WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93098 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

[Resolved] windows update error: code 80244019

Started by seriouscode , Jun 16 2009 11:55 PM

This topic is locked

80 replies to this topic

#16 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 22 June 2009 - 11:05 AM

seriouscode,

Let's get an online scan to make sure we aren't missing something.

Please go to Kaspersky website and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
  Archives
  Mail databases
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.

Also please tell me how things are running now.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

Advertisements

Register to Remove

#17 seriouscode

Authentic Member

Authentic Member
115 posts

Posted 22 June 2009 - 06:08 PM

Tomk so far things on the homefront seem to be running as smooth as ice, all systems go. Here is the Kaspersky online scan log, what next?

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Monday, June 22, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Monday, June 22, 2009 22:57:55
Records in database: 2378674
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 145532
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 02:05:01

No malware has been detected. The scan area is clean.

The selected area was scanned.

#18 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 22 June 2009 - 06:39 PM

seriouscode, This computer appears to be clean. :woot:

Now please run Mbam on the other computers connected to this router. Remember, if anything besides wareout/ Trojan.DNSChanger is found, then I need you to post the report here along with a HijackThis log from that computer. Once we are through with the other computers, I have some housekeeping steps I need you to run and then I'll leave you with some advice for the future.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#19 seriouscode

Authentic Member

Authentic Member
115 posts

Posted 22 June 2009 - 11:01 PM

Tomk this is the other computers Mbam log. I gotta warn you thu, this one should be a real treat. This is an older computer from 04 that still runs, but it runs so slow that it takes about 10mins to boot up... somewhat. This may be out of you field of service, but if you can help me make this computer run a bit faster, that would be fan-tab-u-lous! Also, why is it slow?
Here is the Mbam log:

Malwarebytes' Anti-Malware 1.38
Database version: 2323
Windows 5.1.2600 Service Pack 3

6/23/2009 12:18:40 AM
mbam-log-2009-06-23 (00-18-40).txt

Scan type: Quick Scan
Objects scanned: 106790
Time elapsed: 14 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Delete on reboot.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\sebastian\local settings\Temp\MWSSRCSP.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\TMP0000004023C5ED54332139DF (Adware.MyWeb) -> Quarantined and deleted successfully.

Here is the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:58:39 AM, on 6/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.1.2
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/im...r/SysProExe.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 7515 bytes

#20 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 22 June 2009 - 11:34 PM

seriouscode,

That should have speeded it up.

Let's get an online scan on it.

Please go to Kaspersky website and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
  Archives
  Mail databases
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#21 seriouscode

Authentic Member

Authentic Member
115 posts

Posted 23 June 2009 - 01:32 PM

Tomk here is the K log from that online scan you asked for:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Tuesday, June 23, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Tuesday, June 23, 2009 14:45:55
Records in database: 2383530
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 66620
Threat name: 1
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 02:26:37

File name / Threat name / Threats count
C:\Documents and Settings\Sebastian\Local Settings\Temporary Internet Files\Content.IE5\4LTS9I03\setup[1].exe Infected: Trojan-Downloader.Win32.FraudLoad.eki 1
C:\Documents and Settings\Sebastian\Local Settings\Temporary Internet Files\Content.IE5\4LTS9I03\setup[2].exe Infected: Trojan-Downloader.Win32.FraudLoad.eki 1
C:\RECYCLER\S-1-5-21-682003330-1078145449-725345543-1004\Dc1.exe Infected: Trojan-Downloader.Win32.FraudLoad.eki 1

The selected area was scanned.

This computer is still running mega slow any other helpful hints you can give me on making it faster?

#22 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 23 June 2009 - 02:29 PM

seriouscode,

Let's get a deeper scan of that computer.

Please download DDS by sUBs from one of the following links and save it to your desktop.

- DDS.scr
- DDS.pif
Disable any script blocking protection (How to Disable your Security Programs)
Double click DDS icon to run the tool (may take up to 3 minutes to run)
When done, DDS.txt will open.
After a few moments, attach.txt will open in a second window.
Save both reports to your desktop.

---------------------------------------------------

Post the contents of the DDS.txt report in your next reply
Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and the click UPLOAD.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#23 seriouscode

Authentic Member

Authentic Member
115 posts

Posted 23 June 2009 - 07:27 PM

Tomk you are like a computer tech gawd to me and all other lesser computer beings lol!!! Before we continue, even if you can help me with all of my problems I just wanted to say thank you for being patient and also very very quick with your replies of help. Here is the DDS logs... both of them:

DDS (Ver_09-05-14.01) - NTFSx86
Run by Casabetoa at 21:21:55.15 on Tue 06/23/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.139 [GMT -4:00]

AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Casabetoa\Desktop\dds.pif
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://search.live.com
uDefault_Page_URL = hxxp://www.msn.com
mSearchAssistant = hxxp://search.live.com/sphome.aspx
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.0\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.0\CoIEPlg.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-explorer: MaxRecentDocs = 99 (0x63)
mPolicies-system: HideShutdownScripts = 0 (0x0)
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\casabe~1\applic~1\mozilla\firefox\profiles\jy7v2by6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-26 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-5-12 130936]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-26 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 72944]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-25 149352]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-25 149352]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1003344]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-25 149352]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-4-8 92008]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-26 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090623.002\NAVENG.SYS [2009-6-23 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090623.002\NAVEX15.SYS [2009-6-23 876144]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 7408]
R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-7-8 1251720]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-5-12 348752]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-5-12 1095560]

=============== Created Last 30 ================

2009-06-23 21:16 <DIR> --d-h--- c:\windows\PIF
2009-06-23 11:33 15,427 a------- c:\windows\system32\79995z9al2690.exe
2009-06-22 23:58 <DIR> --d----- c:\docume~1\casabe~1\applic~1\Malwarebytes
2009-06-22 23:57 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-22 23:56 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-22 23:56 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-22 23:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-22 23:56 <DIR> --d----- c:\program files\Trend Micro
2009-06-22 12:32 3,982 a------- c:\windows\195athief14z2.ocx
2009-06-22 09:47 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-22 09:47 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-21 09:08 6,401 a------- c:\windows\system32\e655hzeat54759.exe
2009-06-20 16:56 16,448 a------- c:\windows\system32\1z539spambo5171.dll
2009-06-19 14:55 16,152 a------- c:\windows\system32\50219tzoj6f59.dll
2009-06-19 10:30 2,699 a------- c:\windows\system32\9950s5ywarz401.dll
2009-06-18 15:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-06-18 15:20 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-06-18 15:20 <DIR> --d----- c:\docume~1\casabe~1\applic~1\SUPERAntiSpyware.com
2009-06-18 15:19 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-06-17 12:36 6,118 a------- c:\windows\5509downl9ader2z25.exe
2009-06-15 23:00 6,939 a------- c:\windows\2004no9-azv5rus4c8.dll
2009-06-15 22:14 9,317 a------- c:\windows\563zd9wnload5r1803.cpl
2009-06-15 21:59 <DIR> --dsh--- c:\documents and settings\casabetoa\IECompatCache
2009-06-15 15:32 9,992 a------- c:\windows\9949not-az5irus29d.exe
2009-06-15 02:28 2,976 a------- c:\windows\627dzpa9se1255.bin
2009-06-11 16:03 12,139 a------- c:\windows\system32\7f77sp9rsz2959.exe
2009-06-10 18:37 9,597 a------- c:\windows\system32\13595vi9us661z.ocx
2009-06-10 02:18 3,532 a------- c:\windows\13573virusz9.cpl
2009-06-08 20:03 14,460 a------- c:\windows\7545addwarz1981.ocx
2009-06-08 18:26 7,169 a------- c:\windows\system32\23327n9t-a-v5rus18z.dll
2009-06-08 12:10 3,283 a------- c:\windows\system32\z2250sp579d.bin
2009-06-08 05:20 13,660 a------- c:\windows\424a5pyzar91336.exe
2009-06-06 22:17 <DIR> --d----- c:\program files\TomTom International B.V
2009-06-06 15:10 17,222 a------- c:\windows\system32\60459zw5loader2458.cpl
2009-06-06 09:34 17,799 a------- c:\windows\system32\592no9-a-5iruza.dll
2009-05-28 02:01 6,597 a------- c:\windows\4965vz92950.dll
2009-05-28 01:20 12,786 a------- c:\windows\30997ha9kzool7945.cpl
2009-05-27 15:06 3,503 a------- c:\windows\system32\57e95hreat2301z.cpl
2009-05-26 22:18 15,688 a------- c:\windows\system32\lsdelete.exe
2009-05-26 15:41 3,899 a------- c:\windows\system32\1e01sp9rze27895.bin
2009-05-26 08:46 17,706 a------- c:\windows\system32\247569rojz5.cpl
2009-05-26 08:04 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-05-26 08:02 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-26 08:01 <DIR> --d----- c:\program files\Lavasoft
2009-05-25 09:48 11,590 a------- c:\windows\29229spyz559.exe
2009-05-25 08:16 16,311 a------- c:\windows\system32\5259spamb9t505z.bin

