Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91824 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Computer Issues! (Permission Virus?)


  • This topic is locked This topic is locked
36 replies to this topic

#1 bhender

bhender

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 02 October 2009 - 08:05 PM

Please Help- I have ran the following: Fixswen.inf Win32kDiag (text ready to post) Combo-Fix (log ready to post)

    Advertisements

Register to Remove


#2 bhender

bhender

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 02 October 2009 - 08:09 PM

Running from: C:\Documents and Settings\Owner\desktop\win32kdiag.exe Log file at : C:\Documents and Settings\Owner\Desktop\Win32kDiag.txt Removing all found mount points. Attempting to reset file permissions. WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Found mount point : C:\WINDOWS\addins\addins Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\addins\addins Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\Temp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\Temp Found mount point : C:\WINDOWS\assembly\temp\temp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\temp\temp Found mount point : C:\WINDOWS\assembly\tmp\tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\tmp\tmp Found mount point : C:\WINDOWS\Config\Config Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Config\Config Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard Found mount point : C:\WINDOWS\CSC\d1\d1 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\CSC\d1\d1 Found mount point : C:\WINDOWS\CSC\d2\d2 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\CSC\d2\d2 Found mount point : C:\WINDOWS\CSC\d3\d3 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\CSC\d3\d3 Found mount point : C:\WINDOWS\CSC\d4\d4 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\CSC\d4\d4 Found mount point : C:\WINDOWS\CSC\d5\d5 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\CSC\d5\d5 Found mount point : C:\WINDOWS\CSC\d6\d6 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\CSC\d6\d6 Found mount point : C:\WINDOWS\CSC\d7\d7 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\CSC\d7\d7 Found mount point : C:\WINDOWS\CSC\d8\d8 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\CSC\d8\d8 Found mount point : C:\WINDOWS\ERDNT\AutoBackup\8-26-2009\Users\00000001\00000001 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ERDNT\AutoBackup\8-26-2009\Users\00000001\00000001 Found mount point : C:\WINDOWS\ERDNT\AutoBackup\8-26-2009\Users\00000002\00000002 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ERDNT\AutoBackup\8-26-2009\Users\00000002\00000002 Found mount point : C:\WINDOWS\ime\chsime\applets\applets Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\chsime\applets\applets Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets Found mount point : C:\WINDOWS\ime\imejp\applets\applets Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\imejp\applets\applets Found mount point : C:\WINDOWS\ime\imejp98\imejp98 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\imejp98\imejp98 Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\imjp8_1\applets\applets Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\imkr6_1\applets\applets Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts Found mount point : C:\WINDOWS\ime\shared\res\res Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\shared\res\res Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729 Found mount point : C:\WINDOWS\java\classes\classes Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\java\classes\classes Found mount point : C:\WINDOWS\java\trustlib\trustlib Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\java\trustlib\trustlib Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files Found mount point : C:\WINDOWS\msapps\msinfo\msinfo Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF Found mount point : C:\WINDOWS\pchealth\ERRORREP\UserDumps\UserDumps Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\ERRORREP\UserDumps\UserDumps Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS Found mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp Found mount point : C:\WINDOWS\PIF\PIF Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\PIF\PIF Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog Found mount point : C:\WINDOWS\setup.pss\setup.pss Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\setup.pss\setup.pss Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment Finished!

