Jump to content

Redirect and other issues


Recommended Posts

A couple of weeks ago I started getting redirected everytime I used the search function in my browser and lately my anti-virus is finding all kinds of threats when I am online. Whether I am browsing or playing an online game. I always choose to quarantine the threats but they seem to be found over and over again. I use AVG anti-virus and have been in contact with them but they're about useless for any real help so I found myself here. So here are the log files... I do so hope there is someone who can help me out and a huge thank you in advance.

GMER 1.0.15.15640 - http://www.gmer.net

Rootkit scan 2011-07-04 14:18:55

Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 Maxtor_6L250S0 rev.BANC1G10

Running: tool.exe; Driver: C:\DOCUME~1\RMK\LOCALS~1\Temp\uxtdypow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xF7778738]

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xF77787DC]

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xF7778878]

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xF7778914]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF2541000, 0x27EFD7, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

? C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe[3680] number of sections mismatch; time/date stamp mismatch; unknown module: OLEAUT32.dllunknown module: RASAPI32.dllunknown module: WINHTTP.dll

.text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!CreateWindowExW 77D51AD5 5 Bytes JMP 01224832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!DialogBoxParamW 77D56702 5 Bytes JMP 01149315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!DialogBoxParamA 77D588E1 5 Bytes JMP 0133DFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!DialogBoxIndirectParamW 77D62598 5 Bytes JMP 0133E021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!MessageBoxIndirectA 77D6AEF1 5 Bytes JMP 0133DF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!MessageBoxExW 77D80559 5 Bytes JMP 0133DE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!MessageBoxExA 77D8057D 5 Bytes JMP 0133DE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!DialogBoxIndirectParamA 77D86CED 5 Bytes JMP 0133E084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!MessageBoxIndirectW 77D960B7 5 Bytes JMP 0133DEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5168] USER32.dll!CallNextHookEx 77D4ED6E 5 Bytes JMP 0121DD81 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5168] USER32.dll!CreateWindowExW 77D51AD5 5 Bytes JMP 01224832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5168] USER32.dll!DialogBoxParamW 77D56702 5 Bytes JMP 01149315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5168] USER32.dll!DialogBoxParamA 77D588E1 5 Bytes JMP 0133DFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5168] USER32.dll!DialogBoxIndirectParamW 77D62598 5 Bytes JMP 0133E021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5168] USER32.dll!MessageBoxIndirectA 77D6AEF1 5 Bytes JMP 0133DF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5168] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 0121DBCB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5168] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 01181CA2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5168] USER32.dll!MessageBoxExW 77D80559 5 Bytes JMP 0133DE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5168] USER32.dll!MessageBoxExA 77D8057D 5 Bytes JMP 0133DE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5168] USER32.dll!DialogBoxIndirectParamA 77D86CED 5 Bytes JMP 0133E084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5168] USER32.dll!MessageBoxIndirectW 77D960B7 5 Bytes JMP 0133DEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5168] ole32.dll!CoCreateInstance 77526009 5 Bytes JMP 0122488E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe[3680] @ C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe [KERNEL32.dll!WriteConsoleW] C085D6FF

IAT C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe[3680] @ C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe [KERNEL32.dll!WaitForSingleObject] 458D497E

IAT C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe[3680] @ C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe [KERNEL32.dll!MoveFileExW] FF5350E8

IAT C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe[3680] @ C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe [KERNEL32.dll!TlsAlloc] 43627015

IAT C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe[3680] @ C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe [KERNEL32.dll!UnmapViewOfFile] 74C08500

IAT C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe[3680] @ C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe [KERNEL32.dll!GetCalendarInfoA] E8458D3A

IAT C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe[3680] @ C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe [KERNEL32.dll!TlsSetValue] 15FF5750

IAT C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe[3680] @ C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe [KERNEL32.dll!GetModuleHandleW] [00436278] C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe

IAT C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe[3680] @ C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe [KERNEL32.dll!SetEvent] 2B75C085

IAT C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe[3680] @ C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe [KERNEL32.dll!TlsFree] D6FF5300

IAT C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe[3680] @ C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe [KERNEL32.dll!LoadLibraryExW] 8BE475FF

IAT C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe[3680] @ C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe [KERNEL32.dll!GetVersionExW] 2BD6FFF8

IAT C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe[3680] @ C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe [KERNEL32.dll!GetTempPathW] 75FF57F8

IAT C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe[3680] @ C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe [KERNEL32.dll!GetEnvironmentVariableW] 03D6FFE4

IAT C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe[3680] @ C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe [KERNEL32.dll!InterlockedIncrement] 2B1EE8C3

IAT C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe[3680] @ C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe [KERNEL32.dll!EnumResourceNamesA] 59590000

IAT C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe[3680] @ C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe [KERNEL32.dll!FlushFileBuffers] 0774C085

IAT C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe[3680] @ C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe [KERNEL32.dll!GetExitCodeProcess] 01DC45C7

IAT C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe[3680] @ C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe [KERNEL32.dll!GetConsoleMode] FF000000

IAT C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe[3680] @ C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe [KERNEL32.dll!ExitProcess] 59000073

IAT C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe[3680] @ C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe [KERNEL32.dll!CreateFileMappingA] 00E47D83

IAT C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe[3680] @ C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe [KERNEL32.dll!FindFirstFileW] 09745E5F

IAT C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe[3680] @ C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe [KERNEL32.dll!CreateThread] E8E475FF

IAT C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe[3680] @ C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe [KERNEL32.dll!CreateDirectoryW] 00007339

IAT C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe[3680] @ C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe [KERNEL32.dll!GetProcAddress] FC4D8B59

IAT C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe[3680] @ C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe [KERNEL32.dll!MapViewOfFile] 33DC458B

IAT C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe[3680] @ C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe [KERNEL32.dll!GetConsoleCP] 731CE8CD

IAT C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe[3680] @ C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe [KERNEL32.dll!TlsGetValue] C3C90000

IAT C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe[3680] @ C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe [KERNEL32.dll!CreateFileA] 83EC8B55

IAT C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe[3680] @ C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe [KERNEL32.dll!GetVersionExA] 10A134EC

IAT C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe[3680] @ C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe [KERNEL32.dll!GetProcessHeap] 33004424

IAT C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe[3680] @ C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe [KERNEL32.dll!GetModuleHandleA] FC4589C5

IAT C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe[3680] @ C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe [KERNEL32.dll!CreateFileW] 8D0043E3

IAT C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe[3680] @ C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe [KERNEL32.dll!CreateProcessW] A5A5D87D

IAT C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe[3680] @ C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe [MPRAPI.dll!MprConfigServerConnect] 8D0043E3

IAT C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe[3680] @ C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe [MPRAPI.dll!MprConfigServerDisconnect] A5A5E87D

IAT C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe[3680] @ C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe [MPRAPI.dll!MprConfigGetFriendlyName] 85A4A5A5

IAT C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe[3680] @ C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe [ole32.dll!CoGetMalloc] 85000000

IAT C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe[3680] @ C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe [ole32.dll!ProgIDFromCLSID] 8B840FC9

IAT C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe[3680] @ C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe [ole32.dll!CoTaskMemFree] E8000000

IAT C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe[3680] @ C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe [ole32.dll!StringFromCLSID] 00002304

IAT C:\Program Files\Internet Explorer\iexplore.exe[5168] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [00C618FD] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000d88acdab0

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000d88acdab0@0015a049a799 0x2B 0xF1 0x8F 0x17 ...

Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000d88acdab0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000d88acdab0@0015a049a799 0x2B 0xF1 0x8F 0x17 ...

---- EOF - GMER 1.0.15 ----

ogfile of Trend Micro HijackThis v2.0.4

Scan saved at 7:58:40 AM, on 7/6/2011

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Documents and Settings\RMK\Application Data\dwm.exe

C:\Documents and Settings\RMK\Application Data\Microsoft\conhost.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\java.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Program Files\AVG\AVG10\avgam.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe

C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\PROGRA~1\AVG\AVG10\avgrsx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\RMK\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:50889

F3 - REG:win.ini: load=C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"

O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [conhost] C:\Documents and Settings\RMK\Application Data\Microsoft\conhost.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\RMK\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [sony Ericsson PC Companion] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1254987862421

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe

O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - F:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe

O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe

--

End of file - 9747 bytes

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 7031

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

7/6/2011 10:01:41 AM

mbam-log-2011-07-06 (10-01-32).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|H:\|)

Objects scanned: 284895

Time elapsed: 39 minute(s), 44 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 0

Registry Keys Infected: 4

Registry Values Infected: 3

Registry Data Items Infected: 3

Folders Infected: 8

Files Infected: 9

Memory Processes Infected:

c:\documents and settings\RMK\application data\microsoft\conhost.exe (Trojan.Agent) -> 892 -> No action taken.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\.pox (Rogue.FixTool) -> No action taken.

HKEY_CLASSES_ROOT\pofile (Rogue.FixTool) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\SystemWarrior (Rogue.SystemWarrior) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Miracle (PUP.PerfectOptimizer) -> No action taken.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Trojan.Agent) -> Value: conhost -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Value: Load -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> No action taken.

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Bad: (C:\DOCUME~1\RMK\LOCALS~1\Temp\csrss.exe) Good: () -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:

c:\program files\perfect optimizer (PUP.PerfectOptimizer) -> No action taken.

c:\program files\perfect optimizer\Backup (PUP.PerfectOptimizer) -> No action taken.

c:\program files\perfect optimizer\Backup\application (PUP.PerfectOptimizer) -> No action taken.

c:\program files\perfect optimizer\Backup\Registry (PUP.PerfectOptimizer) -> No action taken.

c:\program files\perfect optimizer\Backup\Registry\firstbackup (PUP.PerfectOptimizer) -> No action taken.

c:\program files\perfect optimizer\Backup\Registry\fullbackup (PUP.PerfectOptimizer) -> No action taken.

c:\program files\perfect optimizer\Backup\Service (PUP.PerfectOptimizer) -> No action taken.

c:\program files\perfect optimizer\Temp (PUP.PerfectOptimizer) -> No action taken.

Files Infected:

e:\Misc\stressrelief.exe (Joke.Stressreducer) -> No action taken.

c:\documents and settings\RMK\application data\microsoft\conhost.exe (Trojan.Agent) -> No action taken.

c:\documents and settings\RMK\local settings\Temp\csrss.exe (Trojan.Agent) -> No action taken.

c:\documents and settings\RMK\~webupdatehelper.exe (Trojan.Agent) -> No action taken.

c:\program files\perfect optimizer\License.ini (PUP.PerfectOptimizer) -> No action taken.

c:\program files\perfect optimizer\Setting.ini (PUP.PerfectOptimizer) -> No action taken.

c:\program files\perfect optimizer\Backup\Registry\firstbackup\20090615071129.reg (PUP.PerfectOptimizer) -> No action taken.

c:\program files\perfect optimizer\Backup\Registry\fullbackup\20090615071707.reg (PUP.PerfectOptimizer) -> No action taken.

c:\program files\perfect optimizer\Temp\__clean_disk.bat (PUP.PerfectOptimizer) -> No action taken.

TDSSKiller found nothing. Thanks again for any help that can be given on this.

Link to post
Share on other sites

hi :welcome:

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:

  • Be sure to follow all my instructions carefully! If there is anything you don''t understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.

Step 1

Update MalwareBytes Anti-Malware and run a quick scan, this time when the scan is done click on "Show Results" then Remove selected.

The log you posted shows you did not remove the infections it found, you must remove them.

Step 2


  • Download
OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Post both logs

Things I would like to see in your reply:

  • MBAM Log
  • OTL.txt and Extras.txt

Link to post
Share on other sites

hi

You did not actually do what i said regarding Malwarebytes, it says "No action taken." why are you not removing the infections? :huh:

  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Also kindly next time do NOT attach logs, post them instead.

Link to post
Share on other sites

Hi AliB.... I did remove the infections, I just didn't remove what wasn't selected by default. Everything that was selected from the first scan was removed. You could see this if you compared the first MBAM file with the second. And in step 1 of your instructions you didn't tell me to check off everything you said to just click on Show Results and Remove Selected and that is exactly what I did... as I stated some of the stuff wasn't checked by default and would need manual input to remove them. Is that what I am not supposed to do?

Link to post
Share on other sites

Hi AliB... ok yesterday after you told me I had done it wrong, I went back and ran the scan again and made sure everything was checked to be removed and then of course removed them and today after seeing your response have ran the scan again and here are the logs...

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 7039

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

7/7/2011 11:45:24 AM

mbam-log-2011-07-07 (11-45-24).txt

Scan type: Quick scan

Objects scanned: 169175

Time elapsed: 4 minute(s), 12 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

And here is the OTL log... there wasn't an extras today not sure why...

OTL logfile created on: 7/7/2011 11:49:49 AM - Run 3

OTL by OldTimer - Version 3.2.26.0 Folder = C:\Documents and Settings\RMK\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 71.40% Memory free

5.09 Gb Paging File | 4.22 Gb Available in Paging File | 82.96% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 121.09 Gb Total Space | 35.61 Gb Free Space | 29.41% Space Free | Partition Type: NTFS

Drive D: | 19.53 Gb Total Space | 19.36 Gb Free Space | 99.10% Space Free | Partition Type: NTFS

Drive E: | 19.53 Gb Total Space | 4.13 Gb Free Space | 21.16% Space Free | Partition Type: NTFS

Drive F: | 112.66 Gb Total Space | 62.81 Gb Free Space | 55.75% Space Free | Partition Type: NTFS

Drive H: | 892.44 Gb Total Space | 640.03 Gb Free Space | 71.72% Space Free | Partition Type: NTFS

Computer Name: FREAKY | User Name: RMK | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/06 17:00:45 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\RMK\Desktop\OTL.scr

PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011/05/04 04:52:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\java.exe

PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe

PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe

PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe

PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe

PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe

PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe

PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe

PRC - [2011/02/08 05:32:42 | 000,750,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe

PRC - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe

PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

PRC - [2008/11/13 21:43:49 | 000,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe

PRC - [2007/07/18 01:30:12 | 000,414,992 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe

PRC - [2007/07/18 01:30:03 | 001,687,824 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe

PRC - [2007/07/18 01:29:52 | 000,460,048 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe

PRC - [2007/07/18 01:29:34 | 000,479,504 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe

PRC - [2007/07/18 01:29:24 | 000,278,288 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe

PRC - [2004/08/04 14:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011/07/06 17:00:45 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\RMK\Desktop\OTL.scr

MOD - [2004/08/04 14:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)

SRV - [2011/02/10 15:29:24 | 000,150,528 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)

SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)

SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)

SRV - [2009/07/26 07:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- F:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)

SRV - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)

SRV - [2008/11/13 21:43:49 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)

========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)

DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)

DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)

DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)

DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)

DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)

DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)

DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)

DRV - [2010/12/07 15:12:24 | 000,025,088 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandmodem.sys -- (ANDModem)

DRV - [2010/12/07 15:12:24 | 000,020,096 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandgps.sys -- (AndGps)

DRV - [2010/12/07 15:12:22 | 000,020,736 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lganddiag.sys -- (AndDiag)

DRV - [2010/12/07 15:12:22 | 000,014,336 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandbus.sys -- (Andbus)

DRV - [2010/10/27 05:55:48 | 005,524,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2010/09/18 12:55:30 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)

DRV - [2010/09/18 12:55:22 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)

DRV - [2010/09/18 12:55:22 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)

DRV - [2009/11/12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)

DRV - [2009/04/07 19:14:36 | 005,066,752 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2009/03/27 01:16:28 | 000,012,672 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys -- (cpuz132)

DRV - [2008/12/12 18:05:20 | 000,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)

DRV - [2008/12/12 18:05:18 | 000,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)

DRV - [2008/10/31 07:52:16 | 000,093,184 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV - [2008/10/21 09:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdm.sys -- (s0017mdm)

DRV - [2008/10/21 09:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)

DRV - [2008/10/21 09:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)

DRV - [2008/10/21 09:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017obex.sys -- (s0017obex)

DRV - [2008/10/21 09:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)

DRV - [2008/10/21 09:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)

DRV - [2008/10/21 09:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdfl.sys -- (s0017mdfl)

DRV - [2008/08/07 13:14:56 | 000,111,360 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2008/08/05 21:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)

DRV - [2008/05/02 10:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)

DRV - [2008/05/02 10:58:14 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)

DRV - [2008/05/02 10:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)

DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)

DRV - [2006/01/04 16:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)

DRV - [2004/08/13 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1708537768-1275210071-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/

IE - HKU\S-1-5-21-1708537768-1275210071-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1708537768-1275210071-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50889

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\RMK\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\RMK\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\RMK\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKLM\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/06/24 09:30:47 | 000,000,000 | ---D | M]

FF - HKCU\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/06/24 09:30:47 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2004/08/04 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-1708537768-1275210071-725345543-1003\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.

O3 - HKU\S-1-5-21-1708537768-1275210071-725345543-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKU\S-1-5-21-1708537768-1275210071-725345543-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [bluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)

O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)

O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)

O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKU\S-1-5-21-1708537768-1275210071-725345543-1003..\Run: [sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1708537768-1275210071-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O15 - HKU\S-1-5-21-1708537768-1275210071-725345543-1003\..Trusted Domains: kandrai.eu ([learn] https in Trusted sites)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1254987862421 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.242.40.3 212.242.40.51

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/11 16:03:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{f884ad84-acf6-11df-80bc-00248c85b0ba}\Shell\AutoRun\command - "" = G:\setupSNK.exe

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/07/06 17:00:38 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\RMK\Desktop\OTL.scr

[2011/07/06 08:09:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RMK\Application Data\Malwarebytes

[2011/07/06 08:09:08 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011/07/06 08:09:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/07/06 08:09:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2011/07/06 08:09:05 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011/07/06 08:09:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/07/06 08:08:13 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\RMK\Desktop\mbam-setup-1.51.0.1200.exe

[2011/07/06 07:57:26 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\RMK\Desktop\HijackThis.exe

[2011/07/04 12:34:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RMK\Desktop\New Folder (5)

[2011/06/25 08:06:37 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2009/11/07 13:33:28 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\RMK\Application Data\pcouffin.sys

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/07 11:51:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1275210071-725345543-1003UA.job

[2011/07/07 11:28:31 | 000,443,588 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/07/07 11:28:31 | 000,071,846 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/07/07 11:24:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/07/07 11:12:26 | 121,362,516 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm

[2011/07/07 07:30:24 | 000,000,651 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk

[2011/07/06 17:00:45 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\RMK\Desktop\OTL.scr

[2011/07/06 13:51:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1275210071-725345543-1003Core.job

[2011/07/06 10:35:05 | 001,327,397 | ---- | M] () -- C:\Documents and Settings\RMK\Desktop\tdsskiller.zip

[2011/07/06 08:09:08 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/07/06 08:08:13 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\RMK\Desktop\mbam-setup-1.51.0.1200.exe

[2011/07/06 07:58:00 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\RMK\Desktop\HijackThis.exe

[2011/07/05 23:05:34 | 000,018,298 | ---- | M] () -- C:\Documents and Settings\RMK\Application Data\68E6.CF7

[2011/07/05 13:21:57 | 000,103,208 | ---- | M] () -- C:\Documents and Settings\RMK\Desktop\runner_en.exe

[2011/07/05 13:17:36 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/07/05 02:42:41 | 000,001,041 | ---- | M] () -- C:\Documents and Settings\RMK\Application Data\vso_ts_preview.xml

[2011/07/05 02:19:14 | 000,047,616 | ---- | M] () -- C:\Documents and Settings\RMK\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/07/04 12:52:24 | 001,791,414 | ---- | M] () -- C:\Documents and Settings\RMK\Desktop\JenniferAniston.bmp

[2011/07/04 12:40:41 | 000,293,977 | ---- | M] () -- C:\Documents and Settings\RMK\Desktop\gmer.zip

[2011/07/04 12:37:21 | 000,620,972 | ---- | M] () -- C:\Documents and Settings\RMK\Desktop\Autoruns.zip

[2011/07/04 12:34:19 | 000,276,544 | ---- | M] () -- C:\Documents and Settings\RMK\Desktop\avgproci_en.zip

[2011/06/28 19:52:30 | 000,002,268 | ---- | M] () -- C:\Documents and Settings\RMK\Desktop\Google Chrome.lnk

[2011/06/28 19:52:30 | 000,002,246 | ---- | M] () -- C:\Documents and Settings\RMK\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2011/06/25 04:34:14 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/06/24 09:30:47 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/06 08:09:08 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/07/05 13:21:57 | 000,103,208 | ---- | C] () -- C:\Documents and Settings\RMK\Desktop\runner_en.exe

[2011/07/04 12:52:24 | 001,791,414 | ---- | C] () -- C:\Documents and Settings\RMK\Desktop\JenniferAniston.bmp

[2011/07/04 12:40:41 | 000,293,977 | ---- | C] () -- C:\Documents and Settings\RMK\Desktop\gmer.zip

[2011/07/04 12:37:21 | 000,620,972 | ---- | C] () -- C:\Documents and Settings\RMK\Desktop\Autoruns.zip

[2011/07/04 12:34:19 | 000,276,544 | ---- | C] () -- C:\Documents and Settings\RMK\Desktop\avgproci_en.zip

[2011/07/03 01:53:56 | 001,327,397 | ---- | C] () -- C:\Documents and Settings\RMK\Desktop\tdsskiller.zip

[2011/06/30 17:47:20 | 000,018,298 | ---- | C] () -- C:\Documents and Settings\RMK\Application Data\68E6.CF7

[2011/06/04 04:34:01 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/04/16 07:59:18 | 000,002,245 | ---- | C] () -- C:\WINDOWS\UEDIT32.INI

[2011/02/28 20:12:36 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys

[2011/02/23 08:28:11 | 000,000,027 | ---- | C] () -- C:\WINDOWS\lang.ini

[2010/12/25 12:13:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll

[2010/12/25 12:13:18 | 000,002,413 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini

[2010/12/02 18:56:25 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat

[2010/12/02 18:56:25 | 000,223,990 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

[2010/12/02 18:56:25 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat

[2010/04/21 08:08:19 | 000,323,080 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2009/12/25 11:58:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\LCDMedia.INI

[2009/12/23 21:15:51 | 000,013,900 | ---- | C] () -- C:\WINDOWS\29d9zpa5se527.bin

[2009/12/20 22:28:07 | 000,004,755 | ---- | C] () -- C:\WINDOWS\System32\135ebac9door1z31.dll

[2009/12/20 02:16:19 | 000,005,055 | ---- | C] () -- C:\WINDOWS\System32\1068dow5l9ader49z.dll

[2009/12/18 11:59:16 | 000,004,829 | ---- | C] () -- C:\WINDOWS\7008zh5e93030.dll

[2009/12/17 09:36:13 | 000,002,897 | ---- | C] () -- C:\WINDOWS\System32\96249iruz549.dll

[2009/12/15 11:51:50 | 000,014,895 | ---- | C] () -- C:\WINDOWS\65b0downzoade917.bin

[2009/12/14 14:30:45 | 000,002,528 | ---- | C] () -- C:\WINDOWS\209z9spy5b65.dll

[2009/12/13 05:04:14 | 000,008,284 | ---- | C] () -- C:\WINDOWS\System32\z5393worm2bb.exe

[2009/12/11 07:25:58 | 000,005,157 | ---- | C] () -- C:\WINDOWS\15z2spy599.dll

[2009/12/08 04:25:21 | 000,017,987 | ---- | C] () -- C:\WINDOWS\14039virzs65f.dll

[2009/12/05 04:27:28 | 000,014,885 | ---- | C] () -- C:\WINDOWS\15144zp5mbot3009.exe

[2009/12/04 14:46:19 | 000,003,047 | ---- | C] () -- C:\WINDOWS\22dow9loa5ez2084.exe

[2009/12/03 19:39:55 | 000,010,523 | ---- | C] () -- C:\WINDOWS\System32\4462not-a5virus9e8z.dll

[2009/12/02 23:03:23 | 000,017,921 | ---- | C] () -- C:\WINDOWS\System32\189dsparz5629.dll

[2009/12/02 10:37:44 | 000,003,447 | ---- | C] () -- C:\WINDOWS\55csteaz990.bin

[2009/11/28 07:15:18 | 000,013,524 | ---- | C] () -- C:\WINDOWS\za7csteal965.dll

[2009/11/26 05:32:26 | 000,017,281 | ---- | C] () -- C:\WINDOWS\System32\7963hac95zol78.exe

[2009/11/26 00:02:15 | 000,011,771 | ---- | C] () -- C:\WINDOWS\System32\4da9downl59derz960.exe

[2009/11/23 20:18:44 | 000,015,088 | ---- | C] () -- C:\WINDOWS\4c35thr59tz815.exe

[2009/11/23 08:21:09 | 000,018,031 | ---- | C] () -- C:\WINDOWS\7acethzeat165659.exe

[2009/11/22 18:33:28 | 000,010,338 | ---- | C] () -- C:\WINDOWS\System32\9140download5r253z.exe

[2009/11/22 01:33:28 | 000,009,379 | ---- | C] () -- C:\WINDOWS\5529hiez1132.bin

[2009/11/21 11:26:45 | 000,014,166 | ---- | C] () -- C:\WINDOWS\System32\1z90addware9805.exe

[2009/11/21 07:21:09 | 000,012,531 | ---- | C] () -- C:\WINDOWS\System32\31354spambo9zf.bin

[2009/11/15 03:09:02 | 000,011,105 | ---- | C] () -- C:\WINDOWS\System32\9z5spy5099.bin

[2009/11/15 00:22:08 | 000,004,738 | ---- | C] () -- C:\WINDOWS\9cczd5wnloader150.exe

[2009/11/14 20:31:57 | 000,010,299 | ---- | C] () -- C:\WINDOWS\116945irz9604.exe

[2009/11/13 13:48:00 | 000,004,212 | ---- | C] () -- C:\WINDOWS\692athre95z567.bin

[2009/11/13 03:56:34 | 000,015,010 | ---- | C] () -- C:\WINDOWS\System32\4343spzr5e3194.dll

[2009/11/13 02:11:01 | 000,002,873 | ---- | C] () -- C:\WINDOWS\System32\1z9fbackdoor2459.exe

[2009/11/11 15:07:02 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old

[2009/11/11 14:07:54 | 000,016,759 | ---- | C] () -- C:\WINDOWS\System32\3d5fvi5z339.dll