==================== Find3M ====================

2009-06-22 08:26 130,936 a------- c:\windows\system32\drivers\PCTCore.sys
2009-05-21 16:34 13,635 a------- c:\windows\2c49b5ckdoorz5369.exe
2009-05-21 15:45 3,997 a------- c:\windows\system32\29zddownlo5der2161.bin
2009-05-19 03:55 6,368 a------- c:\windows\system32\6272no9-a5virusz21.dll
2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-12 12:19 12,191 a------- c:\windows\5590doznl95der2009.exe
2009-05-11 23:44 10,019 a------- c:\windows\z8065acktool219.exe
2009-05-11 01:05 3,233 a------- c:\windows\system32\7115a9dwzre69.dll
2009-05-08 22:23 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-08 14:55 15,256 a------- c:\windows\system32\29558hacktooz341.exe
2009-05-07 16:08 12,690 a------- c:\windows\system32\28425tzoj55a9.exe
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 10:00 14,230 a------- c:\windows\3566zhre5t7039.exe
2009-05-06 06:06 13,910 a------- c:\windows\system32\65e8add9are152z.bin
2009-05-06 03:41 3,050 a------- c:\windows\system32\9bzcback5oor3188.exe
2009-05-03 12:42 12,249 a------- c:\windows\system32\19e8sza5se2342.exe
2009-04-27 02:01 13,584 a------- c:\windows\system32\3390sza9bot5f5.dll
2009-04-25 23:28 5,201 a------- c:\windows\system32\z1793worm1d05.dll
2009-04-25 03:45 12,591 a------- c:\windows\system32\5359h9cktzol57a.bin
2009-04-22 17:14 16,346 a------- c:\windows\z2705s5y592.exe
2009-04-20 15:05 6,831 a------- c:\windows\12f45hie92190z.bin
2009-04-18 22:19 3,501 a------- c:\windows\7622s5ywaze9797.dll
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-16 16:50 9,142 a------- c:\windows\system32\97491z5rus786.dll
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-13 06:16 16,649 a------- c:\windows\system32\30696t5oz67c.dll
2009-04-12 19:54 11,010 a------- c:\windows\system32\4ed7zownload9r357.exe
2009-04-12 19:51 4,228 a------- c:\windows\26z60v95us120.bin
2009-04-11 23:00 14,069 a------- c:\windows\system32\4fbed9wnl5zder962.bin
2009-04-11 13:42 12,101 a------- c:\windows\system32\25589spambotz15.bin
2009-04-11 02:58 11,442 a------- c:\windows\13818spa5bzt950.exe
2009-04-09 19:09 13,893 a------- c:\windows\5998sparse18z1.exe
2009-04-09 11:46 9,043 a------- c:\windows\5194z5wnloader1003.exe
2009-04-09 06:33 2,935 a------- c:\windows\z615s5y3959.dll
2009-04-06 14:10 3,230 a------- c:\windows\21e7z5ckdoo9784.exe
2009-04-04 14:21 18,194 a------- c:\windows\system32\1927thi5z1148.bin
2009-04-04 06:01 12,975 a------- c:\windows\system32\4cc9zhrea513979.dll
2009-04-02 01:53 6,995 a------- c:\windows\453bzir2598.bin
2009-03-28 14:44 4,295 a------- c:\windows\system32\5e23downloadez295.bin
2009-03-18 19:53 30,016 a------- c:\docume~1\casabe~1\applic~1\GDIPFONTCACHEV1.DAT
2008-08-23 18:59 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082320080824\index.dat

============= FINISH: 21:22:42.67 ===============

Attached Files

Attach.txt 12.85KB 420 downloads

#24 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 23 June 2009 - 08:20 PM

seriouscode,

Thanks for the compliment but I'm not much of a Tech. I'm just a trained malware fighter.

There are some "odd" entries in there. Let's do a few things:

You've got some old Java files in there that are a security risk. We need to get rid of the old ones and only keep the new.

Using Add or Remove programs in your Control Panel, Please uninstall:
J2SE Runtime Environment 5.0 Update 12
Java™ 6 Update 7

Then for good measure:
JavaRa ...by: Paul McLain and Fred de Vries

Please download JavaRa (Copyright © 2008 RaProducts.org) and unzip it to your desktop.
***Please close any instances of Internet Explorer before continuing!***
Print these instructions...you won't have Internet access during this particular phase!

Double-click on JavaRa.exe to start the program.
From the drop-down menu, choose English or the appropriate language...and click on Select.
JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
A logfile will pop up. Please save it to a convenient location.
Copy and paste the contents of the JavaRa log, in your next reply.

Now let's see a bit more about those Odd entries.
Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link --> http://forums.whatth...ams_t96260.html
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
4. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
5. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#25 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 23 June 2009 - 08:22 PM

Also, let's close out your original computer.

Log looks good

Now to remove most of the tools that we have used in fixing your machine:

Make sure you have an Internet Connection.
Download OTC to your desktop and run it
A list of tool components used in the cleanup of malware will be downloaded.
If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
Click Yes to begin the cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.

You need to create a new Clean restore point:

Download SysRestorePoint to your desktop and unzip it to it's own folder.
Double click SysRestorePoint.exe so that we can make a new system restore point.
A box will pop up after it has made a new point, usually after a few seconds. Close that window and exit the program.

Remove all previous Restore Points
Click Start Menu > Run > copy and paste

cleanmgr

You may be asked to choose drive. Choose C: At top, click on More Options tab. Click Clean up... button in the System Restore box. Click on Yes button. When finished, click on Cancel button to exit.

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Check "Hide file extensions for known file types."
Under the "Hidden files" folder, Uncheck "Show hidden files and folders."
Check "Hide protected operating system files."
Click Apply, and then click OK.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

Advertisements

Register to Remove

#26 seriouscode

Authentic Member

Authentic Member
115 posts

Posted 24 June 2009 - 01:29 PM

Tomk, here is the java log:

JavaRa 1.14 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Wed Jun 24 14:22:13 2009

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

------------------------------------

Finished reporting.

Here is the ComboFix log:

ComboFix 09-06-23.01 - Casabetoa 06/24/2009 14:39.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.155 [GMT -4:00]
Running from: c:\documents and settings\Casabetoa\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\CASABE~1\LOCALS~1\Temp\1.wmv
c:\windows\10051not-a9zirus4c5.bin
c:\windows\10133zir596b6.ocx
c:\windows\10216zpambo5991.dll
c:\windows\108705ot-azviru9108.ocx
c:\windows\1096virz753.bin
c:\windows\10z49teal2551.bin
c:\windows\11375zp9496.cpl
c:\windows\11fea5dwzre5679.ocx
c:\windows\12195hacktooz5fd9.exe
c:\windows\12339zacktool6ed5.cpl
c:\windows\12besparse2539z.cpl
c:\windows\12f45hie92190z.bin
c:\windows\13159zpy4a5.ocx
c:\windows\13573virusz9.cpl
c:\windows\13818spa5bzt950.exe
c:\windows\138z8troj159.bin
c:\windows\14381spz259.ocx
c:\windows\1451spywa9z1141.dll
c:\windows\15214not-a-ziru5295.exe
c:\windows\152669roj55z.cpl
c:\windows\15793woz940d.dll
c:\windows\15b39ddwarz30435.cpl
c:\windows\16056not-a-viruz1749.ocx
c:\windows\16249wzrm350.cpl
c:\windows\16395vzru5358.dll
c:\windows\16599h9cktzol3c.exe
c:\windows\1677zspa5b9t5f.ocx
c:\windows\16804z5c9tool5f3.bin
c:\windows\1693z5py4a2.cpl
c:\windows\170z5s9y795.ocx
c:\windows\17352n9t-a-vizu5708.exe
c:\windows\1753spar5ez969.ocx
c:\windows\17580spy559z.bin
c:\windows\18142v9r5s4eaz.dll
c:\windows\18351s9z8f.bin
c:\windows\19349orz53b.ocx
c:\windows\193595zrm5a4.exe
c:\windows\19569hazktool459.bin
c:\windows\195athief14z2.ocx
c:\windows\196099zo5749.bin
c:\windows\198downloade53176z.cpl
c:\windows\19e5vzr1558.bin
c:\windows\1a9f5oznloader3104.dll
c:\windows\1bb5add9are1z27.cpl
c:\windows\1c859ir5569z.bin
c:\windows\1dzfbackdoo51954.dll
c:\windows\1e5bac5doz91071.bin
c:\windows\1e5c9ackdooz392.exe
c:\windows\1f0ds9ezl3155.bin
c:\windows\1z27add5ar91450.dll
c:\windows\1z31759y138.bin
c:\windows\1z91hacktool9055.ocx
c:\windows\20039not-a-viz5s2d7.bin
c:\windows\2004no9-azv5rus4c8.dll
c:\windows\203z1h5cktoo9574.ocx
c:\windows\2050d5znloader5289.exe
c:\windows\20692not-a-ziru55b4.exe
c:\windows\20794spazbot595.cpl
c:\windows\2094spyzare5780.dll
c:\windows\20966hzcktool5f19.dll
c:\windows\210529irus3zb.ocx
c:\windows\21354trzj50b9.exe
c:\windows\215dvi9z271.cpl
c:\windows\21baszeal5296.dll
c:\windows\21e7z5ckdoo9784.exe
c:\windows\21f0th9ea51z924.dll
c:\windows\2215859zm709.bin
c:\windows\23519hackto9lzc.exe
c:\windows\235395zck9oold1.bin
c:\windows\23550sz951.ocx
c:\windows\235z8sp9mbot4c6.cpl
c:\windows\236aback9oorz533.bin
c:\windows\2418hac9tool6a5z.ocx
c:\windows\24359zpy77b5.dll
c:\windows\2435s9ar5z2246.dll
c:\windows\244z69acktool579.exe
c:\windows\24573s9ambzt245.ocx
c:\windows\246989ot-a-virus25z.exe
c:\windows\247z0virus596.ocx
c:\windows\24985vi9u534z.exe
c:\windows\25090t9oj5z1.dll
c:\windows\2522thi9f3z4.exe
c:\windows\25354spamzot739.bin
c:\windows\2548tzie94915.dll
c:\windows\2551spamz5t5e49.cpl
c:\windows\25669zpy139.bin
c:\windows\258b59reaz8.dll
c:\windows\26239not-9-vzrus3145.exe
c:\windows\264885o9-a-virus3z6.bin
c:\windows\26666t9zj52c5.exe
c:\windows\26930spa95oz345.ocx
c:\windows\26z60v95us120.bin
c:\windows\27006hack9zol5ef.bin
c:\windows\27681hackzoo52e9.dll
c:\windows\279bdo5zloader999.dll
c:\windows\28045not9a-virzs68c.bin
c:\windows\28203h5ck9zol35.ocx
c:\windows\28435z9rm495.cpl
c:\windows\28592wo5m4z0.exe
c:\windows\29229spyz559.exe
c:\windows\295badzware2214.exe
c:\windows\29652viru97z7.ocx
c:\windows\296865irusz7.bin
c:\windows\29927hackt5ol3dz.dll
c:\windows\2b4zdown9oade5945.exe
c:\windows\2b56tzief509.bin
c:\windows\2c49b5ckdoorz5369.exe
c:\windows\2ce65ackdoz91919.cpl
c:\windows\2cz9spyw5re591.ocx
c:\windows\2e9zthief1597.cpl
c:\windows\2f9d5te9l16z2.exe
c:\windows\2z125sp969e.cpl
c:\windows\2z588worm95.exe
c:\windows\2z872spamb5t359.cpl
c:\windows\2z885pa9se2036.exe
c:\windows\2z9455orm953.dll
c:\windows\30591zro525c.bin
c:\windows\3059addware558z.dll
c:\windows\30997ha9kzool7945.cpl
c:\windows\309z15orm29f.cpl
c:\windows\30z559orm36d.bin
c:\windows\31064not5azvirus956.bin
c:\windows\3123hack5ool59z.exe
c:\windows\3144759y3ze.ocx
c:\windows\315195acktooz38d.bin
c:\windows\31568wzr992.cpl
c:\windows\31579pyware1577z.ocx
c:\windows\31748haczt5ol269.dll
c:\windows\3198backd5or79z.dll
c:\windows\31e4sp5wzre10689.dll
c:\windows\32328not-a-virzs9895.cpl
c:\windows\3315not-a5viru933z.exe
c:\windows\34c9vi5z137.ocx
c:\windows\3566zhre5t7039.exe
c:\windows\3581threaz19773.dll
c:\windows\35998s9y7z9.exe
c:\windows\35e29pyware1z66.dll
c:\windows\35fbste9l1z83.ocx
c:\windows\3616v5r9z18.cpl
c:\windows\364ezackd59r576.exe
c:\windows\3657threz911353.cpl
c:\windows\3709viz1959.bin
c:\windows\38195h9zf2397.ocx
c:\windows\38b6bac95oor1592z.exe
c:\windows\3952downlzade9527.exe
c:\windows\3965thzef1688.exe
c:\windows\396zspywar52490.dll
c:\windows\39azdownlo5de91410.bin
c:\windows\3a9b5ackdozr2159.dll
c:\windows\3a9bsp5zse675.ocx
c:\windows\3ab2ad9w5re9z0.ocx
c:\windows\3b7d5p9ware74z.exe
c:\windows\3c64zpy5ar92865.dll
c:\windows\3c965i9z893.dll
c:\windows\3fe5zpars52906.exe
c:\windows\3ze4thr9at7518.bin
c:\windows\401e9zief5109.dll
c:\windows\405zspy479.bin
c:\windows\4195zparse5597.bin
c:\windows\42499ormz435.ocx
c:\windows\424a5pyzar91336.exe
c:\windows\425threat203z9.exe
c:\windows\42d9t5z9f1260.ocx
c:\windows\4323t9ie531z4.exe
c:\windows\4397zo9-a-vi5us6c4.exe
c:\windows\4453sp5waze18999.bin
c:\windows\453bzir2598.bin
c:\windows\4549ad9waze980.bin