Attached Files



#3 bhender

bhender

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 02 October 2009 - 08:11 PM

ComboFix 09-10-01.05 - Owner 10/02/2009 21:42.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1270.733 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fixx.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\data
c:\data\SCDBRepair.exe
c:\data\SuperCharge.dat
c:\documents and settings\All Users\Application Data\esow.inf
c:\documents and settings\All Users\Application Data\lymu.inf
c:\documents and settings\All Users\Application Data\usojoz.bat
c:\documents and settings\All Users\Application Data\vokanol.exe
c:\documents and settings\All Users\Documents\adehiriw.bat
c:\documents and settings\All Users\Documents\ajyno.pif
c:\documents and settings\All Users\Documents\cote.inf
c:\documents and settings\All Users\Documents\ejuferif.inf
c:\documents and settings\All Users\Documents\ewunox.bat
c:\documents and settings\All Users\Documents\izuc.vbs
c:\documents and settings\All Users\Documents\ukavy.inf
c:\documents and settings\Owner\Application Data\byjonywaq.bat
c:\documents and settings\Owner\Application Data\uguxomenux.exe
c:\documents and settings\Owner\Local Settings\Application Data\ipoqop.bat
c:\documents and settings\Owner\Local Settings\Application Data\nume.reg
c:\documents and settings\Owner\Local Settings\Application Data\quqezolo.reg
c:\documents and settings\Owner\Local Settings\Application Data\quvusyget.vbs
c:\program files\Common Files\cyxu.pif
c:\program files\Common Files\eparuhe.vbs
c:\program files\Common Files\gedaq.ban
c:\program files\Common Files\osih.bat
c:\program files\Common Files\ovobe.dl
c:\program files\Common Files\palovacego.exe
c:\program files\Common Files\pobemiv.reg
c:\program files\Common Files\vulidotez.inf
c:\program files\Common Files\zoho.bat
c:\windows\arypolog.exe
c:\windows\asaju.bin
c:\windows\awybareboh.dll
c:\windows\buleb.reg
c:\windows\dequnodap.exe
c:\windows\duto.vbs
c:\windows\giqodi.vbs
c:\windows\ifaqehugeg.reg
c:\windows\Installer\124e8d1.msi
c:\windows\Installer\124e8d2.msp
c:\windows\Installer\124e8d3.msp
c:\windows\Installer\124e8d4.msp
c:\windows\Installer\124e8d5.msp
c:\windows\Installer\124e8d6.msp
c:\windows\Installer\124e8d7.msp
c:\windows\Installer\124e8d8.msp
c:\windows\Installer\124e8d9.msp
c:\windows\Installer\124e8da.msp
c:\windows\Installer\14612cb.msp
c:\windows\Installer\14612cc.msp
c:\windows\Installer\14612cd.msp
c:\windows\Installer\14612ce.msp
c:\windows\Installer\14612cf.msp
c:\windows\Installer\14612d0.msp
c:\windows\Installer\14612d1.msp
c:\windows\Installer\14612d2.msp
c:\windows\Installer\14612d3.msp
c:\windows\Installer\1613b6e.msp
c:\windows\Installer\1613b6f.msp
c:\windows\Installer\1613b70.msp
c:\windows\Installer\1613b71.msp
c:\windows\Installer\1613b72.msp
c:\windows\Installer\1613b73.msp
c:\windows\Installer\1613b74.msp
c:\windows\Installer\1613b75.msp
c:\windows\Installer\1613b76.msp
c:\windows\Installer\1636f4.msp
c:\windows\Installer\1636f5.msp
c:\windows\Installer\1636f6.msp
c:\windows\Installer\1636f7.msp
c:\windows\Installer\1636f8.msp
c:\windows\Installer\1636f9.msp
c:\windows\Installer\1636fa.msp
c:\windows\Installer\1636fb.msp
c:\windows\Installer\1636fc.msp
c:\windows\Installer\16bb7a3.msp
c:\windows\Installer\16bb7a4.msp
c:\windows\Installer\16bb7a5.msp
c:\windows\Installer\16bb7a6.msp
c:\windows\Installer\16bb7a7.msp
c:\windows\Installer\16bb7a8.msp
c:\windows\Installer\16bb7a9.msp
c:\windows\Installer\16bb7aa.msp
c:\windows\Installer\16bb7ab.msp
c:\windows\Installer\171389.msp
c:\windows\Installer\17138a.msp
c:\windows\Installer\17138b.msp
c:\windows\Installer\17138c.msp
c:\windows\Installer\17138d.msp
c:\windows\Installer\17138e.msp
c:\windows\Installer\17138f.msp
c:\windows\Installer\171390.msp
c:\windows\Installer\171391.msp
c:\windows\Installer\178202.msp
c:\windows\Installer\178203.msp
c:\windows\Installer\178204.msp
c:\windows\Installer\178205.msp
c:\windows\Installer\178206.msp
c:\windows\Installer\178207.msp
c:\windows\Installer\178208.msp
c:\windows\Installer\178209.msp
c:\windows\Installer\17820a.msp
c:\windows\Installer\18b4517.msp
c:\windows\Installer\18b4518.msp
c:\windows\Installer\18b4519.msp
c:\windows\Installer\18b451a.msp
c:\windows\Installer\18b451b.msp
c:\windows\Installer\18b451c.msp
c:\windows\Installer\18b451d.msp
c:\windows\Installer\18b451e.msp
c:\windows\Installer\18b451f.msp
c:\windows\Installer\1f05538.msp
c:\windows\Installer\1f05539.msp
c:\windows\Installer\1f0553a.msp
c:\windows\Installer\1f0553b.msp
c:\windows\Installer\1f0553c.msp
c:\windows\Installer\1f0553d.msp
c:\windows\Installer\1f0553e.msp
c:\windows\Installer\1f0553f.msp
c:\windows\Installer\1f05540.msp
c:\windows\Installer\1f9db07.msp
c:\windows\Installer\1f9db08.msp
c:\windows\Installer\1f9db09.msp
c:\windows\Installer\1f9db0a.msp
c:\windows\Installer\1f9db0b.msp
c:\windows\Installer\1f9db0c.msp
c:\windows\Installer\1f9db0d.msp
c:\windows\Installer\1f9db0e.msp
c:\windows\Installer\1f9db0f.msp
c:\windows\Installer\21495bd.msp
c:\windows\Installer\21495be.msp
c:\windows\Installer\21495bf.msp
c:\windows\Installer\21495c0.msp
c:\windows\Installer\21495c1.msp
c:\windows\Installer\21495c2.msp
c:\windows\Installer\21495c3.msp
c:\windows\Installer\21495c4.msp
c:\windows\Installer\21495c5.msp
c:\windows\Installer\263d13f.msp
c:\windows\Installer\263d140.msp
c:\windows\Installer\263d141.msp
c:\windows\Installer\263d142.msp
c:\windows\Installer\263d143.msp
c:\windows\Installer\263d144.msp
c:\windows\Installer\263d145.msp
c:\windows\Installer\263d146.msp
c:\windows\Installer\263d147.msp
c:\windows\Installer\26b89a.msp
c:\windows\Installer\26b89b.msp
c:\windows\Installer\26b89c.msp
c:\windows\Installer\26b89d.msp
c:\windows\Installer\26b89e.msp
c:\windows\Installer\26b89f.msp
c:\windows\Installer\26b8a0.msp
c:\windows\Installer\26b8a1.msp
c:\windows\Installer\26b8a2.msp
c:\windows\Installer\2a38e7.msp
c:\windows\Installer\2a38e8.msp
c:\windows\Installer\2a38e9.msp
c:\windows\Installer\2a38ea.msp
c:\windows\Installer\2a38eb.msp
c:\windows\Installer\2a38ec.msp
c:\windows\Installer\2a38ed.msp
c:\windows\Installer\2a38ee.msp
c:\windows\Installer\2a38ef.msp
c:\windows\Installer\2bd5311.msp
c:\windows\Installer\2bd5312.msp
c:\windows\Installer\2bd5313.msp
c:\windows\Installer\2bd5314.msp
c:\windows\Installer\2bd5315.msp
c:\windows\Installer\2bd5316.msp
c:\windows\Installer\2bd5317.msp
c:\windows\Installer\2bd5318.msp
c:\windows\Installer\2bd5319.msp
c:\windows\Installer\2c3989.msp
c:\windows\Installer\2c398a.msp
c:\windows\Installer\2c398b.msp
c:\windows\Installer\2c398c.msp
c:\windows\Installer\2c398d.msp
c:\windows\Installer\2c398e.msp
c:\windows\Installer\2c398f.msp
c:\windows\Installer\2c3990.msp
c:\windows\Installer\2c3991.msp
c:\windows\Installer\30a6961.msp
c:\windows\Installer\30a6962.msp
c:\windows\Installer\30a6963.msp
c:\windows\Installer\30a6964.msp
c:\windows\Installer\30a6965.msp
c:\windows\Installer\30a6966.msp
c:\windows\Installer\30a6967.msp
c:\windows\Installer\30a6968.msp
c:\windows\Installer\30a6969.msp
c:\windows\Installer\32aa47.msp
c:\windows\Installer\32aa48.msp
c:\windows\Installer\32aa49.msp
c:\windows\Installer\32aa4a.msp
c:\windows\Installer\32aa4b.msp
c:\windows\Installer\32aa4c.msp
c:\windows\Installer\32aa4d.msp
c:\windows\Installer\32aa4e.msp
c:\windows\Installer\32aa4f.msp
c:\windows\Installer\333f3.msp
c:\windows\Installer\333f4.msp
c:\windows\Installer\333f5.msp
c:\windows\Installer\333f6.msp
c:\windows\Installer\333f7.msp
c:\windows\Installer\333f8.msp
c:\windows\Installer\333f9.msp
c:\windows\Installer\333fa.msp
c:\windows\Installer\333fb.msp
c:\windows\Installer\3378e2.msp
c:\windows\Installer\3378e3.msp
c:\windows\Installer\3378e4.msp
c:\windows\Installer\3378e5.msp
c:\windows\Installer\3378e6.msp
c:\windows\Installer\3378e7.msp
c:\windows\Installer\3378e8.msp
c:\windows\Installer\3378e9.msp
c:\windows\Installer\3378ea.msp
c:\windows\Installer\349500.msp
c:\windows\Installer\349501.msp
c:\windows\Installer\349502.msp
c:\windows\Installer\349503.msp
c:\windows\Installer\349504.msp
c:\windows\Installer\349505.msp
c:\windows\Installer\349506.msp
c:\windows\Installer\349507.msp
c:\windows\Installer\349508.msp
c:\windows\Installer\3c4b4e.msp
c:\windows\Installer\3c4b4f.msp
c:\windows\Installer\3c4b50.msp
c:\windows\Installer\3c4b51.msp
c:\windows\Installer\3c4b52.msp
c:\windows\Installer\3c4b53.msp
c:\windows\Installer\3c4b54.msp
c:\windows\Installer\3c4b55.msp
c:\windows\Installer\3c4b56.msp
