Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win32 Mebroot problem

Started by Yayo , Sep 11 2011 07:39 PM

  • This topic is locked This topic is locked

#1
Yayo
Posted 11 September 2011 - 07:39 PM

Yayo

    Member

  • Member
  • PipPip
  • 13 posts
Hi. I've recently picked up a Win32 Mebroot problem. I was using the internet when my whole laptop shut down. When I booted it up again, all I got was a black screen following the bios (i.e. no windows logo).

My system is a 32bit and runs Windows Vista (which came with the machine - no disk). I initially thought my hard drive died, but upon taking my laptop apart, I could hear the hard drive still spinning. Thinking that some other hardware had broken down, I removed the HD and placed it in a old dell laptop and it booted fine. On running ESET nod32 Ver4, it detected a Win32 Mebroot trojan but it couldn't remove it.

I've tried a few virus/malware scanners like Malwarebyes, Avast and Dr. Web's cureit but to no avail. I've also tried a system restore. If someone could help, it'll be much appreciated.

The following is the Malwarebytes log and the OTL log.


//////////////////////////////////////////////////////////////////////////////////
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7697

Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 8.0.6001.19048

12/09/2011 11:05:35 AM
mbam-log-2011-09-12 (11-05-35).txt

Scan type: Quick scan
Objects scanned: 170819
Time elapsed: 4 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1E1CB3CAFC3EFBDB (Trojan.SpyEyes) -> Value: 1E1CB3CAFC3EFBDB -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)


//////////////////////////////////////////////////////////////////////////////////


OTL logfile created on: 12/09/2011 11:13:16 AM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Administrator\Downloads
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.99 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 60.92% Memory free
4.22 Gb Paging File | 3.67 Gb Available in Paging File | 86.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 19.33 Gb Free Space | 17.29% Space Free | Partition Type: NTFS
Drive D: | 66.71 Gb Total Space | 25.51 Gb Free Space | 38.24% Space Free | Partition Type: NTFS

Computer Name: AL-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/12 11:09:31 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Downloads\OTL.exe
PRC - [2011/07/06 19:52:38 | 001,047,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011/06/30 07:15:19 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/10/29 16:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/30 07:15:19 | 001,014,744 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011/06/21 10:01:51 | 006,271,136 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Unknown | Stopped] -- -- (wscsvc)
SRV - File not found [Disabled | Stopped] -- -- (NMIndexingService)
SRV - [2010/04/21 02:13:21 | 000,371,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/04/21 02:13:21 | 000,371,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/09/29 12:11:10 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/09/29 12:03:46 | 000,735,960 | ---- | M] (ESET) [Auto | Stopped] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009/08/24 22:16:12 | 000,378,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2008/01/18 22:33:44 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/05/16 02:47:48 | 000,094,208 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007/05/08 19:45:27 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/05/01 18:52:17 | 001,489,688 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\AMT\UNS.EXE -- (UNS) Intel®
SRV - [2007/05/01 18:52:13 | 000,183,064 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\AMT\ATCHKSRV.EXE -- (atchksrv) Intel®
SRV - [2007/05/01 18:52:05 | 000,121,624 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\AMT\LMS.EXE -- (LMS) Intel®
SRV - [2007/04/03 11:38:10 | 000,234,496 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Stator - AFM\Stator_AUpd.exe -- (Anfield Capital: Stator-AFM Professional update permissions manager. 9845.)
SRV - [2007/02/06 11:13:14 | 000,094,208 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/12/29 09:17:50 | 000,123,248 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2006/12/10 10:31:13 | 000,024,576 | ---- | M] (Syntek America Inc.) [Auto | Stopped] -- C:\Windows\System32\StkCSrv.exe -- (StkSSrv)
SRV - [2006/11/02 23:40:12 | 000,174,656 | R--- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Protexis\License Service\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/06/14 11:58:00 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2005/10/04 07:24:56 | 000,053,248 | ---- | M] ( Advanced Software Technologies) [Auto | Stopped] -- C:\Windows\System32\AstSrv.exe -- (astcc)


========== Driver Services (SafeList) ==========

DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/09/29 12:05:58 | 000,095,896 | ---- | M] (ESET) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2009/09/29 12:02:58 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/09/29 11:56:32 | 000,116,008 | ---- | M] (ESET) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
DRV - [2009/09/28 01:02:44 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\Downloads\PeerBlock_r181__Win32_Release_(Vista)\pbfilter.sys -- (pbfilter)
DRV - [2009/06/25 11:04:04 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2009/06/25 11:04:04 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2009/06/05 11:08:41 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/04/23 16:51:18 | 000,016,640 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2009/01/08 18:00:54 | 000,016,640 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AsAudioDevice_351.sys -- (AsAudioDevice_351)
DRV - [2008/11/04 18:45:46 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV - [2008/11/04 18:45:46 | 000,108,200 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV - [2008/11/04 18:45:46 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2008/11/04 18:45:44 | 000,114,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2008/11/04 18:45:44 | 000,086,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV - [2008/11/04 18:45:44 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV - [2008/11/04 18:45:44 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2008/08/15 13:27:54 | 000,105,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zgwhsnmea.sys -- (zgwhsnmea)
DRV - [2008/08/15 13:27:34 | 000,105,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zgwhsmdm.sys -- (zgwhsmdm)
DRV - [2008/08/15 13:27:14 | 000,105,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zgwhsdiag.sys -- (zgwhsdiag)
DRV - [2008/07/21 16:34:36 | 000,121,872 | ---- | M] (Kaspersky Lab) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2008/03/17 11:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/01/18 22:42:14 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2008/01/18 20:53:24 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/06/07 03:37:00 | 007,120,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/05/04 13:21:47 | 000,208,896 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaNvStor.sys -- (iaNvStor) Intel®
DRV - [2007/05/03 12:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2007/04/30 08:45:17 | 002,219,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/04/25 13:32:42 | 000,031,232 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smscirda.sys -- (SMSCIRDA)
DRV - [2007/04/12 02:18:33 | 000,048,000 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2007/04/06 11:27:35 | 000,044,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2007/03/29 09:44:22 | 000,140,424 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/03/22 15:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/25 07:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/05 20:53:58 | 000,011,632 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007/02/01 13:44:17 | 000,223,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/01/24 20:08:39 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2007/01/24 09:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/01/03 00:55:55 | 001,133,312 | ---- | M] (Syntek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StkCMini.sys -- (StkCMini)
DRV - [2006/12/14 02:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006/11/22 19:34:59 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/11/16 12:02:19 | 000,015,216 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2006/11/02 17:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/11/02 17:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2006/11/02 17:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/08/16 02:32:44 | 000,034,944 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF) WinPcap Packet Driver (NPF)
DRV - [2006/02/07 21:52:57 | 000,006,912 | ---- | M] (JMicron ) [Kernel | Boot | Stopped] -- C:\Windows\system32\DRIVERS\JGOGO.sys -- (JGOGO)
DRV - [2005/10/01 11:00:00 | 000,076,288 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2005/10/01 11:00:00 | 000,026,120 | ---- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SNTNLUSB.SYS -- (Sntnlusb)
DRV - [1999/10/08 08:52:28 | 000,053,248 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\SSIPDDP.SYS -- (SSIPDDP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-118959114-2448864244-3603343370-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\S-1-5-21-118959114-2448864244-3603343370-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKU\S-1-5-21-118959114-2448864244-3603343370-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKU\S-1-5-21-118959114-2448864244-3603343370-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E8 FC 62 52 6B 1A CC 01 [binary data]
IE - HKU\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:62098

========== FireFox ==========

FF - prefs.js..browser.search.selectedengine: "Dictionary.com"
FF - prefs.js..browser.startup.homepage: "http://www.news.com.au/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.3
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: orbit_ffext@orbitdownloader:2.02
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/06 16:50:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/06 16:50:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/09/14 19:47:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.9\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009/09/14 19:47:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011/04/01 09:36:43 | 000,000,000 | ---D | M]

[2009/03/30 11:50:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2009/03/30 11:50:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/09/12 11:05:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ogkfjykd.default\extensions
[2010/02/03 20:32:53 | 000,000,000 | ---D | M] (Traders Laboratory Toolbar) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ogkfjykd.default\extensions\{1d553f65-3e31-412c-9f3e-ead683425127}
[2010/12/05 21:41:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ogkfjykd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/09/22 13:17:53 | 000,000,000 | ---D | M] ("Blue Ice") -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ogkfjykd.default\extensions\{a8dd47cf-239f-48c4-8379-e6b4cbafdcfa}
[2011/06/24 09:26:13 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ogkfjykd.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2008/09/22 13:17:54 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ogkfjykd.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}(2)
[2009/05/04 11:22:07 | 000,000,000 | ---D | M] (Microsoft Choice Guard) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ogkfjykd.default\extensions\ChoiceGuard@Microsoft
[2008/09/22 13:17:53 | 000,000,000 | ---D | M] (VideoDownloader) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ogkfjykd.default\extensions\[email protected]
[2009/03/25 09:04:34 | 000,000,896 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ogkfjykd.default\searchplugins\conduit.xml
[2011/12/15 12:29:06 | 000,001,466 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ogkfjykd.default\searchplugins\dictionarycom.xml
[2011/09/12 11:05:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/19 18:23:47 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009/06/09 12:32:06 | 000,000,000 | ---D | M] (Orbit Downloader Firefox Integration) -- C:\PROGRAM FILES\ORBITDOWNLOADER\ADDONS\ORBITFF
[2010/01/23 00:04:22 | 000,061,832 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2007/02/04 23:02:56 | 001,642,496 | ---- | M] (LizardTech) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2008/05/15 15:08:16 | 000,086,016 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\NPQUEST3D.DLL

O1 HOSTS File: ([2010/08/24 12:38:37 | 000,000,949 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 IntelAMT.amt.com # LMS GENERATED LINE
O1 - Hosts: 127.0.0.1 wardsystems.org
O1 - Hosts: 127.0.0.1 www.wardsystems.org
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IE to GetRight Helper) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll (Headlight Software, Inc.)
O2 - BHO: (Idea2 SidebarBrowserMonitor Class) - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll (Idea2)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-118959114-2448864244-3603343370-500\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [atchk] C:\Program Files\Intel\AMT\atchk.exe (Intel Corporation)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [BVRPLiveUpdate] File not found
O4 - HKLM..\Run: [C:\Program Files\Free Video Zilla\FVZilla.exe] File not found
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [GuideMenu] C:\Program Files\Corel\Corel GuideMenu\GuideMenu.exe (Corel Copyright © 2007)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe (Intel Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-118959114-2448864244-3603343370-500..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] File not found
O4 - HKU\S-1-5-21-118959114-2448864244-3603343370-500..\Run: [Slawdog Smart Shutdown] C:\Program Files\Slawdog\Smart Shutdown\Smart Shutdown.exe (Slawdog E-Solutions, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10b.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10b.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-21-118959114-2448864244-3603343370-500..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10t_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe ()
O7 - HKU\S-1-5-21-118959114-2448864244-3603343370-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-118959114-2448864244-3603343370-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRDownload.htm ()
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRBrowse.htm ()
O9 - Extra Button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll (Idea2)
O9 - Extra 'Tools' menuitem : Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll (Idea2)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.8.cab (DLM Control)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1AB46D28-D84D-4498-8192-995E989E0400}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C48D4A8A-257B-4236-A859-27E2412F4DCB}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{52962a39-8967-11dd-b53d-001d6069c407}\Shell - "" = AutoRun
O33 - MountPoints2\{52962a39-8967-11dd-b53d-001d6069c407}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{52962a5e-8967-11dd-b53d-001d6069c407}\Shell - "" = AutoRun
O33 - MountPoints2\{52962a5e-8967-11dd-b53d-001d6069c407}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{52962a60-8967-11dd-b53d-8969194966ed}\Shell - "" = AutoRun
O33 - MountPoints2\{52962a60-8967-11dd-b53d-8969194966ed}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{52962a61-8967-11dd-b53d-8969194966ed}\Shell - "" = AutoRun
O33 - MountPoints2\{52962a61-8967-11dd-b53d-8969194966ed}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{72e35a4d-c6f1-11dc-8c0f-001d6069c407}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{7c06dac3-c81f-11dd-a293-ef0a25bd4b05}\Shell - "" = AutoRun
O33 - MountPoints2\{7c06dac3-c81f-11dd-a293-ef0a25bd4b05}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7c06dac4-c81f-11dd-a293-ef0a25bd4b05}\Shell - "" = AutoRun
O33 - MountPoints2\{7c06dac4-c81f-11dd-a293-ef0a25bd4b05}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{89b07d54-d793-11dd-b2f9-87f82a7c207e}\Shell - "" = AutoRun
O33 - MountPoints2\{89b07d54-d793-11dd-b2f9-87f82a7c207e}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{ef36f23f-a3f0-11dd-90ed-b465fe0d6782}\Shell - "" = AutoRun
O33 - MountPoints2\{ef36f23f-a3f0-11dd-90ed-b465fe0d6782}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ef36f242-a3f0-11dd-90ed-b465fe0d6782}\Shell - "" = AutoRun
O33 - MountPoints2\{ef36f242-a3f0-11dd-90ed-b465fe0d6782}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-118959114-2448864244-3603343370-500..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-118959114-2448864244-3603343370-500\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/09/06 17:57:53 | 000,083,968 | -H-- | C] (eSage Lab) -- C:\Users\Administrator\Desktop\remover.exe
[2011/09/06 17:49:03 | 000,083,968 | -H-- | C] (eSage Lab) -- C:\Windows\System32\remover.exe
[2011/09/06 12:41:24 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/09/06 12:41:24 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/09/06 12:22:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/09/04 19:16:18 | 000,000,000 | ---D | C] -- C:\Users\Administrator\DoctorWeb
[2007/01/24 20:08:39 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys

========== Files - Modified Within 30 Days ==========

[2011/09/12 10:54:15 | 000,672,832 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/12 10:54:15 | 000,426,824 | ---- | M] () -- C:\Windows\System32\perfh011.dat
[2011/09/12 10:54:15 | 000,390,344 | ---- | M] () -- C:\Windows\System32\prfh0404.dat
[2011/09/12 10:54:15 | 000,130,744 | ---- | M] () -- C:\Windows\System32\perfc011.dat
[2011/09/12 10:54:15 | 000,130,744 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/12 10:54:15 | 000,130,298 | ---- | M] () -- C:\Windows\System32\prfc0404.dat
[2011/09/12 10:49:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/06 18:30:08 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/06 18:30:08 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/09/06 18:30:07 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/06 18:08:42 | 000,000,057 | ---- | M] () -- C:\Users\Administrator\Desktop\remover.bat
[2011/09/06 17:52:35 | 000,568,832 | ---- | M] () -- C:\Windows\System32\BTKR_RunBox.exe
[2011/09/06 17:42:40 | 000,089,088 | ---- | M] () -- C:\mbr.exe
[2011/09/06 17:30:46 | 000,089,088 | ---- | M] () -- C:\Windows\System32\mbr.exe
[2011/09/06 17:20:15 | 242,695,214 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/09/04 18:51:08 | 000,001,356 | ---- | M] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2011/08/27 06:29:26 | 000,134,883 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\nvModes.001
[2011/08/23 08:18:42 | 000,134,883 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\nvModes.dat
[1 C:\Windows\System32\drivers\etc\*.tmp files -> C:\Windows\System32\drivers\etc\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/06 18:04:38 | 000,000,057 | ---- | C] () -- C:\Users\Administrator\Desktop\remover.bat
[2011/09/06 17:52:35 | 000,568,832 | ---- | C] () -- C:\Windows\System32\BTKR_RunBox.exe
[2011/09/06 17:45:22 | 000,089,088 | ---- | C] () -- C:\mbr.exe
[2011/09/06 17:30:45 | 000,089,088 | ---- | C] () -- C:\Windows\System32\mbr.exe
[2011/05/25 09:35:40 | 000,004,814 | -HS- | C] () -- C:\Users\Administrator\AppData\Local\jvfe16rj777337e4y1564f
[2011/05/25 09:35:40 | 000,004,814 | -HS- | C] () -- C:\ProgramData\jvfe16rj777337e4y1564f
[2010/11/19 18:24:46 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/08/24 12:06:20 | 000,000,008 | ---- | C] () -- C:\Windows\System32\Msspsn.dll
[2010/08/10 20:19:13 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2010/03/08 09:22:00 | 000,098,304 | ---- | C] () -- C:\Windows\System32\NtDirect.dll
[2009/12/29 19:51:43 | 000,000,200 | ---- | C] () -- C:\Windows\System32\srcr.dat
[2009/12/28 02:21:02 | 000,015,132 | ---- | C] () -- C:\Windows\System32\359fsp5rze706.exe
[2009/12/23 06:44:46 | 000,009,452 | ---- | C] () -- C:\Windows\System32\25533z9rm1.dll
[2009/12/22 22:52:23 | 000,000,819 | ---- | C] () -- C:\Windows\nstrddir.ini
[2009/12/22 22:33:42 | 000,004,093 | ---- | C] () -- C:\Windows\NSTRADER.INI
[2009/12/21 17:30:46 | 000,012,200 | ---- | C] () -- C:\Windows\System32\2b8az9dware1205.exe
[2009/12/19 10:23:06 | 000,004,142 | ---- | C] () -- C:\Windows\System32\e769owzl5ader1494.bin
[2009/12/13 15:51:22 | 000,013,393 | ---- | C] () -- C:\Windows\System32\92z4tr9j6d5.dll
[2009/12/11 19:08:03 | 000,015,205 | ---- | C] () -- C:\Windows\System32\2bf8sp5r9e8z1.exe
[2009/11/22 21:17:56 | 000,000,000 | ---- | C] () -- C:\Windows\aiq32cvt.INI
[2009/11/22 21:17:53 | 000,000,870 | ---- | C] () -- C:\Windows\aiq32.ini
[2009/11/22 21:17:53 | 000,000,416 | ---- | C] () -- C:\Windows\AIQCH32.INI
[2009/11/09 11:13:31 | 000,000,024 | ---- | C] () -- C:\Windows\KADJISYS.INI
[2009/11/09 11:13:31 | 000,000,022 | ---- | C] () -- C:\Windows\CTRLXAF4.INI
[2009/11/09 11:13:28 | 000,000,322 | ---- | C] () -- C:\Windows\astros.ini
[2009/11/09 11:12:42 | 000,001,705 | ---- | C] () -- C:\Windows\F4MAIL98.DLL
[2009/11/09 10:57:32 | 000,000,248 | ---- | C] () -- C:\Windows\FTGT32.INI
[2009/11/09 10:56:45 | 000,065,536 | ---- | C] () -- C:\Windows\System32\CTA32.dll
[2009/11/09 10:56:45 | 000,045,056 | ---- | C] () -- C:\Windows\System32\CompDLL.dll
[2009/11/09 10:56:45 | 000,036,352 | ---- | C] () -- C:\Windows\System32\SX32W.DLL
[2009/11/09 10:56:45 | 000,028,672 | ---- | C] () -- C:\Windows\System32\proxydll.dll
[2009/11/07 03:23:28 | 000,012,638 | ---- | C] () -- C:\Windows\System32\z6927hacktoo535d.bin
[2009/11/02 03:19:20 | 000,017,659 | ---- | C] () -- C:\Windows\System32\9458zworm65a.exe
[2009/10/26 18:15:17 | 000,015,091 | ---- | C] () -- C:\Windows\System32\zd44st9al9145.dll
[2009/10/20 00:45:30 | 000,006,702 | ---- | C] () -- C:\Windows\System32\595dth5zat13590.dll
[2009/10/14 09:17:08 | 000,017,591 | ---- | C] () -- C:\Windows\System32\1c859hrezt290435.bin
[2009/10/11 13:40:20 | 000,013,441 | ---- | C] () -- C:\Windows\System32\29z31sp5a3.bin
[2009/10/08 21:08:02 | 000,018,294 | ---- | C] () -- C:\Windows\System32\5z6athief5799.bin
[2009/10/05 04:27:45 | 000,011,036 | ---- | C] () -- C:\Windows\System32\495fsparse268z.exe
[2009/10/01 20:25:13 | 000,008,190 | ---- | C] () -- C:\Windows\System32\z5725s5ambo950b.bin
[2009/09/20 23:50:56 | 000,002,903 | ---- | C] () -- C:\Windows\System32\2z5caddwa59475.dll
[2009/09/18 12:19:39 | 000,018,094 | ---- | C] () -- C:\Windows\17z45sp9676.exe
[2009/09/18 12:19:39 | 000,018,028 | ---- | C] () -- C:\Windows\56946sp95z2.exe
[2009/09/18 12:19:39 | 000,015,496 | ---- | C] () -- C:\Windows\995etzief999.exe
[2009/09/18 12:19:39 | 000,015,029 | ---- | C] () -- C:\Windows\2z955hac9t5ol7a3.dll
[2009/09/18 12:19:39 | 000,014,016 | ---- | C] () -- C:\Windows\92z40not-a-virus2ce5.exe
[2009/09/18 12:19:39 | 000,013,655 | ---- | C] () -- C:\Windows\15azthief30395.dll
[2009/09/18 12:19:39 | 000,013,319 | ---- | C] () -- C:\Windows\84825pzmbot2069.dll
[2009/09/18 12:19:39 | 000,012,526 | ---- | C] () -- C:\Windows\1z1895acktool9a3.bin
[2009/09/18 12:19:39 | 000,012,059 | ---- | C] () -- C:\Windows\7095thze538.dll
[2009/09/18 12:19:39 | 000,011,599 | ---- | C] () -- C:\Windows\1c64dowzloa5er978.bin
[2009/09/18 12:19:39 | 000,011,321 | ---- | C] () -- C:\Windows\4za99teal19405.dll
[2009/09/18 12:19:39 | 000,010,032 | ---- | C] () -- C:\Windows\7z14sp5rs91479.bin
[2009/09/18 12:19:39 | 000,009,448 | ---- | C] () -- C:\Windows\1a79steal3z05.exe
[2009/09/18 12:19:39 | 000,008,569 | ---- | C] () -- C:\Windows\57e9downloadez775.bin
[2009/09/18 12:19:39 | 000,008,532 | ---- | C] () -- C:\Windows\8525w9rm77z.dll
[2009/09/18 12:19:39 | 000,007,898 | ---- | C] () -- C:\Windows\12180v9rus659z.bin
[2009/09/18 12:19:39 | 000,007,757 | ---- | C] () -- C:\Windows\10652zpy987.dll
[2009/09/18 12:19:39 | 000,006,707 | ---- | C] () -- C:\Windows\19988not-5-zirus99.exe
[2009/09/18 12:19:39 | 000,006,313 | ---- | C] () -- C:\Windows\4a3down5oaderz149.bin
[2009/09/18 12:19:39 | 000,005,659 | ---- | C] () -- C:\Windows\2f5zadd9are2349.exe
[2009/09/18 12:19:39 | 000,004,852 | ---- | C] () -- C:\Windows\5z6595eal2134.dll
[2009/09/18 12:19:39 | 000,004,362 | ---- | C] () -- C:\Windows\58cas9zrs52750.exe
[2009/09/18 12:19:39 | 000,003,114 | ---- | C] () -- C:\Windows\2139zhacktoo5596.dll
[2009/09/18 12:19:39 | 000,002,873 | ---- | C] () -- C:\Windows\59291vir9sz61.bin
[2009/09/18 12:08:10 | 000,017,356 | ---- | C] () -- C:\Windows\71bazt59l2149.bin
[2009/09/18 12:08:10 | 000,016,574 | ---- | C] () -- C:\Windows\7az7s9eal5085.exe
[2009/09/18 12:08:10 | 000,014,981 | ---- | C] () -- C:\Windows\5c54szy59re1969.bin
[2009/09/18 12:08:10 | 000,013,924 | ---- | C] () -- C:\Windows\7633tr9jzb5.exe
[2009/09/18 12:08:10 | 000,013,695 | ---- | C] () -- C:\Windows\System32\z729vir15445.exe
[2009/09/18 12:08:10 | 000,012,341 | ---- | C] () -- C:\Windows\System32\9249viru95z3.exe
[2009/09/18 12:08:10 | 000,007,315 | ---- | C] () -- C:\Windows\System32\1z085wo5m90d.dll
[2009/09/18 12:08:10 | 000,003,537 | ---- | C] () -- C:\Windows\System32\507z9hief20375.bin
[2009/09/18 12:08:09 | 000,017,765 | ---- | C] () -- C:\Windows\40fza5dware24509.dll
[2009/09/18 12:08:09 | 000,015,207 | ---- | C] () -- C:\Windows\System32\97775spyzb2.dll
[2009/09/18 12:08:09 | 000,013,888 | ---- | C] () -- C:\Windows\21908s5amboz9f.dll
[2009/09/18 12:08:09 | 000,013,650 | ---- | C] () -- C:\Windows\21543sp9mbotz5.bin
[2009/09/18 12:08:09 | 000,011,178 | ---- | C] () -- C:\Windows\System32\43acthrez5317569.bin
[2009/09/18 12:08:09 | 000,010,706 | ---- | C] () -- C:\Windows\31659s9zmb5t31b.exe
[2009/09/18 12:08:09 | 000,009,338 | ---- | C] () -- C:\Windows\System32\3b4cszar9e27775.exe
[2009/09/18 12:08:09 | 000,009,149 | ---- | C] () -- C:\Windows\System32\92599zo5m452.exe
[2009/09/18 12:08:09 | 000,008,404 | ---- | C] () -- C:\Windows\System32\9fczteal1795.dll
[2009/09/18 12:08:09 | 000,008,323 | ---- | C] () -- C:\Windows\455az9arse1882.exe
[2009/09/18 12:08:09 | 000,008,319 | ---- | C] () -- C:\Windows\System32\513zspyw9re5007.bin
[2009/09/18 12:08:09 | 000,008,083 | ---- | C] () -- C:\Windows\System32\15517s9amboz486.dll
[2009/09/18 12:08:09 | 000,007,613 | ---- | C] () -- C:\Windows\System32\12z195roj729.exe
[2009/09/18 12:08:09 | 000,007,174 | ---- | C] () -- C:\Windows\28949worm995z.exe
[2009/09/18 12:08:09 | 000,006,859 | ---- | C] () -- C:\Windows\25z8th9ef1549.bin
[2009/09/18 12:08:09 | 000,006,645 | ---- | C] () -- C:\Windows\System32\26189szy557.bin
[2009/09/18 12:08:09 | 000,005,948 | ---- | C] () -- C:\Windows\System32\163fthi5932z.bin
[2009/09/18 12:08:09 | 000,004,896 | ---- | C] () -- C:\Windows\4e995ir24z5.exe
[2009/09/18 12:08:09 | 000,004,259 | ---- | C] () -- C:\Windows\2845sp9rse2270z.bin
[2009/09/18 12:08:09 | 000,003,401 | ---- | C] () -- C:\Windows\4915down9oader8z5.dll
[2009/09/18 12:08:08 | 000,017,996 | ---- | C] () -- C:\Windows\786zspy9are2580.bin
[2009/09/18 12:08:08 | 000,016,868 | ---- | C] () -- C:\Windows\System32\z8850worm99.exe
[2009/09/18 12:08:08 | 000,015,601 | ---- | C] () -- C:\Windows\System32\4c9f95wnlzader615.bin
[2009/09/18 12:08:08 | 000,015,150 | ---- | C] () -- C:\Windows\80z5sp54459.dll
[2009/09/18 12:08:08 | 000,015,091 | ---- | C] () -- C:\Windows\System32\7566sparsez009.dll
[2009/09/18 12:08:08 | 000,012,424 | ---- | C] () -- C:\Windows\System32\159z29roj74a.exe
[2009/09/18 12:08:08 | 000,012,356 | ---- | C] () -- C:\Windows\System32\7a1z5teal9511.dll
[2009/09/18 12:08:08 | 000,012,048 | ---- | C] () -- C:\Windows\System32\35245ackdooz3919.dll
[2009/09/18 12:08:08 | 000,012,010 | ---- | C] () -- C:\Windows\2912adzwar53181.bin
[2009/09/18 12:08:08 | 000,010,438 | ---- | C] () -- C:\Windows\697csp5rz9349.dll
[2009/09/18 12:08:08 | 000,010,314 | ---- | C] () -- C:\Windows\32947spz5bot45a.exe
[2009/09/18 12:08:08 | 000,010,239 | ---- | C] () -- C:\Windows\System32\z641spambo9445.bin
[2009/09/18 12:08:08 | 000,010,153 | ---- | C] () -- C:\Windows\System32\52e2downloa9er1013z.exe
[2009/09/18 12:08:08 | 000,009,743 | ---- | C] () -- C:\Windows\System32\92b1viz1533.exe
[2009/09/18 12:08:08 | 000,009,071 | ---- | C] () -- C:\Windows\3347hacz5ool9fe.bin
[2009/09/18 12:08:08 | 000,009,041 | ---- | C] () -- C:\Windows\z9992s5y1ae.dll
[2009/09/18 12:08:08 | 000,008,325 | ---- | C] () -- C:\Windows\System32\1160zpy559.exe
[2009/09/18 12:08:08 | 000,008,054 | ---- | C] () -- C:\Windows\System32\5zbdsteal5419.exe
[2009/09/18 12:08:08 | 000,007,752 | ---- | C] () -- C:\Windows\System32\9543wzrm73a.dll
[2009/09/18 12:08:08 | 000,007,040 | ---- | C] () -- C:\Windows\System32\1457do9nloader9z5.bin
[2009/09/18 12:08:08 | 000,006,134 | ---- | C] () -- C:\Windows\System32\240485acktzol19.exe
[2009/09/18 12:08:08 | 000,005,624 | ---- | C] () -- C:\Windows\System32\170265p9mbot4zf.dll
[2009/09/18 12:08:08 | 000,004,635 | ---- | C] () -- C:\Windows\2619tzoj44e5.exe
[2009/09/18 12:08:08 | 000,003,687 | ---- | C] () -- C:\Windows\z22719py157.exe
[2009/09/18 12:08:08 | 000,003,475 | ---- | C] () -- C:\Windows\22099spy950z.bin
[2009/09/18 12:08:08 | 000,002,985 | ---- | C] () -- C:\Windows\1979vz51622.dll
[2009/09/18 12:08:08 | 000,002,868 | ---- | C] () -- C:\Windows\56f895wnlzader1623.bin
[2009/09/18 12:08:08 | 000,002,524 | ---- | C] () -- C:\Windows\18b0stzal2592.exe
[2009/09/18 12:08:07 | 000,018,166 | ---- | C] () -- C:\Windows\System32\3547z59j2c8.exe
[2009/09/18 12:08:07 | 000,013,525 | ---- | C] () -- C:\Windows\System32\351z1troj3a9.dll
[2009/09/18 12:08:07 | 000,008,444 | ---- | C] () -- C:\Windows\System32\35a9spyware25z0.bin
[2009/09/18 12:08:07 | 000,007,408 | ---- | C] () -- C:\Windows\System32\31z39not-a-virus257.exe
[2009/09/18 12:08:07 | 000,007,233 | ---- | C] () -- C:\Windows\1826spazbot9d5.exe
[2009/09/18 12:08:07 | 000,007,081 | ---- | C] () -- C:\Windows\System32\z99v59us315.bin
[2009/09/18 12:08:07 | 000,006,651 | ---- | C] () -- C:\Windows\System32\10199worm5z4.bin
[2009/09/18 12:08:07 | 000,005,742 | ---- | C] () -- C:\Windows\z616st5al972.dll
[2009/09/18 12:08:07 | 000,005,645 | ---- | C] () -- C:\Windows\System32\555a9ownloader1z65.bin
[2009/09/18 12:08:07 | 000,003,957 | ---- | C] () -- C:\Windows\System32\19540sz96b7.exe
[2009/09/18 12:08:07 | 000,003,804 | ---- | C] () -- C:\Windows\25544haz9tool65a.bin
[2009/09/18 12:08:07 | 000,003,371 | ---- | C] () -- C:\Windows\System32\4745sp9rze1574.bin
[2009/09/18 12:08:07 | 000,002,976 | ---- | C] () -- C:\Windows\16169spz9bot3fc5.dll
[2009/09/18 12:08:07 | 000,002,929 | ---- | C] () -- C:\Windows\170715iru94dz.exe
[2009/09/17 05:04:32 | 000,009,044 | ---- | C] () -- C:\Windows\System32\6d15stez5392.bin
[2009/09/15 06:00:59 | 000,008,537 | ---- | C] () -- C:\Windows\194z8sp9mbot572.exe
[2009/09/14 08:16:59 | 000,012,083 | ---- | C] () -- C:\Windows\23874t95j5eez.bin
[2009/09/14 02:40:38 | 000,004,824 | ---- | C] () -- C:\Windows\System32\56abackd9zr597.exe
[2009/09/13 13:00:42 | 000,018,410 | ---- | C] () -- C:\Windows\System32\21a5addware988z.exe
[2009/09/04 04:03:20 | 000,010,632 | ---- | C] () -- C:\Windows\System32\z91715pambot368.exe
[2009/08/29 01:44:42 | 000,004,614 | ---- | C] () -- C:\Windows\System32\792zdownloader6895.exe
[2009/08/26 17:52:17 | 000,002,767 | ---- | C] () -- C:\Windows\1253hackzoo960.dll
[2009/08/26 07:36:49 | 000,009,440 | ---- | C] () -- C:\Windows\z259virus35f.exe
[2009/08/24 04:25:54 | 000,010,293 | ---- | C] () -- C:\Windows\25995roj752z.bin
[2009/08/23 23:17:49 | 000,014,181 | ---- | C] () -- C:\Windows\5c85za9kdoor85.dll
[2009/08/20 10:46:11 | 000,003,447 | ---- | C] () -- C:\Windows\System32\62029a5kdoorz311.exe
[2009/08/18 15:41:41 | 000,002,833 | ---- | C] () -- C:\Windows\5579zddware2801.exe
[2009/08/16 09:04:22 | 000,003,422 | ---- | C] () -- C:\Windows\79e25ackdoor9z6.exe
[2009/08/14 18:56:24 | 000,016,736 | ---- | C] () -- C:\Windows\195evir2z2.dll
[2009/08/14 06:23:15 | 000,002,841 | ---- | C] () -- C:\Windows\System32\25795ir899z.exe
[2009/08/12 02:09:05 | 000,015,440 | ---- | C] () -- C:\Windows\System32\za069h5eat28000.exe
[2009/08/11 23:49:52 | 000,017,338 | ---- | C] () -- C:\Windows\1bzd5hief1923.dll
[2009/08/08 10:22:42 | 000,009,664 | ---- | C] () -- C:\Windows\System32\z52149py4a85.dll
[2009/08/05 05:00:13 | 000,004,544 | ---- | C] () -- C:\Windows\z995thief2495.exe
[2009/08/03 06:57:12 | 000,002,714 | ---- | C] () -- C:\Windows\System32\30649spa9bo5z6b.exe
[2009/08/01 23:26:07 | 000,009,616 | ---- | C] () -- C:\Windows\System32\3d1z9hrea51500.exe
[2009/07/29 08:03:38 | 000,009,884 | ---- | C] () -- C:\Windows\409zth5ef256.exe
[2009/07/28 05:29:44 | 000,002,692 | ---- | C] () -- C:\Windows\System32\52z4vir95105.dll
[2009/07/27 19:26:15 | 000,006,264 | ---- | C] () -- C:\Windows\1z6849pambot57c.exe
[2009/07/25 19:32:48 | 000,004,286 | ---- | C] () -- C:\Windows\System32\94dthrz9t276265.exe
[2009/07/22 17:43:47 | 000,017,007 | ---- | C] () -- C:\Windows\System32\692zdownloader27925.dll
[2009/07/21 05:26:37 | 000,015,559 | ---- | C] () -- C:\Windows\System32\46z9not-a5virus3479.bin
[2009/07/17 23:07:45 | 000,003,866 | ---- | C] () -- C:\Windows\System32\1496s5ambzt396.bin
[2009/07/16 17:20:32 | 000,005,575 | ---- | C] () -- C:\Windows\System32\9593thi5z55.dll
[2009/07/15 09:49:29 | 000,004,207 | ---- | C] () -- C:\Windows\3bbespa95e1z75.exe
[2009/07/09 23:13:39 | 000,014,556 | ---- | C] () -- C:\Windows\System32\446e9parz52895.dll
[2009/07/07 12:43:46 | 000,013,785 | ---- | C] () -- C:\Windows\z3593w5rm2aa.bin
[2009/07/07 11:45:21 | 000,014,521 | ---- | C] () -- C:\Windows\6526vz52309.dll
[2009/07/05 02:15:48 | 000,016,824 | ---- | C] () -- C:\Windows\195645pamboz3a9.dll
[2009/07/03 22:10:50 | 000,005,874 | ---- | C] () -- C:\Windows\z5715orm91.exe
[2009/06/28 11:41:21 | 000,006,864 | ---- | C] () -- C:\Windows\System32\6z90hac5tool98d.exe
[2009/06/27 22:10:03 | 000,013,647 | ---- | C] () -- C:\Windows\19395ir1047z.exe
[2009/06/27 12:32:07 | 000,016,678 | ---- | C] () -- C:\Windows\System32\6a5zthief16529.bin
[2009/06/25 15:47:52 | 000,009,224 | ---- | C] () -- C:\Windows\System32\2279zown9oader537.exe
[2009/06/18 09:32:03 | 000,014,224 | ---- | C] () -- C:\Windows\System32\7959spars92576z.dll
[2009/06/18 08:37:31 | 000,009,667 | ---- | C] () -- C:\Windows\15b1st5alz9899.dll
[2009/06/17 08:28:10 | 000,006,398 | ---- | C] () -- C:\Windows\225549or5zcc.dll
[2009/06/15 01:09:04 | 000,018,388 | ---- | C] () -- C:\Windows\29560spambot1z2.dll
[2009/06/12 22:51:11 | 000,008,408 | ---- | C] () -- C:\Windows\System32\29926tro5za2.dll
[2009/06/12 21:33:08 | 000,008,625 | ---- | C] () -- C:\Windows\System32\4009zdd5are2429.exe
[2009/06/11 09:10:23 | 000,014,591 | ---- | C] () -- C:\Windows\5728not-a-vzru59c7.bin
[2009/06/06 12:40:47 | 000,016,044 | ---- | C] () -- C:\Windows\System32\19577szy38f.dll
[2009/06/05 17:22:17 | 000,015,932 | ---- | C] () -- C:\Windows\System32\2eze95eal589.bin
[2009/06/05 08:38:57 | 000,016,535 | ---- | C] () -- C:\Windows\System32\873znot-a-vir5s9ff.dll
[2009/06/04 06:11:53 | 000,005,047 | ---- | C] () -- C:\Windows\System32\28985wormz5.dll
[2009/06/02 17:15:58 | 000,017,153 | ---- | C] () -- C:\Windows\1z925vi9us555.bin
[2009/06/01 11:43:23 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2009/05/27 13:07:24 | 000,008,878 | ---- | C] () -- C:\Windows\System32\1bd65z91435.bin
[2009/05/27 01:09:01 | 000,008,964 | ---- | C] () -- C:\Windows\16879hac5toz915f.exe
[2009/05/26 04:06:15 | 000,015,107 | ---- | C] () -- C:\Windows\System32\25249virzs555.dll
[2009/05/25 19:39:16 | 000,018,412 | ---- | C] () -- C:\Windows\975badzwar52484.bin
[2009/05/23 20:35:21 | 000,011,908 | ---- | C] () -- C:\Windows\System32\25e5downloade9z58.dll
[2009/05/20 19:23:49 | 000,018,102 | ---- | C] () -- C:\Windows\System32\6958vizus479.exe
[2009/05/18 15:03:41 | 000,013,174 | ---- | C] () -- C:\Windows\14c8spy5are199z.exe
[2009/05/16 05:47:11 | 000,017,283 | ---- | C] () -- C:\Windows\70df5zie92099.dll
[2009/05/15 16:14:00 | 000,006,408 | ---- | C] () -- C:\Windows\System32\63edz5reat3469.exe
[2009/05/14 01:10:22 | 000,012,455 | ---- | C] () -- C:\Windows\590espzrse466.exe
[2009/05/13 17:28:41 | 000,013,917 | ---- | C] () -- C:\Windows\System32\9913not-a-vz5u9448.bin
[2009/05/13 07:09:19 | 000,015,797 | ---- | C] () -- C:\Windows\96997sp572z.bin
[2009/05/12 07:05:55 | 000,006,843 | ---- | C] () -- C:\Windows\1z5backdoor20789.dll
[2009/05/10 23:12:37 | 000,011,995 | ---- | C] () -- C:\Windows\System32\1c89tzief1855.exe
[2009/05/10 18:11:22 | 000,004,653 | ---- | C] () -- C:\Windows\System32\915z3hacktool55.dll
[2009/05/09 17:40:33 | 000,017,515 | ---- | C] () -- C:\Windows\351backdooz1599.exe
[2009/05/08 14:39:20 | 000,005,789 | ---- | C] () -- C:\Windows\4b9bthzea9109915.bin
[2009/05/07 22:36:09 | 000,010,636 | ---- | C] () -- C:\Windows\9876download5r3046z.dll
[2009/05/06 00:09:22 | 000,016,709 | ---- | C] () -- C:\Windows\1edzspyware16549.dll
[2009/05/05 23:47:26 | 000,012,873 | ---- | C] () -- C:\Windows\5745thrzat9918.bin
[2009/05/03 17:42:43 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/05/03 17:42:43 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/05/03 04:19:30 | 000,017,593 | ---- | C] () -- C:\Windows\System32\517es9yw5re5z5.bin
[2009/05/02 03:54:54 | 000,007,308 | ---- | C] () -- C:\Windows\System32\51620hacktoo9343z.exe
[2009/04/28 00:24:29 | 000,002,608 | ---- | C] () -- C:\Windows\System32\3b589teal24z.bin
[2009/04/24 07:31:19 | 000,004,660 | ---- | C] () -- C:\Windows\174z65a9ktool3fc.bin
[2009/04/23 13:58:16 | 000,008,067 | ---- | C] () -- C:\Windows\System32\322439iz5s586.bin
[2009/04/20 00:23:26 | 000,012,586 | ---- | C] () -- C:\Windows\47f5zpy5are2089.dll
[2009/04/18 06:19:34 | 000,015,924 | ---- | C] () -- C:\Windows\System32\7591vi5uz262.dll
[2009/04/18 05:43:06 | 000,011,216 | ---- | C] () -- C:\Windows\System32\472zs5ambo93e1.exe
[2009/04/17 10:20:32 | 000,013,805 | ---- | C] () -- C:\Windows\7ffd9p5zare77.dll
[2009/04/16 13:08:18 | 000,007,482 | ---- | C] () -- C:\Windows\7z9bbackdoor582.bin
[2009/04/15 15:21:10 | 000,003,935 | ---- | C] () -- C:\Windows\9551viruszbf.bin
[2009/04/15 05:52:03 | 000,014,402 | ---- | C] () -- C:\Windows\zc84vir24459.dll
[2009/04/13 13:26:43 | 000,004,190 | ---- | C] () -- C:\Windows\91303zpamb5t3bc.dll
[2009/04/10 20:40:04 | 000,006,168 | ---- | C] () -- C:\Windows\79a7stza51954.bin
[2009/04/10 16:08:00 | 000,011,055 | ---- | C] () -- C:\Windows\System32\157z9w9rm5de.dll
[2009/04/09 08:19:45 | 000,013,717 | ---- | C] () -- C:\Windows\System32\23760viru59z3.dll
[2009/04/08 11:53:21 | 000,009,933 | ---- | C] () -- C:\Windows\System32\7676haczto5l30b9.dll
[2009/04/08 10:24:53 | 000,009,688 | ---- | C] () -- C:\Windows\548dbackdo9rz101.exe
[2009/04/05 23:56:03 | 000,000,042 | ---- | C] () -- C:\Windows\MS.INI
[2009/04/05 00:50:50 | 000,014,680 | ---- | C] () -- C:\Windows\239505ozm2b8.dll
[2009/03/30 08:13:16 | 000,002,202 | ---- | C] () -- C:\Windows\winros.ini
[2009/03/30 08:13:16 | 000,000,046 | ---- | C] () -- C:\Windows\reader.Ini
[2009/03/30 08:13:16 | 000,000,009 | ---- | C] () -- C:\Windows\WinSig.Ini
[2009/03/30 08:13:04 | 000,080,624 | ---- | C] () -- C:\Windows\System32\SH30W32.DLL
[2009/03/24 05:09:59 | 000,014,967 | ---- | C] () -- C:\Windows\System32\84985iruszec9.dll
[2009/03/23 09:21:08 | 000,000,084 | ---- | C] () -- C:\Windows\netdet.ini
[2009/03/22 16:03:58 | 000,003,313 | ---- | C] () -- C:\Windows\6d09thze51104.bin
[2009/03/21 03:17:13 | 000,012,949 | ---- | C] () -- C:\Windows\System32\5979spzmbo93c3.dll
[2009/03/19 20:48:15 | 000,139,264 | ---- | C] () -- C:\Windows\ShareBarData.dll
[2009/03/19 18:46:47 | 000,002,316 | ---- | C] () -- C:\Windows\elwave76.ini
[2009/03/17 21:02:39 | 000,003,556 | ---- | C] () -- C:\Windows\System32\26685notza-vi9us56f.exe
[2009/03/15 05:07:21 | 000,014,622 | ---- | C] () -- C:\Windows\23215not5a9viruz75.bin
[2009/03/11 14:21:49 | 000,008,576 | ---- | C] () -- C:\Windows\System32\1a0s5ywarez109.bin
[2009/03/11 07:30:46 | 000,018,042 | ---- | C] () -- C:\Windows\System32\15705wzrm9a.dll
[2009/03/10 20:49:46 | 000,007,358 | ---- | C] () -- C:\Windows\System32\3893wozm159.bin
[2009/03/06 07:37:34 | 000,005,950 | ---- | C] () -- C:\Windows\System32\55eddow9loadez28285.exe
[2009/03/04 19:25:33 | 000,004,010 | ---- | C] () -- C:\Windows\1z85st9al638.exe
[2009/03/01 09:19:55 | 000,007,647 | ---- | C] () -- C:\Windows\System32\19855zac5tool414.exe
[2009/02/26 18:14:55 | 000,011,596 | ---- | C] () -- C:\Windows\System32\5553vizus69e9.exe
[2009/02/25 17:22:21 | 000,005,808 | ---- | C] () -- C:\Windows\System32\4a92thiefz475.dll
[2009/02/19 06:53:36 | 000,009,832 | ---- | C] () -- C:\Windows\System32\5be5v9r5z04.dll
[2009/02/17 03:18:20 | 000,008,583 | ---- | C] () -- C:\Windows\56489troj3z9.exe
[2009/02/15 21:10:09 | 000,011,761 | ---- | C] () -- C:\Windows\System32\16e55pyw9rez600.exe
[2009/02/12 14:48:39 | 000,013,902 | ---- | C] () -- C:\Windows\System32\289165ot-a9viruszba.dll
[2009/02/12 09:00:18 | 000,003,737 | ---- | C] () -- C:\Windows\System32\12925spy590z.dll
[2009/02/11 15:14:01 | 000,007,554 | ---- | C] () -- C:\Windows\5225t9ief1812z.dll
[2009/02/11 06:30:34 | 000,008,843 | ---- | C] () -- C:\Windows\6005b9c5dozr2839.exe
[2009/02/10 10:17:10 | 000,007,297 | ---- | C] () -- C:\Windows\235dth9ef2949z.exe
[2009/02/10 06:28:25 | 000,004,022 | ---- | C] () -- C:\Windows\System32\9580hac5tool3z8.bin
[2009/02/06 05:31:51 | 000,014,608 | ---- | C] () -- C:\Windows\System32\53acstealz597.exe
[2009/02/04 06:00:49 | 000,010,798 | ---- | C] () -- C:\Windows\10z79troj588.exe
[2009/02/03 09:34:48 | 000,006,275 | ---- | C] () -- C:\Windows\System32\z7057spa9bot2ba.exe
[2009/01/29 19:35:48 | 000,000,018 | ---- | C] () -- C:\Windows\UseDop.ini
[2009/01/27 20:31:47 | 000,000,018 | ---- | C] () -- C:\Windows\DirSelUseDop.ini
[2009/01/27 10:58:35 | 000,002,688 | ---- | C] () -- C:\Windows\System32\198355pyz9.dll
[2009/01/25 06:05:47 | 000,004,107 | ---- | C] () -- C:\Windows\2d2bthi5z679.exe
[2009/01/24 10:17:10 | 000,005,945 | ---- | C] () -- C:\Windows\2158hacktoo5z9f.exe
[2009/01/23 02:32:37 | 000,007,811 | ---- | C] () -- C:\Windows\System32\3c1fz5arse2981.bin
[2009/01/23 01:46:36 | 000,012,751 | ---- | C] () -- C:\Windows\459aspyza95952.bin
[2009/01/19 06:54:58 | 000,012,264 | ---- | C] () -- C:\Windows\System32\1295zsp53d6.exe
[2009/01/18 13:18:37 | 000,014,110 | ---- | C] () -- C:\Windows\22691v9ruszda5.bin
[2009/01/17 21:23:41 | 000,007,652 | ---- | C] () -- C:\Windows\1z649not-a-virus17c5.exe
[2009/01/16 23:27:12 | 000,015,117 | ---- | C] () -- C:\Windows\System32\9c05viz2135.bin
[2009/01/16 12:33:14 | 000,006,968 | ---- | C] () -- C:\Windows\3a59viz1597.bin
[2009/01/14 17:06:38 | 000,007,213 | ---- | C] () -- C:\Windows\565fspywarz498.bin
[2009/01/14 06:46:58 | 000,010,291 | ---- | C] () -- C:\Windows\31673spz7579.dll
[2009/01/08 10:51:59 | 000,003,341 | ---- | C] () -- C:\Windows\59cethie9425z.dll
[2009/01/08 08:43:24 | 000,004,739 | ---- | C] () -- C:\Windows\4859addw9rz589.exe
[2009/01/07 01:11:48 | 000,009,047 | ---- | C] () -- C:\Windows\566ezparse5419.dll
[2009/01/06 23:14:46 | 000,018,069 | ---- | C] () -- C:\Windows\System32\15dbdow9l5ader25z1.dll
[2008/12/29 00:25:16 | 000,012,993 | ---- | C] () -- C:\Windows\13590sz5mbot2c6.dll
[2008/12/27 13:22:45 | 000,011,903 | ---- | C] () -- C:\Windows\7bfthr59t29545z.dll
[2008/12/20 05:52:17 | 000,010,129 | ---- | C] () -- C:\Windows\z865virus1c9.dll
[2008/12/18 19:16:53 | 000,012,639 | ---- | C] () -- C:\Windows\55cedo5nloz9er379.dll
[2008/12/15 18:50:34 | 000,001,356 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2008/12/15 16:36:09 | 000,018,412 | ---- | C] () -- C:\Windows\13z32v5rus29e9.bin
[2008/12/10 04:57:45 | 000,006,217 | ---- | C] () -- C:\Windows\System32\185775ro9z27.exe
[2008/12/06 08:54:38 | 000,008,302 | ---- | C] () -- C:\Windows\51213tro9z47.dll
[2008/12/03 11:20:40 | 000,014,778 | ---- | C] () -- C:\Windows\System32\6589spyware8z9.bin
[2008/12/02 19:53:50 | 000,012,241 | ---- | C] () -- C:\Windows\System32\5b41stz5l1999.dll
[2008/11/28 10:58:48 | 000,004,742 | ---- | C] () -- C:\Windows\System32\50892v9rzsad.exe
[2008/11/27 18:10:04 | 000,002,998 | ---- | C] () -- C:\Windows\System32\3199h5ckzoo9126.dll
[2008/11/25 20:26:27 | 000,014,895 | ---- | C] () -- C:\Windows\1204downzo5der429.bin
[2008/11/24 15:09:55 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2008/11/24 15:09:32 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2008/11/24 02:30:41 | 000,007,909 | ---- | C] () -- C:\Windows\System32\7z49downloader2514.exe
[2008/11/23 09:19:20 | 000,004,310 | ---- | C] () -- C:\Windows\System32\193235pamboz449.bin
[2008/11/20 13:28:30 | 000,004,289 | ---- | C] () -- C:\Windows\7z9fth59at15408.bin
[2008/11/19 11:33:49 | 000,011,667 | ---- | C] () -- C:\Windows\System32\1580zno5-a-virus498.exe
[2008/11/17 09:42:51 | 000,011,566 | ---- | C] () -- C:\Windows\System32\z05ethie91076.bin
[2008/11/17 02:35:09 | 000,007,793 | ---- | C] () -- C:\Windows\System32\3e51thie9z316.exe
[2008/11/16 10:54:53 | 000,008,380 | ---- | C] () -- C:\Windows\System32\18857za9kt5ol776.dll
[2008/11/15 02:23:54 | 000,009,827 | ---- | C] () -- C:\Windows\System32\9zd8vir27825.bin
[2008/11/14 18:10:03 | 000,015,847 | ---- | C] () -- C:\Windows\b5esteal19z29.exe
[2008/11/14 07:34:42 | 000,017,068 | ---- | C] () -- C:\Windows\20591v9rus4zd.exe
[2008/11/14 05:31:29 | 000,005,061 | ---- | C] () -- C:\Windows\28505szamb9tcd.bin
[2008/11/13 04:55:49 | 000,003,651 | ---- | C] () -- C:\Windows\System32\9503s9z123.exe
[2008/11/12 04:52:56 | 000,008,200 | ---- | C] () -- C:\Windows\System32\7323thief2594z.dll
[2008/11/10 13:38:49 | 000,003,375 | ---- | C] () -- C:\Windows\25831wormz3b9.dll
[2008/11/10 02:49:31 | 000,008,642 | ---- | C] () -- C:\Windows\System32\21051troj69ez.exe
[2008/11/07 21:07:27 | 000,007,872 | ---- | C] () -- C:\Windows\522vz9us5e.bin
[2008/11/02 09:33:00 | 000,017,846 | ---- | C] () -- C:\Windows\7583spamb9tza7.bin
[2008/10/25 01:34:39 | 000,002,583 | ---- | C] () -- C:\Windows\System32\z0d5down5oa9er1533.dll
[2008/10/24 11:35:56 | 000,012,406 | ---- | C] () -- C:\Windows\System32\1049zh5cktool5d29.exe
[2008/10/24 02:40:12 | 000,010,008 | ---- | C] () -- C:\Windows\16796za9ktool557.exe
[2008/10/23 15:57:29 | 000,018,206 | ---- | C] () -- C:\Windows\50feszy9are1915.exe
[2008/10/19 23:07:31 | 000,003,712 | ---- | C] () -- C:\Windows\z0fas5ea92911.exe
[2008/10/17 21:25:00 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008/10/17 21:25:00 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2008/10/17 21:24:38 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf07a.dat
[2008/10/15 11:40:22 | 000,012,392 | ---- | C] () -- C:\Windows\System32\z5742h5ckt9ol4b9.bin
[2008/10/14 15:14:57 | 000,011,814 | ---- | C] () -- C:\Windows\f4st5zl9217.dll
[2008/10/13 03:41:33 | 000,006,384 | ---- | C] () -- C:\Windows\54079zrm52.bin
[2008/10/01 22:36:36 | 000,014,828 | ---- | C] () -- C:\Windows\System32\3076zspy259.exe
[2008/09/28 13:16:24 | 000,006,608 | ---- | C] () -- C:\Windows\System32\19a7th5eatz2277.dll
[2008/09/25 19:44:08 | 000,008,449 | ---- | C] () -- C:\Windows\77dbt9ief2z25.bin
[2008/09/24 17:19:27 | 000,011,032 | ---- | C] () -- C:\Windows\z489spy5are1705.dll
[2008/09/24 09:06:08 | 000,015,347 | ---- | C] () -- C:\Windows\System32\24227zp922a5.exe
[2008/09/23 01:02:40 | 000,013,974 | ---- | C] () -- C:\Windows\31956not-a-vz5us242.exe
[2008/09/22 12:52:28 | 000,000,143 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2008/09/19 17:48:44 | 000,005,780 | ---- | C] () -- C:\Windows\System32\93z7t5oj469.exe
[2008/09/18 16:48:13 | 000,003,039 | ---- | C] () -- C:\Windows\System32\56a45p9zse991.bin
[2008/09/18 08:34:07 | 000,014,437 | ---- | C] () -- C:\Windows\23242n5t-a-9irus7cz.exe
[2008/09/16 04:02:28 | 000,016,997 | ---- | C] () -- C:\Windows\System32\5565v9r1z45.exe
[2008/09/12 20:13:08 | 000,007,757 | ---- | C] () -- C:\Windows\System32\2z365vi9us215.dll
[2008/09/12 13:13:25 | 000,015,685 | ---- | C] () -- C:\Windows\23494virus225z.dll
[2008/09/12 11:54:59 | 000,010,932 | ---- | C] () -- C:\Windows\System32\292235p9mboz394.dll
[2008/09/09 21:33:35 | 000,000,042 | ---- | C] () -- C:\Windows\ib.ini
[2008/09/09 21:33:34 | 000,026,624 | ---- | C] () -- C:\Windows\GetIe.dll
[2008/09/09 19:59:20 | 000,003,632 | ---- | C] () -- C:\Windows\System32\6592thre5t27019z.dll
[2008/09/09 03:08:52 | 000,002,817 | ---- | C] () -- C:\Windows\19zesteal2465.dll
[2008/09/08 07:04:48 | 000,011,932 | ---- | C] () -- C:\Windows\297steal1953z.bin
[2008/09/06 18:27:44 | 000,004,305 | ---- | C] () -- C:\Windows\41855pamzot1799.dll
[2008/09/03 03:00:30 | 000,003,965 | ---- | C] () -- C:\Windows\7d95szarse2811.exe
[2008/08/28 19:19:46 | 000,016,183 | ---- | C] () -- C:\Windows\System32\9620sp91z65.bin
[2008/08/26 04:42:04 | 000,018,406 | ---- | C] () -- C:\Windows\System32\3532trzj3fe9.dll
[2008/08/20 15:22:41 | 000,006,776 | ---- | C] () -- C:\Windows\System32\7f3eviz21795.dll
[2008/08/18 08:07:49 | 000,003,561 | ---- | C] () -- C:\Windows\System32\24afbackdoorz9925.bin
[2008/08/17 04:59:38 | 000,003,997 | ---- | C] () -- C:\Windows\289a5ddw9rez959.bin
[2008/08/16 18:54:14 | 000,016,039 | ---- | C] () -- C:\Windows\System32\21836not-a9virus65z.dll
[2008/08/15 09:50:53 | 000,003,578 | ---- | C] () -- C:\Windows\29dbacz9oor5178.exe
[2008/08/14 14:54:29 | 000,003,989 | ---- | C] () -- C:\Windows\5b94s5eaz1673.bin
[2008/08/14 12:56:34 | 000,016,375 | ---- | C] () -- C:\Windows\System32\9566tr9j55fz.exe
[2008/08/14 09:52:50 | 000,003,153 | ---- | C] () -- C:\Windows\25a5st5a9z270.dll
[2008/08/09 21:42:40 | 000,012,619 | ---- | C] () -- C:\Windows\System32\22899s5amzot2c0.bin
[2008/08/06 23:07:19 | 000,002,694 | ---- | C] () -- C:\Windows\System32\19593spazbotd9.bin
[2008/08/03 11:16:42 | 000,005,124 | ---- | C] () -- C:\Windows\System32\7059downlzader2952.dll
[2008/08/01 18:42:54 | 000,018,076 | ---- | C] () -- C:\Windows\System32\228925zoj635.dll
[2008/07/29 05:26:32 | 000,011,351 | ---- | C] () -- C:\Windows\24426not-z-viru9de5.dll
[2008/07/27 04:26:39 | 000,018,335 | ---- | C] () -- C:\Windows\System32\6986vir5z4e2.dll
[2008/07/25 04:38:56 | 000,010,246 | ---- | C] () -- C:\Windows\System32\59a4addware213z.dll
[2008/07/22 18:52:58 | 000,008,339 | ---- | C] () -- C:\Windows\15599hac5tooz12b.exe
[2008/07/19 18:46:10 | 000,005,004 | ---- | C] () -- C:\Windows\System32\2987t5reat268z1.bin
[2008/07/14 16:38:37 | 000,005,300 | ---- | C] () -- C:\Windows\System32\779f5parsz9823.bin
[2008/07/14 09:36:12 | 000,016,990 | ---- | C] () -- C:\Windows\c09spaz5e2727.dll
[2008/07/06 01:27:07 | 000,016,249 | ---- | C] () -- C:\Windows\10690hazktoo5599.bin
[2008/07/05 00:53:04 | 000,013,539 | ---- | C] () -- C:\Windows\System32\5aa59hzeat30457.dll
[2008/07/05 00:36:16 | 000,016,154 | ---- | C] () -- C:\Windows\System32\815znot-a5v9rus623.dll
[2008/06/27 22:35:44 | 000,013,143 | ---- | C] () -- C:\Windows\5d9cba9kdzor2285.dll
[2008/06/25 10:20:09 | 000,003,584 | ---- | C] () -- C:\Windows\System32\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/25 10:20:09 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/06/24 23:32:24 | 000,015,261 | ---- | C] () -- C:\Windows\298895orz29a.bin
[2008/06/22 23:41:13 | 000,011,476 | ---- | C] () -- C:\Windows\System32\z8519spy38f.bin
[2008/06/22 08:18:59 | 000,003,295 | ---- | C] () -- C:\Windows\z08945irus919.dll
[2008/06/19 13:25:50 | 000,007,897 | ---- | C] () -- C:\Windows\System32\512dspzrse9877.dll
[2008/06/17 12:51:29 | 000,018,413 | ---- | C] () -- C:\Windows\System32\99922szy5a5.dll
[2008/06/16 08:16:12 | 000,012,076 | ---- | C] () -- C:\Windows\System32\zfb2sp5rse2609.exe
[2008/06/14 08:54:41 | 000,008,111 | ---- | C] () -- C:\Windows\System32\49z5spy40c.dll
[2008/06/13 03:56:31 | 000,015,973 | ---- | C] () -- C:\Windows\25235zpy5b9.bin
[2008/06/11 09:01:35 | 000,011,322 | ---- | C] () -- C:\Windows\System32\59z5r398.exe
[2008/06/09 12:48:26 | 000,007,596 | ---- | C] () -- C:\Windows\System32\89z7not5a-virus5c1.bin
[2008/06/04 20:18:52 | 000,014,069 | ---- | C] () -- C:\Windows\System32\962zvir1594.bin
[2008/06/04 18:52:02 | 000,018,269 | ---- | C] () -- C:\Windows\7a7download5r2549z.exe
[2008/06/02 14:08:34 | 000,003,002 | ---- | C] () -- C:\Windows\31501sp95dz.bin
[2008/05/26 01:53:23 | 000,002,549 | ---- | C] () -- C:\Windows\System32\97f4st5az2367.exe
[2008/05/25 20:35:47 | 000,009,244 | ---- | C] () -- C:\Windows\System32\63cfad9ware552z.bin
[2008/05/22 09:23:30 | 000,008,501 | ---- | C] () -- C:\Windows\20273spa5z9t550.dll
[2008/05/22 06:58:35 | 000,004,130 | ---- | C] () -- C:\Windows\System32\5bcezown5o9der2066.bin
[2008/05/19 23:52:23 | 000,016,307 | ---- | C] () -- C:\Windows\System32\35b5zownl9ader3265.bin
[2008/05/19 02:52:12 | 000,015,779 | ---- | C] () -- C:\Windows\System32\6a9back5oo92z53.dll
[2008/05/17 17:56:29 | 000,010,834 | ---- | C] () -- C:\Windows\System32\2917zroj597.dll
[2008/05/15 02:36:14 | 000,010,957 | ---- | C] () -- C:\Windows\zcespywa9e1558.exe
[2008/05/14 03:56:26 | 000,007,185 | ---- | C] () -- C:\Windows\System32\955s5eal47z.dll
[2008/05/13 15:11:03 | 000,009,925 | ---- | C] () -- C:\Windows\222245o9mz61.exe
[2008/05/10 11:53:57 | 000,006,808 | ---- | C] () -- C:\Windows\System32\5059downzoader1980.bin
[2008/05/10 03:23:28 | 000,015,135 | ---- | C] () -- C:\Windows\2866thzef9759.bin
[2008/05/10 02:53:35 | 000,004,012 | ---- | C] () -- C:\Windows\System32\z1679w5rm1c2.bin
[2008/05/08 18:26:49 | 000,016,582 | ---- | C] () -- C:\Windows\128129zr5s548.dll
[2008/05/07 16:37:27 | 000,011,039 | ---- | C] () -- C:\Windows\System32\5d73st95l3121z.dll
[2008/05/05 02:06:03 | 000,015,295 | ---- | C] () -- C:\Windows\System32\792czhre9523275.dll
[2008/05/04 17:45:17 | 000,000,073 | ---- | C] () -- C:\Windows\ORChart.Ini
[2008/05/04 11:09:09 | 000,011,746 | ---- | C] () -- C:\Windows\22a9vi535z.bin
[2008/05/03 15:37:16 | 000,017,502 | ---- | C] () -- C:\Windows\System32\870troz6859.dll
[2008/05/01 14:30:49 | 000,004,076 | ---- | C] () -- C:\Windows\System32\3z95thief2912.bin
[2008/04/29 04:30:03 | 000,008,735 | ---- | C] () -- C:\Windows\System32\1937spar9e459z.bin
[2008/04/28 14:06:30 | 000,249,856 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/28 13:33:15 | 000,078,336 | ---- | C] () -- C:\Windows\System32\SSIREGM.EXE
[2008/04/28 13:33:15 | 000,067,584 | ---- | C] () -- C:\Windows\System32\SSIREGI.EXE
[2008/04/28 13:33:15 | 000,053,248 | ---- | C] () -- C:\Windows\System32\drivers\SSIPDDP.SYS
[2008/04/28 13:33:15 | 000,026,624 | ---- | C] () -- C:\Windows\System32\SSIVDDP.DLL
[2008/04/28 13:33:15 | 000,000,740 | ---- | C] () -- C:\Windows\System32\drivers\SSIDDDP.SYS
[2008/04/28 13:32:12 | 000,001,272 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/04/28 13:32:11 | 000,000,037 | ---- | C] () -- C:\Windows\Server.INI
[2008/04/28 13:31:57 | 000,040,448 | ---- | C] () -- C:\Windows\System32\REGOBJ.DLL
[2008/04/28 13:31:57 | 000,004,528 | ---- | C] () -- C:\Windows\System32\SETBROWS.EXE
[2008/04/24 23:33:36 | 000,009,153 | ---- | C] () -- C:\Windows\System32\6659szeal825.bin
[2008/04/24 02:23:59 | 000,005,304 | ---- | C] () -- C:\Windows\System32\6935spyw5rz963.exe
[2008/04/17 00:16:07 | 000,007,171 | ---- | C] () -- C:\Windows\System32\302z8not-a-9i5usf.bin
[2008/04/14 02:03:22 | 000,007,695 | ---- | C] () -- C:\Windows\5z97hackto5l4ad9.bin
[2008/04/13 10:36:50 | 000,003,452 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008/04/13 10:36:50 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\ACB52E02CC.sys
[2008/04/13 09:22:21 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/04/13 09:22:21 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/04/13 09:22:21 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/04/13 09:22:21 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/04/13 09:22:21 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/04/13 09:22:21 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/04/13 09:19:58 | 000,001,237 | ---- | C] () -- C:\Program Files\WinDVDSetup.iss
[2008/04/13 09:18:00 | 000,001,233 | ---- | C] () -- C:\Program Files\GuideMenuSetup.iss
[2008/04/11 07:17:04 | 000,016,868 | ---- | C] () -- C:\Windows\System32\754threatz08589.exe
[2008/04/08 22:47:37 | 000,010,770 | ---- | C] () -- C:\Windows\System32\199515py1z2.dll
[2008/04/08 09:59:54 | 000,017,218 | ---- | C] () -- C:\Windows\1f2caddware3595z.dll
[2008/04/08 05:16:04 | 000,018,125 | ---- | C] () -- C:\Windows\3597wor52z.bin
[2008/04/05 20:35:05 | 000,004,354 | ---- | C] () -- C:\Windows\System32\509ca5dzare931.exe
[2008/04/01 15:29:00 | 000,017,896 | ---- | C] () -- C:\Windows\73d29i5267z.exe
[2008/03/28 02:00:40 | 000,015,760 | ---- | C] () -- C:\Windows\System32\39dathrezt9509.dll
[2008/03/26 05:22:47 | 000,003,056 | ---- | C] () -- C:\Windows\System32\z9a1vi93527.bin
[2008/03/26 00:10:48 | 000,007,557 | ---- | C] () -- C:\Windows\d579zreat5954.dll
[2008/03/25 13:58:48 | 000,004,675 | ---- | C] () -- C:\Windows\4c5fvir9594z.bin
[2008/03/19 20:21:38 | 000,015,855 | ---- | C] () -- C:\Windows\System32\9c70steal515z.dll
[2008/03/14 05:36:16 | 000,003,315 | ---- | C] () -- C:\Windows\3azc9h5eat23554.bin
[2008/03/11 21:06:27 | 000,017,295 | ---- | C] () -- C:\Windows\34ffthi5z97.exe
[2008/03/11 20:33:22 | 000,011,502 | ---- | C] () -- C:\Windows\57999zpy3fa.exe
[2008/03/10 00:31:46 | 000,012,524 | ---- | C] () -- C:\Windows\50925szy7cf.dll
[2008/03/07 15:13:37 | 000,005,673 | ---- | C] () -- C:\Windows\7830dow5lzade91113.exe
[2008/03/07 07:57:16 | 000,002,660 | ---- | C] () -- C:\Windows\System32\2753zspamb591ab.exe
[2008/03/06 23:31:35 | 000,002,779 | ---- | C] () -- C:\Windows\System32\24c5sparse2469z.exe
[2008/03/02 22:57:08 | 000,003,768 | ---- | C] () -- C:\Windows\3f849hzef1154.dll
[2008/02/25 14:43:14 | 000,011,591 | ---- | C] () -- C:\Windows\9023thz5f2688.bin
[2008/02/24 11:17:43 | 000,010,585 | ---- | C] () -- C:\Windows\System32\z706not5a9virus40e.dll
[2008/02/24 09:13:30 | 000,012,600 | ---- | C] () -- C:\Windows\System32\655bba5k9zor2924.exe
[2008/02/24 01:18:25 | 000,011,669 | ---- | C] () -- C:\Windows\5z2cthie9238.bin
[2008/02/23 12:00:31 | 000,003,069 | ---- | C] () -- C:\Windows\5395v9rusfz5.exe
[2008/02/22 13:11:39 | 000,012,884 | ---- | C] () -- C:\Windows\System32\51320viru9521z.bin
[2008/02/18 23:30:16 | 000,012,504 | ---- | C] () -- C:\Windows\15z99i52708.exe
[2008/02/17 21:21:53 | 000,016,364 | ---- | C] () -- C:\Windows\System32\677as9zware5762.dll
[2008/02/17 17:03:40 | 000,017,278 | ---- | C] () -- C:\Windows\System32\3908n5t9a-vzrus204.exe
[2008/02/17 06:39:47 | 000,004,045 | ---- | C] () -- C:\Windows\4692zteal1257.exe
[2008/02/06 11:08:56 | 000,014,529 | ---- | C] () -- C:\Windows\6099add5are29z7.bin
[2008/02/06 03:38:02 | 000,006,962 | ---- | C] () -- C:\Windows\System32\220czack95or955.exe
[2008/02/05 00:35:35 | 000,008,990 | ---- | C] () -- C:\Windows\752fsp9warz491.dll
[2008/02/04 13:45:08 | 000,016,876 | ---- | C] () -- C:\Windows\System32\19140s5y9c7z.bin
[2008/02/03 01:17:30 | 000,010,496 | ---- | C] () -- C:\Windows\1bd2z5yware2979.dll
[2008/01/28 15:21:36 | 000,014,742 | ---- | C] () -- C:\Windows\System32\250baczd9or856.bin
[2008/01/28 00:57:36 | 000,007,080 | ---- | C] () -- C:\Windows\System32\26f25pzr9e151.exe
[2008/01/27 11:07:09 | 000,004,065 | ---- | C] () -- C:\Windows\35e8az9war52810.bin
[2008/01/26 20:04:42 | 000,013,755 | ---- | C] () -- C:\Windows\1935tzoj3fa9.dll
[2008/01/20 17:38:01 | 000,006,900 | ---- | C] () -- C:\Windows\System32\7z529parse1052.exe
[2008/01/18 01:48:49 | 000,014,664 | ---- | C] () -- C:\Windows\z95t9i5f928.exe
[2008/01/17 08:46:13 | 000,014,767 | ---- | C] () -- C:\Windows\8zcs9a5se1614.bin
[2008/01/16 16:37:29 | 000,012,904 | ---- | C] () -- C:\Windows\System32\2f40zhrea528942.exe
[2008/01/14 15:37:04 | 000,016,026 | ---- | C] () -- C:\Windows\System32\c57zt5al1496.bin
[2008/01/13 17:24:38 | 000,014,990 | ---- | C] () -- C:\Windows\System32\92a2downlzader354.dll
[2008/01/13 08:41:00 | 000,012,063 | ---- | C] () -- C:\Windows\System32\29905vizus13f9.bin
[2008/01/12 06:23:13 | 000,008,106 | ---- | C] () -- C:\Windows\System32\96599acktooz2f.bin
[2008/01/11 03:24:06 | 000,003,107 | ---- | C] () -- C:\Windows\z955worm895.exe
[2008/01/10 23:55:33 | 000,011,874 | ---- | C] () -- C:\Windows\System32\14974sza9bot5a3.dll
[2008/01/09 18:34:24 | 000,009,230 | ---- | C] () -- C:\Windows\System32\6d4ev9z1538.dll
[2008/01/09 14:01:48 | 000,053,248 | ---- | C] () -- C:\Windows\bdoscandel.exe
[2008/01/09 14:01:48 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008/01/09 06:08:54 | 000,015,109 | ---- | C] () -- C:\Windows\148z6t9oj3f55.exe
[2008/01/09 05:34:34 | 000,008,427 | ---- | C] () -- C:\Windows\System32\e97thzeat51956.bin
[2008/01/08 20:23:32 | 000,017,517 | ---- | C] () -- C:\Windows\6f89thizf5931.exe
[2008/01/06 09:48:09 | 000,008,571 | ---- | C] () -- C:\Windows\41z7threa92572.exe
[2008/01/05 08:17:25 | 000,004,385 | ---- | C] () -- C:\Windows\System32\297905ormz2e.bin
[2008/01/05 04:42:06 | 000,013,625 | ---- | C] () -- C:\Windows\7ebes9arsz552.dll
[2007/12/16 09:16:21 | 000,000,000 | ---- | C] () -- C:\Windows\asym.ini
[2007/12/16 07:17:44 | 000,164,864 | ---- | C] () -- C:\Windows\System32\patchw32.dll
[2007/12/16 07:17:44 | 000,158,720 | ---- | C] () -- C:\Windows\System32\LFCMP61N.DLL
[2007/12/16 07:17:44 | 000,110,080 | ---- | C] () -- C:\Windows\System32\Lfpng61n.dll
[2007/12/16 07:17:44 | 000,043,008 | ---- | C] () -- C:\Windows\System32\LTFIL61N.DLL
[2007/12/16 07:17:44 | 000,017,920 | ---- | C] () -- C:\Windows\System32\MSWTHK32.DLL
[2007/12/16 07:17:44 | 000,017,920 | ---- | C] () -- C:\Windows\System32\IMPLODE.DLL
[2007/12/16 07:17:44 | 000,003,360 | ---- | C] () -- C:\Windows\System32\MSWTHK16.DLL
[2007/12/16 04:15:04 | 000,081,984 | ---- | C] () -- C:\Windows\System32\bdod.bin
[2007/12/12 15:24:03 | 000,134,883 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\nvModes.001
[2007/12/12 15:20:32 | 000,134,883 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\nvModes.dat
[2007/12/12 15:17:05 | 000,000,067 | ---- | C] () -- C:\Windows\ICILoc.INI
[2007/12/04 09:17:15 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/10/16 16:20:31 | 000,033,136 | ---- | C] () -- C:\Windows\ASScrPro.exe
[2007/10/16 16:20:21 | 000,037,232 | ---- | C] () -- C:\Windows\ASScrProlog.exe
[2007/10/16 16:20:17 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2007/10/16 16:08:13 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2007/10/16 15:42:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/10/16 14:47:21 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/06/22 19:30:20 | 000,426,824 | ---- | C] () -- C:\Windows\System32\perfh011.dat
[2007/06/22 19:30:20 | 000,139,030 | ---- | C] () -- C:\Windows\System32\perfi011.dat
[2007/06/22 19:30:20 | 000,130,744 | ---- | C] () -- C:\Windows\System32\perfc011.dat
[2007/06/22 19:30:20 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd011.dat
[2007/06/22 19:20:24 | 000,390,344 | ---- | C] () -- C:\Windows\System32\prfh0404.dat
[2007/06/22 19:20:24 | 000,130,298 | ---- | C] () -- C:\Windows\System32\prfc0404.dat
[2007/06/22 19:20:24 | 000,116,540 | ---- | C] () -- C:\Windows\System32\prfi0404.dat
[2007/06/22 19:20:24 | 000,030,674 | ---- | C] () -- C:\Windows\System32\prfd0404.dat
[2007/06/22 19:15:16 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2007/05/04 13:28:59 | 000,167,936 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
[2007/04/17 05:31:38 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2006/12/12 12:22:43 | 000,057,344 | ---- | C] () -- C:\Windows\StkUnist.exe
[2006/11/02 22:55:52 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 22:46:27 | 000,450,232 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 22:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 21:18:36 | 000,000,006 | ---- | C] () -- C:\Windows\System32\rasmon.bin
[2006/11/02 21:18:36 | 000,000,004 | -H-- | C] () -- C:\Windows\System32\ddefact.bin
[2006/11/02 20:33:01 | 000,672,832 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 20:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 20:33:01 | 000,130,744 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 20:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 20:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 20:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 18:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 18:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 17:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 17:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/08/25 05:31:57 | 000,000,040 | ---- | C] () -- C:\Users\Administrator\AppData\Local\6a7011db8eb3184.dat
[2006/03/09 12:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/04/03 09:29:59 | 000,110,592 | R--- | C] () -- C:\Windows\System32\scardsyn.dll
[2003/11/30 12:58:28 | 000,413,696 | ---- | C] () -- C:\Windows\System32\MetaLib.dll
[2003/07/17 16:56:18 | 000,045,056 | ---- | C] () -- C:\Windows\System32\wx.dll
[2003/07/10 14:57:16 | 000,139,264 | ---- | C] () -- C:\Windows\System32\NST-TS32.DLL
[2002/09/26 12:03:50 | 000,180,224 | ---- | C] () -- C:\Windows\System32\WSGAIQ.DLL
[2002/05/24 08:37:32 | 000,090,112 | ---- | C] () -- C:\Windows\System32\M3HIST.DLL
[2002/05/24 08:36:48 | 000,188,416 | ---- | C] () -- C:\Windows\System32\M3ACCESS.DLL
[2001/03/14 06:52:08 | 000,114,688 | ---- | C] () -- C:\Windows\System32\AIQSDKIF.DLL
[2001/03/14 06:51:52 | 000,036,864 | ---- | C] () -- C:\Windows\System32\AIQSDKIO.DLL
[2000/07/01 09:14:06 | 000,000,040 | ---- | C] () -- C:\Windows\806e6f6e6963215.ini
[1998/10/12 11:50:20 | 000,059,900 | ---- | C] () -- C:\Windows\System32\NSTRD-TS.DLL
[1998/10/06 16:16:30 | 000,016,896 | ---- | C] () -- C:\Windows\System32\NSTOMG32.DLL
[1998/05/06 14:09:59 | 000,069,632 | R--- | C] () -- C:\Windows\System32\ODMA32.dll
[1997/10/28 10:04:02 | 000,004,096 | ---- | C] () -- C:\Windows\System32\NSTRDAUT.DLL
[1997/09/22 11:02:16 | 000,000,947 | ---- | C] () -- C:\Windows\NSTRDDL.INI
[1997/09/22 11:02:16 | 000,000,734 | ---- | C] () -- C:\Windows\NSTRDAIQ.INI
[1997/09/22 10:41:12 | 000,000,843 | ---- | C] () -- C:\Windows\DDDOWN.INI