[2009/11/11 14:07:54 | 000,015,922 | ---- | C] () -- C:\WINDOWS\System32\ea7zhreat5896.exe

[2009/11/11 14:07:54 | 000,009,989 | ---- | C] () -- C:\WINDOWS\System32\21381spa5b9z798.dll

[2009/11/11 14:07:54 | 000,009,443 | ---- | C] () -- C:\WINDOWS\System32\2955sp9mzot5fc.bin

[2009/11/11 14:07:54 | 000,005,041 | ---- | C] () -- C:\WINDOWS\System32\219fd5wnlzader3106.bin

[2009/11/11 14:07:54 | 000,005,005 | ---- | C] () -- C:\WINDOWS\System32\3045hac9tozl45d.exe

[2009/11/11 14:07:54 | 000,003,919 | ---- | C] () -- C:\WINDOWS\System32\95029spazbot93.exe

[2009/11/11 14:07:54 | 000,003,032 | ---- | C] () -- C:\WINDOWS\System32\561troj993z.bin

[2009/11/11 14:07:53 | 000,016,390 | ---- | C] () -- C:\WINDOWS\5cc9s9az5e1994.bin

[2009/11/11 14:07:53 | 000,016,294 | ---- | C] () -- C:\WINDOWS\15339spam9zt512.bin

[2009/11/11 14:07:53 | 000,015,436 | ---- | C] () -- C:\WINDOWS\System32\57124hackt9olzb5.bin

[2009/11/11 14:07:53 | 000,015,105 | ---- | C] () -- C:\WINDOWS\599bzhr9a513354.dll

[2009/11/11 14:07:53 | 000,014,675 | ---- | C] () -- C:\WINDOWS\System32\z7092not-a5virus5599.dll

[2009/11/11 14:07:53 | 000,008,305 | ---- | C] () -- C:\WINDOWS\System32\983aspyzare546.dll

[2009/11/11 14:07:53 | 000,003,989 | ---- | C] () -- C:\WINDOWS\916cthrea5z9216.bin

[2009/11/11 14:07:53 | 000,003,892 | ---- | C] () -- C:\WINDOWS\6965sz9mbot7df.dll

[2009/11/11 14:07:53 | 000,003,622 | ---- | C] () -- C:\WINDOWS\System32\15829py5dz.bin

[2009/11/11 14:07:53 | 000,003,354 | ---- | C] () -- C:\WINDOWS\65z9th9ef1549.dll

[2009/11/11 14:07:52 | 000,017,706 | ---- | C] () -- C:\WINDOWS\52e0spyware297z.exe

[2009/11/11 14:07:52 | 000,014,616 | ---- | C] () -- C:\WINDOWS\76519pz3e5.exe

[2009/11/11 14:07:52 | 000,013,301 | ---- | C] () -- C:\WINDOWS\2z999spy58c.bin

[2009/11/11 14:07:52 | 000,012,616 | ---- | C] () -- C:\WINDOWS\79fadownz9ade5702.dll

[2009/11/11 14:07:52 | 000,011,285 | ---- | C] () -- C:\WINDOWS\4111wor529z.dll

[2009/11/11 14:07:52 | 000,011,238 | ---- | C] () -- C:\WINDOWS\27z85h9ckto5l7b.dll

[2009/11/11 14:07:52 | 000,009,463 | ---- | C] () -- C:\WINDOWS\System32\3311dzwnloader9153.dll

[2009/11/11 14:07:52 | 000,006,923 | ---- | C] () -- C:\WINDOWS\47f0s9yw5rz171.bin

[2009/11/11 14:07:52 | 000,006,660 | ---- | C] () -- C:\WINDOWS\System32\5361zi9us255.dll

[2009/11/11 14:07:52 | 000,005,977 | ---- | C] () -- C:\WINDOWS\System32\17626wo5m29bz.bin

[2009/11/11 14:07:52 | 000,005,809 | ---- | C] () -- C:\WINDOWS\z4e6backdoor2985.exe

[2009/11/11 14:07:52 | 000,004,554 | ---- | C] () -- C:\WINDOWS\12357wormz39.exe

[2009/11/11 14:07:51 | 000,015,887 | ---- | C] () -- C:\WINDOWS\System32\4d9csp5rse40z.dll

[2009/11/11 14:07:51 | 000,015,211 | ---- | C] () -- C:\WINDOWS\3c1a5zdwar91358.dll

[2009/11/11 14:07:51 | 000,011,168 | ---- | C] () -- C:\WINDOWS\System32\9155viruz490.exe

[2009/11/11 14:07:51 | 000,010,438 | ---- | C] () -- C:\WINDOWS\9z479worm25e.exe

[2009/11/11 14:07:51 | 000,010,169 | ---- | C] () -- C:\WINDOWS\9aaethr5at2501z.dll

[2009/11/11 14:07:51 | 000,008,090 | ---- | C] () -- C:\WINDOWS\275z9tr9j251.dll

[2009/11/11 14:07:51 | 000,007,501 | ---- | C] () -- C:\WINDOWS\218fspy59ze538.dll

[2009/11/11 14:07:51 | 000,007,327 | ---- | C] () -- C:\WINDOWS\32294t5oj197z.bin

[2009/11/11 14:07:51 | 000,006,142 | ---- | C] () -- C:\WINDOWS\System32\19954spambotzc5.bin

[2009/11/11 14:07:51 | 000,004,440 | ---- | C] () -- C:\WINDOWS\a97thzef9415.dll

[2009/11/11 14:07:51 | 000,002,665 | ---- | C] () -- C:\WINDOWS\31975s9z3dd.dll

[2009/11/11 14:07:50 | 000,015,927 | ---- | C] () -- C:\WINDOWS\System32\d61d9w5zoader2756.dll

[2009/11/11 14:07:50 | 000,015,684 | ---- | C] () -- C:\WINDOWS\System32\17369v95zs719.dll

[2009/11/11 14:07:50 | 000,009,094 | ---- | C] () -- C:\WINDOWS\25z89spambo93f6.dll

[2009/11/11 14:07:50 | 000,006,062 | ---- | C] () -- C:\WINDOWS\System32\1z756viru56cc9.exe

[2009/11/11 14:07:50 | 000,005,336 | ---- | C] () -- C:\WINDOWS\43a25o9nloadzr2656.bin

[2009/11/11 14:07:48 | 000,015,757 | ---- | C] () -- C:\WINDOWS\System32\z2aat9ie52144.dll

[2009/11/11 14:07:48 | 000,013,488 | ---- | C] () -- C:\WINDOWS\System32\11925s5ambot2fz9.bin

[2009/11/11 14:07:48 | 000,013,103 | ---- | C] () -- C:\WINDOWS\22662wo95cz.dll

[2009/11/11 14:07:48 | 000,010,119 | ---- | C] () -- C:\WINDOWS\System32\22590worm6z95.bin

[2009/11/11 14:07:48 | 000,003,826 | ---- | C] () -- C:\WINDOWS\System32\26664hack9o5l402z.dll

[2009/11/11 14:07:47 | 000,017,305 | ---- | C] () -- C:\WINDOWS\System32\1ed2ad9war5z84.exe

[2009/11/11 14:07:47 | 000,016,211 | ---- | C] () -- C:\WINDOWS\228215oz-a-9irus1a7.exe

[2009/11/11 14:07:47 | 000,015,193 | ---- | C] () -- C:\WINDOWS\9581notza-virus7865.bin

[2009/11/11 14:07:47 | 000,012,028 | ---- | C] () -- C:\WINDOWS\1z72add9ar53016.bin

[2009/11/11 14:07:47 | 000,011,605 | ---- | C] () -- C:\WINDOWS\System32\1469not-5-vizus264.exe

[2009/11/11 14:07:47 | 000,007,431 | ---- | C] () -- C:\WINDOWS\5b0dthi9fz083.dll

[2009/11/11 14:07:47 | 000,003,396 | ---- | C] () -- C:\WINDOWS\System32\7c77tzie91533.dll

[2009/11/11 14:07:46 | 000,017,765 | ---- | C] () -- C:\WINDOWS\System32\95586spz7dc.exe

[2009/11/11 14:07:46 | 000,014,982 | ---- | C] () -- C:\WINDOWS\System32\2z2dbac5door904.exe

[2009/11/11 14:07:46 | 000,014,876 | ---- | C] () -- C:\WINDOWS\551sparse13z69.exe

[2009/11/11 14:07:46 | 000,013,776 | ---- | C] () -- C:\WINDOWS\System32\73519hzeat300185.dll

[2009/11/11 14:07:46 | 000,010,588 | ---- | C] () -- C:\WINDOWS\319aaddwar51691z.dll

[2009/11/11 14:07:46 | 000,007,711 | ---- | C] () -- C:\WINDOWS\19595spy794z.exe

[2009/11/11 14:07:45 | 000,016,463 | ---- | C] () -- C:\WINDOWS\z5975py7d9.bin

[2009/11/11 14:07:45 | 000,011,188 | ---- | C] () -- C:\WINDOWS\272199o5m679z.bin

[2009/11/11 14:07:45 | 000,006,070 | ---- | C] () -- C:\WINDOWS\System32\ae5thief9z08.bin

[2009/11/11 14:07:45 | 000,003,031 | ---- | C] () -- C:\WINDOWS\System32\11509wormzaa.dll

[2009/11/11 14:07:45 | 000,002,554 | ---- | C] () -- C:\WINDOWS\System32\58c6bazk9oor2475.exe

[2009/11/11 14:07:44 | 000,016,455 | ---- | C] () -- C:\WINDOWS\System32\181a59izf759.dll

[2009/11/11 14:07:44 | 000,012,638 | ---- | C] () -- C:\WINDOWS\1a0cstzal5930.bin

[2009/11/11 14:07:44 | 000,010,339 | ---- | C] () -- C:\WINDOWS\90155troj125z.exe

[2009/11/11 14:07:44 | 000,008,734 | ---- | C] () -- C:\WINDOWS\158839pyz495.exe

[2009/11/11 14:07:44 | 000,004,421 | ---- | C] () -- C:\WINDOWS\3395vzrus56c.bin

[2009/11/11 14:07:43 | 000,016,887 | ---- | C] () -- C:\WINDOWS\System32\23605zpy2709.exe

[2009/11/11 14:07:43 | 000,015,404 | ---- | C] () -- C:\WINDOWS\1311noz-9-5irus4bb.dll

[2009/11/11 14:07:43 | 000,015,246 | ---- | C] () -- C:\WINDOWS\System32\2d52do9nzoader2447.dll

[2009/11/11 14:07:43 | 000,013,301 | ---- | C] () -- C:\WINDOWS\25039not-azvi9us5a5.exe

[2009/11/11 14:07:43 | 000,012,007 | ---- | C] () -- C:\WINDOWS\656downloa9zr1748.bin

[2009/11/11 14:07:43 | 000,006,713 | ---- | C] () -- C:\WINDOWS\System32\1271st9zl955.bin

[2009/11/11 05:53:38 | 000,015,044 | ---- | C] () -- C:\WINDOWS\System32\25997worz705.bin

[2009/11/09 13:31:21 | 000,008,468 | ---- | C] () -- C:\WINDOWS\System32\24358troz195.dll

[2009/11/08 17:20:44 | 000,011,562 | ---- | C] () -- C:\WINDOWS\System32\2796spa5boz2df.exe

[2009/11/07 13:34:08 | 000,001,041 | ---- | C] () -- C:\Documents and Settings\RMK\Application Data\vso_ts_preview.xml

[2009/11/07 13:33:28 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\RMK\Application Data\inst.exe

[2009/11/07 13:33:28 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\RMK\Application Data\pcouffin.cat

[2009/11/07 13:33:28 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\RMK\Application Data\pcouffin.inf

[2009/11/05 17:04:11 | 000,006,290 | ---- | C] () -- C:\WINDOWS\System32\9978virusz285.bin

[2009/11/02 01:30:47 | 000,015,346 | ---- | C] () -- C:\WINDOWS\565z9py2d3.exe

[2009/10/27 17:10:53 | 000,013,367 | ---- | C] () -- C:\WINDOWS\System32\77e0ba5kdoorz094.dll

[2009/10/26 08:56:16 | 000,015,290 | ---- | C] () -- C:\WINDOWS\77zdvir11159.exe

[2009/10/23 11:06:55 | 000,009,012 | ---- | C] () -- C:\WINDOWS\3z877hack9o5l9c.exe

[2009/10/22 05:44:51 | 000,004,050 | ---- | C] () -- C:\WINDOWS\94004not-a5viruz1e.bin

[2009/10/18 04:46:02 | 000,014,618 | ---- | C] () -- C:\WINDOWS\6185i9z489.exe

[2009/10/17 20:31:59 | 000,009,518 | ---- | C] () -- C:\WINDOWS\System32\9259hazk5ool79e.bin

[2009/10/16 14:42:58 | 000,005,371 | ---- | C] () -- C:\WINDOWS\29449nzt9a-virus155.exe

[2009/10/14 08:38:59 | 000,010,782 | ---- | C] () -- C:\WINDOWS\13742w9rz61b5.dll

[2009/10/13 23:46:46 | 000,012,979 | ---- | C] () -- C:\WINDOWS\System32\7z75b9ck5oor1435.exe

[2009/10/13 03:39:26 | 000,011,237 | ---- | C] () -- C:\WINDOWS\System32\9z53downloader513.exe

[2009/10/12 19:12:21 | 000,003,389 | ---- | C] () -- C:\WINDOWS\System32\24995tzal2140.exe

[2009/10/10 02:49:59 | 000,004,258 | ---- | C] () -- C:\WINDOWS\zcdvir1594.dll

[2009/10/09 18:45:52 | 000,010,077 | ---- | C] () -- C:\WINDOWS\System32\3ze5steal9155.dll

[2009/10/08 08:16:03 | 000,013,795 | ---- | C] () -- C:\WINDOWS\9954hzckto9l39.dll

[2009/10/06 20:47:20 | 000,002,754 | ---- | C] () -- C:\WINDOWS\System32\67a95ir14z0.bin

[2009/10/05 01:31:26 | 000,008,112 | ---- | C] () -- C:\WINDOWS\System32\1e5fdo95loadzr825.exe

[2009/10/02 04:58:06 | 000,014,866 | ---- | C] () -- C:\WINDOWS\195aba5kdoor2429z.exe

[2009/09/29 00:37:03 | 000,018,320 | ---- | C] () -- C:\WINDOWS\System32\11043notz9-virus555.dll

[2009/09/28 02:01:51 | 000,007,894 | ---- | C] () -- C:\WINDOWS\System32\28590worm61z9.exe

[2009/09/27 01:22:49 | 000,012,083 | ---- | C] () -- C:\WINDOWS\z1045sp549.bin

[2009/09/26 00:44:12 | 000,006,527 | ---- | C] () -- C:\WINDOWS\System32\9a67sparse589z.dll

[2009/09/21 13:24:36 | 000,018,088 | ---- | C] () -- C:\WINDOWS\49zdsteal3059.exe

[2009/09/18 22:31:00 | 000,002,661 | ---- | C] () -- C:\WINDOWS\51z9spywar9505.exe

[2009/09/18 09:22:15 | 000,002,946 | ---- | C] () -- C:\WINDOWS\4z4fv5r9871.dll

[2009/09/14 18:19:01 | 000,008,316 | ---- | C] () -- C:\WINDOWS\System32\167589roz53d.exe

[2009/09/14 04:27:34 | 000,011,497 | ---- | C] () -- C:\WINDOWS\System32\55309py15z.dll

[2009/09/14 04:05:25 | 000,003,834 | ---- | C] () -- C:\WINDOWS\1fd5ste9l86z.exe

[2009/09/13 18:30:03 | 000,003,416 | ---- | C] () -- C:\WINDOWS\39488z5rme4.dll

[2009/09/13 10:29:11 | 000,014,703 | ---- | C] () -- C:\WINDOWS\System32\6e5zspyware8889.exe

[2009/09/08 01:14:36 | 000,009,820 | ---- | C] () -- C:\WINDOWS\System32\5dactz95f1547.exe

[2009/09/07 14:54:50 | 000,003,542 | ---- | C] () -- C:\WINDOWS\System32\30543spamz5t169.dll

[2009/09/06 21:27:54 | 000,009,927 | ---- | C] () -- C:\WINDOWS\30b8vi5491z.bin

[2009/09/02 11:10:47 | 000,003,964 | ---- | C] () -- C:\WINDOWS\System32\2b24addza9e1259.exe

[2009/08/27 15:23:24 | 000,007,215 | ---- | C] () -- C:\WINDOWS\System32\z4965not-a-v9rus594.exe

[2009/08/26 15:44:20 | 000,012,027 | ---- | C] () -- C:\WINDOWS\System32\594athief6z2.dll

[2009/08/26 04:04:33 | 000,012,375 | ---- | C] () -- C:\WINDOWS\586hzcktoo9192.dll

[2009/08/25 15:43:36 | 000,011,385 | ---- | C] () -- C:\WINDOWS\System32\2984t5oz598.dll

[2009/08/25 05:22:33 | 000,014,272 | ---- | C] () -- C:\WINDOWS\System32\5720zwor96d5.bin

[2009/08/24 19:50:58 | 000,003,041 | ---- | C] () -- C:\WINDOWS\System32\75645ownzoader2299.exe

[2009/08/22 19:26:07 | 000,006,999 | ---- | C] () -- C:\WINDOWS\5987thzeat15550.exe

[2009/08/18 09:02:06 | 000,016,310 | ---- | C] () -- C:\WINDOWS\590evir11z5.bin

[2009/08/17 14:15:12 | 000,006,173 | ---- | C] () -- C:\WINDOWS\4a0z95ef265.bin

[2009/08/15 13:14:46 | 000,006,667 | ---- | C] () -- C:\WINDOWS\System32\575zdownloa9er2962.exe

[2009/08/13 23:03:02 | 000,016,632 | ---- | C] () -- C:\WINDOWS\3z8addw9re536.exe

[2009/08/12 07:55:22 | 000,006,897 | ---- | C] () -- C:\WINDOWS\fc9zpywa5e2924.dll

[2009/08/12 04:51:18 | 000,017,010 | ---- | C] () -- C:\WINDOWS\System32\zc9csteal19675.bin

[2009/08/07 10:16:17 | 000,010,191 | ---- | C] () -- C:\WINDOWS\System32\zaedbackd9or2560.bin

[2009/08/06 00:22:34 | 000,002,820 | ---- | C] () -- C:\WINDOWS\60zf5ownloader9319.exe

[2009/08/05 08:29:29 | 000,005,694 | ---- | C] () -- C:\WINDOWS\12881s5yz239.dll

[2009/08/03 17:06:52 | 000,002,730 | ---- | C] () -- C:\WINDOWS\z568stea9889.exe

[2009/08/02 03:26:50 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI

[2009/07/28 04:11:20 | 000,011,721 | ---- | C] () -- C:\WINDOWS\System32\2573downlzad95172.dll

[2009/07/26 01:24:37 | 000,018,306 | ---- | C] () -- C:\WINDOWS\5zffaddware9217.bin

[2009/07/24 21:36:27 | 000,004,306 | ---- | C] () -- C:\WINDOWS\29996sp55ez.bin

[2009/07/23 01:24:41 | 000,008,118 | ---- | C] () -- C:\WINDOWS\3228downzoader589.exe

[2009/07/21 08:59:53 | 000,016,081 | ---- | C] () -- C:\WINDOWS\System32\z922959rm30f.bin

[2009/07/19 08:30:38 | 000,011,225 | ---- | C] () -- C:\WINDOWS\69fcsparse239z5.dll

[2009/07/18 13:53:50 | 000,012,163 | ---- | C] () -- C:\WINDOWS\System32\7709spyw5rez34.bin

[2009/07/15 10:47:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009/07/12 09:20:48 | 000,011,417 | ---- | C] () -- C:\WINDOWS\System32\19z5sparse5298.bin

[2009/07/10 01:23:52 | 000,015,280 | ---- | C] () -- C:\WINDOWS\8159no9-z5virus683.exe

[2009/07/08 22:59:23 | 000,005,884 | ---- | C] () -- C:\WINDOWS\System32\6015azdware2933.dll

[2009/07/04 19:09:38 | 000,005,695 | ---- | C] () -- C:\WINDOWS\System32\13523spy2b9z.dll

[2009/07/04 00:38:31 | 000,002,876 | ---- | C] () -- C:\WINDOWS\1599thr5atz941.dll

[2009/07/02 15:23:55 | 000,015,697 | ---- | C] () -- C:\WINDOWS\System32\10954no9-z-virus2f4.exe

[2009/07/02 13:50:35 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2009/06/28 03:31:43 | 000,015,256 | ---- | C] () -- C:\WINDOWS\System32\4ac35pyware149z.dll

[2009/06/26 01:12:39 | 000,012,191 | ---- | C] () -- C:\WINDOWS\System32\61b9bazkd5or2917.exe

[2009/06/25 18:07:41 | 000,016,593 | ---- | C] () -- C:\WINDOWS\4659zpambot5d95.bin

[2009/06/25 04:43:00 | 000,011,138 | ---- | C] () -- C:\WINDOWS\1500zir296.exe

[2009/06/24 02:25:19 | 000,018,136 | ---- | C] () -- C:\WINDOWS\System32\3d8795eaz1799.exe

[2009/06/23 21:01:54 | 000,003,368 | ---- | C] () -- C:\WINDOWS\System32\3b78adz5ar92068.exe

[2009/06/22 17:32:11 | 000,004,482 | ---- | C] () -- C:\WINDOWS\System32\46z1t5reat14098.bin

[2009/06/20 00:13:13 | 000,015,895 | ---- | C] () -- C:\WINDOWS\zb0fs9ywa5e3041.bin

[2009/06/17 07:39:14 | 000,047,616 | ---- | C] () -- C:\Documents and Settings\RMK\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/06/15 12:29:59 | 000,017,334 | ---- | C] () -- C:\WINDOWS\6609hackzool654.exe

[2009/06/13 22:44:41 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2009/06/13 20:11:24 | 000,006,076 | ---- | C] () -- C:\WINDOWS\5a68thrzat299169.dll

[2009/06/13 02:39:01 | 000,017,810 | ---- | C] () -- C:\WINDOWS\5869backdoorz602.dll

[2009/06/11 17:51:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009/06/11 17:50:14 | 000,266,208 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/06/11 16:46:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin

[2009/06/11 16:33:58 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2009/06/11 16:19:13 | 000,001,746 | ---- | C] () -- C:\WINDOWS\Language_trs.ini

[2009/06/11 16:18:32 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2009/06/11 16:18:15 | 000,035,285 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2009/06/11 16:18:14 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2009/06/11 16:04:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2009/06/11 16:00:21 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2009/06/07 01:25:39 | 000,012,428 | ---- | C] () -- C:\WINDOWS\System32\35665teal9899z.bin

[2009/06/06 10:02:35 | 000,008,852 | ---- | C] () -- C:\WINDOWS\6c36down5oader2901z.exe

[2009/06/03 00:05:53 | 000,004,827 | ---- | C] () -- C:\WINDOWS\25649wormz4e.exe

[2009/06/02 08:59:58 | 000,018,010 | ---- | C] () -- C:\WINDOWS\System32\50b1d5wnloazer3293.bin

[2009/05/28 06:36:35 | 000,013,059 | ---- | C] () -- C:\WINDOWS\System32\185zdow9loader62.bin

[2009/05/22 15:12:24 | 000,013,086 | ---- | C] () -- C:\WINDOWS\29287hackzool7c5.dll

[2009/05/18 04:38:52 | 000,003,225 | ---- | C] () -- C:\WINDOWS\System32\9z95orm19b.bin

[2009/05/17 21:48:02 | 000,009,406 | ---- | C] () -- C:\WINDOWS\System32\z73085irus499.dll

[2009/05/17 06:46:05 | 000,012,231 | ---- | C] () -- C:\WINDOWS\System32\z1594sp9mbot5cf.bin

[2009/05/14 14:28:08 | 000,013,288 | ---- | C] () -- C:\WINDOWS\98eszyware1351.exe

[2009/05/14 07:57:28 | 000,016,068 | ---- | C] () -- C:\WINDOWS\202z3vir9s15f.exe

[2009/05/12 17:06:03 | 000,012,531 | ---- | C] () -- C:\WINDOWS\System32\5610wormz59.exe

[2009/05/10 15:39:32 | 000,007,422 | ---- | C] () -- C:\WINDOWS\System32\51z6backd9or984.exe

[2009/05/10 13:48:10 | 000,015,769 | ---- | C] () -- C:\WINDOWS\2957spywarz796.exe

[2009/04/28 09:11:24 | 000,016,480 | ---- | C] () -- C:\WINDOWS\6ca45pyware90z1.exe

[2009/04/24 23:06:43 | 000,006,186 | ---- | C] () -- C:\WINDOWS\1ezs95rse1930.dll

[2009/04/22 09:58:11 | 000,007,074 | ---- | C] () -- C:\WINDOWS\31435troz59b.exe

[2009/04/21 08:33:25 | 000,010,183 | ---- | C] () -- C:\WINDOWS\System32\4e62s59az2904.dll

[2009/04/21 05:35:49 | 000,010,511 | ---- | C] () -- C:\WINDOWS\32125sp59boz455.bin

[2009/04/21 03:28:08 | 000,010,926 | ---- | C] () -- C:\WINDOWS\5446a9dware2z10.exe

[2009/04/20 18:02:57 | 000,015,203 | ---- | C] () -- C:\WINDOWS\2547zddwar95755.bin

[2009/04/20 13:03:24 | 000,015,704 | ---- | C] () -- C:\WINDOWS\System32\3z210hackt95l7f.bin

[2009/04/20 08:56:53 | 000,006,227 | ---- | C] () -- C:\WINDOWS\1f94tzief18055.bin

[2009/04/19 13:52:55 | 000,008,788 | ---- | C] () -- C:\WINDOWS\System32\289635irus63z.dll

[2009/04/17 08:22:00 | 000,018,266 | ---- | C] () -- C:\WINDOWS\System32\4d19downloa5er4z3.dll

[2009/04/16 15:01:20 | 000,003,835 | ---- | C] () -- C:\WINDOWS\27309nzt-a9viru53e1.exe

[2009/04/16 08:04:35 | 000,006,468 | ---- | C] () -- C:\WINDOWS\System32\319at5ief159z.dll