c:\windows\Installer\3f43dd.msp
c:\windows\Installer\3f43de.msp
c:\windows\Installer\3f43df.msp
c:\windows\Installer\3f43e0.msp
c:\windows\Installer\3f43e1.msp
c:\windows\Installer\3f43e2.msp
c:\windows\Installer\3f43e3.msp
c:\windows\Installer\3f43e4.msp
c:\windows\Installer\3f43e5.msp
c:\windows\Installer\406a9a.msp
c:\windows\Installer\406a9b.msp
c:\windows\Installer\406a9c.msp
c:\windows\Installer\406a9d.msp
c:\windows\Installer\406a9e.msp
c:\windows\Installer\406a9f.msp
c:\windows\Installer\406aa0.msp
c:\windows\Installer\406aa1.msp
c:\windows\Installer\406aa2.msp
c:\windows\Installer\422a2c.msp
c:\windows\Installer\422a2d.msp
c:\windows\Installer\422a2e.msp
c:\windows\Installer\422a2f.msp
c:\windows\Installer\422a30.msp
c:\windows\Installer\422a31.msp
c:\windows\Installer\422a32.msp
c:\windows\Installer\422a33.msp
c:\windows\Installer\422a34.msp
c:\windows\Installer\46a50.msp
c:\windows\Installer\46a51.msp
c:\windows\Installer\46a52.msp
c:\windows\Installer\46a53.msp
c:\windows\Installer\46a54.msp
c:\windows\Installer\46a55.msp
c:\windows\Installer\46a56.msp
c:\windows\Installer\46a57.msp
c:\windows\Installer\46a58.msp
c:\windows\Installer\48dc78.msp
c:\windows\Installer\48dc79.msp
c:\windows\Installer\48dc7a.msp
c:\windows\Installer\48dc7b.msp
c:\windows\Installer\48dc7c.msp
c:\windows\Installer\48dc7d.msp
c:\windows\Installer\48dc7e.msp
c:\windows\Installer\48dc7f.msp
c:\windows\Installer\48dc80.msp
c:\windows\Installer\4e2b99.msp
c:\windows\Installer\4e2b9a.msp
c:\windows\Installer\4e2b9b.msp
c:\windows\Installer\4e2b9c.msp
c:\windows\Installer\4e2b9d.msp
c:\windows\Installer\4e2b9e.msp
c:\windows\Installer\4e2b9f.msp
c:\windows\Installer\4e2ba0.msp
c:\windows\Installer\4e2ba1.msp
c:\windows\Installer\51f0538.msp
c:\windows\Installer\51f0539.msp
c:\windows\Installer\51f053a.msp
c:\windows\Installer\51f053b.msp
c:\windows\Installer\51f053c.msp
c:\windows\Installer\51f053d.msp
c:\windows\Installer\51f053e.msp
c:\windows\Installer\51f053f.msp
c:\windows\Installer\51f0540.msp
c:\windows\Installer\554e90.msp
c:\windows\Installer\554e91.msp
c:\windows\Installer\554e92.msp
c:\windows\Installer\554e93.msp
c:\windows\Installer\554e94.msp
c:\windows\Installer\554e95.msp
c:\windows\Installer\554e96.msp
c:\windows\Installer\554e97.msp
c:\windows\Installer\554e98.msp
c:\windows\Installer\5b046b.msp
c:\windows\Installer\5b046c.msp
c:\windows\Installer\5b046d.msp
c:\windows\Installer\5b046e.msp
c:\windows\Installer\5b046f.msp
c:\windows\Installer\5b0470.msp
c:\windows\Installer\5b0471.msp
c:\windows\Installer\5b0472.msp
c:\windows\Installer\5b0473.msp
c:\windows\Installer\62cf5a.msp
c:\windows\Installer\62cf5b.msp
c:\windows\Installer\62cf5c.msp
c:\windows\Installer\62cf5d.msp
c:\windows\Installer\62cf5e.msp
c:\windows\Installer\62cf5f.msp
c:\windows\Installer\62cf60.msp
c:\windows\Installer\62cf61.msp
c:\windows\Installer\62cf62.msp
c:\windows\Installer\6834d.msp
c:\windows\Installer\6834e.msp
c:\windows\Installer\6834f.msp
c:\windows\Installer\68350.msp
c:\windows\Installer\68351.msp
c:\windows\Installer\68352.msp
c:\windows\Installer\68353.msp
c:\windows\Installer\68354.msp
c:\windows\Installer\68355.msp
c:\windows\Installer\6a9fd7.msp
c:\windows\Installer\6a9fd8.msp
c:\windows\Installer\6a9fd9.msp
c:\windows\Installer\6a9fda.msp
c:\windows\Installer\6a9fdb.msp
c:\windows\Installer\6a9fdc.msp
c:\windows\Installer\6a9fdd.msp
c:\windows\Installer\6a9fde.msp
c:\windows\Installer\6a9fdf.msp
c:\windows\Installer\6e489b.msp
c:\windows\Installer\6e489c.msp
c:\windows\Installer\6e489d.msp
c:\windows\Installer\6e489e.msp
c:\windows\Installer\6e489f.msp
c:\windows\Installer\6e48a0.msp
c:\windows\Installer\6e48a1.msp
c:\windows\Installer\6e48a2.msp
c:\windows\Installer\6e48a3.msp
c:\windows\Installer\6ed58a.msp
c:\windows\Installer\6ed58b.msp
c:\windows\Installer\6ed58c.msp
c:\windows\Installer\6ed58d.msp
c:\windows\Installer\6ed58e.msp
c:\windows\Installer\6ed58f.msp
c:\windows\Installer\6ed590.msp
c:\windows\Installer\6ed591.msp
c:\windows\Installer\6ed592.msp
c:\windows\Installer\760969.msp
c:\windows\Installer\76096a.msp
c:\windows\Installer\76096b.msp
c:\windows\Installer\76096c.msp
c:\windows\Installer\76096d.msp
c:\windows\Installer\76096e.msp
c:\windows\Installer\76096f.msp
c:\windows\Installer\760970.msp
c:\windows\Installer\760971.msp
c:\windows\Installer\7a586.msp
c:\windows\Installer\7a587.msp
c:\windows\Installer\7a588.msp
c:\windows\Installer\7a589.msp
c:\windows\Installer\7a58a.msp
c:\windows\Installer\7a58b.msp
c:\windows\Installer\7a58c.msp
c:\windows\Installer\7a58d.msp
c:\windows\Installer\7a58e.msp
c:\windows\Installer\7f5328.msp
c:\windows\Installer\7f5329.msp
c:\windows\Installer\7f532a.msp
c:\windows\Installer\7f532b.msp
c:\windows\Installer\7f532c.msp
c:\windows\Installer\7f532d.msp
c:\windows\Installer\7f532e.msp
c:\windows\Installer\7f532f.msp
c:\windows\Installer\7f5330.msp
c:\windows\Installer\82f99d1.msp
c:\windows\Installer\82f99d2.msp
c:\windows\Installer\82f99d3.msp
c:\windows\Installer\82f99d4.msp
c:\windows\Installer\82f99d5.msp
c:\windows\Installer\82f99d6.msp
c:\windows\Installer\82f99d7.msp
c:\windows\Installer\82f99d8.msp
c:\windows\Installer\82f99d9.msp
c:\windows\Installer\84121f.msp
c:\windows\Installer\841220.msp
c:\windows\Installer\841221.msp
c:\windows\Installer\841222.msp
c:\windows\Installer\841223.msp
c:\windows\Installer\841224.msp
c:\windows\Installer\841225.msp
c:\windows\Installer\841226.msp
c:\windows\Installer\841227.msp
c:\windows\Installer\867cc6.msp
c:\windows\Installer\867cc7.msp
c:\windows\Installer\867cc8.msp
c:\windows\Installer\867cc9.msp
c:\windows\Installer\867cca.msp
c:\windows\Installer\867ccb.msp
c:\windows\Installer\867ccc.msp
c:\windows\Installer\867ccd.msp
c:\windows\Installer\867cce.msp
c:\windows\Installer\9b75fa.msp
c:\windows\Installer\9b75fb.msp
c:\windows\Installer\9b75fc.msp
c:\windows\Installer\9b75fd.msp
c:\windows\Installer\9b75fe.msp
c:\windows\Installer\9b75ff.msp
c:\windows\Installer\9b7600.msp
c:\windows\Installer\9b7601.msp
c:\windows\Installer\9b7602.msp
c:\windows\Installer\a24ed.msp
c:\windows\Installer\a24ee.msp
c:\windows\Installer\a24ef.msp
c:\windows\Installer\a24f0.msp
c:\windows\Installer\a24f1.msp
c:\windows\Installer\a24f2.msp
c:\windows\Installer\a24f3.msp
c:\windows\Installer\a24f4.msp
c:\windows\Installer\a24f5.msp
c:\windows\Installer\cb405a.msp
c:\windows\Installer\cb405b.msp
c:\windows\Installer\cb405c.msp
c:\windows\Installer\cb405d.msp
c:\windows\Installer\cb405e.msp
c:\windows\Installer\cb405f.msp
c:\windows\Installer\cb4060.msp
c:\windows\Installer\cb4061.msp
c:\windows\Installer\cb4062.msp
c:\windows\Installer\ee8c6c.msp
c:\windows\Installer\ee8c6d.msp
c:\windows\Installer\ee8c6e.msp
c:\windows\Installer\ee8c6f.msp
c:\windows\Installer\ee8c70.msp
c:\windows\Installer\ee8c71.msp
c:\windows\Installer\ee8c72.msp
c:\windows\Installer\ee8c73.msp
c:\windows\Installer\ee8c74.msp
c:\windows\Installer\f34b63.msp
c:\windows\Installer\f34b64.msp
c:\windows\Installer\f34b65.msp
c:\windows\Installer\f34b66.msp
c:\windows\Installer\f34b67.msp
c:\windows\Installer\f34b68.msp
c:\windows\Installer\f34b69.msp
c:\windows\Installer\f34b6a.msp
c:\windows\Installer\f34b6b.msp
c:\windows\Installer\fe0f5f.msp
c:\windows\Installer\fe0f60.msp
c:\windows\Installer\fe0f61.msp
c:\windows\Installer\fe0f62.msp
c:\windows\Installer\fe0f63.msp
c:\windows\Installer\fe0f64.msp
c:\windows\Installer\fe0f65.msp
c:\windows\Installer\fe0f66.msp
c:\windows\Installer\fe0f67.msp
c:\windows\iruzysame.inf
c:\windows\kuzofiryd.dll
c:\windows\natuverocy.exe
c:\windows\sobizyv.exe
c:\windows\sopyqevu.sys
c:\windows\system32\bilonohis.sys
c:\windows\system32\dobokehi.dll.tmp
c:\windows\system32\drivers\gasfkyeafdwjnv.sys
c:\windows\system32\etysigohyv.reg
c:\windows\system32\fidogile.exe
c:\windows\system32\firugoti.dll.tmp
c:\windows\system32\gaperume.dll
c:\windows\system32\gasfkycbirjyed.dll
c:\windows\system32\gasfkyeewmdyej.dll
c:\windows\system32\gasfkynxtvxdqa.dll
c:\windows\system32\gasfkypfvimovh.dat
c:\windows\system32\gasfkyrsadtkbo.dat
c:\windows\system32\kinamur.bat
c:\windows\system32\moriyava.exe
c:\windows\system32\poyeyoyu.dll.tmp
c:\windows\system32\rariconos.bat
c:\windows\system32\sesanujo.exe
c:\windows\system32\tapibugi.exe
c:\windows\system32\ucipoveb.bat
c:\windows\system32\yfipybyz.inf
c:\windows\ucuru.vbs
c:\windows\umujukogi.reg
c:\windows\uqyboqufo.scr
c:\windows\yhapanaj.reg
c:\windows\zepucoji.vbs
c:\windows\zoracyqico.exe