========== LOP Check ==========

[2010/01/04 11:33:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\BinaryMark
[2011/09/06 12:31:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite
[2008/04/28 12:57:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Desktop Sidebar
[2009/05/11 09:01:49 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ESET
[2008/04/28 18:32:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Fidelity Wealth-Lab Pro
[2009/06/10 19:37:32 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FVZilla
[2010/04/02 11:22:49 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GetRight
[2009/06/09 12:32:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GrabPro
[2007/12/12 15:37:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Halifax
[2011/04/27 20:43:02 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Hayqeb
[2009/06/05 11:29:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Home Designer Suite 8.0
[2007/10/16 16:16:52 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Infineon
[2008/10/27 19:10:40 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\InterVideo
[2011/04/26 10:03:39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Ixaro
[2008/11/26 16:58:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Kaspersky_Key_Finder_(KKF
[2009/12/11 21:22:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\LimeWire
[2009/07/02 22:40:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Opera
[2011/09/06 12:31:08 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Orbit
[2010/10/05 09:06:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OrderPad
[2009/12/20 10:27:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PE Explorer
[2009/06/02 16:55:01 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\play2p
[2009/05/11 15:55:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Spacejock Software
[2008/04/28 13:15:39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Thunderbird
[2010/01/09 09:53:59 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TradeStation Technologies
[2008/07/20 13:38:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Trading Applications
[2008/04/13 10:38:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Ulead Systems
[2011/08/05 13:24:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent
[2008/04/28 12:00:32 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Windows Sidebar Styler
[2011/09/06 18:30:07 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/06/09 10:52:31 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{CC0982BA-96C2-47DC-B950-CC74AC6FBB12}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2011/09/06 17:42:40 | 000,089,088 | ---- | M] () -- C:\mbr.exe


< MD5 for: EXPLORER.EXE >
[2008/10/29 16:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 16:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008/10/29 16:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 13:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/05/10 12:18:57 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008/05/10 12:18:57 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2008/10/28 12:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 19:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/18 22:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 19:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/18 22:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/18 22:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/18 22:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/18 22:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 19:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006/11/02 19:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/18 22:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008/01/18 22:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< C:\Windows\assembly\tmp\U /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 224 bytes -> C:\ProgramData\TEMP:93D87D71
@Alternate Data Stream - 177 bytes -> C:\ProgramData\TEMP:66C7F108
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:A73B0434
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:8CE646EE

< End of report >



///////////////////////////////////////////////////////////////////////////////////



OTL Extras logfile created on: 12/09/2011 11:13:16 AM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Administrator\Downloads
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.99 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 60.92% Memory free
4.22 Gb Paging File | 3.67 Gb Available in Paging File | 86.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 19.33 Gb Free Space | 17.29% Space Free | Partition Type: NTFS
Drive D: | 66.71 Gb Total Space | 25.51 Gb Free Space | 38.24% Space Free | Partition Type: NTFS

Computer Name: AL-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Media Players\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Media Players\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Media Players\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:UPnP System
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:UPnP System

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:UPnP System
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:UPnP System

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02F853BD-309B-4329-AF0C-BDA87344A166}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{0645543A-4FE6-4B5F-80F8-56B1DF5AEFFE}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{0A384976-C4B8-4B57-82C8-9A19766218E3}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{0FE64378-B74B-412E-A845-CCEDFE345B4B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{135904C3-9B16-48F0-8149-09DBDDF774E4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{1558DFDF-8339-41D2-86BB-55165003F924}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2D60A20C-F879-4D3C-8B09-4050ABC35D79}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3095BCFE-AB95-46D0-9EBA-7D0B40D97EF9}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdc.exe,-4006 |
"{36CA5F50-6209-4504-B75B-067D598A9603}" = lport=5721 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdc.exe,-4002 |
"{3AAF7886-DA0F-424E-8839-D5106229B17E}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{41BFA71D-EEEA-4130-B276-38081AC03E31}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{444774C0-66FC-485A-B276-0BDED9B4CDE8}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{468513F0-8364-4AF1-8D30-026A16297680}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4E550E7B-14EA-41D8-B0B3-A4C3AE1D993F}" = lport=5721 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdc.exe,-4002 |
"{4EAE89E4-9CEE-4C39-9F7A-414F80EB6E15}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{53D5849D-B4EE-45D6-80B4-DF2D2C1E70E6}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{614021F0-A366-4DCF-AD18-FB0868FE0E8B}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{6266B4A7-1A69-4D17-BB1C-5931A3E2074B}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{62BE6AC8-BFCF-4003-BE0E-63198DCA007C}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6E87442F-1E92-4D04-8DBB-E0C18ED2481C}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdc.exe,-4006 |
"{76271B2F-0B04-45CC-832D-C868BDBB32C7}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdc.exe,-4006 |
"{771AB1D5-5AF3-4EDB-8306-D2125E712E4A}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7C297CD7-13E7-453E-BC15-40B79FD9A128}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{81C69958-905C-4D92-AEA9-DE50B4278662}" = lport=1034 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdc.exe,-4003 |
"{824B4EA3-DFB4-4801-A1A7-99E335719C00}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{8DC80606-F67D-4DA8-A77F-D84658A7EF6E}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{9872DDC1-A216-4FE4-B2BC-675644505A68}" = lport=1034 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdc.exe,-4003 |
"{9A9E2865-39AB-4CAF-8047-1BFBA3AABC13}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdc.exe,-4006 |
"{9B770E3F-CEDD-4A28-A358-5F5F746897DD}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A8FFE4B0-C4DF-449F-924B-6B255C2B878E}" = lport=5721 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdc.exe,-4002 |
"{AAAA4C65-2DAB-48DB-8E28-3E8BD4B63C7B}" = lport=1034 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdc.exe,-4003 |
"{AD7BDDFB-B30A-4B3C-AC20-6F5390D355F6}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{B2A4D8DF-7C79-43EF-816B-47DC628979E1}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{C6EDA810-440B-4A89-ADBD-56C4BF92E52D}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{CB61BCB2-FEDB-4801-A643-EB65A542D956}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CC3AAFFE-923B-47F5-BBFD-FAC3A9B69D30}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{D70FEBD1-EBDE-4F2F-8F9E-E416D9909846}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{EACF92FA-B3C2-439C-A692-C9A0729E0146}" = lport=1034 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdc.exe,-4003 |
"{F77CD18D-4BF7-4017-A206-B4041E5187F6}" = lport=5721 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdc.exe,-4002 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03114243-342E-404C-9FD6-80E6FDD740C8}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{1CE7962F-CEFA-48D9-8C72-DB357FA2F5DD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{2C6ED11F-2E9B-4BAA-B554-CC15640FCB6D}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{3B9E42F2-3B72-481E-8734-83E37703A33E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{43A7B84D-B88B-4080-B645-01ACEE9B82B1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{43DA337B-8739-4B71-87F0-8AA7ACB7CB0A}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{5043C855-52CC-430B-A4A6-C82EEB7387B0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5130FD5B-0D63-45C0-A12A-E9F928C63D9D}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{53310A10-4365-4793-9B83-11F952A8973F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{57C6F67C-EF2B-496C-B004-7D6232B51C02}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{6CC3E249-CBE5-444A-BA8A-C4940D0B9E46}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7246345B-76B2-4D24-8AB2-4638669B4F9F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7655437F-7A5F-4DCA-8030-5E21E00D1944}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{9B253337-0229-4E1A-998E-4E14A10C3125}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9FFFCD44-710D-4556-A289-AF0761BD0815}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BE20592A-22E1-4DB5-B1E5-4A59BBAD0892}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C0866EC8-D89A-4D5A-91FD-BA6FBC0D25BA}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe |
"{E17C46D5-0032-4775-9F72-82586A75F83F}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{EB079421-81F5-41C3-B251-8A52B6F1F65C}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{F77C3629-80DE-451D-A540-F3AC7D3A67B8}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe |
"TCP Query User{1B66F7F1-3EF2-4D87-96F7-14593AAAF153}C:\program files\downloaders\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\downloaders\utorrent.exe |
"TCP Query User{7996A774-E7B9-4C9D-AF33-6EC8C686EB53}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{5AA9228A-BD32-45AB-8D0D-09F00B71E239}C:\program files\downloaders\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\downloaders\utorrent.exe |
"UDP Query User{AD0AC805-3391-4F4F-A21D-C24F2887FA91}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0D2E80C8-0875-43EB-9623-47118E2DFBCA}" = Quicken 2007
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = Lizardtech DjVu Control
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = LifeFrame2
"{1F2A5DF9-40E1-4644-ADBD-D80F347BA6C8}" = Windows Mobile Device Center
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 4.010.00
"{30B090E9-273C-47C2-AA96-8BA0AAB60BBD}_is1" = TurTrades
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3E5CBADD-2E51-47C1-BBE2-B802DB6DA56A}" = Go Trader MT4 4.00
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4B719A70-F14A-4f5c-90B5-346B24B7FFF1}" = Windows 7 Upgrade Advisor
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5C1E1493-42CB-4CE8-8744-97BF094B429D}" = NinjaTrader 6.5
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D299DC3-31E2-45C6-8E36-263A2AB1CE8C}" = InterVideo WinDVD SE
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72FD5F2E-1F7A-4E9B-8838-29E842E178CD}" = Join ME
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7823AE39-410B-4C73-8206-0715FB1B9E7E}" = MTPredictor6
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{83104339-BF03-4ECA-910F-7B5344717EB5}" = GuideMenu
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{85C70286-A56F-4834-BD24-B34EB76A93A2}" = ESET NOD32 Antivirus
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8CD0B297-122D-4718-9CE1-B72E796F7B21}" = Sony Ericsson Media Manager 1.2
"{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8FAE8F4A-E32A-49DA-B29F-DF51657AB4E6}" = Tim Ord Volume Charts
"{900792CC-3203-356C-EC2D-C3E558991ACE}" = Home Designer Suite 8
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Turbo Memory and Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BAF043B-82FC-43E2-96EA-5F68015F4FA2}" = AuthenTec Fingerprint Sensor Minimum Install
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A29F583C-DAB1-435F-BD87-6D76834D7A0A}" = NeuroShell Trader 5
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A5002D88-7A93-48D5-9844-2DD3FB9230C1}" = Order Pad
"{A92D7264-1A13-45BE-B769-88445DD04FD6}" = Desktop Sidebar
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B547CB8D-549A-436E-97B5-E79F911B11E2}" = SDP Downloader
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B5EB7577-CF3A-4D39-85E4-0E8F3EA56C3C}" = Market System Analyzer 3.0
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BD5AEA80-86E6-4227-A093-6610BA0DF735}" = Windows Sidebar Styler
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{C6D88D38-4DBD-452C-8F9E-0FCC03E243D7}" = E-BUDDY Setup
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB8CA439-DA83-419C-A4CF-5A0A50025144}" = Windows Mobile Device Center Driver Update
"{CD52CB3A-AE96-47D2-AEFA-D464B8BCF44E}" = TradeStation 8.5 (Build 2274)
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D12CD09C-BFEE-4B6F-A7F7-054AEA2E369C}" = Network Recording Player
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D7E04009-B191-4E9D-9D2D-1BBE57BD8A42}" = VistaFeaturePack
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{DFF56DFF-F703-467C-AF1D-B8FAA99C7416}" = Ulead DVD MovieFactory SE
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E8C43C7E-D23C-4787-B657-A551C735D07D}" = HALIFAXONLINE
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes
"{EEE90C2D-8ACE-4007-9CF6-B07D0516F6B9}" = Intel® PRO Network Connections 12.0.36.0
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F17B8386-A74A-4E4E-A7DD-435372991E14}" = Microsoft Visual Basic PowerPacks 2.0
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced GET" = Advanced GET
"AmiBroker_is1" = AmiBroker 5.30
"AoA Audio Extractor_is1" = AoA Audio Extractor 1.0
"Asus_VX2S_ScreenSaver" = Asus_VX2S_ScreenSaver
"Biorhythm Calculator Free" = Biorhythm Calculator Free 2009
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DT5" = Dynamic Traders Group, Inc. DT5 84
"eMule" = eMule
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FCharts_is1" = FCharts
"Fibonacci/Galactic Trader 4" = Fibonacci/Galactic Trader 4
"FLV Player" = FLV Player 2.0 (build 25)
"GetRight_is1" = GetRight
"HECI" = Intel® Management Engine Interface
"InstallShield_{6D299DC3-31E2-45C6-8E36-263A2AB1CE8C}" = InterVideo WinDVD SE
"InstallShield_{83104339-BF03-4ECA-910F-7B5344717EB5}" = Corel GuideMenu
"InstallShield_{D7E04009-B191-4E9D-9D2D-1BBE57BD8A42}" = VistaFeaturePack
"Investor/RT" = Investor/RT
"LimeWire" = LimeWire PRO 5.0.11
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"MESOL" = Intel® Active Management Technology Device Software
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"Mozilla Thunderbird (2.0.0.9)" = Mozilla Thunderbird (2.0.0.9)
"NVIDIA Drivers" = NVIDIA Drivers
"Orbit_is1" = Orbit Downloader
"PatternExplorer" = PatternExplorer
"PDF Protection Remover_is1" = PDF Protection Remover 2.0
"PE Explorer_is1" = PE Explorer 1.99 R6
"ProInst" = Intel® PROSet/Wireless Software
"PROSetDX" = Intel® PRO Network Connections 12.0.36.0
"QFeed ActiveX Components" = QFeed ActiveX Components
"Quest3D Web Plugins_is1" = Quest3D Web Player installer 4.1
"Quest3D Web Viewers 4.1.1_is1" = Quest3D Web Viewers 4.1.1
"Rainbow Sentinel Driver" = Sentinel System Driver
"RAR Password Recovery Magic_is1" = RAR Password Recovery Magic v6.1.0.2018
"RealAlt_is1" = Real Alternative 1.9.0
"Slawdog Smart Shutdown" = Slawdog Smart Shutdown
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"ST6UNST #1" = IC-Investor Version 1.89.10
"ST6UNST #2" = IC-Investor Version 1.91.56
"Stator-AFM Professional2.2" = Stator-AFM Professional
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TradeGuider EOD" = TradeGuider EOD
"Trader Workstation 4.0" = Trader Workstation 4.0
"Trading Blox" = Trading Blox
"TradingExpert Pro 5.0" = TradingExpert Pro 5.0
"UltSounds" = Windows Sound Schemes
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™
"Universal Extractor_is1" = Universal Extractor 1.6
"Update Service" = Update Service
"USB2.0 1.3M WebCam" = USB2.0 1.3M WebCam
"VLC media player" = VideoLAN VLC media player 0.8.6d
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"Wireless Broadband" = Wireless Broadband
"yRead3_is1" = yRead3