[2009/04/16 05:20:02 | 000,013,048 | ---- | C] () -- C:\WINDOWS\System32\28965ownloazer1907.bin

[2009/04/16 00:57:16 | 000,012,651 | ---- | C] () -- C:\WINDOWS\System32\59064viz9s3f5.bin

[2009/04/13 16:49:25 | 000,002,874 | ---- | C] () -- C:\WINDOWS\System32\9197tr9j45fz.bin

[2009/04/13 15:32:16 | 000,008,039 | ---- | C] () -- C:\WINDOWS\1389zspy95f.exe

[2009/04/12 12:38:33 | 000,017,158 | ---- | C] () -- C:\WINDOWS\1a0csp9rse5z1.exe

[2009/04/07 17:48:50 | 000,011,214 | ---- | C] () -- C:\WINDOWS\615evzr9706.bin

[2009/04/05 17:27:35 | 000,013,532 | ---- | C] () -- C:\WINDOWS\System32\6032sp59z0.dll

[2009/04/03 18:42:05 | 000,011,286 | ---- | C] () -- C:\WINDOWS\System32\28961sz5c1.exe

[2009/04/01 08:49:22 | 000,007,329 | ---- | C] () -- C:\WINDOWS\System32\296129pyz85.bin

[2009/03/28 22:17:01 | 000,014,295 | ---- | C] () -- C:\WINDOWS\8899te5lz80.exe

[2009/03/27 15:16:22 | 000,007,843 | ---- | C] () -- C:\WINDOWS\System32\5c39thzeat29335.bin

[2009/03/27 06:54:54 | 000,003,941 | ---- | C] () -- C:\WINDOWS\2967szambo594a.exe

[2009/03/26 13:33:32 | 000,011,034 | ---- | C] () -- C:\WINDOWS\540zbackdoor28269.bin

[2009/03/26 00:23:34 | 000,010,578 | ---- | C] () -- C:\WINDOWS\System32\188625z9ktool36.bin

[2009/03/25 11:19:04 | 000,003,065 | ---- | C] () -- C:\WINDOWS\System32\1a96spazs5952.exe

[2009/03/22 01:21:59 | 000,006,279 | ---- | C] () -- C:\WINDOWS\System32\2650spam9ot3f5z.dll

[2009/03/20 01:19:05 | 000,012,579 | ---- | C] () -- C:\WINDOWS\System32\af9zhreat5238.dll

[2009/03/19 01:26:34 | 000,002,619 | ---- | C] () -- C:\WINDOWS\System32\24918t5zja7.dll

[2009/03/17 10:29:43 | 000,005,852 | ---- | C] () -- C:\WINDOWS\15499py7zf.bin

[2009/03/14 12:49:48 | 000,002,746 | ---- | C] () -- C:\WINDOWS\System32\15129spa5bzt34.bin

[2009/03/13 06:04:29 | 000,015,158 | ---- | C] () -- C:\WINDOWS\System32\9312w5rz7db.dll

[2009/03/13 04:15:19 | 000,010,618 | ---- | C] () -- C:\WINDOWS\System32\137549iruz5c8.dll

[2009/03/09 10:49:27 | 000,003,566 | ---- | C] () -- C:\WINDOWS\181c5ownloade9z871.dll

[2009/03/03 01:57:27 | 000,009,017 | ---- | C] () -- C:\WINDOWS\3fz25hief19409.exe

[2009/03/01 18:05:20 | 000,004,993 | ---- | C] () -- C:\WINDOWS\System32\65fzthreat19912.bin

[2009/02/26 05:10:09 | 000,013,399 | ---- | C] () -- C:\WINDOWS\24331vir9sz45.exe

[2009/02/23 17:43:11 | 000,005,187 | ---- | C] () -- C:\WINDOWS\7e21spy5ar9z71.exe

[2009/02/23 13:20:46 | 000,014,891 | ---- | C] () -- C:\WINDOWS\4b78d5z9loader3.bin

[2009/02/21 02:24:02 | 000,003,851 | ---- | C] () -- C:\WINDOWS\System32\6edz95r1235.bin

[2009/02/20 19:33:08 | 000,012,783 | ---- | C] () -- C:\WINDOWS\1523not-a-5i9uz645.bin

[2009/02/19 09:49:35 | 000,005,090 | ---- | C] () -- C:\WINDOWS\System32\3656azdware9645.bin

[2009/02/19 05:50:40 | 000,005,786 | ---- | C] () -- C:\WINDOWS\System32\z75959eal762.bin

[2009/02/17 21:45:11 | 000,003,107 | ---- | C] () -- C:\WINDOWS\System32\4562tzr5at29855.dll

[2009/02/13 21:05:12 | 000,006,560 | ---- | C] () -- C:\WINDOWS\1606dowzloade922525.bin

[2009/02/11 23:24:42 | 000,011,335 | ---- | C] () -- C:\WINDOWS\10z91spy5a.bin

[2009/02/11 09:34:29 | 000,003,750 | ---- | C] () -- C:\WINDOWS\System32\z2391sp56fb.bin

[2009/02/09 20:45:48 | 000,014,543 | ---- | C] () -- C:\WINDOWS\756fdownlo5de91959z.exe

[2009/02/09 15:18:07 | 000,017,313 | ---- | C] () -- C:\WINDOWS\System32\5559sp9mbot355z.bin

[2009/02/08 21:49:15 | 000,005,906 | ---- | C] () -- C:\WINDOWS\System32\944thrzat15799.dll

[2009/02/08 12:02:53 | 000,011,191 | ---- | C] () -- C:\WINDOWS\1z69ir2554.exe

[2009/02/04 12:43:12 | 000,004,997 | ---- | C] () -- C:\WINDOWS\System32\69789pywaze2595.bin

[2009/02/03 04:18:31 | 000,004,684 | ---- | C] () -- C:\WINDOWS\6c43s9ywar524z1.bin

[2009/02/02 18:17:34 | 000,002,933 | ---- | C] () -- C:\WINDOWS\System32\15z14ha9ktool3b1.exe

[2009/02/01 14:27:31 | 000,009,976 | ---- | C] () -- C:\WINDOWS\System32\9637s5eal51z.bin

[2009/01/28 20:06:43 | 000,015,102 | ---- | C] () -- C:\WINDOWS\System32\20495vzrus718.bin

[2009/01/26 21:30:44 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\18ez9i52186.exe

[2009/01/26 20:35:22 | 000,006,691 | ---- | C] () -- C:\WINDOWS\System32\5341vi9uszba.dll

[2009/01/23 20:28:26 | 000,012,742 | ---- | C] () -- C:\WINDOWS\System32\10360sp9z25.exe

[2009/01/19 02:03:44 | 000,003,236 | ---- | C] () -- C:\WINDOWS\2za5spa9se2189.dll

[2009/01/18 07:15:36 | 000,011,541 | ---- | C] () -- C:\WINDOWS\System32\99z97sp554d.exe

[2009/01/17 04:03:59 | 000,016,816 | ---- | C] () -- C:\WINDOWS\5270spam9z5167.exe

[2009/01/15 20:29:18 | 000,013,483 | ---- | C] () -- C:\WINDOWS\System32\4655zhreat25479.dll

[2009/01/13 09:18:07 | 000,010,831 | ---- | C] () -- C:\WINDOWS\3ed0doznl5ader962.dll

[2009/01/08 23:16:26 | 000,014,799 | ---- | C] () -- C:\WINDOWS\System32\3z807not5a-virus1a9.bin

[2009/01/08 18:34:13 | 000,011,626 | ---- | C] () -- C:\WINDOWS\System32\14149ddwarez595.dll

[2009/01/08 16:48:55 | 000,016,000 | ---- | C] () -- C:\WINDOWS\13c5sz95se872.bin

[2009/01/07 11:00:18 | 000,017,592 | ---- | C] () -- C:\WINDOWS\50dbb9ckdoor232z.dll

[2009/01/01 15:58:14 | 000,016,482 | ---- | C] () -- C:\WINDOWS\173155acktoo934z.bin

[2008/12/27 22:57:27 | 000,010,695 | ---- | C] () -- C:\WINDOWS\19865vzrus291.exe

[2008/12/27 16:23:17 | 000,003,269 | ---- | C] () -- C:\WINDOWS\z220859y158.dll

[2008/12/27 00:20:03 | 000,005,457 | ---- | C] () -- C:\WINDOWS\8999h59ktool6a5z.exe

[2008/12/22 20:01:18 | 000,016,357 | ---- | C] () -- C:\WINDOWS\System32\211859rzj595.exe

[2008/12/20 19:11:26 | 000,012,215 | ---- | C] () -- C:\WINDOWS\1379zwor520e.dll

[2008/12/19 04:44:41 | 000,015,306 | ---- | C] () -- C:\WINDOWS\1fac5zyware955.exe

[2008/12/17 15:52:13 | 000,008,607 | ---- | C] () -- C:\WINDOWS\System32\3357t9oj3zb5.dll

[2008/12/17 02:53:54 | 000,017,121 | ---- | C] () -- C:\WINDOWS\4d5eadzware9219.exe

[2008/12/16 23:44:20 | 000,016,519 | ---- | C] () -- C:\WINDOWS\System32\149addw5re23z.exe

[2008/12/15 09:03:51 | 000,017,959 | ---- | C] () -- C:\WINDOWS\System32\95859szambot455.exe

[2008/12/13 08:18:18 | 000,012,037 | ---- | C] () -- C:\WINDOWS\4106not-a9vir5sz18.exe

[2008/12/11 21:03:21 | 000,009,703 | ---- | C] () -- C:\WINDOWS\1875z9roj2495.dll

[2008/12/11 07:05:28 | 000,009,784 | ---- | C] () -- C:\WINDOWS\3a87zhief2935.dll

[2008/12/10 03:29:22 | 000,002,959 | ---- | C] () -- C:\WINDOWS\System32\6550v5r91z5.dll

[2008/12/07 05:23:15 | 000,009,419 | ---- | C] () -- C:\WINDOWS\System32\2229ziru52f8.exe

[2008/12/02 12:28:03 | 000,008,822 | ---- | C] () -- C:\WINDOWS\System32\5fz9p5rse1299.dll

[2008/11/24 16:05:49 | 000,015,787 | ---- | C] () -- C:\WINDOWS\5z8dst59l719.exe

[2008/11/23 07:25:35 | 000,004,272 | ---- | C] () -- C:\WINDOWS\3e23sp5waze25099.dll

[2008/11/21 00:17:04 | 000,004,197 | ---- | C] () -- C:\WINDOWS\System32\zd79vir1536.dll

[2008/11/19 13:05:12 | 000,018,311 | ---- | C] () -- C:\WINDOWS\zc859ddware1231.bin

[2008/11/17 00:53:14 | 000,003,698 | ---- | C] () -- C:\WINDOWS\3z55spy75d9.bin

[2008/11/16 07:18:17 | 000,012,689 | ---- | C] () -- C:\WINDOWS\99907spy5z55.bin

[2008/11/14 14:03:05 | 000,006,588 | ---- | C] () -- C:\WINDOWS\System32\2z41sp5m9ot791.exe

[2008/11/13 04:38:32 | 000,013,168 | ---- | C] () -- C:\WINDOWS\245335azktool7f89.bin

[2008/11/11 02:29:44 | 000,005,047 | ---- | C] () -- C:\WINDOWS\9257not-9-vzrus51.bin

[2008/11/09 15:16:58 | 000,006,711 | ---- | C] () -- C:\WINDOWS\3901sp5mbot7z9.dll

[2008/11/08 04:25:32 | 000,018,246 | ---- | C] () -- C:\WINDOWS\5a9abzckdoor1426.dll

[2008/11/07 22:43:36 | 000,007,116 | ---- | C] () -- C:\WINDOWS\System32\36e2a9dzare5648.bin

[2008/11/07 11:18:18 | 000,003,356 | ---- | C] () -- C:\WINDOWS\1594thzef1517.exe

[2008/11/04 03:38:22 | 000,014,830 | ---- | C] () -- C:\WINDOWS\16255hackt9ol57z.bin

[2008/11/01 20:50:25 | 000,011,373 | ---- | C] () -- C:\WINDOWS\597z9pambot2a0.dll

[2008/10/24 02:44:06 | 000,018,296 | ---- | C] () -- C:\WINDOWS\75z5dow9load5r1482.bin

[2008/10/23 10:51:51 | 000,003,106 | ---- | C] () -- C:\WINDOWS\93281zorm453.bin

[2008/10/21 22:21:01 | 000,006,581 | ---- | C] () -- C:\WINDOWS\z49baddwar54569.exe

[2008/10/21 00:10:26 | 000,007,062 | ---- | C] () -- C:\WINDOWS\z215addwa9e3264.dll

[2008/10/20 20:40:04 | 000,016,904 | ---- | C] () -- C:\WINDOWS\19832zirus395.exe

[2008/10/18 15:15:09 | 000,015,308 | ---- | C] () -- C:\WINDOWS\95cs5eal992z.dll

[2008/10/16 15:50:03 | 000,007,006 | ---- | C] () -- C:\WINDOWS\7a52spywaze2903.dll

[2008/10/15 21:46:14 | 000,013,703 | ---- | C] () -- C:\WINDOWS\System32\1900295rus39z.dll

[2008/10/11 06:59:31 | 000,014,865 | ---- | C] () -- C:\WINDOWS\System32\310z3hackt9ol751.exe

[2008/10/10 05:34:43 | 000,009,950 | ---- | C] () -- C:\WINDOWS\System32\5959sparse132z.bin

[2008/10/09 23:32:29 | 000,016,910 | ---- | C] () -- C:\WINDOWS\System32\7260szy5b69.dll

[2008/10/08 02:37:34 | 000,014,402 | ---- | C] () -- C:\WINDOWS\System32\5bcfbackdooz9114.bin

[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll

[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll

[2008/10/06 12:32:58 | 000,008,273 | ---- | C] () -- C:\WINDOWS\System32\4c5zdo5nl9ader1655.bin

[2008/10/05 17:54:26 | 000,012,165 | ---- | C] () -- C:\WINDOWS\System32\25215not-a-v9rzs580.dll

[2008/10/05 15:22:17 | 000,012,713 | ---- | C] () -- C:\WINDOWS\System32\92fv5r8z6.dll

[2008/10/03 10:21:41 | 000,005,038 | ---- | C] () -- C:\WINDOWS\4904sparze2757.exe

[2008/09/27 19:04:08 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\5z09threat5187.bin

[2008/09/27 13:18:32 | 000,003,905 | ---- | C] () -- C:\WINDOWS\System32\7219steal2518z.bin

[2008/09/25 00:04:37 | 000,017,184 | ---- | C] () -- C:\WINDOWS\System32\3z57thr5at20921.dll

[2008/09/24 08:39:07 | 000,003,806 | ---- | C] () -- C:\WINDOWS\System32\45c4th5ez2499.bin

[2008/09/21 23:26:02 | 000,018,179 | ---- | C] () -- C:\WINDOWS\System32\5ce7thi952517z.dll

[2008/09/19 17:04:20 | 000,015,972 | ---- | C] () -- C:\WINDOWS\282975orm5afz.dll

[2008/09/19 13:40:13 | 000,015,109 | ---- | C] () -- C:\WINDOWS\55716zackto9lf2.dll

[2008/09/19 07:14:20 | 000,007,284 | ---- | C] () -- C:\WINDOWS\1fz6dow5loader1988.exe

[2008/09/18 15:37:42 | 000,008,286 | ---- | C] () -- C:\WINDOWS\2256vzr990.dll

[2008/09/12 22:36:17 | 000,018,267 | ---- | C] () -- C:\WINDOWS\System32\49fedow5loader11z5.dll

[2008/09/09 00:48:19 | 000,012,960 | ---- | C] () -- C:\WINDOWS\166z5hac9tool3.bin

[2008/09/08 05:56:36 | 000,012,677 | ---- | C] () -- C:\WINDOWS\System32\a99th5ef247z.dll

[2008/09/01 14:23:30 | 000,005,178 | ---- | C] () -- C:\WINDOWS\System32\zf5downl9a5er2373.bin

[2008/08/24 22:51:37 | 000,017,673 | ---- | C] () -- C:\WINDOWS\7ca0ste5lz97.dll

[2008/08/18 02:52:13 | 000,013,736 | ---- | C] () -- C:\WINDOWS\System32\f595hizf1689.exe

[2008/08/11 22:23:36 | 000,004,154 | ---- | C] () -- C:\WINDOWS\System32\28518zo9m58c.dll

[2008/08/09 12:54:50 | 000,014,540 | ---- | C] () -- C:\WINDOWS\System32\585thzef11559.dll

[2008/08/09 11:27:19 | 000,013,178 | ---- | C] () -- C:\WINDOWS\5z99t5reat18693.bin

[2008/08/09 00:22:24 | 000,005,903 | ---- | C] () -- C:\WINDOWS\652steal39z5.bin

[2008/08/05 09:54:06 | 000,003,474 | ---- | C] () -- C:\WINDOWS\30415tr9z30d.dll

[2008/08/05 04:03:36 | 000,004,090 | ---- | C] () -- C:\WINDOWS\585z3virus4289.exe

[2008/08/02 15:45:00 | 000,007,228 | ---- | C] () -- C:\WINDOWS\29adbackzoor10285.bin

[2008/07/23 10:38:02 | 000,007,524 | ---- | C] () -- C:\WINDOWS\23z35hac9t5ol273.dll

[2008/07/19 12:05:22 | 000,007,653 | ---- | C] () -- C:\WINDOWS\4ba75pyware9z56.bin

[2008/07/18 14:40:02 | 000,008,368 | ---- | C] () -- C:\WINDOWS\System32\598zdownloader3111.dll

[2008/07/18 13:06:44 | 000,013,847 | ---- | C] () -- C:\WINDOWS\System32\8579orz534.dll

[2008/07/15 18:41:01 | 000,007,987 | ---- | C] () -- C:\WINDOWS\1963not-azv5rus6be.bin

[2008/07/13 18:02:31 | 000,004,253 | ---- | C] () -- C:\WINDOWS\9zf7s5arse2819.dll

[2008/07/12 21:00:38 | 000,014,298 | ---- | C] () -- C:\WINDOWS\System32\22z9a9dw5re493.bin

[2008/07/12 07:09:15 | 000,013,402 | ---- | C] () -- C:\WINDOWS\28zethre9t25192.bin

[2008/07/09 23:00:20 | 000,003,583 | ---- | C] () -- C:\WINDOWS\132195zojc3.bin

[2008/07/09 19:51:28 | 000,016,262 | ---- | C] () -- C:\WINDOWS\System32\5491haczto5l693.exe

[2008/07/05 07:41:58 | 000,003,160 | ---- | C] () -- C:\WINDOWS\System32\6102ad5wa9e85z.exe

[2008/07/05 06:02:18 | 000,009,419 | ---- | C] () -- C:\WINDOWS\243795py7bz.bin

[2008/07/01 16:06:47 | 000,010,847 | ---- | C] () -- C:\WINDOWS\System32\35adv9r178z.bin

[2008/06/28 23:50:31 | 000,007,084 | ---- | C] () -- C:\WINDOWS\20179sp9mbot25az.dll

[2008/06/22 23:43:52 | 000,015,939 | ---- | C] () -- C:\WINDOWS\32929ir2z55.dll

[2008/06/21 13:12:35 | 000,009,558 | ---- | C] () -- C:\WINDOWS\System32\5845zpy5069.dll

[2008/06/19 07:47:09 | 000,018,290 | ---- | C] () -- C:\WINDOWS\System32\29544szy161.dll

[2008/06/19 07:17:35 | 000,012,311 | ---- | C] () -- C:\WINDOWS\95b6threat322z6.exe

[2008/06/17 15:46:05 | 000,014,788 | ---- | C] () -- C:\WINDOWS\28509spamb9t55z.exe

[2008/06/17 14:15:08 | 000,007,074 | ---- | C] () -- C:\WINDOWS\System32\659b5ir229z9.bin

[2008/06/16 23:00:20 | 000,008,539 | ---- | C] () -- C:\WINDOWS\System32\4553add9ar5z397.bin

[2008/06/16 14:19:16 | 000,017,076 | ---- | C] () -- C:\WINDOWS\37d1back9zor2593.exe

[2008/06/15 23:39:55 | 000,008,384 | ---- | C] () -- C:\WINDOWS\z795tro991.dll

[2008/06/15 11:11:32 | 000,009,922 | ---- | C] () -- C:\WINDOWS\System32\445fvir294z.bin

[2008/06/14 18:34:37 | 000,005,713 | ---- | C] () -- C:\WINDOWS\157589ot-z-virus331.bin

[2008/06/14 14:25:54 | 000,013,640 | ---- | C] () -- C:\WINDOWS\18298hack9ool55z.bin

[2008/06/07 18:13:18 | 000,014,972 | ---- | C] () -- C:\WINDOWS\System32\14z56spy51f9.dll

[2008/06/07 14:56:57 | 000,009,703 | ---- | C] () -- C:\WINDOWS\System32\z09v5r20979.dll

[2008/06/07 03:05:53 | 000,002,868 | ---- | C] () -- C:\WINDOWS\21938s5y3z29.exe

[2008/06/02 19:10:49 | 000,011,986 | ---- | C] () -- C:\WINDOWS\70195zrus156.bin

[2008/06/02 12:03:15 | 000,003,195 | ---- | C] () -- C:\WINDOWS\System32\6129spywarz9531.dll

[2008/05/27 02:08:24 | 000,012,701 | ---- | C] () -- C:\WINDOWS\9z19pambot505.dll

[2008/05/26 08:21:38 | 000,004,859 | ---- | C] () -- C:\WINDOWS\173775iru91b3z.bin

[2008/05/25 08:38:58 | 000,016,368 | ---- | C] () -- C:\WINDOWS\8909v5rzs436.dll

[2008/05/21 07:52:02 | 000,014,989 | ---- | C] () -- C:\WINDOWS\3960s5a9ze1384.bin

[2008/05/18 12:31:20 | 000,011,440 | ---- | C] () -- C:\WINDOWS\5559troj4ez.exe

[2008/05/17 08:33:01 | 000,009,648 | ---- | C] () -- C:\WINDOWS\1zc5stea9912.exe

[2008/05/16 07:57:18 | 000,003,225 | ---- | C] () -- C:\WINDOWS\8504t9oj65cz.dll

[2008/05/15 21:55:27 | 000,012,678 | ---- | C] () -- C:\WINDOWS\System32\1d90stea92z51.exe

[2008/05/13 12:38:18 | 000,017,906 | ---- | C] () -- C:\WINDOWS\System32\z30threa930595.exe

[2008/05/09 16:22:40 | 000,007,425 | ---- | C] () -- C:\WINDOWS\System32\5519thiez3584.dll

[2008/05/09 11:33:44 | 000,010,993 | ---- | C] () -- C:\WINDOWS\System32\z9564viru53e7.bin

[2008/05/06 13:51:06 | 000,010,394 | ---- | C] () -- C:\WINDOWS\System32\221379zy552.dll

[2008/05/05 17:09:06 | 000,011,131 | ---- | C] () -- C:\WINDOWS\System32\15spam9otzf9.exe

[2008/05/05 05:37:31 | 000,014,729 | ---- | C] () -- C:\WINDOWS\System32\325aspa5sez1909.exe

[2008/04/27 12:51:08 | 000,003,522 | ---- | C] () -- C:\WINDOWS\System32\78bfad9wa5e672z.dll

[2008/04/23 17:58:08 | 000,002,967 | ---- | C] () -- C:\WINDOWS\6503vir46z9.dll

[2008/04/22 12:52:58 | 000,008,602 | ---- | C] () -- C:\WINDOWS\30991zpy1955.bin

[2008/04/19 04:20:11 | 000,014,071 | ---- | C] () -- C:\WINDOWS\System32\24315troj1cz9.bin

[2008/04/18 01:53:03 | 000,016,693 | ---- | C] () -- C:\WINDOWS\System32\6b94thi9z2515.exe

[2008/04/15 13:32:29 | 000,002,776 | ---- | C] () -- C:\WINDOWS\System32\23544w5rm75z9.exe

[2008/04/11 21:24:47 | 000,003,604 | ---- | C] () -- C:\WINDOWS\3bazs9eal656.bin

[2008/04/11 04:53:09 | 000,007,595 | ---- | C] () -- C:\WINDOWS\5d7ea9dware191z5.dll

[2008/04/11 03:13:28 | 000,002,859 | ---- | C] () -- C:\WINDOWS\System32\50739wzrm40b.dll

[2008/04/08 16:41:49 | 000,009,207 | ---- | C] () -- C:\WINDOWS\System32\90z2not-9-vir5s6c.bin

[2008/04/08 07:47:58 | 000,011,611 | ---- | C] () -- C:\WINDOWS\System32\537zbackdo9r2395.exe

[2008/04/06 21:59:32 | 000,012,226 | ---- | C] () -- C:\WINDOWS\74z9stea53024.exe

[2008/04/04 22:58:23 | 000,013,616 | ---- | C] () -- C:\WINDOWS\22b35hreat91z99.dll

[2008/04/04 06:34:52 | 000,014,920 | ---- | C] () -- C:\WINDOWS\System32\3f299hzeat56699.bin

[2008/04/01 05:40:33 | 000,003,662 | ---- | C] () -- C:\WINDOWS\System32\4559spy9arz5920.bin

[2008/03/28 22:58:16 | 000,009,536 | ---- | C] () -- C:\WINDOWS\2678hac9to5l10cz.dll

[2008/03/27 11:32:31 | 000,015,088 | ---- | C] () -- C:\WINDOWS\System32\z5362w9rm28f.exe

[2008/03/25 07:22:05 | 000,005,512 | ---- | C] () -- C:\WINDOWS\6f519hreaz310605.bin

[2008/03/23 07:12:24 | 000,006,233 | ---- | C] () -- C:\WINDOWS\13585h9cktzol3d1.bin

[2008/03/16 17:29:35 | 000,009,201 | ---- | C] () -- C:\WINDOWS\System32\19614spy1z05.exe

[2008/03/16 04:35:55 | 000,006,103 | ---- | C] () -- C:\WINDOWS\2559zhief2490.bin

[2008/03/12 19:20:09 | 000,009,495 | ---- | C] () -- C:\WINDOWS\System32\310z2tro95475.exe