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_gasfkypxgodadm
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Service_gasfkypxgodadm


((((((((((((((((((((((((( Files Created from 2009-09-03 to 2009-10-03 )))))))))))))))))))))))))))))))
.

2009-10-02 23:43 . 2009-10-02 23:43 -------- dc----w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-10-02 23:22 . 2009-10-02 23:32 -------- d-----w- c:\program files\ingenue
2009-10-02 23:10 . 2009-10-02 23:10 -------- d-----w- c:\program files\mbam
2009-10-02 23:07 . 2009-10-02 23:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-10-02 17:17 . 2009-03-31 15:23 39200 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2009-10-02 17:17 . 2009-03-31 15:23 33056 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2009-10-02 17:17 . 2009-03-31 15:23 12576 ----a-w- c:\windows\system32\drivers\TfKbMon.sys
2009-10-02 17:17 . 2009-03-31 15:23 51488 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2009-10-01 08:21 . 2009-10-01 08:21 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\3861993991
2009-10-01 02:02 . 2009-10-01 02:08 1292 ----a-w- c:\windows\system32\nk.dat
2009-09-30 20:20 . 2009-09-30 20:21 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\7707198340
2009-09-30 20:19 . 2009-09-30 20:19 1 ----a-w- c:\windows\system32\xd.dat
2009-09-30 20:19 . 2009-09-30 20:19 1 ----a-w- c:\windows\system32\q1.dat
2009-09-30 20:19 . 2009-09-30 20:19 1 ----a-w- c:\windows\system32\jc.dat
2009-09-30 20:19 . 2009-09-30 20:19 1 ----a-w- c:\windows\system32\idm.dat
2009-09-30 20:19 . 2009-09-30 20:19 1 ----a-w- c:\windows\system32\c2d.dat
2009-09-30 20:17 . 2009-10-03 01:12 0 ----a-r- c:\windows\win32k.sys
2009-09-30 20:15 . 2009-09-30 20:15 80 ----a-w- C:\abcdefg.bat
2009-09-30 20:14 . 2009-09-30 20:14 52224 ----a-w- C:\yonm.exe
2009-09-30 20:14 . 2009-09-30 20:14 47104 ----a-w- C:\nqxbk.exe
2009-09-30 20:14 . 2009-09-30 20:14 19456 ----a-w- C:\xrwy.exe
2009-09-30 20:14 . 2009-09-30 20:14 5632 ----a-w- C:\rlswn.exe
2009-09-21 21:53 . 2009-09-21 21:53 -------- d-----w- c:\documents and settings\Owner\Application Data\dvdcss
2009-09-19 15:40 . 2009-09-19 15:40 27136 ----a-w- c:\windows\system32\drivers\nchssvad.sys
2009-09-19 15:40 . 2009-09-19 15:58 -------- d-----w- c:\program files\NCH Software
2009-09-19 15:40 . 2009-09-19 15:41 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-09-19 15:38 . 2009-09-19 15:56 -------- d-----w- c:\documents and settings\Owner\Application Data\NCH Swift Sound
2009-09-09 21:36 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-09 21:22 . 2009-09-09 21:22 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-03 01:39 . 2008-04-30 03:46 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype
2009-10-03 01:09 . 2009-01-21 03:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-03 01:09 . 2009-01-21 03:10 -------- d-----w- c:\program files\Spyware Doctor
2009-10-02 23:48 . 2008-04-30 03:47 -------- d-----w- c:\documents and settings\Owner\Application Data\skypePM
2009-10-02 23:07 . 2009-08-25 16:32 -------- d-----w- c:\program files\malwarebytes
2009-10-02 21:22 . 2008-07-04 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-02 17:17 . 2009-08-24 17:56 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-10-01 09:36 . 2009-08-24 22:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-26 19:21 . 2008-03-01 00:38 -------- d-----w- c:\program files\World of Warcraft
2009-09-25 12:25 . 2009-08-22 01:47 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc
2009-09-10 18:54 . 2009-08-23 12:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2009-08-23 12:26 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-08 13:24 . 2006-08-20 15:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-08 13:22 . 2009-03-29 18:27 -------- d-----w- c:\program files\Sling Media
2009-09-04 04:12 . 2009-08-19 15:53 -------- d-----w- c:\documents and settings\Owner\Application Data\BitTorrent
2009-09-02 12:49 . 2009-09-02 12:49 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-09-02 12:49 . 2009-08-24 17:56 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-08-29 15:12 . 2009-01-31 02:44 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-29 15:12 . 2008-07-04 20:54 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-29 15:12 . 2008-07-04 20:54 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-25 17:06 . 2009-08-25 17:06 -------- d-----w- c:\documents and settings\Owner\Application Data\Uniblue
2009-08-25 14:25 . 2009-08-25 14:25 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG8
2009-08-24 22:56 . 2009-08-24 22:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-08-24 22:45 . 2009-08-24 22:45 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-24 22:42 . 2009-08-24 22:42 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-08-24 22:42 . 2009-01-12 19:19 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-24 22:27 . 2009-08-23 21:04 -------- d-----w- c:\program files\ingenuescan.exe
2009-08-24 22:02 . 2009-08-24 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2009-08-24 20:34 . 2006-08-29 15:36 74928 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-24 17:57 . 2009-08-24 17:56 -------- d-----w- c:\program files\Common Files\PC Tools
2009-08-24 01:21 . 2009-08-24 01:21 17098 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\ofykuzob.exe
2009-08-24 01:21 . 2009-08-24 01:21 13896 ----a-w- c:\documents and settings\All Users\Application Data\hinuvoci.bin
2009-08-24 01:21 . 2009-08-24 01:21 13470 ----a-w- c:\program files\Common Files\uqikaka.db
2009-08-24 01:21 . 2009-08-24 01:21 12139 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\olugahacek.dat
2009-08-24 01:16 . 2009-08-23 22:09 -------- d-----w- c:\program files\trend micro
2009-08-23 20:56 . 2009-08-23 20:56 -------- d-----w- c:\program files\iams
2009-08-23 20:56 . 2009-08-23 20:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-23 14:16 . 2009-08-23 14:16 19940 ----a-w- c:\windows\icalevuk.pif
2009-08-23 14:16 . 2009-08-23 14:16 18004 ----a-w- c:\windows\ysyloqi.com
2009-08-23 14:16 . 2009-08-23 14:16 17423 ----a-w- c:\windows\system32\navi.sys
2009-08-23 14:16 . 2009-08-23 14:16 16179 ----a-w- c:\documents and settings\All Users\Application Data\vere.com
2009-08-23 14:16 . 2009-08-23 14:16 15783 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\qubojov.bin
2009-08-23 14:16 . 2009-08-23 14:16 13563 ----a-w- c:\program files\Common Files\fosy.bin
2009-08-23 14:16 . 2009-08-23 14:16 12673 ----a-w- c:\documents and settings\Owner\Application Data\lofab.dat
2009-08-23 14:16 . 2009-08-23 14:16 12042 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\modygig.bin
2009-08-23 14:16 . 2009-08-23 14:16 11633 ----a-w- c:\documents and settings\All Users\Application Data\vexerac.sys
2009-08-23 13:41 . 2009-08-23 13:34 -------- d-----w- c:\program files\zilla
2009-08-23 12:08 . 2009-08-23 01:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-08-23 01:24 . 2009-08-23 01:24 19185 ----a-w- c:\program files\Common Files\unym.db
2009-08-23 01:24 . 2009-08-23 01:24 18847 ----a-w- c:\windows\qigagizej.com
2009-08-23 01:24 . 2009-08-23 01:24 18235 ----a-w- c:\windows\vysucisubu.sys
2009-08-23 01:24 . 2009-08-23 01:24 17823 ----a-w- c:\windows\system32\utox.scr
2009-08-23 01:24 . 2009-08-23 01:24 14236 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\ysif.scr
2009-08-23 01:24 . 2009-08-23 01:24 13748 ----a-w- c:\program files\Common Files\ijobydo.ban
2009-08-23 01:24 . 2009-08-23 01:24 12728 ----a-w- c:\windows\ohizugave.bin
2009-08-23 01:24 . 2009-08-23 01:24 12592 ----a-w- c:\program files\Common Files\rago._dl
2009-08-23 01:24 . 2009-08-23 01:24 11694 ----a-w- c:\documents and settings\All Users\Application Data\ociso.scr
2009-08-23 01:24 . 2009-08-23 01:24 11202 ----a-w- c:\program files\Common Files\hiqoge.ban
2009-08-23 01:24 . 2009-08-23 01:24 10555 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\suvubyqig.scr
2009-08-23 00:49 . 2009-08-23 00:49 18100 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\dynecenu.sys
2009-08-23 00:49 . 2009-08-23 00:49 15406 ----a-w- c:\program files\Common Files\ymycot.dll
2009-08-23 00:49 . 2009-08-23 00:49 14993 ----a-w- c:\program files\Common Files\rigedyvyta.db
2009-08-23 00:49 . 2009-08-23 00:49 11742 ----a-w- c:\windows\system32\nasecoha.dat
2009-08-23 00:49 . 2009-08-23 00:49 19692 ----a-w- c:\windows\system32\kudi.dll
2009-08-23 00:49 . 2009-08-23 00:49 16528 ----a-w- c:\windows\system32\cynyximyx.sys
2009-08-23 00:49 . 2009-08-23 00:49 13716 ----a-w- c:\documents and settings\Owner\Application Data\ojomomudi.pif
2009-08-22 19:34 . 2009-08-22 19:34 19746 ----a-w- c:\documents and settings\Owner\Application Data\ylawepa.pif
2009-08-22 19:34 . 2009-08-22 19:34 17014 ----a-w- c:\windows\system32\pocujij.dll
2009-08-22 19:34 . 2009-08-22 19:34 10651 ----a-w- c:\program files\Common Files\dimytuvy.dat
2009-08-22 15:29 . 2009-08-22 15:29 16658 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\arev.com
2009-08-22 15:29 . 2009-08-22 15:29 14831 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\exazonuxy.pif
2009-08-22 15:29 . 2009-08-22 15:29 13286 ----a-w- c:\windows\system32\akozylolem.com
2009-08-22 15:29 . 2009-08-22 15:29 12869 ----a-w- c:\windows\taqekikes.sys
2009-08-22 12:39 . 2009-08-22 12:39 19516 ----a-w- c:\program files\Common Files\cicokem.exe
2009-08-22 12:39 . 2009-08-22 12:39 17423 ----a-w- c:\program files\Common Files\gazixudu.scr
2009-08-22 12:39 . 2009-08-22 12:39 14688 ----a-w- c:\windows\arewomox.pif
2009-08-22 12:39 . 2009-08-22 12:39 14685 ----a-w- c:\program files\Common Files\qodikivyge.lib
2009-08-22 12:39 . 2009-08-22 12:39 14320 ----a-w- c:\windows\system32\pyrak.dll
2009-08-22 12:39 . 2009-08-22 12:39 11858 ----a-w- c:\windows\hinofyqalo.bin
2009-08-22 12:39 . 2009-08-22 12:39 11773 ----a-w- c:\windows\uceqemyjol.bin
2009-08-22 12:39 . 2009-08-22 12:39 11337 ----a-w- c:\program files\Common Files\vizizoten.dl
2009-08-22 12:39 . 2009-08-22 12:39 11097 ----a-w- c:\windows\ecur.sys
2009-08-22 01:45 . 2009-08-22 01:45 -------- d-----w- c:\program files\VideoLAN
2009-08-22 01:39 . 2006-08-20 15:01 -------- d-----w- c:\program files\Windows Media Connect 2
2009-08-21 15:56 . 2009-08-21 15:52 49894 ----a-w- c:\windows\HPHins04.dat
2009-08-21 15:53 . 2008-03-05 15:05 -------- d-----w- c:\program files\HP
2009-08-19 17:05 . 2009-08-19 17:05 -------- d-----w- c:\program files\AoA MP4 Converter
2009-08-19 15:53 . 2009-08-19 15:53 -------- d-----w- c:\program files\BitTorrent
2009-08-05 09:01 . 2004-08-04 07:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2004-08-04 07:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 14:08 . 2004-08-04 07:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2008-11-17 21:42 . 2006-08-20 15:15 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-11-17 21:42 . 2006-08-20 15:15 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-11-17 21:42 . 2008-02-23 04:18 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-11-17 21:42 . 2008-02-23 04:18 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-11-17 21:42 . 2006-08-20 15:15 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"The Rush Limbaugh Show"="c:\program files\Rush 24-7 Media Center\Rush 24-7 Media Center.exe" [2006-01-23 1028096]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-04-23 22058792]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-12 68856]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-29 2007832]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb13.exe" [2006-01-07 172032]
"HPHUPD06"="c:\program files\HP\{BA2D9411-DBB4-43e4-9421-780413650A67}\hphupd06.exe" [2006-01-07 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2006-01-07 622592]
"LTWinModem1"="ltmsg.exe" - c:\windows\system32\ltmsg.exe [2001-04-03 38912]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-04-19 1626112]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-29 15:12 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [8/24/2009 1:56 PM 206256]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [10/2/2009 1:17 PM 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [10/2/2009 1:17 PM 39200]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/4/2008 4:54 PM 335240]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [8/24/2009 1:57 PM 159600]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [8/5/2009 4:06 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 4:06 PM 74480]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/30/2009 10:44 PM 297752]
R2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [4/27/2009 6:09 PM 93960]
R3 SNXPCARD;Sunix PCI Multi I/O Card Driver;c:\windows\system32\drivers\snxpcard.sys [9/14/2006 7:19 PM 20864]
R3 SNXPSERX;Sunix PCI Serial Port Driver;c:\windows\system32\drivers\snxpserx.sys [9/14/2006 7:19 PM 54528]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [8/24/2009 1:56 PM 64392]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 4:06 PM 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [1/20/2009 11:10 PM 348752]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [10/2/2009 1:17 PM 33056]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D07CDF07-B01D-4A9E-BEF4-0A1BA518203B}]
rundll32 wtmet1.dll,laspi
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2l3onq04.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
HKLM-Run-jojewujah - c:\windows\system32\tuyemuri.dll
HKLM-Run-rinikevaze - juhalobo.dll
SharedTaskScheduler-{5d3dd22e-f04c-457d-9917-c37ca16d2bb3} - c:\windows\system32\tuyemuri.dll
SSODL-romenayul-{5d3dd22e-f04c-457d-9917-c37ca16d2bb3} - c:\windows\system32\tuyemuri.dll
Notify-NavLogon - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-02 21:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(552)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(608)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'explorer.exe'(1848)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\SoftwareDistribution\Download\Install\dotnetfx35_x86.exe
c:\4fd505e0cf7b44f92163703b28d7288a\dotnetfx35setup.exe
c:\4e9e5cbb548e8e1d8438b5180d8658\setup.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2009-10-03 21:57 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-03 01:56

Pre-Run: 9,103,839,232 bytes free
Post-Run: 10,236,706,816 bytes free

838 --- E O F --- 2009-09-27 10:54

#4 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 02 October 2009 - 11:23 PM

Hi,

It is not a good idea to run ComboFix on your own without supervision. We first like to run diagnostic scans in order to determine the malware on your system, they we decide whether or not to deploy ComboFix as it is a very powerful tool and if your computer is unstable, it can cause serious problems.

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Folder::
c:\windows\system32\config\systemprofile\Application Data\3861993991
c:\windows\system32\config\systemprofile\Application Data\7707198340

File::
c:\windows\system32\xd.dat
c:\windows\system32\q1.dat
c:\windows\system32\jc.dat
c:\windows\system32\idm.dat
c:\windows\system32\c2d.dat
c:\windows\win32k.sys
C:\abcdefg.bat
C:\yonm.exe
C:\nqxbk.exe
C:\xrwy.exe
C:\rlswn.exe
c:\documents and settings\Owner\Local Settings\Application Data\ofykuzob.exe
c:\documents and settings\All Users\Application Data\hinuvoci.bin
c:\program files\Common Files\uqikaka.db
c:\documents and settings\Owner\Local Settings\Application Data\olugahacek.dat
c:\windows\icalevuk.pif
c:\windows\ysyloqi.com
c:\documents and settings\All Users\Application Data\vere.com
c:\documents and settings\Owner\Local Settings\Application Data\qubojov.bin
c:\program files\Common Files\fosy.bin
c:\documents and settings\Owner\Application Data\lofab.dat
c:\documents and settings\Owner\Local Settings\Application Data\modygig.bin
c:\documents and settings\All Users\Application Data\vexerac.sys
c:\program files\Common Files\unym.db
c:\windows\qigagizej.com
c:\windows\vysucisubu.sys
c:\windows\system32\utox.scr
c:\documents and settings\Owner\Local Settings\Application Data\ysif.scr
c:\program files\Common Files\ijobydo.ban
c:\windows\ohizugave.bin
c:\program files\Common Files\rago._dl
c:\documents and settings\All Users\Application Data\ociso.scr
c:\program files\Common Files\hiqoge.ban
c:\documents and settings\Owner\Local Settings\Application Data\suvubyqig.scr
c:\documents and settings\Owner\Local Settings\Application Data\dynecenu.sys
c:\program files\Common Files\ymycot.dll
c:\program files\Common Files\rigedyvyta.db
c:\windows\system32\nasecoha.dat
c:\windows\system32\kudi.dll
c:\windows\system32\cynyximyx.sys
c:\documents and settings\Owner\Application Data\ojomomudi.pif
c:\documents and settings\Owner\Application Data\ylawepa.pif
c:\windows\system32\pocujij.dll
c:\program files\Common Files\dimytuvy.dat
c:\documents and settings\Owner\Local Settings\Application Data\arev.com
c:\documents and settings\Owner\Local Settings\Application Data\exazonuxy.pif
c:\windows\system32\akozylolem.com
c:\windows\taqekikes.sys
c:\program files\Common Files\cicokem.exe
c:\program files\Common Files\gazixudu.scr
c:\windows\arewomox.pif
c:\program files\Common Files\qodikivyge.lib
c:\windows\system32\pyrak.dll
c:\windows\hinofyqalo.bin
c:\windows\uceqemyjol.bin
c:\program files\Common Files\vizizoten.dl
c:\windows\ecur.sys