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"DataTools" = DataTools
"DataUpdater" = Premium Data
"fx2" = Premium Forex
"GoToMeeting" = GoToMeeting 4.5.0.456
"MetaStock 7.2" = MetaStock 7.2
"Trader Workstation" = Trader Workstation

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 13/09/2009 9:11:43 AM | Computer Name = Al-PC | Source = RasClient | ID = 20227
Description =

Error - 13/09/2009 7:37:42 PM | Computer Name = Al-PC | Source = Application Error | ID = 1000
Description = Faulting application rundll32.exe, version 6.0.6000.16386, time stamp
0x4549b0e1, faulting module USER32.dll, version 6.0.6001.18000, time stamp 0x4791a7a6,
exception code 0xc0000142, fault offset 0x00009cac, process id 0x1028, application
start time 0x01ca34cb2d9cfc4e.

Error - 13/09/2009 7:37:52 PM | Computer Name = Al-PC | Source = RasClient | ID = 20227
Description =

Error - 13/09/2009 7:39:03 PM | Computer Name = Al-PC | Source = RasClient | ID = 20227
Description =

Error - 13/09/2009 7:40:04 PM | Computer Name = Al-PC | Source = RasClient | ID = 20227
Description =

Error - 13/09/2009 7:41:05 PM | Computer Name = Al-PC | Source = RasClient | ID = 20227
Description =

Error - 13/09/2009 7:43:21 PM | Computer Name = Al-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 13/09/2009 7:50:46 PM | Computer Name = Al-PC | Source = RasClient | ID = 20227
Description =

Error - 17/09/2009 10:22:55 PM | Computer Name = Al-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 17/09/2009 10:26:17 PM | Computer Name = Al-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ OSession Events ]
Error - 10/04/2009 5:34:01 AM | Computer Name = Al-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 3430
seconds with 60 seconds of active time. This session ended with a crash.

Error - 5/07/2009 10:05:10 PM | Computer Name = Al-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 19
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/09/2009 11:32:29 PM | Computer Name = Al-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
12.0.6501.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2352
seconds with 0 seconds of active time. This session ended with a crash.

Error - 20/10/2009 5:19:33 AM | Computer Name = Al-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 41
seconds with 0 seconds of active time. This session ended with a crash.

Error - 27/11/2009 6:38:47 PM | Computer Name = Al-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 150
seconds with 60 seconds of active time. This session ended with a crash.

Error - 10/12/2009 4:55:52 AM | Computer Name = Al-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 51
seconds with 0 seconds of active time. This session ended with a crash.

Error - 16/12/2009 7:58:37 AM | Computer Name = Al-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
12.0.6501.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13776
seconds with 420 seconds of active time. This session ended with a crash.

Error - 6/04/2010 8:23:53 AM | Computer Name = Al-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
12.0.6501.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 331
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/09/2011 4:23:54 AM | Computer Name = Al-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/09/2011 4:23:54 AM | Computer Name = Al-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/09/2011 4:23:54 AM | Computer Name = Al-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/09/2011 4:26:07 AM | Computer Name = Al-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 11/09/2011 8:50:43 PM | Computer Name = Al-PC | Source = DCOM | ID = 10005
Description =

Error - 11/09/2011 8:50:53 PM | Computer Name = Al-PC | Source = DCOM | ID = 10005
Description =

Error - 11/09/2011 8:50:56 PM | Computer Name = Al-PC | Source = DCOM | ID = 10005
Description =

Error - 11/09/2011 8:51:00 PM | Computer Name = Al-PC | Source = DCOM | ID = 10005
Description =

Error - 11/09/2011 8:51:15 PM | Computer Name = Al-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 11/09/2011 8:51:15 PM | Computer Name = Al-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >
  • 0

Advertisements

#2
SweetTech
Posted 12 September 2011 - 11:08 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :unsure:

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together :)
    Because of this, you must reply within three days     failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
:Processes
KILLALLPROCESSES
:OTL
IE - HKU\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:62098
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [BVRPLiveUpdate] File not found
O4 - HKLM..\Run: [C:\Program Files\Free Video Zilla\FVZilla.exe] File not found
O4 - HKU\S-1-5-21-118959114-2448864244-3603343370-500..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O33 - MountPoints2\{52962a39-8967-11dd-b53d-001d6069c407}\Shell - "" = AutoRun
O33 - MountPoints2\{52962a39-8967-11dd-b53d-001d6069c407}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{52962a5e-8967-11dd-b53d-001d6069c407}\Shell - "" = AutoRun
O33 - MountPoints2\{52962a5e-8967-11dd-b53d-001d6069c407}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{52962a60-8967-11dd-b53d-8969194966ed}\Shell - "" = AutoRun
O33 - MountPoints2\{52962a60-8967-11dd-b53d-8969194966ed}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{52962a61-8967-11dd-b53d-8969194966ed}\Shell - "" = AutoRun
O33 - MountPoints2\{52962a61-8967-11dd-b53d-8969194966ed}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{72e35a4d-c6f1-11dc-8c0f-001d6069c407}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{7c06dac3-c81f-11dd-a293-ef0a25bd4b05}\Shell - "" = AutoRun
O33 - MountPoints2\{7c06dac3-c81f-11dd-a293-ef0a25bd4b05}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7c06dac4-c81f-11dd-a293-ef0a25bd4b05}\Shell - "" = AutoRun
O33 - MountPoints2\{7c06dac4-c81f-11dd-a293-ef0a25bd4b05}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{89b07d54-d793-11dd-b2f9-87f82a7c207e}\Shell - "" = AutoRun
O33 - MountPoints2\{89b07d54-d793-11dd-b2f9-87f82a7c207e}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{ef36f23f-a3f0-11dd-90ed-b465fe0d6782}\Shell - "" = AutoRun
O33 - MountPoints2\{ef36f23f-a3f0-11dd-90ed-b465fe0d6782}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ef36f242-a3f0-11dd-90ed-b465fe0d6782}\Shell - "" = AutoRun
O33 - MountPoints2\{ef36f242-a3f0-11dd-90ed-b465fe0d6782}\Shell\AutoRun\command - "" = F:\AutoRun.exe
[2011/09/06 17:57:53 | 000,083,968 | -H-- | C] (eSage Lab) -- C:\Users\Administrator\Desktop\remover.exe
[2011/09/06 17:49:03 | 000,083,968 | -H-- | C] (eSage Lab) -- C:\Windows\System32\remover.exe
[2011/09/06 18:08:42 | 000,000,057 | ---- | M] () -- C:\Users\Administrator\Desktop\remover.bat
[2011/09/06 17:52:35 | 000,568,832 | ---- | M] () -- C:\Windows\System32\BTKR_RunBox.exe
[2011/09/06 17:42:40 | 000,089,088 | ---- | M] () -- C:\mbr.exe
[2011/09/06 17:30:46 | 000,089,088 | ---- | M] () -- C:\Windows\System32\mbr.exe
[1 C:\Windows\System32\drivers\etc\*.tmp files -> C:\Windows\System32\drivers\etc\*.tmp -> ]
[2011/09/06 18:04:38 | 000,000,057 | ---- | C] () -- C:\Users\Administrator\Desktop\remover.bat
[2011/09/06 17:52:35 | 000,568,832 | ---- | C] () -- C:\Windows\System32\BTKR_RunBox.exe
[2011/09/06 17:45:22 | 000,089,088 | ---- | C] () -- C:\mbr.exe
[2011/09/06 17:30:45 | 000,089,088 | ---- | C] () -- C:\Windows\System32\mbr.exe
[2011/05/25 09:35:40 | 000,004,814 | -HS- | C] () -- C:\Users\Administrator\AppData\Local\jvfe16rj777337e4y1564f
[2011/05/25 09:35:40 | 000,004,814 | -HS- | C] () -- C:\ProgramData\jvfe16rj777337e4y1564f
[2010/08/24 12:06:20 | 000,000,008 | ---- | C] () -- C:\Windows\System32\Msspsn.dll
[2009/12/28 02:21:02 | 000,015,132 | ---- | C] () -- C:\Windows\System32\359fsp5rze706.exe
[2009/12/23 06:44:46 | 000,009,452 | ---- | C] () -- C:\Windows\System32\25533z9rm1.dll
[2009/12/21 17:30:46 | 000,012,200 | ---- | C] () -- C:\Windows\System32\2b8az9dware1205.exe
[2009/12/19 10:23:06 | 000,004,142 | ---- | C] () -- C:\Windows\System32\e769owzl5ader1494.bin
[2009/12/13 15:51:22 | 000,013,393 | ---- | C] () -- C:\Windows\System32\92z4tr9j6d5.dll
[2009/12/11 19:08:03 | 000,015,205 | ---- | C] () -- C:\Windows\System32\2bf8sp5r9e8z1.exe
[2009/11/22 21:17:56 | 000,000,000 | ---- | C] () -- C:\Windows\aiq32cvt.INI
[2009/11/22 21:17:53 | 000,000,870 | ---- | C] () -- C:\Windows\aiq32.ini
[2009/11/22 21:17:53 | 000,000,416 | ---- | C] () -- C:\Windows\AIQCH32.INI
[2009/11/09 11:13:31 | 000,000,024 | ---- | C] () -- C:\Windows\KADJISYS.INI
[2009/11/09 11:13:31 | 000,000,022 | ---- | C] () -- C:\Windows\CTRLXAF4.INI
[2009/11/09 11:12:42 | 000,001,705 | ---- | C] () -- C:\Windows\F4MAIL98.DLL
[2009/11/09 10:57:32 | 000,000,248 | ---- | C] () -- C:\Windows\FTGT32.INI
[2009/11/09 10:56:45 | 000,065,536 | ---- | C] () -- C:\Windows\System32\CTA32.dll
[2009/11/07 03:23:28 | 000,012,638 | ---- | C] () -- C:\Windows\System32\z6927hacktoo535d.bin
[2009/11/02 03:19:20 | 000,017,659 | ---- | C] () -- C:\Windows\System32\9458zworm65a.exe
[2009/10/26 18:15:17 | 000,015,091 | ---- | C] () -- C:\Windows\System32\zd44st9al9145.dll
[2009/10/20 00:45:30 | 000,006,702 | ---- | C] () -- C:\Windows\System32\595dth5zat13590.dll
[2009/10/14 09:17:08 | 000,017,591 | ---- | C] () -- C:\Windows\System32\1c859hrezt290435.bin
[2009/10/11 13:40:20 | 000,013,441 | ---- | C] () -- C:\Windows\System32\29z31sp5a3.bin
[2009/10/08 21:08:02 | 000,018,294 | ---- | C] () -- C:\Windows\System32\5z6athief5799.bin
[2009/10/05 04:27:45 | 000,011,036 | ---- | C] () -- C:\Windows\System32\495fsparse268z.exe
[2009/10/01 20:25:13 | 000,008,190 | ---- | C] () -- C:\Windows\System32\z5725s5ambo950b.bin
[2009/09/20 23:50:56 | 000,002,903 | ---- | C] () -- C:\Windows\System32\2z5caddwa59475.dll
[2009/09/18 12:19:39 | 000,018,094 | ---- | C] () -- C:\Windows\17z45sp9676.exe
[2009/09/18 12:19:39 | 000,018,028 | ---- | C] () -- C:\Windows\56946sp95z2.exe
[2009/09/18 12:19:39 | 000,015,496 | ---- | C] () -- C:\Windows\995etzief999.exe
[2009/09/18 12:19:39 | 000,015,029 | ---- | C] () -- C:\Windows\2z955hac9t5ol7a3.dll
[2009/09/18 12:19:39 | 000,014,016 | ---- | C] () -- C:\Windows\92z40not-a-virus2ce5.exe
[2009/09/18 12:19:39 | 000,013,655 | ---- | C] () -- C:\Windows\15azthief30395.dll
[2009/09/18 12:19:39 | 000,013,319 | ---- | C] () -- C:\Windows\84825pzmbot2069.dll
[2009/09/18 12:19:39 | 000,012,526 | ---- | C] () -- C:\Windows\1z1895acktool9a3.bin
[2009/09/18 12:19:39 | 000,012,059 | ---- | C] () -- C:\Windows\7095thze538.dll
[2009/09/18 12:19:39 | 000,011,599 | ---- | C] () -- C:\Windows\1c64dowzloa5er978.bin
[2009/09/18 12:19:39 | 000,011,321 | ---- | C] () -- C:\Windows\4za99teal19405.dll
[2009/09/18 12:19:39 | 000,010,032 | ---- | C] () -- C:\Windows\7z14sp5rs91479.bin
[2009/09/18 12:19:39 | 000,009,448 | ---- | C] () -- C:\Windows\1a79steal3z05.exe
[2009/09/18 12:19:39 | 000,008,569 | ---- | C] () -- C:\Windows\57e9downloadez775.bin
[2009/09/18 12:19:39 | 000,008,532 | ---- | C] () -- C:\Windows\8525w9rm77z.dll
[2009/09/18 12:19:39 | 000,007,898 | ---- | C] () -- C:\Windows\12180v9rus659z.bin
[2009/09/18 12:19:39 | 000,007,757 | ---- | C] () -- C:\Windows\10652zpy987.dll
[2009/09/18 12:19:39 | 000,006,707 | ---- | C] () -- C:\Windows\19988not-5-zirus99.exe
[2009/09/18 12:19:39 | 000,006,313 | ---- | C] () -- C:\Windows\4a3down5oaderz149.bin
[2009/09/18 12:19:39 | 000,005,659 | ---- | C] () -- C:\Windows\2f5zadd9are2349.exe
[2009/09/18 12:19:39 | 000,004,852 | ---- | C] () -- C:\Windows\5z6595eal2134.dll
[2009/09/18 12:19:39 | 000,004,362 | ---- | C] () -- C:\Windows\58cas9zrs52750.exe
[2009/09/18 12:19:39 | 000,003,114 | ---- | C] () -- C:\Windows\2139zhacktoo5596.dll
[2009/09/18 12:19:39 | 000,002,873 | ---- | C] () -- C:\Windows\59291vir9sz61.bin
[2009/09/18 12:08:10 | 000,017,356 | ---- | C] () -- C:\Windows\71bazt59l2149.bin
[2009/09/18 12:08:10 | 000,016,574 | ---- | C] () -- C:\Windows\7az7s9eal5085.exe
[2009/09/18 12:08:10 | 000,014,981 | ---- | C] () -- C:\Windows\5c54szy59re1969.bin
[2009/09/18 12:08:10 | 000,013,924 | ---- | C] () -- C:\Windows\7633tr9jzb5.exe
[2009/09/18 12:08:10 | 000,013,695 | ---- | C] () -- C:\Windows\System32\z729vir15445.exe
[2009/09/18 12:08:10 | 000,012,341 | ---- | C] () -- C:\Windows\System32\9249viru95z3.exe
[2009/09/18 12:08:10 | 000,007,315 | ---- | C] () -- C:\Windows\System32\1z085wo5m90d.dll
[2009/09/18 12:08:10 | 000,003,537 | ---- | C] () -- C:\Windows\System32\507z9hief20375.bin
[2009/09/18 12:08:09 | 000,017,765 | ---- | C] () -- C:\Windows\40fza5dware24509.dll
[2009/09/18 12:08:09 | 000,015,207 | ---- | C] () -- C:\Windows\System32\97775spyzb2.dll
[2009/09/18 12:08:09 | 000,013,888 | ---- | C] () -- C:\Windows\21908s5amboz9f.dll
[2009/09/18 12:08:09 | 000,013,650 | ---- | C] () -- C:\Windows\21543sp9mbotz5.bin
[2009/09/18 12:08:09 | 000,011,178 | ---- | C] () -- C:\Windows\System32\43acthrez5317569.bin
[2009/09/18 12:08:09 | 000,010,706 | ---- | C] () -- C:\Windows\31659s9zmb5t31b.exe
[2009/09/18 12:08:09 | 000,009,338 | ---- | C] () -- C:\Windows\System32\3b4cszar9e27775.exe
[2009/09/18 12:08:09 | 000,009,149 | ---- | C] () -- C:\Windows\System32\92599zo5m452.exe
[2009/09/18 12:08:09 | 000,008,404 | ---- | C] () -- C:\Windows\System32\9fczteal1795.dll
[2009/09/18 12:08:09 | 000,008,323 | ---- | C] () -- C:\Windows\455az9arse1882.exe
[2009/09/18 12:08:09 | 000,008,319 | ---- | C] () -- C:\Windows\System32\513zspyw9re5007.bin
[2009/09/18 12:08:09 | 000,008,083 | ---- | C] () -- C:\Windows\System32\15517s9amboz486.dll
[2009/09/18 12:08:09 | 000,007,613 | ---- | C] () -- C:\Windows\System32\12z195roj729.exe
[2009/09/18 12:08:09 | 000,007,174 | ---- | C] () -- C:\Windows\28949worm995z.exe
[2009/09/18 12:08:09 | 000,006,859 | ---- | C] () -- C:\Windows\25z8th9ef1549.bin
[2009/09/18 12:08:09 | 000,006,645 | ---- | C] () -- C:\Windows\System32\26189szy557.bin
[2009/09/18 12:08:09 | 000,005,948 | ---- | C] () -- C:\Windows\System32\163fthi5932z.bin
[2009/09/18 12:08:09 | 000,004,896 | ---- | C] () -- C:\Windows\4e995ir24z5.exe
[2009/09/18 12:08:09 | 000,004,259 | ---- | C] () -- C:\Windows\2845sp9rse2270z.bin
[2009/09/18 12:08:09 | 000,003,401 | ---- | C] () -- C:\Windows\4915down9oader8z5.dll
[2009/09/18 12:08:08 | 000,017,996 | ---- | C] () -- C:\Windows\786zspy9are2580.bin
[2009/09/18 12:08:08 | 000,016,868 | ---- | C] () -- C:\Windows\System32\z8850worm99.exe
[2009/09/18 12:08:08 | 000,015,601 | ---- | C] () -- C:\Windows\System32\4c9f95wnlzader615.bin
[2009/09/18 12:08:08 | 000,015,150 | ---- | C] () -- C:\Windows\80z5sp54459.dll
[2009/09/18 12:08:08 | 000,015,091 | ---- | C] () -- C:\Windows\System32\7566sparsez009.dll
[2009/09/18 12:08:08 | 000,012,424 | ---- | C] () -- C:\Windows\System32\159z29roj74a.exe
[2009/09/18 12:08:08 | 000,012,356 | ---- | C] () -- C:\Windows\System32\7a1z5teal9511.dll
[2009/09/18 12:08:08 | 000,012,048 | ---- | C] () -- C:\Windows\System32\35245ackdooz3919.dll
[2009/09/18 12:08:08 | 000,012,010 | ---- | C] () -- C:\Windows\2912adzwar53181.bin
[2009/09/18 12:08:08 | 000,010,438 | ---- | C] () -- C:\Windows\697csp5rz9349.dll
[2009/09/18 12:08:08 | 000,010,314 | ---- | C] () -- C:\Windows\32947spz5bot45a.exe
[2009/09/18 12:08:08 | 000,010,239 | ---- | C] () -- C:\Windows\System32\z641spambo9445.bin
[2009/09/18 12:08:08 | 000,010,153 | ---- | C] () -- C:\Windows\System32\52e2downloa9er1013z.exe
[2009/09/18 12:08:08 | 000,009,743 | ---- | C] () -- C:\Windows\System32\92b1viz1533.exe
[2009/09/18 12:08:08 | 000,009,071 | ---- | C] () -- C:\Windows\3347hacz5ool9fe.bin
[2009/09/18 12:08:08 | 000,009,041 | ---- | C] () -- C:\Windows\z9992s5y1ae.dll
[2009/09/18 12:08:08 | 000,008,325 | ---- | C] () -- C:\Windows\System32\1160zpy559.exe
[2009/09/18 12:08:08 | 000,008,054 | ---- | C] () -- C:\Windows\System32\5zbdsteal5419.exe
[2009/09/18 12:08:08 | 000,007,752 | ---- | C] () -- C:\Windows\System32\9543wzrm73a.dll
[2009/09/18 12:08:08 | 000,007,040 | ---- | C] () -- C:\Windows\System32\1457do9nloader9z5.bin
[2009/09/18 12:08:08 | 000,006,134 | ---- | C] () -- C:\Windows\System32\240485acktzol19.exe
[2009/09/18 12:08:08 | 000,005,624 | ---- | C] () -- C:\Windows\System32\170265p9mbot4zf.dll
[2009/09/18 12:08:08 | 000,004,635 | ---- | C] () -- C:\Windows\2619tzoj44e5.exe
[2009/09/18 12:08:08 | 000,003,687 | ---- | C] () -- C:\Windows\z22719py157.exe
[2009/09/18 12:08:08 | 000,003,475 | ---- | C] () -- C:\Windows\22099spy950z.bin
[2009/09/18 12:08:08 | 000,002,985 | ---- | C] () -- C:\Windows\1979vz51622.dll
[2009/09/18 12:08:08 | 000,002,868 | ---- | C] () -- C:\Windows\56f895wnlzader1623.bin
[2009/09/18 12:08:08 | 000,002,524 | ---- | C] () -- C:\Windows\18b0stzal2592.exe
[2009/09/18 12:08:07 | 000,018,166 | ---- | C] () -- C:\Windows\System32\3547z59j2c8.exe
[2009/09/18 12:08:07 | 000,013,525 | ---- | C] () -- C:\Windows\System32\351z1troj3a9.dll
[2009/09/18 12:08:07 | 000,008,444 | ---- | C] () -- C:\Windows\System32\35a9spyware25z0.bin
[2009/09/18 12:08:07 | 000,007,408 | ---- | C] () -- C:\Windows\System32\31z39not-a-virus257.exe
[2009/09/18 12:08:07 | 000,007,233 | ---- | C] () -- C:\Windows\1826spazbot9d5.exe
[2009/09/18 12:08:07 | 000,007,081 | ---- | C] () -- C:\Windows\System32\z99v59us315.bin
[2009/09/18 12:08:07 | 000,006,651 | ---- | C] () -- C:\Windows\System32\10199worm5z4.bin
[2009/09/18 12:08:07 | 000,005,742 | ---- | C] () -- C:\Windows\z616st5al972.dll
[2009/09/18 12:08:07 | 000,005,645 | ---- | C] () -- C:\Windows\System32\555a9ownloader1z65.bin
[2009/09/18 12:08:07 | 000,003,957 | ---- | C] () -- C:\Windows\System32\19540sz96b7.exe
[2009/09/18 12:08:07 | 000,003,804 | ---- | C] () -- C:\Windows\25544haz9tool65a.bin
[2009/09/18 12:08:07 | 000,003,371 | ---- | C] () -- C:\Windows\System32\4745sp9rze1574.bin
[2009/09/18 12:08:07 | 000,002,976 | ---- | C] () -- C:\Windows\16169spz9bot3fc5.dll
[2009/09/18 12:08:07 | 000,002,929 | ---- | C] () -- C:\Windows\170715iru94dz.exe
[2009/09/17 05:04:32 | 000,009,044 | ---- | C] () -- C:\Windows\System32\6d15stez5392.bin
[2009/09/15 06:00:59 | 000,008,537 | ---- | C] () -- C:\Windows\194z8sp9mbot572.exe
[2009/09/14 08:16:59 | 000,012,083 | ---- | C] () -- C:\Windows\23874t95j5eez.bin
[2009/09/14 02:40:38 | 000,004,824 | ---- | C] () -- C:\Windows\System32\56abackd9zr597.exe
[2009/09/13 13:00:42 | 000,018,410 | ---- | C] () -- C:\Windows\System32\21a5addware988z.exe
[2009/09/04 04:03:20 | 000,010,632 | ---- | C] () -- C:\Windows\System32\z91715pambot368.exe
[2009/08/29 01:44:42 | 000,004,614 | ---- | C] () -- C:\Windows\System32\792zdownloader6895.exe
[2009/08/26 17:52:17 | 000,002,767 | ---- | C] () -- C:\Windows\1253hackzoo960.dll
[2009/08/26 07:36:49 | 000,009,440 | ---- | C] () -- C:\Windows\z259virus35f.exe
[2009/08/24 04:25:54 | 000,010,293 | ---- | C] () -- C:\Windows\25995roj752z.bin
[2009/08/23 23:17:49 | 000,014,181 | ---- | C] () -- C:\Windows\5c85za9kdoor85.dll
[2009/08/20 10:46:11 | 000,003,447 | ---- | C] () -- C:\Windows\System32\62029a5kdoorz311.exe
[2009/08/18 15:41:41 | 000,002,833 | ---- | C] () -- C:\Windows\5579zddware2801.exe
[2009/08/16 09:04:22 | 000,003,422 | ---- | C] () -- C:\Windows\79e25ackdoor9z6.exe
[2009/08/14 18:56:24 | 000,016,736 | ---- | C] () -- C:\Windows\195evir2z2.dll
[2009/08/14 06:23:15 | 000,002,841 | ---- | C] () -- C:\Windows\System32\25795ir899z.exe
[2009/08/12 02:09:05 | 000,015,440 | ---- | C] () -- C:\Windows\System32\za069h5eat28000.exe
[2009/08/11 23:49:52 | 000,017,338 | ---- | C] () -- C:\Windows\1bzd5hief1923.dll
[2009/08/08 10:22:42 | 000,009,664 | ---- | C] () -- C:\Windows\System32\z52149py4a85.dll
[2009/08/05 05:00:13 | 000,004,544 | ---- | C] () -- C:\Windows\z995thief2495.exe
[2009/08/03 06:57:12 | 000,002,714 | ---- | C] () -- C:\Windows\System32\30649spa9bo5z6b.exe
[2009/08/01 23:26:07 | 000,009,616 | ---- | C] () -- C:\Windows\System32\3d1z9hrea51500.exe
[2009/07/29 08:03:38 | 000,009,884 | ---- | C] () -- C:\Windows\409zth5ef256.exe
[2009/07/28 05:29:44 | 000,002,692 | ---- | C] () -- C:\Windows\System32\52z4vir95105.dll
[2009/07/27 19:26:15 | 000,006,264 | ---- | C] () -- C:\Windows\1z6849pambot57c.exe
[2009/07/25 19:32:48 | 000,004,286 | ---- | C] () -- C:\Windows\System32\94dthrz9t276265.exe
[2009/07/22 17:43:47 | 000,017,007 | ---- | C] () -- C:\Windows\System32\692zdownloader27925.dll
[2009/07/21 05:26:37 | 000,015,559 | ---- | C] () -- C:\Windows\System32\46z9not-a5virus3479.bin
[2009/07/17 23:07:45 | 000,003,866 | ---- | C] () -- C:\Windows\System32\1496s5ambzt396.bin
[2009/07/16 17:20:32 | 000,005,575 | ---- | C] () -- C:\Windows\System32\9593thi5z55.dll
[2009/07/15 09:49:29 | 000,004,207 | ---- | C] () -- C:\Windows\3bbespa95e1z75.exe
[2009/07/09 23:13:39 | 000,014,556 | ---- | C] () -- C:\Windows\System32\446e9parz52895.dll
[2009/07/07 12:43:46 | 000,013,785 | ---- | C] () -- C:\Windows\z3593w5rm2aa.bin
[2009/07/07 11:45:21 | 000,014,521 | ---- | C] () -- C:\Windows\6526vz52309.dll
[2009/07/05 02:15:48 | 000,016,824 | ---- | C] () -- C:\Windows\195645pamboz3a9.dll
[2009/07/03 22:10:50 | 000,005,874 | ---- | C] () -- C:\Windows\z5715orm91.exe
[2009/06/28 11:41:21 | 000,006,864 | ---- | C] () -- C:\Windows\System32\6z90hac5tool98d.exe
[2009/06/27 22:10:03 | 000,013,647 | ---- | C] () -- C:\Windows\19395ir1047z.exe
[2009/06/27 12:32:07 | 000,016,678 | ---- | C] () -- C:\Windows\System32\6a5zthief16529.bin
[2009/06/25 15:47:52 | 000,009,224 | ---- | C] () -- C:\Windows\System32\2279zown9oader537.exe
[2009/06/18 09:32:03 | 000,014,224 | ---- | C] () -- C:\Windows\System32\7959spars92576z.dll
[2009/06/18 08:37:31 | 000,009,667 | ---- | C] () -- C:\Windows\15b1st5alz9899.dll
[2009/06/17 08:28:10 | 000,006,398 | ---- | C] () -- C:\Windows\225549or5zcc.dll
[2009/06/15 01:09:04 | 000,018,388 | ---- | C] () -- C:\Windows\29560spambot1z2.dll
[2009/06/12 22:51:11 | 000,008,408 | ---- | C] () -- C:\Windows\System32\29926tro5za2.dll
[2009/06/12 21:33:08 | 000,008,625 | ---- | C] () -- C:\Windows\System32\4009zdd5are2429.exe
[2009/06/11 09:10:23 | 000,014,591 | ---- | C] () -- C:\Windows\5728not-a-vzru59c7.bin
[2009/06/06 12:40:47 | 000,016,044 | ---- | C] () -- C:\Windows\System32\19577szy38f.dll
[2009/06/05 17:22:17 | 000,015,932 | ---- | C] () -- C:\Windows\System32\2eze95eal589.bin
[2009/06/05 08:38:57 | 000,016,535 | ---- | C] () -- C:\Windows\System32\873znot-a-vir5s9ff.dll
[2009/06/04 06:11:53 | 000,005,047 | ---- | C] () -- C:\Windows\System32\28985wormz5.dll
[2009/06/02 17:15:58 | 000,017,153 | ---- | C] () -- C:\Windows\1z925vi9us555.bin
[2009/05/27 13:07:24 | 000,008,878 | ---- | C] () -- C:\Windows\System32\1bd65z91435.bin
[2009/05/27 01:09:01 | 000,008,964 | ---- | C] () -- C:\Windows\16879hac5toz915f.exe
[2009/05/26 04:06:15 | 000,015,107 | ---- | C] () -- C:\Windows\System32\25249virzs555.dll
[2009/05/25 19:39:16 | 000,018,412 | ---- | C] () -- C:\Windows\975badzwar52484.bin
[2009/05/23 20:35:21 | 000,011,908 | ---- | C] () -- C:\Windows\System32\25e5downloade9z58.dll
[2009/05/20 19:23:49 | 000,018,102 | ---- | C] () -- C:\Windows\System32\6958vizus479.exe
[2009/05/18 15:03:41 | 000,013,174 | ---- | C] () -- C:\Windows\14c8spy5are199z.exe
[2009/05/16 05:47:11 | 000,017,283 | ---- | C] () -- C:\Windows\70df5zie92099.dll
[2009/05/15 16:14:00 | 000,006,408 | ---- | C] () -- C:\Windows\System32\63edz5reat3469.exe
[2009/05/14 01:10:22 | 000,012,455 | ---- | C] () -- C:\Windows\590espzrse466.exe
[2009/05/13 17:28:41 | 000,013,917 | ---- | C] () -- C:\Windows\System32\9913not-a-vz5u9448.bin
[2009/05/13 07:09:19 | 000,015,797 | ---- | C] () -- C:\Windows\96997sp572z.bin
[2009/05/12 07:05:55 | 000,006,843 | ---- | C] () -- C:\Windows\1z5backdoor20789.dll
[2009/05/10 23:12:37 | 000,011,995 | ---- | C] () -- C:\Windows\System32\1c89tzief1855.exe
[2009/05/10 18:11:22 | 000,004,653 | ---- | C] () -- C:\Windows\System32\915z3hacktool55.dll
[2009/05/09 17:40:33 | 000,017,515 | ---- | C] () -- C:\Windows\351backdooz1599.exe
[2009/05/08 14:39:20 | 000,005,789 | ---- | C] () -- C:\Windows\4b9bthzea9109915.bin
[2009/05/07 22:36:09 | 000,010,636 | ---- | C] () -- C:\Windows\9876download5r3046z.dll
[2009/05/06 00:09:22 | 000,016,709 | ---- | C] () -- C:\Windows\1edzspyware16549.dll
[2009/05/05 23:47:26 | 000,012,873 | ---- | C] () -- C:\Windows\5745thrzat9918.bin
[2009/05/03 04:19:30 | 000,017,593 | ---- | C] () -- C:\Windows\System32\517es9yw5re5z5.bin
[2009/05/02 03:54:54 | 000,007,308 | ---- | C] () -- C:\Windows\System32\51620hacktoo9343z.exe
[2009/04/28 00:24:29 | 000,002,608 | ---- | C] () -- C:\Windows\System32\3b589teal24z.bin
[2009/04/24 07:31:19 | 000,004,660 | ---- | C] () -- C:\Windows\174z65a9ktool3fc.bin
[2009/04/23 13:58:16 | 000,008,067 | ---- | C] () -- C:\Windows\System32\322439iz5s586.bin
[2009/04/20 00:23:26 | 000,012,586 | ---- | C] () -- C:\Windows\47f5zpy5are2089.dll
[2009/04/18 06:19:34 | 000,015,924 | ---- | C] () -- C:\Windows\System32\7591vi5uz262.dll
[2009/04/18 05:43:06 | 000,011,216 | ---- | C] () -- C:\Windows\System32\472zs5ambo93e1.exe
[2009/04/17 10:20:32 | 000,013,805 | ---- | C] () -- C:\Windows\7ffd9p5zare77.dll
[2009/04/16 13:08:18 | 000,007,482 | ---- | C] () -- C:\Windows\7z9bbackdoor582.bin
[2009/04/15 15:21:10 | 000,003,935 | ---- | C] () -- C:\Windows\9551viruszbf.bin
[2009/04/15 05:52:03 | 000,014,402 | ---- | C] () -- C:\Windows\zc84vir24459.dll
[2009/04/13 13:26:43 | 000,004,190 | ---- | C] () -- C:\Windows\91303zpamb5t3bc.dll
[2009/04/10 20:40:04 | 000,006,168 | ---- | C] () -- C:\Windows\79a7stza51954.bin
[2009/04/10 16:08:00 | 000,011,055 | ---- | C] () -- C:\Windows\System32\157z9w9rm5de.dll
[2009/04/09 08:19:45 | 000,013,717 | ---- | C] () -- C:\Windows\System32\23760viru59z3.dll
[2009/04/08 11:53:21 | 000,009,933 | ---- | C] () -- C:\Windows\System32\7676haczto5l30b9.dll
[2009/04/08 10:24:53 | 000,009,688 | ---- | C] () -- C:\Windows\548dbackdo9rz101.exe
[2009/04/05 00:50:50 | 000,014,680 | ---- | C] () -- C:\Windows\239505ozm2b8.dll
[2009/03/24 05:09:59 | 000,014,967 | ---- | C] () -- C:\Windows\System32\84985iruszec9.dll
[2009/03/22 16:03:58 | 000,003,313 | ---- | C] () -- C:\Windows\6d09thze51104.bin
[2009/03/21 03:17:13 | 000,012,949 | ---- | C] () -- C:\Windows\System32\5979spzmbo93c3.dll
[2009/03/19 20:48:15 | 000,139,264 | ---- | C] () -- C:\Windows\ShareBarData.dll
[2009/03/19 18:46:47 | 000,002,316 | ---- | C] () -- C:\Windows\elwave76.ini
[2009/03/17 21:02:39 | 000,003,556 | ---- | C] () -- C:\Windows\System32\26685notza-vi9us56f.exe
[2009/03/15 05:07:21 | 000,014,622 | ---- | C] () -- C:\Windows\23215not5a9viruz75.bin
[2009/03/11 14:21:49 | 000,008,576 | ---- | C] () -- C:\Windows\System32\1a0s5ywarez109.bin
[2009/03/11 07:30:46 | 000,018,042 | ---- | C] () -- C:\Windows\System32\15705wzrm9a.dll
[2009/03/10 20:49:46 | 000,007,358 | ---- | C] () -- C:\Windows\System32\3893wozm159.bin
[2009/03/06 07:37:34 | 000,005,950 | ---- | C] () -- C:\Windows\System32\55eddow9loadez28285.exe
[2009/03/04 19:25:33 | 000,004,010 | ---- | C] () -- C:\Windows\1z85st9al638.exe
[2009/03/01 09:19:55 | 000,007,647 | ---- | C] () -- C:\Windows\System32\19855zac5tool414.exe
[2009/02/26 18:14:55 | 000,011,596 | ---- | C] () -- C:\Windows\System32\5553vizus69e9.exe
[2009/02/25 17:22:21 | 000,005,808 | ---- | C] () -- C:\Windows\System32\4a92thiefz475.dll
[2009/02/19 06:53:36 | 000,009,832 | ---- | C] () -- C:\Windows\System32\5be5v9r5z04.dll
[2009/02/17 03:18:20 | 000,008,583 | ---- | C] () -- C:\Windows\56489troj3z9.exe
[2009/02/15 21:10:09 | 000,011,761 | ---- | C] () -- C:\Windows\System32\16e55pyw9rez600.exe
[2009/02/12 14:48:39 | 000,013,902 | ---- | C] () -- C:\Windows\System32\289165ot-a9viruszba.dll
[2009/02/12 09:00:18 | 000,003,737 | ---- | C] () -- C:\Windows\System32\12925spy590z.dll
[2009/02/11 15:14:01 | 000,007,554 | ---- | C] () -- C:\Windows\5225t9ief1812z.dll
[2009/02/11 06:30:34 | 000,008,843 | ---- | C] () -- C:\Windows\6005b9c5dozr2839.exe
[2009/02/10 10:17:10 | 000,007,297 | ---- | C] () -- C:\Windows\235dth9ef2949z.exe
[2009/02/10 06:28:25 | 000,004,022 | ---- | C] () -- C:\Windows\System32\9580hac5tool3z8.bin
[2009/02/06 05:31:51 | 000,014,608 | ---- | C] () -- C:\Windows\System32\53acstealz597.exe
[2009/02/04 06:00:49 | 000,010,798 | ---- | C] () -- C:\Windows\10z79troj588.exe
[2009/02/03 09:34:48 | 000,006,275 | ---- | C] () -- C:\Windows\System32\z7057spa9bot2ba.exe
[2009/01/27 10:58:35 | 000,002,688 | ---- | C] () -- C:\Windows\System32\198355pyz9.dll
[2009/01/25 06:05:47 | 000,004,107 | ---- | C] () -- C:\Windows\2d2bthi5z679.exe
[2009/01/24 10:17:10 | 000,005,945 | ---- | C] () -- C:\Windows\2158hacktoo5z9f.exe
[2009/01/23 02:32:37 | 000,007,811 | ---- | C] () -- C:\Windows\System32\3c1fz5arse2981.bin
[2009/01/23 01:46:36 | 000,012,751 | ---- | C] () -- C:\Windows\459aspyza95952.bin
[2009/01/19 06:54:58 | 000,012,264 | ---- | C] () -- C:\Windows\System32\1295zsp53d6.exe
[2009/01/18 13:18:37 | 000,014,110 | ---- | C] () -- C:\Windows\22691v9ruszda5.bin
[2009/01/17 21:23:41 | 000,007,652 | ---- | C] () -- C:\Windows\1z649not-a-virus17c5.exe
[2009/01/16 23:27:12 | 000,015,117 | ---- | C] () -- C:\Windows\System32\9c05viz2135.bin
[2009/01/16 12:33:14 | 000,006,968 | ---- | C] () -- C:\Windows\3a59viz1597.bin
[2009/01/14 17:06:38 | 000,007,213 | ---- | C] () -- C:\Windows\565fspywarz498.bin
[2009/01/14 06:46:58 | 000,010,291 | ---- | C] () -- C:\Windows\31673spz7579.dll
[2009/01/08 10:51:59 | 000,003,341 | ---- | C] () -- C:\Windows\59cethie9425z.dll
[2009/01/08 08:43:24 | 000,004,739 | ---- | C] () -- C:\Windows\4859addw9rz589.exe
[2009/01/07 01:11:48 | 000,009,047 | ---- | C] () -- C:\Windows\566ezparse5419.dll
[2009/01/06 23:14:46 | 000,018,069 | ---- | C] () -- C:\Windows\System32\15dbdow9l5ader25z1.dll
[2008/12/29 00:25:16 | 000,012,993 | ---- | C] () -- C:\Windows\13590sz5mbot2c6.dll
[2008/12/27 13:22:45 | 000,011,903 | ---- | C] () -- C:\Windows\7bfthr59t29545z.dll
[2008/12/20 05:52:17 | 000,010,129 | ---- | C] () -- C:\Windows\z865virus1c9.dll
[2008/12/18 19:16:53 | 000,012,639 | ---- | C] () -- C:\Windows\55cedo5nloz9er379.dll
[2008/12/15 16:36:09 | 000,018,412 | ---- | C] () -- C:\Windows\13z32v5rus29e9.bin
[2008/12/10 04:57:45 | 000,006,217 | ---- | C] () -- C:\Windows\System32\185775ro9z27.exe
[2008/12/06 08:54:38 | 000,008,302 | ---- | C] () -- C:\Windows\51213tro9z47.dll
[2008/12/03 11:20:40 | 000,014,778 | ---- | C] () -- C:\Windows\System32\6589spyware8z9.bin
[2008/12/02 19:53:50 | 000,012,241 | ---- | C] () -- C:\Windows\System32\5b41stz5l1999.dll
[2008/11/28 10:58:48 | 000,004,742 | ---- | C] () -- C:\Windows\System32\50892v9rzsad.exe
[2008/11/27 18:10:04 | 000,002,998 | ---- | C] () -- C:\Windows\System32\3199h5ckzoo9126.dll
[2008/11/25 20:26:27 | 000,014,895 | ---- | C] () -- C:\Windows\1204downzo5der429.bin
[2008/11/24 02:30:41 | 000,007,909 | ---- | C] () -- C:\Windows\System32\7z49downloader2514.exe
[2008/11/23 09:19:20 | 000,004,310 | ---- | C] () -- C:\Windows\System32\193235pamboz449.bin
[2008/11/20 13:28:30 | 000,004,289 | ---- | C] () -- C:\Windows\7z9fth59at15408.bin
[2008/11/19 11:33:49 | 000,011,667 | ---- | C] () -- C:\Windows\System32\1580zno5-a-virus498.exe
[2008/11/17 09:42:51 | 000,011,566 | ---- | C] () -- C:\Windows\System32\z05ethie91076.bin
[2008/11/17 02:35:09 | 000,007,793 | ---- | C] () -- C:\Windows\System32\3e51thie9z316.exe
[2008/11/16 10:54:53 | 000,008,380 | ---- | C] () -- C:\Windows\System32\18857za9kt5ol776.dll
[2008/11/15 02:23:54 | 000,009,827 | ---- | C] () -- C:\Windows\System32\9zd8vir27825.bin
[2008/11/14 18:10:03 | 000,015,847 | ---- | C] () -- C:\Windows\b5esteal19z29.exe
[2008/11/14 07:34:42 | 000,017,068 | ---- | C] () -- C:\Windows\20591v9rus4zd.exe
[2008/11/14 05:31:29 | 000,005,061 | ---- | C] () -- C:\Windows\28505szamb9tcd.bin
[2008/11/13 04:55:49 | 000,003,651 | ---- | C] () -- C:\Windows\System32\9503s9z123.exe
[2008/11/12 04:52:56 | 000,008,200 | ---- | C] () -- C:\Windows\System32\7323thief2594z.dll
[2008/11/10 13:38:49 | 000,003,375 | ---- | C] () -- C:\Windows\25831wormz3b9.dll
[2008/11/10 02:49:31 | 000,008,642 | ---- | C] () -- C:\Windows\System32\21051troj69ez.exe
[2008/11/07 21:07:27 | 000,007,872 | ---- | C] () -- C:\Windows\522vz9us5e.bin
[2008/11/02 09:33:00 | 000,017,846 | ---- | C] () -- C:\Windows\7583spamb9tza7.bin
[2008/10/25 01:34:39 | 000,002,583 | ---- | C] () -- C:\Windows\System32\z0d5down5oa9er1533.dll
[2008/10/24 11:35:56 | 000,012,406 | ---- | C] () -- C:\Windows\System32\1049zh5cktool5d29.exe
[2008/10/24 02:40:12 | 000,010,008 | ---- | C] () -- C:\Windows\16796za9ktool557.exe
[2008/10/23 15:57:29 | 000,018,206 | ---- | C] () -- C:\Windows\50feszy9are1915.exe
[2008/10/19 23:07:31 | 000,003,712 | ---- | C] () -- C:\Windows\z0fas5ea92911.exe
[2008/10/17 21:24:38 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf07a.dat
[2008/10/15 11:40:22 | 000,012,392 | ---- | C] () -- C:\Windows\System32\z5742h5ckt9ol4b9.bin
[2008/10/14 15:14:57 | 000,011,814 | ---- | C] () -- C:\Windows\f4st5zl9217.dll
[2008/10/13 03:41:33 | 000,006,384 | ---- | C] () -- C:\Windows\54079zrm52.bin
[2008/10/01 22:36:36 | 000,014,828 | ---- | C] () -- C:\Windows\System32\3076zspy259.exe
[2008/09/28 13:16:24 | 000,006,608 | ---- | C] () -- C:\Windows\System32\19a7th5eatz2277.dll
[2008/09/25 19:44:08 | 000,008,449 | ---- | C] () -- C:\Windows\77dbt9ief2z25.bin
[2008/09/24 17:19:27 | 000,011,032 | ---- | C] () -- C:\Windows\z489spy5are1705.dll
[2008/09/24 09:06:08 | 000,015,347 | ---- | C] () -- C:\Windows\System32\24227zp922a5.exe
[2008/09/23 01:02:40 | 000,013,974 | ---- | C] () -- C:\Windows\31956not-a-vz5us242.exe
[2008/09/19 17:48:44 | 000,005,780 | ---- | C] () -- C:\Windows\System32\93z7t5oj469.exe
[2008/09/18 16:48:13 | 000,003,039 | ---- | C] () -- C:\Windows\System32\56a45p9zse991.bin
[2008/09/18 08:34:07 | 000,014,437 | ---- | C] () -- C:\Windows\23242n5t-a-9irus7cz.exe
[2008/09/16 04:02:28 | 000,016,997 | ---- | C] () -- C:\Windows\System32\5565v9r1z45.exe
[2008/09/12 20:13:08 | 000,007,757 | ---- | C] () -- C:\Windows\System32\2z365vi9us215.dll
[2008/09/12 13:13:25 | 000,015,685 | ---- | C] () -- C:\Windows\23494virus225z.dll
[2008/09/12 11:54:59 | 000,010,932 | ---- | C] () -- C:\Windows\System32\292235p9mboz394.dll
[2008/09/09 19:59:20 | 000,003,632 | ---- | C] () -- C:\Windows\System32\6592thre5t27019z.dll
[2008/09/09 03:08:52 | 000,002,817 | ---- | C] () -- C:\Windows\19zesteal2465.dll
[2008/09/08 07:04:48 | 000,011,932 | ---- | C] () -- C:\Windows\297steal1953z.bin
[2008/09/06 18:27:44 | 000,004,305 | ---- | C] () -- C:\Windows\41855pamzot1799.dll
[2008/09/03 03:00:30 | 000,003,965 | ---- | C] () -- C:\Windows\7d95szarse2811.exe
[2008/08/28 19:19:46 | 000,016,183 | ---- | C] () -- C:\Windows\System32\9620sp91z65.bin
[2008/08/26 04:42:04 | 000,018,406 | ---- | C] () -- C:\Windows\System32\3532trzj3fe9.dll
[2008/08/20 15:22:41 | 000,006,776 | ---- | C] () -- C:\Windows\System32\7f3eviz21795.dll
[2008/08/18 08:07:49 | 000,003,561 | ---- | C] () -- C:\Windows\System32\24afbackdoorz9925.bin
[2008/08/17 04:59:38 | 000,003,997 | ---- | C] () -- C:\Windows\289a5ddw9rez959.bin
[2008/08/16 18:54:14 | 000,016,039 | ---- | C] () -- C:\Windows\System32\21836not-a9virus65z.dll
[2008/08/15 09:50:53 | 000,003,578 | ---- | C] () -- C:\Windows\29dbacz9oor5178.exe
[2008/08/14 14:54:29 | 000,003,989 | ---- | C] () -- C:\Windows\5b94s5eaz1673.bin
[2008/08/14 12:56:34 | 000,016,375 | ---- | C] () -- C:\Windows\System32\9566tr9j55fz.exe
[2008/08/14 09:52:50 | 000,003,153 | ---- | C] () -- C:\Windows\25a5st5a9z270.dll
[2008/08/09 21:42:40 | 000,012,619 | ---- | C] () -- C:\Windows\System32\22899s5amzot2c0.bin
[2008/08/06 23:07:19 | 000,002,694 | ---- | C] () -- C:\Windows\System32\19593spazbotd9.bin
[2008/08/03 11:16:42 | 000,005,124 | ---- | C] () -- C:\Windows\System32\7059downlzader2952.dll
[2008/08/01 18:42:54 | 000,018,076 | ---- | C] () -- C:\Windows\System32\228925zoj635.dll
[2008/07/29 05:26:32 | 000,011,351 | ---- | C] () -- C:\Windows\24426not-z-viru9de5.dll
[2008/07/27 04:26:39 | 000,018,335 | ---- | C] () -- C:\Windows\System32\6986vir5z4e2.dll
[2008/07/25 04:38:56 | 000,010,246 | ---- | C] () -- C:\Windows\System32\59a4addware213z.dll
[2008/07/22 18:52:58 | 000,008,339 | ---- | C] () -- C:\Windows\15599hac5tooz12b.exe
[2008/07/19 18:46:10 | 000,005,004 | ---- | C] () -- C:\Windows\System32\2987t5reat268z1.bin
[2008/07/14 16:38:37 | 000,005,300 | ---- | C] () -- C:\Windows\System32\779f5parsz9823.bin
[2008/07/14 09:36:12 | 000,016,990 | ---- | C] () -- C:\Windows\c09spaz5e2727.dll
[2008/07/06 01:27:07 | 000,016,249 | ---- | C] () -- C:\Windows\10690hazktoo5599.bin
[2008/07/05 00:53:04 | 000,013,539 | ---- | C] () -- C:\Windows\System32\5aa59hzeat30457.dll
[2008/07/05 00:36:16 | 000,016,154 | ---- | C] () -- C:\Windows\System32\815znot-a5v9rus623.dll
[2008/06/27 22:35:44 | 000,013,143 | ---- | C] () -- C:\Windows\5d9cba9kdzor2285.dll
[2008/06/24 23:32:24 | 000,015,261 | ---- | C] () -- C:\Windows\298895orz29a.bin
[2008/06/22 23:41:13 | 000,011,476 | ---- | C] () -- C:\Windows\System32\z8519spy38f.bin
[2008/06/22 08:18:59 | 000,003,295 | ---- | C] () -- C:\Windows\z08945irus919.dll
[2008/06/19 13:25:50 | 000,007,897 | ---- | C] () -- C:\Windows\System32\512dspzrse9877.dll
[2008/06/17 12:51:29 | 000,018,413 | ---- | C] () -- C:\Windows\System32\99922szy5a5.dll
[2008/06/16 08:16:12 | 000,012,076 | ---- | C] () -- C:\Windows\System32\zfb2sp5rse2609.exe
[2008/06/14 08:54:41 | 000,008,111 | ---- | C] () -- C:\Windows\System32\49z5spy40c.dll
[2008/06/13 03:56:31 | 000,015,973 | ---- | C] () -- C:\Windows\25235zpy5b9.bin
[2008/06/11 09:01:35 | 000,011,322 | ---- | C] () -- C:\Windows\System32\59z5r398.exe
[2008/06/09 12:48:26 | 000,007,596 | ---- | C] () -- C:\Windows\System32\89z7not5a-virus5c1.bin
[2008/06/04 20:18:52 | 000,014,069 | ---- | C] () -- C:\Windows\System32\962zvir1594.bin
[2008/06/04 18:52:02 | 000,018,269 | ---- | C] () -- C:\Windows\7a7download5r2549z.exe
[2008/06/02 14:08:34 | 000,003,002 | ---- | C] () -- C:\Windows\31501sp95dz.bin
[2008/05/26 01:53:23 | 000,002,549 | ---- | C] () -- C:\Windows\System32\97f4st5az2367.exe
[2008/05/25 20:35:47 | 000,009,244 | ---- | C] () -- C:\Windows\System32\63cfad9ware552z.bin
[2008/05/22 09:23:30 | 000,008,501 | ---- | C] () -- C:\Windows\20273spa5z9t550.dll
[2008/05/22 06:58:35 | 000,004,130 | ---- | C] () -- C:\Windows\System32\5bcezown5o9der2066.bin
[2008/05/19 23:52:23 | 000,016,307 | ---- | C] () -- C:\Windows\System32\35b5zownl9ader3265.bin
[2008/05/19 02:52:12 | 000,015,779 | ---- | C] () -- C:\Windows\System32\6a9back5oo92z53.dll
[2008/05/17 17:56:29 | 000,010,834 | ---- | C] () -- C:\Windows\System32\2917zroj597.dll
[2008/05/15 02:36:14 | 000,010,957 | ---- | C] () -- C:\Windows\zcespywa9e1558.exe
[2008/05/14 03:56:26 | 000,007,185 | ---- | C] () -- C:\Windows\System32\955s5eal47z.dll
[2008/05/13 15:11:03 | 000,009,925 | ---- | C] () -- C:\Windows\222245o9mz61.exe
[2008/05/10 11:53:57 | 000,006,808 | ---- | C] () -- C:\Windows\System32\5059downzoader1980.bin
[2008/05/10 03:23:28 | 000,015,135 | ---- | C] () -- C:\Windows\2866thzef9759.bin
[2008/05/10 02:53:35 | 000,004,012 | ---- | C] () -- C:\Windows\System32\z1679w5rm1c2.bin
[2008/05/08 18:26:49 | 000,016,582 | ---- | C] () -- C:\Windows\128129zr5s548.dll
[2008/05/07 16:37:27 | 000,011,039 | ---- | C] () -- C:\Windows\System32\5d73st95l3121z.dll
[2008/05/05 02:06:03 | 000,015,295 | ---- | C] () -- C:\Windows\System32\792czhre9523275.dll
[2008/05/04 11:09:09 | 000,011,746 | ---- | C] () -- C:\Windows\22a9vi535z.bin
[2008/05/03 15:37:16 | 000,017,502 | ---- | C] () -- C:\Windows\System32\870troz6859.dll
[2008/05/01 14:30:49 | 000,004,076 | ---- | C] () -- C:\Windows\System32\3z95thief2912.bin
[2008/04/29 04:30:03 | 000,008,735 | ---- | C] () -- C:\Windows\System32\1937spar9e459z.bin
[2008/04/24 23:33:36 | 000,009,153 | ---- | C] () -- C:\Windows\System32\6659szeal825.bin
[2008/04/24 02:23:59 | 000,005,304 | ---- | C] () -- C:\Windows\System32\6935spyw5rz963.exe
[2008/04/17 00:16:07 | 000,007,171 | ---- | C] () -- C:\Windows\System32\302z8not-a-9i5usf.bin
[2008/04/14 02:03:22 | 000,007,695 | ---- | C] () -- C:\Windows\5z97hackto5l4ad9.bin
[2008/04/11 07:17:04 | 000,016,868 | ---- | C] () -- C:\Windows\System32\754threatz08589.exe
[2008/04/08 22:47:37 | 000,010,770 | ---- | C] () -- C:\Windows\System32\199515py1z2.dll
[2008/04/08 09:59:54 | 000,017,218 | ---- | C] () -- C:\Windows\1f2caddware3595z.dll
[2008/04/08 05:16:04 | 000,018,125 | ---- | C] () -- C:\Windows\3597wor52z.bin
[2008/04/05 20:35:05 | 000,004,354 | ---- | C] () -- C:\Windows\System32\509ca5dzare931.exe
[2008/04/01 15:29:00 | 000,017,896 | ---- | C] () -- C:\Windows\73d29i5267z.exe
[2008/03/28 02:00:40 | 000,015,760 | ---- | C] () -- C:\Windows\System32\39dathrezt9509.dll
[2008/03/26 05:22:47 | 000,003,056 | ---- | C] () -- C:\Windows\System32\z9a1vi93527.bin
[2008/03/26 00:10:48 | 000,007,557 | ---- | C] () -- C:\Windows\d579zreat5954.dll
[2008/03/25 13:58:48 | 000,004,675 | ---- | C] () -- C:\Windows\4c5fvir9594z.bin
[2008/03/19 20:21:38 | 000,015,855 | ---- | C] () -- C:\Windows\System32\9c70steal515z.dll
[2008/03/14 05:36:16 | 000,003,315 | ---- | C] () -- C:\Windows\3azc9h5eat23554.bin
[2008/03/11 21:06:27 | 000,017,295 | ---- | C] () -- C:\Windows\34ffthi5z97.exe
[2008/03/11 20:33:22 | 000,011,502 | ---- | C] () -- C:\Windows\57999zpy3fa.exe
[2008/03/10 00:31:46 | 000,012,524 | ---- | C] () -- C:\Windows\50925szy7cf.dll
[2008/03/07 15:13:37 | 000,005,673 | ---- | C] () -- C:\Windows\7830dow5lzade91113.exe
[2008/03/07 07:57:16 | 000,002,660 | ---- | C] () -- C:\Windows\System32\2753zspamb591ab.exe
[2008/03/06 23:31:35 | 000,002,779 | ---- | C] () -- C:\Windows\System32\24c5sparse2469z.exe
[2008/03/02 22:57:08 | 000,003,768 | ---- | C] () -- C:\Windows\3f849hzef1154.dll
[2008/02/25 14:43:14 | 000,011,591 | ---- | C] () -- C:\Windows\9023thz5f2688.bin
[2008/02/24 11:17:43 | 000,010,585 | ---- | C] () -- C:\Windows\System32\z706not5a9virus40e.dll
[2008/02/24 09:13:30 | 000,012,600 | ---- | C] () -- C:\Windows\System32\655bba5k9zor2924.exe
[2008/02/24 01:18:25 | 000,011,669 | ---- | C] () -- C:\Windows\5z2cthie9238.bin
[2008/02/23 12:00:31 | 000,003,069 | ---- | C] () -- C:\Windows\5395v9rusfz5.exe
[2008/02/22 13:11:39 | 000,012,884 | ---- | C] () -- C:\Windows\System32\51320viru9521z.bin
[2008/02/18 23:30:16 | 000,012,504 | ---- | C] () -- C:\Windows\15z99i52708.exe
[2008/02/17 21:21:53 | 000,016,364 | ---- | C] () -- C:\Windows\System32\677as9zware5762.dll
[2008/02/17 17:03:40 | 000,017,278 | ---- | C] () -- C:\Windows\System32\3908n5t9a-vzrus204.exe
[2008/02/17 06:39:47 | 000,004,045 | ---- | C] () -- C:\Windows\4692zteal1257.exe
[2008/02/06 11:08:56 | 000,014,529 | ---- | C] () -- C:\Windows\6099add5are29z7.bin
[2008/02/06 03:38:02 | 000,006,962 | ---- | C] () -- C:\Windows\System32\220czack95or955.exe
[2008/02/05 00:35:35 | 000,008,990 | ---- | C] () -- C:\Windows\752fsp9warz491.dll
[2008/02/04 13:45:08 | 000,016,876 | ---- | C] () -- C:\Windows\System32\19140s5y9c7z.bin
[2008/02/03 01:17:30 | 000,010,496 | ---- | C] () -- C:\Windows\1bd2z5yware2979.dll
[2008/01/28 15:21:36 | 000,014,742 | ---- | C] () -- C:\Windows\System32\250baczd9or856.bin
[2008/01/28 00:57:36 | 000,007,080 | ---- | C] () -- C:\Windows\System32\26f25pzr9e151.exe
[2008/01/27 11:07:09 | 000,004,065 | ---- | C] () -- C:\Windows\35e8az9war52810.bin
[2008/01/26 20:04:42 | 000,013,755 | ---- | C] () -- C:\Windows\1935tzoj3fa9.dll
[2008/01/20 17:38:01 | 000,006,900 | ---- | C] () -- C:\Windows\System32\7z529parse1052.exe
[2008/01/18 01:48:49 | 000,014,664 | ---- | C] () -- C:\Windows\z95t9i5f928.exe
[2008/01/17 08:46:13 | 000,014,767 | ---- | C] () -- C:\Windows\8zcs9a5se1614.bin
[2008/01/16 16:37:29 | 000,012,904 | ---- | C] () -- C:\Windows\System32\2f40zhrea528942.exe
[2008/01/14 15:37:04 | 000,016,026 | ---- | C] () -- C:\Windows\System32\c57zt5al1496.bin
[2008/01/13 17:24:38 | 000,014,990 | ---- | C] () -- C:\Windows\System32\92a2downlzader354.dll
[2008/01/13 08:41:00 | 000,012,063 | ---- | C] () -- C:\Windows\System32\29905vizus13f9.bin
[2008/01/12 06:23:13 | 000,008,106 | ---- | C] () -- C:\Windows\System32\96599acktooz2f.bin
[2008/01/11 03:24:06 | 000,003,107 | ---- | C] () -- C:\Windows\z955worm895.exe
[2008/01/10 23:55:33 | 000,011,874 | ---- | C] () -- C:\Windows\System32\14974sza9bot5a3.dll
[2008/01/09 18:34:24 | 000,009,230 | ---- | C] () -- C:\Windows\System32\6d4ev9z1538.dll
[2008/01/09 06:08:54 | 000,015,109 | ---- | C] () -- C:\Windows\148z6t9oj3f55.exe
[2008/01/09 05:34:34 | 000,008,427 | ---- | C] () -- C:\Windows\System32\e97thzeat51956.bin
[2008/01/08 20:23:32 | 000,017,517 | ---- | C] () -- C:\Windows\6f89thizf5931.exe
[2008/01/06 09:48:09 | 000,008,571 | ---- | C] () -- C:\Windows\41z7threa92572.exe
[2008/01/05 08:17:25 | 000,004,385 | ---- | C] () -- C:\Windows\System32\297905ormz2e.bin
[2008/01/05 04:42:06 | 000,013,625 | ---- | C] () -- C:\Windows\7ebes9arsz552.dll
[2006/08/25 05:31:57 | 000,000,040 | ---- | C] () -- C:\Users\Administrator\AppData\Local\6a7011db8eb3184.dat