c:\windows\4567zi5us3ce9.exe
c:\windows\4572downloade52z69.bin
c:\windows\4576th9eat3035z.cpl
c:\windows\45z8d5wnload9r1399.exe
c:\windows\4635t9z53c9.exe
c:\windows\4651n9t-a-viruz3ac.exe
c:\windows\4775spamzotab9.ocx
c:\windows\47f3bac5dz9r433.cpl
c:\windows\48z39ackd5or2994.dll
c:\windows\4965vz92950.dll
c:\windows\4976spars589z.dll
c:\windows\498faddza5e2056.ocx
c:\windows\49ebsteal59z5.dll
c:\windows\49fdownlozder562.cpl
c:\windows\4a3zb5ck9oor1595.ocx
c:\windows\4beedownload9r26z05.cpl
c:\windows\4c46add5zre24709.dll
c:\windows\5013hac9toz5522.ocx
c:\windows\5091sp9ware537z.ocx
c:\windows\50czth5ef9969.dll
c:\windows\50f7thiez11959.ocx
c:\windows\5176downl5aderz9.exe
c:\windows\5194z5wnloader1003.exe
c:\windows\52603viruz395.exe
c:\windows\53005not-a-v9zus2bd.exe
c:\windows\53f1t5reaz29361.cpl
c:\windows\546cs9ywz5e3208.bin
c:\windows\54z79worm488.cpl
c:\windows\5509downl9ader2z25.exe
c:\windows\5590doznl95der2009.exe
c:\windows\55988hacztool182.cpl
c:\windows\563zd9wnload5r1803.cpl
c:\windows\5654thief92z2.dll
c:\windows\5749downloader1184z.exe
c:\windows\574eth9eaz20418.bin
c:\windows\580adownl9ader242z.cpl
c:\windows\589dt5zef1686.ocx
c:\windows\58fa9dware1650z.ocx
c:\windows\58z1wor599f.dll
c:\windows\58z2backd5o91429.ocx
c:\windows\58z9tr9j715.ocx
c:\windows\5923spyw9rez564.ocx
c:\windows\5997spy5zf.bin
c:\windows\5998sparse18z1.exe
c:\windows\59ds9eaz557.cpl
c:\windows\59zasp5rse25749.ocx
c:\windows\59zbthie53051.dll
c:\windows\5b50t9izf5936.exe
c:\windows\5c00zhre9t4696.ocx
c:\windows\5d6zsp5wa9e518.exe
c:\windows\5d9bazkdoor2587.cpl
c:\windows\5dcz5parse1909.ocx
c:\windows\5dz7sp9rse5223.exe
c:\windows\5e479ow5loader28z1.bin
c:\windows\6058stea91z8.bin
c:\windows\60dfdzwnlo5der11459.cpl
c:\windows\60efzparse15509.exe
c:\windows\6171spa9bo53az.dll
c:\windows\6191spywaze1524.dll
c:\windows\627dzpa9se1255.bin
c:\windows\63bfs9ars5z560.dll
c:\windows\645ct9r5at1z147.bin
c:\windows\653eazdwar91117.dll
c:\windows\6576zpars91569.dll
c:\windows\65c3v5r29z4.ocx
c:\windows\65stez91568.exe
c:\windows\67dcthzeat525079.ocx
c:\windows\6833zir15629.bin
c:\windows\68589parse101z.dll
c:\windows\695e9ddwa5e1699z.dll
c:\windows\6995thiefz56.cpl
c:\windows\69cbspaz5e7419.dll
c:\windows\6a5fbackd9zr997.bin
c:\windows\6bd1spy5zre69.ocx
c:\windows\6ce9do95loadez62.cpl
c:\windows\6f53addwaze2988.dll
c:\windows\6z8addw9re775.exe
c:\windows\6z959orm55e.dll
c:\windows\6zb1backd5o92616.exe
c:\windows\700159r7z2.dll
c:\windows\71azt9reat211365.cpl
c:\windows\71z9ste5l1359.bin
c:\windows\7259hacktooz1a95.ocx
c:\windows\72z3spyw9re5103.exe
c:\windows\7358hzck9ool14c.dll
c:\windows\738bazdwar9845.exe
c:\windows\739baddzare350.dll
c:\windows\74859orz59b.ocx
c:\windows\7545addwarz1981.ocx
c:\windows\7555hacktoo9533z.cpl
c:\windows\7596s9ywzr52386.dll
c:\windows\75ebvi9z418.ocx
c:\windows\75f6thre9t9z535.cpl
c:\windows\7622s5ywaze9797.dll
c:\windows\7639thief24z5.bin
c:\windows\7654wo9z46e.exe
c:\windows\76c1bazk5oor2299.ocx
c:\windows\77879pzrs5801.cpl
c:\windows\7950szeal2068.exe
c:\windows\795ed9wnloadzr5197.ocx
c:\windows\7995zt-a-virus76e.bin
c:\windows\7a29do5nloadez9352.bin
c:\windows\7a52stealz619.dll
c:\windows\7bbste9l15z75.cpl
c:\windows\7eczba59door486.dll
c:\windows\7fd4spyware593z.bin
c:\windows\7fddbzckdo9r856.bin
c:\windows\7ff5dow5loaderz1389.cpl
c:\windows\8499zpy550.dll
c:\windows\8599s595dz.bin
c:\windows\89385roj29z.cpl
c:\windows\9059ha5ktozl55.ocx
c:\windows\9060viz3115.exe
c:\windows\9211st5al195z.exe
c:\windows\9222tzoj5fc.cpl
c:\windows\92z82w5rm416.dll
c:\windows\937635acktoolzb6.ocx
c:\windows\952czhreat27354.dll
c:\windows\9534troj2z89.bin
c:\windows\955zackdo9r3504.bin
c:\windows\9572szar5e2441.bin
c:\windows\9589t5oj31z9.bin
c:\windows\959cthreat50z0.cpl
c:\windows\9603not-a-zirus353.dll
c:\windows\9615backzoor324.dll
c:\windows\96z4not-9-5irus600.dll
c:\windows\9815steal2169z.exe
c:\windows\9856bazkdoor5229.dll
c:\windows\9903sz5c2.dll
c:\windows\99123troj536z.exe
c:\windows\9923download5z1068.ocx
c:\windows\993n5t-a-vzr9s257.exe
c:\windows\9949not-az5irus29d.exe
c:\windows\99ds5ywarz1159.exe
c:\windows\9a0ad5zare9807.ocx
c:\windows\9bd9zteal5832.ocx
c:\windows\9bfbzackdo5r552.dll
c:\windows\9edfdownlzader516.dll
c:\windows\9z580hacktool181.dll
c:\windows\9zbsp9rse27615.ocx
c:\windows\a05virz1929.exe
c:\windows\c83zackd59r2290.exe
c:\windows\d9bstz5l1631.bin
c:\windows\dd5viz209.exe
c:\windows\f44bazkdo5r1291.dll
c:\windows\f53downlz5der9373.cpl
c:\windows\f82thie96z75.exe
c:\windows\system32\101sp5mboz2b9.exe
c:\windows\system32\10556zpy3ad9.cpl
c:\windows\system32\11145hackt9zl64d5.bin
c:\windows\system32\11753tr9z7c1.exe
c:\windows\system32\11930vi59z56a.exe
c:\windows\system32\121565roz394.bin
c:\windows\system32\12275spamb951z9.exe
c:\windows\system32\12555troj2z9.exe
c:\windows\system32\1256t9oj722z.bin
c:\windows\system32\13595vi9us661z.ocx
c:\windows\system32\1359th9zf27805.cpl
c:\windows\system32\13719tr5jzc9.bin
c:\windows\system32\13c5adzware4449.bin
c:\windows\system32\14052zp95c2.dll
c:\windows\system32\140835zru9392.dll
c:\windows\system32\14496s5y98z.ocx
c:\windows\system32\144zn9t-a-v5rus218.cpl
c:\windows\system32\14586zpy596.cpl
c:\windows\system32\146019p5z83.exe
c:\windows\system32\14725v9r5s4z1.bin
c:\windows\system32\147739izus545.bin
c:\windows\system32\14a5a5dza9e302.ocx
c:\windows\system32\15015szy9e9.ocx
c:\windows\system32\15050notza9vi5us29b.cpl
c:\windows\system32\15159virusz4.bin
c:\windows\system32\15359hack5ool30z9.cpl
c:\windows\system32\15397spy2fz.cpl
c:\windows\system32\1576hazktoo91c85.dll
c:\windows\system32\1579vir27z1.ocx
c:\windows\system32\1581sp9wzre428.exe
c:\windows\system32\1587zsp9mbot422.dll
c:\windows\system32\15z9sparse1075.dll
c:\windows\system32\161z895ambot5b.dll
c:\windows\system32\17437not-a-vzru93005.exe
c:\windows\system32\1761z5pamb9t396.bin
c:\windows\system32\17937troz415.ocx
c:\windows\system32\17947tr9j3z5.ocx
c:\windows\system32\18390zirus51e5.bin
c:\windows\system32\18555hazkt9ol3ae.ocx
c:\windows\system32\185cst9alz561.exe
c:\windows\system32\19114z5rm5b79.dll
c:\windows\system32\19115noz-a-5irus39c.cpl
c:\windows\system32\19216hackt9o5z5c.ocx
c:\windows\system32\1927thi5z1148.bin
c:\windows\system32\1947worz956.dll
c:\windows\system32\19540wzrm919.exe
c:\windows\system32\1955spambot203z.exe
c:\windows\system32\19561tro523z.cpl
c:\windows\system32\1969ztroj5b3.exe
c:\windows\system32\19951wo592z4.dll
c:\windows\system32\19992hac5tool3c9z.ocx
c:\windows\system32\19e8sza5se2342.exe
c:\windows\system32\1a49vi59z97.bin
c:\windows\system32\1abaspywa9e88z5.exe
c:\windows\system32\1c5sparsz899.dll
c:\windows\system32\1cz45ddwar93049.dll
c:\windows\system32\1e01sp9rze27895.bin
c:\windows\system32\1efedownloaz9r5067.exe
c:\windows\system32\1ez5v9r596.dll
c:\windows\system32\1z259spy664.cpl
c:\windows\system32\1z539spambo5171.dll
c:\windows\system32\1z595ha95tool59.dll
c:\windows\system32\1z91thi5f3939.cpl
c:\windows\system32\1zf5backdoor9969.ocx
c:\windows\system32\20181h5cktozl4519.bin
c:\windows\system32\2091n5t-az9irus72b.dll
c:\windows\system32\20z5a5dware2591.exe
c:\windows\system32\21258spa9bot52z.cpl
c:\windows\system32\2199h5ckzool59c9.cpl
c:\windows\system32\21eza5dware1955.ocx
c:\windows\system32\2255a59wzre1797.exe
c:\windows\system32\22765notza-virus3d59.ocx
c:\windows\system32\22e4thi95z052.exe
c:\windows\system32\23327n9t-a-v5rus18z.dll
c:\windows\system32\2333not9a-vzrus538.ocx
c:\windows\system32\233995ozm139.ocx
c:\windows\system32\23507zroj4d9.bin
c:\windows\system32\2350notza-vir9s688.exe
c:\windows\system32\236825zy3a9.ocx
c:\windows\system32\23fbvir1z925.cpl
c:\windows\system32\23z95virus595.exe
c:\windows\system32\24191zacktoo51c5.exe
c:\windows\system32\24585not-a-vi95s5e1z.dll
c:\windows\system32\247569rojz5.cpl
c:\windows\system32\24889spy750z.cpl
c:\windows\system32\24ce5hizf9834.bin
c:\windows\system32\25009ddwarz2880.cpl
c:\windows\system32\25040no5-a-vzrus51b9.ocx
c:\windows\system32\250639rojzbb.exe
c:\windows\system32\25441vir596z3.dll
c:\windows\system32\2553ba9kdoor5z3.bin
c:\windows\system32\25589spambotz15.bin
c:\windows\system32\256069pzmbot4c2.dll
c:\windows\system32\25633worm4z9.exe
c:\windows\system32\25756sp9zbot66c.dll
c:\windows\system32\25b7threat9z419.bin
c:\windows\system32\26035spz29.cpl
c:\windows\system32\26163zot-9-vi5us21f.ocx
c:\windows\system32\265z5spy4d9.bin
c:\windows\system32\26759virus38z.ocx
c:\windows\system32\27976tzoj5c1.dll
c:\windows\system32\279z5sp5mbot3189.cpl
c:\windows\system32\27c5bazkd9or17.bin
c:\windows\system32\2825znot-a-vi9us18.dll
c:\windows\system32\28425tzoj55a9.exe
c:\windows\system32\28532hack9ooz684.cpl
c:\windows\system32\28550w5r9653z.dll
c:\windows\system32\285585ot9z-virusc4.bin
c:\windows\system32\28897z5ambot479.ocx
c:\windows\system32\28d0spy5are324z9.bin
c:\windows\system32\29010trzj555.dll
c:\windows\system32\29271hackto5z79e.dll
c:\windows\system32\29558hacktooz341.exe
c:\windows\system32\2962zhie5770.ocx
c:\windows\system32\29756haz5tool955.ocx
c:\windows\system32\29819spazbo55c3.dll
c:\windows\system32\29977not-a-vi5us4z0.ocx
c:\windows\system32\29989pyz735.ocx
c:\windows\system32\299z25py50e.cpl
c:\windows\system32\29z1959rm77c.cpl
c:\windows\system32\29zddownlo5der2161.bin
c:\windows\system32\2b2bspar9510z3.dll
c:\windows\system32\2b51vi98z.cpl
c:\windows\system32\2cb0backdo5r9z97.exe
c:\windows\system32\2d719ir15z5.cpl
c:\windows\system32\2f9e9pywar512z0.bin
c:\windows\system32\2z5715o9m28d.ocx
c:\windows\system32\2z719s5ambot39f.cpl
c:\windows\system32\2z891worm2ab5.bin
c:\windows\system32\305zspyware239.ocx
c:\windows\system32\30696t5oz67c.dll
c:\windows\system32\30854spambzt9b4.exe
c:\windows\system32\30875ownloazer297.exe
c:\windows\system32\30939wz5m38b.exe
c:\windows\system32\30995zpy4525.dll
c:\windows\z0547hack5oo94cc.bin
c:\windows\z087395y33d.exe
c:\windows\z089t5ief2218.dll
c:\windows\z14509ac5tool274.exe
c:\windows\z17st5al3239.bin
c:\windows\z2705s5y592.exe
c:\windows\z2d3addware57469.cpl
c:\windows\z3569virus965.ocx
c:\windows\z399ha9k5ool7ac.dll
c:\windows\z405not-9-vir5s271.dll
c:\windows\z4169spambot579.cpl
c:\windows\z4335spy279.cpl
c:\windows\z5082hacktool595.ocx
c:\windows\z5179virus767.dll
c:\windows\z549steal1094.dll
c:\windows\z54v9r1092.cpl
c:\windows\z5900sp935c.dll
c:\windows\z5b5d9wnloader1610.cpl
c:\windows\z5e9downl5ader310.bin
c:\windows\z615s5y3959.dll
c:\windows\z73cthief25009.dll
c:\windows\z7691spy2b59.bin
c:\windows\z7d3addware995.dll
c:\windows\z8065acktool219.exe
c:\windows\z922worm958.ocx
c:\windows\z9507spambot700.ocx
c:\windows\z9565vi9us194.exe
c:\windows\za98spyware6959.bin
c:\windows\zd68back9oor9925.bin
c:\windows\ze8st95l199.bin

.
((((((((((((((((((((((((( Files Created from 2009-05-24 to 2009-06-24 )))))))))))))))))))))))))))))))
.

2009-12-20 02:38 . 2009-12-20 02:38 15728 ----a-w- c:\windows\system32\3b6athi5f1809z.exe
2009-12-12 14:12 . 2009-12-12 14:12 6522 ----a-w- c:\windows\system32\3527vi5z609.dll
2009-12-07 09:19 . 2009-12-07 09:19 15075 ----a-w- c:\windows\system32\5079hackt95z181.exe
2009-12-06 07:30 . 2009-12-06 07:30 9016 ----a-w- c:\windows\system32\75c3th5eat9071z.dll
2009-12-01 06:13 . 2009-12-01 06:13 11228 ----a-w- c:\windows\system32\492fzpyware1658.dll
2009-11-27 06:38 . 2009-11-27 06:38 13929 ----a-w- c:\windows\system32\9edsteal54z7.bin
2009-11-19 07:51 . 2009-11-19 07:51 16806 ----a-w- c:\windows\system32\5a6f5azkdo9r2659.exe
2009-11-14 14:56 . 2009-11-14 14:56 8741 ----a-w- c:\windows\system32\8851spzmb5t76a9.dll
2009-11-14 07:13 . 2009-11-14 07:13 2706 ----a-w- c:\windows\system32\54960s9zmbotd2.dll
2009-11-13 07:38 . 2009-11-13 07:38 12350 ----a-w- c:\windows\system32\3682sze9l3512.bin
2009-11-13 07:04 . 2009-11-13 07:04 16486 ----a-w- c:\windows\system32\39586zro51cd.bin
2009-11-07 09:18 . 2009-11-07 09:18 7703 ----a-w- c:\windows\system32\52193viruz50b.dll
2009-11-04 00:31 . 2009-11-04 00:31 2618 ----a-w- c:\windows\system32\35d6threa9z1675.bin
2009-11-01 16:16 . 2009-11-01 16:16 13910 ----a-w- c:\windows\system32\58f0spa5se1695z.exe
2009-10-22 15:27 . 2009-10-22 15:27 15037 ----a-w- c:\windows\system32\77055pyw9rez872.bin
2009-10-22 10:03 . 2009-10-22 10:03 3110 ----a-w- c:\windows\system32\deabackdzor25529.exe
2009-10-19 23:44 . 2009-10-19 23:44 9448 ----a-w- c:\windows\system32\7348th9e517z8.exe
2009-10-14 04:35 . 2009-10-14 04:35 11316 ----a-w- c:\windows\system32\5b19threat181z1.exe
2009-10-01 12:24 . 2009-10-01 12:24 12920 ----a-w- c:\windows\system32\55d9zp9ware811.dll
2009-09-25 01:15 . 2009-09-25 01:15 6462 ----a-w- c:\windows\system32\5659h9cktooz59.exe
2009-09-16 10:37 . 2009-09-16 10:37 16286 ----a-w- c:\windows\system32\5e9z5parse2926.dll
2009-09-14 17:04 . 2009-09-14 17:04 5008 ----a-w- c:\windows\system32\59z7not-a-virus48f.exe
2009-09-14 03:01 . 2009-09-14 03:01 16690 ----a-w- c:\windows\system32\e44s9yz5re1800.dll
2009-09-09 23:53 . 2009-09-09 23:53 17577 ----a-w- c:\windows\system32\988btzrea529969.bin
2009-09-09 06:44 . 2009-09-09 06:44 4831 ----a-w- c:\windows\system32\5d59downloaderz124.dll
2009-09-06 02:30 . 2009-09-06 02:30 9149 ----a-w- c:\windows\system32\3bz2threat62509.dll
2009-09-05 15:14 . 2009-09-05 15:14 13269 ----a-w- c:\windows\system32\52743s9y6ebz.dll
2009-08-25 20:07 . 2009-08-25 20:07 11396 ----a-w- c:\windows\system32\eb39pywzre2359.bin
2009-08-23 16:47 . 2009-08-23 16:47 16056 ----a-w- c:\windows\system32\31895hreat91z5.exe
2009-08-23 05:57 . 2009-08-23 05:57 5166 ----a-w- c:\windows\system32\6a7cspa5s92893z.bin
2009-08-22 11:48 . 2009-08-22 11:48 10911 ----a-w- c:\windows\system32\77z2virus995.exe
2009-08-16 07:24 . 2009-08-16 07:24 16609 ----a-w- c:\windows\system32\5510dzwnload9r2378.exe
2009-08-05 04:49 . 2009-08-05 04:49 2640 ----a-w- c:\windows\system32\7ezbthi5f2958.exe
2009-08-04 03:08 . 2009-08-04 03:08 16275 ----a-w- c:\windows\system32\7256thie92574z.dll
2009-08-03 04:27 . 2009-08-03 04:27 12419 ----a-w- c:\windows\system32\983z9roj775.exe
2009-08-02 22:37 . 2009-08-02 22:37 7300 ----a-w- c:\windows\system32\z993vi5us905.exe
2009-07-28 06:14 . 2009-07-28 06:14 6897 ----a-w- c:\windows\system32\6509threat2905z.dll
2009-07-23 19:15 . 2009-07-23 19:15 8725 ----a-w- c:\windows\system32\693dthreat19z975.dll
2009-07-21 17:59 . 2009-07-21 17:59 3418 ----a-w- c:\windows\system32\5987thief26z5.dll
2009-07-19 09:27 . 2009-07-19 09:27 14596 ----a-w- c:\windows\system32\3958threa91890z5.bin
2009-07-10 08:34 . 2009-07-10 08:34 9857 ----a-w- c:\windows\system32\3czcba9kdoor5611.dll
2009-07-09 00:21 . 2009-07-09 00:21 13383 ----a-w- c:\windows\system32\z597sp56b9.exe
2009-07-07 23:01 . 2009-07-07 23:01 15038 ----a-w- c:\windows\system32\4067vzr31965.dll
2009-07-07 13:30 . 2009-07-07 13:30 4232 ----a-w- c:\windows\system32\598bthreat2852z.exe
2009-06-24 01:16 . 2009-06-24 01:16 -------- d--h--w- c:\windows\PIF
2009-06-23 15:33 . 2009-06-23 15:33 15427 ----a-w- c:\windows\system32\79995z9al2690.exe
2009-06-23 07:27 . 2009-06-23 07:27 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-23 05:58 . 2009-06-23 05:58 152576 ----a-w- c:\documents and settings\Casabetoa\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-23 03:58 . 2009-06-23 03:58 -------- d-----w- c:\documents and settings\Casabetoa\Application Data\Malwarebytes
2009-06-23 03:57 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-23 03:56 . 2009-06-23 03:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-23 03:56 . 2009-06-23 03:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-23 03:56 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-23 03:56 . 2009-06-23 03:56 -------- d-----w- c:\program files\Trend Micro
2009-06-22 13:47 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-22 13:47 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-21 13:08 . 2009-06-21 13:08 6401 ----a-w- c:\windows\system32\e655hzeat54759.exe
2009-06-19 18:55 . 2009-06-19 18:55 16152 ----a-w- c:\windows\system32\50219tzoj6f59.dll
2009-06-19 14:30 . 2009-06-19 14:30 2699 ----a-w- c:\windows\system32\9950s5ywarz401.dll
2009-06-18 19:24 . 2009-06-23 10:47 117760 ----a-w- c:\documents and settings\Casabetoa\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-18 19:21 . 2009-06-18 19:21 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-18 19:20 . 2009-06-18 19:20 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-18 19:20 . 2009-06-18 19:20 -------- d-----w- c:\documents and settings\Casabetoa\Application Data\SUPERAntiSpyware.com
2009-06-18 19:19 . 2009-06-18 19:19 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-16 01:59 . 2009-06-16 01:59 -------- d-sh--w- c:\documents and settings\Casabetoa\IECompatCache
2009-06-11 20:03 . 2009-06-11 20:03 12139 ----a-w- c:\windows\system32\7f77sp9rsz2959.exe
2009-06-08 16:10 . 2009-06-08 16:10 3283 ----a-w- c:\windows\system32\z2250sp579d.bin
2009-06-07 02:17 . 2009-06-07 02:17 -------- d-----w- c:\program files\TomTom International B.V
2009-06-06 13:34 . 2009-06-06 13:34 17799 ----a-w- c:\windows\system32\592no9-a-5iruza.dll
2009-06-04 22:54 . 2009-06-04 22:54 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla
2009-05-29 05:59 . 2009-05-29 05:59 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2009-05-27 02:18 . 2009-03-09 19:06 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-05-26 12:04 . 2009-06-22 12:12 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-05-26 12:02 . 2009-06-04 12:27 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-26 12:02 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-05-26 12:01 . 2009-05-26 12:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-26 12:01 . 2009-05-26 12:01 -------- d-----w- c:\program files\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-24 18:24 . 2008-07-08 18:49 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-23 12:28 . 2009-05-13 01:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-23 07:44 . 2009-05-13 01:10 -------- d-----w- c:\program files\Spyware Doctor
2009-06-23 04:23 . 2008-07-08 18:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-23 03:53 . 2008-07-08 18:47 -------- d-----w- c:\documents and settings\Casabetoa\Application Data\U3
2009-06-22 12:26 . 2009-05-13 01:11 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-06-07 02:17 . 2008-07-30 02:37 -------- d-----w- c:\program files\TomTom HOME 2
2009-05-25 12:16 . 2009-05-25 12:16 16311 ----a-w- c:\windows\system32\5259spamb9t505z.bin
2009-05-19 07:55 . 2009-05-19 07:55 6368 ----a-w- c:\windows\system32\6272no9-a5virusz21.dll
2009-05-13 05:15 . 2006-02-28 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-13 01:15 . 2009-05-13 01:14 -------- d-----w- c:\documents and settings\Sebastian\Application Data\GetRightToGo
2009-05-13 01:13 . 2009-05-13 01:10 -------- d-----w- c:\program files\Common Files\PC Tools
2009-05-13 01:10 . 2009-05-13 01:10 -------- d-----w- c:\documents and settings\Sebastian\Application Data\PC Tools
2009-05-13 01:10 . 2009-05-13 01:10 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-05-13 01:03 . 2009-03-26 00:24 -------- d-----w- c:\documents and settings\Sebastian\Application Data\U3
2009-05-12 03:02 . 2008-07-08 18:05 24216 ----a-w- c:\documents and settings\Casabetoa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-12 01:43 . 2008-07-10 05:29 24216 ----a-w- c:\documents and settings\Sebastian\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-12 01:22 . 2008-12-29 02:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-05-12 01:20 . 2008-07-08 18:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-11 05:05 . 2009-05-11 05:05 3233 ----a-w- c:\windows\system32\7115a9dwzre69.dll
2009-05-09 02:23 . 2009-05-09 02:24 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-07 15:32 . 2006-02-28 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-07 14:00 . 2009-05-07 14:00 3778 ----a-w- c:\windows\system32\32195zrm4dd.exe
2009-05-07 14:00 . 2009-05-07 14:00 5979 ----a-w- c:\windows\system32\52z2hacktool59f.exe
2009-05-07 14:00 . 2009-05-07 14:00 14730 ----a-w- c:\windows\system32\7d945hreaz27397.dll
2009-05-07 14:00 . 2009-05-07 14:00 9010 ----a-w- c:\windows\system32\z9b5ackdoor597.dll
2009-05-06 10:06 . 2009-05-06 10:06 13910 ----a-w- c:\windows\system32\65e8add9are152z.bin
2009-05-06 07:41 . 2009-05-06 07:41 3050 ----a-w- c:\windows\system32\9bzcback5oor3188.exe
2009-04-27 06:01 . 2009-04-27 06:01 13584 ----a-w- c:\windows\system32\3390sza9bot5f5.dll
2009-04-26 03:28 . 2009-04-26 03:28 5201 ----a-w- c:\windows\system32\z1793worm1d05.dll
2009-04-25 07:45 . 2009-04-25 07:45 12591 ----a-w- c:\windows\system32\5359h9cktzol57a.bin
2009-04-17 12:26 . 2006-02-28 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-16 20:50 . 2009-04-16 20:50 9142 ----a-w- c:\windows\system32\97491z5rus786.dll
2009-04-15 14:51 . 2006-02-28 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-12 23:54 . 2009-04-12 23:54 11010 ----a-w- c:\windows\system32\4ed7zownload9r357.exe
2009-04-12 03:00 . 2009-04-12 03:00 14069 ----a-w- c:\windows\system32\4fbed9wnl5zder962.bin
2009-04-04 10:01 . 2009-04-04 10:01 12975 ----a-w- c:\windows\system32\4cc9zhrea513979.dll
2009-03-28 18:44 . 2009-03-28 18:44 4295 ----a-w- c:\windows\system32\5e23downloadez295.bin
.

------- Sigcheck -------

[7] 2006-02-28 12:00 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\$NtServicePackUninstall$\svchost.exe
[7] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\ServicePackFiles\i386\svchost.exe
[7] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\system32\svchost.exe

[-] 2005-03-02 18:19 577024 1800F293BCCC8EDE8A70E12B88D80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2007-03-08 15:48 578048 7AA4F6C00405DFC4B70ED4214E7D687B c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\$NtServicePackUninstall$\user32.dll
[7] 2006-02-28 12:00 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\$NtUninstallKB925902$\user32.dll
[7] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\ServicePackFiles\i386\user32.dll
[7] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\system32\user32.dll

[7] 2006-02-28 12:00 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\$NtServicePackUninstall$\ws2_32.dll
[7] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\ServicePackFiles\i386\ws2_32.dll
[7] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\system32\ws2_32.dll

[7] 2008-04-23 03:35 827392 41546B396A526918DA7995A02EA04E51 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[7] 2008-06-23 16:01 827904 C66402A06B83B036C195242C0C8CF83C c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[7] 2008-08-26 09:08 827904 77C192FE56A70D7FA0247BA0A6201C32 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[7] 2008-10-16 20:24 827904 0D5B75171FF51775B630A431B6C667E8 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[7] 2008-12-20 23:56 827904 044E0A4E9FE97C0FB9AFE9C89E2A82E6 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[7] 2009-05-13 05:10 915456 C0EB6850C8A02A154281749DC61FAF22 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[7] 2006-02-28 12:00 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\ie7\wininet.dll
[7] 2007-08-13 22:54 818688 A4A0FC92358F39538A6494C42EF99FE9 c:\windows\ie7updates\KB950759-IE7\wininet.dll
[7] 2008-04-23 04:16 826368 F6589BE784647CFDBC22EA51CCB1A57A c:\windows\ie7updates\KB953838-IE7\wininet.dll
[7] 2008-06-23 16:57 826368 8C13D4A7479FA0A026EDA8ABCE82C0ED c:\windows\ie7updates\KB956390-IE7\wininet.dll
[7] 2008-08-26 07:24 826368 EF8EBA98145BFA44E80D17A3B3453300 c:\windows\ie7updates\KB958215-IE7\wininet.dll
[7] 2008-10-16 20:38 826368 6741EAF7B7F110E803A6E38F6E5FA6B0 c:\windows\ie7updates\KB961260-IE7\wininet.dll
[7] 2008-12-20 23:15 826368 A82935D32D0672E8FF4E91AE398E901C c:\windows\ie8\wininet.dll
[7] 2009-03-08 08:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\ie8updates\KB969897-IE8\wininet.dll
[7] 2008-04-14 00:12 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\ServicePackFiles\i386\wininet.dll
[7] 2009-05-13 05:15 915456 366C72AF6970DB7BB39AB0142BF09DB5 c:\windows\SoftwareDistribution\Download\acef69c5a8a4846ded0fc4ea93f74166\SP3GDR\wininet.dll
[7] 2009-05-13 05:10 915456 C0EB6850C8A02A154281749DC61FAF22 c:\windows\SoftwareDistribution\Download\acef69c5a8a4846ded0fc4ea93f74166\SP3QFE\wininet.dll
[7] 2009-05-13 05:15 915456 366C72AF6970DB7BB39AB0142BF09DB5 c:\windows\system32\wininet.dll
[7] 2009-05-13 05:15 915456 366C72AF6970DB7BB39AB0142BF09DB5 c:\windows\system32\dllcache\wininet.dll

[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2006-02-28 12:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\drivers\tcpip.sys

[7] 2006-02-28 12:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\$NtServicePackUninstall$\winlogon.exe
[7] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\ServicePackFiles\i386\winlogon.exe
[7] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\system32\winlogon.exe

[7] 2006-02-28 12:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\$NtServicePackUninstall$\ndis.sys
[7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys
[7] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys

[7] 2006-02-28 12:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
[7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\ServicePackFiles\i386\ip6fw.sys
[7] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys

[-] 2005-03-02 00:36 2056832 D8ABA3EAB509627E707A3B14F00FBB6B c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 09:15 2059392 4D3DBDCCBF97F5BA1E74F322B155C3BA c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[7] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 19:39 2066048 A25E9B86EFFB2AF33BF51E676B68BFB0 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2007-02-28 08:38 2057600 515D30E2C90A3665A2739309334C9283 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[7] 2006-02-28 12:00 2056832 947FB1D86D14AFCFFDB54BF837EC25D0 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[-] 2005-03-02 00:34 2056832 81013F36B21C7F72CF784CC6731E0002 c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[7] 2008-08-14 09:33 2066048 4AC58F03EB94A72809949D757FC39D80 c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2008-04-13 18:31 2065792 109F8E3E3C82E337BB71B6BC9B895D61 c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[7] 2009-02-07 23:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2008-04-13 18:31 2065792 109F8E3E3C82E337BB71B6BC9B895D61 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[7] 2009-02-07 23:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\system32\ntkrnlpa.exe
[7] 2009-02-07 23:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\system32\dllcache\ntkrnlpa.exe

[-] 2005-03-02 01:04 2179456 28187802B7C368C0D3AEF7D4C382AABB c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 09:55 2182144 5A5C8DB4AA962C714C8371FBDF189FC9 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[7] 2009-02-07 23:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 20:11 2189184 31914172342BFF330063F343AC6958FE c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2007-02-28 09:10 2180352 582A8DBAA58C3B1F176EB2817DAEE77C c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[7] 2006-02-28 12:00 2180992 CE218BC7088681FAA06633E218596CA7 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[-] 2005-03-02 00:59 2179328 4D4CF2C14550A4B7718E94A6E581856E c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[7] 2008-08-14 10:11 2189184 EEAF32F8E15A24F62BECB1BD403BB5C5 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2008-04-13 19:27 2188928 0C89243C7C3EE199B96FCC16990E0679 c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2008-04-13 19:27 2188928 0C89243C7C3EE199B96FCC16990E0679 c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\system32\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\system32\dllcache\ntoskrnl.exe

[7] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\explorer.exe
[-] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2006-02-28 12:00 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtUninstallKB938828$\explorer.exe
[7] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\ServicePackFiles\i386\explorer.exe

[7] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[7] 2006-02-28 12:00 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\$NtServicePackUninstall$\services.exe
[7] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\$NtUninstallKB956572$\services.exe
[7] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\ServicePackFiles\i386\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\system32\dllcache\services.exe

[7] 2006-02-28 12:00 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\$NtServicePackUninstall$\lsass.exe
[7] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\ServicePackFiles\i386\lsass.exe
[7] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\system32\lsass.exe

[7] 2006-02-28 12:00 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\$NtServicePackUninstall$\ctfmon.exe
[7] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\ServicePackFiles\i386\ctfmon.exe
[7] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\system32\ctfmon.exe

[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$NtServicePackUninstall$\spoolsv.exe
[7] 2006-02-28 12:00 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\$NtUninstallKB896423$\spoolsv.exe
[7] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\ServicePackFiles\i386\spoolsv.exe
[7] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\system32\spoolsv.exe

[7] 2008-04-14 00:12 111104 ED7262E52C31CF1625B65039102BC16C c:\windows\ServicePackFiles\i386\wuauclt.exe
[7] 2008-10-16 19:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\wuauclt.exe
[7] 2008-10-16 19:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\dllcache\wuauclt.exe

[7] 2006-02-28 12:00 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\$NtServicePackUninstall$\userinit.exe
[7] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\ServicePackFiles\i386\userinit.exe
[7] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\system32\userinit.exe

[7] 2006-02-28 12:00 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\$NtServicePackUninstall$\termsrv.dll
[7] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\ServicePackFiles\i386\termsrv.dll
[7] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\system32\termsrv.dll

[-] 2007-04-16 16:07 986112 09F7CB3687F86EDAA4CA081F7AB66C03 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[7] 2009-03-21 13:59 991744 DA11D9D6ECBDF0F93436A4B7C13F7BEC c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2007-04-16 15:52 984576 A01F9CA902A88F7CED06884174D6419D c:\windows\$NtServicePackUninstall$\kernel32.dll
[7] 2006-02-28 12:00 983552 888190E31455FAD793312F8D087146EB c:\windows\$NtUninstallKB935839$\kernel32.dll
[7] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\$NtUninstallKB959426$\kernel32.dll
[7] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\ServicePackFiles\i386\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\system32\dllcache\kernel32.dll

[7] 2006-02-28 12:00 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\$NtServicePackUninstall$\powrprof.dll
[7] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\ServicePackFiles\i386\powrprof.dll
[7] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\system32\powrprof.dll

[7] 2006-02-28 12:00 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\$NtServicePackUninstall$\imm32.dll
[7] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\ServicePackFiles\i386\imm32.dll
[7] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\system32\imm32.dll

[7] 2006-02-28 12:00 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[7] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\ServicePackFiles\i386\sfcfiles.dll
[7] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\system32\sfcfiles.dll

[7] 2006-02-28 12:00 167936 9C3C12975C97119412802B181FBEEFFE c:\windows\$NtServicePackUninstall$\appmgmts.dll
[7] 2008-04-14 00:11 167936 D8849F77C0B66226335A59D26CB4EDC6 c:\windows\ServicePackFiles\i386\appmgmts.dll
[7] 2008-04-14 00:11 167936 D8849F77C0B66226335A59D26CB4EDC6 c:\windows\system32\appmgmts.dll

[7] 2006-02-28 12:00 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\$NtServicePackUninstall$\kbdclass.sys
[7] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\ServicePackFiles\i386\kbdclass.sys
[7] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\system32\drivers\kbdclass.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-03-14 4493312]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2007-08-25 714608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideShutdownScripts"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 99 (0x63)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Adware-Spware Removal
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Adware-Spyware Removal

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/26/2009 8:04 AM 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5/12/2009 9:11 PM 130936]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1003344]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [8/25/2007 1:07 AM 149352]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [4/8/2009 6:38 AM 92008]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [5/29/2007 4:55 PM 23888]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/26/2009 12:53 AM 101936]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [5/12/2009 9:10 PM 348752]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2009-06-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 12:12]

2009-06-24 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2009-06-22 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Casabetoa.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-27 01:19]

2009-06-23 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Sebastian.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-27 01:19]
.
.
------- Supplementary Scan -------
.
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-24 14:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}\TreatAs]
@DACL=(02 0000)
@="{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020420-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020420-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib]
@DACL=(02 0000)
@="{29D67D3C-509A-4544-903F-C8C1B8236554}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib]
@DACL=(02 0000)
@="{E47CAEE0-DEEA-464A-9326-3F2801535A4D}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib]
@DACL=(02 0000)
@="{D518921A-4A03-425E-9873-B9A71756821E}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0]
@DACL=(02 0000)
@="HtmldocPlugin 1.0 Type Library"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(932)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2009-06-24 14:56
ComboFix-quarantined-files.txt 2009-06-24 18:55

Pre-Run: 36,827,918,336 bytes free
Post-Run: 38,115,115,008 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

890 --- E O F --- 2009-06-23 05:50

I just have a question, Can i use the the Mbam program to on as a usual scan for malware? or do you just want to leave that till we are done fixing the computers to answer my newb questions?

#27 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 24 June 2009 - 02:14 PM

seriouscode,

Mbam is a good program to keep. Run it once a month or so to supplement your other security. It has no real-time component so it won't conflict with your other programs. Just be sure to update it before running a scan because definitions are updated often.

COMBOFIX-Script

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

File::
c:\windows\system32\3b6athi5f1809z.exe
c:\windows\system32\3527vi5z609.dll
c:\windows\system32\5079hackt95z181.exe
c:\windows\system32\75c3th5eat9071z.dll
c:\windows\system32\492fzpyware1658.dll
c:\windows\system32\9edsteal54z7.bin
c:\windows\system32\5a6f5azkdo9r2659.exe
c:\windows\system32\8851spzmb5t76a9.dll
c:\windows\system32\54960s9zmbotd2.dll
c:\windows\system32\3682sze9l3512.bin
c:\windows\system32\39586zro51cd.bin
c:\windows\system32\52193viruz50b.dll
c:\windows\system32\35d6threa9z1675.bin
c:\windows\system32\58f0spa5se1695z.exe
c:\windows\system32\77055pyw9rez872.bin
c:\windows\system32\deabackdzor25529.exe
c:\windows\system32\7348th9e517z8.exe
c:\windows\system32\5b19threat181z1.exe
c:\windows\system32\55d9zp9ware811.dll
c:\windows\system32\5659h9cktooz59.exe
c:\windows\system32\5e9z5parse2926.dll
c:\windows\system32\59z7not-a-virus48f.exe
c:\windows\system32\e44s9yz5re1800.dll
c:\windows\system32\988btzrea529969.bin
c:\windows\system32\5d59downloaderz124.dll
c:\windows\system32\3bz2threat62509.dll
c:\windows\system32\52743s9y6ebz.dll
c:\windows\system32\eb39pywzre2359.bin
c:\windows\system32\31895hreat91z5.exe
c:\windows\system32\6a7cspa5s92893z.bin
c:\windows\system32\77z2virus995.exe
c:\windows\system32\5510dzwnload9r2378.exe
c:\windows\system32\7ezbthi5f2958.exe
c:\windows\system32\7256thie92574z.dll
c:\windows\system32\983z9roj775.exe
c:\windows\system32\z993vi5us905.exe
c:\windows\system32\6509threat2905z.dll
c:\windows\system32\693dthreat19z975.dll
c:\windows\system32\5987thief26z5.dll
c:\windows\system32\3958threa91890z5.bin
c:\windows\system32\3czcba9kdoor5611.dll
c:\windows\system32\z597sp56b9.exe
c:\windows\system32\4067vzr31965.dll
c:\windows\system32\598bthreat2852z.exe
c:\windows\system32\79995z9al2690.exe
c:\windows\system32\e655hzeat54759.exe
c:\windows\system32\50219tzoj6f59.dll
c:\windows\system32\9950s5ywarz401.dll
c:\windows\system32\7f77sp9rsz2959.exe
c:\windows\system32\z2250sp579d.bin
c:\windows\system32\592no9-a-5iruza.dll
c:\windows\system32\5259spamb9t505z.bin
c:\windows\system32\6272no9-a5virusz21.dll
c:\windows\system32\7115a9dwzre69.dll
c:\windows\system32\32195zrm4dd.exe
c:\windows\system32\52z2hacktool59f.exe
c:\windows\system32\7d945hreaz27397.dll
c:\windows\system32\z9b5ackdoor597.dll
c:\windows\system32\65e8add9are152z.bin
c:\windows\system32\9bzcback5oor3188.exe
c:\windows\system32\3390sza9bot5f5.dll
c:\windows\system32\z1793worm1d05.dll
c:\windows\system32\5359h9cktzol57a.bin
c:\windows\system32\win32k.sys
c:\windows\system32\97491z5rus786.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\4ed7zownload9r357.exe
c:\windows\system32\4fbed9wnl5zder962.bin
c:\windows\system32\4cc9zhrea513979.dll
c:\windows\system32\5e23downloadez295.bin

RegLockDel::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}\TreatAs]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0]

Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#28 seriouscode

Authentic Member

Authentic Member
115 posts

Posted 24 June 2009 - 08:18 PM

Tomk dude I have got a seriously critically fatal problem!!! after copying and pasting the script you have posted and then dragging it into the ComboFix the program started and progressed normally. Then out of no where a system failure caused a windows error shut down that closed my computer down closeing the ComboFix program prematurely, with a countdown box. Since then my computer has been rebooting but never going past the windows loading screen. I tried F8 safe mode with no network and it did its thing then when it got to the windows load screen it rebooted again. I let it go on for a little bit but all it does is keep rebooting, then it hits a blue screen with 2 lines of txt that i can not read and reboots. Man i'm scared here, whats going on? what can i do? Please help FYI i'm typing from the original computer we fixed together.

#29 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 24 June 2009 - 09:10 PM

seriouscode,

I notgood up. There are two entries that shouldn't have been in that script.
c:\windows\system32\win32k.sys
c:\windows\system32\rpcrt4.dll

The first thing I want you to try, is last known good configuration. I suspect it won't work but I'd like to try it. Then we
we've got a couple of other things to do to fix this.

So... I need you to start your computer and tap F8 like you're going to try to go into safe mode, but instead of choosing Safe Mode, choose Last Known Good Configuration.

Then let me know how it goes.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#30 seriouscode

Authentic Member

Authentic Member
115 posts

Posted 24 June 2009 - 09:25 PM

still dead. Very dead. All safe mode paths lead to a dead end. What next?

Body Background

skin color theme