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D07CDF07-B01D-4A9E-BEF4-0A1BA518203B}]

DirLook::
c:\program files\ingenue

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#5 bhender

bhender

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 03 October 2009 - 04:48 PM

ComboFix 09-10-01.05 - Owner 10/03/2009 18:36.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1270.731 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fixx.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

FILE ::
"C:\abcdefg.bat"
"c:\documents and settings\All Users\Application Data\hinuvoci.bin"
"c:\documents and settings\All Users\Application Data\ociso.scr"
"c:\documents and settings\All Users\Application Data\vere.com"
"c:\documents and settings\All Users\Application Data\vexerac.sys"
"c:\documents and settings\Owner\Application Data\lofab.dat"
"c:\documents and settings\Owner\Application Data\ojomomudi.pif"
"c:\documents and settings\Owner\Application Data\ylawepa.pif"
"c:\documents and settings\Owner\Local Settings\Application Data\arev.com"
"c:\documents and settings\Owner\Local Settings\Application Data\dynecenu.sys"
"c:\documents and settings\Owner\Local Settings\Application Data\exazonuxy.pif"
"c:\documents and settings\Owner\Local Settings\Application Data\modygig.bin"
"c:\documents and settings\Owner\Local Settings\Application Data\ofykuzob.exe"
"c:\documents and settings\Owner\Local Settings\Application Data\olugahacek.dat"
"c:\documents and settings\Owner\Local Settings\Application Data\qubojov.bin"
"c:\documents and settings\Owner\Local Settings\Application Data\suvubyqig.scr"
"c:\documents and settings\Owner\Local Settings\Application Data\ysif.scr"
"C:\nqxbk.exe"
"c:\program files\Common Files\cicokem.exe"
"c:\program files\Common Files\dimytuvy.dat"
"c:\program files\Common Files\fosy.bin"
"c:\program files\Common Files\gazixudu.scr"
"c:\program files\Common Files\hiqoge.ban"
"c:\program files\Common Files\ijobydo.ban"
"c:\program files\Common Files\qodikivyge.lib"
"c:\program files\Common Files\rago._dl"
"c:\program files\Common Files\rigedyvyta.db"
"c:\program files\Common Files\unym.db"
"c:\program files\Common Files\uqikaka.db"
"c:\program files\Common Files\vizizoten.dl"
"c:\program files\Common Files\ymycot.dll"
"C:\rlswn.exe"
"c:\windows\arewomox.pif"
"c:\windows\ecur.sys"
"c:\windows\hinofyqalo.bin"
"c:\windows\icalevuk.pif"
"c:\windows\ohizugave.bin"
"c:\windows\qigagizej.com"
"c:\windows\system32\akozylolem.com"
"c:\windows\system32\c2d.dat"
"c:\windows\system32\cynyximyx.sys"
"c:\windows\system32\idm.dat"
"c:\windows\system32\jc.dat"
"c:\windows\system32\kudi.dll"
"c:\windows\system32\nasecoha.dat"
"c:\windows\system32\pocujij.dll"
"c:\windows\system32\pyrak.dll"
"c:\windows\system32\q1.dat"
"c:\windows\system32\utox.scr"
"c:\windows\system32\xd.dat"
"c:\windows\taqekikes.sys"
"c:\windows\uceqemyjol.bin"
"c:\windows\vysucisubu.sys"
"c:\windows\win32k.sys"
"c:\windows\ysyloqi.com"
"C:\xrwy.exe"
"C:\yonm.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\abcdefg.bat
c:\documents and settings\All Users\Application Data\hinuvoci.bin
c:\documents and settings\All Users\Application Data\ociso.scr
c:\documents and settings\All Users\Application Data\vere.com
c:\documents and settings\All Users\Application Data\vexerac.sys
c:\documents and settings\Owner\Application Data\lofab.dat
c:\documents and settings\Owner\Application Data\ojomomudi.pif
c:\documents and settings\Owner\Application Data\ylawepa.pif
c:\documents and settings\Owner\Local Settings\Application Data\arev.com
c:\documents and settings\Owner\Local Settings\Application Data\dynecenu.sys
c:\documents and settings\Owner\Local Settings\Application Data\exazonuxy.pif
c:\documents and settings\Owner\Local Settings\Application Data\modygig.bin
c:\documents and settings\Owner\Local Settings\Application Data\ofykuzob.exe
c:\documents and settings\Owner\Local Settings\Application Data\olugahacek.dat
c:\documents and settings\Owner\Local Settings\Application Data\qubojov.bin
c:\documents and settings\Owner\Local Settings\Application Data\suvubyqig.scr
c:\documents and settings\Owner\Local Settings\Application Data\ysif.scr
C:\nqxbk.exe
c:\program files\Common Files\cicokem.exe
c:\program files\Common Files\dimytuvy.dat
c:\program files\Common Files\fosy.bin
c:\program files\Common Files\gazixudu.scr
c:\program files\Common Files\hiqoge.ban
c:\program files\Common Files\ijobydo.ban
c:\program files\Common Files\qodikivyge.lib
c:\program files\Common Files\rago._dl
c:\program files\Common Files\rigedyvyta.db
c:\program files\Common Files\unym.db
c:\program files\Common Files\uqikaka.db
c:\program files\Common Files\vizizoten.dl
c:\program files\Common Files\ymycot.dll
C:\rlswn.exe
c:\windows\arewomox.pif
c:\windows\ecur.sys
c:\windows\hinofyqalo.bin
c:\windows\icalevuk.pif
c:\windows\Installer\554ea0.msp
c:\windows\Installer\554ea1.msp
c:\windows\Installer\554ea2.msp
c:\windows\Installer\554ea3.msp
c:\windows\Installer\554ea4.msp
c:\windows\Installer\554ea5.msp
c:\windows\Installer\554ea6.msp
c:\windows\Installer\554ea7.msp
c:\windows\Installer\554ea8.msp
c:\windows\Installer\596ca.msp
c:\windows\Installer\596cb.msp
c:\windows\Installer\596cc.msp
c:\windows\Installer\596cd.msp
c:\windows\Installer\596ce.msp
c:\windows\Installer\596cf.msp
c:\windows\Installer\596d0.msp
c:\windows\Installer\596d1.msp
c:\windows\Installer\596d2.msp
c:\windows\ohizugave.bin
c:\windows\qigagizej.com
c:\windows\system32\akozylolem.com
c:\windows\system32\c2d.dat
c:\windows\system32\config\systemprofile\Application Data\3861993991
c:\windows\system32\config\systemprofile\Application Data\3861993991\3861993991.bat
c:\windows\system32\config\systemprofile\Application Data\3861993991\3861993991.cfg
c:\windows\system32\config\systemprofile\Application Data\3861993991\3861993991.exe
c:\windows\system32\config\systemprofile\Application Data\7707198340
c:\windows\system32\config\systemprofile\Application Data\7707198340\7707198340.bat
c:\windows\system32\config\systemprofile\Application Data\7707198340\7707198340.cfg
c:\windows\system32\config\systemprofile\Application Data\7707198340\7707198340.exe
c:\windows\system32\cynyximyx.sys
c:\windows\system32\idm.dat
c:\windows\system32\jc.dat
c:\windows\system32\kudi.dll
c:\windows\system32\nasecoha.dat
c:\windows\system32\pocujij.dll
c:\windows\system32\pyrak.dll
c:\windows\system32\q1.dat
c:\windows\system32\utox.scr
c:\windows\system32\xd.dat
c:\windows\taqekikes.sys
c:\windows\uceqemyjol.bin
c:\windows\vysucisubu.sys
c:\windows\win32k.sys
c:\windows\ysyloqi.com
C:\xrwy.exe
C:\yonm.exe

.
((((((((((((((((((((((((( Files Created from 2009-09-03 to 2009-10-03 )))))))))))))))))))))))))))))))
.