:Reg

:Files
echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

  • 0

#3
Yayo
Posted 12 September 2011 - 05:36 PM

Yayo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thank-you for your help SweetTech. I very much appreciate it. =)

I will follow your instructions when I get home from work and get internet access on the problematic computer. I will get back to you ASAP.

Thanks!!
  • 0

#4
SweetTech
Posted 12 September 2011 - 06:37 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
:)
  • 0

#5
Yayo
Posted 13 September 2011 - 07:27 AM

Yayo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi SweetTech. Logs from your instructions are pasted below. Ta.


///////////////////////////////////////////////////////////////////////////////////////


All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
HKU\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\BVRPLiveUpdate deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\C:\Program Files\Free Video Zilla\FVZilla.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Run\\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
C:\ProgramData\webex\ieatgpc.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52962a39-8967-11dd-b53d-001d6069c407}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52962a39-8967-11dd-b53d-001d6069c407}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52962a39-8967-11dd-b53d-001d6069c407}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52962a39-8967-11dd-b53d-001d6069c407}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52962a5e-8967-11dd-b53d-001d6069c407}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52962a5e-8967-11dd-b53d-001d6069c407}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52962a5e-8967-11dd-b53d-001d6069c407}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52962a5e-8967-11dd-b53d-001d6069c407}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52962a60-8967-11dd-b53d-8969194966ed}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52962a60-8967-11dd-b53d-8969194966ed}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52962a60-8967-11dd-b53d-8969194966ed}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52962a60-8967-11dd-b53d-8969194966ed}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52962a61-8967-11dd-b53d-8969194966ed}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52962a61-8967-11dd-b53d-8969194966ed}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52962a61-8967-11dd-b53d-8969194966ed}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52962a61-8967-11dd-b53d-8969194966ed}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{72e35a4d-c6f1-11dc-8c0f-001d6069c407}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72e35a4d-c6f1-11dc-8c0f-001d6069c407}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c06dac3-c81f-11dd-a293-ef0a25bd4b05}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c06dac3-c81f-11dd-a293-ef0a25bd4b05}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c06dac3-c81f-11dd-a293-ef0a25bd4b05}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c06dac3-c81f-11dd-a293-ef0a25bd4b05}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c06dac4-c81f-11dd-a293-ef0a25bd4b05}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c06dac4-c81f-11dd-a293-ef0a25bd4b05}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c06dac4-c81f-11dd-a293-ef0a25bd4b05}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c06dac4-c81f-11dd-a293-ef0a25bd4b05}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{89b07d54-d793-11dd-b2f9-87f82a7c207e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89b07d54-d793-11dd-b2f9-87f82a7c207e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{89b07d54-d793-11dd-b2f9-87f82a7c207e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89b07d54-d793-11dd-b2f9-87f82a7c207e}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ef36f23f-a3f0-11dd-90ed-b465fe0d6782}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef36f23f-a3f0-11dd-90ed-b465fe0d6782}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ef36f23f-a3f0-11dd-90ed-b465fe0d6782}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef36f23f-a3f0-11dd-90ed-b465fe0d6782}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ef36f242-a3f0-11dd-90ed-b465fe0d6782}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef36f242-a3f0-11dd-90ed-b465fe0d6782}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ef36f242-a3f0-11dd-90ed-b465fe0d6782}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef36f242-a3f0-11dd-90ed-b465fe0d6782}\ not found.
File F:\AutoRun.exe not found.
C:\Users\Administrator\Desktop\remover.exe moved successfully.
C:\Windows\System32\remover.exe moved successfully.
C:\Users\Administrator\Desktop\remover.bat moved successfully.
C:\Windows\System32\BTKR_RunBox.exe moved successfully.
C:\mbr.exe moved successfully.
C:\Windows\System32\mbr.exe moved successfully.
C:\Windows\System32\drivers\etc\hosts-lms.tmp deleted successfully.
File C:\Users\Administrator\Desktop\remover.bat not found.
File C:\Windows\System32\BTKR_RunBox.exe not found.
File C:\mbr.exe not found.
File C:\Windows\System32\mbr.exe not found.
C:\Users\Administrator\AppData\Local\jvfe16rj777337e4y1564f moved successfully.
C:\ProgramData\jvfe16rj777337e4y1564f moved successfully.
C:\Windows\System32\Msspsn.dll moved successfully.
C:\Windows\System32\359fsp5rze706.exe moved successfully.
C:\Windows\System32\25533z9rm1.dll moved successfully.
C:\Windows\System32\2b8az9dware1205.exe moved successfully.
C:\Windows\System32\e769owzl5ader1494.bin moved successfully.
C:\Windows\System32\92z4tr9j6d5.dll moved successfully.
C:\Windows\System32\2bf8sp5r9e8z1.exe moved successfully.
C:\Windows\aiq32cvt.INI moved successfully.
C:\Windows\aiq32.ini moved successfully.
C:\Windows\AIQCH32.INI moved successfully.
C:\Windows\KADJISYS.INI moved successfully.
C:\Windows\CTRLXAF4.INI moved successfully.
C:\Windows\F4MAIL98.DLL moved successfully.
C:\Windows\FTGT32.INI moved successfully.
C:\Windows\System32\CTA32.dll moved successfully.
C:\Windows\System32\z6927hacktoo535d.bin moved successfully.
C:\Windows\System32\9458zworm65a.exe moved successfully.
C:\Windows\System32\zd44st9al9145.dll moved successfully.
C:\Windows\System32\595dth5zat13590.dll moved successfully.
C:\Windows\System32\1c859hrezt290435.bin moved successfully.
C:\Windows\System32\29z31sp5a3.bin moved successfully.
C:\Windows\System32\5z6athief5799.bin moved successfully.
C:\Windows\System32\495fsparse268z.exe moved successfully.
C:\Windows\System32\z5725s5ambo950b.bin moved successfully.
C:\Windows\System32\2z5caddwa59475.dll moved successfully.
C:\Windows\17z45sp9676.exe moved successfully.
C:\Windows\56946sp95z2.exe moved successfully.
C:\Windows\995etzief999.exe moved successfully.
C:\Windows\2z955hac9t5ol7a3.dll moved successfully.
C:\Windows\92z40not-a-virus2ce5.exe moved successfully.
C:\Windows\15azthief30395.dll moved successfully.
C:\Windows\84825pzmbot2069.dll moved successfully.
C:\Windows\1z1895acktool9a3.bin moved successfully.
C:\Windows\7095thze538.dll moved successfully.
C:\Windows\1c64dowzloa5er978.bin moved successfully.
C:\Windows\4za99teal19405.dll moved successfully.
C:\Windows\7z14sp5rs91479.bin moved successfully.
C:\Windows\1a79steal3z05.exe moved successfully.
C:\Windows\57e9downloadez775.bin moved successfully.
C:\Windows\8525w9rm77z.dll moved successfully.
C:\Windows\12180v9rus659z.bin moved successfully.
C:\Windows\10652zpy987.dll moved successfully.
C:\Windows\19988not-5-zirus99.exe moved successfully.
C:\Windows\4a3down5oaderz149.bin moved successfully.
C:\Windows\2f5zadd9are2349.exe moved successfully.
C:\Windows\5z6595eal2134.dll moved successfully.
C:\Windows\58cas9zrs52750.exe moved successfully.
C:\Windows\2139zhacktoo5596.dll moved successfully.
C:\Windows\59291vir9sz61.bin moved successfully.
C:\Windows\71bazt59l2149.bin moved successfully.
C:\Windows\7az7s9eal5085.exe moved successfully.
C:\Windows\5c54szy59re1969.bin moved successfully.
C:\Windows\7633tr9jzb5.exe moved successfully.
C:\Windows\System32\z729vir15445.exe moved successfully.
C:\Windows\System32\9249viru95z3.exe moved successfully.
C:\Windows\System32\1z085wo5m90d.dll moved successfully.
C:\Windows\System32\507z9hief20375.bin moved successfully.
C:\Windows\40fza5dware24509.dll moved successfully.
C:\Windows\System32\97775spyzb2.dll moved successfully.
C:\Windows\21908s5amboz9f.dll moved successfully.
C:\Windows\21543sp9mbotz5.bin moved successfully.
C:\Windows\System32\43acthrez5317569.bin moved successfully.
C:\Windows\31659s9zmb5t31b.exe moved successfully.
C:\Windows\System32\3b4cszar9e27775.exe moved successfully.
C:\Windows\System32\92599zo5m452.exe moved successfully.
C:\Windows\System32\9fczteal1795.dll moved successfully.
C:\Windows\455az9arse1882.exe moved successfully.
C:\Windows\System32\513zspyw9re5007.bin moved successfully.
C:\Windows\System32\15517s9amboz486.dll moved successfully.
C:\Windows\System32\12z195roj729.exe moved successfully.
C:\Windows\28949worm995z.exe moved successfully.
C:\Windows\25z8th9ef1549.bin moved successfully.
C:\Windows\System32\26189szy557.bin moved successfully.
C:\Windows\System32\163fthi5932z.bin moved successfully.
C:\Windows\4e995ir24z5.exe moved successfully.
C:\Windows\2845sp9rse2270z.bin moved successfully.
C:\Windows\4915down9oader8z5.dll moved successfully.
C:\Windows\786zspy9are2580.bin moved successfully.
C:\Windows\System32\z8850worm99.exe moved successfully.
C:\Windows\System32\4c9f95wnlzader615.bin moved successfully.
C:\Windows\80z5sp54459.dll moved successfully.
C:\Windows\System32\7566sparsez009.dll moved successfully.
C:\Windows\System32\159z29roj74a.exe moved successfully.
C:\Windows\System32\7a1z5teal9511.dll moved successfully.
C:\Windows\System32\35245ackdooz3919.dll moved successfully.
C:\Windows\2912adzwar53181.bin moved successfully.
C:\Windows\697csp5rz9349.dll moved successfully.
C:\Windows\32947spz5bot45a.exe moved successfully.
C:\Windows\System32\z641spambo9445.bin moved successfully.
C:\Windows\System32\52e2downloa9er1013z.exe moved successfully.
C:\Windows\System32\92b1viz1533.exe moved successfully.
C:\Windows\3347hacz5ool9fe.bin moved successfully.
C:\Windows\z9992s5y1ae.dll moved successfully.
C:\Windows\System32\1160zpy559.exe moved successfully.
C:\Windows\System32\5zbdsteal5419.exe moved successfully.
C:\Windows\System32\9543wzrm73a.dll moved successfully.
C:\Windows\System32\1457do9nloader9z5.bin moved successfully.
C:\Windows\System32\240485acktzol19.exe moved successfully.
C:\Windows\System32\170265p9mbot4zf.dll moved successfully.
C:\Windows\2619tzoj44e5.exe moved successfully.
C:\Windows\z22719py157.exe moved successfully.
C:\Windows\22099spy950z.bin moved successfully.
C:\Windows\1979vz51622.dll moved successfully.
C:\Windows\56f895wnlzader1623.bin moved successfully.
C:\Windows\18b0stzal2592.exe moved successfully.
C:\Windows\System32\3547z59j2c8.exe moved successfully.
C:\Windows\System32\351z1troj3a9.dll moved successfully.
C:\Windows\System32\35a9spyware25z0.bin moved successfully.
C:\Windows\System32\31z39not-a-virus257.exe moved successfully.
C:\Windows\1826spazbot9d5.exe moved successfully.
C:\Windows\System32\z99v59us315.bin moved successfully.
C:\Windows\System32\10199worm5z4.bin moved successfully.
C:\Windows\z616st5al972.dll moved successfully.
C:\Windows\System32\555a9ownloader1z65.bin moved successfully.
C:\Windows\System32\19540sz96b7.exe moved successfully.
C:\Windows\25544haz9tool65a.bin moved successfully.
C:\Windows\System32\4745sp9rze1574.bin moved successfully.
C:\Windows\16169spz9bot3fc5.dll moved successfully.
C:\Windows\170715iru94dz.exe moved successfully.
C:\Windows\System32\6d15stez5392.bin moved successfully.
C:\Windows\194z8sp9mbot572.exe moved successfully.
C:\Windows\23874t95j5eez.bin moved successfully.
C:\Windows\System32\56abackd9zr597.exe moved successfully.
C:\Windows\System32\21a5addware988z.exe moved successfully.
C:\Windows\System32\z91715pambot368.exe moved successfully.
C:\Windows\System32\792zdownloader6895.exe moved successfully.
C:\Windows\1253hackzoo960.dll moved successfully.
C:\Windows\z259virus35f.exe moved successfully.
C:\Windows\25995roj752z.bin moved successfully.
C:\Windows\5c85za9kdoor85.dll moved successfully.
C:\Windows\System32\62029a5kdoorz311.exe moved successfully.
C:\Windows\5579zddware2801.exe moved successfully.
C:\Windows\79e25ackdoor9z6.exe moved successfully.
C:\Windows\195evir2z2.dll moved successfully.
C:\Windows\System32\25795ir899z.exe moved successfully.
C:\Windows\System32\za069h5eat28000.exe moved successfully.
C:\Windows\1bzd5hief1923.dll moved successfully.
C:\Windows\System32\z52149py4a85.dll moved successfully.
C:\Windows\z995thief2495.exe moved successfully.
C:\Windows\System32\30649spa9bo5z6b.exe moved successfully.
C:\Windows\System32\3d1z9hrea51500.exe moved successfully.
C:\Windows\409zth5ef256.exe moved successfully.
C:\Windows\System32\52z4vir95105.dll moved successfully.
C:\Windows\1z6849pambot57c.exe moved successfully.
C:\Windows\System32\94dthrz9t276265.exe moved successfully.
C:\Windows\System32\692zdownloader27925.dll moved successfully.
C:\Windows\System32\46z9not-a5virus3479.bin moved successfully.
C:\Windows\System32\1496s5ambzt396.bin moved successfully.
C:\Windows\System32\9593thi5z55.dll moved successfully.
C:\Windows\3bbespa95e1z75.exe moved successfully.
C:\Windows\System32\446e9parz52895.dll moved successfully.
C:\Windows\z3593w5rm2aa.bin moved successfully.
C:\Windows\6526vz52309.dll moved successfully.
C:\Windows\195645pamboz3a9.dll moved successfully.
C:\Windows\z5715orm91.exe moved successfully.
C:\Windows\System32\6z90hac5tool98d.exe moved successfully.
C:\Windows\19395ir1047z.exe moved successfully.
C:\Windows\System32\6a5zthief16529.bin moved successfully.
C:\Windows\System32\2279zown9oader537.exe moved successfully.
C:\Windows\System32\7959spars92576z.dll moved successfully.
C:\Windows\15b1st5alz9899.dll moved successfully.
C:\Windows\225549or5zcc.dll moved successfully.
C:\Windows\29560spambot1z2.dll moved successfully.
C:\Windows\System32\29926tro5za2.dll moved successfully.
C:\Windows\System32\4009zdd5are2429.exe moved successfully.
C:\Windows\5728not-a-vzru59c7.bin moved successfully.
C:\Windows\System32\19577szy38f.dll moved successfully.
C:\Windows\System32\2eze95eal589.bin moved successfully.
C:\Windows\System32\873znot-a-vir5s9ff.dll moved successfully.
C:\Windows\System32\28985wormz5.dll moved successfully.
C:\Windows\1z925vi9us555.bin moved successfully.
C:\Windows\System32\1bd65z91435.bin moved successfully.
C:\Windows\16879hac5toz915f.exe moved successfully.
C:\Windows\System32\25249virzs555.dll moved successfully.
C:\Windows\975badzwar52484.bin moved successfully.
C:\Windows\System32\25e5downloade9z58.dll moved successfully.
C:\Windows\System32\6958vizus479.exe moved successfully.
C:\Windows\14c8spy5are199z.exe moved successfully.
C:\Windows\70df5zie92099.dll moved successfully.
C:\Windows\System32\63edz5reat3469.exe moved successfully.
C:\Windows\590espzrse466.exe moved successfully.
C:\Windows\System32\9913not-a-vz5u9448.bin moved successfully.
C:\Windows\96997sp572z.bin moved successfully.
C:\Windows\1z5backdoor20789.dll moved successfully.
C:\Windows\System32\1c89tzief1855.exe moved successfully.
C:\Windows\System32\915z3hacktool55.dll moved successfully.
C:\Windows\351backdooz1599.exe moved successfully.
C:\Windows\4b9bthzea9109915.bin moved successfully.
C:\Windows\9876download5r3046z.dll moved successfully.
C:\Windows\1edzspyware16549.dll moved successfully.
C:\Windows\5745thrzat9918.bin moved successfully.
C:\Windows\System32\517es9yw5re5z5.bin moved successfully.
C:\Windows\System32\51620hacktoo9343z.exe moved successfully.
C:\Windows\System32\3b589teal24z.bin moved successfully.
C:\Windows\174z65a9ktool3fc.bin moved successfully.
C:\Windows\System32\322439iz5s586.bin moved successfully.
C:\Windows\47f5zpy5are2089.dll moved successfully.
C:\Windows\System32\7591vi5uz262.dll moved successfully.
C:\Windows\System32\472zs5ambo93e1.exe moved successfully.
C:\Windows\7ffd9p5zare77.dll moved successfully.
C:\Windows\7z9bbackdoor582.bin moved successfully.
C:\Windows\9551viruszbf.bin moved successfully.
C:\Windows\zc84vir24459.dll moved successfully.
C:\Windows\91303zpamb5t3bc.dll moved successfully.
C:\Windows\79a7stza51954.bin moved successfully.
C:\Windows\System32\157z9w9rm5de.dll moved successfully.
C:\Windows\System32\23760viru59z3.dll moved successfully.
C:\Windows\System32\7676haczto5l30b9.dll moved successfully.
C:\Windows\548dbackdo9rz101.exe moved successfully.
C:\Windows\239505ozm2b8.dll moved successfully.
C:\Windows\System32\84985iruszec9.dll moved successfully.
C:\Windows\6d09thze51104.bin moved successfully.
C:\Windows\System32\5979spzmbo93c3.dll moved successfully.
C:\Windows\ShareBarData.dll moved successfully.
C:\Windows\elwave76.ini moved successfully.
C:\Windows\System32\26685notza-vi9us56f.exe moved successfully.
C:\Windows\23215not5a9viruz75.bin moved successfully.
C:\Windows\System32\1a0s5ywarez109.bin moved successfully.
C:\Windows\System32\15705wzrm9a.dll moved successfully.
C:\Windows\System32\3893wozm159.bin moved successfully.
C:\Windows\System32\55eddow9loadez28285.exe moved successfully.
C:\Windows\1z85st9al638.exe moved successfully.
C:\Windows\System32\19855zac5tool414.exe moved successfully.
C:\Windows\System32\5553vizus69e9.exe moved successfully.
C:\Windows\System32\4a92thiefz475.dll moved successfully.
C:\Windows\System32\5be5v9r5z04.dll moved successfully.
C:\Windows\56489troj3z9.exe moved successfully.
C:\Windows\System32\16e55pyw9rez600.exe moved successfully.
C:\Windows\System32\289165ot-a9viruszba.dll moved successfully.
C:\Windows\System32\12925spy590z.dll moved successfully.
C:\Windows\5225t9ief1812z.dll moved successfully.
C:\Windows\6005b9c5dozr2839.exe moved successfully.
C:\Windows\235dth9ef2949z.exe moved successfully.
C:\Windows\System32\9580hac5tool3z8.bin moved successfully.
C:\Windows\System32\53acstealz597.exe moved successfully.
C:\Windows\10z79troj588.exe moved successfully.
C:\Windows\System32\z7057spa9bot2ba.exe moved successfully.
C:\Windows\System32\198355pyz9.dll moved successfully.
C:\Windows\2d2bthi5z679.exe moved successfully.
C:\Windows\2158hacktoo5z9f.exe moved successfully.
C:\Windows\System32\3c1fz5arse2981.bin moved successfully.
C:\Windows\459aspyza95952.bin moved successfully.
C:\Windows\System32\1295zsp53d6.exe moved successfully.
C:\Windows\22691v9ruszda5.bin moved successfully.
C:\Windows\1z649not-a-virus17c5.exe moved successfully.
C:\Windows\System32\9c05viz2135.bin moved successfully.
C:\Windows\3a59viz1597.bin moved successfully.
C:\Windows\565fspywarz498.bin moved successfully.
C:\Windows\31673spz7579.dll moved successfully.
C:\Windows\59cethie9425z.dll moved successfully.
C:\Windows\4859addw9rz589.exe moved successfully.
C:\Windows\566ezparse5419.dll moved successfully.
C:\Windows\System32\15dbdow9l5ader25z1.dll moved successfully.
C:\Windows\13590sz5mbot2c6.dll moved successfully.
C:\Windows\7bfthr59t29545z.dll moved successfully.
C:\Windows\z865virus1c9.dll moved successfully.
C:\Windows\55cedo5nloz9er379.dll moved successfully.
C:\Windows\13z32v5rus29e9.bin moved successfully.
C:\Windows\System32\185775ro9z27.exe moved successfully.
C:\Windows\51213tro9z47.dll moved successfully.
C:\Windows\System32\6589spyware8z9.bin moved successfully.
C:\Windows\System32\5b41stz5l1999.dll moved successfully.
C:\Windows\System32\50892v9rzsad.exe moved successfully.
C:\Windows\System32\3199h5ckzoo9126.dll moved successfully.
C:\Windows\1204downzo5der429.bin moved successfully.
C:\Windows\System32\7z49downloader2514.exe moved successfully.
C:\Windows\System32\193235pamboz449.bin moved successfully.
C:\Windows\7z9fth59at15408.bin moved successfully.
C:\Windows\System32\1580zno5-a-virus498.exe moved successfully.
C:\Windows\System32\z05ethie91076.bin moved successfully.
C:\Windows\System32\3e51thie9z316.exe moved successfully.
C:\Windows\System32\18857za9kt5ol776.dll moved successfully.
C:\Windows\System32\9zd8vir27825.bin moved successfully.
C:\Windows\b5esteal19z29.exe moved successfully.
C:\Windows\20591v9rus4zd.exe moved successfully.
C:\Windows\28505szamb9tcd.bin moved successfully.
C:\Windows\System32\9503s9z123.exe moved successfully.
C:\Windows\System32\7323thief2594z.dll moved successfully.
C:\Windows\25831wormz3b9.dll moved successfully.
C:\Windows\System32\21051troj69ez.exe moved successfully.
C:\Windows\522vz9us5e.bin moved successfully.
C:\Windows\7583spamb9tza7.bin moved successfully.
C:\Windows\System32\z0d5down5oa9er1533.dll moved successfully.
C:\Windows\System32\1049zh5cktool5d29.exe moved successfully.
C:\Windows\16796za9ktool557.exe moved successfully.
C:\Windows\50feszy9are1915.exe moved successfully.
C:\Windows\z0fas5ea92911.exe moved successfully.
C:\Windows\System32\bridf07a.dat moved successfully.
C:\Windows\System32\z5742h5ckt9ol4b9.bin moved successfully.
C:\Windows\f4st5zl9217.dll moved successfully.
C:\Windows\54079zrm52.bin moved successfully.
C:\Windows\System32\3076zspy259.exe moved successfully.
C:\Windows\System32\19a7th5eatz2277.dll moved successfully.
C:\Windows\77dbt9ief2z25.bin moved successfully.
C:\Windows\z489spy5are1705.dll moved successfully.
C:\Windows\System32\24227zp922a5.exe moved successfully.
C:\Windows\31956not-a-vz5us242.exe moved successfully.
C:\Windows\System32\93z7t5oj469.exe moved successfully.
C:\Windows\System32\56a45p9zse991.bin moved successfully.
C:\Windows\23242n5t-a-9irus7cz.exe moved successfully.
C:\Windows\System32\5565v9r1z45.exe moved successfully.
C:\Windows\System32\2z365vi9us215.dll moved successfully.
C:\Windows\23494virus225z.dll moved successfully.
C:\Windows\System32\292235p9mboz394.dll moved successfully.
C:\Windows\System32\6592thre5t27019z.dll moved successfully.
C:\Windows\19zesteal2465.dll moved successfully.
C:\Windows\297steal1953z.bin moved successfully.
C:\Windows\41855pamzot1799.dll moved successfully.
C:\Windows\7d95szarse2811.exe moved successfully.
C:\Windows\System32\9620sp91z65.bin moved successfully.
C:\Windows\System32\3532trzj3fe9.dll moved successfully.
C:\Windows\System32\7f3eviz21795.dll moved successfully.
C:\Windows\System32\24afbackdoorz9925.bin moved successfully.
C:\Windows\289a5ddw9rez959.bin moved successfully.
C:\Windows\System32\21836not-a9virus65z.dll moved successfully.
C:\Windows\29dbacz9oor5178.exe moved successfully.
C:\Windows\5b94s5eaz1673.bin moved successfully.
C:\Windows\System32\9566tr9j55fz.exe moved successfully.
C:\Windows\25a5st5a9z270.dll moved successfully.
C:\Windows\System32\22899s5amzot2c0.bin moved successfully.
C:\Windows\System32\19593spazbotd9.bin moved successfully.
C:\Windows\System32\7059downlzader2952.dll moved successfully.
C:\Windows\System32\228925zoj635.dll moved successfully.
C:\Windows\24426not-z-viru9de5.dll moved successfully.
C:\Windows\System32\6986vir5z4e2.dll moved successfully.
C:\Windows\System32\59a4addware213z.dll moved successfully.
C:\Windows\15599hac5tooz12b.exe moved successfully.
C:\Windows\System32\2987t5reat268z1.bin moved successfully.
C:\Windows\System32\779f5parsz9823.bin moved successfully.
C:\Windows\c09spaz5e2727.dll moved successfully.
C:\Windows\10690hazktoo5599.bin moved successfully.
C:\Windows\System32\5aa59hzeat30457.dll moved successfully.
C:\Windows\System32\815znot-a5v9rus623.dll moved successfully.
C:\Windows\5d9cba9kdzor2285.dll moved successfully.
C:\Windows\298895orz29a.bin moved successfully.
C:\Windows\System32\z8519spy38f.bin moved successfully.
C:\Windows\z08945irus919.dll moved successfully.
C:\Windows\System32\512dspzrse9877.dll moved successfully.
C:\Windows\System32\99922szy5a5.dll moved successfully.
C:\Windows\System32\zfb2sp5rse2609.exe moved successfully.
C:\Windows\System32\49z5spy40c.dll moved successfully.
C:\Windows\25235zpy5b9.bin moved successfully.
C:\Windows\System32\59z5r398.exe moved successfully.
C:\Windows\System32\89z7not5a-virus5c1.bin moved successfully.
C:\Windows\System32\962zvir1594.bin moved successfully.
C:\Windows\7a7download5r2549z.exe moved successfully.
C:\Windows\31501sp95dz.bin moved successfully.
C:\Windows\System32\97f4st5az2367.exe moved successfully.
C:\Windows\System32\63cfad9ware552z.bin moved successfully.
C:\Windows\20273spa5z9t550.dll moved successfully.
C:\Windows\System32\5bcezown5o9der2066.bin moved successfully.
C:\Windows\System32\35b5zownl9ader3265.bin moved successfully.
C:\Windows\System32\6a9back5oo92z53.dll moved successfully.
C:\Windows\System32\2917zroj597.dll moved successfully.
C:\Windows\zcespywa9e1558.exe moved successfully.
C:\Windows\System32\955s5eal47z.dll moved successfully.
C:\Windows\222245o9mz61.exe moved successfully.
C:\Windows\System32\5059downzoader1980.bin moved successfully.
C:\Windows\2866thzef9759.bin moved successfully.
C:\Windows\System32\z1679w5rm1c2.bin moved successfully.
C:\Windows\128129zr5s548.dll moved successfully.
C:\Windows\System32\5d73st95l3121z.dll moved successfully.
C:\Windows\System32\792czhre9523275.dll moved successfully.
C:\Windows\22a9vi535z.bin moved successfully.
C:\Windows\System32\870troz6859.dll moved successfully.
C:\Windows\System32\3z95thief2912.bin moved successfully.
C:\Windows\System32\1937spar9e459z.bin moved successfully.
C:\Windows\System32\6659szeal825.bin moved successfully.
C:\Windows\System32\6935spyw5rz963.exe moved successfully.
C:\Windows\System32\302z8not-a-9i5usf.bin moved successfully.
C:\Windows\5z97hackto5l4ad9.bin moved successfully.
C:\Windows\System32\754threatz08589.exe moved successfully.
C:\Windows\System32\199515py1z2.dll moved successfully.
C:\Windows\1f2caddware3595z.dll moved successfully.
C:\Windows\3597wor52z.bin moved successfully.
C:\Windows\System32\509ca5dzare931.exe moved successfully.
C:\Windows\73d29i5267z.exe moved successfully.
C:\Windows\System32\39dathrezt9509.dll moved successfully.
C:\Windows\System32\z9a1vi93527.bin moved successfully.
C:\Windows\d579zreat5954.dll moved successfully.
C:\Windows\4c5fvir9594z.bin moved successfully.
C:\Windows\System32\9c70steal515z.dll moved successfully.
C:\Windows\3azc9h5eat23554.bin moved successfully.
C:\Windows\34ffthi5z97.exe moved successfully.
C:\Windows\57999zpy3fa.exe moved successfully.
C:\Windows\50925szy7cf.dll moved successfully.
C:\Windows\7830dow5lzade91113.exe moved successfully.
C:\Windows\System32\2753zspamb591ab.exe moved successfully.
C:\Windows\System32\24c5sparse2469z.exe moved successfully.
C:\Windows\3f849hzef1154.dll moved successfully.
C:\Windows\9023thz5f2688.bin moved successfully.
C:\Windows\System32\z706not5a9virus40e.dll moved successfully.
C:\Windows\System32\655bba5k9zor2924.exe moved successfully.
C:\Windows\5z2cthie9238.bin moved successfully.
C:\Windows\5395v9rusfz5.exe moved successfully.
C:\Windows\System32\51320viru9521z.bin moved successfully.
C:\Windows\15z99i52708.exe moved successfully.
C:\Windows\System32\677as9zware5762.dll moved successfully.
C:\Windows\System32\3908n5t9a-vzrus204.exe moved successfully.
C:\Windows\4692zteal1257.exe moved successfully.
C:\Windows\6099add5are29z7.bin moved successfully.
C:\Windows\System32\220czack95or955.exe moved successfully.
C:\Windows\752fsp9warz491.dll moved successfully.
C:\Windows\System32\19140s5y9c7z.bin moved successfully.
C:\Windows\1bd2z5yware2979.dll moved successfully.
C:\Windows\System32\250baczd9or856.bin moved successfully.
C:\Windows\System32\26f25pzr9e151.exe moved successfully.
C:\Windows\35e8az9war52810.bin moved successfully.
C:\Windows\1935tzoj3fa9.dll moved successfully.
C:\Windows\System32\7z529parse1052.exe moved successfully.
C:\Windows\z95t9i5f928.exe moved successfully.
C:\Windows\8zcs9a5se1614.bin moved successfully.
C:\Windows\System32\2f40zhrea528942.exe moved successfully.
C:\Windows\System32\c57zt5al1496.bin moved successfully.
C:\Windows\System32\92a2downlzader354.dll moved successfully.
C:\Windows\System32\29905vizus13f9.bin moved successfully.
C:\Windows\System32\96599acktooz2f.bin moved successfully.
C:\Windows\z955worm895.exe moved successfully.
C:\Windows\System32\14974sza9bot5a3.dll moved successfully.
C:\Windows\System32\6d4ev9z1538.dll moved successfully.
C:\Windows\148z6t9oj3f55.exe moved successfully.
C:\Windows\System32\e97thzeat51956.bin moved successfully.
C:\Windows\6f89thizf5931.exe moved successfully.
C:\Windows\41z7threa92572.exe moved successfully.
C:\Windows\System32\297905ormz2e.bin moved successfully.
C:\Windows\7ebes9arsz552.dll moved successfully.
C:\Users\Administrator\AppData\Local\6a7011db8eb3184.dat moved successfully.
========== REGISTRY ==========
========== FILES ==========
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\Windows\system32\drivers\etc\hosts
C:\Users\Administrator\Desktop\cmd.bat deleted successfully.
C:\Users\Administrator\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Administrator\Desktop\cmd.bat deleted successfully.
C:\Users\Administrator\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully


[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 537375941 bytes
->Temporary Internet Files folder emptied: 28664060 bytes
->Java cache emptied: 150469671 bytes
->FireFox cache emptied: 56680500 bytes
->Flash cache emptied: 580 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 26331507 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 762.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.27.0 log created on 09132011_224815



///////////////////////////////////////////////////////////////////////////////////////


ComboFix 11-09-13.01 - Administrator 13/09/2011 23:01:56.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.61.1033.18.2038.1392 [GMT 10:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Administrator\AppData\Local\ApplicationHistory
c:\users\Administrator\AppData\Local\ApplicationHistory\ngen.exe.2c05686e.ini
c:\users\Administrator\AppData\Local\ApplicationHistory\Restarter.exe.c5c266ad.ini
c:\users\Administrator\AppData\Roaming\Kaspersky_Key_Finder_(KKF
c:\users\Administrator\AppData\Roaming\Kaspersky_Key_Finder_(KKF\Kaspersky_Key_Finder_V1.5_Url_wvggbw1hvxugju4le2nkqlgpqyooi4ci\1.5.2.0\user.config
c:\users\Administrator\g2mdlhlpx.exe
c:\windows\13c5down9oadez559.cpl
c:\windows\14992viru5e0z.ocx
c:\windows\1573addzar92668.cpl
c:\windows\15e4szarse1649.cpl
c:\windows\1652zs9ambot789.cpl
c:\windows\177099roj52z.cpl
c:\windows\19766zir5s2dc.cpl
c:\windows\197bspyw9re56z1.cpl
c:\windows\1da7addwzre5695.ocx
c:\windows\1zbbdow9loader21165.ocx
c:\windows\201455ormz89.ocx
c:\windows\20192sp9mb5t561z.ocx
c:\windows\211829irusz35.cpl
c:\windows\2149not5a-virus2z.cpl
c:\windows\22f65ir107z9.cpl
c:\windows\25691viruz495.ocx
c:\windows\25b9a9zware2099.cpl
c:\windows\25dethiez19069.ocx
c:\windows\268abackd9oz28385.cpl
c:\windows\26ct9reat56232z.ocx
c:\windows\27396vzrus1595.ocx
c:\windows\2769vizus6785.cpl
c:\windows\27958hacktozl765.cpl
c:\windows\297z0worm3e95.ocx
c:\windows\2z757worm6c19.ocx
c:\windows\30489troz355.cpl
c:\windows\30zdaddwa5e972.ocx
c:\windows\357spyzare692.ocx
c:\windows\3c55spyware90z9.cpl
c:\windows\41bthrea5z3519.ocx
c:\windows\49715hreaz13712.cpl
c:\windows\4dfback5oor1z39.cpl
c:\windows\4e8ddownload5rz329.ocx
c:\windows\4z92downloader13735.ocx
c:\windows\50372worm59ez.ocx
c:\windows\51919hacktool47fz.ocx
c:\windows\5219zp5mbot1c49.cpl
c:\windows\52fzth9ef605.ocx
c:\windows\53bzad9w5re1302.ocx
c:\windows\5498n9t-a-virus1d4z.ocx
c:\windows\549a9hreat31z7.cpl
c:\windows\5597thiez8099.cpl
c:\windows\55z3v9r2900.cpl
c:\windows\5657do5nzoa9er1272.cpl
c:\windows\5755zown9oader1952.ocx
c:\windows\5953zddware2095.cpl
c:\windows\597addw5re935z.ocx
c:\windows\59backdoor9z15.cpl
c:\windows\5c09tzief359.cpl
c:\windows\5d7b5ackdoorz919.ocx
c:\windows\5ez9pyware1583.ocx
c:\windows\5z91thief2935.ocx
c:\windows\60c6szy9are5266.cpl
c:\windows\62at9iefz9145.ocx
c:\windows\64c2spazs51595.cpl
c:\windows\671fst9az21995.cpl
c:\windows\6bazspyw9re24795.cpl
c:\windows\6c305oznloade92789.cpl
c:\windows\6feczownloa5e91457.cpl
c:\windows\6z08threat529.cpl
c:\windows\723bthizf529.ocx
c:\windows\73f59ir106z.cpl
c:\windows\74e9bac5dozr3077.cpl
c:\windows\7ba8ztea52896.cpl
c:\windows\7d9stea5z624.ocx
c:\windows\7ze2s9yware536.ocx
c:\windows\8edthre9tz5003.cpl
c:\windows\92093nzt-a-virus53c.cpl
c:\windows\92575virzs20c.cpl
c:\windows\943eadzware1530.cpl
c:\windows\94892hacktzol5f6.ocx
c:\windows\949thizf5053.ocx
c:\windows\955threat2z897.cpl
c:\windows\95faddzare903.ocx
c:\windows\9657not9a-v5rzs796.cpl
c:\windows\97680zackt5ol3b5.cpl
c:\windows\977asteal2z385.cpl
c:\windows\99338notza-virus577.ocx
c:\windows\9c55thizf1296.ocx
c:\windows\9ca5addzare1643.ocx
c:\windows\dazs5ar9e552.cpl
c:\windows\eczthief55589.cpl
c:\windows\fe7viz952.cpl
c:\windows\ST6UNST.000
c:\windows\system\Sx32w.dll
c:\windows\system32\103995acktool38z.cpl
c:\windows\system32\107z75o9-a-virus7b3.ocx
c:\windows\system32\1092hz5ktoo95c1.ocx
c:\windows\system32\10995worm63z.cpl
c:\windows\system32\1156zwo9m355.ocx
c:\windows\system32\125945ackzool526.ocx
c:\windows\system32\1405thre5t6979z.cpl
c:\windows\system32\14695zorm955.ocx
c:\windows\system32\1554hzck9ool654.cpl
c:\windows\system32\15773hazktoo5976.ocx
c:\windows\system32\16466worz9d5.ocx
c:\windows\system32\17126not9z-vir5s51e.ocx
c:\windows\system32\1841vizus559.cpl
c:\windows\system32\185zvirus39b9.cpl
c:\windows\system32\1912downloazer31645.ocx
c:\windows\system32\19z09virus53f.ocx
c:\windows\system32\1ae5spywzre1195.cpl
c:\windows\system32\1fadsteal9599z.ocx
c:\windows\system32\1z452hackto9l465.ocx
c:\windows\system32\21787vi9us185z.ocx
c:\windows\system32\22055zacktool5289.ocx
c:\windows\system32\228z6wor965a.cpl
c:\windows\system32\23766v9rusze5.ocx
c:\windows\system32\23916not-a9virzs553.cpl
c:\windows\system32\24569hacktoo53z6.ocx
c:\windows\system32\24f9dow5lo9der845z.cpl
c:\windows\system32\25349worm4d0z.ocx
c:\windows\system32\2559no5-azvirus5c8.ocx
c:\windows\system32\258hacktozl5b89.cpl
c:\windows\system32\2595ad9ware23z1.ocx
c:\windows\system32\26049ha5ktool6adz.ocx
c:\windows\system32\26550vi9uszd2.ocx
c:\windows\system32\278z8h9ck5ool10f.ocx
c:\windows\system32\2797backdoor35z9.cpl
c:\windows\system32\28718virzs9195.cpl
c:\windows\system32\29554not-a5viruszaa.cpl
c:\windows\system32\2969zviru5669.cpl
c:\windows\system32\2969zwor5405.ocx
c:\windows\system32\296z7wo5m7a3.cpl
c:\windows\system32\2b69ad5waze975.cpl
c:\windows\system32\2z5bac5doo91950.cpl
c:\windows\system32\2z93s9eal5975.cpl
c:\windows\system32\30z47spam5ot309.cpl
c:\windows\system32\31089hackto9lz65.ocx
c:\windows\system32\39bfspzware1557.ocx
c:\windows\system32\3az5teal3911.ocx
c:\windows\system32\3c4z5teal2891.cpl
c:\windows\system32\3z60spywa9e570.cpl
c:\windows\system32\4150tzief298.ocx
c:\windows\system32\429edoznlo9der2568.ocx
c:\windows\system32\47ze5ownloade92537.cpl
c:\windows\system32\4a5cste9l1z01.cpl
c:\windows\system32\4f935hief50z9.ocx
c:\windows\system32\5272wormz9.ocx
c:\windows\system32\5445zot-a-vir9s5c1.ocx
c:\windows\system32\55208v9rus6bz.cpl
c:\windows\system32\559adownlzad5r1334.cpl
c:\windows\system32\55c3backdo9rz595.ocx
c:\windows\system32\5716virusz519.ocx
c:\windows\system32\595z9teal3158.cpl
c:\windows\system32\59879viru9zae.cpl
c:\windows\system32\59985virusz67.cpl
c:\windows\system32\5cfd9wnlzader267.cpl
c:\windows\system32\5d5downloadez7409.cpl
c:\windows\system32\5db9baczdoo5788.ocx
c:\windows\system32\5z4back9oor2415.ocx
c:\windows\system32\5z55t5ief1809.cpl
c:\windows\system32\5z9dbackdoor1779.cpl
c:\windows\system32\5zccsp9ware1763.ocx
c:\windows\system32\61259pyware209z.ocx
c:\windows\system32\657cthreat208z9.cpl
c:\windows\system32\679abackdo5r20z1.ocx
c:\windows\system32\67eedoznload593140.cpl
c:\windows\system32\6825addwarez595.cpl
c:\windows\system32\6c9zthre5t7588.ocx
c:\windows\system32\6d21do9nl5adez4.ocx
c:\windows\system32\7139back5oor543z.ocx
c:\windows\system32\7531dow5loadez9956.ocx
c:\windows\system32\75f7zddwar91663.cpl
c:\windows\system32\779zthief1657.cpl
c:\windows\system32\77z5thief6459.ocx
c:\windows\system32\7a15t9ief299z.ocx
c:\windows\system32\8442not-a-virzs39c5.cpl
c:\windows\system32\91400not-a-vizus55b5.ocx
c:\windows\system32\95909hacztool4d5.cpl
c:\windows\system32\964zspyware5021.cpl
c:\windows\system32\97cad5ware9981z.ocx
c:\windows\system32\989viru59z9.cpl
c:\windows\system32\9bbfsp5waze2699.cpl
c:\windows\system32\comct332.ocx
c:\windows\system32\drivers\npf.sys
c:\windows\system32\e59downloaderz169.ocx
c:\windows\system32\logs
c:\windows\system32\regobj.dll
c:\windows\system32\srcr.dat
c:\windows\system32\sys
c:\windows\system32\z009hreat27935.cpl
c:\windows\system32\z1054hacktoo9586.ocx
c:\windows\system32\z6054not-a-virus19.cpl
c:\windows\system32\za14s5eal1109.ocx
c:\windows\z11thi9f2615.ocx
c:\windows\z96699orm1e45.cpl
c:\windows\z9949r5j434.cpl
c:\windows\zf16spy9are5095.ocx
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-08-13 to 2011-09-13 )))))))))))))))))))))))))))))))
.
.
2011-09-13 13:10 . 2011-09-13 13:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-13 12:48 . 2011-09-13 12:48 -------- d-----w- C:\_OTL
2011-09-06 02:41 . 2011-09-06 02:41 -------- d-----w- c:\programdata\AVAST Software
2011-09-06 02:41 . 2011-09-06 02:41 -------- d-----w- c:\program files\AVAST Software
2011-09-04 09:16 . 2011-09-04 10:12 -------- d-----w- c:\users\Administrator\DoctorWeb
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-02 11:56 . 2007-10-16 06:08 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-07-06 09:52 . 2009-09-18 03:23 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 09:52 . 2009-09-18 03:23 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-21 00:01 . 2011-05-15 21:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
"Slawdog Smart Shutdown"="c:\program files\Slawdog\Smart Shutdown\Smart Shutdown.exe" [2005-09-09 446464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-13 4489216]
"Skytel"="Skytel.exe" [2007-05-28 1826816]
"atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-05-01 404248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2007-10-16 37232]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2007-10-16 33136]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-05-08 174872]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-05-08 33048]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"GuideMenu"="c:\program files\Corel\Corel GuideMenu\GuideMenu.exe" [2007-06-26 1275152]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdc.exe" [2007-01-24 563080]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-06 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-06 8433664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-06 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-04 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-08 305440]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-09-29 2054360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"OTL"="c:\users\Administrator\Desktop\OTL.exe" [2011-09-12 581120]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10b.exe" [2009-02-03 240544]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Check for TWS Updates.lnk - c:\jts\WiseUpdt.exe [2008-9-9 194775]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-14 14:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2011-07-06 09:52 1047656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrnStatusMX]
2007-08-29 05:06 1077248 ----a-w- c:\program files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2006-11-22 09:31 630784 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-09-29 108792]
R2 Anfield Capital: Stator-AFM Professional update permissions manager. 9845.;Anfield Capital: Stator-AFM Professional update permissions manager. 9845.;c:\program files\Stator - AFM\Stator_AUpd.exe [2007-04-03 234496]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-09-29 735960]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-09-29 95896]
R2 SSIPDDP;SSIPDDP Parallel port device driver;c:\windows\system32\DRIVERS\SSIPDDP.SYS [1999-10-07 53248]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2006-12-10 24576]
R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [2007-05-01 1489688]
R3 AsAudioDevice_351;AsAudioDevice_351;c:\windows\system32\drivers\AsAudioDevice_351.sys [2009-01-08 16640]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-06-25 13224]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
R3 pbfilter;pbfilter;d:\downloads\PeerBlock_r181__Win32_Release_(Vista)\pbfilter.sys [2009-09-27 16472]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2008-11-04 86696]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2008-11-04 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2008-11-04 114472]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2008-11-04 108200]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2008-11-04 26024]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2008-11-04 104616]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2008-11-04 109736]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2007-04-25 31232]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\Drivers\StkCMini.sys [2007-01-02 1133312]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2009-04-23 16640]
S0 iaNvStor;Intel® Turbo Memory Technology NAND Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2007-05-04 208896]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-06-05 721904]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-11 07:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
2008-08-28 00:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe
.
Contents of the 'Scheduled Tasks' folder
.
2010-06-09 c:\windows\Tasks\User_Feed_Synchronization-{CC0982BA-96C2-47DC-B950-CC74AC6FBB12}.job
- c:\windows\system32\msfeedssync.exe [2011-05-06 04:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = <local>
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ogkfjykd.default\
FF - prefs.js: browser.search.selectedengine - Dictionary.com
FF - prefs.js: browser.startup.homepage - hxxp://www.news.com.au/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-InCD - c:\program files\Nero\Nero 7\InCD\InCD.exe
MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-Galactic Trader 4 - c:\ftgt\Uninst.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-13 23:15
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
c:\program files\Internet Explorer\iexplore.exe [1956] 0x87AE9D90
c:\program files\Internet Explorer\iexplore.exe [2000] 0x87B325A0
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
GuideMenu = c:\program files\Corel\Corel GuideMenu\GuideMenu.exe -hide??p???????X???|???|???????????????????????????????????{??f?^ ????????l? F????l???????????????????????????????????????????????????????????????????C????????????????????????????????????l???$???????,??????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
"ImagePath"="\SystemRoot\system32\drivers\amdk8.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Anfield Capital: Stator-AFM Professional update permissions manager. 9845.]
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,aa,40,f8,42,be,14,3d,45,96,bf,db,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,aa,40,f8,42,be,14,3d,45,96,bf,db,\
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d1,e2,44,4b,49,8b,28,46,b8,6f,aa,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d1,e2,44,4b,49,8b,28,46,b8,6f,aa,\
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad.exe"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\mplayerc.exe"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dspackage\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\dsidebar.exe"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ThunderbirdEML"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\FLVPlayer.exe"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hol\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.hol"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ibc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.ibc"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ics\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.ics"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M3U"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOV\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\mplayerc.exe"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\mplayerc.exe"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\mplayerc.exe"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.msg"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nfo\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad.exe"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.part\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\WinRAR.exe"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\Photoshop.exe"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ps\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\iexplore.exe"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\mplayerc.exe"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.vcf"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcs\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.vcs"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7F0C9C8A-F9A5-CE90-7427-479D15492A47}*]
"makeleaamacomgmpmemhoblodf"=hex:6a,61,6c,70,68,61,6f,63,70,6d,61,61,66,6b,62,
6c,68,6e,63,67,00,c5
"naebjgklgdjfabhjgdpllnigodpa"=hex:6a,61,61,61,63,61,69,6d,6e,63,61,6b,62,6b,
6e,70,6e,6c,6b,63,00,f8
"oaacbdbopdeggpockgfdpgocnoggmk"=hex:6e,61,6c,65,6e,66,67,6b,6a,6d,6d,6f,6a,67,
63,65,6c,61,61,61,6e,68,67,65,6b,6d,62,68,00,0c
"kakedninljimdnnkpdifah"=hex:64,62,64,70,6c,62,6e,63,69,6d,63,62,6e,6c,6b,6e,
6a,6e,65,63,65,6d,65,64,68,6d,64,6b,62,6f,6b,6e,6e,65,6f,68,67,6a,6f,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000009
.
Completion time: 2011-09-13 23:19:58 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-13 13:19
.
Pre-Run: 21,279,105,024 bytes free
Post-Run: 20,846,383,104 bytes free
.
- - End Of File - - C76F0531AAE9CDDA05B31E1833FC309A
  • 0

#6
SweetTech
Posted 13 September 2011 - 09:02 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Please run this scan for me:


Scanning with GMER

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.


Posted Image
Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in your reply.

Notes:
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning.
  • 0

#7
Yayo
Posted 14 September 2011 - 06:29 AM

Yayo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi SweetTech! It crashed the first time round and gave me a blue screen. I tried again and it picked up some rootdisk infection. Here's the log (I'm not sure if you wanted it attached, as per your instructions so I did both) -


///////////////////////////////////////////////////////

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-14 22:21:40
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 rev.
Running: gmer.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\pgddrpoc.sys


---- System - GMER 1.0.15 ----

INT 0x52 ? 86030BF8
INT 0x62 ? 86030BF8
INT 0x82 ? 85280BF8
INT 0x92 ? 85280BF8
INT 0xB3 ? 86030BF8

---- Kernel code sections - GMER 1.0.15 ----

? System32\Drivers\sprj.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 8CC6546F 5 Bytes JMP 860301D8
.text at3l47x9.SYS 8CD9F000 22 Bytes [26, 22, BD, 82, 10, 21, BD, ...]
.text at3l47x9.SYS 8CD9F017 111 Bytes [00, 32, 57, F9, 82, 3D, 55, ...]
.text at3l47x9.SYS 8CD9F087 33 Bytes [82, 37, F2, 84, 82, 56, 68, ...]
.text at3l47x9.SYS 8CD9F0A9 35 Bytes [50, 86, 82, 60, 47, 86, 82, ...]
.text at3l47x9.SYS 8CD9F0CE 10 Bytes [00, 00, 00, 00, 00, 00, 02, ...]
.text ...

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 85C191F8
Device \FileSystem\fastfat \FatCdrom 87737500

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\volmgr \Device\VolMgrControl 852821F8
Device \Driver\netbt \Device\NetBT_Tcpip_{1EBCC7A2-7284-4715-AC16-8ABB546F3327} 8767B1F8
Device \Driver\usbuhci \Device\USBPDO-0 860741F8
Device \Driver\netbt \Device\NetBT_Tcpip_{C48D4A8A-257B-4236-A859-27E2412F4DCB} 8767B1F8
Device \Driver\usbuhci \Device\USBPDO-1 860741F8
Device \Driver\usbuhci \Device\USBPDO-2 860741F8
Device \Driver\usbuhci \Device\USBPDO-3 860741F8
Device \Driver\usbehci \Device\USBPDO-4 860751F8
Device \Driver\volmgr \Device\HarddiskVolume1 852821F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume2 852821F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 860F8500
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 85C161F8
Device \Driver\atapi \Device\Ide\IdePort0 85C161F8
Device \Driver\atapi \Device\Ide\IdePort1 85C161F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 85C161F8
Device \Driver\volmgr \Device\HarddiskVolume3 852821F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom1 860F8500
Device \Driver\netbt \Device\NetBt_Wins_Export 8767B1F8
Device \Driver\Smb \Device\NetbiosSmb 8767E1F8
Device \Driver\iScsiPrt \Device\RaidPort0 861061F8
Device \Driver\disk \Device\Harddisk0\DR0 8770C616
Device \Driver\usbuhci \Device\USBFDO-0 860741F8
Device \Driver\usbuhci \Device\USBFDO-1 860741F8
Device \Driver\PCI_PNP2405 \Device\0000006e sprj.sys
Device \Driver\usbuhci \Device\USBFDO-2 860741F8
Device \Driver\usbuhci \Device\USBFDO-3 860741F8
Device \Driver\usbehci \Device\USBFDO-4 860751F8
Device \Driver\sptd \Device\2662058421 sprj.sys
Device \Driver\at3l47x9 \Device\Scsi\at3l47x91Port3Path0Target0Lun0 861021F8
Device \Driver\at3l47x9 \Device\Scsi\at3l47x91 861021F8
Device \FileSystem\fastfat \Fat 87737500

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\cdfs \Cdfs 87C141F8

---- Processes - GMER 1.0.15 ----

Process C:\Program Files\Internet Explorer\iexplore.exe (*** hidden *** ) 1980
Process C:\Program Files\Internet Explorer\iexplore.exe (*** hidden *** ) 2024

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001d6069c407
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x66 0x82 0x91 0xB3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x52 0xE7 0x8E 0xCF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD4 0x58 0xC5 0x15 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001d6069c407 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x66 0x82 0x91 0xB3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x52 0xE7 0x8E 0xCF ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD4 0x58 0xC5 0x15 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7F0C9C8A-F9A5-CE90-7427-479D15492A47}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7F0C9C8A-F9A5-CE90-7427-479D15492A47}@makeleaamacomgmpmemhoblodf 0x6A 0x61 0x6C 0x70 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7F0C9C8A-F9A5-CE90-7427-479D15492A47}@naebjgklgdjfabhjgdpllnigodpa 0x6A 0x61 0x61 0x61 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7F0C9C8A-F9A5-CE90-7427-479D15492A47}@oaacbdbopdeggpockgfdpgocnoggmk 0x6E 0x61 0x6C 0x65 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7F0C9C8A-F9A5-CE90-7427-479D15492A47}@kakedninljimdnnkpdifah 0x64 0x62 0x64 0x70 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C5EAEED6-06F3-1C8D-FA84-2E2C36EA8AD5}

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 Whistler@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----

Attached Files

  • Attached File  gmer.txt   15.74KB   117 downloads

  • 0

#8
SweetTech
Posted 14 September 2011 - 09:32 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

You posted it correctly. It looks like an infection is still active.

Lets run a tool now to fix that.


Running TDSSKiller

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#9
Yayo
Posted 15 September 2011 - 03:52 AM

Yayo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi SweetTech. I did the scan and I got two suspicious finds. I decided to post the picture up before I did anything else.

scan.png

Please advise - do I skip both? Ta
  • 0

#10
SweetTech
Posted 15 September 2011 - 09:21 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

Thanks for asking first.