[2008/03/07 01:20:17 | 000,013,875 | ---- | C] () -- C:\WINDOWS\System32\512ev9rz556.dll

[2008/03/05 11:15:09 | 000,003,131 | ---- | C] () -- C:\WINDOWS\758ethre5t3z916.dll

[2008/03/02 14:34:17 | 000,008,478 | ---- | C] () -- C:\WINDOWS\19103hackto9l55z.exe

[2008/02/28 16:07:50 | 000,005,388 | ---- | C] () -- C:\WINDOWS\System32\1c5sparse50z29.dll

[2008/02/25 11:59:12 | 000,003,153 | ---- | C] () -- C:\WINDOWS\System32\99a5tzreat16425.bin

[2008/02/25 06:42:13 | 000,013,801 | ---- | C] () -- C:\WINDOWS\263179roz59d.bin

[2008/02/24 22:07:30 | 000,015,735 | ---- | C] () -- C:\WINDOWS\System32\29722not-a-virus2z55.exe

[2008/02/24 06:09:52 | 000,016,175 | ---- | C] () -- C:\WINDOWS\5916vir3z38.exe

[2008/02/23 14:48:16 | 000,015,711 | ---- | C] () -- C:\WINDOWS\321z9ha5ktool7c9.dll

[2008/02/20 19:43:24 | 000,011,219 | ---- | C] () -- C:\WINDOWS\System32\6e875pywaze9560.exe

[2008/02/19 19:30:47 | 000,013,544 | ---- | C] () -- C:\WINDOWS\1809zir5595.exe

[2008/02/17 11:59:08 | 000,011,952 | ---- | C] () -- C:\WINDOWS\System32\189z5wnloader1599.bin

[2008/02/17 08:58:58 | 000,011,876 | ---- | C] () -- C:\WINDOWS\5f2z5ddwa9e693.bin

[2008/02/14 22:58:38 | 000,009,194 | ---- | C] () -- C:\WINDOWS\System32\17b9downloz5er1696.exe

[2008/02/14 13:56:56 | 000,006,298 | ---- | C] () -- C:\WINDOWS\System32\23977w5zm51.bin

[2008/02/13 15:44:12 | 000,002,709 | ---- | C] () -- C:\WINDOWS\10z5threa913269.dll

[2008/02/12 17:56:38 | 000,009,134 | ---- | C] () -- C:\WINDOWS\System32\32349hackt5ol45z.dll

[2008/02/12 04:46:57 | 000,012,616 | ---- | C] () -- C:\WINDOWS\System32\199dbac5dzor681.dll

[2008/02/10 15:51:47 | 000,009,924 | ---- | C] () -- C:\WINDOWS\20477s9amzot7155.bin

[2008/02/08 20:11:47 | 000,009,839 | ---- | C] () -- C:\WINDOWS\15975zr302.exe

[2008/02/07 10:39:56 | 000,011,988 | ---- | C] () -- C:\WINDOWS\System32\47zast9al501.exe

[2008/02/07 02:04:41 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\1712threat9655z.dll

[2008/02/03 19:04:00 | 000,012,278 | ---- | C] () -- C:\WINDOWS\2d2fstealz359.exe

[2008/02/01 23:45:23 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\5d7z59arse2981.dll

[2008/01/25 12:46:18 | 000,005,407 | ---- | C] () -- C:\WINDOWS\System32\49bbthrez926156.dll

[2008/01/24 19:33:04 | 000,016,183 | ---- | C] () -- C:\WINDOWS\59e9downlozde53233.exe

[2008/01/23 11:20:26 | 000,006,187 | ---- | C] () -- C:\WINDOWS\System32\4z5cspyware959.exe

[2008/01/19 14:55:13 | 000,004,547 | ---- | C] () -- C:\WINDOWS\System32\574z8sp97c0.dll

[2008/01/17 19:58:21 | 000,005,638 | ---- | C] () -- C:\WINDOWS\17evz59178.dll

[2008/01/17 09:29:12 | 000,008,302 | ---- | C] () -- C:\WINDOWS\System32\4527haczt9ol521.dll

[2008/01/15 07:15:17 | 000,006,502 | ---- | C] () -- C:\WINDOWS\System32\37395azktool649.exe

[2008/01/12 04:49:04 | 000,003,309 | ---- | C] () -- C:\WINDOWS\System32\3e9avir31z5.dll

[2008/01/09 07:36:32 | 000,006,153 | ---- | C] () -- C:\WINDOWS\System32\4807zhief8579.bin

[2008/01/09 03:27:05 | 000,007,586 | ---- | C] () -- C:\WINDOWS\9794wo5m395z.exe

[2008/01/08 19:42:22 | 000,015,027 | ---- | C] () -- C:\WINDOWS\13151spamz955d5.dll

[2008/01/05 11:45:31 | 000,018,013 | ---- | C] () -- C:\WINDOWS\1ea4threzt95055.bin

[2008/01/01 18:32:22 | 000,003,723 | ---- | C] () -- C:\WINDOWS\System32\z8e3do9n5oader536.dll

[2006/03/18 15:16:04 | 000,540,178 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll

[2004/08/04 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2004/08/04 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004/08/04 14:00:00 | 000,443,588 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2004/08/04 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004/08/04 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004/08/04 14:00:00 | 000,071,846 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2004/08/04 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004/08/04 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004/08/04 14:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

[2004/08/04 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004/08/04 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2004/08/04 14:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2004/08/04 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/04/13 07:12:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest

[2011/07/06 07:20:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10

[2011/05/05 12:55:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

[2009/07/02 10:14:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus

[2009/12/25 14:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare

[2010/09/18 13:08:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software

[2011/02/28 20:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited

[2011/03/15 16:04:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2010/12/25 12:28:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX

[2010/09/11 13:55:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Linksys

[2011/05/05 16:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2009/06/15 07:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Miracle

[2010/08/21 09:35:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2009/11/07 13:58:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk

[2010/09/11 13:55:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{35ACA973-70F0-495F-9092-74A130711865}

[2011/05/05 16:16:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RMK\Application Data\AVG10

[2011/04/23 22:20:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RMK\Application Data\AVG9

[2009/07/03 01:44:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RMK\Application Data\Azureus

[2011/07/05 07:40:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RMK\Application Data\BitTorrent

[2011/02/28 20:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RMK\Application Data\Canneverbe Limited

[2010/06/30 05:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RMK\Application Data\FOG Downloader

[2009/07/31 08:58:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RMK\Application Data\ImgBurn

[2010/10/05 16:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RMK\Application Data\Notepad++

[2010/09/18 12:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RMK\Application Data\Sony

[2011/07/05 02:42:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RMK\Application Data\Vso

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >

[2004/08/04 14:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\explorer.exe

[2004/08/04 14:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SVCHOST.EXE >

[2004/08/04 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\dllcache\svchost.exe

[2004/08/04 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >

[2004/08/04 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\dllcache\userinit.exe

[2004/08/04 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >

[2004/08/04 14:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\dllcache\winlogon.exe

[2004/08/04 14:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\RMK\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/06/24 08:25:50 | 001,012,792 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\RMK\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/06/24 08:25:50 | 001,012,792 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\RMK\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/06/24 08:25:50 | 001,012,792 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\RMK\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/06/24 08:25:50 | 001,012,792 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\RMK\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/06/24 08:25:50 | 001,012,792 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2009/03/08 04:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2009/03/08 04:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2009/03/08 04:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\RMK\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/06/24 08:25:50 | 001,012,792 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\RMK\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/06/24 08:25:50 | 001,012,792 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\RMK\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/06/24 08:25:50 | 001,012,792 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\RMK\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/06/24 08:25:50 | 001,012,792 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\RMK\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/06/24 08:25:50 | 001,012,792 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2009/03/08 04:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2009/03/08 04:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2009/03/08 04:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 169 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >

Link to post
Share on other sites

hi

Make sure you Uninstall AVG before proceeding with Step 2

Step 1

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE - HKU\S-1-5-21-1708537768-1275210071-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50889
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-1708537768-1275210071-725345543-1003\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O3 - HKU\S-1-5-21-1708537768-1275210071-725345543-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKU\S-1-5-21-1708537768-1275210071-725345543-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O33 - MountPoints2\{f884ad84-acf6-11df-80bc-00248c85b0ba}\Shell\AutoRun\command - "" = G:\setupSNK.exe
    [2009/12/23 21:15:51 | 000,013,900 | ---- | C] () -- C:\WINDOWS\29d9zpa5se527.bin
    [2009/12/20 22:28:07 | 000,004,755 | ---- | C] () -- C:\WINDOWS\System32\135ebac9door1z31.dll
    [2009/12/20 02:16:19 | 000,005,055 | ---- | C] () -- C:\WINDOWS\System32\1068dow5l9ader49z.dll
    [2009/12/18 11:59:16 | 000,004,829 | ---- | C] () -- C:\WINDOWS\7008zh5e93030.dll
    [2009/12/17 09:36:13 | 000,002,897 | ---- | C] () -- C:\WINDOWS\System32\96249iruz549.dll
    [2009/12/15 11:51:50 | 000,014,895 | ---- | C] () -- C:\WINDOWS\65b0downzoade917.bin
    [2009/12/14 14:30:45 | 000,002,528 | ---- | C] () -- C:\WINDOWS\209z9spy5b65.dll
    [2009/12/13 05:04:14 | 000,008,284 | ---- | C] () -- C:\WINDOWS\System32\z5393worm2bb.exe
    [2009/12/11 07:25:58 | 000,005,157 | ---- | C] () -- C:\WINDOWS\15z2spy599.dll
    [2009/12/08 04:25:21 | 000,017,987 | ---- | C] () -- C:\WINDOWS\14039virzs65f.dll
    [2009/12/05 04:27:28 | 000,014,885 | ---- | C] () -- C:\WINDOWS\15144zp5mbot3009.exe
    [2009/12/04 14:46:19 | 000,003,047 | ---- | C] () -- C:\WINDOWS\22dow9loa5ez2084.exe
    [2009/12/03 19:39:55 | 000,010,523 | ---- | C] () -- C:\WINDOWS\System32\4462not-a5virus9e8z.dll
    [2009/12/02 23:03:23 | 000,017,921 | ---- | C] () -- C:\WINDOWS\System32\189dsparz5629.dll
    [2009/12/02 10:37:44 | 000,003,447 | ---- | C] () -- C:\WINDOWS\55csteaz990.bin
    [2009/11/28 07:15:18 | 000,013,524 | ---- | C] () -- C:\WINDOWS\za7csteal965.dll
    [2009/11/26 05:32:26 | 000,017,281 | ---- | C] () -- C:\WINDOWS\System32\7963hac95zol78.exe
    [2009/11/26 00:02:15 | 000,011,771 | ---- | C] () -- C:\WINDOWS\System32\4da9downl59derz960.exe
    [2009/11/23 20:18:44 | 000,015,088 | ---- | C] () -- C:\WINDOWS\4c35thr59tz815.exe
    [2009/11/23 08:21:09 | 000,018,031 | ---- | C] () -- C:\WINDOWS\7acethzeat165659.exe
    [2009/11/22 18:33:28 | 000,010,338 | ---- | C] () -- C:\WINDOWS\System32\9140download5r253z.exe
    [2009/11/22 01:33:28 | 000,009,379 | ---- | C] () -- C:\WINDOWS\5529hiez1132.bin
    [2009/11/21 11:26:45 | 000,014,166 | ---- | C] () -- C:\WINDOWS\System32\1z90addware9805.exe
    [2009/11/21 07:21:09 | 000,012,531 | ---- | C] () -- C:\WINDOWS\System32\31354spambo9zf.bin
    [2009/11/15 03:09:02 | 000,011,105 | ---- | C] () -- C:\WINDOWS\System32\9z5spy5099.bin
    [2009/11/15 00:22:08 | 000,004,738 | ---- | C] () -- C:\WINDOWS\9cczd5wnloader150.exe
    [2009/11/14 20:31:57 | 000,010,299 | ---- | C] () -- C:\WINDOWS\116945irz9604.exe
    [2009/11/13 13:48:00 | 000,004,212 | ---- | C] () -- C:\WINDOWS\692athre95z567.bin
    [2009/11/13 03:56:34 | 000,015,010 | ---- | C] () -- C:\WINDOWS\System32\4343spzr5e3194.dll
    [2009/11/13 02:11:01 | 000,002,873 | ---- | C] () -- C:\WINDOWS\System32\1z9fbackdoor2459.exe
    [2009/11/11 14:07:54 | 000,016,759 | ---- | C] () -- C:\WINDOWS\System32\3d5fvi5z339.dll
    [2009/11/11 14:07:54 | 000,015,922 | ---- | C] () -- C:\WINDOWS\System32\ea7zhreat5896.exe
    [2009/11/11 14:07:54 | 000,009,989 | ---- | C] () -- C:\WINDOWS\System32\21381spa5b9z798.dll
    [2009/11/11 14:07:54 | 000,009,443 | ---- | C] () -- C:\WINDOWS\System32\2955sp9mzot5fc.bin
    [2009/11/11 14:07:54 | 000,005,041 | ---- | C] () -- C:\WINDOWS\System32\219fd5wnlzader3106.bin
    [2009/11/11 14:07:54 | 000,005,005 | ---- | C] () -- C:\WINDOWS\System32\3045hac9tozl45d.exe
    [2009/11/11 14:07:54 | 000,003,919 | ---- | C] () -- C:\WINDOWS\System32\95029spazbot93.exe
    [2009/11/11 14:07:54 | 000,003,032 | ---- | C] () -- C:\WINDOWS\System32\561troj993z.bin
    [2009/11/11 14:07:53 | 000,016,390 | ---- | C] () -- C:\WINDOWS\5cc9s9az5e1994.bin
    [2009/11/11 14:07:53 | 000,016,294 | ---- | C] () -- C:\WINDOWS\15339spam9zt512.bin
    [2009/11/11 14:07:53 | 000,015,436 | ---- | C] () -- C:\WINDOWS\System32\57124hackt9olzb5.bin
    [2009/11/11 14:07:53 | 000,015,105 | ---- | C] () -- C:\WINDOWS\599bzhr9a513354.dll
    [2009/11/11 14:07:53 | 000,014,675 | ---- | C] () -- C:\WINDOWS\System32\z7092not-a5virus5599.dll
    [2009/11/11 14:07:53 | 000,008,305 | ---- | C] () -- C:\WINDOWS\System32\983aspyzare546.dll
    [2009/11/11 14:07:53 | 000,003,989 | ---- | C] () -- C:\WINDOWS\916cthrea5z9216.bin
    [2009/11/11 14:07:53 | 000,003,892 | ---- | C] () -- C:\WINDOWS\6965sz9mbot7df.dll
    [2009/11/11 14:07:53 | 000,003,622 | ---- | C] () -- C:\WINDOWS\System32\15829py5dz.bin
    [2009/11/11 14:07:53 | 000,003,354 | ---- | C] () -- C:\WINDOWS\65z9th9ef1549.dll
    [2009/11/11 14:07:52 | 000,017,706 | ---- | C] () -- C:\WINDOWS\52e0spyware297z.exe
    [2009/11/11 14:07:52 | 000,014,616 | ---- | C] () -- C:\WINDOWS\76519pz3e5.exe
    [2009/11/11 14:07:52 | 000,013,301 | ---- | C] () -- C:\WINDOWS\2z999spy58c.bin
    [2009/11/11 14:07:52 | 000,012,616 | ---- | C] () -- C:\WINDOWS\79fadownz9ade5702.dll
    [2009/11/11 14:07:52 | 000,011,285 | ---- | C] () -- C:\WINDOWS\4111wor529z.dll
    [2009/11/11 14:07:52 | 000,011,238 | ---- | C] () -- C:\WINDOWS\27z85h9ckto5l7b.dll
    [2009/11/11 14:07:52 | 000,009,463 | ---- | C] () -- C:\WINDOWS\System32\3311dzwnloader9153.dll
    [2009/11/11 14:07:52 | 000,006,923 | ---- | C] () -- C:\WINDOWS\47f0s9yw5rz171.bin
    [2009/11/11 14:07:52 | 000,006,660 | ---- | C] () -- C:\WINDOWS\System32\5361zi9us255.dll
    [2009/11/11 14:07:52 | 000,005,977 | ---- | C] () -- C:\WINDOWS\System32\17626wo5m29bz.bin
    [2009/11/11 14:07:52 | 000,005,809 | ---- | C] () -- C:\WINDOWS\z4e6backdoor2985.exe
    [2009/11/11 14:07:52 | 000,004,554 | ---- | C] () -- C:\WINDOWS\12357wormz39.exe
    [2009/11/11 14:07:51 | 000,015,887 | ---- | C] () -- C:\WINDOWS\System32\4d9csp5rse40z.dll
    [2009/11/11 14:07:51 | 000,015,211 | ---- | C] () -- C:\WINDOWS\3c1a5zdwar91358.dll
    [2009/11/11 14:07:51 | 000,011,168 | ---- | C] () -- C:\WINDOWS\System32\9155viruz490.exe
    [2009/11/11 14:07:51 | 000,010,438 | ---- | C] () -- C:\WINDOWS\9z479worm25e.exe
    [2009/11/11 14:07:51 | 000,010,169 | ---- | C] () -- C:\WINDOWS\9aaethr5at2501z.dll
    [2009/11/11 14:07:51 | 000,008,090 | ---- | C] () -- C:\WINDOWS\275z9tr9j251.dll
    [2009/11/11 14:07:51 | 000,007,501 | ---- | C] () -- C:\WINDOWS\218fspy59ze538.dll
    [2009/11/11 14:07:51 | 000,007,327 | ---- | C] () -- C:\WINDOWS\32294t5oj197z.bin
    [2009/11/11 14:07:51 | 000,006,142 | ---- | C] () -- C:\WINDOWS\System32\19954spambotzc5.bin
    [2009/11/11 14:07:51 | 000,004,440 | ---- | C] () -- C:\WINDOWS\a97thzef9415.dll
    [2009/11/11 14:07:51 | 000,002,665 | ---- | C] () -- C:\WINDOWS\31975s9z3dd.dll
    [2009/11/11 14:07:50 | 000,015,927 | ---- | C] () -- C:\WINDOWS\System32\d61d9w5zoader2756.dll
    [2009/11/11 14:07:50 | 000,015,684 | ---- | C] () -- C:\WINDOWS\System32\17369v95zs719.dll
    [2009/11/11 14:07:50 | 000,009,094 | ---- | C] () -- C:\WINDOWS\25z89spambo93f6.dll
    [2009/11/11 14:07:50 | 000,006,062 | ---- | C] () -- C:\WINDOWS\System32\1z756viru56cc9.exe
    [2009/11/11 14:07:50 | 000,005,336 | ---- | C] () -- C:\WINDOWS\43a25o9nloadzr2656.bin
    [2009/11/11 14:07:48 | 000,015,757 | ---- | C] () -- C:\WINDOWS\System32\z2aat9ie52144.dll
    [2009/11/11 14:07:48 | 000,013,488 | ---- | C] () -- C:\WINDOWS\System32\11925s5ambot2fz9.bin
    [2009/11/11 14:07:48 | 000,013,103 | ---- | C] () -- C:\WINDOWS\22662wo95cz.dll
    [2009/11/11 14:07:48 | 000,010,119 | ---- | C] () -- C:\WINDOWS\System32\22590worm6z95.bin
    [2009/11/11 14:07:48 | 000,003,826 | ---- | C] () -- C:\WINDOWS\System32\26664hack9o5l402z.dll
    [2009/11/11 14:07:47 | 000,017,305 | ---- | C] () -- C:\WINDOWS\System32\1ed2ad9war5z84.exe
    [2009/11/11 14:07:47 | 000,016,211 | ---- | C] () -- C:\WINDOWS\228215oz-a-9irus1a7.exe
    [2009/11/11 14:07:47 | 000,015,193 | ---- | C] () -- C:\WINDOWS\9581notza-virus7865.bin
    [2009/11/11 14:07:47 | 000,012,028 | ---- | C] () -- C:\WINDOWS\1z72add9ar53016.bin
    [2009/11/11 14:07:47 | 000,011,605 | ---- | C] () -- C:\WINDOWS\System32\1469not-5-vizus264.exe
    [2009/11/11 14:07:47 | 000,007,431 | ---- | C] () -- C:\WINDOWS\5b0dthi9fz083.dll
    [2009/11/11 14:07:47 | 000,003,396 | ---- | C] () -- C:\WINDOWS\System32\7c77tzie91533.dll
    [2009/11/11 14:07:46 | 000,017,765 | ---- | C] () -- C:\WINDOWS\System32\95586spz7dc.exe
    [2009/11/11 14:07:46 | 000,014,982 | ---- | C] () -- C:\WINDOWS\System32\2z2dbac5door904.exe
    [2009/11/11 14:07:46 | 000,014,876 | ---- | C] () -- C:\WINDOWS\551sparse13z69.exe
    [2009/11/11 14:07:46 | 000,013,776 | ---- | C] () -- C:\WINDOWS\System32\73519hzeat300185.dll
    [2009/11/11 14:07:46 | 000,010,588 | ---- | C] () -- C:\WINDOWS\319aaddwar51691z.dll
    [2009/11/11 14:07:46 | 000,007,711 | ---- | C] () -- C:\WINDOWS\19595spy794z.exe
    [2009/11/11 14:07:45 | 000,016,463 | ---- | C] () -- C:\WINDOWS\z5975py7d9.bin
    [2009/11/11 14:07:45 | 000,011,188 | ---- | C] () -- C:\WINDOWS\272199o5m679z.bin
    [2009/11/11 14:07:45 | 000,006,070 | ---- | C] () -- C:\WINDOWS\System32\ae5thief9z08.bin
    [2009/11/11 14:07:45 | 000,003,031 | ---- | C] () -- C:\WINDOWS\System32\11509wormzaa.dll
    [2009/11/11 14:07:45 | 000,002,554 | ---- | C] () -- C:\WINDOWS\System32\58c6bazk9oor2475.exe
    [2009/11/11 14:07:44 | 000,016,455 | ---- | C] () -- C:\WINDOWS\System32\181a59izf759.dll
    [2009/11/11 14:07:44 | 000,012,638 | ---- | C] () -- C:\WINDOWS\1a0cstzal5930.bin
    [2009/11/11 14:07:44 | 000,010,339 | ---- | C] () -- C:\WINDOWS\90155troj125z.exe
    [2009/11/11 14:07:44 | 000,008,734 | ---- | C] () -- C:\WINDOWS\158839pyz495.exe
    [2009/11/11 14:07:44 | 000,004,421 | ---- | C] () -- C:\WINDOWS\3395vzrus56c.bin
    [2009/11/11 14:07:43 | 000,016,887 | ---- | C] () -- C:\WINDOWS\System32\23605zpy2709.exe
    [2009/11/11 14:07:43 | 000,015,404 | ---- | C] () -- C:\WINDOWS\1311noz-9-5irus4bb.dll
    [2009/11/11 14:07:43 | 000,015,246 | ---- | C] () -- C:\WINDOWS\System32\2d52do9nzoader2447.dll
    [2009/11/11 14:07:43 | 000,013,301 | ---- | C] () -- C:\WINDOWS\25039not-azvi9us5a5.exe
    [2009/11/11 14:07:43 | 000,012,007 | ---- | C] () -- C:\WINDOWS\656downloa9zr1748.bin
    [2009/11/11 14:07:43 | 000,006,713 | ---- | C] () -- C:\WINDOWS\System32\1271st9zl955.bin
    [2009/11/11 05:53:38 | 000,015,044 | ---- | C] () -- C:\WINDOWS\System32\25997worz705.bin
    [2009/11/09 13:31:21 | 000,008,468 | ---- | C] () -- C:\WINDOWS\System32\24358troz195.dll
    [2009/11/08 17:20:44 | 000,011,562 | ---- | C] () -- C:\WINDOWS\System32\2796spa5boz2df.exe
    [2009/11/07 13:34:08 | 000,001,041 | ---- | C] () -- C:\Documents and Settings\RMK\Application Data\vso_ts_preview.xml
    [2009/11/07 13:33:28 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\RMK\Application Data\inst.exe
    [2009/11/05 17:04:11 | 000,006,290 | ---- | C] () -- C:\WINDOWS\System32\9978virusz285.bin
    [2009/11/02 01:30:47 | 000,015,346 | ---- | C] () -- C:\WINDOWS\565z9py2d3.exe
    [2009/10/27 17:10:53 | 000,013,367 | ---- | C] () -- C:\WINDOWS\System32\77e0ba5kdoorz094.dll
    [2009/10/26 08:56:16 | 000,015,290 | ---- | C] () -- C:\WINDOWS\77zdvir11159.exe
    [2009/10/23 11:06:55 | 000,009,012 | ---- | C] () -- C:\WINDOWS\3z877hack9o5l9c.exe
    [2009/10/22 05:44:51 | 000,004,050 | ---- | C] () -- C:\WINDOWS\94004not-a5viruz1e.bin
    [2009/10/18 04:46:02 | 000,014,618 | ---- | C] () -- C:\WINDOWS\6185i9z489.exe
    [2009/10/17 20:31:59 | 000,009,518 | ---- | C] () -- C:\WINDOWS\System32\9259hazk5ool79e.bin
    [2009/10/16 14:42:58 | 000,005,371 | ---- | C] () -- C:\WINDOWS\29449nzt9a-virus155.exe
    [2009/10/14 08:38:59 | 000,010,782 | ---- | C] () -- C:\WINDOWS\13742w9rz61b5.dll
    [2009/10/13 23:46:46 | 000,012,979 | ---- | C] () -- C:\WINDOWS\System32\7z75b9ck5oor1435.exe
    [2009/10/13 03:39:26 | 000,011,237 | ---- | C] () -- C:\WINDOWS\System32\9z53downloader513.exe
    [2009/10/12 19:12:21 | 000,003,389 | ---- | C] () -- C:\WINDOWS\System32\24995tzal2140.exe
    [2009/10/10 02:49:59 | 000,004,258 | ---- | C] () -- C:\WINDOWS\zcdvir1594.dll
    [2009/10/09 18:45:52 | 000,010,077 | ---- | C] () -- C:\WINDOWS\System32\3ze5steal9155.dll
    [2009/10/08 08:16:03 | 000,013,795 | ---- | C] () -- C:\WINDOWS\9954hzckto9l39.dll
    [2009/10/06 20:47:20 | 000,002,754 | ---- | C] () -- C:\WINDOWS\System32\67a95ir14z0.bin
    [2009/10/05 01:31:26 | 000,008,112 | ---- | C] () -- C:\WINDOWS\System32\1e5fdo95loadzr825.exe
    [2009/10/02 04:58:06 | 000,014,866 | ---- | C] () -- C:\WINDOWS\195aba5kdoor2429z.exe
    [2009/09/29 00:37:03 | 000,018,320 | ---- | C] () -- C:\WINDOWS\System32\11043notz9-virus555.dll
    [2009/09/28 02:01:51 | 000,007,894 | ---- | C] () -- C:\WINDOWS\System32\28590worm61z9.exe
    [2009/09/27 01:22:49 | 000,012,083 | ---- | C] () -- C:\WINDOWS\z1045sp549.bin
    [2009/09/26 00:44:12 | 000,006,527 | ---- | C] () -- C:\WINDOWS\System32\9a67sparse589z.dll
    [2009/09/21 13:24:36 | 000,018,088 | ---- | C] () -- C:\WINDOWS\49zdsteal3059.exe
    [2009/09/18 22:31:00 | 000,002,661 | ---- | C] () -- C:\WINDOWS\51z9spywar9505.exe
    [2009/09/18 09:22:15 | 000,002,946 | ---- | C] () -- C:\WINDOWS\4z4fv5r9871.dll
    [2009/09/14 18:19:01 | 000,008,316 | ---- | C] () -- C:\WINDOWS\System32\167589roz53d.exe
    [2009/09/14 04:27:34 | 000,011,497 | ---- | C] () -- C:\WINDOWS\System32\55309py15z.dll
    [2009/09/14 04:05:25 | 000,003,834 | ---- | C] () -- C:\WINDOWS\1fd5ste9l86z.exe
    [2009/09/13 18:30:03 | 000,003,416 | ---- | C] () -- C:\WINDOWS\39488z5rme4.dll
    [2009/09/13 10:29:11 | 000,014,703 | ---- | C] () -- C:\WINDOWS\System32\6e5zspyware8889.exe
    [2009/09/08 01:14:36 | 000,009,820 | ---- | C] () -- C:\WINDOWS\System32\5dactz95f1547.exe
    [2009/09/07 14:54:50 | 000,003,542 | ---- | C] () -- C:\WINDOWS\System32\30543spamz5t169.dll
    [2009/09/06 21:27:54 | 000,009,927 | ---- | C] () -- C:\WINDOWS\30b8vi5491z.bin
    [2009/09/02 11:10:47 | 000,003,964 | ---- | C] () -- C:\WINDOWS\System32\2b24addza9e1259.exe
    [2009/08/27 15:23:24 | 000,007,215 | ---- | C] () -- C:\WINDOWS\System32\z4965not-a-v9rus594.exe
    [2009/08/26 15:44:20 | 000,012,027 | ---- | C] () -- C:\WINDOWS\System32\594athief6z2.dll
    [2009/08/26 04:04:33 | 000,012,375 | ---- | C] () -- C:\WINDOWS\586hzcktoo9192.dll
    [2009/08/25 15:43:36 | 000,011,385 | ---- | C] () -- C:\WINDOWS\System32\2984t5oz598.dll
    [2009/08/25 05:22:33 | 000,014,272 | ---- | C] () -- C:\WINDOWS\System32\5720zwor96d5.bin
    [2009/08/24 19:50:58 | 000,003,041 | ---- | C] () -- C:\WINDOWS\System32\75645ownzoader2299.exe
    [2009/08/22 19:26:07 | 000,006,999 | ---- | C] () -- C:\WINDOWS\5987thzeat15550.exe
    [2009/08/18 09:02:06 | 000,016,310 | ---- | C] () -- C:\WINDOWS\590evir11z5.bin
    [2009/08/17 14:15:12 | 000,006,173 | ---- | C] () -- C:\WINDOWS\4a0z95ef265.bin
    [2009/08/15 13:14:46 | 000,006,667 | ---- | C] () -- C:\WINDOWS\System32\575zdownloa9er2962.exe
    [2009/08/13 23:03:02 | 000,016,632 | ---- | C] () -- C:\WINDOWS\3z8addw9re536.exe
    [2009/08/12 07:55:22 | 000,006,897 | ---- | C] () -- C:\WINDOWS\fc9zpywa5e2924.dll
    [2009/08/12 04:51:18 | 000,017,010 | ---- | C] () -- C:\WINDOWS\System32\zc9csteal19675.bin
    [2009/08/07 10:16:17 | 000,010,191 | ---- | C] () -- C:\WINDOWS\System32\zaedbackd9or2560.bin
    [2009/08/06 00:22:34 | 000,002,820 | ---- | C] () -- C:\WINDOWS\60zf5ownloader9319.exe
    [2009/08/05 08:29:29 | 000,005,694 | ---- | C] () -- C:\WINDOWS\12881s5yz239.dll
    [2009/08/03 17:06:52 | 000,002,730 | ---- | C] () -- C:\WINDOWS\z568stea9889.exe
    [2009/07/28 04:11:20 | 000,011,721 | ---- | C] () -- C:\WINDOWS\System32\2573downlzad95172.dll
    [2009/07/26 01:24:37 | 000,018,306 | ---- | C] () -- C:\WINDOWS\5zffaddware9217.bin
    [2009/07/24 21:36:27 | 000,004,306 | ---- | C] () -- C:\WINDOWS\29996sp55ez.bin
    [2009/07/23 01:24:41 | 000,008,118 | ---- | C] () -- C:\WINDOWS\3228downzoader589.exe
    [2009/07/21 08:59:53 | 000,016,081 | ---- | C] () -- C:\WINDOWS\System32\z922959rm30f.bin
    [2009/07/19 08:30:38 | 000,011,225 | ---- | C] () -- C:\WINDOWS\69fcsparse239z5.dll
    [2009/07/18 13:53:50 | 000,012,163 | ---- | C] () -- C:\WINDOWS\System32\7709spyw5rez34.bin
    [2009/07/12 09:20:48 | 000,011,417 | ---- | C] () -- C:\WINDOWS\System32\19z5sparse5298.bin
    [2009/07/10 01:23:52 | 000,015,280 | ---- | C] () -- C:\WINDOWS\8159no9-z5virus683.exe
    [2009/07/08 22:59:23 | 000,005,884 | ---- | C] () -- C:\WINDOWS\System32\6015azdware2933.dll
    [2009/07/04 19:09:38 | 000,005,695 | ---- | C] () -- C:\WINDOWS\System32\13523spy2b9z.dll
    [2009/07/04 00:38:31 | 000,002,876 | ---- | C] () -- C:\WINDOWS\1599thr5atz941.dll
    [2009/07/02 15:23:55 | 000,015,697 | ---- | C] () -- C:\WINDOWS\System32\10954no9-z-virus2f4.exe
    [2009/07/02 13:50:35 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
    [2009/06/28 03:31:43 | 000,015,256 | ---- | C] () -- C:\WINDOWS\System32\4ac35pyware149z.dll
    [2009/06/26 01:12:39 | 000,012,191 | ---- | C] () -- C:\WINDOWS\System32\61b9bazkd5or2917.exe
    [2009/06/25 18:07:41 | 000,016,593 | ---- | C] () -- C:\WINDOWS\4659zpambot5d95.bin
    [2009/06/25 04:43:00 | 000,011,138 | ---- | C] () -- C:\WINDOWS\1500zir296.exe
    [2009/06/24 02:25:19 | 000,018,136 | ---- | C] () -- C:\WINDOWS\System32\3d8795eaz1799.exe
    [2009/06/23 21:01:54 | 000,003,368 | ---- | C] () -- C:\WINDOWS\System32\3b78adz5ar92068.exe
    [2009/06/22 17:32:11 | 000,004,482 | ---- | C] () -- C:\WINDOWS\System32\46z1t5reat14098.bin
    [2009/06/20 00:13:13 | 000,015,895 | ---- | C] () -- C:\WINDOWS\zb0fs9ywa5e3041.bin
    [2009/06/15 12:29:59 | 000,017,334 | ---- | C] () -- C:\WINDOWS\6609hackzool654.exe
    [2009/06/13 20:11:24 | 000,006,076 | ---- | C] () -- C:\WINDOWS\5a68thrzat299169.dll
    [2009/06/13 02:39:01 | 000,017,810 | ---- | C] () -- C:\WINDOWS\5869backdoorz602.dll
    [2009/06/11 16:46:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
    [2009/06/07 01:25:39 | 000,012,428 | ---- | C] () -- C:\WINDOWS\System32\35665teal9899z.bin
    [2009/06/06 10:02:35 | 000,008,852 | ---- | C] () -- C:\WINDOWS\6c36down5oader2901z.exe
    [2009/06/03 00:05:53 | 000,004,827 | ---- | C] () -- C:\WINDOWS\25649wormz4e.exe
    [2009/06/02 08:59:58 | 000,018,010 | ---- | C] () -- C:\WINDOWS\System32\50b1d5wnloazer3293.bin
    [2009/05/28 06:36:35 | 000,013,059 | ---- | C] () -- C:\WINDOWS\System32\185zdow9loader62.bin
    [2009/05/22 15:12:24 | 000,013,086 | ---- | C] () -- C:\WINDOWS\29287hackzool7c5.dll
    [2009/05/18 04:38:52 | 000,003,225 | ---- | C] () -- C:\WINDOWS\System32\9z95orm19b.bin
    [2009/05/17 21:48:02 | 000,009,406 | ---- | C] () -- C:\WINDOWS\System32\z73085irus499.dll
    [2009/05/17 06:46:05 | 000,012,231 | ---- | C] () -- C:\WINDOWS\System32\z1594sp9mbot5cf.bin
    [2009/05/14 14:28:08 | 000,013,288 | ---- | C] () -- C:\WINDOWS\98eszyware1351.exe
    [2009/05/14 07:57:28 | 000,016,068 | ---- | C] () -- C:\WINDOWS\202z3vir9s15f.exe
    [2009/05/12 17:06:03 | 000,012,531 | ---- | C] () -- C:\WINDOWS\System32\5610wormz59.exe
    [2009/05/10 15:39:32 | 000,007,422 | ---- | C] () -- C:\WINDOWS\System32\51z6backd9or984.exe
    [2009/05/10 13:48:10 | 000,015,769 | ---- | C] () -- C:\WINDOWS\2957spywarz796.exe
    [2009/04/28 09:11:24 | 000,016,480 | ---- | C] () -- C:\WINDOWS\6ca45pyware90z1.exe
    [2009/04/24 23:06:43 | 000,006,186 | ---- | C] () -- C:\WINDOWS\1ezs95rse1930.dll
    [2009/04/22 09:58:11 | 000,007,074 | ---- | C] () -- C:\WINDOWS\31435troz59b.exe
    [2009/04/21 08:33:25 | 000,010,183 | ---- | C] () -- C:\WINDOWS\System32\4e62s59az2904.dll
    [2009/04/21 05:35:49 | 000,010,511 | ---- | C] () -- C:\WINDOWS\32125sp59boz455.bin
    [2009/04/21 03:28:08 | 000,010,926 | ---- | C] () -- C:\WINDOWS\5446a9dware2z10.exe
    [2009/04/20 18:02:57 | 000,015,203 | ---- | C] () -- C:\WINDOWS\2547zddwar95755.bin
    [2009/04/20 13:03:24 | 000,015,704 | ---- | C] () -- C:\WINDOWS\System32\3z210hackt95l7f.bin
    [2009/04/20 08:56:53 | 000,006,227 | ---- | C] () -- C:\WINDOWS\1f94tzief18055.bin
    [2009/04/19 13:52:55 | 000,008,788 | ---- | C] () -- C:\WINDOWS\System32\289635irus63z.dll
    [2009/04/17 08:22:00 | 000,018,266 | ---- | C] () -- C:\WINDOWS\System32\4d19downloa5er4z3.dll
    [2009/04/16 15:01:20 | 000,003,835 | ---- | C] () -- C:\WINDOWS\27309nzt-a9viru53e1.exe
    [2009/04/16 08:04:35 | 000,006,468 | ---- | C] () -- C:\WINDOWS\System32\319at5ief159z.dll
    [2009/04/16 05:20:02 | 000,013,048 | ---- | C] () -- C:\WINDOWS\System32\28965ownloazer1907.bin
    [2009/04/16 00:57:16 | 000,012,651 | ---- | C] () -- C:\WINDOWS\System32\59064viz9s3f5.bin
    [2009/04/13 16:49:25 | 000,002,874 | ---- | C] () -- C:\WINDOWS\System32\9197tr9j45fz.bin
    [2009/04/13 15:32:16 | 000,008,039 | ---- | C] () -- C:\WINDOWS\1389zspy95f.exe
    [2009/04/12 12:38:33 | 000,017,158 | ---- | C] () -- C:\WINDOWS\1a0csp9rse5z1.exe
    [2009/04/07 17:48:50 | 000,011,214 | ---- | C] () -- C:\WINDOWS\615evzr9706.bin
    [2009/04/05 17:27:35 | 000,013,532 | ---- | C] () -- C:\WINDOWS\System32\6032sp59z0.dll
    [2009/04/03 18:42:05 | 000,011,286 | ---- | C] () -- C:\WINDOWS\System32\28961sz5c1.exe
    [2009/04/01 08:49:22 | 000,007,329 | ---- | C] () -- C:\WINDOWS\System32\296129pyz85.bin
    [2009/03/28 22:17:01 | 000,014,295 | ---- | C] () -- C:\WINDOWS\8899te5lz80.exe
    [2009/03/27 15:16:22 | 000,007,843 | ---- | C] () -- C:\WINDOWS\System32\5c39thzeat29335.bin
    [2009/03/27 06:54:54 | 000,003,941 | ---- | C] () -- C:\WINDOWS\2967szambo594a.exe
    [2009/03/26 13:33:32 | 000,011,034 | ---- | C] () -- C:\WINDOWS\540zbackdoor28269.bin
    [2009/03/26 00:23:34 | 000,010,578 | ---- | C] () -- C:\WINDOWS\System32\188625z9ktool36.bin
    [2009/03/25 11:19:04 | 000,003,065 | ---- | C] () -- C:\WINDOWS\System32\1a96spazs5952.exe
    [2009/03/22 01:21:59 | 000,006,279 | ---- | C] () -- C:\WINDOWS\System32\2650spam9ot3f5z.dll
    [2009/03/20 01:19:05 | 000,012,579 | ---- | C] () -- C:\WINDOWS\System32\af9zhreat5238.dll
    [2009/03/19 01:26:34 | 000,002,619 | ---- | C] () -- C:\WINDOWS\System32\24918t5zja7.dll
    [2009/03/17 10:29:43 | 000,005,852 | ---- | C] () -- C:\WINDOWS\15499py7zf.bin
    [2009/03/14 12:49:48 | 000,002,746 | ---- | C] () -- C:\WINDOWS\System32\15129spa5bzt34.bin
    [2009/03/13 06:04:29 | 000,015,158 | ---- | C] () -- C:\WINDOWS\System32\9312w5rz7db.dll
    [2009/03/13 04:15:19 | 000,010,618 | ---- | C] () -- C:\WINDOWS\System32\137549iruz5c8.dll
    [2009/03/09 10:49:27 | 000,003,566 | ---- | C] () -- C:\WINDOWS\181c5ownloade9z871.dll
    [2009/03/03 01:57:27 | 000,009,017 | ---- | C] () -- C:\WINDOWS\3fz25hief19409.exe
    [2009/03/01 18:05:20 | 000,004,993 | ---- | C] () -- C:\WINDOWS\System32\65fzthreat19912.bin
    [2009/02/26 05:10:09 | 000,013,399 | ---- | C] () -- C:\WINDOWS\24331vir9sz45.exe
    [2009/02/23 17:43:11 | 000,005,187 | ---- | C] () -- C:\WINDOWS\7e21spy5ar9z71.exe
    [2009/02/23 13:20:46 | 000,014,891 | ---- | C] () -- C:\WINDOWS\4b78d5z9loader3.bin
    [2009/02/21 02:24:02 | 000,003,851 | ---- | C] () -- C:\WINDOWS\System32\6edz95r1235.bin
    [2009/02/20 19:33:08 | 000,012,783 | ---- | C] () -- C:\WINDOWS\1523not-a-5i9uz645.bin
    [2009/02/19 09:49:35 | 000,005,090 | ---- | C] () -- C:\WINDOWS\System32\3656azdware9645.bin
    [2009/02/19 05:50:40 | 000,005,786 | ---- | C] () -- C:\WINDOWS\System32\z75959eal762.bin
    [2009/02/17 21:45:11 | 000,003,107 | ---- | C] () -- C:\WINDOWS\System32\4562tzr5at29855.dll
    [2009/02/13 21:05:12 | 000,006,560 | ---- | C] () -- C:\WINDOWS\1606dowzloade922525.bin
    [2009/02/11 23:24:42 | 000,011,335 | ---- | C] () -- C:\WINDOWS\10z91spy5a.bin
    [2009/02/11 09:34:29 | 000,003,750 | ---- | C] () -- C:\WINDOWS\System32\z2391sp56fb.bin
    [2009/02/09 20:45:48 | 000,014,543 | ---- | C] () -- C:\WINDOWS\756fdownlo5de91959z.exe
    [2009/02/09 15:18:07 | 000,017,313 | ---- | C] () -- C:\WINDOWS\System32\5559sp9mbot355z.bin
    [2009/02/08 21:49:15 | 000,005,906 | ---- | C] () -- C:\WINDOWS\System32\944thrzat15799.dll
    [2009/02/08 12:02:53 | 000,011,191 | ---- | C] () -- C:\WINDOWS\1z69ir2554.exe
    [2009/02/04 12:43:12 | 000,004,997 | ---- | C] () -- C:\WINDOWS\System32\69789pywaze2595.bin
    [2009/02/03 04:18:31 | 000,004,684 | ---- | C] () -- C:\WINDOWS\6c43s9ywar524z1.bin
    [2009/02/02 18:17:34 | 000,002,933 | ---- | C] () -- C:\WINDOWS\System32\15z14ha9ktool3b1.exe
    [2009/02/01 14:27:31 | 000,009,976 | ---- | C] () -- C:\WINDOWS\System32\9637s5eal51z.bin
    [2009/01/28 20:06:43 | 000,015,102 | ---- | C] () -- C:\WINDOWS\System32\20495vzrus718.bin
    [2009/01/26 21:30:44 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\18ez9i52186.exe
    [2009/01/26 20:35:22 | 000,006,691 | ---- | C] () -- C:\WINDOWS\System32\5341vi9uszba.dll
    [2009/01/23 20:28:26 | 000,012,742 | ---- | C] () -- C:\WINDOWS\System32\10360sp9z25.exe
    [2009/01/19 02:03:44 | 000,003,236 | ---- | C] () -- C:\WINDOWS\2za5spa9se2189.dll
    [2009/01/18 07:15:36 | 000,011,541 | ---- | C] () -- C:\WINDOWS\System32\99z97sp554d.exe
    [2009/01/17 04:03:59 | 000,016,816 | ---- | C] () -- C:\WINDOWS\5270spam9z5167.exe
    [2009/01/15 20:29:18 | 000,013,483 | ---- | C] () -- C:\WINDOWS\System32\4655zhreat25479.dll
    [2009/01/13 09:18:07 | 000,010,831 | ---- | C] () -- C:\WINDOWS\3ed0doznl5ader962.dll
    [2009/01/08 23:16:26 | 000,014,799 | ---- | C] () -- C:\WINDOWS\System32\3z807not5a-virus1a9.bin
    [2009/01/08 18:34:13 | 000,011,626 | ---- | C] () -- C:\WINDOWS\System32\14149ddwarez595.dll
    [2009/01/08 16:48:55 | 000,016,000 | ---- | C] () -- C:\WINDOWS\13c5sz95se872.bin
    [2009/01/07 11:00:18 | 000,017,592 | ---- | C] () -- C:\WINDOWS\50dbb9ckdoor232z.dll
    [2009/01/01 15:58:14 | 000,016,482 | ---- | C] () -- C:\WINDOWS\173155acktoo934z.bin
    [2008/12/27 22:57:27 | 000,010,695 | ---- | C] () -- C:\WINDOWS\19865vzrus291.exe
    [2008/12/27 16:23:17 | 000,003,269 | ---- | C] () -- C:\WINDOWS\z220859y158.dll
    [2008/12/27 00:20:03 | 000,005,457 | ---- | C] () -- C:\WINDOWS\8999h59ktool6a5z.exe
    [2008/12/22 20:01:18 | 000,016,357 | ---- | C] () -- C:\WINDOWS\System32\211859rzj595.exe
    [2008/12/20 19:11:26 | 000,012,215 | ---- | C] () -- C:\WINDOWS\1379zwor520e.dll
    [2008/12/19 04:44:41 | 000,015,306 | ---- | C] () -- C:\WINDOWS\1fac5zyware955.exe
    [2008/12/17 15:52:13 | 000,008,607 | ---- | C] () -- C:\WINDOWS\System32\3357t9oj3zb5.dll
    [2008/12/17 02:53:54 | 000,017,121 | ---- | C] () -- C:\WINDOWS\4d5eadzware9219.exe
    [2008/12/16 23:44:20 | 000,016,519 | ---- | C] () -- C:\WINDOWS\System32\149addw5re23z.exe
    [2008/12/15 09:03:51 | 000,017,959 | ---- | C] () -- C:\WINDOWS\System32\95859szambot455.exe
    [2008/12/13 08:18:18 | 000,012,037 | ---- | C] () -- C:\WINDOWS\4106not-a9vir5sz18.exe
    [2008/12/11 21:03:21 | 000,009,703 | ---- | C] () -- C:\WINDOWS\1875z9roj2495.dll
    [2008/12/11 07:05:28 | 000,009,784 | ---- | C] () -- C:\WINDOWS\3a87zhief2935.dll
    [2008/12/10 03:29:22 | 000,002,959 | ---- | C] () -- C:\WINDOWS\System32\6550v5r91z5.dll
    [2008/12/07 05:23:15 | 000,009,419 | ---- | C] () -- C:\WINDOWS\System32\2229ziru52f8.exe
    [2008/12/02 12:28:03 | 000,008,822 | ---- | C] () -- C:\WINDOWS\System32\5fz9p5rse1299.dll
    [2008/11/24 16:05:49 | 000,015,787 | ---- | C] () -- C:\WINDOWS\5z8dst59l719.exe
    [2008/11/23 07:25:35 | 000,004,272 | ---- | C] () -- C:\WINDOWS\3e23sp5waze25099.dll
    [2008/11/21 00:17:04 | 000,004,197 | ---- | C] () -- C:\WINDOWS\System32\zd79vir1536.dll
    [2008/11/19 13:05:12 | 000,018,311 | ---- | C] () -- C:\WINDOWS\zc859ddware1231.bin
    [2008/11/17 00:53:14 | 000,003,698 | ---- | C] () -- C:\WINDOWS\3z55spy75d9.bin
    [2008/11/16 07:18:17 | 000,012,689 | ---- | C] () -- C:\WINDOWS\99907spy5z55.bin
    [2008/11/14 14:03:05 | 000,006,588 | ---- | C] () -- C:\WINDOWS\System32\2z41sp5m9ot791.exe
    [2008/11/13 04:38:32 | 000,013,168 | ---- | C] () -- C:\WINDOWS\245335azktool7f89.bin
    [2008/11/11 02:29:44 | 000,005,047 | ---- | C] () -- C:\WINDOWS\9257not-9-vzrus51.bin
    [2008/11/09 15:16:58 | 000,006,711 | ---- | C] () -- C:\WINDOWS\3901sp5mbot7z9.dll
    [2008/11/08 04:25:32 | 000,018,246 | ---- | C] () -- C:\WINDOWS\5a9abzckdoor1426.dll
    [2008/11/07 22:43:36 | 000,007,116 | ---- | C] () -- C:\WINDOWS\System32\36e2a9dzare5648.bin
    [2008/11/07 11:18:18 | 000,003,356 | ---- | C] () -- C:\WINDOWS\1594thzef1517.exe
    [2008/11/04 03:38:22 | 000,014,830 | ---- | C] () -- C:\WINDOWS\16255hackt9ol57z.bin
    [2008/11/01 20:50:25 | 000,011,373 | ---- | C] () -- C:\WINDOWS\597z9pambot2a0.dll
    [2008/10/24 02:44:06 | 000,018,296 | ---- | C] () -- C:\WINDOWS\75z5dow9load5r1482.bin
    [2008/10/23 10:51:51 | 000,003,106 | ---- | C] () -- C:\WINDOWS\93281zorm453.bin
    [2008/10/21 22:21:01 | 000,006,581 | ---- | C] () -- C:\WINDOWS\z49baddwar54569.exe
    [2008/10/21 00:10:26 | 000,007,062 | ---- | C] () -- C:\WINDOWS\z215addwa9e3264.dll
    [2008/10/20 20:40:04 | 000,016,904 | ---- | C] () -- C:\WINDOWS\19832zirus395.exe
    [2008/10/18 15:15:09 | 000,015,308 | ---- | C] () -- C:\WINDOWS\95cs5eal992z.dll
    [2008/10/16 15:50:03 | 000,007,006 | ---- | C] () -- C:\WINDOWS\7a52spywaze2903.dll
    [2008/10/15 21:46:14 | 000,013,703 | ---- | C] () -- C:\WINDOWS\System32\1900295rus39z.dll
    [2008/10/11 06:59:31 | 000,014,865 | ---- | C] () -- C:\WINDOWS\System32\310z3hackt9ol751.exe
    [2008/10/10 05:34:43 | 000,009,950 | ---- | C] () -- C:\WINDOWS\System32\5959sparse132z.bin
    [2008/10/09 23:32:29 | 000,016,910 | ---- | C] () -- C:\WINDOWS\System32\7260szy5b69.dll
    [2008/10/08 02:37:34 | 000,014,402 | ---- | C] () -- C:\WINDOWS\System32\5bcfbackdooz9114.bin
    [2008/10/06 12:32:58 | 000,008,273 | ---- | C] () -- C:\WINDOWS\System32\4c5zdo5nl9ader1655.bin
    [2008/10/05 17:54:26 | 000,012,165 | ---- | C] () -- C:\WINDOWS\System32\25215not-a-v9rzs580.dll
    [2008/10/05 15:22:17 | 000,012,713 | ---- | C] () -- C:\WINDOWS\System32\92fv5r8z6.dll
    [2008/10/03 10:21:41 | 000,005,038 | ---- | C] () -- C:\WINDOWS\4904sparze2757.exe
    [2008/09/27 19:04:08 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\5z09threat5187.bin
    [2008/09/27 13:18:32 | 000,003,905 | ---- | C] () -- C:\WINDOWS\System32\7219steal2518z.bin
    [2008/09/25 00:04:37 | 000,017,184 | ---- | C] () -- C:\WINDOWS\System32\3z57thr5at20921.dll
    [2008/09/24 08:39:07 | 000,003,806 | ---- | C] () -- C:\WINDOWS\System32\45c4th5ez2499.bin
    [2008/09/21 23:26:02 | 000,018,179 | ---- | C] () -- C:\WINDOWS\System32\5ce7thi952517z.dll
    [2008/09/19 17:04:20 | 000,015,972 | ---- | C] () -- C:\WINDOWS\282975orm5afz.dll
    [2008/09/19 13:40:13 | 000,015,109 | ---- | C] () -- C:\WINDOWS\55716zackto9lf2.dll
    [2008/09/19 07:14:20 | 000,007,284 | ---- | C] () -- C:\WINDOWS\1fz6dow5loader1988.exe
    [2008/09/18 15:37:42 | 000,008,286 | ---- | C] () -- C:\WINDOWS\2256vzr990.dll
    [2008/09/12 22:36:17 | 000,018,267 | ---- | C] () -- C:\WINDOWS\System32\49fedow5loader11z5.dll
    [2008/09/09 00:48:19 | 000,012,960 | ---- | C] () -- C:\WINDOWS\166z5hac9tool3.bin
    [2008/09/08 05:56:36 | 000,012,677 | ---- | C] () -- C:\WINDOWS\System32\a99th5ef247z.dll
    [2008/09/01 14:23:30 | 000,005,178 | ---- | C] () -- C:\WINDOWS\System32\zf5downl9a5er2373.bin
    [2008/08/24 22:51:37 | 000,017,673 | ---- | C] () -- C:\WINDOWS\7ca0ste5lz97.dll
    [2008/08/18 02:52:13 | 000,013,736 | ---- | C] () -- C:\WINDOWS\System32\f595hizf1689.exe
    [2008/08/11 22:23:36 | 000,004,154 | ---- | C] () -- C:\WINDOWS\System32\28518zo9m58c.dll
    [2008/08/09 12:54:50 | 000,014,540 | ---- | C] () -- C:\WINDOWS\System32\585thzef11559.dll
    [2008/08/09 11:27:19 | 000,013,178 | ---- | C] () -- C:\WINDOWS\5z99t5reat18693.bin
    [2008/08/09 00:22:24 | 000,005,903 | ---- | C] () -- C:\WINDOWS\652steal39z5.bin
    [2008/08/05 09:54:06 | 000,003,474 | ---- | C] () -- C:\WINDOWS\30415tr9z30d.dll
    [2008/08/05 04:03:36 | 000,004,090 | ---- | C] () -- C:\WINDOWS\585z3virus4289.exe
    [2008/08/02 15:45:00 | 000,007,228 | ---- | C] () -- C:\WINDOWS\29adbackzoor10285.bin
    [2008/07/23 10:38:02 | 000,007,524 | ---- | C] () -- C:\WINDOWS\23z35hac9t5ol273.dll
    [2008/07/19 12:05:22 | 000,007,653 | ---- | C] () -- C:\WINDOWS\4ba75pyware9z56.bin
    [2008/07/18 14:40:02 | 000,008,368 | ---- | C] () -- C:\WINDOWS\System32\598zdownloader3111.dll
    [2008/07/18 13:06:44 | 000,013,847 | ---- | C] () -- C:\WINDOWS\System32\8579orz534.dll
    [2008/07/15 18:41:01 | 000,007,987 | ---- | C] () -- C:\WINDOWS\1963not-azv5rus6be.bin
    [2008/07/13 18:02:31 | 000,004,253 | ---- | C] () -- C:\WINDOWS\9zf7s5arse2819.dll
    [2008/07/12 21:00:38 | 000,014,298 | ---- | C] () -- C:\WINDOWS\System32\22z9a9dw5re493.bin
    [2008/07/12 07:09:15 | 000,013,402 | ---- | C] () -- C:\WINDOWS\28zethre9t25192.bin
    [2008/07/09 23:00:20 | 000,003,583 | ---- | C] () -- C:\WINDOWS\132195zojc3.bin
    [2008/07/09 19:51:28 | 000,016,262 | ---- | C] () -- C:\WINDOWS\System32\5491haczto5l693.exe
    [2008/07/05 07:41:58 | 000,003,160 | ---- | C] () -- C:\WINDOWS\System32\6102ad5wa9e85z.exe
    [2008/07/05 06:02:18 | 000,009,419 | ---- | C] () -- C:\WINDOWS\243795py7bz.bin
    [2008/07/01 16:06:47 | 000,010,847 | ---- | C] () -- C:\WINDOWS\System32\35adv9r178z.bin
    [2008/06/28 23:50:31 | 000,007,084 | ---- | C] () -- C:\WINDOWS\20179sp9mbot25az.dll
    [2008/06/22 23:43:52 | 000,015,939 | ---- | C] () -- C:\WINDOWS\32929ir2z55.dll
    [2008/06/21 13:12:35 | 000,009,558 | ---- | C] () -- C:\WINDOWS\System32\5845zpy5069.dll
    [2008/06/19 07:47:09 | 000,018,290 | ---- | C] () -- C:\WINDOWS\System32\29544szy161.dll
    [2008/06/19 07:17:35 | 000,012,311 | ---- | C] () -- C:\WINDOWS\95b6threat322z6.exe
    [2008/06/17 15:46:05 | 000,014,788 | ---- | C] () -- C:\WINDOWS\28509spamb9t55z.exe
    [2008/06/17 14:15:08 | 000,007,074 | ---- | C] () -- C:\WINDOWS\System32\659b5ir229z9.bin
    [2008/06/16 23:00:20 | 000,008,539 | ---- | C] () -- C:\WINDOWS\System32\4553add9ar5z397.bin
    [2008/06/16 14:19:16 | 000,017,076 | ---- | C] () -- C:\WINDOWS\37d1back9zor2593.exe
    [2008/06/15 23:39:55 | 000,008,384 | ---- | C] () -- C:\WINDOWS\z795tro991.dll
    [2008/06/15 11:11:32 | 000,009,922 | ---- | C] () -- C:\WINDOWS\System32\445fvir294z.bin
    [2008/06/14 18:34:37 | 000,005,713 | ---- | C] () -- C:\WINDOWS\157589ot-z-virus331.bin
    [2008/06/14 14:25:54 | 000,013,640 | ---- | C] () -- C:\WINDOWS\18298hack9ool55z.bin
    [2008/06/07 18:13:18 | 000,014,972 | ---- | C] () -- C:\WINDOWS\System32\14z56spy51f9.dll
    [2008/06/07 14:56:57 | 000,009,703 | ---- | C] () -- C:\WINDOWS\System32\z09v5r20979.dll
    [2008/06/07 03:05:53 | 000,002,868 | ---- | C] () -- C:\WINDOWS\21938s5y3z29.exe
    [2008/06/02 19:10:49 | 000,011,986 | ---- | C] () -- C:\WINDOWS\70195zrus156.bin
    [2008/06/02 12:03:15 | 000,003,195 | ---- | C] () -- C:\WINDOWS\System32\6129spywarz9531.dll
    [2008/05/27 02:08:24 | 000,012,701 | ---- | C] () -- C:\WINDOWS\9z19pambot505.dll
    [2008/05/26 08:21:38 | 000,004,859 | ---- | C] () -- C:\WINDOWS\173775iru91b3z.bin
    [2008/05/25 08:38:58 | 000,016,368 | ---- | C] () -- C:\WINDOWS\8909v5rzs436.dll
    [2008/05/21 07:52:02 | 000,014,989 | ---- | C] () -- C:\WINDOWS\3960s5a9ze1384.bin
    [2008/05/18 12:31:20 | 000,011,440 | ---- | C] () -- C:\WINDOWS\5559troj4ez.exe
    [2008/05/17 08:33:01 | 000,009,648 | ---- | C] () -- C:\WINDOWS\1zc5stea9912.exe
    [2008/05/16 07:57:18 | 000,003,225 | ---- | C] () -- C:\WINDOWS\8504t9oj65cz.dll
    [2008/05/15 21:55:27 | 000,012,678 | ---- | C] () -- C:\WINDOWS\System32\1d90stea92z51.exe
    [2008/05/13 12:38:18 | 000,017,906 | ---- | C] () -- C:\WINDOWS\System32\z30threa930595.exe
    [2008/05/09 16:22:40 | 000,007,425 | ---- | C] () -- C:\WINDOWS\System32\5519thiez3584.dll
    [2008/05/09 11:33:44 | 000,010,993 | ---- | C] () -- C:\WINDOWS\System32\z9564viru53e7.bin
    [2008/05/06 13:51:06 | 000,010,394 | ---- | C] () -- C:\WINDOWS\System32\221379zy552.dll
    [2008/05/05 17:09:06 | 000,011,131 | ---- | C] () -- C:\WINDOWS\System32\15spam9otzf9.exe
    [2008/05/05 05:37:31 | 000,014,729 | ---- | C] () -- C:\WINDOWS\System32\325aspa5sez1909.exe
    [2008/04/27 12:51:08 | 000,003,522 | ---- | C] () -- C:\WINDOWS\System32\78bfad9wa5e672z.dll
    [2008/04/23 17:58:08 | 000,002,967 | ---- | C] () -- C:\WINDOWS\6503vir46z9.dll
    [2008/04/22 12:52:58 | 000,008,602 | ---- | C] () -- C:\WINDOWS\30991zpy1955.bin
    [2008/04/19 04:20:11 | 000,014,071 | ---- | C] () -- C:\WINDOWS\System32\24315troj1cz9.bin
    [2008/04/18 01:53:03 | 000,016,693 | ---- | C] () -- C:\WINDOWS\System32\6b94thi9z2515.exe
    [2008/04/15 13:32:29 | 000,002,776 | ---- | C] () -- C:\WINDOWS\System32\23544w5rm75z9.exe
    [2008/04/11 21:24:47 | 000,003,604 | ---- | C] () -- C:\WINDOWS\3bazs9eal656.bin
    [2008/04/11 04:53:09 | 000,007,595 | ---- | C] () -- C:\WINDOWS\5d7ea9dware191z5.dll
    [2008/04/11 03:13:28 | 000,002,859 | ---- | C] () -- C:\WINDOWS\System32\50739wzrm40b.dll
    [2008/04/08 16:41:49 | 000,009,207 | ---- | C] () -- C:\WINDOWS\System32\90z2not-9-vir5s6c.bin
    [2008/04/08 07:47:58 | 000,011,611 | ---- | C] () -- C:\WINDOWS\System32\537zbackdo9r2395.exe
    [2008/04/06 21:59:32 | 000,012,226 | ---- | C] () -- C:\WINDOWS\74z9stea53024.exe
    [2008/04/04 22:58:23 | 000,013,616 | ---- | C] () -- C:\WINDOWS\22b35hreat91z99.dll
    [2008/04/04 06:34:52 | 000,014,920 | ---- | C] () -- C:\WINDOWS\System32\3f299hzeat56699.bin
    [2008/04/01 05:40:33 | 000,003,662 | ---- | C] () -- C:\WINDOWS\System32\4559spy9arz5920.bin
    [2008/03/28 22:58:16 | 000,009,536 | ---- | C] () -- C:\WINDOWS\2678hac9to5l10cz.dll
    [2008/03/27 11:32:31 | 000,015,088 | ---- | C] () -- C:\WINDOWS\System32\z5362w9rm28f.exe
    [2008/03/25 07:22:05 | 000,005,512 | ---- | C] () -- C:\WINDOWS\6f519hreaz310605.bin
    [2008/03/23 07:12:24 | 000,006,233 | ---- | C] () -- C:\WINDOWS\13585h9cktzol3d1.bin
    [2008/03/16 17:29:35 | 000,009,201 | ---- | C] () -- C:\WINDOWS\System32\19614spy1z05.exe
    [2008/03/16 04:35:55 | 000,006,103 | ---- | C] () -- C:\WINDOWS\2559zhief2490.bin
    [2008/03/12 19:20:09 | 000,009,495 | ---- | C] () -- C:\WINDOWS\System32\310z2tro95475.exe
    [2008/03/07 01:20:17 | 000,013,875 | ---- | C] () -- C:\WINDOWS\System32\512ev9rz556.dll
    [2008/03/05 11:15:09 | 000,003,131 | ---- | C] () -- C:\WINDOWS\758ethre5t3z916.dll
    [2008/03/02 14:34:17 | 000,008,478 | ---- | C] () -- C:\WINDOWS\19103hackto9l55z.exe
    [2008/02/28 16:07:50 | 000,005,388 | ---- | C] () -- C:\WINDOWS\System32\1c5sparse50z29.dll
    [2008/02/25 11:59:12 | 000,003,153 | ---- | C] () -- C:\WINDOWS\System32\99a5tzreat16425.bin
    [2008/02/25 06:42:13 | 000,013,801 | ---- | C] () -- C:\WINDOWS\263179roz59d.bin
    [2008/02/24 22:07:30 | 000,015,735 | ---- | C] () -- C:\WINDOWS\System32\29722not-a-virus2z55.exe
    [2008/02/24 06:09:52 | 000,016,175 | ---- | C] () -- C:\WINDOWS\5916vir3z38.exe
    [2008/02/23 14:48:16 | 000,015,711 | ---- | C] () -- C:\WINDOWS\321z9ha5ktool7c9.dll
    [2008/02/20 19:43:24 | 000,011,219 | ---- | C] () -- C:\WINDOWS\System32\6e875pywaze9560.exe
    [2008/02/19 19:30:47 | 000,013,544 | ---- | C] () -- C:\WINDOWS\1809zir5595.exe
    [2008/02/17 11:59:08 | 000,011,952 | ---- | C] () -- C:\WINDOWS\System32\189z5wnloader1599.bin
    [2008/02/17 08:58:58 | 000,011,876 | ---- | C] () -- C:\WINDOWS\5f2z5ddwa9e693.bin
    [2008/02/14 22:58:38 | 000,009,194 | ---- | C] () -- C:\WINDOWS\System32\17b9downloz5er1696.exe
    [2008/02/14 13:56:56 | 000,006,298 | ---- | C] () -- C:\WINDOWS\System32\23977w5zm51.bin
    [2008/02/13 15:44:12 | 000,002,709 | ---- | C] () -- C:\WINDOWS\10z5threa913269.dll
    [2008/02/12 17:56:38 | 000,009,134 | ---- | C] () -- C:\WINDOWS\System32\32349hackt5ol45z.dll
    [2008/02/12 04:46:57 | 000,012,616 | ---- | C] () -- C:\WINDOWS\System32\199dbac5dzor681.dll
    [2008/02/10 15:51:47 | 000,009,924 | ---- | C] () -- C:\WINDOWS\20477s9amzot7155.bin
    [2008/02/08 20:11:47 | 000,009,839 | ---- | C] () -- C:\WINDOWS\15975zr302.exe
    [2008/02/07 10:39:56 | 000,011,988 | ---- | C] () -- C:\WINDOWS\System32\47zast9al501.exe
    [2008/02/07 02:04:41 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\1712threat9655z.dll
    [2008/02/03 19:04:00 | 000,012,278 | ---- | C] () -- C:\WINDOWS\2d2fstealz359.exe
    [2008/02/01 23:45:23 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\5d7z59arse2981.dll
    [2008/01/25 12:46:18 | 000,005,407 | ---- | C] () -- C:\WINDOWS\System32\49bbthrez926156.dll
    [2008/01/24 19:33:04 | 000,016,183 | ---- | C] () -- C:\WINDOWS\59e9downlozde53233.exe
    [2008/01/23 11:20:26 | 000,006,187 | ---- | C] () -- C:\WINDOWS\System32\4z5cspyware959.exe
    [2008/01/19 14:55:13 | 000,004,547 | ---- | C] () -- C:\WINDOWS\System32\574z8sp97c0.dll
    [2008/01/17 19:58:21 | 000,005,638 | ---- | C] () -- C:\WINDOWS\17evz59178.dll
    [2008/01/17 09:29:12 | 000,008,302 | ---- | C] () -- C:\WINDOWS\System32\4527haczt9ol521.dll
    [2008/01/15 07:15:17 | 000,006,502 | ---- | C] () -- C:\WINDOWS\System32\37395azktool649.exe
    [2008/01/12 04:49:04 | 000,003,309 | ---- | C] () -- C:\WINDOWS\System32\3e9avir31z5.dll
    [2008/01/09 07:36:32 | 000,006,153 | ---- | C] () -- C:\WINDOWS\System32\4807zhief8579.bin
    [2008/01/09 03:27:05 | 000,007,586 | ---- | C] () -- C:\WINDOWS\9794wo5m395z.exe
    [2008/01/08 19:42:22 | 000,015,027 | ---- | C] () -- C:\WINDOWS\13151spamz955d5.dll
    [2008/01/05 11:45:31 | 000,018,013 | ---- | C] () -- C:\WINDOWS\1ea4threzt95055.bin
    [2008/01/01 18:32:22 | 000,003,723 | ---- | C] () -- C:\WINDOWS\System32\z8e3do9n5oader536.dll
    [2010/09/11 13:55:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{35ACA973-70F0-495F-9092-74A130711865}

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Download ComboFix here :

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them
    Click me
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Things I would like to see in your reply:

  • OTL log
  • Combofix.txt

Link to post
Share on other sites

All processes killed

========== OTL ==========

HKU\S-1-5-21-1708537768-1275210071-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1708537768-1275210071-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.

Registry value HKEY_USERS\S-1-5-21-1708537768-1275210071-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

Registry value HKEY_USERS\S-1-5-21-1708537768-1275210071-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f884ad84-acf6-11df-80bc-00248c85b0ba}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f884ad84-acf6-11df-80bc-00248c85b0ba}\ not found.

File G:\setupSNK.exe not found.

C:\WINDOWS\29d9zpa5se527.bin moved successfully.

C:\WINDOWS\system32\135ebac9door1z31.dll moved successfully.

C:\WINDOWS\system32\1068dow5l9ader49z.dll moved successfully.

C:\WINDOWS\7008zh5e93030.dll moved successfully.

C:\WINDOWS\system32\96249iruz549.dll moved successfully.

C:\WINDOWS\65b0downzoade917.bin moved successfully.

C:\WINDOWS\209z9spy5b65.dll moved successfully.

C:\WINDOWS\system32\z5393worm2bb.exe moved successfully.

C:\WINDOWS\15z2spy599.dll moved successfully.

C:\WINDOWS\14039virzs65f.dll moved successfully.

C:\WINDOWS\15144zp5mbot3009.exe moved successfully.

C:\WINDOWS\22dow9loa5ez2084.exe moved successfully.

C:\WINDOWS\system32\4462not-a5virus9e8z.dll moved successfully.

C:\WINDOWS\system32\189dsparz5629.dll moved successfully.

C:\WINDOWS\55csteaz990.bin moved successfully.

C:\WINDOWS\za7csteal965.dll moved successfully.

C:\WINDOWS\system32\7963hac95zol78.exe moved successfully.

C:\WINDOWS\system32\4da9downl59derz960.exe moved successfully.

C:\WINDOWS\4c35thr59tz815.exe moved successfully.

C:\WINDOWS\7acethzeat165659.exe moved successfully.

C:\WINDOWS\system32\9140download5r253z.exe moved successfully.

C:\WINDOWS\5529hiez1132.bin moved successfully.

C:\WINDOWS\system32\1z90addware9805.exe moved successfully.

C:\WINDOWS\system32\31354spambo9zf.bin moved successfully.

C:\WINDOWS\system32\9z5spy5099.bin moved successfully.

C:\WINDOWS\9cczd5wnloader150.exe moved successfully.

C:\WINDOWS\116945irz9604.exe moved successfully.

C:\WINDOWS\692athre95z567.bin moved successfully.

C:\WINDOWS\system32\4343spzr5e3194.dll moved successfully.

C:\WINDOWS\system32\1z9fbackdoor2459.exe moved successfully.

C:\WINDOWS\system32\3d5fvi5z339.dll moved successfully.

C:\WINDOWS\system32\ea7zhreat5896.exe moved successfully.

C:\WINDOWS\system32\21381spa5b9z798.dll moved successfully.

C:\WINDOWS\system32\2955sp9mzot5fc.bin moved successfully.

C:\WINDOWS\system32\219fd5wnlzader3106.bin moved successfully.

C:\WINDOWS\system32\3045hac9tozl45d.exe moved successfully.

C:\WINDOWS\system32\95029spazbot93.exe moved successfully.

C:\WINDOWS\system32\561troj993z.bin moved successfully.

C:\WINDOWS\5cc9s9az5e1994.bin moved successfully.

C:\WINDOWS\15339spam9zt512.bin moved successfully.

C:\WINDOWS\system32\57124hackt9olzb5.bin moved successfully.

C:\WINDOWS\599bzhr9a513354.dll moved successfully.

C:\WINDOWS\system32\z7092not-a5virus5599.dll moved successfully.

C:\WINDOWS\system32\983aspyzare546.dll moved successfully.

C:\WINDOWS\916cthrea5z9216.bin moved successfully.

C:\WINDOWS\6965sz9mbot7df.dll moved successfully.

C:\WINDOWS\system32\15829py5dz.bin moved successfully.

C:\WINDOWS\65z9th9ef1549.dll moved successfully.

C:\WINDOWS\52e0spyware297z.exe moved successfully.

C:\WINDOWS\76519pz3e5.exe moved successfully.

C:\WINDOWS\2z999spy58c.bin moved successfully.

C:\WINDOWS\79fadownz9ade5702.dll moved successfully.

C:\WINDOWS\4111wor529z.dll moved successfully.

C:\WINDOWS\27z85h9ckto5l7b.dll moved successfully.

C:\WINDOWS\system32\3311dzwnloader9153.dll moved successfully.

C:\WINDOWS\47f0s9yw5rz171.bin moved successfully.

C:\WINDOWS\system32\5361zi9us255.dll moved successfully.

C:\WINDOWS\system32\17626wo5m29bz.bin moved successfully.

C:\WINDOWS\z4e6backdoor2985.exe moved successfully.

C:\WINDOWS\12357wormz39.exe moved successfully.

C:\WINDOWS\system32\4d9csp5rse40z.dll moved successfully.

C:\WINDOWS\3c1a5zdwar91358.dll moved successfully.

C:\WINDOWS\system32\9155viruz490.exe moved successfully.

C:\WINDOWS\9z479worm25e.exe moved successfully.

C:\WINDOWS\9aaethr5at2501z.dll moved successfully.

C:\WINDOWS\275z9tr9j251.dll moved successfully.

C:\WINDOWS\218fspy59ze538.dll moved successfully.

C:\WINDOWS\32294t5oj197z.bin moved successfully.

C:\WINDOWS\system32\19954spambotzc5.bin moved successfully.

C:\WINDOWS\a97thzef9415.dll moved successfully.

C:\WINDOWS\31975s9z3dd.dll moved successfully.

C:\WINDOWS\system32\d61d9w5zoader2756.dll moved successfully.

C:\WINDOWS\system32\17369v95zs719.dll moved successfully.

C:\WINDOWS\25z89spambo93f6.dll moved successfully.

C:\WINDOWS\system32\1z756viru56cc9.exe moved successfully.

C:\WINDOWS\43a25o9nloadzr2656.bin moved successfully.

C:\WINDOWS\system32\z2aat9ie52144.dll moved successfully.

C:\WINDOWS\system32\11925s5ambot2fz9.bin moved successfully.

C:\WINDOWS\22662wo95cz.dll moved successfully.

C:\WINDOWS\system32\22590worm6z95.bin moved successfully.

C:\WINDOWS\system32\26664hack9o5l402z.dll moved successfully.

C:\WINDOWS\system32\1ed2ad9war5z84.exe moved successfully.

C:\WINDOWS\228215oz-a-9irus1a7.exe moved successfully.

C:\WINDOWS\9581notza-virus7865.bin moved successfully.

C:\WINDOWS\1z72add9ar53016.bin moved successfully.

C:\WINDOWS\system32\1469not-5-vizus264.exe moved successfully.

C:\WINDOWS\5b0dthi9fz083.dll moved successfully.

C:\WINDOWS\system32\7c77tzie91533.dll moved successfully.

C:\WINDOWS\system32\95586spz7dc.exe moved successfully.

C:\WINDOWS\system32\2z2dbac5door904.exe moved successfully.

C:\WINDOWS\551sparse13z69.exe moved successfully.

C:\WINDOWS\system32\73519hzeat300185.dll moved successfully.

C:\WINDOWS\319aaddwar51691z.dll moved successfully.

C:\WINDOWS\19595spy794z.exe moved successfully.

C:\WINDOWS\z5975py7d9.bin moved successfully.

C:\WINDOWS\272199o5m679z.bin moved successfully.

C:\WINDOWS\system32\ae5thief9z08.bin moved successfully.

C:\WINDOWS\system32\11509wormzaa.dll moved successfully.

C:\WINDOWS\system32\58c6bazk9oor2475.exe moved successfully.

C:\WINDOWS\system32\181a59izf759.dll moved successfully.

C:\WINDOWS\1a0cstzal5930.bin moved successfully.

C:\WINDOWS\90155troj125z.exe moved successfully.

C:\WINDOWS\158839pyz495.exe moved successfully.

C:\WINDOWS\3395vzrus56c.bin moved successfully.

C:\WINDOWS\system32\23605zpy2709.exe moved successfully.

C:\WINDOWS\1311noz-9-5irus4bb.dll moved successfully.

C:\WINDOWS\system32\2d52do9nzoader2447.dll moved successfully.

C:\WINDOWS\25039not-azvi9us5a5.exe moved successfully.

C:\WINDOWS\656downloa9zr1748.bin moved successfully.

C:\WINDOWS\system32\1271st9zl955.bin moved successfully.

C:\WINDOWS\system32\25997worz705.bin moved successfully.

C:\WINDOWS\system32\24358troz195.dll moved successfully.

C:\WINDOWS\system32\2796spa5boz2df.exe moved successfully.

C:\Documents and Settings\RMK\Application Data\vso_ts_preview.xml moved successfully.

C:\Documents and Settings\RMK\Application Data\inst.exe moved successfully.

C:\WINDOWS\system32\9978virusz285.bin moved successfully.

C:\WINDOWS\565z9py2d3.exe moved successfully.

C:\WINDOWS\system32\77e0ba5kdoorz094.dll moved successfully.

C:\WINDOWS\77zdvir11159.exe moved successfully.

C:\WINDOWS\3z877hack9o5l9c.exe moved successfully.

C:\WINDOWS\94004not-a5viruz1e.bin moved successfully.

C:\WINDOWS\6185i9z489.exe moved successfully.

C:\WINDOWS\system32\9259hazk5ool79e.bin moved successfully.

C:\WINDOWS\29449nzt9a-virus155.exe moved successfully.

C:\WINDOWS\13742w9rz61b5.dll moved successfully.

C:\WINDOWS\system32\7z75b9ck5oor1435.exe moved successfully.

C:\WINDOWS\system32\9z53downloader513.exe moved successfully.

C:\WINDOWS\system32\24995tzal2140.exe moved successfully.

C:\WINDOWS\zcdvir1594.dll moved successfully.

C:\WINDOWS\system32\3ze5steal9155.dll moved successfully.

C:\WINDOWS\9954hzckto9l39.dll moved successfully.

C:\WINDOWS\system32\67a95ir14z0.bin moved successfully.

C:\WINDOWS\system32\1e5fdo95loadzr825.exe moved successfully.

C:\WINDOWS\195aba5kdoor2429z.exe moved successfully.

C:\WINDOWS\system32\11043notz9-virus555.dll moved successfully.

C:\WINDOWS\system32\28590worm61z9.exe moved successfully.

C:\WINDOWS\z1045sp549.bin moved successfully.

C:\WINDOWS\system32\9a67sparse589z.dll moved successfully.

C:\WINDOWS\49zdsteal3059.exe moved successfully.

C:\WINDOWS\51z9spywar9505.exe moved successfully.

C:\WINDOWS\4z4fv5r9871.dll moved successfully.

C:\WINDOWS\system32\167589roz53d.exe moved successfully.

C:\WINDOWS\system32\55309py15z.dll moved successfully.

C:\WINDOWS\1fd5ste9l86z.exe moved successfully.

C:\WINDOWS\39488z5rme4.dll moved successfully.

C:\WINDOWS\system32\6e5zspyware8889.exe moved successfully.

C:\WINDOWS\system32\5dactz95f1547.exe moved successfully.

C:\WINDOWS\system32\30543spamz5t169.dll moved successfully.

C:\WINDOWS\30b8vi5491z.bin moved successfully.

C:\WINDOWS\system32\2b24addza9e1259.exe moved successfully.

C:\WINDOWS\system32\z4965not-a-v9rus594.exe moved successfully.

C:\WINDOWS\system32\594athief6z2.dll moved successfully.

C:\WINDOWS\586hzcktoo9192.dll moved successfully.

C:\WINDOWS\system32\2984t5oz598.dll moved successfully.

C:\WINDOWS\system32\5720zwor96d5.bin moved successfully.

C:\WINDOWS\system32\75645ownzoader2299.exe moved successfully.

C:\WINDOWS\5987thzeat15550.exe moved successfully.

C:\WINDOWS\590evir11z5.bin moved successfully.

C:\WINDOWS\4a0z95ef265.bin moved successfully.

C:\WINDOWS\system32\575zdownloa9er2962.exe moved successfully.

C:\WINDOWS\3z8addw9re536.exe moved successfully.

C:\WINDOWS\fc9zpywa5e2924.dll moved successfully.

C:\WINDOWS\system32\zc9csteal19675.bin moved successfully.

C:\WINDOWS\system32\zaedbackd9or2560.bin moved successfully.

C:\WINDOWS\60zf5ownloader9319.exe moved successfully.

C:\WINDOWS\12881s5yz239.dll moved successfully.

C:\WINDOWS\z568stea9889.exe moved successfully.

C:\WINDOWS\system32\2573downlzad95172.dll moved successfully.

C:\WINDOWS\5zffaddware9217.bin moved successfully.

C:\WINDOWS\29996sp55ez.bin moved successfully.

C:\WINDOWS\3228downzoader589.exe moved successfully.

C:\WINDOWS\system32\z922959rm30f.bin moved successfully.

C:\WINDOWS\69fcsparse239z5.dll moved successfully.

C:\WINDOWS\system32\7709spyw5rez34.bin moved successfully.

C:\WINDOWS\system32\19z5sparse5298.bin moved successfully.

C:\WINDOWS\8159no9-z5virus683.exe moved successfully.

C:\WINDOWS\system32\6015azdware2933.dll moved successfully.

C:\WINDOWS\system32\13523spy2b9z.dll moved successfully.

C:\WINDOWS\1599thr5atz941.dll moved successfully.

C:\WINDOWS\system32\10954no9-z-virus2f4.exe moved successfully.

C:\WINDOWS\system32\unrar.dll moved successfully.

C:\WINDOWS\system32\4ac35pyware149z.dll moved successfully.

C:\WINDOWS\system32\61b9bazkd5or2917.exe moved successfully.

C:\WINDOWS\4659zpambot5d95.bin moved successfully.

C:\WINDOWS\1500zir296.exe moved successfully.

C:\WINDOWS\system32\3d8795eaz1799.exe moved successfully.

C:\WINDOWS\system32\3b78adz5ar92068.exe moved successfully.

C:\WINDOWS\system32\46z1t5reat14098.bin moved successfully.

C:\WINDOWS\zb0fs9ywa5e3041.bin moved successfully.

C:\WINDOWS\6609hackzool654.exe moved successfully.

C:\WINDOWS\5a68thrzat299169.dll moved successfully.

C:\WINDOWS\5869backdoorz602.dll moved successfully.

C:\WINDOWS\ativpsrm.bin moved successfully.

C:\WINDOWS\system32\35665teal9899z.bin moved successfully.

C:\WINDOWS\6c36down5oader2901z.exe moved successfully.

C:\WINDOWS\25649wormz4e.exe moved successfully.

C:\WINDOWS\system32\50b1d5wnloazer3293.bin moved successfully.

C:\WINDOWS\system32\185zdow9loader62.bin moved successfully.

C:\WINDOWS\29287hackzool7c5.dll moved successfully.

C:\WINDOWS\system32\9z95orm19b.bin moved successfully.

C:\WINDOWS\system32\z73085irus499.dll moved successfully.

C:\WINDOWS\system32\z1594sp9mbot5cf.bin moved successfully.

C:\WINDOWS\98eszyware1351.exe moved successfully.

C:\WINDOWS\202z3vir9s15f.exe moved successfully.

C:\WINDOWS\system32\5610wormz59.exe moved successfully.

C:\WINDOWS\system32\51z6backd9or984.exe moved successfully.

C:\WINDOWS\2957spywarz796.exe moved successfully.

C:\WINDOWS\6ca45pyware90z1.exe moved successfully.

C:\WINDOWS\1ezs95rse1930.dll moved successfully.

C:\WINDOWS\31435troz59b.exe moved successfully.

C:\WINDOWS\system32\4e62s59az2904.dll moved successfully.

C:\WINDOWS\32125sp59boz455.bin moved successfully.

C:\WINDOWS\5446a9dware2z10.exe moved successfully.

C:\WINDOWS\2547zddwar95755.bin moved successfully.

C:\WINDOWS\system32\3z210hackt95l7f.bin moved successfully.

C:\WINDOWS\1f94tzief18055.bin moved successfully.

C:\WINDOWS\system32\289635irus63z.dll moved successfully.

C:\WINDOWS\system32\4d19downloa5er4z3.dll moved successfully.

C:\WINDOWS\27309nzt-a9viru53e1.exe moved successfully.

C:\WINDOWS\system32\319at5ief159z.dll moved successfully.

C:\WINDOWS\system32\28965ownloazer1907.bin moved successfully.

C:\WINDOWS\system32\59064viz9s3f5.bin moved successfully.

C:\WINDOWS\system32\9197tr9j45fz.bin moved successfully.

C:\WINDOWS\1389zspy95f.exe moved successfully.

C:\WINDOWS\1a0csp9rse5z1.exe moved successfully.

C:\WINDOWS\615evzr9706.bin moved successfully.

C:\WINDOWS\system32\6032sp59z0.dll moved successfully.

C:\WINDOWS\system32\28961sz5c1.exe moved successfully.

C:\WINDOWS\system32\296129pyz85.bin moved successfully.

C:\WINDOWS\8899te5lz80.exe moved successfully.

C:\WINDOWS\system32\5c39thzeat29335.bin moved successfully.

C:\WINDOWS\2967szambo594a.exe moved successfully.

C:\WINDOWS\540zbackdoor28269.bin moved successfully.

C:\WINDOWS\system32\188625z9ktool36.bin moved successfully.

C:\WINDOWS\system32\1a96spazs5952.exe moved successfully.

C:\WINDOWS\system32\2650spam9ot3f5z.dll moved successfully.

C:\WINDOWS\system32\af9zhreat5238.dll moved successfully.

C:\WINDOWS\system32\24918t5zja7.dll moved successfully.

C:\WINDOWS\15499py7zf.bin moved successfully.

C:\WINDOWS\system32\15129spa5bzt34.bin moved successfully.

C:\WINDOWS\system32\9312w5rz7db.dll moved successfully.

C:\WINDOWS\system32\137549iruz5c8.dll moved successfully.

C:\WINDOWS\181c5ownloade9z871.dll moved successfully.

C:\WINDOWS\3fz25hief19409.exe moved successfully.

C:\WINDOWS\system32\65fzthreat19912.bin moved successfully.

C:\WINDOWS\24331vir9sz45.exe moved successfully.

C:\WINDOWS\7e21spy5ar9z71.exe moved successfully.

C:\WINDOWS\4b78d5z9loader3.bin moved successfully.

C:\WINDOWS\system32\6edz95r1235.bin moved successfully.

C:\WINDOWS\1523not-a-5i9uz645.bin moved successfully.

C:\WINDOWS\system32\3656azdware9645.bin moved successfully.

C:\WINDOWS\system32\z75959eal762.bin moved successfully.

C:\WINDOWS\system32\4562tzr5at29855.dll moved successfully.

C:\WINDOWS\1606dowzloade922525.bin moved successfully.

C:\WINDOWS\10z91spy5a.bin moved successfully.

C:\WINDOWS\system32\z2391sp56fb.bin moved successfully.

C:\WINDOWS\756fdownlo5de91959z.exe moved successfully.

C:\WINDOWS\system32\5559sp9mbot355z.bin moved successfully.

C:\WINDOWS\system32\944thrzat15799.dll moved successfully.

C:\WINDOWS\1z69ir2554.exe moved successfully.

C:\WINDOWS\system32\69789pywaze2595.bin moved successfully.

C:\WINDOWS\6c43s9ywar524z1.bin moved successfully.

C:\WINDOWS\system32\15z14ha9ktool3b1.exe moved successfully.

C:\WINDOWS\system32\9637s5eal51z.bin moved successfully.

C:\WINDOWS\system32\20495vzrus718.bin moved successfully.

C:\WINDOWS\system32\18ez9i52186.exe moved successfully.

C:\WINDOWS\system32\5341vi9uszba.dll moved successfully.

C:\WINDOWS\system32\10360sp9z25.exe moved successfully.

C:\WINDOWS\2za5spa9se2189.dll moved successfully.

C:\WINDOWS\system32\99z97sp554d.exe moved successfully.

C:\WINDOWS\5270spam9z5167.exe moved successfully.

C:\WINDOWS\system32\4655zhreat25479.dll moved successfully.

C:\WINDOWS\3ed0doznl5ader962.dll moved successfully.

C:\WINDOWS\system32\3z807not5a-virus1a9.bin moved successfully.

C:\WINDOWS\system32\14149ddwarez595.dll moved successfully.

C:\WINDOWS\13c5sz95se872.bin moved successfully.

C:\WINDOWS\50dbb9ckdoor232z.dll moved successfully.

C:\WINDOWS\173155acktoo934z.bin moved successfully.

C:\WINDOWS\19865vzrus291.exe moved successfully.

C:\WINDOWS\z220859y158.dll moved successfully.

C:\WINDOWS\8999h59ktool6a5z.exe moved successfully.

C:\WINDOWS\system32\211859rzj595.exe moved successfully.

C:\WINDOWS\1379zwor520e.dll moved successfully.

C:\WINDOWS\1fac5zyware955.exe moved successfully.

C:\WINDOWS\system32\3357t9oj3zb5.dll moved successfully.

C:\WINDOWS\4d5eadzware9219.exe moved successfully.

C:\WINDOWS\system32\149addw5re23z.exe moved successfully.

C:\WINDOWS\system32\95859szambot455.exe moved successfully.

C:\WINDOWS\4106not-a9vir5sz18.exe moved successfully.

C:\WINDOWS\1875z9roj2495.dll moved successfully.

C:\WINDOWS\3a87zhief2935.dll moved successfully.

C:\WINDOWS\system32\6550v5r91z5.dll moved successfully.

C:\WINDOWS\system32\2229ziru52f8.exe moved successfully.

C:\WINDOWS\system32\5fz9p5rse1299.dll moved successfully.

C:\WINDOWS\5z8dst59l719.exe moved successfully.

C:\WINDOWS\3e23sp5waze25099.dll moved successfully.

C:\WINDOWS\system32\zd79vir1536.dll moved successfully.

C:\WINDOWS\zc859ddware1231.bin moved successfully.

C:\WINDOWS\3z55spy75d9.bin moved successfully.

C:\WINDOWS\99907spy5z55.bin moved successfully.

C:\WINDOWS\system32\2z41sp5m9ot791.exe moved successfully.

C:\WINDOWS\245335azktool7f89.bin moved successfully.

C:\WINDOWS\9257not-9-vzrus51.bin moved successfully.

C:\WINDOWS\3901sp5mbot7z9.dll moved successfully.

C:\WINDOWS\5a9abzckdoor1426.dll moved successfully.

C:\WINDOWS\system32\36e2a9dzare5648.bin moved successfully.

C:\WINDOWS\1594thzef1517.exe moved successfully.

C:\WINDOWS\16255hackt9ol57z.bin moved successfully.

C:\WINDOWS\597z9pambot2a0.dll moved successfully.

C:\WINDOWS\75z5dow9load5r1482.bin moved successfully.

C:\WINDOWS\93281zorm453.bin moved successfully.

C:\WINDOWS\z49baddwar54569.exe moved successfully.

C:\WINDOWS\z215addwa9e3264.dll moved successfully.

C:\WINDOWS\19832zirus395.exe moved successfully.

C:\WINDOWS\95cs5eal992z.dll moved successfully.

C:\WINDOWS\7a52spywaze2903.dll moved successfully.

C:\WINDOWS\system32\1900295rus39z.dll moved successfully.

C:\WINDOWS\system32\310z3hackt9ol751.exe moved successfully.

C:\WINDOWS\system32\5959sparse132z.bin moved successfully.

C:\WINDOWS\system32\7260szy5b69.dll moved successfully.

C:\WINDOWS\system32\5bcfbackdooz9114.bin moved successfully.

C:\WINDOWS\system32\4c5zdo5nl9ader1655.bin moved successfully.

C:\WINDOWS\system32\25215not-a-v9rzs580.dll moved successfully.

C:\WINDOWS\system32\92fv5r8z6.dll moved successfully.

C:\WINDOWS\4904sparze2757.exe moved successfully.

C:\WINDOWS\system32\5z09threat5187.bin moved successfully.

C:\WINDOWS\system32\7219steal2518z.bin moved successfully.

C:\WINDOWS\system32\3z57thr5at20921.dll moved successfully.

C:\WINDOWS\system32\45c4th5ez2499.bin moved successfully.

C:\WINDOWS\system32\5ce7thi952517z.dll moved successfully.

C:\WINDOWS\282975orm5afz.dll moved successfully.

C:\WINDOWS\55716zackto9lf2.dll moved successfully.

C:\WINDOWS\1fz6dow5loader1988.exe moved successfully.

C:\WINDOWS\2256vzr990.dll moved successfully.

C:\WINDOWS\system32\49fedow5loader11z5.dll moved successfully.

C:\WINDOWS\166z5hac9tool3.bin moved successfully.

C:\WINDOWS\system32\a99th5ef247z.dll moved successfully.

C:\WINDOWS\system32\zf5downl9a5er2373.bin moved successfully.

C:\WINDOWS\7ca0ste5lz97.dll moved successfully.

C:\WINDOWS\system32\f595hizf1689.exe moved successfully.

C:\WINDOWS\system32\28518zo9m58c.dll moved successfully.

C:\WINDOWS\system32\585thzef11559.dll moved successfully.

C:\WINDOWS\5z99t5reat18693.bin moved successfully.

C:\WINDOWS\652steal39z5.bin moved successfully.

C:\WINDOWS\30415tr9z30d.dll moved successfully.

C:\WINDOWS\585z3virus4289.exe moved successfully.

C:\WINDOWS\29adbackzoor10285.bin moved successfully.

C:\WINDOWS\23z35hac9t5ol273.dll moved successfully.

C:\WINDOWS\4ba75pyware9z56.bin moved successfully.

C:\WINDOWS\system32\598zdownloader3111.dll moved successfully.

C:\WINDOWS\system32\8579orz534.dll moved successfully.

C:\WINDOWS\1963not-azv5rus6be.bin moved successfully.

C:\WINDOWS\9zf7s5arse2819.dll moved successfully.

C:\WINDOWS\system32\22z9a9dw5re493.bin moved successfully.

C:\WINDOWS\28zethre9t25192.bin moved successfully.

C:\WINDOWS\132195zojc3.bin moved successfully.

C:\WINDOWS\system32\5491haczto5l693.exe moved successfully.

C:\WINDOWS\system32\6102ad5wa9e85z.exe moved successfully.

C:\WINDOWS\243795py7bz.bin moved successfully.

C:\WINDOWS\system32\35adv9r178z.bin moved successfully.

C:\WINDOWS\20179sp9mbot25az.dll moved successfully.

C:\WINDOWS\32929ir2z55.dll moved successfully.

C:\WINDOWS\system32\5845zpy5069.dll moved successfully.

C:\WINDOWS\system32\29544szy161.dll moved successfully.

C:\WINDOWS\95b6threat322z6.exe moved successfully.

C:\WINDOWS\28509spamb9t55z.exe moved successfully.

C:\WINDOWS\system32\659b5ir229z9.bin moved successfully.

C:\WINDOWS\system32\4553add9ar5z397.bin moved successfully.

C:\WINDOWS\37d1back9zor2593.exe moved successfully.

C:\WINDOWS\z795tro991.dll moved successfully.

C:\WINDOWS\system32\445fvir294z.bin moved successfully.

C:\WINDOWS\157589ot-z-virus331.bin moved successfully.

C:\WINDOWS\18298hack9ool55z.bin moved successfully.

C:\WINDOWS\system32\14z56spy51f9.dll moved successfully.

C:\WINDOWS\system32\z09v5r20979.dll moved successfully.

C:\WINDOWS\21938s5y3z29.exe moved successfully.

C:\WINDOWS\70195zrus156.bin moved successfully.

C:\WINDOWS\system32\6129spywarz9531.dll moved successfully.

C:\WINDOWS\9z19pambot505.dll moved successfully.

C:\WINDOWS\173775iru91b3z.bin moved successfully.

C:\WINDOWS\8909v5rzs436.dll moved successfully.

C:\WINDOWS\3960s5a9ze1384.bin moved successfully.

C:\WINDOWS\5559troj4ez.exe moved successfully.

C:\WINDOWS\1zc5stea9912.exe moved successfully.

C:\WINDOWS\8504t9oj65cz.dll moved successfully.

C:\WINDOWS\system32\1d90stea92z51.exe moved successfully.

C:\WINDOWS\system32\z30threa930595.exe moved successfully.

C:\WINDOWS\system32\5519thiez3584.dll moved successfully.

C:\WINDOWS\system32\z9564viru53e7.bin moved successfully.

C:\WINDOWS\system32\221379zy552.dll moved successfully.

C:\WINDOWS\system32\15spam9otzf9.exe moved successfully.

C:\WINDOWS\system32\325aspa5sez1909.exe moved successfully.

C:\WINDOWS\system32\78bfad9wa5e672z.dll moved successfully.

C:\WINDOWS\6503vir46z9.dll moved successfully.

C:\WINDOWS\30991zpy1955.bin moved successfully.

C:\WINDOWS\system32\24315troj1cz9.bin moved successfully.

C:\WINDOWS\system32\6b94thi9z2515.exe moved successfully.

C:\WINDOWS\system32\23544w5rm75z9.exe moved successfully.

C:\WINDOWS\3bazs9eal656.bin moved successfully.

C:\WINDOWS\5d7ea9dware191z5.dll moved successfully.

C:\WINDOWS\system32\50739wzrm40b.dll moved successfully.

C:\WINDOWS\system32\90z2not-9-vir5s6c.bin moved successfully.

C:\WINDOWS\system32\537zbackdo9r2395.exe moved successfully.

C:\WINDOWS\74z9stea53024.exe moved successfully.

C:\WINDOWS\22b35hreat91z99.dll moved successfully.

C:\WINDOWS\system32\3f299hzeat56699.bin moved successfully.

C:\WINDOWS\system32\4559spy9arz5920.bin moved successfully.

C:\WINDOWS\2678hac9to5l10cz.dll moved successfully.

C:\WINDOWS\system32\z5362w9rm28f.exe moved successfully.

C:\WINDOWS\6f519hreaz310605.bin moved successfully.

C:\WINDOWS\13585h9cktzol3d1.bin moved successfully.

C:\WINDOWS\system32\19614spy1z05.exe moved successfully.

C:\WINDOWS\2559zhief2490.bin moved successfully.

C:\WINDOWS\system32\310z2tro95475.exe moved successfully.

C:\WINDOWS\system32\512ev9rz556.dll moved successfully.

C:\WINDOWS\758ethre5t3z916.dll moved successfully.

C:\WINDOWS\19103hackto9l55z.exe moved successfully.

C:\WINDOWS\system32\1c5sparse50z29.dll moved successfully.

C:\WINDOWS\system32\99a5tzreat16425.bin moved successfully.

C:\WINDOWS\263179roz59d.bin moved successfully.

C:\WINDOWS\system32\29722not-a-virus2z55.exe moved successfully.

C:\WINDOWS\5916vir3z38.exe moved successfully.

C:\WINDOWS\321z9ha5ktool7c9.dll moved successfully.

C:\WINDOWS\system32\6e875pywaze9560.exe moved successfully.

C:\WINDOWS\1809zir5595.exe moved successfully.

C:\WINDOWS\system32\189z5wnloader1599.bin moved successfully.

C:\WINDOWS\5f2z5ddwa9e693.bin moved successfully.

C:\WINDOWS\system32\17b9downloz5er1696.exe moved successfully.

C:\WINDOWS\system32\23977w5zm51.bin moved successfully.

C:\WINDOWS\10z5threa913269.dll moved successfully.

C:\WINDOWS\system32\32349hackt5ol45z.dll moved successfully.

C:\WINDOWS\system32\199dbac5dzor681.dll moved successfully.

C:\WINDOWS\20477s9amzot7155.bin moved successfully.

C:\WINDOWS\15975zr302.exe moved successfully.

C:\WINDOWS\system32\47zast9al501.exe moved successfully.

C:\WINDOWS\system32\1712threat9655z.dll moved successfully.

C:\WINDOWS\2d2fstealz359.exe moved successfully.

C:\WINDOWS\system32\5d7z59arse2981.dll moved successfully.

C:\WINDOWS\system32\49bbthrez926156.dll moved successfully.

C:\WINDOWS\59e9downlozde53233.exe moved successfully.

C:\WINDOWS\system32\4z5cspyware959.exe moved successfully.

C:\WINDOWS\system32\574z8sp97c0.dll moved successfully.

C:\WINDOWS\17evz59178.dll moved successfully.

C:\WINDOWS\system32\4527haczt9ol521.dll moved successfully.

C:\WINDOWS\system32\37395azktool649.exe moved successfully.

C:\WINDOWS\system32\3e9avir31z5.dll moved successfully.

C:\WINDOWS\system32\4807zhief8579.bin moved successfully.

C:\WINDOWS\9794wo5m395z.exe moved successfully.

C:\WINDOWS\13151spamz955d5.dll moved successfully.

C:\WINDOWS\1ea4threzt95055.bin moved successfully.

C:\WINDOWS\system32\z8e3do9n5oader536.dll moved successfully.

C:\Documents and Settings\All Users\Application Data\{35ACA973-70F0-495F-9092-74A130711865} folder moved successfully.

========== COMMANDS ==========

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 180626 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: RMK

->Temp folder emptied: 139262249 bytes

->Temporary Internet Files folder emptied: 111569203 bytes

->Java cache emptied: 1722968 bytes

->Google Chrome cache emptied: 350202006 bytes

->Flash cache emptied: 186486 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 2830336 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 55873316 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 4932377 bytes

RecycleBin emptied: 546110 bytes

Total Files Cleaned = 636.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: RMK

->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.26.0 log created on 07072011_150756

Files\Folders moved on Reboot...

File\Folder C:\Documents and Settings\RMK\Local Settings\Temp\Perflib_Perfdata_1108.dat not found!

File\Folder C:\Documents and Settings\RMK\Local Settings\Temp\~DF6A3E.tmp not found!

File\Folder C:\Documents and Settings\RMK\Local Settings\Temp\~DF6A49.tmp not found!

File\Folder C:\Documents and Settings\RMK\Local Settings\Temp\~DF6AD4.tmp not found!

File\Folder C:\Documents and Settings\RMK\Local Settings\Temp\~DF6ADF.tmp not found!

File\Folder C:\Documents and Settings\RMK\Local Settings\Temp\~DF6B0D.tmp not found!

File\Folder C:\Documents and Settings\RMK\Local Settings\Temp\~DF6B18.tmp not found!

File\Folder C:\Documents and Settings\RMK\Local Settings\Temp\~DFC437.tmp not found!

File\Folder C:\Documents and Settings\RMK\Local Settings\Temp\~DFD651.tmp not found!

Registry entries deleted on Reboot...

Link to post
Share on other sites

ComboFix 11-07-07.02 - RMK 07/07/2011 15:23:47.1.4 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3326.2653 [GMT 2:00]

Running from: c:\documents and settings\RMK\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\RMK\WINDOWS

c:\windows\11152zpamb9t4dd.cpl

c:\windows\1144zsp9mbot5d15.ocx

c:\windows\12475not-a-zirus392.cpl

c:\windows\1394z5orm59e.cpl

c:\windows\14b1downl5ad9z396.ocx

c:\windows\15094zac95ool663.cpl

c:\windows\15342n9t-a-vir5szd4.cpl

c:\windows\1553znot-a-viru95e6.cpl

c:\windows\159bthief1289z.cpl

c:\windows\17z65ha5k9ool72.cpl

c:\windows\19065hacktoo560cz.ocx

c:\windows\19343notza5virus799.cpl

c:\windows\196z5no9-a-virus1d5.cpl

c:\windows\19zathr5at25212.cpl

c:\windows\1e1cthr9at55z7.cpl

c:\windows\1z443s9am5ot84.ocx

c:\windows\2332a9dwarz6875.cpl

c:\windows\25159zormd1.cpl

c:\windows\25191spy7dz.cpl

c:\windows\26992no9-azvirus555.ocx

c:\windows\28z82v5rus9bf.ocx

c:\windows\29a5ste5l9015z.ocx

c:\windows\2z6979ot-a-v5rus296.cpl

c:\windows\2z92thre5t11404.cpl

c:\windows\30661h5c9tzolfe.cpl

c:\windows\325zt9ief3212.cpl

c:\windows\3265spazbo9e4.ocx

c:\windows\339ste5l13z39.ocx

c:\windows\38zspy5are2961.ocx

c:\windows\39179not5a-zirus39d.ocx

c:\windows\391dzddware568.cpl

c:\windows\4101threat532z9.cpl

c:\windows\4334zi5us89.cpl

c:\windows\43619pyzare56.cpl

c:\windows\43az5ownloade9663.cpl

c:\windows\4583zhr59t14568.cpl

c:\windows\46209hief5z6.cpl

c:\windows\4859a95wzre1870.ocx

c:\windows\487dth9ea532z41.cpl

c:\windows\489abaczdoor425.cpl

c:\windows\4931not-a-zirus5f8.cpl

c:\windows\494dz5ckdoor1876.cpl

c:\windows\4b59spyware2z92.cpl

c:\windows\4cafdoznloader2596.cpl

c:\windows\4z19downloade52968.cpl

c:\windows\5337d9wnloa5er204z.ocx

c:\windows\53805spamboz97.ocx

c:\windows\5438zorm7529.ocx

c:\windows\5729bzckdo5r2819.ocx

c:\windows\5755not-a-vir9s8z.cpl

c:\windows\57637wormz869.ocx

c:\windows\5852zddware951.cpl

c:\windows\598badzwa5e2599.cpl

c:\windows\5b4zdo9nloader529.ocx

c:\windows\5d9bt5reat12z09.cpl

c:\windows\6539b5zkdoor126.cpl

c:\windows\685zthrea529792.ocx

c:\windows\6966do9nlzader597.cpl

c:\windows\69z6vir5941.cpl

c:\windows\6d6zdo5nlo9der452.cpl

c:\windows\72z5b9ckdoor1050.cpl

c:\windows\73355otza-vi9us5e9.ocx

c:\windows\7456b9zkdoor1564.cpl

c:\windows\75z8hacktoo95e4.ocx

c:\windows\790ftzief5231.cpl

c:\windows\7922bazkdo9r3592.ocx

c:\windows\7e53steaz7959.ocx

c:\windows\7e83adzwar522769.ocx

c:\windows\7z45thief592.ocx

c:\windows\8913sp5m9otzb.cpl

c:\windows\901z4t5oj68b.cpl

c:\windows\911915rzj1e0.cpl

c:\windows\91228not-a-5iruszdb.ocx

c:\windows\924d5wnloa9er2z53.cpl

c:\windows\935cdow5loader37z.cpl

c:\windows\9570backdoorz537.cpl

c:\windows\96205wozm508.cpl

c:\windows\9aczvir2155.cpl

c:\windows\9ad8v5r59z.cpl

c:\windows\9cb5szarse334.cpl

c:\windows\b84baz9door1549.cpl

c:\windows\f5zthief1967.ocx

c:\windows\system32\_000126_.tmp.dll

c:\windows\system32\110z4h9ckto5l295.cpl

c:\windows\system32\12147spa5b9t5z5.cpl

c:\windows\system32\135cszeal11199.cpl

c:\windows\system32\15050viruz694.ocx

c:\windows\system32\15551s9ambzt783.ocx

c:\windows\system32\1599thie52z43.ocx

c:\windows\system32\159z5worm5ac.cpl

c:\windows\system32\15z33spambo9b35.cpl

c:\windows\system32\16599spam9otz5a.cpl

c:\windows\system32\18429pywarez959.ocx

c:\windows\system32\1915threat282z7.ocx

c:\windows\system32\19502virus697z.cpl

c:\windows\system32\1c2szeal93615.cpl

c:\windows\system32\1z961virus257.ocx

c:\windows\system32\20199hac9zool25b.ocx

c:\windows\system32\21z93hacktool4795.cpl

c:\windows\system32\2214no5-a-virus49z.cpl

c:\windows\system32\2512worm92z.ocx

c:\windows\system32\25610spam9otza5.cpl

c:\windows\system32\2598z9ac5tool8f.ocx

c:\windows\system32\25f1spywzre24239.ocx

c:\windows\system32\25z86spa5b9t319.cpl

c:\windows\system32\2638zvirus509.ocx

c:\windows\system32\26d8d5wnlo9der5z4.cpl

c:\windows\system32\277065acktzol49e9.ocx

c:\windows\system32\2841ad9ware1z65.ocx

c:\windows\system32\28519virus3z5.ocx

c:\windows\system32\287z4not-a-9irus625.cpl

c:\windows\system32\29811n5t-a-viruz59a.ocx

c:\windows\system32\2dzst9al2695.cpl

c:\windows\system32\2z619hack5ool343.ocx

c:\windows\system32\31569not-a9viruz26c.ocx

c:\windows\system32\316z05irus49.ocx

c:\windows\system32\32549spambot95z.cpl

c:\windows\system32\35a6spywar92z37.cpl

c:\windows\system32\35z9thi9f293.ocx

c:\windows\system32\39215viruz625.ocx

c:\windows\system32\3932downlo9d5r146z.cpl

c:\windows\system32\3955spyware299z5.cpl

c:\windows\system32\395cdownlzader198.ocx

c:\windows\system32\431zw5rm9fc.cpl

c:\windows\system32\48b0bac9door5z90.cpl

c:\windows\system32\497fspyw5rez911.cpl

c:\windows\system32\49ebth5eatz6285.ocx

c:\windows\system32\4af0downloade5316z9.cpl

c:\windows\system32\504st9al210z.ocx

c:\windows\system32\51e2backd9or153z.cpl

c:\windows\system32\526bsteal9z815.cpl

c:\windows\system32\53927vir9s452z.ocx

c:\windows\system32\54a5addwarez49.ocx

c:\windows\system32\559zot-9-virus567.ocx

c:\windows\system32\5b59steaz409.cpl

c:\windows\system32\5c4zst9al2853.ocx

c:\windows\system32\6079no5-a-zirus95d.cpl

c:\windows\system32\625zspa9bot558.ocx

c:\windows\system32\6397viru59z6.cpl

c:\windows\system32\65cespyw9re56z8.cpl

c:\windows\system32\6897download5r13z7.ocx

c:\windows\system32\6fz5t9ief21045.cpl

c:\windows\system32\7953addwaze3054.cpl

c:\windows\system32\7f9fdownloadez22579.cpl

c:\windows\system32\7z29downloader5352.cpl

c:\windows\system32\85z6wor5659.ocx

c:\windows\system32\8645spaz9ot4e5.ocx

c:\windows\system32\86899oz-a-virus4fb5.ocx

c:\windows\system32\9040backdozr17785.cpl

c:\windows\system32\910downloade51z60.ocx

c:\windows\system32\91209hzck5ool60.ocx

c:\windows\system32\9165zacktool525.cpl

c:\windows\system32\935znot-a-vi9us57a.ocx

c:\windows\system32\954csteal2220z.cpl

c:\windows\system32\9755zhacktool452.ocx

c:\windows\system32\99a0steal1459z.ocx

c:\windows\system32\99steaz1365.cpl

c:\windows\system32\9dc9adzw5re2470.ocx

c:\windows\system32\azspywa9e25555.ocx

c:\windows\system32\z245vi9us78d.cpl

c:\windows\system32\z2598v9rus57f.cpl

c:\windows\system32\z3999wor591.cpl

c:\windows\system32\z492thie97965.ocx

c:\windows\system32\z543hack9ool4415.cpl

c:\windows\system32\z9c2ad5ware9514.cpl

c:\windows\system32\zd9dthreat19925.ocx

c:\windows\system32\zeb7downloa9er5088.cpl

c:\windows\system32\zf99s5eal2399.cpl

c:\windows\z7d19hreat27225.ocx

c:\windows\z961s5eal46.cpl

.

.

((((((((((((((((((((((((( Files Created from 2011-06-07 to 2011-07-07 )))))))))))))))))))))))))))))))

.

.

2011-07-07 13:14 . 2011-07-07 13:14 0 ----a-w- c:\windows\ativpsrm.bin

2011-07-07 13:07 . 2011-07-07 13:07 -------- d-----w- C:\_OTL

2011-07-06 06:09 . 2011-07-06 06:09 -------- d-----w- c:\documents and settings\RMK\Application Data\Malwarebytes

2011-07-06 06:09 . 2011-07-06 06:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-07-06 06:09 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 06:09 . 2011-07-07 09:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-06 06:09 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-29 09:36 . 2011-06-29 09:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-04 02:52 . 2010-05-05 14:20 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-05-04 00:25 . 2009-08-02 07:35 73728 ----a-w- c:\windows\system32\javacpl.cpl

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040]

"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-02-28 427008]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-25 98304]

"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-07-17 1687824]

"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-07-18 2094352]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 110592]

"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-02 421888]

"RTHDCPL"="RTHDCPL.EXE" [2009-04-03 17567744]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"f:\\Games\\World of Warcraft\\Launcher.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"f:\\Games\\World of Warcraft\\BackgroundDownloader.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"f:\\Games\\Dragon Age\\bin_ship\\daorigins.exe"=

"f:\\Games\\Dragon Age\\DAOriginsLauncher.exe"=

"f:\\Games\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=

"h:\\Programs for School\\Eclipse\\eclipse.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

"67:UDP"= 67:UDP:DHCP Discovery Service

.

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/6/2011 8:09 AM 366640]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/6/2011 8:09 AM 22712]

R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [9/18/2010 12:55 PM 27632]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]

S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]

S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [11/13/2008 9:43 PM 204800]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/5/2008 9:10 PM 1684736]

S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [12/25/2010 12:23 PM 14336]

S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [12/25/2010 12:23 PM 20736]

S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [12/25/2010 12:23 PM 20096]

S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [12/25/2010 12:23 PM 25088]

S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;f:\games\Dragon Age\bin_ship\daupdatersvc.service.exe [12/25/2009 2:09 PM 25832]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [9/18/2010 12:55 PM 13224]

S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [9/18/2010 1:07 PM 86824]

S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [9/18/2010 1:07 PM 15016]

S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [9/18/2010 1:07 PM 114600]

S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [9/18/2010 1:07 PM 108328]

S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [9/18/2010 1:07 PM 26024]

S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [9/18/2010 1:07 PM 104616]

S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [9/18/2010 1:07 PM 109736]

S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [4/16/2011 11:00 PM 150528]

S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1275210071-725345543-1003Core.job

- c:\documents and settings\RMK\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-07 08:36]

.

2011-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1275210071-725345543-1003UA.job

- c:\documents and settings\RMK\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-07 08:36]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.my.yahoo.com/

Trusted Zone: kandrai.eu\learn

TCP: DhcpNameServer = 212.242.40.3 212.242.40.51

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-Linksys EasyLink Advisor - c:\documents and settings\All Users\Application Data\{35ACA973-70F0-495F-9092-74A130711865}\setup.exe

AddRemove-Wendy's Ultimate PANZER GENERAL - f:\games\PG\Uninstal.exe

AddRemove-{A2F166A0-F031-4E27-A057-C69733219434}_is1 - f:\games\Runes of Magic\unins000.exe

AddRemove-{BF2A74BF-8D12-47F1-8B19-22B30AF6B0D1} - c:\documents and settings\All Users\Application Data\{35ACA973-70F0-495F-9092-74A130711865}\setup.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-07 15:27

Windows 5.1.2600 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(760)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\atiadlxx.dll

.

Completion time: 2011-07-07 15:28:19

ComboFix-quarantined-files.txt 2011-07-07 13:28

.

Pre-Run: 39,308,607,488 bytes free

Post-Run: 39,263,420,416 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 1A89C62308C6A3F2146DA9DBB9308FF4

Link to post
Share on other sites

Here ya go... :)

OTL logfile created on: 7/7/2011 4:09:43 PM - Run 4

OTL by OldTimer - Version 3.2.26.0 Folder = C:\Documents and Settings\RMK\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.56 Gb Available Physical Memory | 78.87% Memory free

5.09 Gb Paging File | 4.53 Gb Available in Paging File | 89.04% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 121.09 Gb Total Space | 36.59 Gb Free Space | 30.22% Space Free | Partition Type: NTFS

Drive D: | 19.53 Gb Total Space | 19.36 Gb Free Space | 99.10% Space Free | Partition Type: NTFS

Drive E: | 19.53 Gb Total Space | 4.17 Gb Free Space | 21.33% Space Free | Partition Type: NTFS

Drive F: | 112.66 Gb Total Space | 62.81 Gb Free Space | 55.75% Space Free | Partition Type: NTFS

Drive H: | 892.44 Gb Total Space | 640.03 Gb Free Space | 71.72% Space Free | Partition Type: NTFS

Computer Name: FREAKY | User Name: RMK | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/06 17:00:45 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\RMK\Desktop\OTL.scr

PRC - [2011/06/24 08:25:50 | 001,012,792 | ---- | M] (Google Inc.) -- C:\Documents and Settings\RMK\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe

PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

PRC - [2007/07/18 01:30:03 | 001,687,824 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe

PRC - [2007/07/18 01:29:34 | 000,479,504 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe

PRC - [2007/07/18 01:29:24 | 000,278,288 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe

PRC - [2004/08/04 14:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011/07/06 17:00:45 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\RMK\Desktop\OTL.scr

MOD - [2004/08/04 14:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/02/10 15:29:24 | 000,150,528 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)

SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)

SRV - [2009/07/26 07:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- F:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)

SRV - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)

SRV - [2008/11/13 21:43:49 | 000,204,800 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)

========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2010/12/07 15:12:24 | 000,025,088 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandmodem.sys -- (ANDModem)

DRV - [2010/12/07 15:12:24 | 000,020,096 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandgps.sys -- (AndGps)

DRV - [2010/12/07 15:12:22 | 000,020,736 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lganddiag.sys -- (AndDiag)

DRV - [2010/12/07 15:12:22 | 000,014,336 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgandbus.sys -- (Andbus)

DRV - [2010/10/27 05:55:48 | 005,524,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2010/09/18 12:55:30 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)

DRV - [2010/09/18 12:55:22 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)

DRV - [2010/09/18 12:55:22 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)

DRV - [2009/11/12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)

DRV - [2009/04/07 19:14:36 | 005,066,752 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2009/03/27 01:16:28 | 000,012,672 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys -- (cpuz132)

DRV - [2008/12/12 18:05:20 | 000,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)

DRV - [2008/12/12 18:05:18 | 000,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)

DRV - [2008/10/31 07:52:16 | 000,093,184 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV - [2008/10/21 09:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdm.sys -- (s0017mdm)

DRV - [2008/10/21 09:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)

DRV - [2008/10/21 09:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)

DRV - [2008/10/21 09:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017obex.sys -- (s0017obex)

DRV - [2008/10/21 09:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)

DRV - [2008/10/21 09:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)

DRV - [2008/10/21 09:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdfl.sys -- (s0017mdfl)

DRV - [2008/08/07 13:14:56 | 000,111,360 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2008/08/05 21:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)

DRV - [2008/05/02 10:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)

DRV - [2008/05/02 10:58:14 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)

DRV - [2008/05/02 10:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)

DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)

DRV - [2006/01/04 16:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)

DRV - [2004/08/13 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1708537768-1275210071-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/

IE - HKU\S-1-5-21-1708537768-1275210071-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\RMK\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\RMK\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\RMK\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

O1 HOSTS File: ([2011/07/07 15:27:16 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O4 - HKLM..\Run: [bluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)

O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)

O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)

O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKU\S-1-5-21-1708537768-1275210071-725345543-1003..\Run: [sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1708537768-1275210071-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1708537768-1275210071-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1708537768-1275210071-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1708537768-1275210071-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O15 - HKU\S-1-5-21-1708537768-1275210071-725345543-1003\..Trusted Domains: kandrai.eu ([learn] https in Trusted sites)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1254987862421 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.242.40.3 212.242.40.51

O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/11 16:03:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/07 16:09:28 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2011/07/07 15:21:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2011/07/07 15:21:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2011/07/07 15:21:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2011/07/07 15:21:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2011/07/07 15:20:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2011/07/07 15:20:51 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/07/07 15:20:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\RMK\Start Menu\Programs\Administrative Tools

[2011/07/07 15:20:30 | 004,134,766 | R--- | C] (Swearware) -- C:\Documents and Settings\RMK\Desktop\ComboFix.exe

[2011/07/07 15:07:56 | 000,000,000 | ---D | C] -- C:\_OTL

[2011/07/06 17:00:38 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\RMK\Desktop\OTL.scr

[2011/07/06 08:09:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RMK\Application Data\Malwarebytes

[2011/07/06 08:09:08 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011/07/06 08:09:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/07/06 08:09:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2011/07/06 08:09:05 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011/07/06 08:09:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/07/06 08:08:13 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\RMK\Desktop\mbam-setup-1.51.0.1200.exe

[2011/07/06 07:57:26 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\RMK\Desktop\HijackThis.exe

[2011/07/04 12:34:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\RMK\Desktop\New Folder (5)

[2011/06/25 08:06:37 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2009/11/07 13:33:28 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\RMK\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/07/07 15:51:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1275210071-725345543-1003UA.job

[2011/07/07 15:27:16 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2011/07/07 15:20:42 | 004,134,766 | R--- | M] (Swearware) -- C:\Documents and Settings\RMK\Desktop\ComboFix.exe

[2011/07/07 15:18:50 | 000,443,588 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/07/07 15:18:50 | 000,071,846 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/07/07 15:14:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/07/07 15:14:33 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ativpsrm.bin

[2011/07/07 13:56:40 | 000,000,651 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk

[2011/07/07 13:51:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1275210071-725345543-1003Core.job

[2011/07/06 17:00:45 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\RMK\Desktop\OTL.scr

[2011/07/06 10:35:05 | 001,327,397 | ---- | M] () -- C:\Documents and Settings\RMK\Desktop\tdsskiller.zip

[2011/07/06 08:09:08 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/07/06 08:08:13 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\RMK\Desktop\mbam-setup-1.51.0.1200.exe

[2011/07/06 07:58:00 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\RMK\Desktop\HijackThis.exe

[2011/07/05 23:05:34 | 000,018,298 | ---- | M] () -- C:\Documents and Settings\RMK\Application Data\68E6.CF7

[2011/07/05 13:21:57 | 000,103,208 | ---- | M] () -- C:\Documents and Settings\RMK\Desktop\runner_en.exe

[2011/07/05 13:17:36 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/07/05 02:19:14 | 000,047,616 | ---- | M] () -- C:\Documents and Settings\RMK\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/07/04 12:52:24 | 001,791,414 | ---- | M] () -- C:\Documents and Settings\RMK\Desktop\JenniferAniston.bmp

[2011/07/04 12:40:41 | 000,293,977 | ---- | M] () -- C:\Documents and Settings\RMK\Desktop\gmer.zip

[2011/07/04 12:37:21 | 000,620,972 | ---- | M] () -- C:\Documents and Settings\RMK\Desktop\Autoruns.zip

[2011/07/04 12:34:19 | 000,276,544 | ---- | M] () -- C:\Documents and Settings\RMK\Desktop\avgproci_en.zip

[2011/06/28 19:52:30 | 000,002,268 | ---- | M] () -- C:\Documents and Settings\RMK\Desktop\Google Chrome.lnk

[2011/06/28 19:52:30 | 000,002,246 | ---- | M] () -- C:\Documents and Settings\RMK\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2011/06/26 08:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe

[2011/06/25 04:34:14 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

========== Files Created - No Company Name ==========

[2011/07/07 15:21:02 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2011/07/07 15:21:02 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2011/07/07 15:21:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2011/07/07 15:21:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2011/07/07 15:21:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2011/07/07 15:14:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin

[2011/07/06 08:09:08 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/07/05 13:21:57 | 000,103,208 | ---- | C] () -- C:\Documents and Settings\RMK\Desktop\runner_en.exe

[2011/07/04 12:52:24 | 001,791,414 | ---- | C] () -- C:\Documents and Settings\RMK\Desktop\JenniferAniston.bmp

[2011/07/04 12:40:41 | 000,293,977 | ---- | C] () -- C:\Documents and Settings\RMK\Desktop\gmer.zip

[2011/07/04 12:37:21 | 000,620,972 | ---- | C] () -- C:\Documents and Settings\RMK\Desktop\Autoruns.zip

[2011/07/04 12:34:19 | 000,276,544 | ---- | C] () -- C:\Documents and Settings\RMK\Desktop\avgproci_en.zip

[2011/07/03 01:53:56 | 001,327,397 | ---- | C] () -- C:\Documents and Settings\RMK\Desktop\tdsskiller.zip

[2011/06/30 17:47:20 | 000,018,298 | ---- | C] () -- C:\Documents and Settings\RMK\Application Data\68E6.CF7

[2011/06/04 04:34:01 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/04/16 07:59:18 | 000,002,245 | ---- | C] () -- C:\WINDOWS\UEDIT32.INI

[2011/02/28 20:12:36 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys

[2011/02/23 08:28:11 | 000,000,027 | ---- | C] () -- C:\WINDOWS\lang.ini

[2010/12/25 12:13:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll

[2010/12/25 12:13:18 | 000,002,413 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini

[2010/12/02 18:56:25 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat

[2010/12/02 18:56:25 | 000,223,990 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

[2010/12/02 18:56:25 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat

[2010/04/21 08:08:19 | 000,323,080 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2009/12/25 11:58:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\LCDMedia.INI

[2009/11/11 15:07:02 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old

[2009/11/07 13:33:28 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\RMK\Application Data\pcouffin.cat

[2009/11/07 13:33:28 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\RMK\Application Data\pcouffin.inf

[2009/08/02 03:26:50 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI

[2009/07/15 10:47:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009/06/17 07:39:14 | 000,047,616 | ---- | C] () -- C:\Documents and Settings\RMK\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/06/13 22:44:41 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2009/06/11 17:51:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009/06/11 17:50:14 | 000,266,208 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/06/11 16:33:58 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2009/06/11 16:19:13 | 000,001,746 | ---- | C] () -- C:\WINDOWS\Language_trs.ini

[2009/06/11 16:18:32 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2009/06/11 16:18:15 | 000,035,285 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2009/06/11 16:18:14 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2009/06/11 16:04:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2009/06/11 16:00:21 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll

[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll

[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll

[2006/03/18 15:16:04 | 000,540,178 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll

[2004/08/04 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2004/08/04 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004/08/04 14:00:00 | 000,443,588 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2004/08/04 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004/08/04 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004/08/04 14:00:00 | 000,071,846 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2004/08/04 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004/08/04 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004/08/04 14:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

[2004/08/04 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004/08/04 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2004/08/04 14:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2004/08/04 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/04/13 07:12:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest

[2011/07/07 15:14:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10

[2011/05/05 12:55:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

[2009/07/02 10:14:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus

[2009/12/25 14:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare

[2010/09/18 13:08:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software

[2011/02/28 20:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited

[2011/03/15 16:04:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2010/12/25 12:28:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX

[2010/09/11 13:55:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Linksys

[2011/07/07 15:04:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2009/06/15 07:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Miracle

[2010/08/21 09:35:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2009/11/07 13:58:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk

[2011/05/05 16:16:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RMK\Application Data\AVG10

[2011/04/23 22:20:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RMK\Application Data\AVG9

[2009/07/03 01:44:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RMK\Application Data\Azureus

[2011/07/05 07:40:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RMK\Application Data\BitTorrent

[2011/02/28 20:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RMK\Application Data\Canneverbe Limited

[2010/06/30 05:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RMK\Application Data\FOG Downloader

[2009/07/31 08:58:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RMK\Application Data\ImgBurn

[2010/10/05 16:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RMK\Application Data\Notepad++

[2010/09/18 12:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RMK\Application Data\Sony

[2011/07/05 02:42:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RMK\Application Data\Vso

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 169 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >

Link to post
Share on other sites

hi

Step 1

Update MalwareBytes AntiMalware and Run a Quick Scan.

Post the log it produces

Step 2

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Things i would like to see in your reply:

  • Malwarebytes Results.
  • Eset scanner report.
  • Update on how your computer is running

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 7041

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

7/7/2011 4:58:03 PM

mbam-log-2011-07-07 (16-58-03).txt

Scan type: Quick scan

Objects scanned: 161403

Time elapsed: 1 minute(s), 12 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=d09ba57a3eac034a9ebf5e42ed283d83

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-07-07 03:37:21

# local_time=2011-07-07 05:37:21 (+0100, Romance Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 2

# compatibility_mode=512 16777215 100 0 27753695 27753695 0 0

# compatibility_mode=1024 16777215 100 0 5458235 5458235 0 0

# compatibility_mode=8192 67108863 100 0 93 93 0 0

# scanned=118709

# found=0

# cleaned=0

# scan_time=1879

The computer seems to be working well except for internet explorer... I couldn't post messages to this forum as the page would hang like crazy and then when I finally was able to paste the information into the thread it wouldn't add to reply but instead tell me to contact the webmaster. Google Chrome worked fine though, which is what I am using now to get this stuff to you.

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.