2009-10-02 23:43 . 2009-10-02 23:43 -------- dc----w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-10-02 23:22 . 2009-10-02 23:32 -------- d-----w- c:\program files\ingenue
2009-10-02 23:10 . 2009-10-02 23:10 -------- d-----w- c:\program files\mbam
2009-10-02 23:07 . 2009-10-02 23:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-10-02 17:17 . 2009-03-31 15:23 39200 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2009-10-02 17:17 . 2009-03-31 15:23 33056 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2009-10-02 17:17 . 2009-03-31 15:23 12576 ----a-w- c:\windows\system32\drivers\TfKbMon.sys
2009-10-02 17:17 . 2009-03-31 15:23 51488 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2009-10-01 02:02 . 2009-10-01 02:08 1292 ----a-w- c:\windows\system32\nk.dat
2009-09-21 21:53 . 2009-09-21 21:53 -------- d-----w- c:\documents and settings\Owner\Application Data\dvdcss
2009-09-19 15:40 . 2009-09-19 15:40 27136 ----a-w- c:\windows\system32\drivers\nchssvad.sys
2009-09-19 15:40 . 2009-09-19 15:58 -------- d-----w- c:\program files\NCH Software
2009-09-19 15:40 . 2009-09-19 15:41 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-09-19 15:38 . 2009-09-19 15:56 -------- d-----w- c:\documents and settings\Owner\Application Data\NCH Swift Sound
2009-09-09 21:36 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-09 21:22 . 2009-09-09 21:22 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-03 22:42 . 2008-04-30 03:46 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype
2009-10-03 22:23 . 2008-04-30 03:47 -------- d-----w- c:\documents and settings\Owner\Application Data\skypePM
2009-10-03 01:09 . 2009-01-21 03:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-03 01:09 . 2009-01-21 03:10 -------- d-----w- c:\program files\Spyware Doctor
2009-10-02 23:07 . 2009-08-25 16:32 -------- d-----w- c:\program files\malwarebytes
2009-10-02 21:22 . 2008-07-04 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-02 17:17 . 2009-08-24 17:56 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-10-01 09:36 . 2009-08-24 22:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-26 19:21 . 2008-03-01 00:38 -------- d-----w- c:\program files\World of Warcraft
2009-09-25 12:25 . 2009-08-22 01:47 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc
2009-09-10 18:54 . 2009-08-23 12:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2009-08-23 12:26 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-08 13:24 . 2006-08-20 15:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-08 13:22 . 2009-03-29 18:27 -------- d-----w- c:\program files\Sling Media
2009-09-04 04:12 . 2009-08-19 15:53 -------- d-----w- c:\documents and settings\Owner\Application Data\BitTorrent
2009-09-02 12:49 . 2009-09-02 12:49 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-09-02 12:49 . 2009-08-24 17:56 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-08-29 15:12 . 2009-01-31 02:44 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-29 15:12 . 2008-07-04 20:54 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-29 15:12 . 2008-07-04 20:54 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-25 17:06 . 2009-08-25 17:06 -------- d-----w- c:\documents and settings\Owner\Application Data\Uniblue
2009-08-25 14:25 . 2009-08-25 14:25 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG8
2009-08-24 22:56 . 2009-08-24 22:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-08-24 22:45 . 2009-08-24 22:45 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-24 22:42 . 2009-08-24 22:42 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-08-24 22:42 . 2009-01-12 19:19 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-24 22:27 . 2009-08-23 21:04 -------- d-----w- c:\program files\ingenuescan.exe
2009-08-24 22:02 . 2009-08-24 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2009-08-24 20:34 . 2006-08-29 15:36 74928 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-24 17:57 . 2009-08-24 17:56 -------- d-----w- c:\program files\Common Files\PC Tools
2009-08-24 01:16 . 2009-08-23 22:09 -------- d-----w- c:\program files\trend micro
2009-08-23 20:56 . 2009-08-23 20:56 -------- d-----w- c:\program files\iams
2009-08-23 20:56 . 2009-08-23 20:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-23 14:16 . 2009-08-23 14:16 17423 ----a-w- c:\windows\system32\navi.sys
2009-08-23 13:41 . 2009-08-23 13:34 -------- d-----w- c:\program files\zilla
2009-08-23 12:08 . 2009-08-23 01:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-08-22 01:45 . 2009-08-22 01:45 -------- d-----w- c:\program files\VideoLAN
2009-08-22 01:39 . 2006-08-20 15:01 -------- d-----w- c:\program files\Windows Media Connect 2
2009-08-21 15:56 . 2009-08-21 15:52 49894 ----a-w- c:\windows\HPHins04.dat
2009-08-21 15:53 . 2008-03-05 15:05 -------- d-----w- c:\program files\HP
2009-08-19 17:05 . 2009-08-19 17:05 -------- d-----w- c:\program files\AoA MP4 Converter
2009-08-19 15:53 . 2009-08-19 15:53 -------- d-----w- c:\program files\BitTorrent
2009-08-05 09:01 . 2004-08-04 07:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2004-08-04 07:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 14:08 . 2004-08-04 07:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2008-11-17 21:42 . 2006-08-20 15:15 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-11-17 21:42 . 2006-08-20 15:15 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-11-17 21:42 . 2008-02-23 04:18 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-11-17 21:42 . 2008-02-23 04:18 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-11-17 21:42 . 2006-08-20 15:15 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files\ingenue ----

2009-10-02 23:27 . 2009-08-20 00:38 9278 ----a-w- c:\program files\ingenue\Languages\hebrew.lng
2009-10-02 23:22 . 2009-10-02 23:32 10498 ----a-w- c:\program files\ingenue\unins000.msg
2009-10-02 23:22 . 2009-09-10 18:54 269648 ----a-w- c:\program files\ingenue\mbamservice.exe
2009-10-02 23:22 . 2009-09-10 18:54 420176 ----a-w- c:\program files\ingenue\mbamgui.exe
2009-10-02 23:22 . 2009-08-03 17:36 46352 ----a-w- c:\program files\ingenue\ssubtmr6.dll
2009-10-02 23:22 . 2009-08-03 17:36 496912 ----a-w- c:\program files\ingenue\vbalsgrid6.ocx
2009-10-02 23:22 . 2009-09-10 18:54 79696 ----a-w- c:\program files\ingenue\zlib.dll
2009-10-02 23:22 . 2009-08-03 17:36 70928 ----a-w- c:\program files\ingenue\mbamext.dll
2009-10-02 23:22 . 2009-09-10 18:53 1312080 ----a-w- c:\program files\ingenue\mbam.exe
2009-10-02 23:22 . 2009-04-15 09:00 13808 ----a-w- c:\program files\ingenue\Languages\turkish.lng
2009-10-02 23:22 . 2008-10-31 21:54 13097 ----a-w- c:\program files\ingenue\Languages\ukrainian.lng
2009-10-02 23:22 . 2009-09-09 03:46 12962 ----a-w- c:\program files\ingenue\Languages\spanish.lng
2009-10-02 23:22 . 2009-09-07 05:51 12265 ----a-w- c:\program files\ingenue\Languages\swedish.lng
2009-10-02 23:22 . 2008-07-26 13:58 11599 ----a-w- c:\program files\ingenue\Languages\slovak.lng
2009-10-02 23:22 . 2008-03-04 03:28 11205 ----a-w- c:\program files\ingenue\Languages\slovenian.lng
2009-10-02 23:22 . 2008-07-04 04:58 11779 ----a-w- c:\program files\ingenue\Languages\russian.lng
2009-10-02 23:22 . 2009-09-06 13:23 12198 ----a-w- c:\program files\ingenue\Languages\serbian.lng
2009-10-02 23:22 . 2008-06-15 17:04 12345 ----a-w- c:\program files\ingenue\Languages\portuguesePT.lng
2009-10-02 23:22 . 2008-03-13 23:09 12672 ----a-w- c:\program files\ingenue\Languages\romanian.lng
2009-10-02 23:22 . 2009-06-10 17:39 11593 ----a-w- c:\program files\ingenue\Languages\norwegian.lng
2009-10-02 23:22 . 2009-01-11 04:56 11623 ----a-w- c:\program files\ingenue\Languages\polish.lng
2009-10-02 23:22 . 2008-03-04 23:56 12245 ----a-w- c:\program files\ingenue\Languages\portugueseBR.lng
2009-10-02 23:22 . 2008-12-19 20:30 11457 ----a-w- c:\program files\ingenue\Languages\latvian.lng
2009-10-02 23:22 . 2008-09-11 02:29 13314 ----a-w- c:\program files\ingenue\Languages\macedonian.lng
2009-10-02 23:22 . 2008-03-05 00:03 13019 ----a-w- c:\program files\ingenue\Languages\italian.lng
2009-10-02 23:22 . 2009-07-23 23:46 9269 ----a-w- c:\program files\ingenue\Languages\korean.lng
2009-10-02 23:22 . 2008-10-07 19:15 13234 ----a-w- c:\program files\ingenue\Languages\greek.lng
2009-10-02 23:22 . 2008-03-03 21:39 12048 ----a-w- c:\program files\ingenue\Languages\hungarian.lng
2009-10-02 23:22 . 2009-09-09 03:45 13442 ----a-w- c:\program files\ingenue\Languages\french.lng
2009-10-02 23:22 . 2009-09-10 18:12 13642 ----a-w- c:\program files\ingenue\Languages\german.lng
2009-10-02 23:22 . 2009-07-31 13:20 11213 ----a-w- c:\program files\ingenue\Languages\estonian.lng
2009-10-02 23:22 . 2008-05-17 14:09 11624 ----a-w- c:\program files\ingenue\Languages\finnish.lng
2009-10-02 23:22 . 2008-03-04 23:56 12255 ----a-w- c:\program files\ingenue\Languages\dutch.lng
2009-10-02 23:22 . 2009-09-03 14:22 11314 ----a-w- c:\program files\ingenue\Languages\english.lng
2009-10-02 23:22 . 2009-09-07 23:42 12199 ----a-w- c:\program files\ingenue\Languages\czech.lng
2009-10-02 23:22 . 2009-02-18 00:27 11893 ----a-w- c:\program files\ingenue\Languages\danish.lng
2009-10-02 23:22 . 2008-08-01 13:03 8045 ----a-w- c:\program files\ingenue\Languages\chineseSI.lng
2009-10-02 23:22 . 2008-08-04 16:58 8141 ----a-w- c:\program files\ingenue\Languages\chineseTR.lng
2009-10-02 23:22 . 2008-12-27 20:41 11977 ----a-w- c:\program files\ingenue\Languages\croatian.lng
2009-10-02 23:22 . 2009-09-09 03:46 12610 ----a-w- c:\program files\ingenue\Languages\bulgarian.lng
2009-10-02 23:22 . 2008-03-05 00:05 12595 ----a-w- c:\program files\ingenue\Languages\catalan.lng
2009-10-02 23:22 . 2009-08-01 20:14 12636 ----a-w- c:\program files\ingenue\Languages\bosnian.lng
2009-10-02 23:22 . 2008-07-03 14:10 13924 ----a-w- c:\program files\ingenue\Languages\albanian.lng
2009-10-02 23:22 . 2009-04-10 04:53 10331 ----a-w- c:\program files\ingenue\Languages\arabic.lng
2009-10-02 23:22 . 2009-09-10 18:53 163664 ----a-w- c:\program files\ingenue\mbam.dll
2009-10-02 23:22 . 2009-09-10 18:37 16400 ----a-w- c:\program files\ingenue\changes.rtf
2009-10-02 23:22 . 2009-01-04 23:31 4124 ----a-w- c:\program files\ingenue\license.txt
2009-10-02 23:22 . 2009-07-30 19:27 59015 ----a-w- c:\program files\ingenue\mbam.chm
2009-10-02 23:22 . 2009-10-02 23:32 32426 ----a-w- c:\program files\ingenue\unins000.dat
2009-10-02 23:22 . 2009-10-02 23:32 699216 ----a-w- c:\program files\ingenue\unins000.exe


((((((((((((((((((((((((((((( SnapShot@2009-10-03_01.50.48 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-09-27 10:53 . 2009-09-27 10:53 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-10-03 03:24 . 2009-10-03 03:24 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-10-03 03:24 . 2009-10-03 03:24 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2009-09-27 10:53 . 2009-09-27 10:53 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2009-09-27 10:52 . 2009-09-27 10:52 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-10-03 03:24 . 2009-10-03 03:24 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-09-27 10:53 . 2009-09-27 10:53 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2009-10-03 03:24 . 2009-10-03 03:24 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2009-09-27 10:53 . 2009-09-27 10:53 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-10-03 03:24 . 2009-10-03 03:24 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-09-27 10:53 . 2009-09-27 10:53 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-10-03 03:24 . 2009-10-03 03:24 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2009-09-27 10:53 . 2009-09-27 10:53 73728 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2009-10-03 03:24 . 2009-10-03 03:24 73728 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2009-09-27 10:53 . 2009-09-27 10:53 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-10-03 03:24 . 2009-10-03 03:24 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2009-09-27 10:53 . 2009-09-27 10:53 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2009-10-03 03:24 . 2009-10-03 03:24 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-09-27 10:53 . 2009-09-27 10:53 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-10-03 03:24 . 2009-10-03 03:24 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-10-03 03:24 . 2009-10-03 03:24 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-09-27 10:53 . 2009-09-27 10:53 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2009-10-03 03:24 . 2009-10-03 03:24 68608 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2009-09-27 10:53 . 2009-09-27 10:53 68608 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2009-09-27 10:53 . 2009-09-27 10:53 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2009-10-03 03:24 . 2009-10-03 03:24 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2009-10-03 03:24 . 2009-10-03 03:24 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-09-27 10:53 . 2009-09-27 10:53 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-09-27 10:52 . 2009-09-27 10:52 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2009-10-03 03:24 . 2009-10-03 03:24 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2009-09-27 10:53 . 2009-09-27 10:53 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-10-03 03:24 . 2009-10-03 03:24 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-10-03 03:24 . 2009-10-03 03:24 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2009-09-27 10:53 . 2009-09-27 10:53 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-10-03 03:24 . 2009-10-03 03:24 114176 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-09-27 10:52 . 2009-09-27 10:52 114176 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-09-27 10:52 . 2009-09-27 10:52 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-10-03 03:24 . 2009-10-03 03:24 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-10-03 03:24 . 2009-10-03 03:24 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2009-09-27 10:52 . 2009-09-27 10:52 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2009-09-27 10:52 . 2009-09-27 10:52 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-10-03 03:24 . 2009-10-03 03:24 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-10-03 03:24 . 2009-10-03 03:24 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-09-27 10:53 . 2009-09-27 10:53 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-10-03 03:24 . 2009-10-03 03:24 299008 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2009-09-27 10:53 . 2009-09-27 10:53 299008 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2009-09-27 10:53 . 2009-09-27 10:53 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-10-03 03:24 . 2009-10-03 03:24 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-10-03 03:24 . 2009-10-03 03:24 368640 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2009-09-27 10:53 . 2009-09-27 10:53 368640 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-10-03 03:24 . 2009-10-03 03:24 700416 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-09-27 10:52 . 2009-09-27 10:52 700416 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2009-09-27 10:53 . 2009-09-27 10:53 397312 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-10-03 03:24 . 2009-10-03 03:24 397312 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-09-27 10:53 . 2009-09-27 10:53 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2009-10-03 03:24 . 2009-10-03 03:24 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-09-27 10:53 . 2009-09-27 10:53 884736 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2009-10-03 03:24 . 2009-10-03 03:24 884736 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2009-09-27 10:53 . 2009-09-27 10:53 716800 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2009-10-03 03:24 . 2009-10-03 03:24 716800 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2009-10-03 03:24 . 2009-10-03 03:24 389120 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2009-09-27 10:52 . 2009-09-27 10:52 389120 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2009-10-03 03:24 . 2009-10-03 03:24 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2009-09-27 10:52 . 2009-09-27 10:52 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2009-10-03 03:24 . 2009-10-03 03:24 667648 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2009-09-27 10:53 . 2009-09-27 10:53 667648 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2009-10-03 03:24 . 2009-10-03 03:24 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-09-27 10:53 . 2009-09-27 10:53 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-09-27 10:53 . 2009-09-27 10:53 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2009-10-03 03:24 . 2009-10-03 03:24 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2009-09-27 10:53 . 2009-09-27 10:53 745472 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2009-10-03 03:24 . 2009-10-03 03:24 745472 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2009-10-03 03:24 . 2009-10-03 03:24 647168 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-09-27 10:53 . 2009-09-27 10:53 647168 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-09-27 10:53 . 2009-09-27 10:53 413696 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-10-03 03:24 . 2009-10-03 03:24 413696 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2009-09-27 10:51 . 2009-09-27 10:51 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2009-10-03 03:24 . 2009-10-03 03:24 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2009-09-27 10:53 . 2009-09-27 10:53 260096 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2009-10-03 03:24 . 2009-10-03 03:24 260096 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2009-10-03 03:24 . 2009-10-03 03:24 114176 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2009-09-27 10:52 . 2009-09-27 10:52 114176 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2009-10-03 03:24 . 2009-10-03 03:24 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-09-27 10:52 . 2009-09-27 10:52 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2009-09-27 10:52 . 2009-09-27 10:52 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-10-03 03:24 . 2009-10-03 03:24 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2009-09-27 10:53 . 2009-09-27 10:53 3018752 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2009-10-03 03:24 . 2009-10-03 03:24 3018752 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2009-09-27 10:52 . 2009-09-27 10:52 2035712 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2009-10-03 03:24 . 2009-10-03 03:24 2035712 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2009-10-03 03:24 . 2009-10-03 03:24 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2009-09-27 10:53 . 2009-09-27 10:53 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-10-03 03:24 . 2009-10-03 03:24 5238784 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-09-27 10:51 . 2009-09-27 10:51 5238784 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-09-27 10:52 . 2009-09-27 10:52 2878976 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2009-10-03 03:24 . 2009-10-03 03:24 2878976 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2009-09-27 10:52 . 2009-09-27 10:52 4308992 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-10-03 03:24 . 2009-10-03 03:24 4308992 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"The Rush Limbaugh Show"="c:\program files\Rush 24-7 Media Center\Rush 24-7 Media Center.exe" [2006-01-23 1028096]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-04-23 22058792]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-12 68856]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-29 2007832]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb13.exe" [2006-01-07 172032]
"HPHUPD06"="c:\program files\HP\{BA2D9411-DBB4-43e4-9421-780413650A67}\hphupd06.exe" [2006-01-07 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2006-01-07 622592]
"LTWinModem1"="ltmsg.exe" - c:\windows\system32\ltmsg.exe [2001-04-03 38912]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-04-19 1626112]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-29 15:12 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [8/24/2009 1:56 PM 206256]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [10/2/2009 1:17 PM 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [10/2/2009 1:17 PM 39200]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/4/2008 4:54 PM 335240]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [8/24/2009 1:57 PM 159600]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [8/5/2009 4:06 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 4:06 PM 74480]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/30/2009 10:44 PM 297752]
R2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [4/27/2009 6:09 PM 93960]
R3 SNXPCARD;Sunix PCI Multi I/O Card Driver;c:\windows\system32\drivers\snxpcard.sys [9/14/2006 7:19 PM 20864]
R3 SNXPSERX;Sunix PCI Serial Port Driver;c:\windows\system32\drivers\snxpserx.sys [9/14/2006 7:19 PM 54528]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [8/24/2009 1:56 PM 64392]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 4:06 PM 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [1/20/2009 11:10 PM 348752]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [10/2/2009 1:17 PM 33056]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2l3onq04.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-03 18:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(548)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(604)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Completion time: 2009-10-03 18:45
ComboFix-quarantined-files.txt 2009-10-03 22:44
ComboFix2.txt 2009-10-03 01:57

Pre-Run: 10,189,529,088 bytes free
Post-Run: 10,209,234,944 bytes free

530 --- E O F --- 2009-10-03 03:25

#6 bhender

bhender

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 03 October 2009 - 04:51 PM

Thank you for your help! :)

#7 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 03 October 2009 - 05:37 PM

Hi,

Please do the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Run an on-line scan with Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
3. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.

    Posted Image
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply


In your next reply please include
  • MBAM Log
  • Kaspersky report

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#8 bhender

bhender

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 03 October 2009 - 06:16 PM

Malwarebytes' Anti-Malware 1.41 Database version: 2902 Windows 5.1.2600 Service Pack 3 10/3/2009 8:13:09 PM mbam-log-2009-10-03 (20-13-09).txt Scan type: Quick Scan Objects scanned: 104760 Time elapsed: 4 minute(s), 28 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 6 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\MSN\BN (Trojan.Ambler) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\MSN\D1 (Trojan.Ambler) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\MSN\D2 (Trojan.Ambler) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\MSN\D3 (Trojan.Ambler) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\MSN\gd (Trojan.Ambler) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\MSN\pr (Trojan.Ambler) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\nk.dat (Malware.Trace) -> Quarantined and deleted successfully.

#9 bhender

bhender

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 03 October 2009 - 06:17 PM

Kapersky to follow...

#10 bhender

bhender

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 03 October 2009 - 08:34 PM

-------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Saturday, October 3, 2009 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Sunday, October 04, 2009 01:20:24 Records in database: 2904764 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ Scan statistics: Objects scanned: 68507 Threats found: 5 Infected objects found: 18 Suspicious objects found: 0 Scan duration: 01:53:40 File name / Threat / Threats count C:\Qoobox\Quarantine\C\WINDOWS\system32\config\systemprofile\Application Data\3861993991\3861993991.exe.vir Infected: Packed.Win32.Krap.x 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\config\systemprofile\Application Data\7707198340\7707198340.exe.vir Infected: Packed.Win32.Krap.x 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\dobokehi.dll.tmp.vir Infected: Trojan-Downloader.Win32.Agent.bqxc 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\gasfkyeafdwjnv.sys.vir Infected: Packed.Win32.TDSS.z 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\eventlog.dll.vir Infected: Trojan.Win32.Sirefef.a 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\fidogile.exe.vir Infected: Packed.Win32.Krap.x 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\firugoti.dll.tmp.vir Infected: Trojan-Downloader.Win32.Agent.bqxc 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\gaperume.dll.vir Infected: Trojan-Downloader.Win32.Agent.bqxc 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\gasfkycbirjyed.dll.vir Infected: Packed.Win32.TDSS.z 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\gasfkyeewmdyej.dll.vir Infected: Packed.Win32.TDSS.z 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\gasfkynxtvxdqa.dll.vir Infected: Packed.Win32.TDSS.z 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\moriyava.exe.vir Infected: Packed.Win32.Krap.x 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\poyeyoyu.dll.tmp.vir Infected: Trojan-Downloader.Win32.Agent.bqxc 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\sesanujo.exe.vir Infected: Packed.Win32.Krap.x 1 C:\Qoobox\Quarantine\[4]-Submit_2009-10-03_18.36.29.zip Infected: Trojan-Downloader.Win32.FraudLoad.fsh 1 C:\Qoobox\Quarantine\[4]-Submit_2009-10-03_18.36.29.zip Infected: Trojan-Downloader.Win32.Agent.bqxc 1 C:\System Volume Information\_restore{C77E1AB2-0ED6-4378-91DD-356785BF0E3E}\RP665\A0063399.exe Infected: Packed.Win32.Krap.x 1 C:\System Volume Information\_restore{C77E1AB2-0ED6-4378-91DD-356785BF0E3E}\RP665\A0063402.exe Infected: Packed.Win32.Krap.x 1 Selected area has been scanned.

    Advertisements

Register to Remove


#11 bhender

bhender

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 03 October 2009 - 08:35 PM

So what is the "official" name of this particular virus?

#12 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 03 October 2009 - 08:39 PM

Hi,

Please describe how your computer is running now and if there are any outstanding issues

Everything Kaspersky found is in quarantine which we will be cleaning up shortly.

Please run the following program and post the DDS log and Attach.txt

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.pif to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#13 bhender

bhender

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 04 October 2009 - 07:41 AM

DDS (Ver_09-09-29.01) - NTFSx86 Run by Owner at 9:33:08.04 on Sun 10/04/2009 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1270.652 [GMT -4:00] AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6} AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ltmsg.exe C:\WINDOWS\system32\taskswitch.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe C:\WINDOWS\system32\hphmon06.exe C:\Program Files\Rush 24-7 Media Center\Rush 24-7 Media Center.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Owner\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = *.local TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll uRun: [The Rush Limbaugh Show] c:\program files\rush 24-7 media center\Rush 24-7 Media Center.exe /noopen uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [LTWinModem1] ltmsg.exe 9 mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb13.exe mRun: [HPHUPD06] c:\program files\hp\{ba2d9411-dbb4-43e4-9421-780413650a67}\hphupd06.exe mRun: [HPHmon06] c:\windows\system32\hphmon06.exe mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\ingenue\mbam.exe" /runcleanupscript IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156862909000 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156046245805 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll Notify: avgrsstarter - avgrsstx.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\2l3onq04.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll FF - component: c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components\qfaservices.dll ============= SERVICES / DRIVERS =============== R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-8-24 206256] R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-10-2 51488] R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-10-2 39200] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-7-4 335240] R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-7-4 27784] R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-8-24 159600] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-8-5 9968] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 74480] R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-30 297752] R2 SlingAgentService;SlingAgentService;c:\program files\sling media\slingagent\SlingAgentService.exe [2009-4-27 93960] R3 SNXPCARD;Sunix PCI Multi I/O Card Driver;c:\windows\system32\drivers\snxpcard.sys [2006-9-14 20864] R3 SNXPSERX;Sunix PCI Serial Port Driver;c:\windows\system32\drivers\snxpserx.sys [2006-9-14 54528] S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009-8-24 64392] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-8-5 7408] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-1-20 348752] S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-1-20 1097096] S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-10-2 33056] S3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?] =============== Created Last 30 ================ 2009-10-02 21:19 <DIR> a-dshr-- C:\cmdcons 2009-10-02 21:17 229,888 a------- c:\windows\PEV.exe 2009-10-02 21:17 161,792 a------- c:\windows\SWREG.exe 2009-10-02 21:17 98,816 a------- c:\windows\sed.exe 2009-10-02 19:43 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\{EF63305C-BAD7-4144-9208-D65528260864} 2009-10-02 19:22 <DIR> --d----- c:\program files\ingenue 2009-10-02 19:10 <DIR> --d----- c:\program files\mbam 2009-10-02 13:17 51,488 a------- c:\windows\system32\drivers\TfFsMon.sys 2009-10-02 13:17 39,200 a------- c:\windows\system32\drivers\TfSysMon.sys 2009-10-02 13:17 33,056 a------- c:\windows\system32\drivers\TfNetMon.sys 2009-10-02 13:17 12,576 a------- c:\windows\system32\drivers\TfKbMon.sys 2009-10-01 09:27 10,726 a------- c:\windows\system32\irywu.db 2009-09-30 16:14 18,300 a------- c:\windows\system32\grtg 2009-09-19 11:40 27,136 a------- c:\windows\system32\drivers\nchssvad.sys 2009-09-19 11:40 <DIR> --d----- c:\program files\NCH Software 2009-09-09 17:36 153,088 -c------ c:\windows\system32\dllcache\triedit.dll 2009-09-09 17:22 <DIR> --d----- c:\docume~1\owner\applic~1\Malwarebytes ==================== Find3M ==================== 2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-09-02 08:49 206,256 a------- c:\windows\system32\drivers\PCTCore.sys 2009-09-02 08:49 7,396 a------- c:\windows\system32\drivers\pctcore.cat 2009-08-29 11:12 335,240 a------- c:\windows\system32\drivers\avgldx86.sys 2009-08-29 11:12 11,952 a------- c:\windows\system32\avgrsstx.dll 2009-08-23 10:16 17,423 a------- c:\windows\system32\navi.sys 2009-08-21 11:56 49,894 a------- c:\windows\HPHins04.dat 2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll 2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll 2009-04-17 13:55 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009041720090418\index.dat ============= FINISH: 9:33:40.43 ===============

#14 bhender

bhender

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 04 October 2009 - 07:42 AM

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-09-29.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 8/29/2006 10:32:51 AM System Uptime: 10/4/2009 9:25:47 AM (0 hours ago) Motherboard: Dell Inc. | | 0WJ770 Processor: Intel® Pentium® 4 CPU 3.06GHz | Microprocessor | 3059/533mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 74 GiB total, 9.309 GiB free. D: is CDROM () E: is Removable ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP662: 10/2/2009 9:38:17 PM - ComboFix created restore point RP663: 10/2/2009 9:52:29 PM - Software Distribution Service 3.0 RP664: 10/2/2009 10:21:17 PM - System Checkpoint RP665: 10/2/2009 11:22:13 PM - Software Distribution Service 3.0 RP666: 10/3/2009 10:38:20 PM - Software Distribution Service 3.0 ==== Installed Programs ====================== Adobe Flash Player 10 ActiveX Adobe Flash Player Plugin Adobe Photoshop 6.0 Adobe Reader 7.0.7 Adobe SVG Viewer Alt-Tab Task Switcher Powertoy for Windows XP AoA MP4 Converter Apple Mobile Device Support Apple Software Update AutoUpdate AVG Free 8.5 BitTorrent Bonjour BufferChm Calculator Powertoy for Windows XP ClearType Tuning Control Panel Applet CmdHere Powertoy For Windows XP Compatibility Pack for the 2007 Office system CP_AtenaShokunin1Config CP_CalendarTemplates1 cp_LightScribeConfig cp_OnlineProjectsConfig CP_Package_Basic1 CP_Panorama1Config cp_PosterPrintConfig cp_PrintOnCDConfig cp_UpdateProjectsConfig Critical Update for Windows Media Player 11 (KB959772) CueTour CustomerResearchQFolder D5100 D5100_Help DeviceManagementQFolder DivX Codec DivX Content Uploader DivX Converter DivX Player DivX Web Player eSupportQFolder FullDPAppQFolder Google Toolbar for Internet Explorer High Definition Audio Driver Package - KB835221 HijackThis 2.0.2 Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB970653-v3) HP Customer Participation Program 7.0 HP Imaging Device Functions 7.0 HP Photosmart and Deskjet 7.0 Software HP Photosmart Premier Software 6.5 HP Software Update HP Solution Center 7.0 hph_ProductContext hph_readme hph_software hph_software_req HPPhotoSmartExpress HPProductAssistant HTC Touch Pro™ User Guide Image Resizer Powertoy for Windows XP InstantShareDevices InstantShareDevicesMFC Intel® Graphics Media Accelerator Driver Intel® PRO Network Connections Drivers iTunes J2SE Runtime Environment 5.0 Update 6 Logitech Harmony Remote Software 7 Lucent Win Modem Magnifier Powertoy for Windows XP Malwarebytes' Anti-Malware MarketResearch Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Microsoft ActiveSync Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Standard Edition 2003 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C Runtime Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Mozilla Firefox (2.0.0.18) MSXML 4.0 SP2 (KB925672) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) Nero OEM NVIDIA Drivers OptionalContentQFolder PanoStandAlone PhotoGallery Photosmart 320,370,7400,8100,8400,8700 Series PowerDVD Prism Video Converter PS320 PSPrinters06 QuickTime RandMap Remote Control USB Driver Rush 24-7 Media Center Security Update for CAPICOM (KB931906) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB913433) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) SigmaTel Audio SkinsHP1 Skype™ 3.8 SlideShow Slideshow Generator Powertoy for Windows XP SlideShowMusic SlingPlayer SolutionCenter Sonic_PrimoSDK Spyware Doctor 6.1 Status SUPERAntiSpyware Free Edition SuperCharge Timershot Powertoy for Windows XP Toolbox TrayApp Tweak UI Unload Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB973815) Ventrilo Client Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 VLC media player 1.0.1 WebFldrs XP WebReg Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Live installer Windows Media Connect Windows Media Format 11 runtime Windows Media Player 10 Hotfix - KB894476 Windows XP Service Pack 3 WinRAR archiver WinZip World of Warcraft ==== Event Viewer Messages From Past Week ======== 9/30/2009 9:34:44 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect. 9/30/2009 9:34:44 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 9/30/2009 9:34:42 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep 9/27/2009 6:54:08 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86. 10/2/2009 9:37:48 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000003A' while processing the file 'addins' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. 10/2/2009 9:20:32 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect. 10/2/2009 9:18:44 PM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s). 10/2/2009 7:28:03 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Beep Fips intelppm SASDIFSV SASKUTIL 10/2/2009 7:08:52 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} 10/2/2009 7:07:00 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} 10/2/2009 7:06:35 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 10/2/2009 7:06:20 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 Beep Fips intelppm IPSec MRxSmb NetBIOS NetBT pctgntdi RasAcd Rdbss SASDIFSV SASKUTIL Tcpip WS2IFSL 10/2/2009 7:06:20 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning. 10/2/2009 7:06:20 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning. 10/2/2009 7:06:20 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 10/2/2009 7:06:20 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning. 10/2/2009 7:06:20 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 10/2/2009 7:06:20 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 10/2/2009 3:30:30 PM, error: Service Control Manager [7034] - The ThreatFire service terminated unexpectedly. It has done this 1 time(s). 10/2/2009 3:30:28 PM, error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s). 10/2/2009 3:30:28 PM, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine. 10/1/2009 9:24:43 AM, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 10/1/2009 9:24:43 AM, error: Service Control Manager [7000] - The NetBEUI Protocol service failed to start due to the following error: The system cannot find the file specified. ==== End Of File ===========================

#15 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 04 October 2009 - 07:44 AM

what is the "official" name of this particular virus?


We refer to it as the Max++ rootkit, but there are probably different names for it in different forums

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users