Please skip the sptd.sys file and fix the second one.
  • 0

Advertisements

#11
Yayo
Posted 15 September 2011 - 04:23 PM

Yayo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Roger that. Here's the log -



2011/09/16 08:11:30.0050 0924 TDSS rootkit removing tool 2.5.22.0 Sep 13 2011 15:55:17
2011/09/16 08:11:30.0861 0924 ================================================================================
2011/09/16 08:11:30.0861 0924 SystemInfo:
2011/09/16 08:11:30.0861 0924
2011/09/16 08:11:30.0861 0924 OS Version: 6.0.6001 ServicePack: 1.0
2011/09/16 08:11:30.0861 0924 Product type: Workstation
2011/09/16 08:11:30.0861 0924 ComputerName: AL-PC
2011/09/16 08:11:30.0861 0924 UserName: Administrator
2011/09/16 08:11:30.0861 0924 Windows directory: C:\Windows
2011/09/16 08:11:30.0861 0924 System windows directory: C:\Windows
2011/09/16 08:11:30.0861 0924 Processor architecture: Intel x86
2011/09/16 08:11:30.0861 0924 Number of processors: 2
2011/09/16 08:11:30.0861 0924 Page size: 0x1000
2011/09/16 08:11:30.0861 0924 Boot type: Safe boot with network
2011/09/16 08:11:30.0861 0924 ================================================================================
2011/09/16 08:11:33.0996 0924 Initialize success
2011/09/16 08:11:38.0193 0212 ================================================================================
2011/09/16 08:11:38.0193 0212 Scan started
2011/09/16 08:11:38.0193 0212 Mode: Manual;
2011/09/16 08:11:38.0193 0212 ================================================================================
2011/09/16 08:11:38.0848 0212 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/09/16 08:11:38.0942 0212 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/09/16 08:11:38.0988 0212 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/09/16 08:11:39.0129 0212 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/09/16 08:11:39.0160 0212 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/09/16 08:11:39.0238 0212 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/09/16 08:11:39.0363 0212 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/09/16 08:11:39.0394 0212 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/09/16 08:11:39.0425 0212 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/09/16 08:11:39.0472 0212 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/09/16 08:11:39.0488 0212 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/09/16 08:11:39.0581 0212 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/09/16 08:11:39.0612 0212 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/09/16 08:11:39.0784 0212 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/09/16 08:11:39.0815 0212 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/09/16 08:11:39.0909 0212 AsAudioDevice_351 (23020385d34e35dfc2d6503fa67d3ffc) C:\Windows\system32\drivers\AsAudioDevice_351.sys
2011/09/16 08:11:40.0002 0212 ASMMAP (f1a1b8c0e3b2542a2a9ec78ec0b3a591) C:\Program Files\ATKGFNEX\ASMMAP.sys
2011/09/16 08:11:40.0112 0212 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/09/16 08:11:40.0205 0212 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/09/16 08:11:40.0283 0212 ATSWPDRV (fb2162aff83d519cd77431a1bc5ee0ed) C:\Windows\system32\DRIVERS\ATSwpDrv.sys
2011/09/16 08:11:40.0361 0212 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
2011/09/16 08:11:40.0533 0212 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/09/16 08:11:40.0704 0212 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
2011/09/16 08:11:40.0782 0212 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/09/16 08:11:40.0814 0212 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/09/16 08:11:40.0845 0212 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/09/16 08:11:40.0892 0212 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/09/16 08:11:40.0923 0212 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/09/16 08:11:40.0938 0212 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/09/16 08:11:41.0016 0212 BthEnum (da7b195275bda7f8fcf79b40e0f45dde) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/09/16 08:11:41.0094 0212 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/09/16 08:11:41.0157 0212 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/09/16 08:11:41.0204 0212 BTHPORT (73d53f8e90550ba81e2cf44a0873b410) C:\Windows\system32\Drivers\BTHport.sys
2011/09/16 08:11:41.0250 0212 BTHUSB (32045a4bb143bbc5bab1298c4e9e309a) C:\Windows\system32\Drivers\BTHUSB.sys
2011/09/16 08:11:41.0469 0212 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/09/16 08:11:41.0594 0212 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/09/16 08:11:41.0656 0212 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/09/16 08:11:41.0703 0212 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/09/16 08:11:41.0859 0212 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/09/16 08:11:41.0906 0212 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/09/16 08:11:41.0984 0212 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/09/16 08:11:42.0030 0212 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/09/16 08:11:42.0062 0212 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/09/16 08:11:42.0155 0212 CSC (9a5434125c3dfe42393de4bbb791bd19) C:\Windows\system32\drivers\csc.sys
2011/09/16 08:11:42.0218 0212 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/09/16 08:11:42.0420 0212 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/09/16 08:11:42.0514 0212 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/09/16 08:11:42.0576 0212 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/09/16 08:11:42.0748 0212 e1express (9636e42b3114b66ce6edfb34b9d8e81b) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/09/16 08:11:42.0826 0212 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/09/16 08:11:42.0920 0212 eamon (1b5ca1caffc594bd37dcc8d7ef849e0b) C:\Windows\system32\DRIVERS\eamon.sys
2011/09/16 08:11:42.0998 0212 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/09/16 08:11:43.0169 0212 ehdrv (a4241545ecff3ee97041847d83936e1f) C:\Windows\system32\DRIVERS\ehdrv.sys
2011/09/16 08:11:43.0294 0212 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/09/16 08:11:43.0356 0212 epfwwfpr (c7d800414eb8b87e835b5b236b118461) C:\Windows\system32\DRIVERS\epfwwfpr.sys
2011/09/16 08:11:43.0559 0212 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/09/16 08:11:43.0606 0212 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/09/16 08:11:43.0653 0212 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/09/16 08:11:43.0715 0212 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/09/16 08:11:43.0746 0212 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/09/16 08:11:43.0778 0212 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/09/16 08:11:43.0902 0212 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/09/16 08:11:43.0965 0212 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/09/16 08:11:44.0012 0212 fvevol (1400c747e2b73966b100fdce5426b7b2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/09/16 08:11:44.0058 0212 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/09/16 08:11:44.0136 0212 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/09/16 08:11:44.0261 0212 ggflt (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
2011/09/16 08:11:44.0292 0212 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
2011/09/16 08:11:44.0386 0212 ghaio (ba4a798183529fe251a3dcfa650670bf) C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
2011/09/16 08:11:44.0464 0212 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/09/16 08:11:44.0511 0212 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/09/16 08:11:44.0558 0212 HECI (66fed3eeabdce17829edf4c68702ed22) C:\Windows\system32\DRIVERS\HECI.sys
2011/09/16 08:11:44.0651 0212 HidBth (204c3b1846e9cbaaef88b8e1f86782f8) C:\Windows\system32\DRIVERS\hidbth.sys
2011/09/16 08:11:44.0698 0212 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/09/16 08:11:44.0760 0212 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/09/16 08:11:44.0792 0212 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/09/16 08:11:44.0838 0212 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/09/16 08:11:44.0901 0212 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/09/16 08:11:45.0072 0212 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
2011/09/16 08:11:45.0166 0212 hwdatacard (19e6885a061011d8dabe8f64498423fa) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/09/16 08:11:45.0244 0212 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/09/16 08:11:45.0400 0212 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/09/16 08:11:45.0494 0212 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/09/16 08:11:45.0618 0212 iaNvStor (5a665ffdd5c08a5bbd469cb006993017) C:\Windows\system32\DRIVERS\iaNvStor.sys
2011/09/16 08:11:45.0696 0212 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\DRIVERS\iaStor.sys
2011/09/16 08:11:45.0743 0212 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/09/16 08:11:45.0790 0212 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/09/16 08:11:45.0946 0212 IntcAzAudAddService (7bd4e0428776d11c8e8e26f9f5508690) C:\Windows\system32\drivers\RTKVHDA.sys
2011/09/16 08:11:46.0086 0212 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/09/16 08:11:46.0164 0212 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/09/16 08:11:46.0242 0212 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/09/16 08:11:46.0320 0212 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/09/16 08:11:46.0352 0212 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/09/16 08:11:46.0398 0212 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
2011/09/16 08:11:46.0430 0212 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/09/16 08:11:46.0476 0212 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/09/16 08:11:46.0523 0212 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/09/16 08:11:46.0664 0212 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/09/16 08:11:46.0679 0212 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/09/16 08:11:46.0757 0212 Iviaspi (4ac11b2250106774f694df2db4ffed61) C:\Windows\system32\drivers\iviaspi.sys
2011/09/16 08:11:46.0835 0212 JGOGO (c995c0e8b4503fac38793bb0236ad246) C:\Windows\system32\DRIVERS\JGOGO.sys
2011/09/16 08:11:46.0898 0212 JRAID (f5bf72eabc7e160bb6624168aad52dfe) C:\Windows\system32\DRIVERS\jraid.sys
2011/09/16 08:11:46.0991 0212 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/09/16 08:11:47.0022 0212 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
2011/09/16 08:11:47.0054 0212 kbfiltr (cc2a86d7bbf14977340dca61bbcba771) C:\Windows\system32\DRIVERS\kbfiltr.sys
2011/09/16 08:11:47.0147 0212 kl1 (cd6a8fa9395460ffe7fd8881a6c67254) C:\Windows\system32\DRIVERS\kl1.sys
2011/09/16 08:11:47.0225 0212 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2011/09/16 08:11:47.0412 0212 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/09/16 08:11:47.0490 0212 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/09/16 08:11:47.0522 0212 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/09/16 08:11:47.0584 0212 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/09/16 08:11:47.0646 0212 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/09/16 08:11:47.0818 0212 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\Windows\system32\drivers\mbamswissarmy.sys
2011/09/16 08:11:47.0865 0212 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/09/16 08:11:47.0958 0212 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/09/16 08:11:48.0052 0212 MODEMCSA (cbb59c41f19efea1a000793e08070a62) C:\Windows\system32\drivers\MODEMCSA.sys
2011/09/16 08:11:48.0208 0212 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/09/16 08:11:48.0286 0212 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\Windows\system32\DRIVERS\motmodem.sys
2011/09/16 08:11:48.0317 0212 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/09/16 08:11:48.0364 0212 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/09/16 08:11:48.0411 0212 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/09/16 08:11:48.0504 0212 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/09/16 08:11:48.0614 0212 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/09/16 08:11:48.0645 0212 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/09/16 08:11:48.0692 0212 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/09/16 08:11:48.0738 0212 mrxsmb (cc752d233ef39875ca6885d9415ba869) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/09/16 08:11:48.0785 0212 mrxsmb10 (9049dddd4bd27d43d82f5968f1da76e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/09/16 08:11:48.0832 0212 mrxsmb20 (91dc069b6831ef564e7d8c97eaf0343e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/09/16 08:11:48.0879 0212 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/09/16 08:11:48.0972 0212 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/09/16 08:11:49.0035 0212 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/09/16 08:11:49.0113 0212 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/09/16 08:11:49.0206 0212 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/09/16 08:11:49.0238 0212 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/09/16 08:11:49.0269 0212 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/09/16 08:11:49.0362 0212 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/09/16 08:11:49.0425 0212 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/09/16 08:11:49.0472 0212 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/09/16 08:11:49.0534 0212 MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys
2011/09/16 08:11:49.0565 0212 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/09/16 08:11:49.0674 0212 MXOPSWD (216ac775320f64de28cfeb7c179c4ff9) C:\Windows\system32\DRIVERS\mxopswd.sys
2011/09/16 08:11:49.0815 0212 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/09/16 08:11:49.0908 0212 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/09/16 08:11:49.0986 0212 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/09/16 08:11:50.0002 0212 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/09/16 08:11:50.0111 0212 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/09/16 08:11:50.0142 0212 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/09/16 08:11:50.0189 0212 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/09/16 08:11:50.0236 0212 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/09/16 08:11:50.0392 0212 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys
2011/09/16 08:11:50.0610 0212 NETw4v32 (cb3af516a6797b27725e3f1e73f3496c) C:\Windows\system32\DRIVERS\NETw4v32.sys
2011/09/16 08:11:50.0782 0212 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/09/16 08:11:50.0844 0212 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/09/16 08:11:50.0907 0212 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/09/16 08:11:50.0969 0212 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/09/16 08:11:51.0094 0212 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/09/16 08:11:51.0141 0212 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/09/16 08:11:51.0390 0212 nvlddmkm (8e5e17b69830d7cc4691a8e564870c46) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/09/16 08:11:51.0640 0212 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/09/16 08:11:51.0671 0212 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/09/16 08:11:51.0702 0212 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/09/16 08:11:51.0843 0212 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/09/16 08:11:51.0968 0212 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
2011/09/16 08:11:52.0030 0212 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/09/16 08:11:52.0061 0212 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
2011/09/16 08:11:52.0233 0212 pbfilter (4dfe4cef1aeec1025380d7ebf40e8e2b) D:\Downloads\PeerBlock_r181__Win32_Release_(Vista)\pbfilter.sys
2011/09/16 08:11:52.0311 0212 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/09/16 08:11:52.0373 0212 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/09/16 08:11:52.0451 0212 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/09/16 08:11:52.0592 0212 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/09/16 08:11:52.0748 0212 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/09/16 08:11:52.0857 0212 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/09/16 08:11:53.0044 0212 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/09/16 08:11:53.0153 0212 PxHelp20 (81088114178112618b1c414a65e50f7c) C:\Windows\system32\Drivers\PxHelp20.sys
2011/09/16 08:11:53.0309 0212 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/09/16 08:11:53.0387 0212 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/09/16 08:11:53.0450 0212 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/09/16 08:11:53.0574 0212 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/09/16 08:11:53.0621 0212 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/09/16 08:11:53.0668 0212 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/09/16 08:11:53.0715 0212 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/09/16 08:11:53.0746 0212 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/09/16 08:11:53.0793 0212 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/09/16 08:11:53.0871 0212 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\DRIVERS\rdpdr.sys
2011/09/16 08:11:53.0980 0212 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/09/16 08:11:54.0027 0212 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/09/16 08:11:54.0120 0212 RFCOMM (34cc78c06587718c2ad6d3aa83b1f072) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/09/16 08:11:54.0167 0212 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/09/16 08:11:54.0214 0212 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/09/16 08:11:54.0245 0212 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/09/16 08:11:54.0323 0212 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/09/16 08:11:54.0386 0212 RTL8169 (283392af1860ecdb5e0f8ebd7f3d72df) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/09/16 08:11:54.0448 0212 s1018bus (a4925151f1372a45dd491da2a43c27b8) C:\Windows\system32\DRIVERS\s1018bus.sys
2011/09/16 08:11:54.0510 0212 s1018mdfl (dd17284beb4301aabc6181fd2c78907f) C:\Windows\system32\DRIVERS\s1018mdfl.sys
2011/09/16 08:11:54.0588 0212 s1018mdm (aee74bfe0903c672c2968dfe22df09b8) C:\Windows\system32\DRIVERS\s1018mdm.sys
2011/09/16 08:11:54.0651 0212 s1018mgmt (fe8f006bb157f1f1b6627c39b640f62d) C:\Windows\system32\DRIVERS\s1018mgmt.sys
2011/09/16 08:11:54.0776 0212 s1018nd5 (bc12a5da59d947fc564a72ef6021aaec) C:\Windows\system32\DRIVERS\s1018nd5.sys
2011/09/16 08:11:54.0838 0212 s1018obex (80f0597a1ceb93aaf5db779068dd702c) C:\Windows\system32\DRIVERS\s1018obex.sys
2011/09/16 08:11:54.0885 0212 s1018unic (2ba5f7a26fcb975574b0142b5052685e) C:\Windows\system32\DRIVERS\s1018unic.sys
2011/09/16 08:11:54.0947 0212 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/09/16 08:11:55.0010 0212 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/09/16 08:11:55.0134 0212 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/09/16 08:11:55.0259 0212 Sentinel (aebba7428a6c40cce3c5abde45190b24) C:\Windows\System32\Drivers\SENTINEL.SYS
2011/09/16 08:11:55.0290 0212 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/09/16 08:11:55.0353 0212 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/09/16 08:11:55.0415 0212 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/09/16 08:11:55.0571 0212 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/09/16 08:11:55.0602 0212 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/09/16 08:11:55.0649 0212 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/09/16 08:11:55.0680 0212 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/09/16 08:11:55.0774 0212 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/09/16 08:11:55.0790 0212 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/09/16 08:11:55.0899 0212 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/09/16 08:11:55.0992 0212 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/09/16 08:11:56.0055 0212 SMSCIRDA (d1bf7148144ad1851893e84363f78130) C:\Windows\system32\DRIVERS\SMSCirda.sys
2011/09/16 08:11:56.0117 0212 smserial (d9bfd2298f5cf116d8eaae3b02dcee2e) C:\Windows\system32\DRIVERS\smserial.sys
2011/09/16 08:11:56.0273 0212 Sntnlusb (a1ff7d99b199cea1f3df371ba70d2780) C:\Windows\system32\DRIVERS\SNTNLUSB.SYS
2011/09/16 08:11:56.0336 0212 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/09/16 08:11:56.0429 0212 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\Windows\system32\Drivers\sptd.sys
2011/09/16 08:11:56.0429 0212 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
2011/09/16 08:11:56.0445 0212 sptd - detected LockedFile.Multi.Generic (1)
2011/09/16 08:11:56.0507 0212 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
2011/09/16 08:11:56.0570 0212 srv2 (96512f4a30b741e7d33a7936b9abbc20) C:\Windows\system32\DRIVERS\srv2.sys
2011/09/16 08:11:56.0632 0212 srvnet (1c69e33e0e23626da5a34ca5ba0dd990) C:\Windows\system32\DRIVERS\srvnet.sys
2011/09/16 08:11:56.0694 0212 SSIPDDP (eb48e04838fc3a7b4b199faa365f22aa) C:\Windows\system32\DRIVERS\SSIPDDP.SYS
2011/09/16 08:11:56.0819 0212 StkCMini (5cbfd6471e133b03a548b66ef87733e0) C:\Windows\system32\Drivers\StkCMini.sys
2011/09/16 08:11:56.0928 0212 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/09/16 08:11:56.0991 0212 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/09/16 08:11:57.0022 0212 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/09/16 08:11:57.0069 0212 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/09/16 08:11:57.0147 0212 SynTP (760e4f5a1e754bbe4a1bd2a0b54f6aa6) C:\Windows\system32\DRIVERS\SynTP.sys
2011/09/16 08:11:57.0240 0212 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
2011/09/16 08:11:57.0318 0212 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
2011/09/16 08:11:57.0365 0212 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/09/16 08:11:57.0412 0212 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/09/16 08:11:57.0459 0212 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/09/16 08:11:57.0490 0212 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/09/16 08:11:57.0552 0212 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/09/16 08:11:57.0646 0212 TPM (cb258c2f726f1be73c507022be33ebb3) C:\Windows\system32\drivers\tpm.sys
2011/09/16 08:11:57.0786 0212 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/09/16 08:11:57.0833 0212 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/09/16 08:11:57.0849 0212 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/09/16 08:11:57.0927 0212 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/09/16 08:11:57.0958 0212 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/09/16 08:11:58.0036 0212 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/09/16 08:11:58.0067 0212 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/09/16 08:11:58.0098 0212 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/09/16 08:11:58.0145 0212 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/09/16 08:11:58.0208 0212 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/09/16 08:11:58.0317 0212 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys
2011/09/16 08:11:58.0395 0212 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/09/16 08:11:58.0442 0212 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/09/16 08:11:58.0535 0212 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/09/16 08:11:58.0582 0212 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/09/16 08:11:58.0613 0212 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/09/16 08:11:58.0644 0212 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/09/16 08:11:58.0707 0212 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/09/16 08:11:58.0769 0212 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/09/16 08:11:58.0832 0212 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/09/16 08:11:58.0894 0212 usb_rndisx (ee181a08e09db23cf4a49b46a1e66bb8) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/09/16 08:11:58.0956 0212 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/09/16 08:11:59.0019 0212 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/09/16 08:11:59.0050 0212 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/09/16 08:11:59.0097 0212 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/09/16 08:11:59.0144 0212 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/09/16 08:11:59.0222 0212 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/09/16 08:11:59.0284 0212 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/09/16 08:11:59.0378 0212 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/09/16 08:11:59.0424 0212 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/09/16 08:11:59.0534 0212 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/09/16 08:11:59.0565 0212 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/16 08:11:59.0596 0212 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/16 08:11:59.0705 0212 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/09/16 08:11:59.0752 0212 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/09/16 08:11:59.0892 0212 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/09/16 08:12:00.0033 0212 winusb (f03110711b17ad31271cb2baf0dbb2b1) C:\Windows\system32\DRIVERS\winusb.sys
2011/09/16 08:12:00.0095 0212 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/09/16 08:12:00.0189 0212 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/09/16 08:12:00.0236 0212 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/09/16 08:12:00.0345 0212 WsAudio_DeviceS(1) (a75dc063c9f0b787cce296c8ccad9c30) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
2011/09/16 08:12:00.0470 0212 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/09/16 08:12:00.0548 0212 zgwhsdiag (f2c38cd7b6696566da0c3485a41b43dc) C:\Windows\system32\DRIVERS\zgwhsdiag.sys
2011/09/16 08:12:00.0610 0212 zgwhsmdm (f2c38cd7b6696566da0c3485a41b43dc) C:\Windows\system32\DRIVERS\zgwhsmdm.sys
2011/09/16 08:12:00.0657 0212 zgwhsnmea (f2c38cd7b6696566da0c3485a41b43dc) C:\Windows\system32\DRIVERS\zgwhsnmea.sys
2011/09/16 08:12:00.0750 0212 MBR (0x1B8) (9c603bc3977968c891de319283e1e7af) \Device\Harddisk0\DR0
2011/09/16 08:12:00.0906 0212 \Device\Harddisk0\DR0 - detected Rootkit.Win32.BackBoot.gen (1)
2011/09/16 08:12:00.0938 0212 Boot (0x1200) (4fece9ca4105a73ba1412985f24597ab) \Device\Harddisk0\DR0\Partition0
2011/09/16 08:12:00.0953 0212 Boot (0x1200) (643fe94656f00a1b668d9db8d5794199) \Device\Harddisk0\DR0\Partition1
2011/09/16 08:12:00.0984 0212 Boot (0x1200) (f051d1eae18ea020c6cd5d8cdc2fe2b4) \Device\Harddisk0\DR0\Partition2
2011/09/16 08:12:00.0984 0212 ================================================================================
2011/09/16 08:12:00.0984 0212 Scan finished
2011/09/16 08:12:00.0984 0212 ================================================================================
2011/09/16 08:12:01.0000 1588 Detected object count: 2
2011/09/16 08:12:01.0000 1588 Actual detected object count: 2
2011/09/16 08:12:57.0488 1588 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/09/16 08:12:57.0488 1588 \Device\Harddisk0\DR0 - will be restored after reboot
2011/09/16 08:12:57.0488 1588 Rootkit.Win32.BackBoot.gen(\Device\Harddisk0\DR0) - User select action: Restore
2011/09/16 08:13:04.0040 1228 Deinitialize success
  • 0

#12
SweetTech
Posted 16 September 2011 - 10:32 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

Looks like TDSSKiller found the main culprit.

Please do me a favor and run a new scan with ComboFix. It may prompt you to update before it runs, please allow it to update and post the resultant log it produces.

Also be sure to let me know how things are running in your next reply.
  • 0

#13
Yayo
Posted 17 September 2011 - 07:20 PM

Yayo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi SweetTech! So far so good. I took the hard-drive and put it back into it's original laptop, and it has managed to boot up and log into windows again. =)

I ran ComboFix - one or two stages were surpassed because of administrative access (although I did Run as Administrator), but otherwise, no other problems. Here's the log -



////////////////////////////////////////////////////////////////////////////


ComboFix 11-09-13.01 - Administrator 18/09/2011 10:28:31.1.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.61.1033.18.3070.1551 [GMT 10:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\isRS-000.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-08-18 to 2011-09-18 )))))))))))))))))))))))))))))))
.
.
2011-09-18 00:50 . 2011-09-18 00:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-15 22:41 . 2011-09-17 23:39 82 ----a-w- c:\windows\system32\drivers\etc\hosts-lms.tmp
2011-09-13 12:48 . 2011-09-13 12:48 -------- d-----w- C:\_OTL
2011-09-06 02:41 . 2011-09-06 02:41 -------- d-----w- c:\programdata\AVAST Software
2011-09-06 02:41 . 2011-09-06 02:41 -------- d-----w- c:\program files\AVAST Software
2011-09-04 09:16 . 2011-09-04 10:12 -------- d-----w- c:\users\Administrator\DoctorWeb
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-17 23:44 . 2007-10-16 06:08 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-08-31 07:00 . 2009-09-18 03:23 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-06 09:52 . 2009-09-18 03:23 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-21 00:01 . 2011-05-15 21:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
"Slawdog Smart Shutdown"="c:\program files\Slawdog\Smart Shutdown\Smart Shutdown.exe" [2005-09-09 446464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-13 4489216]
"Skytel"="Skytel.exe" [2007-05-28 1826816]
"atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-05-01 404248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2007-10-16 37232]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2007-10-16 33136]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-05-08 174872]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-05-08 33048]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"GuideMenu"="c:\program files\Corel\Corel GuideMenu\GuideMenu.exe" [2007-06-26 1275152]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdc.exe" [2007-01-24 563080]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-06 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-06 8433664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-06 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-04 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-08 305440]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-09-29 2054360]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10b.exe" [2009-02-03 240544]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Check for TWS Updates.lnk - c:\jts\WiseUpdt.exe [2008-9-9 194775]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-14 14:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2011-08-31 07:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrnStatusMX]
2007-08-29 05:06 1077248 ----a-w- c:\program files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2006-11-22 09:31 630784 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 SSIPDDP;SSIPDDP Parallel port device driver;c:\windows\system32\DRIVERS\SSIPDDP.SYS [1999-10-07 53248]
R3 93636320;93636320; [x]
R3 AsAudioDevice_351;AsAudioDevice_351;c:\windows\system32\drivers\AsAudioDevice_351.sys [2009-01-08 16640]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-06-25 13224]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
R3 pbfilter;pbfilter;d:\downloads\PeerBlock_r181__Win32_Release_(Vista)\pbfilter.sys [2009-09-27 16472]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2008-11-04 86696]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2008-11-04 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2008-11-04 114472]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2008-11-04 108200]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2008-11-04 26024]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2008-11-04 104616]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2008-11-04 109736]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2009-04-23 16640]
S0 iaNvStor;Intel® Turbo Memory Technology NAND Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2007-05-04 208896]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-06-05 721904]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-09-29 108792]
S2 Anfield Capital: Stator-AFM Professional update permissions manager. 9845.;Anfield Capital: Stator-AFM Professional update permissions manager. 9845.;c:\program files\Stator - AFM\Stator_AUpd.exe [2007-04-03 234496]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-09-29 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-09-29 95896]
S2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2006-12-10 24576]
S2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [2007-05-01 1489688]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2007-04-25 31232]
S3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\Drivers\StkCMini.sys [2007-01-02 1133312]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-11 07:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
2008-08-28 00:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe
.
Contents of the 'Scheduled Tasks' folder
.
2010-06-09 c:\windows\Tasks\User_Feed_Synchronization-{CC0982BA-96C2-47DC-B950-CC74AC6FBB12}.job
- c:\windows\system32\msfeedssync.exe [2011-05-06 04:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ogkfjykd.default\
FF - prefs.js: browser.search.selectedengine - Dictionary.com
FF - prefs.js: browser.startup.homepage - hxxp://www.news.com.au/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-18 10:50
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
GuideMenu = c:\program files\Corel\Corel GuideMenu\GuideMenu.exe -hide??p???????X???|???|???????????????????????????????????{??f?^ ????????l? F????l???????????????????????????????????????????????????????????????????C????????????????????????????????????l???$???????,??????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
"ImagePath"="\SystemRoot\system32\drivers\amdk8.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Anfield Capital: Stator-AFM Professional update permissions manager. 9845.]
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,aa,40,f8,42,be,14,3d,45,96,bf,db,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,aa,40,f8,42,be,14,3d,45,96,bf,db,\
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d1,e2,44,4b,49,8b,28,46,b8,6f,aa,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d1,e2,44,4b,49,8b,28,46,b8,6f,aa,\
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad.exe"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\mplayerc.exe"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dspackage\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\dsidebar.exe"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ThunderbirdEML"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\FLVPlayer.exe"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hol\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.hol"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ibc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.ibc"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ics\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.ics"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M3U"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOV\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\mplayerc.exe"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\mplayerc.exe"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\mplayerc.exe"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.msg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.msg"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nfo\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad.exe"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.part\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\WinRAR.exe"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\Photoshop.exe"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ps\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\iexplore.exe"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\mplayerc.exe"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.vcf"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcs\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.vcs"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-118959114-2448864244-3603343370-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7F0C9C8A-F9A5-CE90-7427-479D15492A47}*]
"makeleaamacomgmpmemhoblodf"=hex:6a,61,6c,70,68,61,6f,63,70,6d,61,61,66,6b,62,
6c,68,6e,63,67,00,c5
"naebjgklgdjfabhjgdpllnigodpa"=hex:6a,61,61,61,63,61,69,6d,6e,63,61,6b,62,6b,
6e,70,6e,6c,6b,63,00,f8
"oaacbdbopdeggpockgfdpgocnoggmk"=hex:6e,61,6c,65,6e,66,67,6b,6a,6d,6d,6f,6a,67,
63,65,6c,61,61,61,6e,68,67,65,6b,6d,62,68,00,0c
"kakedninljimdnnkpdifah"=hex:64,62,64,70,6c,62,6e,63,69,6d,63,62,6e,6c,6b,6e,
6a,6e,65,63,65,6d,65,64,68,6d,64,6b,62,6f,6b,6e,6e,65,6f,68,67,6a,6f,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000009
.
Completion time: 2011-09-18 10:52:38
ComboFix-quarantined-files.txt 2011-09-18 00:52
ComboFix2.txt 2011-09-13 13:19
.
Pre-Run: 18,045,706,240 bytes free
Post-Run: 16,768,282,624 bytes free
.
- - End Of File - - E98CCEE9C564CC7B7757E98D0978D938
  • 0

#14
SweetTech
Posted 17 September 2011 - 09:50 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

Glad to hear that!!

Lets see what these scans find, and see where we stand then.

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.


  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

  • 0

#15
Yayo
Posted 18 September 2011 - 08:01 PM

Yayo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Cool bananas! Here are the logs -


////////////////////////////////////////// Malwarebytes

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7745

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19048

19/09/2011 8:58:11 AM
mbam-log-2011-09-19 (08-58-11).txt

Scan type: Quick scan
Objects scanned: 176785
Time elapsed: 6 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




////////////////////////////////////////// ESET


(The scan came back as "No Threats Found" and had no option for me to generate or save a log)






////////////////////////////////////////// Security Check

Results of screen317's Security Check version 0.99.18
Windows Vista Service Pack 1 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
ESET NOD32 Antivirus
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java™ 6 Update 13
Java™ 6 Update 7
Out of date Java installed!
Adobe Flash Player 10.3.181.26
Mozilla Thunderbird (2.0.0) Thunderbird Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
``````````End of Log````````````
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP