exe
[2006/08/21 14:41:04 | 000,032,768 | ---- | M] (04399289e8uwhru243y5r78f73yh3t7y3) -- C:\nwnmff_12.exe
[2006/02/28 21:03:59 | 000,032,768 | ---- | M] (&#&*&$*#&*$&*#&$*&*&$*&#*&#*) -- C:\nwnmff_7.exe
[2006/03/06 19:03:07 | 000,032,768 | ---- | M] (rew9q8er3289374823748782474723842) -- C:\nwnmff_8.exe
[2006/03/10 20:53:42 | 000,032,768 | ---- | M] (...............................................) -- C:\nwnmff_9.exe
[2006/02/25 08:44:53 | 000,032,768 | ---- | M] (&#&*&$*#&*$&*#&$*&*&$*&#*&#*) -- C:\nwnmfg_7.exe
[2006/03/05 21:57:31 | 000,032,768 | ---- | M] (rew9q8er3289374823748782474723842) -- C:\nwnmfg_8.exe
[2006/03/13 21:11:42 | 000,032,768 | ---- | M] ((%)(%)(%)(%)(%)(%)(%)(%)(%)(%)) -- C:\nwnmfh_10.exe
[2006/03/03 23:10:22 | 000,000,371 | ---- | M] () -- C:\outwin1.exe
[2006/02/21 21:04:49 | 000,072,704 | ---- | M] () -- C:\qjmm.exe
[2006/03/11 22:31:01 | 000,678,344 | ---- | M] (Administrator) -- C:\qmekimic.exe
[2006/03/16 23:10:49 | 000,692,606 | ---- | M] () -- C:\qo.exe
[2006/03/03 23:35:08 | 000,869,995 | ---- | M] (smart) -- C:\ret.exe
[2006/02/21 21:04:50 | 000,032,768 | ---- | M] () -- C:\rftojhv.exe
[2006/03/12 06:03:50 | 000,159,744 | ---- | M] () -- C:\scan.exe
[2006/03/12 22:13:00 | 000,678,344 | ---- | M] (Administrator) -- C:\schmblack.exe
[2006/03/08 21:42:09 | 000,148,992 | ---- | M] () -- C:\spam.exe
[2006/03/12 22:19:14 | 000,678,344 | ---- | M] (Administrator) -- C:\ssssdefr.exe
[2006/03/05 23:34:55 | 000,151,112 | ---- | M] () -- C:\tam32.exe
[2006/02/10 09:35:16 | 000,004,956 | ---- | M] (..) -- C:\toislf.exe
[2006/03/12 06:03:59 | 000,000,236 | ---- | M] () -- C:\tu.exe
[2006/02/21 19:20:33 | 000,517,168 | ---- | M] () -- C:\ucmoreiex.exe
[2006/03/10 22:07:05 | 000,678,344 | ---- | M] (Administrator) -- C:\uhytr.exe
[2006/03/09 00:24:52 | 000,858,144 | ---- | M] () -- C:\ux.exe
[2006/02/21 21:05:31 | 000,005,632 | ---- | M] () -- C:\viobqsd.exe
[2006/03/10 02:50:42 | 000,858,144 | ---- | M] () -- C:\w33d.exe
[2006/02/07 03:51:17 | 000,578,560 | ---- | M] () -- C:\warebundle2.exe
[2006/02/17 05:51:40 | 000,578,560 | ---- | M] () -- C:\warebundle3.exe
[2006/02/07 03:50:40 | 000,578,560 | ---- | M] () -- C:\warebundlenew.exe
[2006/02/12 06:15:07 | 000,578,560 | ---- | M] () -- C:\warebundlenewer.exe
[2006/02/22 02:06:45 | 000,016,157 | ---- | M] () -- C:\wdb.exe
[2006/02/21 05:51:18 | 000,016,157 | ---- | M] () -- C:\wdl.exe
[2006/03/09 07:33:01 | 000,161,740 | ---- | M] () -- C:\wew.exe
[2006/03/07 01:34:30 | 000,135,460 | ---- | M] () -- C:\wgfhfg.exe
[2006/02/22 00:24:39 | 000,020,480 | ---- | M] (.) -- C:\windiwl.exe
[2006/02/19 09:17:30 | 000,020,480 | ---- | M] (.) -- C:\windowl.exe
[2006/02/23 22:08:41 | 000,020,480 | ---- | M] (.) -- C:\windui.exe
[2006/02/22 04:30:41 | 000,020,480 | ---- | M] (.) -- C:\windwl.exe
[2006/02/26 05:25:21 | 000,006,131 | ---- | M] () -- C:\winpatch.exe
[2006/03/17 04:55:45 | 000,066,745 | ---- | M] () -- C:\winquidsaan.exe
[2006/02/17 06:39:09 | 000,020,480 | ---- | M] (.) -- C:\winsdl.exe
[2006/03/15 02:49:18 | 000,135,680 | ---- | M] () -- C:\winsystesm.exe
[2006/02/18 06:26:32 | 000,020,480 | ---- | M] (.) -- C:\winzdl.exe
[2006/03/07 02:14:32 | 000,020,480 | ---- | M] (*$(*$#*$#&$&*$&*#&&$##&&$*#) -- C:\wksv.exe
[2006/03/05 23:34:52 | 000,130,558 | ---- | M] () -- C:\woa32.exe
[2006/03/02 23:55:41 | 000,130,558 | ---- | M] () -- C:\ww32.exe
[2006/03/10 21:50:19 | 000,682,150 | ---- | M] (Instyler® Software) -- C:\yhaaa.exe
[2006/02/07 03:54:00 | 000,000,000 | ---D | M](C:\WINDOWS\?icrosoft) -- C:\WINDOWS\Μicrosoft
[2006/02/07 03:54:00 | 000,000,000 | ---D | C](C:\WINDOWS\?icrosoft) -- C:\WINDOWS\Μicrosoft
[2006/02/07 03:53:00 | 000,000,000 | ---D | M](C:\WINDOWS\System32\?ymantec) -- C:\WINDOWS\System32\Ѕymantec
[2006/02/07 03:52:39 | 000,000,000 | ---D | C](C:\WINDOWS\System32\?ymantec) -- C:\WINDOWS\System32\Ѕymantec

:Services

:Reg

:Files
C:\WINDOWS\update
C:\Program Files\ToolBar888
C:\Program Files\Zango Programs
C:\Program Files\My App

:Commands
[purity]
[emptytemp]
[emptyflash]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download OTS to your Desktop
  • Close ALL OTHER PROGRAMS.
  • Double-click on OTS.exe to start the program.
  • Check the box that says Scan All Users
  • Under Additional Scans check the following:
    • Reg - NetSvcs
    • Reg - Shell Spawning
    • File - Lop Check
    • File - Purity Scan
    • Evnt - EvtViewer (last 10)
  • Under the Custom Scan box paste this in

    %SYSTEMDRIVE%\*.*

  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#5
mechanima
Posted 07 March 2010 - 01:30 PM

mechanima

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Here is Avenger log:

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "Time" found!
DisplayName: Time Service
ImagePath: C:\WINDOWS\System32\nlkfev7pzcfjnsxch.exe
Start Type: 4 (Disabled)

Hidden driver "WTime" found!
ImagePath: \??\C:\WINDOWS\System32\timedrv26.sys
Start Type: 4 (Disabled)

Hidden driver "€?
" found!
DisplayName: ¾2:¡/
wù:GŸ·siÖ
ImagePath: "C:\WINDOWS\mnsmsgr.exe"
Start Type: 4 (Disabled)

Rootkit scan completed.

Driver "DP1112" deleted successfully.
Driver "Time" deleted successfully.
Driver "WTime" deleted successfully.
File "C:\WINDOWS\system32\mlsdf8haknquydin.exe" deleted successfully.
File "C:\WINDOWS\system32\mlsdf8hbeil.exe" deleted successfully.
File "C:\WINDOWS\system32\mlsdf8hdowaeimrwc.exe" deleted successfully.
File "C:\WINDOWS\system32\mlsdf8hrceimq.exe" deleted successfully.
File "C:\WINDOWS\system32\mlsdf8hxbgikmo.exe" deleted successfully.
File "C:\WINDOWS\system32\mlsdf8hxflps.exe" deleted successfully.
File "C:\WINDOWS\system32\mlsdf8hyhkoswafkq.exe" deleted successfully.
File "C:\WINDOWS\system32\nlkfev7dmqtxbg.exe" deleted successfully.
File "C:\WINDOWS\system32\nlkfev7lvzcgkpt.exe" deleted successfully.
File "C:\WINDOWS\system32\nlkfev7otzcgkpuze.exe" deleted successfully.
File "C:\WINDOWS\system32\nlkfev7pwzdhl.exe" deleted successfully.
File "C:\WINDOWS\system32\nlkfev7pzcfjnsxch.exe" deleted successfully.
File "C:\WINDOWS\system32\nlkfev7pzcgkosxci.exe" deleted successfully.
File "C:\WINDOWS\system32\nlkfev7uxaeimqva.exe" deleted successfully.
File "C:\WINDOWS\system32\nlkfev7weil.exe" deleted successfully.
File "C:\WINDOWS\system32\sklrr7ygqtx.exe" deleted successfully.
File "C:\WINDOWS\system32\sklrr7yilor.exe" deleted successfully.
File "C:\WINDOWS\system32\sklrr7yilos.exe" deleted successfully.
File "C:\WINDOWS\system32\sklrr7yiosvzdim.exe" deleted successfully.
File "C:\WINDOWS\system32\sklrr7yknqtx.exe" deleted successfully.
File "C:\WINDOWS\system32\sklrr7yluxbfjnsxd.exe" deleted successfully.
File "C:\WINDOWS\system32\sklrr7yzcfjnrvaf.exe" deleted successfully.
File "C:\WINDOWS\system32\timedrv26.sys" deleted successfully.
File "C:\WINDOWS\system32\dior4f4dmptxbfkp.exe" deleted successfully.
File "C:\WINDOWS\system32\dior4f4filpsxbg.exe" deleted successfully.
File "C:\WINDOWS\system32\dior4f4gknqu.exe" deleted successfully.
File "C:\WINDOWS\system32\dior4f4gqtxafjo.exe" deleted successfully.
File "C:\WINDOWS\system32\dior4f4szgjn.exe" deleted successfully.
File "C:\WINDOWS\system32\cjnr4r4gnqu.exe" deleted successfully.
File "C:\WINDOWS\system32\cjnr4r4isae.exe" deleted successfully.
File "C:\WINDOWS\system32\cjnr4r4nrsuwyad.exe" deleted successfully.
File "C:\WINDOWS\system32\cjnr4r4qtwaeimrwb.exe" deleted successfully.
File "C:\WINDOWS\system32\cjnr4r4twzd.exe" deleted successfully.
File "C:\WINDOWS\system32\cjnr4r4vfnruzd.exe" deleted successfully.
File "C:\WINDOWS\system32\cjnr4r4wdhkosx.exe" deleted successfully.
File "C:\WINDOWS\Temp\sklrr7y253238.exe" deleted successfully.
File "C:\WINDOWS\Temp\cjnr4r43728920.exe" deleted successfully.
File "C:\WINDOWS\Temp\dior4f4172096.exe" deleted successfully.
File "C:\Documents and Settings\michelle\Local Settings\Temp\nlkfev78105707.exe" deleted successfully.
File "C:\WINDOWS\System32\Drivers\DP.sys" deleted successfully.
Registry key "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Time" deleted successfully.
Registry key "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Time" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

OTL froze...I left it an hour or so then went into standby and restarted.

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
OTS log
Attached File  OTS.Txt   154.18KB   134 downloads
  • 0

#6
Gammo
Posted 07 March 2010 - 04:03 PM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hi,

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#7
mechanima
Posted 07 March 2010 - 07:20 PM

mechanima

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Thank You
All completed without incident, here is Combofix log:

ComboFix 10-03-07.02 - User 03/08/2010 1:09.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.503.302 [GMT 0:00]
Running from: c:\documents and settings\User\Desktop\virus tools\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ac3_0010.exe
c:\documents and settings\LocalService\Application Data\Install.dat
c:\progra~1\COMMON~1\{1C030~1
c:\progra~1\COMMON~1\{1C030~1\services.dll
c:\progra~1\COMMON~1\{1C030~1\Update.exe
c:\progra~1\COMMON~1\{1C030~2
c:\progra~1\COMMON~1\{1C030~2\services.dll
c:\progra~1\COMMON~1\{1C030~2\Update.exe
c:\progra~1\COMMON~1\{1C030~3
c:\progra~1\COMMON~1\{1C030~3\services.dll
c:\progra~1\COMMON~1\{1C030~3\Update.exe
c:\program files\Common Files\Companion Wizard
c:\program files\Common Files\Companion Wizard\compwiz.exe
c:\program files\Common Files\Companion Wizard\WapCHK.dll
c:\program files\Common Files\microsoft shared\web folders\ibm00003.exe
c:\program files\Common Files\misc001
c:\program files\Common Files\simtest
c:\program files\Common Files\simtest\svchostsys.bat
c:\program files\Common Files\simtest\temp.txt
c:\program files\Common Files\svchostsys
c:\program files\Common Files\svchostsys\ICSharpCode.SharpZipLib.dll
c:\program files\Common Files\svchostsys\svchostsys.exe.config
c:\program files\Common Files\svchostsys\svchostupdate.exe.config
c:\program files\Common Files\svchostsys\Version.txt
c:\program files\deskbar
c:\program files\deskbar\about.html
c:\program files\deskbar\basis.xml
c:\program files\deskbar\deskbar.crc
c:\program files\deskbar\deskbar.dll
c:\program files\deskbar\deskbar.inf
c:\program files\deskbar\icons.bmp
c:\program files\deskbar\inst.bat
c:\program files\deskbar\mbback.bmp
c:\program files\deskbar\mbbigopen.bmp
c:\program files\deskbar\mbclose.bmp
c:\program files\deskbar\mbfwd.bmp
c:\program files\deskbar\mblogo.bmp
c:\program files\deskbar\mbsep.bmp
c:\program files\deskbar\options.html
c:\program files\deskbar\softomate.gif
c:\program files\deskbar\version.txt
c:\program files\ipwins
c:\program files\ipwins\count.dat
c:\program files\ipwins\data.dat
c:\program files\ipwins\date.dat
c:\program files\ipwins\ipwins.exe
c:\program files\ipwins\s23c.dat
c:\program files\ipwins\s258.1.dat
c:\program files\ipwins\s2bc.dat
c:\program files\ipwins\s2gk.1.dat
c:\program files\ipwins\s2j4.1.dat
c:\program files\ipwins\s2tk.dat
c:\program files\ipwins\s304.dat
c:\program files\ipwins\s35c.dat
c:\program files\ipwins\s35o.dat
c:\program files\ipwins\s398.dat
c:\program files\ipwins\s39c.dat
c:\program files\ipwins\s3gk.dat
c:\program files\ipwins\s3ik.dat
c:\program files\ipwins\s3io.dat
c:\program files\ipwins\s3uc.dat
c:\program files\ipwins\s5bs.dat
c:\program files\ipwins\s5fk.dat
c:\program files\ipwins\s9k.1.dat
c:\program files\ipwins\sd4.2.dat
c:\program files\ipwins\settings.dat
c:\program files\ipwins\settingsDate.dat
c:\program files\ipwins\skc.1.dat
c:\program files\ipwins\sm8.dat
c:\program files\ipwins\sq4.1.dat
c:\program files\ipwins\ssk.dat
c:\program files\ipwins\svg.1.dat
c:\program files\ipwins\Uninst.exe
c:\program files\Mozilla Firefox\components\npclntax.xpt
c:\program files\Mozilla Firefox\plugins\npclntax.dll
c:\program files\snowball wars
c:\program files\snowball wars\License.txt
c:\program files\snowball wars\SnowballWars.exe
c:\program files\spysheriff
c:\program files\spysheriff\base.avd
c:\program files\spysheriff\base001.avd
c:\program files\spysheriff\base002.avd
c:\program files\spysheriff\found.wav
c:\program files\spysheriff\heur000.dll
c:\program files\spysheriff\heur001.dll
c:\program files\spysheriff\heur002.dll
c:\program files\spysheriff\heur003.dll
c:\program files\spysheriff\notfound.wav
c:\program files\spysheriff\removed.wav
c:\program files\spysheriff\SpySheriff.dvm
c:\program files\spysheriff\SpySheriff.exe
c:\program files\spysheriff\Uninstall.exe
c:\program files\tclock\tclock_install.exe
C:\scan.exe
C:\secure32.html
C:\ucmoreiex.exe
C:\uniq
c:\windows\Downloaded Program Files\UDC6_0001_D10M2905NetInstaller.exe
c:\windows\Downloaded Program Files\UERS_0001_N85M0906NetInstaller.exe
c:\windows\Downloaded Program Files\USYP_0001_N85M2606NetInstaller.exe
c:\windows\Fonts\ms32.sys
c:\windows\icroso~1
c:\windows\icroso~1\n?tepad.exe
c:\windows\new.exe
c:\windows\system32\aliases.ini
c:\windows\system32\cult.exe
c:\windows\system32\Download
c:\windows\system32\dxvwbxjt.exe
c:\windows\system32\dxvwevhm.exe
c:\windows\system32\dxvwovkm.exe
c:\windows\system32\dxvwovzo.exe
c:\windows\system32\dxvwxiao.exe
c:\windows\system32\f1.exe
c:\windows\system32\gt.x
c:\windows\system32\i
c:\windows\system32\kiss.exe
c:\windows\system32\knlps.sys
c:\windows\system32\ksat.bat
c:\windows\system32\law.x
c:\windows\system32\logs
c:\windows\system32\lzx32.sys
c:\windows\system32\mirc.ini
c:\windows\system32\msn.dll
c:\windows\system32\msnserve.exe
c:\windows\system32\ntio256.sys
c:\windows\system32\orrl.exe
c:\windows\system32\pingy.exe
c:\windows\system32\remote.ini
c:\windows\system32\repcale.exe
c:\windows\system32\runner.exe
c:\windows\system32\sounds
c:\windows\system32\stera.log
c:\windows\system32\sye.dll
c:\windows\system32\uninstall.exe
c:\windows\system32\Update.exe
c:\windows\system32\v1rg1n
c:\windows\system32\vb40032.dll
c:\windows\system32\vmmon32.exe
c:\windows\system32\w.e
c:\windows\system32\win32bootcfg.exe
c:\windows\system32\Win32Update.exe
c:\windows\system32\wnscptr.exe
c:\windows\system32\ymante~1
c:\windows\system32\ymante~1\msconfig.exe
c:\windows\update\updmgr.exe

c:\windows\system32\qmgr.dll . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FOPN
-------\Legacy_NSMS
-------\Legacy_RDRIV
-------\Legacy_SDK
-------\Legacy_SQLMANAGEMENT
-------\Legacy_UPDATEMANAGER
-------\Legacy_VSPF
-------\Legacy_VSPF_HK
-------\Legacy_WIN32KERNEL
-------\Service_rdriv
-------\Service_sqlmanagement
-------\Service_UpdateManager
-------\Service_vspf
-------\Service_vspf_hk
-------\Service_Win32Kernel


((((((((((((((((((((((((( Files Created from 2010-02-08 to 2010-03-08 )))))))))))))))))))))))))))))))
.

2010-03-08 01:14 . 2010-03-08 01:14 -------- d-----w- c:\windows\system32\sounds
2010-03-07 17:01 . 2010-03-07 17:01 -------- d-----w- C:\_OTL
2010-03-07 04:54 . 2010-03-07 04:54 -------- d-----w- c:\documents and settings\User\Application Data\IBM
2010-03-07 04:38 . 2005-05-14 08:37 260608 ----a-r- c:\windows\system32\drivers\WlanUZXP.sys
2010-03-07 04:38 . 2010-03-07 04:38 -------- d-----w- c:\windows\LastGood.Tmp
2010-03-07 02:55 . 2010-03-07 02:55 -------- d-----w- c:\program files\ERUNT
2010-03-07 02:08 . 2010-03-07 02:08 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-03-07 01:46 . 2010-03-07 01:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-03-07 01:42 . 2010-03-07 01:42 123 ----a-w- c:\windows\system32\987.reg
2010-03-07 01:42 . 2010-03-07 01:42 123 ----a-w- c:\windows\system32\376.reg
2010-03-07 00:45 . 2010-03-07 00:45 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-06 23:36 . 2010-03-06 23:36 123 ----a-w- c:\windows\system32\535.reg
2010-03-06 23:21 . 2010-03-06 23:21 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2010-03-06 23:21 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-06 23:21 . 2010-03-07 00:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-06 23:21 . 2010-03-06 23:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-06 23:21 . 2010-01-07 16:07 18520 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-08 01:12 . 2006-02-08 08:53 -------- d-----w- c:\program files\TClock
2010-03-07 18:46 . 2006-02-07 03:49 0 ----a-w- c:\windows\keyboard1.dat
2010-01-24 15:03 . 2010-01-24 15:03 123 ----a-w- c:\windows\system32\218.reg
2010-01-23 18:51 . 2010-01-23 18:51 123 ----a-w- c:\windows\system32\407.reg
2010-01-23 15:23 . 2006-01-07 01:46 -------- d-----w- c:\program files\Common Files\Symantec Shared
2006-02-21 21:04 . 2006-02-21 20:47 3066 ----a-w- c:\program files\secure32.html
2006-03-07 06:05 . 2006-03-07 06:01 118272 --sh--r- c:\windows\loadll.exe
2006-03-05 23:09 . 2006-03-05 23:09 53760 --sh--r- c:\windows\mnsmsgr.exe
2006-02-24 06:44 . 2006-02-24 06:44 189952 --sh--r- c:\windows\sqlmanagement.exe
2005-08-03 00:46 . 2006-02-07 03:53 187904 --sha-r- c:\windows\bWljaGVsbGU\asappsrv.dll
2005-08-03 00:58 . 2006-02-07 03:53 293888 --sha-r- c:\windows\bWljaGVsbGU\command.exe
2005-07-30 00:24 . 2006-02-07 03:53 472 --sha-r- c:\windows\bWljaGVsbGU\vq53u3pPv3o.vbs
2002-08-29 11:41 . 1980-01-01 08:00 166400 --sh--r- c:\windows\system32\aqciucq.exe
2002-08-29 11:41 . 1980-01-01 08:00 143360 --sh--r- c:\windows\system32\bjpymwpg.exe
2002-08-29 11:41 . 1980-01-01 08:00 166400 --sh--r- c:\windows\system32\cwejrtk.exe
2002-08-29 11:41 . 1980-01-01 08:00 144896 --sh--r- c:\windows\system32\ddoSygate.exe
2002-08-29 11:41 . 1980-01-01 08:00 166400 --sh--r- c:\windows\system32\kqtqefe.exe
2006-03-03 20:08 . 2006-03-03 20:08 540672 --sh--w- c:\windows\system32\libprm.dll
2002-08-29 11:41 . 1980-01-01 08:00 166400 --sh--r- c:\windows\system32\lktsger.exe
2006-02-25 08:44 . 2006-02-12 00:56 39772 --sh--r- c:\windows\system32\lsays.exe
2002-08-29 11:41 . 1980-01-01 08:00 196096 --sh--r- c:\windows\system32\msnmsgsm.exe
2002-08-29 11:41 . 1980-01-01 08:00 89827 --sh--r- c:\windows\system32\omgs.exe
2002-08-29 11:41 . 1980-01-01 08:00 239616 --sh--r- c:\windows\system32\skdqrstn.exe
2002-08-29 11:41 . 1980-01-01 08:00 80896 --sh--r- c:\windows\system32\tobfdjns.exe
2006-02-07 03:48 . 2006-02-07 03:48 91484 --sh--r- c:\windows\system32\vcshost.exe
2002-08-29 11:41 . 1980-01-01 08:00 143360 --sh--r- c:\windows\system32\vxlwak.exe
2006-03-06 21:42 . 2006-03-06 21:41 117760 --sh--r- c:\windows\system32\winqude.exe
2006-02-07 03:49 . 2006-02-07 03:49 38912 --sh--r- c:\windows\system32\winws.exe
2006-02-11 07:53 . 2006-02-11 07:53 95744 --sh--w- c:\windows\system32\wsync32.dll
2002-08-29 11:41 . 1980-01-01 08:00 143360 --sh--r- c:\windows\system32\wvclcoec.exe
.

------- Sigcheck -------



[-] 2002-11-27 03:03 . 36678803A8030EE9A771935CFC1848BD . 52224 . . [9.0.1.56] . . c:\windows\system32\mspmsnsv.dll

c:\windows\System32\wscntfy.exe ... is missing !!
c:\windows\System32\xmlprov.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2003-04-10 532480]
"VCS Host"="vcshost.exe" [2006-02-07 91484]
"Sygatedsa Personal Firewall"="ddoSygate.exe" [2002-08-29 144896]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Winsock2 wqr1s"="ZGTFXCOB.EXE" [2006-03-16 75264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VCS Host"="vcshost.exe" [2006-02-07 91484]
"Sygatedsa Personal Firewall"="ddoSygate.exe" [2002-08-29 144896]
"LXCECATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 73728]
"Winsock2 wqr1s"="ZGTFXCOB.EXE" [2006-03-16 75264]
"Real0ne"="c:\windows\System32\boys.exe" [2004-11-15 574464]
"Rapid Restore"="c:\program files\Xpoint\PE\Skin\rrpcsb.exe" [2003-04-16 167936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"VCS Host"="vcshost.exe" [2006-02-07 91484]
"Sygatedsa Personal Firewall"="ddoSygate.exe" [2002-08-29 144896]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0stera

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"firewalldisableoverride"=dword:00000001

R2 SRFilter;SRFilter;c:\windows\system32\drivers\srntflt.sys [8/21/2006 3:24 PM 84224]
R3 pelps2m;PS/2 Mouse Filter Driver;c:\windows\system32\drivers\PELPS2M.SYS [1/7/2006 1:38 AM 29329]
R3 SG760_XP;EDUP 802.11g XG760 1211 Driver;c:\windows\system32\drivers\WlanUZXP.sys [3/7/2010 4:38 AM 260608]
S3 PCDRDRV;Pcdr Helper Driver;\??\c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys --> c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys [?]
.
.
------- Supplementary Scan -------
.
mLocal Page = c:\secure32.html
mStart Page = c:\secure32.html
uInternet Connection Wizard,ShellNext = hxxp://59.148.220.121/trafc-2.1/rfe.php?cmp=sites2&nid=go
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
TCP: {713D59EA-D2F0-41E8-8321-2EFA6C9D9340} = 62.231.32.10,62.231.32.11
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MDM - MDN.exe
HKCU-Run-Microsoft Windows Update 32 - svchost32.exe
HKCU-Run-SIX - SIX.exe
HKCU-RunServices-System Update - mssetupconf.exe
HKLM-Run-MDM - MDN.exe
HKLM-Run-Windows Core Kernel Update - c:\windows\System32\win32bootcfg.exe
HKLM-Run-Microsoft ® Windows Update Manager - c:\windows\update\updmgr.exe
HKLM-Run-Microsoft Windows Update 32 - svchost32.exe
HKLM-Run-SIX - SIX.exe
HKU-Default-Run-MDM - MDN.exe
HKU-Default-Run-Routing - win2k.exe
HKU-Default-Run-Microsoft Windows Update 32 - svchost32.exe
HKU-Default-Run-SIX - SIX.exe
HKU-Default-RunOnce-MDM - MDN.exe
HKU-Default-RunOnce-Routing - win2k.exe
HKU-Default-RunOnce-Microsoft Windows Update 32 - svchost32.exe
HKU-Default-RunOnce-Winsock2 wqr1s - (no file)
HKU-Default-RunOnce-SIX - SIX.exe
HKU-Default-Explorer_Run-{1C030238-0A64-1033-0905-030313200001} - c:\program files\Common Files\{1C030238-0A64-1033-0905-030313200001}\Update.exe
Notify-= - (no file)
Notify-Control Panel - c:\windows\system32\guard.tmp
AddRemove-IpWins - c:\program files\ipwins\Uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-08 01:14
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCECATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Winsock2 wqr1s = ZGTFXCOB.EXE????lali????#spy#???spy?Winsock2 wqr1s??????lali????lali????#spy#????N????????????A?????????x?A?????h?A?????????\?A
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
Winsock2 wqr1s = ZGTFXCOB.EXE????lali????#spy#???spy?Winsock2 wqr1s??????lali????lali????#spy#????N????????????A?????????x?A?????h?A?????????\?A

scanning hidden files ...


c:\windows\system32\logs
c:\windows\system32\sounds

scan completed successfully
hidden files: 2

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\¬ ?
]
"Type"=dword:00000110
"Start"=dword:00000004
"ErrorControl"=dword:00000000
"ImagePath"=expand:"\"c:\\WINDOWS\\mnsmsgr.exe\""
"DisplayName"="¾2\02:¡/\0dw\17\07ù:GŸ·siÖ"
"ObjectName"="LocalSystem"
"FailureActions"=hex:0a,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,
00,01,00,00,00,b8,0b,00,00
"Description"="¾2\02:¡/\0dw\17\07ù:GŸ·siÖz\0d\16ðr<"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\¬ ?
\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1312)
c:\windows\System32\ODBC32.dll

- - - - - - - > 'lsass.exe'(1376)
c:\windows\System32\dssenh.dll

- - - - - - - > 'Explorer.EXE'(1048)
c:\windows\System32\msi.dll
.
Completion time: 2010-03-08 01:17:11 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-08 01:17

Pre-Run: 24,479,608,832 bytes free
Post-Run: 24,410,132,480 bytes free

winxpsp1_en_pro_bf.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

- - End Of File - - 3902B14A6BFF215FBFB2822746D48869
  • 0

#8
Gammo
Posted 09 March 2010 - 01:59 PM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hi,

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

File::
c:\windows\system32\sounds
c:\windows\system32\logs
c:\windows\system32\987.reg
c:\windows\system32\376.reg
c:\windows\system32\535.reg
c:\windows\keyboard1.dat
c:\windows\system32\218.reg
c:\windows\system32\407.reg
c:\program files\secure32.html
c:\windows\loadll.exe
c:\windows\mnsmsgr.exe
c:\windows\sqlmanagement.exe
c:\windows\system32\aqciucq.exe
c:\windows\system32\bjpymwpg.exe
c:\windows\system32\cwejrtk.exe
c:\windows\system32\ddoSygate.exe
c:\windows\system32\kqtqefe.exe
c:\windows\system32\libprm.dll
c:\windows\system32\lktsger.exe
c:\windows\system32\lsays.exe
c:\windows\system32\msnmsgsm.exe
c:\windows\system32\omgs.exe
c:\windows\system32\skdqrstn.exe
c:\windows\system32\tobfdjns.exe
c:\windows\system32\vcshost.exe
c:\windows\system32\vxlwak.exe
c:\windows\system32\winqude.exe
c:\windows\system32\winws.exe
c:\windows\system32\wsync32.dll
c:\windows\system32\wvclcoec.exe
c:\secure32.html
c:\windows\System32\boys.exe
C:\WINDOWS\system32\zgtfxcob.exe

Folder::
c:\program files\TClock
c:\windows\bWljaGVsbGU
c:\windows\system32\sounds
c:\windows\system32\logs

Registry::
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=""
"Local Page"=""
"Start Page"=""
[HKCU\Software\Microsoft\Internet Connection Wizard]
"ShellNext"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"VCS Host"=-
"Sygatedsa Personal Firewall"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VCS Host"=-
"Sygatedsa Personal Firewall"=-
"Winsock2 wqr1s"=-
"Real0ne"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Winsock2 wqr1s"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VCS Host"=-
"Sygatedsa Personal Firewall"=-

Driver::
¬ ?
€?

Mia::
c:\windows\System32\wscntfy.exe
c:\windows\System32\xmlprov.dll
c:\windows\system32\qmgr.dll

KillAll::

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Run OTS
  • Check the box that says Scan All Users
  • Under File Age at the top, change it from 30 days to 90 days
  • Under Additional Scans check the following:
    • Reg - NetSvcs
    • Reg - Shell Spawning
    • File - Lop Check
    • File - Purity Scan
    • Evnt - EvtViewer (last 10)
  • Under the Custom Scan box paste this in

    %SYSTEMDRIVE%\*.*
    %SYSTEMDRIVE%\*.
    /md5start
    wscntfy.exe
    xmlprov.dll
    qmgr.dll
    /md5stop

  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

Edited by Gammo, 09 March 2010 - 02:01 PM.

  • 0

#9
mechanima
Posted 10 March 2010 - 01:59 AM

mechanima

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Once again, completed without incident, but on reboot I have BSOD with error message:

***stop: 0x0000005 (0x0000005,0x080583621,0xf8771954,0x00000000)

Would like to try and recover but if that is not possible I have an IBM backup from before beginning cleaning and can restore that and can follow steps up to now.

EDITED TO ADD:

Booted into "safe mode" then rebooted fine...so not a problem.

Here is combofix.txt:
ComboFix 10-03-07.02 - manager 03/10/2010 7:00.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.503.340 [GMT 0:00]
Running from: c:\documents and settings\manager\Desktop\virus tools\ComboFix.exe
Command switches used :: c:\documents and settings\manager\Desktop\virus tools\cfscript.txt

FILE ::
"c:\program files\secure32.html"
"c:\secure32.html"
"c:\windows\keyboard1.dat"
"c:\windows\loadll.exe"
"c:\windows\mnsmsgr.exe"
"c:\windows\sqlmanagement.exe"
"c:\windows\system32\218.reg"
"c:\windows\system32\376.reg"
"c:\windows\system32\407.reg"
"c:\windows\system32\535.reg"
"c:\windows\system32\987.reg"
"c:\windows\system32\aqciucq.exe"
"c:\windows\system32\bjpymwpg.exe"
"c:\windows\System32\boys.exe"
"c:\windows\system32\cwejrtk.exe"
"c:\windows\system32\ddoSygate.exe"
"c:\windows\system32\kqtqefe.exe"
"c:\windows\system32\libprm.dll"
"c:\windows\system32\lktsger.exe"
"c:\windows\system32\logs"
"c:\windows\system32\lsays.exe"
"c:\windows\system32\msnmsgsm.exe"
"c:\windows\system32\omgs.exe"
"c:\windows\system32\skdqrstn.exe"
"c:\windows\system32\sounds"
"c:\windows\system32\tobfdjns.exe"
"c:\windows\system32\vcshost.exe"
"c:\windows\system32\vxlwak.exe"
"c:\windows\system32\winqude.exe"
"c:\windows\system32\winws.exe"
"c:\windows\system32\wsync32.dll"
"c:\windows\system32\wvclcoec.exe"
"c:\windows\system32\zgtfxcob.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\secure32.html
c:\program files\TClock
c:\program files\TClock\tcdll.tclock
c:\program files\TClock\tclock.exe
c:\program files\TClock\tclock.ini
c:\windows\bWljaGVsbGU
c:\windows\bWljaGVsbGU\asappsrv.dll
c:\windows\bWljaGVsbGU\command.exe
c:\windows\bWljaGVsbGU\vq53u3pPv3o.vbs
c:\windows\keyboard1.dat
c:\windows\loadll.exe
c:\windows\mnsmsgr.exe
c:\windows\sqlmanagement.exe
c:\windows\system32\218.reg
c:\windows\system32\376.reg
c:\windows\system32\407.reg
c:\windows\system32\535.reg
c:\windows\system32\987.reg
c:\windows\system32\aqciucq.exe
c:\windows\system32\bjpymwpg.exe
c:\windows\system32\cwejrtk.exe
c:\windows\system32\ddoSygate.exe
c:\windows\system32\kqtqefe.exe
c:\windows\system32\libprm.dll
c:\windows\system32\lktsger.exe
c:\windows\system32\logs
c:\windows\system32\lsays.exe
c:\windows\system32\msnmsgsm.exe
c:\windows\system32\omgs.exe
c:\windows\system32\skdqrstn.exe
c:\windows\system32\sounds
c:\windows\system32\tobfdjns.exe
c:\windows\system32\vcshost.exe
c:\windows\system32\vxlwak.exe
c:\windows\system32\winqude.exe
c:\windows\system32\winws.exe
c:\windows\system32\wsync32.dll
c:\windows\system32\wvclcoec.exe
c:\windows\system32\zgtfxcob.exe

Infected copy of c:\windows\system32\qmgr.dll was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\qmgr.dll

c:\windows\System32\wscntfy.exe . . . is missing!!

c:\windows\System32\xmlprov.dll . . . is missing!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_€?


((((((((((((((((((((((((( Files Created from 2010-02-10 to 2010-03-10 )))))))))))))))))))))))))))))))
.

2010-03-09 07:59 . 2010-03-09 16:23 75776 ----a-w- c:\windows\system32\lol.exe
2010-03-08 10:03 . 2010-03-08 10:03 -------- d-----w- c:\documents and settings\manager\Application Data\Malwarebytes
2010-03-07 17:01 . 2010-03-07 17:01 -------- d-----w- C:\_OTL
2010-03-07 04:38 . 2005-05-14 08:37 260608 ----a-r- c:\windows\system32\drivers\WlanUZXP.sys
2010-03-07 04:38 . 2010-03-07 04:38 -------- d-----w- c:\windows\LastGood.Tmp
2010-03-07 02:55 . 2010-03-07 02:55 -------- d-----w- c:\program files\ERUNT
2010-03-07 02:08 . 2010-03-07 02:08 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-03-07 01:46 . 2010-03-07 01:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-03-07 00:45 . 2010-03-07 00:45 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-06 23:21 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-06 23:21 . 2010-03-07 00:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-06 23:21 . 2010-03-06 23:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-06 23:21 . 2010-01-07 16:07 18520 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-09 07:57 . 2006-01-07 01:46 -------- d-----w- c:\program files\Common Files\Symantec Shared
.

------- Sigcheck -------



[-] 2002-11-27 03:03 . 36678803A8030EE9A771935CFC1848BD . 52224 . . [9.0.1.56] . . c:\windows\system32\mspmsnsv.dll

c:\windows\System32\wscntfy.exe ... is missing !!
c:\windows\System32\xmlprov.dll ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot@2010-03-08_01.14.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-07 02:54 . 2010-03-10 07:04 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-07 02:54 . 2010-03-08 01:13 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2003-02-19 21:32 . 2010-03-10 07:04 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2003-02-19 21:32 . 2010-03-08 01:13 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2003-02-19 21:32 . 2010-03-10 07:04 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2003-02-19 21:32 . 2010-03-08 01:13 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2006-01-07 01:31 . 2010-03-10 06:57 262144 c:\windows\system32\config\systemprofile\NTUSER.DAT
- 2006-01-07 01:31 . 2010-03-08 01:06 262144 c:\windows\system32\config\systemprofile\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2003-04-10 532480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXCECATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 73728]
"Rapid Restore"="c:\program files\Xpoint\PE\Skin\rrpcsb.exe" [2003-04-16 167936]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0stera

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"firewalldisableoverride"=dword:00000001

R2 SRFilter;SRFilter;c:\windows\system32\drivers\srntflt.sys [8/21/2006 3:24 PM 84224]
R3 pelps2m;PS/2 Mouse Filter Driver;c:\windows\system32\drivers\PELPS2M.SYS [1/7/2006 1:38 AM 29329]
R3 SG760_XP;EDUP 802.11g XG760 1211 Driver;c:\windows\system32\drivers\WlanUZXP.sys [3/7/2010 4:38 AM 260608]
S3 PCDRDRV;Pcdr Helper Driver;\??\c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys --> c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys [?]
.
.
------- Supplementary Scan -------
.
mLocal Page = c:\secure32.html
mStart Page = c:\secure32.html
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
TCP: {713D59EA-D2F0-41E8-8321-2EFA6C9D9340} = 62.231.32.10,62.231.32.11
.
- - - - ORPHANS REMOVED - - - -

Notify-= - (no file)
AddRemove-mIRC - c:\windows\System32\boys.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-10 07:04
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCECATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\¬ ?
]
"Type"=dword:00000110
"Start"=dword:00000004
"ErrorControl"=dword:00000000
"ImagePath"=expand:"\"c:\\WINDOWS\\mnsmsgr.exe\""
"DisplayName"="¾2\02:¡/\0dw\17\07ù:GŸ·siÖ"
"ObjectName"="LocalSystem"
"FailureActions"=hex:0a,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,
00,01,00,00,00,b8,0b,00,00
"Description"="¾2\02:¡/\0dw\17\07ù:GŸ·siÖz\0d\16ðr<"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\¬ ?
\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1312)
c:\windows\System32\ODBC32.dll

- - - - - - - > 'lsass.exe'(1376)
c:\windows\System32\dssenh.dll

- - - - - - - > 'Explorer.EXE'(1444)
c:\windows\System32\msi.dll
c:\windows\system32\xpsp1res.dll
.
Completion time: 2010-03-10 07:10:48 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-10 07:10
ComboFix2.txt 2010-03-08 01:17

Pre-Run: 24,404,901,888 bytes free
Post-Run: 24,377,700,352 bytes free

- - End Of File - - 62B961471225AC5C7041366EC3818273


@@@@@@@@@@@@@@@@

Cannot attach ots.txt it is too large.

So I will break it into 3 files and post it in three posts...hope that is OK.

Part 1
Attached File  ots1.txt   201.58KB   178 downloads

Edited by mechanima, 10 March 2010 - 02:15 AM.

  • 0

#10
mechanima
Posted 10 March 2010 - 02:01 AM

mechanima

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Part 2 of ots.txt:

Attached File  ots2.txt   203.25KB   180 downloads

Edited by mechanima, 10 March 2010 - 02:09 AM.

  • 0

Advertisements

#11
mechanima
Posted 10 March 2010 - 02:13 AM

mechanima

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Part 3 of OTS.txt

Attached File  OTS3.Txt   412.37KB   130 downloads
  • 0

#12
Gammo
Posted 12 March 2010 - 04:25 PM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hi,

First of all, do you have a Windows XP CD?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Your computer is infected with lots of malicious files. Please take your time to scan your computer with the following tools. They should delete most of the malware.

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode.

    You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight SafeMode then hit enter    .

  • Double click the setup file to run it.
  • Click Next to continue.
  • Accept the Licence agreement and click on next
  • It will by default install it to your desktop folder.Click Next.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • Hidden Startup Objects
  • System Memory
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)


Leave the rest of the settings as they appear as default.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Delete your copy of OTS from the Desktop.

Then download the latest version of OTS to your Desktop
  • Close ALL OTHER PROGRAMS.
  • Double-click on OTS.exe to start the program.
  • Check the box that says Scan All Users
  • Under Additional Scans check the following:
    • Reg - NetSvcs
    • Reg - Shell Spawning
    • File - Lop Check
    • File - Purity Scan
    • Evnt - EvtViewer (last 10)
  • Under the Custom Scan box paste this in

    %SYSTEMDRIVE%\*.*
    %SYSTEMDRIVE%\*.
    /md5start
    qmgr.dll
    /md5stop

  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#13
mechanima
Posted 13 March 2010 - 08:22 AM

mechanima

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Thought I should mention, Kaspersky tool would not run till I upgraded XP to SP2 (I was putting that off till cleaning finished)

Here is log:
Autoscan: malfunction (events: 388, objects: 0, time: Unknown)
13/03/2010 12:11:54 Task started
13/03/2010 12:12:11 Detected: Packed.Win32.PolyCrypt.b C:\1x.exe
13/03/2010 12:12:11 Untreated: Packed.Win32.PolyCrypt.b C:\1x.exe Postponed
13/03/2010 12:12:11 Detected: Trojan.HTML.Starter.a C:\777.htm
13/03/2010 12:12:11 Untreated: Trojan.HTML.Starter.a C:\777.htm Postponed
13/03/2010 12:12:12 Detected: Virus.Win32.Parite.b C:\beti.exe/win32ip.exe
13/03/2010 12:12:12 Untreated: Virus.Win32.Parite.b C:\beti.exe/win32ip.exe Postponed
13/03/2010 12:12:12 Detected: Trojan-Clicker.Win32.Costrat.fc C:\bhowvt.exe
13/03/2010 12:12:12 Untreated: Trojan-Clicker.Win32.Costrat.fc C:\bhowvt.exe Postponed
13/03/2010 12:12:13 Detected: Backdoor.IRC.Zapchast C:\beti.exe/zlip.cpl
13/03/2010 12:12:20 Detected: Virus.Win32.Parite.b C:\beti.exe/zlip.exe
13/03/2010 12:12:20 Detected: Backdoor.IRC.Zapchast C:\beti.exe/zlip1.cpl
13/03/2010 12:12:20 Detected: Backdoor.Win32.Rbot.adf C:\cf.exe/Molebox
13/03/2010 12:12:20 Untreated: Backdoor.Win32.Rbot.adf C:\cf.exe/Molebox Postponed
13/03/2010 12:12:20 Detected: Backdoor.IRC.Zapchast C:\beti.exe/zlip2.cpl
13/03/2010 12:12:20 Detected: Trojan-Downloader.Win32.VB.ji C:\ddi.exe/PE_Patch/UPack
13/03/2010 12:12:20 Untreated: Trojan-Downloader.Win32.VB.ji C:\ddi.exe/PE_Patch/UPack Postponed
13/03/2010 12:12:20 Detected: not-a-virus:AdWare.Win32.Virtumonde.cq C:\dotrm.dll
13/03/2010 12:12:20 Untreated: not-a-virus:AdWare.Win32.Virtumonde.cq C:\dotrm.dll Postponed
13/03/2010 12:12:21 Detected: Trojan-Downloader.Win32.VB.ahg C:\dr.exe/PE_Patch.Upolyx/UPX
13/03/2010 12:12:21 Untreated: Trojan-Downloader.Win32.VB.ahg C:\dr.exe/PE_Patch.Upolyx/UPX Postponed
13/03/2010 12:12:21 Detected: Trojan-Dropper.Win32.ExeBinder.e C:\drmy.exe/FSG
13/03/2010 12:12:21 Untreated: Trojan-Dropper.Win32.ExeBinder.e C:\drmy.exe/FSG Postponed
13/03/2010 12:12:21 Detected: Trojan-Downloader.Win32.Adload.fl C:\dwin.exe/PE_Patch/UPack
13/03/2010 12:12:21 Untreated: Trojan-Downloader.Win32.Adload.fl C:\dwin.exe/PE_Patch/UPack Postponed
13/03/2010 12:12:21 Detected: Backdoor.IRC.Zapchast C:\c0p.exe/aliases.ini
13/03/2010 12:12:21 Untreated: Backdoor.IRC.Zapchast C:\c0p.exe/aliases.ini Postponed
13/03/2010 12:12:22 Detected: Backdoor.IRC.Zapchast.b C:\c0p.exe/as.sys
13/03/2010 12:12:22 Detected: Backdoor.IRC.Zapchast.zwrd C:\c0p.exe/c.sys
13/03/2010 12:12:25 Detected: Backdoor.IRC.Zapchast C:\gt.exe/zlip.cpl
13/03/2010 12:12:25 Untreated: Backdoor.IRC.Zapchast C:\gt.exe/zlip.cpl Postponed
13/03/2010 12:12:26 Detected: Trojan-Dropper.Win32.Agent.wcp C:\c0p.exe/knlps.sys
13/03/2010 12:12:26 Detected: Backdoor.IRC.Zapchast C:\c0p.exe/lovely.sys
13/03/2010 12:12:28 Detected: Trojan.Win32.Runner.x C:\lips.exe/PE_Patch.UPX/UPX
13/03/2010 12:12:28 Untreated: Trojan.Win32.Runner.x C:\lips.exe/PE_Patch.UPX/UPX Postponed
13/03/2010 12:12:29 Detected: Trojan-Dropper.Win32.Agent.wcp C:\lips.exe/PE_Patch.UPX/UPX
13/03/2010 12:12:36 Detected: Virus.Win32.Parite.b C:\ret.exe/boys.exe
13/03/2010 12:12:36 Untreated: Virus.Win32.Parite.b C:\ret.exe/boys.exe Postponed
13/03/2010 12:12:36 Detected: Backdoor.IRC.Flood.bc C:\qmekimic.exe/xt34m1
13/03/2010 12:12:36 Untreated: Backdoor.IRC.Flood.bc C:\qmekimic.exe/xt34m1 Postponed
13/03/2010 12:12:37 Detected: Backdoor.IRC.Zapchast C:\gt.exe/zlip1.cpl
13/03/2010 12:12:37 Detected: Backdoor.IRC.Zapchast C:\qmekimic.exe/xt34m2
13/03/2010 12:12:37 Detected: Backdoor.IRC.Zapchast C:\gt.exe/zlip2.cpl
13/03/2010 12:12:37 Detected: Net-Worm.Win32.Randon C:\qmekimic.exe/xt34m3
13/03/2010 12:12:37 Detected: Net-Worm.Win32.Randon.ao C:\qmekimic.exe/xt34m4
13/03/2010 12:12:37 Detected: Backdoor.IRC.Flood.bc C:\qmekimic.exe/xt34m5
13/03/2010 12:12:37 Detected: Net-Worm.Win32.Randon.ar C:\qmekimic.exe/xt34m6
13/03/2010 12:12:37 Detected: Backdoor.IRC.Flood.bc C:\ret.exe/xt34m1
13/03/2010 12:12:37 Detected: Backdoor.IRC.Flood.bc C:\qmekimic.exe/xt34m7
13/03/2010 12:12:37 Detected: Backdoor.IRC.Zapchast C:\ret.exe/xt34m2
13/03/2010 12:12:37 Detected: Backdoor.IRC.Zapchast C:\qmekimic.exe/xt34m8
13/03/2010 12:12:37 Detected: Net-Worm.Win32.Randon C:\ret.exe/xt34m3
13/03/2010 12:12:37 Detected: Backdoor.IRC.Zapchast C:\qmekimic.exe/xt34m9
13/03/2010 12:12:37 Detected: Net-Worm.Win32.Randon.ao C:\ret.exe/xt34m4
13/03/2010 12:12:37 Detected: Backdoor.IRC.Flood.bc C:\qmekimic.exe/xt34mxxx
13/03/2010 12:12:37 Detected: Backdoor.IRC.Flood.bc C:\ret.exe/xt34m5
13/03/2010 12:12:38 Detected: Net-Worm.Win32.Randon.ar C:\ret.exe/xt34m6
13/03/2010 12:12:38 Detected: Backdoor.IRC.Flood.bc C:\ret.exe/xt34m7
13/03/2010 12:12:38 Detected: Backdoor.IRC.Zapchast C:\ret.exe/xt34m8
13/03/2010 12:12:38 Detected: Backdoor.Win32.Rbot.adf C:\spam.exe/Molebox
13/03/2010 12:12:38 Untreated: Backdoor.Win32.Rbot.adf C:\spam.exe/Molebox Postponed
13/03/2010 12:12:38 Detected: Backdoor.IRC.Zapchast C:\ret.exe/xt34m9
13/03/2010 12:12:38 Detected: Backdoor.IRC.Flood.bc C:\schmblack.exe/xt34m1
13/03/2010 12:12:38 Untreated: Backdoor.IRC.Flood.bc C:\schmblack.exe/xt34m1 Postponed
13/03/2010 12:12:38 Detected: Backdoor.IRC.Flood.bc C:\ret.exe/xt34mxxx
13/03/2010 12:12:38 Detected: Backdoor.IRC.Zapchast C:\schmblack.exe/xt34m2
13/03/2010 12:12:38 Detected: Net-Worm.Win32.Randon C:\schmblack.exe/xt34m3
13/03/2010 12:12:38 Detected: Net-Worm.Win32.Randon.ao C:\schmblack.exe/xt34m4
13/03/2010 12:12:39 Detected: Backdoor.IRC.Flood.bc C:\schmblack.exe/xt34m5
13/03/2010 12:12:39 Detected: Net-Worm.Win32.Randon.ar C:\schmblack.exe/xt34m6
13/03/2010 12:12:39 Detected: Backdoor.IRC.Flood.bc C:\schmblack.exe/xt34m7
13/03/2010 12:12:39 Detected: Trojan-Downloader.Win32.VB.ji C:\toislf.exe/PE_Patch/UPack
13/03/2010 12:12:39 Untreated: Trojan-Downloader.Win32.VB.ji C:\toislf.exe/PE_Patch/UPack Postponed
13/03/2010 12:12:39 Detected: Backdoor.IRC.Zapchast C:\schmblack.exe/xt34m8
13/03/2010 12:12:39 Detected: Backdoor.IRC.Zapchast C:\schmblack.exe/xt34m9
13/03/2010 12:12:40 Detected: Backdoor.IRC.Flood.bc C:\schmblack.exe/xt34mxxx
13/03/2010 12:12:40 Detected: Backdoor.IRC.Flood.bc C:\ssssdefr.exe/xt34m1
13/03/2010 12:12:40 Detected: Backdoor.IRC.Flood.bc C:\uhytr.exe/xt34m1
13/03/2010 12:12:40 Untreated: Backdoor.IRC.Flood.bc C:\uhytr.exe/xt34m1 Postponed
13/03/2010 12:12:40 Untreated: Backdoor.IRC.Flood.bc C:\ssssdefr.exe/xt34m1 Postponed
13/03/2010 12:12:40 Detected: Backdoor.IRC.Zapchast C:\uhytr.exe/xt34m2
13/03/2010 12:12:40 Detected: Backdoor.IRC.Zapchast C:\ssssdefr.exe/xt34m2
13/03/2010 12:12:41 Detected: Net-Worm.Win32.Randon C:\uhytr.exe/xt34m3
13/03/2010 12:12:41 Detected: Net-Worm.Win32.Randon C:\ssssdefr.exe/xt34m3
13/03/2010 12:12:41 Detected: Net-Worm.Win32.Randon.ao C:\uhytr.exe/xt34m4
13/03/2010 12:12:41 Detected: Net-Worm.Win32.Randon.ao C:\ssssdefr.exe/xt34m4
13/03/2010 12:12:41 Detected: Backdoor.IRC.Flood.bc C:\uhytr.exe/xt34m5
13/03/2010 12:12:41 Detected: Net-Worm.Win32.Randon.ar C:\uhytr.exe/xt34m6
13/03/2010 12:12:41 Detected: Backdoor.IRC.Flood.bc C:\ssssdefr.exe/xt34m5
13/03/2010 12:12:41 Detected: Backdoor.IRC.Flood.bc C:\uhytr.exe/xt34m7
13/03/2010 12:12:41 Detected: Backdoor.Win32.mIRC-based.a C:\ux.exe/PE_Patch.UPX/UPX
13/03/2010 12:12:41 Untreated: Backdoor.Win32.mIRC-based.a C:\ux.exe/PE_Patch.UPX/UPX Postponed
13/03/2010 12:12:41 Detected: Net-Worm.Win32.Randon.ar C:\ssssdefr.exe/xt34m6
13/03/2010 12:12:41 Detected: Backdoor.IRC.Zapchast C:\uhytr.exe/xt34m8
13/03/2010 12:12:41 Detected: Backdoor.IRC.Flood.bc C:\ssssdefr.exe/xt34m7
13/03/2010 12:12:41 Detected: Trojan-Clicker.Win32.Agent.ac C:\vbsys2.dll
13/03/2010 12:12:41 Untreated: Trojan-Clicker.Win32.Agent.ac C:\vbsys2.dll Postponed
13/03/2010 12:12:41 Detected: Backdoor.IRC.Zapchast C:\uhytr.exe/xt34m9
13/03/2010 12:12:41 Detected: Backdoor.IRC.Zapchast C:\ssssdefr.exe/xt34m8
13/03/2010 12:12:41 Detected: Backdoor.IRC.Zapchast C:\ssssdefr.exe/xt34m9
13/03/2010 12:12:41 Detected: Backdoor.IRC.Flood.bc C:\uhytr.exe/xt34mxxx
13/03/2010 12:12:42 Detected: Backdoor.IRC.Flood.bc C:\ssssdefr.exe/xt34mxxx
13/03/2010 12:12:42 Detected: Trojan-Dropper.Win32.ExeBinder.e C:\wdb.exe/FSG
13/03/2010 12:12:42 Untreated: Trojan-Dropper.Win32.ExeBinder.e C:\wdb.exe/FSG Postponed
13/03/2010 12:12:42 Detected: Trojan-Dropper.Win32.ExeBinder.e C:\wdl.exe/FSG
13/03/2010 12:12:42 Untreated: Trojan-Dropper.Win32.ExeBinder.e C:\wdl.exe/FSG Postponed
13/03/2010 12:12:42 Detected: Trojan.Win32.LowZones.dv C:\winpatch.exe
13/03/2010 12:12:42 Untreated: Trojan.Win32.LowZones.dv C:\winpatch.exe Postponed
13/03/2010 12:12:42 Detected: Trojan-Downloader.Win32.VB.ajz C:\wksv.exe
13/03/2010 12:12:42 Untreated: Trojan-Downloader.Win32.VB.ajz C:\wksv.exe Postponed
13/03/2010 12:12:42 Detected: Backdoor.Win32.Rbot.aie C:\winsystesm.exe/Cexe
13/03/2010 12:12:42 Untreated: Backdoor.Win32.Rbot.aie C:\winsystesm.exe/Cexe Postponed
13/03/2010 12:12:43 Detected: Trojan.Win32.Genome.lrv C:\w33d.exe/PE_Patch.UPX/UPX
13/03/2010 12:12:43 Untreated: Trojan.Win32.Genome.lrv C:\w33d.exe/PE_Patch.UPX/UPX Postponed
13/03/2010 12:12:48 Detected: Backdoor.IRC.Zapchast C:\yhaaa.exe/zlip.cpl
13/03/2010 12:12:48 Untreated: Backdoor.IRC.Zapchast C:\yhaaa.exe/zlip.cpl Postponed
13/03/2010 12:12:48 Detected: Backdoor.IRC.Zapchast C:\yhaaa.exe/zlip1.cpl
13/03/2010 12:12:48 Detected: Backdoor.IRC.Zapchast C:\yhaaa.exe/zlip2.cpl
13/03/2010 12:29:49 Detected: Backdoor.IRC.Zapchast C:\Program Files\batt\aliases.ini
13/03/2010 12:29:49 Untreated: Backdoor.IRC.Zapchast C:\Program Files\batt\aliases.ini Postponed
13/03/2010 12:29:49 Detected: Backdoor.IRC.Zapchast.b C:\Program Files\batt\as.sys
13/03/2010 12:29:49 Untreated: Backdoor.IRC.Zapchast.b C:\Program Files\batt\as.sys Postponed
13/03/2010 12:29:49 Detected: Backdoor.IRC.Zapchast.zwrd C:\Program Files\batt\c.sys
13/03/2010 12:29:50 Untreated: Backdoor.IRC.Zapchast.zwrd C:\Program Files\batt\c.sys Postponed
13/03/2010 12:29:50 Detected: Trojan-Dropper.Win32.Agent.wcp C:\Program Files\batt\knlps.sys
13/03/2010 12:29:50 Untreated: Trojan-Dropper.Win32.Agent.wcp C:\Program Files\batt\knlps.sys Postponed
13/03/2010 12:29:51 Detected: Backdoor.IRC.Zapchast C:\Program Files\batt\lovely.sys
13/03/2010 12:29:51 Untreated: Backdoor.IRC.Zapchast C:\Program Files\batt\lovely.sys Postponed
13/03/2010 12:33:03 Detected: Trojan-Downloader.Win32.Small.cyh C:\Qoobox\Quarantine\C\ac3_0010.exe.vir
13/03/2010 12:33:03 Untreated: Trojan-Downloader.Win32.Small.cyh C:\Qoobox\Quarantine\C\ac3_0010.exe.vir Postponed
13/03/2010 12:33:04 Detected: Trojan.Win32.Harnig.a C:\Qoobox\Quarantine\C\secure32.html.vir
13/03/2010 12:33:04 Untreated: Trojan.Win32.Harnig.a C:\Qoobox\Quarantine\C\secure32.html.vir Postponed
13/03/2010 12:33:04 Detected: Trojan.Win32.Harnig.a C:\Qoobox\Quarantine\C\Program Files\secure32.html.vir
13/03/2010 12:33:04 Untreated: Trojan.Win32.Harnig.a C:\Qoobox\Quarantine\C\Program Files\secure32.html.vir Postponed
13/03/2010 12:33:04 Detected: Backdoor.Win32.Rbot.akm C:\Qoobox\Quarantine\C\scan.exe.vir/Molebox
13/03/2010 12:33:04 Untreated: Backdoor.Win32.Rbot.akm C:\Qoobox\Quarantine\C\scan.exe.vir/Molebox Postponed
13/03/2010 12:33:04 Detected: not-a-virus:FraudTool.Win32.WinAntiVirus.2006 C:\Qoobox\Quarantine\C\Program Files\Common Files\Companion Wizard\WapCHK.dll.vir
13/03/2010 12:33:04 Untreated: not-a-virus:FraudTool.Win32.WinAntiVirus.2006 C:\Qoobox\Quarantine\C\Program Files\Common Files\Companion Wizard\WapCHK.dll.vir Postponed
13/03/2010 12:33:05 Detected: Trojan-PSW.Win32.Sinowal.aq C:\Qoobox\Quarantine\C\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe.vir
13/03/2010 12:33:05 Untreated: Trojan-PSW.Win32.Sinowal.aq C:\Qoobox\Quarantine\C\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe.vir Postponed
13/03/2010 12:33:06 Detected: not-a-virus:AdWare.Win32.Ucmore.g C:\Qoobox\Quarantine\C\ucmoreiex.exe.vir
13/03/2010 12:33:06 Untreated: not-a-virus:AdWare.Win32.Ucmore.g C:\Qoobox\Quarantine\C\ucmoreiex.exe.vir Postponed
13/03/2010 12:33:07 Detected: not-a-virus:FraudTool.Win32.WinAntiVirus.2006 C:\Qoobox\Quarantine\C\Program Files\Common Files\Companion Wizard\compwiz.exe.vir
13/03/2010 12:33:07 Untreated: not-a-virus:FraudTool.Win32.WinAntiVirus.2006 C:\Qoobox\Quarantine\C\Program Files\Common Files\Companion Wizard\compwiz.exe.vir Postponed
13/03/2010 12:33:07 Detected: not-a-virus:AdWare.Win32.Agent.z C:\Qoobox\Quarantine\C\Program Files\ipwins\ipwins.exe.vir
13/03/2010 12:33:07 Untreated: not-a-virus:AdWare.Win32.Agent.z C:\Qoobox\Quarantine\C\Program Files\ipwins\ipwins.exe.vir Postponed
13/03/2010 12:33:08 Detected: not-a-virus:AdWare.Win32.Mostofate.r C:\Qoobox\Quarantine\C\Program Files\Deskbar\deskbar.dll.vir
13/03/2010 12:33:08 Untreated: not-a-virus:AdWare.Win32.Mostofate.r C:\Qoobox\Quarantine\C\Program Files\Deskbar\deskbar.dll.vir Postponed
13/03/2010 12:33:09 Detected: not-a-virus:AdWare.Win32.SearchAssistant.h C:\Qoobox\Quarantine\C\Program Files\SpySheriff\heur000.dll.vir
13/03/2010 12:33:09 Untreated: not-a-virus:AdWare.Win32.SearchAssistant.h C:\Qoobox\Quarantine\C\Program Files\SpySheriff\heur000.dll.vir Postponed
13/03/2010 12:33:09 Detected: Trojan-Dropper.Win32.VB.mz C:\Qoobox\Quarantine\C\Program Files\Snowball Wars\SnowballWars.exe.vir
13/03/2010 12:33:09 Untreated: Trojan-Dropper.Win32.VB.mz C:\Qoobox\Quarantine\C\Program Files\Snowball Wars\SnowballWars.exe.vir Postponed
13/03/2010 12:33:10 Detected: not-a-virus:AdWare.Win32.SearchAssistant.h C:\Qoobox\Quarantine\C\Program Files\SpySheriff\heur001.dll.vir
13/03/2010 12:33:10 Untreated: not-a-virus:AdWare.Win32.SearchAssistant.h C:\Qoobox\Quarantine\C\Program Files\SpySheriff\heur001.dll.vir Postponed
13/03/2010 12:33:10 Detected: not-a-virus:AdWare.Win32.SearchAssistant.h C:\Qoobox\Quarantine\C\Program Files\SpySheriff\heur002.dll.vir
13/03/2010 12:33:10 Untreated: not-a-virus:AdWare.Win32.SearchAssistant.h C:\Qoobox\Quarantine\C\Program Files\SpySheriff\heur002.dll.vir Postponed
13/03/2010 12:33:11 Detected: not-a-virus:AdWare.Win32.SearchAssistant.h C:\Qoobox\Quarantine\C\Program Files\SpySheriff\heur003.dll.vir
13/03/2010 12:33:11 Untreated: not-a-virus:AdWare.Win32.SearchAssistant.h C:\Qoobox\Quarantine\C\Program Files\SpySheriff\heur003.dll.vir Postponed
13/03/2010 12:33:12 Detected: not-a-virus:AdWare.Win32.Agent.y C:\Qoobox\Quarantine\C\PROGRA~1\COMMON~1\{1C030~1\Update.exe.vir
13/03/2010 12:33:12 Untreated: not-a-virus:AdWare.Win32.Agent.y C:\Qoobox\Quarantine\C\PROGRA~1\COMMON~1\{1C030~1\Update.exe.vir Postponed
13/03/2010 12:33:12 Detected: Backdoor.Win32.DsBot.bp C:\Qoobox\Quarantine\[4]-Submit_2010-03-10_06.59.47.zip/loadll.exe
13/03/2010 12:33:12 Untreated: Backdoor.Win32.DsBot.bp C:\Qoobox\Quarantine\[4]-Submit_2010-03-10_06.59.47.zip/loadll.exe Postponed
13/03/2010 12:33:13 Detected: not-a-virus:AdWare.Win32.Agent.y C:\Qoobox\Quarantine\C\PROGRA~1\COMMON~1\{1C030~2\Update.exe.vir
13/03/2010 12:33:13 Untreated: not-a-virus:AdWare.Win32.Agent.y C:\Qoobox\Quarantine\C\PROGRA~1\COMMON~1\{1C030~2\Update.exe.vir Postponed
13/03/2010 12:33:13 Detected: not-a-virus:AdWare.Win32.Agent.y C:\Qoobox\Quarantine\C\PROGRA~1\COMMON~1\{1C030~3\Update.exe.vir
13/03/2010 12:33:13 Untreated: not-a-virus:AdWare.Win32.Agent.y C:\Qoobox\Quarantine\C\PROGRA~1\COMMON~1\{1C030~3\Update.exe.vir Postponed
13/03/2010 12:33:14 Detected: not-a-virus:AdWare.Win32.CommAd.a C:\Qoobox\Quarantine\C\WINDOWS\bWljaGVsbGU\asappsrv.dll.vir/UPX
13/03/2010 12:33:14 Untreated: not-a-virus:AdWare.Win32.CommAd.a C:\Qoobox\Quarantine\C\WINDOWS\bWljaGVsbGU\asappsrv.dll.vir/UPX Postponed
13/03/2010 12:33:15 Detected: not-a-virus:AdWare.Win32.CommAd.a C:\Qoobox\Quarantine\C\WINDOWS\bWljaGVsbGU\command.exe.vir/UPX
13/03/2010 12:33:15 Untreated: not-a-virus:AdWare.Win32.CommAd.a C:\Qoobox\Quarantine\C\WINDOWS\bWljaGVsbGU\command.exe.vir/UPX Postponed
13/03/2010 12:33:16 Detected: Trojan.VBS.Small.bj C:\Qoobox\Quarantine\C\WINDOWS\bWljaGVsbGU\vq53u3pPv3o.vbs.vir
13/03/2010 12:33:16 Untreated: Trojan.VBS.Small.bj C:\Qoobox\Quarantine\C\WINDOWS\bWljaGVsbGU\vq53u3pPv3o.vbs.vir Postponed
13/03/2010 12:33:17 Detected: Trojan-Downloader.Win32.Agent.alr C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\UERS_0001_N85M0906NetInstaller.exe.vir
13/03/2010 12:33:17 Untreated: Trojan-Downloader.Win32.Agent.alr C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\UERS_0001_N85M0906NetInstaller.exe.vir Postponed
13/03/2010 12:33:17 Detected: Trojan-Downloader.Win32.Agent.alr C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\USYP_0001_N85M2606NetInstaller.exe.vir
13/03/2010 12:33:17 Untreated: Trojan-Downloader.Win32.Agent.alr C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\USYP_0001_N85M2606NetInstaller.exe.vir Postponed
13/03/2010 12:33:18 Detected: Backdoor.IRC.Zapchast C:\Qoobox\Quarantine\C\WINDOWS\system32\aliases.ini.vir
13/03/2010 12:33:18 Untreated: Backdoor.IRC.Zapchast C:\Qoobox\Quarantine\C\WINDOWS\system32\aliases.ini.vir Postponed
13/03/2010 12:33:19 Detected: Backdoor.IRC.Zapchast C:\Qoobox\Quarantine\C\WINDOWS\New.exe.vir/lol/zlip.cpl
13/03/2010 12:33:19 Untreated: Backdoor.IRC.Zapchast C:\Qoobox\Quarantine\C\WINDOWS\New.exe.vir/lol/zlip.cpl Postponed
13/03/2010 12:33:20 Detected: Backdoor.Win32.DsBot.bp C:\Qoobox\Quarantine\[4]-Submit_2010-03-10_06.59.47.zip/mnsmsgr.exe/ASPack/ASPack
13/03/2010 12:33:20 Untreated: Backdoor.Win32.DsBot.bp C:\Qoobox\Quarantine\[4]-Submit_2010-03-10_06.59.47.zip/mnsmsgr.exe/ASPack/ASPack Postponed
13/03/2010 12:33:20 Detected: not-a-virus:AdWare.Win32.PurityScan.em C:\Qoobox\Quarantine\C\WINDOWS\ICROSO~1\n?tepad.exe.vir
13/03/2010 12:33:20 Untreated: not-a-virus:AdWare.Win32.PurityScan.em C:\Qoobox\Quarantine\C\WINDOWS\ICROSO~1\n?tepad.exe.vir Postponed
13/03/2010 12:33:20 Detected: Backdoor.Win32.Rbot.gen C:\Qoobox\Quarantine\C\WINDOWS\system32\f1.exe.vir/Enigma
13/03/2010 12:33:20 Untreated: Backdoor.Win32.Rbot.gen C:\Qoobox\Quarantine\C\WINDOWS\system32\f1.exe.vir/Enigma Postponed
13/03/2010 12:33:20 Detected: Backdoor.Win32.Aimbot.ei C:\Qoobox\Quarantine\[4]-Submit_2010-03-10_06.59.47.zip/sqlmanagement.exe
13/03/2010 12:33:20 Untreated: Backdoor.Win32.Aimbot.ei C:\Qoobox\Quarantine\[4]-Submit_2010-03-10_06.59.47.zip/sqlmanagement.exe Postponed
13/03/2010 12:33:20 Detected: Trojan-Downloader.BAT.Ftp.ab C:\Qoobox\Quarantine\C\WINDOWS\system32\i.vir
13/03/2010 12:33:20 Untreated: Trojan-Downloader.BAT.Ftp.ab C:\Qoobox\Quarantine\C\WINDOWS\system32\i.vir Postponed
13/03/2010 12:33:20 Detected: Trojan-Dropper.Win32.Agent.wcp C:\Qoobox\Quarantine\C\WINDOWS\system32\knlps.sys.vir
13/03/2010 12:33:20 Untreated: Trojan-Dropper.Win32.Agent.wcp C:\Qoobox\Quarantine\C\WINDOWS\system32\knlps.sys.vir Postponed
13/03/2010 12:33:21 Detected: Backdoor.Win32.Rbot.adf C:\Qoobox\Quarantine\[4]-Submit_2010-03-10_06.59.47.zip/aqciucq.exe/Molebox
13/03/2010 12:33:21 Untreated: Backdoor.Win32.Rbot.adf C:\Qoobox\Quarantine\[4]-Submit_2010-03-10_06.59.47.zip/aqciucq.exe/Molebox Postponed
13/03/2010 12:33:21 Detected: Backdoor.Win32.Rbot.adf C:\Qoobox\Quarantine\[4]-Submit_2010-03-10_06.59.47.zip/bjpymwpg.exe/Molebox
13/03/2010 12:33:21 Untreated: Backdoor.Win32.Rbot.adf C:\Qoobox\Quarantine\[4]-Submit_2010-03-10_06.59.47.zip/bjpymwpg.exe/Molebox Postponed
13/03/2010 12:33:22 Detected: Trojan.Win32.Genome.vb C:\Qoobox\Quarantine\C\WINDOWS\system32\lzx32.sys.vir
13/03/2010 12:33:22 Untreated: Trojan.Win32.Genome.vb C:\Qoobox\Quarantine\C\WINDOWS\system32\lzx32.sys.vir Postponed
13/03/2010 12:33:23 Detected: Rootkit.Win32.Agent.cf C:\Qoobox\Quarantine\C\WINDOWS\system32\ntio256.sys.vir
13/03/2010 12:33:23 Untreated: Rootkit.Win32.Agent.cf C:\Qoobox\Quarantine\C\WINDOWS\system32\ntio256.sys.vir Postponed
13/03/2010 12:33:23 Detected: Backdoor.Win32.Rbot.adf C:\Qoobox\Quarantine\[4]-Submit_2010-03-10_06.59.47.zip/cwejrtk.exe/Molebox
13/03/2010 12:33:23 Untreated: Backdoor.Win32.Rbot.adf C:\Qoobox\Quarantine\[4]-Submit_2010-03-10_06.59.47.zip/cwejrtk.exe/Molebox Postponed
13/03/2010 12:33:23 Detected: Backdoor.Win32.Rbot.bbh C:\Qoobox\Quarantine\C\WINDOWS\system32\msnserve.exe.vir/PE_Patch.Enigma
13/03/2010 12:33:23 Untreated: Backdoor.Win32.Rbot.bbh C:\Qoobox\Quarantine\C\WINDOWS\system32\msnserve.exe.vir/PE_Patch.Enigma Postponed
13/03/2010 12:33:23 Detected: Trojan.Win32.Runner.x C:\Qoobox\Quarantine\C\WINDOWS\system32\pingy.exe.vir
13/03/2010 12:33:23 Untreated: Trojan.Win32.Runner.x C:\Qoobox\Quarantine\C\WINDOWS\system32\pingy.exe.vir Postponed
13/03/2010 12:33:24 Detected: Backdoor.Win32.mIRC-based.a C:\Qoobox\Quarantine\C\WINDOWS\system32\runner.exe.vir
13/03/2010 12:33:24 Untreated: Backdoor.Win32.mIRC-based.a C:\Qoobox\Quarantine\C\WINDOWS\system32\runner.exe.vir Postponed
13/03/2010 12:33:24 Detected: not-a-virus:AdWare.Win32.Look2Me.ab C:\Qoobox\Quarantine\C\WINDOWS\system32\sye.dll.vir
13/03/2010 12:33:24 Untreated: not-a-virus:AdWare.Win32.Look2Me.ab C:\Qoobox\Quarantine\C\WINDOWS\system32\sye.dll.vir Postponed
13/03/2010 12:33:25 Detected: Trojan-Proxy.Win32.Ranky.gen C:\Qoobox\Quarantine\C\WINDOWS\system32\win32bootcfg.exe.vir/UPX
13/03/2010 12:33:25 Untreated: Trojan-Proxy.Win32.Ranky.gen C:\Qoobox\Quarantine\C\WINDOWS\system32\win32bootcfg.exe.vir/UPX Postponed
13/03/2010 12:33:25 Detected: Backdoor.Win32.IRCBot.qu C:\Qoobox\Quarantine\C\WINDOWS\system32\vmmon32.exe.vir
13/03/2010 12:33:25 Untreated: Backdoor.Win32.IRCBot.qu C:\Qoobox\Quarantine\C\WINDOWS\system32\vmmon32.exe.vir Postponed
13/03/2010 12:33:25 Detected: Backdoor.Win32.Rbot.gen C:\Qoobox\Quarantine\[4]-Submit_2010-03-10_06.59.47.zip/ddoSygate.exe/NSPack/Molebox
13/03/2010 12:33:25 Untreated: Backdoor.Win32.Rbot.gen C:\Qoobox\Quarantine\[4]-Submit_2010-03-10_06.59.47.zip/ddoSygate.exe/NSPack/Molebox Postponed
13/03/2010 12:33:25 Detected: Trojan-Downloader.Win32.PurityScan.cl C:\Qoobox\Quarantine\C\WINDOWS\system32\YMANTE~1\msconfig.exe.vir/UPX
13/03/2010 12:33:25 Untreated: Trojan-Downloader.Win32.PurityScan.cl C:\Qoobox\Quarantine\C\WINDOWS\system32\YMANTE~1\msconfig.exe.vir/UPX Postponed
13/03/2010 12:33:26 Detected: Backdoor.Win32.Rbot.adf C:\Qoobox\Quarantine\[4]-Submit_2010-03-10_06.59.47.zip/kqtqefe.exe/Molebox
13/03/2010 12:33:26 Untreated: Backdoor.Win32.Rbot.adf C:\Qoobox\Quarantine\[4]-Submit_2010-03-10_06.59.47.zip/kqtqefe.exe/Molebox Postponed
13/03/2010 12:33:26 Detected: Trojan-Proxy.Win32.Agent.hd C:\Qoobox\Quarantine\C\WINDOWS\system32\win32update.exe.vir/UPX
13/03/2010 12:33:26 Untreated: Trojan-Proxy.Win32.Agent.hd C:\Qoobox\Quarantine\C\WINDOWS\system32\win32update.exe.vir/UPX Postponed
13/03/2010 12:33:26 Detected: Packed.Win32.PolyCrypt.b C:\Qoobox\Quarantine\C\WINDOWS\update\updmgr.exe.vir
13/03/2010 12:33:26 Untreated: Packed.Win32.PolyCrypt.b C:\Qoobox\Quarantine\C\WINDOWS\update\updmgr.exe.vir Postponed
13/03/2010 12:33:27 Detected: Backdoor.Win32.Agent.ff C:\Qoobox\Quarantine\[4]-Submit_2010-03-10_06.59.47.zip/libprm.dll/Armadillo
13/03/2010 12:33:27 Untreated: Backdoor.Win32.Agent.ff C:\Qoobox\Quarantine\[4]-Submit_2010-03-10_06.59.47.zip/libprm.dll/Armadillo Postponed
13/03/2010 12:33:28 Detected: Backdoor.Win32.Rbot.adf C:\Qoobox\Quarantine\[4]-Submit_2010-03-10_06.59.47.zip/lktsger.exe/Molebox
13/03/2010 12:33:28 Untreated: Backdoor.Win32.Rbot.adf C:\Qoobox\Quarantine\[4]-Submit_2010-03-10_06.59.47.zip/lktsger.exe/Molebox Postponed
13/03/2010 12:33:30 Detected: Backdoor.IRC.Zapchast C:\Qoobox\Quarantine\C\WINDOWS\New.exe.vir/lol/zlip1.cpl
13/03/2010 12:33:31 Detected: Backdoor.IRC.Zapchast C:\Qoobox\Quarantine\C\WINDOWS\New.exe.vir/lol/zlip2.cpl
13/03/2010 12:33:31 Detected: Backdoor.Win32.DsBot.jm C:\Qoobox\Quarantine\[4]-Submit_2010-03-10_06.59.47.zip/lsays.exe/Expressor
13/03/2010 12:33:31 Untreated: Backdoor.Win32.DsBot.jm C:\Qoobox\Quarantine\[4]-Submit_2010-03-10_06.59.47.zip/lsays.exe/Expressor Postponed
13/03/2010 12:33:33 Detected: Backdoor.Win32.Rbot.awf C:\Qoobox\Quarantine\[4]-Submit_2010-03-10_06.59.47.zip/msnmsgsm.exe
13/03/2010 12:33:33 Untreated: Backdoor.Win32.Rbot.awf C:\Qoobox\Quarantine\[4]-Submit_2010-03-10_06.59.47.zip/msnmsgsm.exe Postponed
13/03/2010 12:33:35 Detected: Backdoor.Win32.Rbot.gen C:\Qoobox\Quarantine\[4]-Submit_2010-03-10_06.59.47.zip/omgs.exe/PE_Patch/MewBundle/MEW
13/03/2010 12:33:35 Untreated: Backdoor.Win32.Rbot.gen C:\Qoobox\Quarantine\[4]-Submit_2010-03-10_06.59.47.zip/omgs.exe/PE_Patch/MewBundle/MEW Postponed
13/03/2010 12:33:37 Detected: Packed.Win32.CPEX-based.t C:\Qoobox\Quarantine\[4]-Submit_2010-03-10_06.59.47.zip/skdqrstn.exe
13/03/2010 12:33:37 Untreated: Packed.Win32.CPEX-based.t C:\Qoobox\Quarantine\[4]-Submit_2010-03-10_06.59.47.zip/skdqrstn.exe Postponed
13/03/2010 12:33:37 Detected: Backdoor.Win32.IRCBot.mz C:\WINDOWS\bc.exe
13/03/2010 12:33:37 Untreated: Backdoor.Win32.IRCBot.mz C:\WINDOWS\bc.exe Postponed
13/03/2010 12:33:39 Detected: Backdoor.Win32.Rbot.adf C:\Qoobox\Quarantine\[4]-Submit_2010-03-10_06.59.47.zip/tobfdjns.exe/PE_Patch.UPX/UPX
13/03/2010 12:33:39 Untreated: Backdoor.Win32.Rbot.adf C:\Qoobox\Quarantine\[4]-Submit_2010-03-10_06.59.47.zip/tobfdjns.exe/PE_Patch.UPX/UPX Postponed
13/03/2010 12:33:39 Detected: Trojan-Downloader.Win32.VB.alt C:\WINDOWS\drs.exe
13/03/2010 12:33:39 Untreated: Trojan-Downloader.Win32.VB.alt C:\WINDOWS\drs.exe Postponed
13/03/2010 12:33:39 Detected: Trojan-Downloader.Win32.Adload.cw C:\WINDOWS\drsl.exe
13/03/2010 12:33:39 Untreated: Trojan-Downloader.Win32.Adload.cw C:\WINDOWS\drsl.exe Postponed
13/03/2010 12:33:41 Detected: Backdoor.Win32.Rbot.gen C:\Qoobox\Quarantine\[4]-Submit_2010-03-10_06.59.47.zip/vcshost.exe/Expressor
13/03/2010 12:33:41 Untreated: Backdoor.Win32.Rbot.gen C:\Qoobox\Quarantine\[4]-Submit_2010-03-10_06.59.47.zip/vcshost.exe/Expressor Postponed
13/03/2010 12:33:42 Detected: Backdoor.Win32.Rbot.adf C:\Qoobox\Quarantine\[4]-Submit_2010-03-10_06.59.47.zip/vxlwak.exe/Molebox
13/03/2010 12:33:42 Untreated: Backdoor.Win32.Rbot.adf C:\Qoobox\Quarantine\[4]-Submit_2010-03-10_06.59.47.zip/vxlwak.exe/Molebox Postponed
13/03/2010 12:33:43 Detected: Backdoor.Win32.Rbot.bjd C:\WINDOWS\messengers.exe/PE_Patch.Enigma
13/03/2010 12:33:43 Untreated: Backdoor.Win32.Rbot.bjd C:\WINDOWS\messengers.exe/PE_Patch.Enigma Postponed
13/03/2010 12:33:43 Detected: Backdoor.Win32.Rbot.aie C:\Qoobox\Quarantine\[4]-Submit_2010-03-10_06.59.47.zip/winqude.exe/ASPack/ASPack
13/03/2010 12:33:43 Untreated: Backdoor.Win32.Rbot.aie C:\Qoobox\Quarantine\[4]-Submit_2010-03-10_06.59.47.zip/winqude.exe/ASPack/ASPack Postponed
13/03/2010 12:33:48 Detected: Backdoor.Win32.DsBot.jm C:\Qoobox\Quarantine\[4]-Submit_2010-03-10_06.59.47.zip/winws.exe/PE_Patch.PECompact/PecBundle/PECompact
13/03/2010 12:33:48 Untreated: Backdoor.Win32.DsBot.jm C:\Qoobox\Quarantine\[4]-Submit_2010-03-10_06.59.47.zip/winws.exe/PE_Patch.PECompact/PecBundle/PECompact Postponed
13/03/2010 12:33:49 Detected: Backdoor.Win32.Rbot.bih C:\Qoobox\Quarantine\[4]-Submit_2010-03-10_06.59.47.zip/wsync32.dll
13/03/2010 12:33:49 Untreated: Backdoor.Win32.Rbot.bih C:\Qoobox\Quarantine\[4]-Submit_2010-03-10_06.59.47.zip/wsync32.dll Postponed
13/03/2010 12:33:50 Detected: Backdoor.Win32.Rbot.adf C:\Qoobox\Quarantine\[4]-Submit_2010-03-10_06.59.47.zip/wvclcoec.exe/Molebox
13/03/2010 12:33:50 Untreated: Backdoor.Win32.Rbot.adf C:\Qoobox\Quarantine\[4]-Submit_2010-03-10_06.59.47.zip/wvclcoec.exe/Molebox Postponed
13/03/2010 12:33:51 Detected: P2P-Worm.Win32.SpyBot.gen C:\Qoobox\Quarantine\[4]-Submit_2010-03-10_06.59.47.zip/zgtfxcob.exe
13/03/2010 12:33:51 Untreated: P2P-Worm.Win32.SpyBot.gen C:\Qoobox\Quarantine\[4]-Submit_2010-03-10_06.59.47.zip/zgtfxcob.exe Postponed
13/03/2010 12:33:51 Detected: Backdoor.Win32.SdBot.cxk C:\WINDOWS\Syqates.exe
13/03/2010 12:33:51 Untreated: Backdoor.Win32.SdBot.cxk C:\WINDOWS\Syqates.exe Postponed
13/03/2010 12:39:52 Detected: Trojan.Win32.Dialer.u C:\WINDOWS\system32\adjhmme.exe/UPX
13/03/2010 12:39:52 Untreated: Trojan.Win32.Dialer.u C:\WINDOWS\system32\adjhmme.exe/UPX Postponed
13/03/2010 12:39:54 Detected: Trojan.Win32.Agent.ny C:\WINDOWS\system32\awgcebvq.exe
13/03/2010 12:39:54 Untreated: Trojan.Win32.Agent.ny C:\WINDOWS\system32\awgcebvq.exe Postponed
13/03/2010 12:39:55 Detected: P2P-Worm.Win32.SpyBot.gen C:\WINDOWS\system32\bill.exe
13/03/2010 12:39:55 Untreated: P2P-Worm.Win32.SpyBot.gen C:\WINDOWS\system32\bill.exe Postponed
13/03/2010 12:39:55 Detected: Backdoor.Win32.Rbot.ayh C:\WINDOWS\system32\bak.exe/data0000.cab/bak.exe
13/03/2010 12:39:56 Untreated: Backdoor.Win32.Rbot.ayh C:\WINDOWS\system32\bak.exe/data0000.cab/bak.exe Postponed
13/03/2010 12:39:57 Detected: Backdoor.IRC.Zapchast C:\WINDOWS\system32\alfilali.exe/zlip.cpl
13/03/2010 12:39:57 Untreated: Backdoor.IRC.Zapchast C:\WINDOWS\system32\alfilali.exe/zlip.cpl Postponed
13/03/2010 12:40:04 Detected: P2P-Worm.Win32.SpyBot.gen C:\WINDOWS\system32\faktgevm.exe
13/03/2010 12:40:04 Untreated: P2P-Worm.Win32.SpyBot.gen C:\WINDOWS\system32\faktgevm.exe Postponed
13/03/2010 12:40:06 Detected: Backdoor.IRC.Zapchast C:\WINDOWS\system32\alfilali.exe/zlip1.cpl
13/03/2010 12:40:06 Detected: Backdoor.IRC.Zapchast C:\WINDOWS\system32\alfilali.exe/zlip2.cpl
13/03/2010 12:40:13 Detected: P2P-Worm.Win32.SpyBot.gen C:\WINDOWS\system32\lali.exe
13/03/2010 12:40:13 Untreated: P2P-Worm.Win32.SpyBot.gen C:\WINDOWS\system32\lali.exe Postponed
13/03/2010 12:40:14 Detected: Backdoor.Win32.Rbot.adf C:\WINDOWS\system32\ktloklbqlw.exe/Molebox
13/03/2010 12:40:14 Untreated: Backdoor.Win32.Rbot.adf C:\WINDOWS\system32\ktloklbqlw.exe/Molebox Postponed
13/03/2010 12:40:15 Detected: Backdoor.Win32.Rbot.adf C:\WINDOWS\system32\little.exe/Molebox
13/03/2010 12:40:15 Untreated: Backdoor.Win32.Rbot.adf C:\WINDOWS\system32\little.exe/Molebox Postponed
13/03/2010 12:40:17 Detected: P2P-Worm.Win32.SpyBot.gen C:\WINDOWS\system32\lysawaqy.exe
13/03/2010 12:40:17 Untreated: P2P-Worm.Win32.SpyBot.gen C:\WINDOWS\system32\lysawaqy.exe Postponed
13/03/2010 12:40:17 Detected: Backdoor.IRC.Zapchast C:\WINDOWS\system32\lovely.sys
13/03/2010 12:40:17 Untreated: Backdoor.IRC.Zapchast C:\WINDOWS\system32\lovely.sys Postponed
13/03/2010 12:40:21 Detected: Trojan-Spy.Win32.VBStat.d C:\WINDOWS\system32\mpefjgcn.dll
13/03/2010 12:40:21 Untreated: Trojan-Spy.Win32.VBStat.d C:\WINDOWS\system32\mpefjgcn.dll Postponed
13/03/2010 12:40:21 Detected: Trojan.Win32.Runner.x C:\WINDOWS\system32\lips.exe/PE_Patch.UPX/UPX
13/03/2010 12:40:21 Untreated: Trojan.Win32.Runner.x C:\WINDOWS\system32\lips.exe/PE_Patch.UPX/UPX Postponed
13/03/2010 12:40:24 Detected: Trojan-Dropper.Win32.Agent.wcp C:\WINDOWS\system32\lips.exe/PE_Patch.UPX/UPX
13/03/2010 12:40:26 Detected: Trojan.Win32.Dialer.u C:\WINDOWS\system32\nidbux.exe/UPX
13/03/2010 12:40:26 Untreated: Trojan.Win32.Dialer.u C:\WINDOWS\system32\nidbux.exe/UPX Postponed
13/03/2010 12:40:27 Detected: Backdoor.Win32.Rbot.adf C:\WINDOWS\system32\ndfdsfsd.exe/Molebox
13/03/2010 12:40:27 Untreated: Backdoor.Win32.Rbot.adf C:\WINDOWS\system32\ndfdsfsd.exe/Molebox Postponed
13/03/2010 12:40:29 Detected: Backdoor.IRC.Flood.bc C:\WINDOWS\system32\musique.exe/xt34m1
13/03/2010 12:40:29 Untreated: Backdoor.IRC.Flood.bc C:\WINDOWS\system32\musique.exe/xt34m1 Postponed
13/03/2010 12:40:29 Detected: P2P-Worm.Win32.SpyBot.gen C:\WINDOWS\system32\pdggmxsw.exe
13/03/2010 12:40:29 Untreated: P2P-Worm.Win32.SpyBot.gen C:\WINDOWS\system32\pdggmxsw.exe Postponed
13/03/2010 12:40:30 Detected: Backdoor.IRC.Zapchast C:\WINDOWS\system32\musique.exe/xt34m2
13/03/2010 12:40:30 Detected: Net-Worm.Win32.Randon C:\WINDOWS\system32\musique.exe/xt34m3
13/03/2010 12:40:30 Detected: Net-Worm.Win32.Randon.ao C:\WINDOWS\system32\musique.exe/xt34m4
13/03/2010 12:40:31 Detected: Backdoor.IRC.Flood.bc C:\WINDOWS\system32\musique.exe/xt34m5
13/03/2010 12:40:31 Detected: Net-Worm.Win32.Randon.ar C:\WINDOWS\system32\musique.exe/xt34m6
13/03/2010 12:40:31 Detected: Backdoor.IRC.Flood.bc C:\WINDOWS\system32\musique.exe/xt34m7
13/03/2010 12:40:31 Detected: Backdoor.IRC.Zapchast C:\WINDOWS\system32\musique.exe/xt34m8
13/03/2010 12:40:32 Detected: Backdoor.IRC.Zapchast C:\WINDOWS\system32\musique.exe/xt34m9
13/03/2010 12:40:32 Detected: Backdoor.IRC.Flood.bc C:\WINDOWS\system32\musique.exe/xt34mxxx
13/03/2010 12:40:32 Detected: Trojan.Win32.Dialer.u C:\WINDOWS\system32\qjjgc.exe/UPX
13/03/2010 12:40:32 Untreated: Trojan.Win32.Dialer.u C:\WINDOWS\system32\qjjgc.exe/UPX Postponed
13/03/2010 12:40:34 Detected: P2P-Worm.Win32.SpyBot.gen C:\WINDOWS\system32\reptile.exe
13/03/2010 12:40:34 Untreated: P2P-Worm.Win32.SpyBot.gen C:\WINDOWS\system32\reptile.exe Postponed
13/03/2010 12:40:34 Detected: Trojan.Win32.Genome.lrv C:\WINDOWS\system32\runy.exe
13/03/2010 12:40:34 Untreated: Trojan.Win32.Genome.lrv C:\WINDOWS\system32\runy.exe Postponed
13/03/2010 12:40:35 Detected: Packed.Win32.Black.d C:\WINDOWS\system32\psniffcc7.exe/PE_Patch/ASProtect
13/03/2010 12:40:35 Untreated: Packed.Win32.Black.d C:\WINDOWS\system32\psniffcc7.exe/PE_Patch/ASProtect Postponed
13/03/2010 12:40:38 Detected: Backdoor.Win32.SdBot.awk C:\WINDOWS\system32\spread.exe
13/03/2010 12:40:38 Untreated: Backdoor.Win32.SdBot.awk C:\WINDOWS\system32\spread.exe Postponed
13/03/2010 12:40:39 Detected: Backdoor.IRC.Flood.bc C:\WINDOWS\system32\schmblack.exe/xt34m1
13/03/2010 12:40:39 Untreated: Backdoor.IRC.Flood.bc C:\WINDOWS\system32\schmblack.exe/xt34m1 Postponed
13/03/2010 12:40:40 Detected: Backdoor.IRC.Zapchast C:\WINDOWS\system32\schmblack.exe/xt34m2
13/03/2010 12:40:40 Detected: Net-Worm.Win32.Randon C:\WINDOWS\system32\schmblack.exe/xt34m3
13/03/2010 12:40:41 Detected: Net-Worm.Win32.Randon.ao C:\WINDOWS\system32\schmblack.exe/xt34m4
13/03/2010 12:40:41 Detected: Backdoor.IRC.Flood.bc C:\WINDOWS\system32\schmblack.exe/xt34m5
13/03/2010 12:40:41 Detected: Net-Worm.Win32.Randon.ar C:\WINDOWS\system32\schmblack.exe/xt34m6
13/03/2010 12:40:41 Detected: Backdoor.IRC.Flood.bc C:\WINDOWS\system32\schmblack.exe/xt34m7
13/03/2010 12:40:41 Detected: Trojan-Downloader.Win32.Agent.awb C:\WINDOWS\system32\tvm1eb79.dll/PE_Patch.UPX/UPX
13/03/2010 12:40:41 Untreated: Trojan-Downloader.Win32.Agent.awb C:\WINDOWS\system32\tvm1eb79.dll/PE_Patch.UPX/UPX Postponed
13/03/2010 12:40:41 Detected: Backdoor.IRC.Zapchast C:\WINDOWS\system32\schmblack.exe/xt34m8
13/03/2010 12:40:41 Detected: Backdoor.IRC.Zapchast C:\WINDOWS\system32\schmblack.exe/xt34m9
13/03/2010 12:40:42 Detected: Backdoor.IRC.Flood.bc C:\WINDOWS\system32\schmblack.exe/xt34mxxx
13/03/2010 12:40:47 Detected: Virus.Win32.Parite.b C:\WINDOWS\system32\uplaw.exe/boys.exe
13/03/2010 12:40:47 Untreated: Virus.Win32.Parite.b C:\WINDOWS\system32\uplaw.exe/boys.exe Postponed
13/03/2010 12:40:47 Detected: Backdoor.IRC.Flood.bc C:\WINDOWS\system32\upd1ate.exe/xt34m1
13/03/2010 12:40:47 Untreated: Backdoor.IRC.Flood.bc C:\WINDOWS\system32\upd1ate.exe/xt34m1 Postponed
13/03/2010 12:40:48 Detected: Backdoor.IRC.Zapchast C:\WINDOWS\system32\upd1ate.exe/xt34m2
13/03/2010 12:40:49 Detected: Net-Worm.Win32.Randon C:\WINDOWS\system32\upd1ate.exe/xt34m3
13/03/2010 12:40:49 Detected: Net-Worm.Win32.Randon.ao C:\WINDOWS\system32\upd1ate.exe/xt34m4
13/03/2010 12:40:49 Detected: Backdoor.IRC.Flood.bc C:\WINDOWS\system32\upd1ate.exe/xt34m5
13/03/2010 12:40:49 Detected: Net-Worm.Win32.Randon.ar C:\WINDOWS\system32\upd1ate.exe/xt34m6
13/03/2010 12:40:49 Detected: Backdoor.IRC.Flood.bc C:\WINDOWS\system32\upd1ate.exe/xt34m7
13/03/2010 12:40:49 Detected: Backdoor.IRC.Zapchast C:\WINDOWS\system32\upd1ate.exe/xt34m8
13/03/2010 12:40:49 Detected: Backdoor.IRC.Flood.bc C:\WINDOWS\system32\uplaw.exe/xt34m1
13/03/2010 12:40:49 Detected: Backdoor.IRC.Zapchast C:\WINDOWS\system32\upd1ate.exe/xt34m9
13/03/2010 12:40:49 Detected: Backdoor.IRC.Zapchast C:\WINDOWS\system32\uplaw.exe/xt34m2
13/03/2010 12:40:49 Detected: Backdoor.IRC.Flood.bc C:\WINDOWS\system32\upd1ate.exe/xt34mxxx
13/03/2010 12:40:49 Detected: Net-Worm.Win32.Randon C:\WINDOWS\system32\uplaw.exe/xt34m3
13/03/2010 12:40:49 Detected: Net-Worm.Win32.Randon.ao C:\WINDOWS\system32\uplaw.exe/xt34m4
13/03/2010 12:40:50 Detected: Backdoor.IRC.Flood.bc C:\WINDOWS\system32\uplaw.exe/xt34m5
13/03/2010 12:40:50 Detected: Net-Worm.Win32.Randon.ar C:\WINDOWS\system32\uplaw.exe/xt34m6
13/03/2010 12:40:50 Detected: Backdoor.IRC.Flood.bc C:\WINDOWS\system32\uplaw.exe/xt34m7
13/03/2010 12:40:50 Detected: Backdoor.IRC.Zapchast C:\WINDOWS\system32\uplaw.exe/xt34m8
13/03/2010 12:40:50 Detected: Backdoor.IRC.Zapchast C:\WINDOWS\system32\uplaw.exe/xt34m9
13/03/2010 12:40:50 Detected: Backdoor.IRC.Flood.bc C:\WINDOWS\system32\uplaw.exe/xt34mxxx
13/03/2010 12:40:52 Detected: Backdoor.IRC.Zapchast C:\WINDOWS\system32\vmittn.exe/zlip.cpl
13/03/2010 12:40:52 Untreated: Backdoor.IRC.Zapchast C:\WINDOWS\system32\vmittn.exe/zlip.cpl Postponed
13/03/2010 12:40:52 Detected: Backdoor.IRC.Zapchast C:\WINDOWS\system32\vmittn.exe/zlip1.cpl
13/03/2010 12:40:52 Detected: Backdoor.IRC.Zapchast C:\WINDOWS\system32\vmittn.exe/zlip2.cpl
13/03/2010 12:40:54 Detected: P2P-Worm.Win32.SpyBot.gen C:\WINDOWS\system32\wuaumqr1.exe
13/03/2010 12:40:54 Untreated: P2P-Worm.Win32.SpyBot.gen C:\WINDOWS\system32\wuaumqr1.exe Postponed
13/03/2010 12:40:55 Detected: Backdoor.IRC.Flood.bc C:\WINDOWS\system32\xt34m1
13/03/2010 12:40:55 Untreated: Backdoor.IRC.Flood.bc C:\WINDOWS\system32\xt34m1 Postponed
13/03/2010 12:40:56 Detected: Backdoor.IRC.Zapchast C:\WINDOWS\system32\xt34m2
13/03/2010 12:40:56 Untreated: Backdoor.IRC.Zapchast C:\WINDOWS\system32\xt34m2 Postponed
13/03/2010 12:40:56 Detected: Net-Worm.Win32.Randon C:\WINDOWS\system32\xt34m3
13/03/2010 12:40:56 Untreated: Net-Worm.Win32.Randon C:\WINDOWS\system32\xt34m3 Postponed
13/03/2010 12:40:57 Detected: Net-Worm.Win32.Randon.ao C:\WINDOWS\system32\xt34m4
13/03/2010 12:40:57 Untreated: Net-Worm.Win32.Randon.ao C:\WINDOWS\system32\xt34m4 Postponed
13/03/2010 12:40:57 Detected: Backdoor.IRC.Flood.bc C:\WINDOWS\system32\xt34m5
13/03/2010 12:40:57 Untreated: Backdoor.IRC.Flood.bc C:\WINDOWS\system32\xt34m5 Postponed
13/03/2010 12:40:57 Detected: Net-Worm.Win32.Randon.ar C:\WINDOWS\system32\xt34m6
13/03/2010 12:40:57 Untreated: Net-Worm.Win32.Randon.ar C:\WINDOWS\system32\xt34m6 Postponed
13/03/2010 12:40:57 Detected: Backdoor.IRC.Flood.bc C:\WINDOWS\system32\xt34m7
13/03/2010 12:40:57 Untreated: Backdoor.IRC.Flood.bc C:\WINDOWS\system32\xt34m7 Postponed
13/03/2010 12:40:58 Detected: Backdoor.IRC.Zapchast C:\WINDOWS\system32\xt34m8
13/03/2010 12:40:58 Untreated: Backdoor.IRC.Zapchast C:\WINDOWS\system32\xt34m8 Postponed
13/03/2010 12:40:58 Detected: Backdoor.IRC.Zapchast C:\WINDOWS\system32\xt34m9
13/03/2010 12:40:58 Untreated: Backdoor.IRC.Zapchast C:\WINDOWS\system32\xt34m9 Postponed
13/03/2010 12:40:58 Detected: Backdoor.IRC.Flood.bc C:\WINDOWS\system32\xt34mxxx
13/03/2010 12:40:58 Untreated: Backdoor.IRC.Flood.bc C:\WINDOWS\system32\xt34mxxx Postponed
13/03/2010 12:40:59 Detected: P2P-Worm.Win32.SpyBot.gen C:\WINDOWS\system32\zxjcvkmp.exe
13/03/2010 12:40:59 Untreated: P2P-Worm.Win32.SpyBot.gen C:\WINDOWS\system32\zxjcvkmp.exe Postponed
13/03/2010 12:41:35 Detected: Backdoor.Win32.Wootbot.df C:\_OTL\MovedFiles\03072010_170154\C_WINDOWS\system32\SIX.exe/Molebox
13/03/2010 12:41:35 Untreated: Backdoor.Win32.Wootbot.df C:\_OTL\MovedFiles\03072010_170154\C_WINDOWS\system32\SIX.exe/Molebox Postponed
13/03/2010 12:41:35 Detected: Backdoor.Win32.Wootbot.de C:\_OTL\MovedFiles\03072010_170154\C_WINDOWS\system32\MDN.exe/Molebox
13/03/2010 12:41:35 Untreated: Backdoor.Win32.Wootbot.de C:\_OTL\MovedFiles\03072010_170154\C_WINDOWS\system32\MDN.exe/Molebox Postponed
Virus Scan: completed 1 hour ago (events: 7, objects: 2275, time: 00:12:12)
Disinfect active threats: malfunction (events: 3, objects: 0, time: Unknown)
Autoscan: completed 1 minute ago (events: 1163, objects: 183102, time: 00:57:27)
Here is OTS Log

Attached File  OTS.Txt   346.52KB   144 downloads

Thank You
  • 0

#14
Gammo
Posted 13 March 2010 - 08:52 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Did you perform a scan with SUPERAntiSpyware? If so, please post the content of the SUPERAntiSpyware log. :)

Launch SUPERAntispyware again.
  • Click Preferences, then click the Statistics/Logs tab.
  • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  • Please copy and paste the Scan Log results in your next reply.

  • 0

#15
mechanima
Posted 13 March 2010 - 09:05 AM

mechanima

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Sorry, I forgot that one! :)

Here it is:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/13/2010 at 10:14 AM

Application Version : 4.34.1000

Core Rules Database Version : 4670
Trace Rules Database Version: 2482

Scan type : Quick Scan
Total Scan Time : 00:04:55

Memory items scanned : 339
Memory threats detected : 0
Registry items scanned : 346
Registry threats detected : 116
File items scanned : 4828
File threats detected : 254

Trojan.SysTSec
HKLM\System\ControlSet001\Services\DLTC
C:\WINDOWS\SYSTEM32\NLSYS32.EXE
HKLM\System\ControlSet001\Enum\Root\LEGACY_DLTC

Trojan.Win32Host
HKLM\System\ControlSet001\Services\Win32Kernel
C:\WINDOWS\WIN32HOST.EXE
HKLM\System\ControlSet001\Enum\Root\LEGACY_Win32Kernel

Adware.Tracking Cookie
C:\Documents and Settings\manager\Cookies\manager@collective-media[1].txt
C:\Documents and Settings\manager\Cookies\[email protected][1].txt
C:\Documents and Settings\manager\Cookies\manager@questionmarket[2].txt
C:\Documents and Settings\manager\Cookies\manager@hitbox[1].txt
C:\Documents and Settings\manager\Cookies\[email protected][1].txt
C:\Documents and Settings\manager\Cookies\manager@doubleclick[1].txt
C:\Documents and Settings\manager\Cookies\manager@yadro[2].txt
C:\Documents and Settings\manager\Cookies\[email protected][2].txt
C:\Documents and Settings\manager\Cookies\[email protected][2].txt
C:\Documents and Settings\manager\Cookies\manager@atdmt[2].txt
C:\Documents and Settings\manager\Cookies\[email protected][2].txt
C:\Documents and Settings\manager\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt

Adware.180solutions/ZangoSearch
HKLM\Software\Zango Programs
HKLM\Software\Zango Programs\Zango Toolbar
HKLM\Software\Zango Programs\Zango Toolbar#ToolbarMoved
HKLM\Software\Zango Programs\Zango Toolbar\History
HKCR\AppId\ZangoToolbar.DLL
HKCR\AppId\ZangoToolbar.DLL#AppID
HKCR\AppId\{F1F040D5-E8F8-4680-B101-9334E9773841}
HKCR\Interface\{E775C662-85D0-438E-82F0-6BCE20A8E154}
HKCR\Interface\{E775C662-85D0-438E-82F0-6BCE20A8E154}\ProxyStubClsid
HKCR\Interface\{E775C662-85D0-438E-82F0-6BCE20A8E154}\ProxyStubClsid32
HKCR\Interface\{E775C662-85D0-438E-82F0-6BCE20A8E154}\TypeLib
HKCR\Interface\{E775C662-85D0-438E-82F0-6BCE20A8E154}\TypeLib#Version

Adware.Toolbar888
HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}
HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0
HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\0
HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\0\win32
HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\FLAGS
HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\HELPDIR
HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}
HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\ProxyStubClsid
HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\ProxyStubClsid32
HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\TypeLib
HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\TypeLib#Version
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{cbcc61fa-0221-4ccc-b409-cee865caca3a} [ úaÌË!ÌL´ ÎèeÊÊ: ]
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{cbcc61fa-0221-4ccc-b409-cee865caca3a} [ úaÌË!ÌL´ ÎèeÊÊ: ]

Browser Hijacker.Internet Explorer Settings Hijack
HKLM\Software\Microsoft\Internet Explorer\Main#Start Page [ c:\secure32.html ]
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main#Default_Page_URL [ c:\secure32.html ]
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main#Default_Page_URL [ c:\secure32.html ]
HKLM\Software\Microsoft\Internet Explorer\Main#Local Page [ c:\secure32.html ]
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main#Default_Search_URL [ http://searchbar.fin...siteyouneed.com ]
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main#Default_Search_URL [ http://searchbar.fin...siteyouneed.com ]

Trojan.SysProtect
HKCR\CheckProd.CheckProduct
HKCR\CheckProd.CheckProduct\CLSID
HKCR\CheckProd.CheckProduct\CurVer
HKCR\CheckProd.CheckProduct.1
HKCR\CheckProd.CheckProduct.1\CLSID
HKCR\CLSID\{EF130E77-0A34-4365-BFB7-218FD3DDCD5F}
HKCR\CLSID\{EF130E77-0A34-4365-BFB7-218FD3DDCD5F}#AppID
HKCR\CLSID\{EF130E77-0A34-4365-BFB7-218FD3DDCD5F}\Implemented Categories
HKCR\CLSID\{EF130E77-0A34-4365-BFB7-218FD3DDCD5F}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{EF130E77-0A34-4365-BFB7-218FD3DDCD5F}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{EF130E77-0A34-4365-BFB7-218FD3DDCD5F}\InprocServer32
HKCR\CLSID\{EF130E77-0A34-4365-BFB7-218FD3DDCD5F}\InprocServer32#ThreadingModel
HKCR\CLSID\{EF130E77-0A34-4365-BFB7-218FD3DDCD5F}\ProgID
HKCR\CLSID\{EF130E77-0A34-4365-BFB7-218FD3DDCD5F}\Programmable
HKCR\CLSID\{EF130E77-0A34-4365-BFB7-218FD3DDCD5F}\TypeLib
HKCR\CLSID\{EF130E77-0A34-4365-BFB7-218FD3DDCD5F}\VersionIndependentProgID
HKCR\TypeLib\{7EACF70B-302F-4049-AC68-2D62EB43E473}
HKCR\TypeLib\{7EACF70B-302F-4049-AC68-2D62EB43E473}\1.0
HKCR\TypeLib\{7EACF70B-302F-4049-AC68-2D62EB43E473}\1.0\0
HKCR\TypeLib\{7EACF70B-302F-4049-AC68-2D62EB43E473}\1.0\0\win32
HKCR\TypeLib\{7EACF70B-302F-4049-AC68-2D62EB43E473}\1.0\FLAGS
HKCR\TypeLib\{7EACF70B-302F-4049-AC68-2D62EB43E473}\1.0\HELPDIR
HKCR\Interface\{02946FD1-2D99-46E6-A790-3A089714EDD9}
HKCR\Interface\{02946FD1-2D99-46E6-A790-3A089714EDD9}\ProxyStubClsid
HKCR\Interface\{02946FD1-2D99-46E6-A790-3A089714EDD9}\ProxyStubClsid32
HKCR\Interface\{02946FD1-2D99-46E6-A790-3A089714EDD9}\TypeLib
HKCR\Interface\{02946FD1-2D99-46E6-A790-3A089714EDD9}\TypeLib#Version
HKCR\AppId\CheckProduct2_1.DLL
HKCR\AppId\CheckProduct2_1.DLL#AppID
HKCR\AppId\{4F5E5D72-C915-4f3b-908B-527D064B0FAA}
C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\USYP_0001_N85M2606NETINSTALLER.EXE
C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.2\USYP_0001_N85M2606NETINSTALLER.EXE
C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.3\USYP_0001_N85M2606NETINSTALLER.EXE
C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.4\USYP_0001_N85M2606NETINSTALLER.EXE
C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.5\USYP_0001_N85M2606NETINSTALLER.EXE

Trojan.DollarRevenue
C:\WINDOWS\newname.dat

Trojan.ErrorSafe
HKCR\ESSPChck.ESSPChck
HKCR\ESSPChck.ESSPChck\CLSID
HKCR\ESSPChck.ESSPChck\CurVer
HKCR\ESSPChck.ESSPChck.1
HKCR\ESSPChck.ESSPChck.1\CLSID
HKCR\clsid\{647b8364-79e0-48e2-a4ca-233abada0c2d}
HKCR\clsid\{647b8364-79e0-48e2-a4ca-233abada0c2d}\Implemented Categories
HKCR\clsid\{647b8364-79e0-48e2-a4ca-233abada0c2d}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKCR\clsid\{647b8364-79e0-48e2-a4ca-233abada0c2d}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKCR\clsid\{647b8364-79e0-48e2-a4ca-233abada0c2d}\InprocServer32
HKCR\clsid\{647b8364-79e0-48e2-a4ca-233abada0c2d}\InprocServer32#ThreadingModel
HKCR\clsid\{647b8364-79e0-48e2-a4ca-233abada0c2d}\ProgID
HKCR\clsid\{647b8364-79e0-48e2-a4ca-233abada0c2d}\Programmable
HKCR\clsid\{647b8364-79e0-48e2-a4ca-233abada0c2d}\TypeLib
HKCR\clsid\{647b8364-79e0-48e2-a4ca-233abada0c2d}\VersionIndependentProgID
HKCR\typelib\{1b197c22-561f-455f-8511-35b1a45c5c9f}
HKCR\typelib\{1b197c22-561f-455f-8511-35b1a45c5c9f}\1.0
HKCR\typelib\{1b197c22-561f-455f-8511-35b1a45c5c9f}\1.0\0
HKCR\typelib\{1b197c22-561f-455f-8511-35b1a45c5c9f}\1.0\0\win32
HKCR\typelib\{1b197c22-561f-455f-8511-35b1a45c5c9f}\1.0\FLAGS
HKCR\typelib\{1b197c22-561f-455f-8511-35b1a45c5c9f}\1.0\HELPDIR
HKCR\Interface\{94DBDB63-5F05-4C51-8B14-DE0CA12EF4CA}
HKCR\Interface\{94DBDB63-5F05-4C51-8B14-DE0CA12EF4CA}\ProxyStubClsid
HKCR\Interface\{94DBDB63-5F05-4C51-8B14-DE0CA12EF4CA}\ProxyStubClsid32
HKCR\Interface\{94DBDB63-5F05-4C51-8B14-DE0CA12EF4CA}\TypeLib
HKCR\Interface\{94DBDB63-5F05-4C51-8B14-DE0CA12EF4CA}\TypeLib#Version

Browser Hijacker.Deskbar
HKCR\Interface\{8F15B157-40D9-4B20-8D3B-B1F8B475B58D}
HKCR\Interface\{8F15B157-40D9-4B20-8D3B-B1F8B475B58D}\ProxyStubClsid
HKCR\Interface\{8F15B157-40D9-4B20-8D3B-B1F8B475B58D}\ProxyStubClsid32
HKCR\Interface\{8F15B157-40D9-4B20-8D3B-B1F8B475B58D}\TypeLib
HKCR\Interface\{8F15B157-40D9-4B20-8D3B-B1F8B475B58D}\TypeLib#Version
HKCR\Interface\{A0881AA1-68BE-41AC-9C0D-4C8A69C6C72C}
HKCR\Interface\{A0881AA1-68BE-41AC-9C0D-4C8A69C6C72C}\ProxyStubClsid
HKCR\Interface\{A0881AA1-68BE-41AC-9C0D-4C8A69C6C72C}\ProxyStubClsid32
HKCR\Interface\{A0881AA1-68BE-41AC-9C0D-4C8A69C6C72C}\TypeLib
HKCR\Interface\{A0881AA1-68BE-41AC-9C0D-4C8A69C6C72C}\TypeLib#Version
HKCR\Interface\{E827FFD9-95D1-4B49-BEB3-5D49E688C108}
HKCR\Interface\{E827FFD9-95D1-4B49-BEB3-5D49E688C108}\ProxyStubClsid
HKCR\Interface\{E827FFD9-95D1-4B49-BEB3-5D49E688C108}\ProxyStubClsid32
HKCR\Interface\{E827FFD9-95D1-4B49-BEB3-5D49E688C108}\TypeLib
HKCR\Interface\{E827FFD9-95D1-4B49-BEB3-5D49E688C108}\TypeLib#Version
C:\DESKBAR.EXE

Trojan.Rustock/LZX32
HKLM\SYSTEM\ControlSet001\Services\pe386
HKLM\SYSTEM\ControlSet001\Services\pe386#Type
HKLM\SYSTEM\ControlSet001\Services\pe386#Start
HKLM\SYSTEM\ControlSet001\Services\pe386#ErrorControl
HKLM\SYSTEM\ControlSet001\Services\pe386#ImagePath
HKLM\SYSTEM\ControlSet001\Services\pe386#DisplayName
HKLM\SYSTEM\ControlSet001\Services\pe386#Group
HKLM\SYSTEM\ControlSet001\Services\pe386#ExtParam
HKLM\SYSTEM\ControlSet001\Services\pe386\Security
HKLM\SYSTEM\ControlSet001\Services\pe386\Security#Security

Trojan.DO/DRZ
C:\DO.EXE
C:\DODI.EXE

Trojan.Downloader-Small/Project
C:\DOTDR.EXE
C:\NAVY.EXE
C:\WINSDL.EXE
C:\WINZDL.EXE

Trojan.WinSysBan
C:\KYBRDFF_12.EXE

Trojan.SpySheriff
C:\GQYQHF.EXE
C:\LEMJ.EXE
C:\RFTOJHV.EXE

Trojan.GimmySmilies
C:\NWNMFF_12.EXE
C:\NWNMFG_8.EXE

Trojan.Downloader-Gen/ICM
C:\QJMM.EXE

Trojan.Freeprod
C:\TAM32.EXE
C:\WINDOWS\SYSTEM32\MOOT32.EXE

Trojan.SmartLoad
C:\WINDOWS\DRSMARTLOAD2.DAT

Adware.NicTech Networks
C:\WINDOWS\ICONT.EXE
C:\WINDOWS\ICONU.EXE
C:\WINDOWS\SYSTEM32\AKCTRES.DLL
C:\WINDOWS\SYSTEM32\ASMFD.DLL
C:\WINDOWS\SYSTEM32\AZA2059OE.DLL
C:\WINDOWS\SYSTEM32\AZA2LE5O1H.DLL
C:\WINDOWS\SYSTEM32\AZAM09D1E.DLL
C:\WINDOWS\SYSTEM32\AZAM0CF1EF2.DLL
C:\WINDOWS\SYSTEM32\AZAOLC131F.DLL
C:\WINDOWS\SYSTEM32\AZAQ01J5E.DLL
C:\WINDOWS\SYSTEM32\AZPMGR.DLL
C:\WINDOWS\SYSTEM32\BZTT.DLL
C:\WINDOWS\SYSTEM32\C200LCDM1F0A.DLL
C:\WINDOWS\SYSTEM32\CGBCATEX.DLL
C:\WINDOWS\SYSTEM32\CSMCTL32.DLL
C:\WINDOWS\SYSTEM32\CUBCATQ.DLL
C:\WINDOWS\SYSTEM32\D8J00I1ME8.DLL
C:\WINDOWS\SYSTEM32\DDBAND.DLL
C:\WINDOWS\SYSTEM32\DDDRM.DLL
C:\WINDOWS\SYSTEM32\DIMRTP.DLL
C:\WINDOWS\SYSTEM32\DLCPMON.DLL
C:\WINDOWS\SYSTEM32\DNJM0111E.DLL
C:\WINDOWS\SYSTEM32\DN0Q01D5E.DLL
C:\WINDOWS\SYSTEM32\DN6Q01J5E.DLL
C:\WINDOWS\SYSTEM32\DN8Q01L5E.DLL
C:\WINDOWS\SYSTEM32\DWDMO.DLL
C:\WINDOWS\SYSTEM32\DZCPMON.DLL
C:\WINDOWS\SYSTEM32\E402LEDO1H0C.DLL
C:\WINDOWS\SYSTEM32\ENP0L17M1.DLL
C:\WINDOWS\SYSTEM32\EMCDEC.DLL
C:\WINDOWS\SYSTEM32\EN4ML1H11.DLL
C:\WINDOWS\SYSTEM32\EN4UL1H91.DLL
C:\WINDOWS\SYSTEM32\ENJ6L11S1.DLL
C:\WINDOWS\SYSTEM32\ENNUL1591.DLL
C:\WINDOWS\SYSTEM32\ENR8L19U1.DLL
C:\WINDOWS\SYSTEM32\ESP0L17M1.DLL
C:\WINDOWS\SYSTEM32\EUCBBBC.DLL
C:\WINDOWS\SYSTEM32\EV02LEDO1H0C.DLL
C:\WINDOWS\SYSTEM32\F00OLAD31D0.DLL
C:\WINDOWS\SYSTEM32\F02MLAF11D2.DLL
C:\WINDOWS\SYSTEM32\F22M0CF1EF2.DLL
C:\WINDOWS\SYSTEM32\F2L02C3MGF.DLL
C:\WINDOWS\SYSTEM32\F42MLEF11H2.DLL
C:\WINDOWS\SYSTEM32\FP0403DQE.DLL
C:\WINDOWS\SYSTEM32\FP0U03D9E.DLL
C:\WINDOWS\SYSTEM32\FP6203JOE.DLL
C:\WINDOWS\SYSTEM32\FP6603JSE.DLL
C:\WINDOWS\SYSTEM32\FPJU0319E.DLL
C:\WINDOWS\SYSTEM32\FPL0033ME.DLL
C:\WINDOWS\SYSTEM32\FPLO0333E.DLL
C:\WINDOWS\SYSTEM32\FPN6035SE.DLL
C:\WINDOWS\SYSTEM32\FPNM0351E.DLL
C:\WINDOWS\SYSTEM32\FPR8039UE.DLL
C:\WINDOWS\SYSTEM32\FR2MLEF11H2.DLL
C:\WINDOWS\SYSTEM32\FRDRCLNR.DLL
C:\WINDOWS\SYSTEM32\G2220CFOEF2C0.DLL
C:\WINDOWS\SYSTEM32\G2JOLC131F.DLL
C:\WINDOWS\SYSTEM32\G4JOLE131H.DLL
C:\WINDOWS\SYSTEM32\GGJQL3151.DLL
C:\WINDOWS\SYSTEM32\GP04L3DQ1.DLL
C:\WINDOWS\SYSTEM32\GP0UL3D91.DLL
C:\WINDOWS\SYSTEM32\GP2OL3F31.DLL
C:\WINDOWS\SYSTEM32\GPJQL3151.DLL
C:\WINDOWS\SYSTEM32\H0N00A5MED.DLL
C:\WINDOWS\SYSTEM32\H20Q0CD5EF0.DLL
C:\WINDOWS\SYSTEM32\H2J4LC1Q1F.DLL
C:\WINDOWS\SYSTEM32\H60Q0GD5E60.DLL
C:\WINDOWS\SYSTEM32\HI0Q0CD5EF0.DLL
C:\WINDOWS\SYSTEM32\HRR2059OE.DLL
C:\WINDOWS\SYSTEM32\HR2Q05F5E.DLL
C:\WINDOWS\SYSTEM32\HR2U05F9E.DLL
C:\WINDOWS\SYSTEM32\HR4S05H7E.DLL
C:\WINDOWS\SYSTEM32\HRLS0537E.DLL
C:\WINDOWS\SYSTEM32\HRN4055QE.DLL
C:\WINDOWS\SYSTEM32\HRN6055SE.DLL
C:\WINDOWS\SYSTEM32\HRP6057SE.DLL
C:\WINDOWS\SYSTEM32\HRRQ0595E.DLL
C:\WINDOWS\SYSTEM32\I0LOLA331D.DLL
C:\WINDOWS\SYSTEM32\I2060CDSEF060.DLL
C:\WINDOWS\SYSTEM32\I842LIHO184C.DLL
C:\WINDOWS\SYSTEM32\IC41_QCX.DLL
C:\WINDOWS\SYSTEM32\IOR8L59U1.DLL
C:\WINDOWS\SYSTEM32\IR06L5DS1.DLL
C:\WINDOWS\SYSTEM32\J0N20A5OED.DLL
C:\WINDOWS\SYSTEM32\IR6QL5J51.DLL
C:\WINDOWS\SYSTEM32\IRL2L53O1.DLL
C:\WINDOWS\SYSTEM32\IRNML5511.DLL
C:\WINDOWS\SYSTEM32\IRR8L59U1.DLL
C:\WINDOWS\SYSTEM32\J4N2LE5O1H.DLL
C:\WINDOWS\SYSTEM32\JCMD400.DLL
C:\WINDOWS\SYSTEM32\JT6007JME.DLL
C:\WINDOWS\SYSTEM32\JTJQ0715E.DLL
C:\WINDOWS\SYSTEM32\K026LAFS1D26.DLL
C:\WINDOWS\SYSTEM32\K0LQLA351D.DLL
C:\WINDOWS\SYSTEM32\K0PM0A71ED.DLL
C:\WINDOWS\SYSTEM32\K2LQ0C35EF.DLL
C:\WINDOWS\SYSTEM32\K626LGFS1626.DLL
C:\WINDOWS\SYSTEM32\K6JS0G17E6.DLL
C:\WINDOWS\SYSTEM32\K8440IHQE84E0.DLL
C:\WINDOWS\SYSTEM32\KBFCAWW.DLL
C:\WINDOWS\SYSTEM32\KMDHU1.DLL
C:\WINDOWS\SYSTEM32\KPDTH3.DLL
C:\WINDOWS\SYSTEM32\KQDSL1.DLL
C:\WINDOWS\SYSTEM32\KT02L7DO1.DLL
C:\WINDOWS\SYSTEM32\KT8OL7L31.DLL
C:\WINDOWS\SYSTEM32\KTL2L73O1.DLL
C:\WINDOWS\SYSTEM32\KTL4L73Q1.DLL
C:\WINDOWS\SYSTEM32\KTLML7311.DLL
C:\WINDOWS\SYSTEM32\KTN0L75M1.DLL
C:\WINDOWS\SYSTEM32\KVDINDEV.DLL
C:\WINDOWS\SYSTEM32\KXDYCL.DLL
C:\WINDOWS\SYSTEM32\L00ULAD91D0.DLL
C:\WINDOWS\SYSTEM32\L02SLAF71D2.DLL
C:\WINDOWS\SYSTEM32\L20U0CD9EF0.DLL
C:\WINDOWS\SYSTEM32\L44QLEH51H4.DLL
C:\WINDOWS\SYSTEM32\L64Q0GH5E64.DLL
C:\WINDOWS\SYSTEM32\L80ULID9180.DLL
C:\WINDOWS\SYSTEM32\L84Q0IH5E84.DLL
C:\WINDOWS\SYSTEM32\L8L60I3SE8.DLL
C:\WINDOWS\SYSTEM32\LVLO0933E.DLL
C:\WINDOWS\SYSTEM32\LV0209DOE.DLL
C:\WINDOWS\SYSTEM32\LV0M09D1E.DLL
C:\WINDOWS\SYSTEM32\LV2809FUE.DLL
C:\WINDOWS\SYSTEM32\LV4009HME.DLL
C:\WINDOWS\SYSTEM32\LV4O09H3E.DLL
C:\WINDOWS\SYSTEM32\LV8609LSE.DLL
C:\WINDOWS\SYSTEM32\LVP0097ME.DLL
C:\WINDOWS\SYSTEM32\LXVELY.DLL
C:\WINDOWS\SYSTEM32\LZ8609LSE.DLL
C:\WINDOWS\SYSTEM32\LZASRV.DLL
C:\WINDOWS\SYSTEM32\M4NQ0E55EH.DLL
C:\WINDOWS\SYSTEM32\M8JULI1918.DLL
C:\WINDOWS\SYSTEM32\MCG_HOOK.DLL
C:\WINDOWS\SYSTEM32\MFSIP32.DLL
C:\WINDOWS\SYSTEM32\MH43DMOD.DLL
C:\WINDOWS\SYSTEM32\MHLOGMGR.DLL
C:\WINDOWS\SYSTEM32\MOLOGMGR.DLL
C:\WINDOWS\SYSTEM32\N66QLGJ516O.DLL
C:\WINDOWS\SYSTEM32\MV0ML9D11.DLL
C:\WINDOWS\SYSTEM32\MV2OL9F31.DLL
C:\WINDOWS\SYSTEM32\MV46L9HS1.DLL
C:\WINDOWS\SYSTEM32\MV6OL9J31.DLL
C:\WINDOWS\SYSTEM32\MVI.DLL
C:\WINDOWS\SYSTEM32\MVL2L93O1.DLL
C:\WINDOWS\SYSTEM32\MVL4L93Q1.DLL
C:\WINDOWS\SYSTEM32\MVLOL9331.DLL
C:\WINDOWS\SYSTEM32\MVN2L95O1.DLL
C:\WINDOWS\SYSTEM32\MVNOL9531.DLL
C:\WINDOWS\SYSTEM32\MVP0L97M1.DLL
C:\WINDOWS\SYSTEM32\MVPQL9751.DLL
C:\WINDOWS\SYSTEM32\MXC42U.DLL
C:\WINDOWS\SYSTEM32\MYPMSP.DLL
C:\WINDOWS\SYSTEM32\N6R20G9OE6.DLL
C:\WINDOWS\SYSTEM32\N82U0IF9E82.DLL
C:\WINDOWS\SYSTEM32\NELANMAN.DLL
C:\WINDOWS\SYSTEM32\NL6QLGJ516O.DLL
C:\WINDOWS\SYSTEM32\NUTEVENT.DLL
C:\WINDOWS\SYSTEM32\O2NSLC571F.DLL
C:\WINDOWS\SYSTEM32\O0RO0A93ED.DLL
C:\WINDOWS\SYSTEM32\O248LCHU1F48.DLL
C:\WINDOWS\SYSTEM32\O4PQ0E75EH.DLL
C:\WINDOWS\SYSTEM32\O866LIJS18O6.DLL
C:\WINDOWS\SYSTEM32\O8LU0I39E8.DLL
C:\WINDOWS\SYSTEM32\OKEDLG.DLL
C:\WINDOWS\SYSTEM32\P04U0AH9ED4.DLL
C:\WINDOWS\SYSTEM32\P04ULAH91D4.DLL
C:\WINDOWS\SYSTEM32\P46SLEJ71HO.DLL
C:\WINDOWS\SYSTEM32\PWH.DLL
C:\WINDOWS\SYSTEM32\PZFLBMSG.DLL
C:\WINDOWS\SYSTEM32\Q0PSLA771D.DLL
C:\WINDOWS\SYSTEM32\Q4NU0E59EH.DLL
C:\WINDOWS\SYSTEM32\Q6860GLSE6Q60.DLL
C:\WINDOWS\SYSTEM32\R2R6LC9S1F.DLL
C:\WINDOWS\SYSTEM32\R46U0EJ9EHO.DLL
C:\WINDOWS\SYSTEM32\R48SLEL71HQ.DLL
C:\WINDOWS\SYSTEM32\R8P80I7UE8.DLL
C:\WINDOWS\SYSTEM32\RZFSAPS.DLL
C:\WINDOWS\SYSTEM32\S0PU0A79ED.DLL
C:\WINDOWS\SYSTEM32\S2PU0C79EF.DLL
C:\WINDOWS\SYSTEM32\S2RSLC971F.DLL
C:\WINDOWS\SYSTEM32\S4RS0E97EH.DLL
C:\WINDOWS\SYSTEM32\SFI.DLL
C:\WINDOWS\SYSTEM32\SNARDDLG.DLL
C:\WINDOWS\SYSTEM32\TGPMON.DLL
C:\WINDOWS\SYSTEM32\UKILDLL.DLL
C:\WINDOWS\SYSTEM32\UNRSDPIA.DLL
C:\WINDOWS\SYSTEM32\UXRFAXA.DLL
C:\WINDOWS\SYSTEM32\UYAT.DLL
C:\WINDOWS\SYSTEM32\UZERENV.DLL
C:\WINDOWS\SYSTEM32\VEOY.DLL
C:\WINDOWS\SYSTEM32\WBECEDIT.DLL
C:\WINDOWS\SYSTEM32\WBPCORE.DLL
C:\WINDOWS\SYSTEM32\WUSSVC.DLL
C:\WINDOWS\SYSTEM32\YVYYXWT.DLL

Trojan.Downloader-SmartLoader
C:\WINDOWS\MIR4R.EXE
C:\WINDOWS\MYX.EXE

Adware.Adservs
C:\WINDOWS\MTE3NDI6ODOXNG.EXE

Trojan.Smitfraud Variant
C:\WINDOWS\SYSTEM32\ABGORJPE.EXE
C:\WINDOWS\SYSTEM32\DTMJOVYN.EXE
C:\WINDOWS\SYSTEM32\INDHMQVU.EXE
C:\WINDOWS\SYSTEM32\NWTIVXFG.EXE

Trojan.Agent/Gen-System
C:\WINDOWS\SYSTEM32\HQGHUMEA.DLL
C:\WINDOWS\SYSTEM32\W001C02E.DLL

Unclassified.Unknown Origin/System
C:\WINDOWS\SYSTEM32\QGHUMEAY.DLL

Trojan.Unknown Origin
C:\WINDOWS\SYSTEM32\RDRIV.SYS
C:\WINDOWS\TELLER2.CHK

Trojan.Dropper/Multi-MBAD
C:\WINDOWS\SYSTEM32\SERV454.EXE

Trojan.VCSHost
C:\WINDOWS\SYSTEM32\TFTP3428

Adware.ClickSpring
C:\WINDOWS\SYSTEM32\UTALAEK.DLL

Unclassified.Unknown Origin
C:\WINDOWS\SYSTEM32\WW32.EXE
C:\WOA32.EXE
C:\WW32.EXE

Worm.Backdoor-WGAReg
C:\_OTL\MOVEDFILES\03072010_170154\C_WINDOWS\SYSTEM32\WGAREG.EXE
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP